From gfoster at entersection.org  Fri Feb  1 07:51:25 2013
From: gfoster at entersection.org (Gregory Foster)
Date: Fri, 01 Feb 2013 09:51:25 -0600
Subject: [drone-list] Time Magazine "Rise of the Drones" issue
Message-ID: <mailman.4171.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

An upcoming issue of Time Magazine is titled "Rise of the Drones" and  
juxtaposes a low-flying Predator over a suburban American home.

Time (Feb 11) - "Drone Home" by Lev Grossman:
http://www.time.com/time/magazine/article/0,9171,2135132-1,00.html

HT @MaryMad, who took umbrage at Chris Anderson's "don't worry be droned" 
article (emphasis mine), also in this issue.
http://twitter.com/marymad/status/297346778217451521

Time (Jan 31) - "Why We Shouldn't Fear Personal Drones" by Chris Anderson:
http://ideas.time.com/2013/01/31/why-we-shouldnt-fear-personal-drones/

> ...soon civilian drones will be flying commonly overhead here at home.  
> What will they be doing?
>
> The usual assumption is that it will be police surveillance and general 
> snooping. Interestingly, thatbs just what people feared when the 
> computer, which had also been introduced as a military technology,  
> started to be used commercially in the 1960s. The worry then was that  
> computers would be used primarily to spy on us, as an arm of Big  
> Brother. Only decades later, once we all had one, did we figure out  
> that they were better at work and entertainment, communicating with  
> each other and generally being welcome additions to our lives.


I wanted to take a moment to explain how Mr. Anderson is attempting to  
take some liberties with the history of computation here.  The concept and 
prototype of personal computers first emerged in the late 1960's amongst a 
small group of academics and innovators on the west coast, so I'm not 
really sure how folks could have had a more open-minded view about the 
potential uses of computers at that time.  Up to that time and into the 
mid-70's computers took the form of bulky mainframes and mini-computers, 
only accessible to government agencies and very large corporations.  I 
myself have not encountered much in the literature that talks about people 
fearing computers in the 1960s, other than some amusing IBM public 
relations efforts.  So I can only conclude that Mr. Anderson has 
constructed a straw man through unsourced assertions.  For facts, I 
recommend reading about the emergence of the idea and implementation of 
personal computers in John Markoff's _What the Dormouse Said: How Sixties 
Counterculture Shaped the Personal Computer Industry_:
http://en.wikipedia.org/wiki/What_the_Dormouse_Said

And as @MaryMad said, someone should remind Mr. Anderson that computers  
*have* proven remarkably good at spying on us.  I suppose we could be  
gracious and say the qualification "that computers would be used  
*primarily* to spy on us" let's him off the hook, but I'm afraid this  
article is too obviously biased by Mr. Anderson's desire to service and  
profit from the DIY drone community through his company 3D Robotics.
http://store.diydrones.com/

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/

_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb  1 02:52:43 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 1 Feb 2013 11:52:43 +0100
Subject: [drone-list] CRS on integration of drones into NAS
Message-ID: <20130201105243.GQ6172@leitl.org>

----- Forwarded message from Gregory Foster <gfoster at entersection.org> -----


From eugen at leitl.org  Fri Feb  1 02:53:04 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 1 Feb 2013 11:53:04 +0100
Subject: [drone-list] Reddit AMA w/ Predator pilots in Afghanistan
Message-ID: <20130201105304.GR6172@leitl.org>

----- Forwarded message from Gregory Foster <gfoster at entersection.org> -----


From eugen at leitl.org  Fri Feb  1 08:15:53 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 1 Feb 2013 17:15:53 +0100
Subject: [drone-list] Time Magazine "Rise of the Drones" issue
Message-ID: <20130201161553.GA6172@leitl.org>

----- Forwarded message from Gregory Foster <gfoster at entersection.org> -----


From drwho at virtadpt.net  Fri Feb  1 19:52:34 2013
From: drwho at virtadpt.net (The Doctor)
Date: Fri, 01 Feb 2013 22:52:34 -0500
Subject: [HacDC:Byzantium] A wild release candidate appears!
Message-ID: <mailman.4172.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In preparation for a demo next week we've started working on a new
round of release candidate (RC) .iso images.  We've added some of the
more stable network apps back into Byzantium Linux (namely,
Etherpad-Lite and ngircd/QwebIRC), and we've added the OLSR network
visualization utility, which shows the topology of the mesh as the
node in question knows it as well as network dynamics.

What we don't have yet is the service directory (which will be a
static HTML file with links to all of the services).  For the sake of
brevity we also have not put back the Avahi stuff.

However, this might change depending on how to AWMH (Aaron Swartz
Memorial Hackathon) goes tomorrow.  We'll let everyone know.

The latest and greatest can be downloaded from here:

http://project-byzantium.org/downloads/v0.3a/byzantium-v0.3a-RC-20130201-2144.iso

SHA-1 hash: 3da4db0ad345a475c20d88390e1c8fc57fe4c033

If anybody has time, download this .iso and give it a shot!  Let us
know what works, what doesn't, and what could use cleaned up and we'll
get to it tomorrow!

- -- 
The Doctor [412/724/301/703] [ZS|Media]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

fear == funding

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlEMjYIACgkQO9j/K4B7F8FKrACePUvyB7DVekbH04eAlCMLCuZ3
leoAn3aQuT5y/+7kv9S3h4Z9OB/dRTa6
=rgF4
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups "Project Byzantium (Emergency Mesh Networking)" group.
To post to this group, send email to Byzantium at hacdc.org.
To unsubscribe from this group, send email to Byzantium+unsubscribe at hacdc.org.
For more options, visit this group at http://groups.google.com/a/hacdc.org/group/Byzantium/?hl=en.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From hnuoylghj at mydad.info  Fri Feb  1 14:05:47 2013
From: hnuoylghj at mydad.info (副業情報館)
Date: Sat, 02 Feb 2013 01:05:47 +0300
Subject: 主婦、OL、普通の女の子が100万円を安全に稼ぐ
Message-ID: <201302012108.r11L8FhX005551@proton.jfet.org>

遘�驕斐′繧｢繝翫ち縺ｫ縲�100荳�蜀�縲大ｷｮ縺嶺ｸ翫£繧九％縺ｨ縺悟�ｺ譚･繧九ち繧､繝�繝ｪ繝溘ャ繝医′窶ｦ
谿九ｊ繧上★縺九〒縺�!!

莉翫�ｮ遽�邏�逕滓ｴｻ縺九ｉ謚懊¢蜃ｺ縺吶％縺ｨ繧貞庄閭ｽ縺ｫ縺吶ｋ
繧ゅ▲縺ｨ繧よ焔霆ｽ縺ｧ邁｡蜊倥↑譁ｹ豕輔ｒ縺皮ｴｹ莉九＠縺ｾ縺吶��
�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣
縲�笆ｼ縲�笆ｽ縲�笆ｼ縲�笆ｽ縲�笆ｼ
http://angelmarriages.info/mn/works/


�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ�
謳ｺ蟶ｯ縺ｲ縺ｨ縺､縺ｧ譛医↓�ｼ托ｼ撰ｼ蝉ｸ�蜀�莉･荳顔ｨｼ縺懊ｋ莠九ｒ繧｢繝翫ち縺ｯ縺泌ｭ倡衍縺ｧ縺吶°�ｼ�
�ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼ擾ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ�ｼｼ

譛医↓100荳�蜀�縺ｮ縺雁ｰ城▲縺�縺後≠繧後�ｰ縲�
繝ｩ繧､繝輔せ繧ｿ繧､繝ｫ縺悟括逧�縺ｫ螟牙喧縺励∪縺吮��

螂ｳ諤ｧ縺ｫ縺ｯ谺�縺九○縺ｪ縺�鄒主ｮｹ繧ｨ繧ｹ繝�笘�
諞ｧ繧後�ｮ繝悶Λ繝ｳ繝峨ｒ霄ｫ縺ｫ縺ｾ縺ｨ縺｣縺ｦ諤昴≧蟄伜��繝輔ぃ繝�繧ｷ繝ｧ繝ｳ繧呈･ｽ縺励��笙ｪ
縺昴＠縺ｦ騾ｱ譛ｫ縺ｫ縺ｯ鬮倡ｴ壹ョ繧｣繝翫�ｼ笘�

螳牙ｿ�縲∝ｮ牙�ｨ縲∫┌譁吶〒蟋九ａ繧具ｼ��ｼ�

縺昴ｓ縺ｪ縲取�ｧ繧後�ｮ繧ｻ繝ｬ繝也函豢ｻ縲上ｒ蟋九ａ縺ｦ縺ｿ縺ｾ縺帙ｓ縺具ｼ��ｼ�
縲�笆ｼ縲�笆ｽ縲�笆ｼ縲�笆ｽ縲�笆ｼ
http://angelmarriages.info/mn/works/

縲弱↑縺ｫ縺区�ｪ縺励＞莉穂ｺ九↑繧薙§繧�窶ｦ縲�

縺昴ｓ縺ｪ蠢�驟阪↑譁ｹ縺ｫ縲√％縺ｮ蜆ｲ縺代�ｮ繧ｫ繝ｩ繧ｯ繝ｪ繧偵Γ繝ｫ繝槭ぎ髯仙ｮ壹〒縺｡繧�縺｣縺ｨ邏ｹ莉銀��


1.邁｡蜊倥↑繝｡繝ｼ繝ｫ繧偵ｄ繧翫→繧翫☆繧九□縺�
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
竍貞･ｽ縺阪↑譎る俣縲√♀證�縺ｪ譎る俣縺�縺代ｒ蛻ｩ逕ｨ縺励※縲√Γ繝ｼ繝ｫ繧呈焚騾壹ｄ繧翫→繧翫☆繧九□縺代〒縺吶��

2.蛻晄悄雋ｻ逕ｨ縺後ぞ繝ｭ蜀�
~~~~~~~~~~~~~~~~~~
竍貞憶讌ｭ繧貞ｧ九ａ繧医≧縺ｨ諤昴∴縺ｰ縲√←繧薙↑莠九ｒ縺吶ｋ縺ｫ繧ょ�晄悄謚戊ｳ�縺悟ｿ�隕√↑繧ゅ�ｮ縺ｧ縺吶��
縺励°縺励�√％縺ｮ譁ｹ豕輔�ｯ荳�蛻�縺ｮ蛻晄悄雋ｻ逕ｨ繧よ橿陦薙ｂ蠢�隕√≠繧翫∪縺帙ｓ�ｼ�

3.蜿主�･鬘阪′辟｡髯仙､ｧ
~~~~~~~~~~~~~~~~
竍偵％縺ｮ蜑ｯ讌ｭ繧偵＆繧後※縺�繧区婿縺ｮ蟷ｳ蝮�鬘阪′荳�繝ｶ譛医↓邏�50荳�蜀�縺ｧ縺吶��
50荳�蜀�縺ｧ繧ょ憶讌ｭ縺ｨ縺励※縺ｯ蜈�蛻�縺吶℃繧句庶蜈･縺ｧ縺吶′縲∝､壹＞譁ｹ縺ｧ蟷ｳ蝮�邏�150荳�蜀�縲∝�ｴ蜷医↓繧医▲縺ｦ縺ｯ謨ｰ蜊�荳�蜀�縺ｫ縺ｪ繧九％縺ｨ繧ゅ≠縺｣縺溘ｊ縺ｨ縲∝庶蜈･縺ｫ荳企剞縺後≠繧翫∪縺帙ｓ�ｼ�


豌励↓縺ｪ繧九い繝翫ち縺ｮ繝｡繝ｫ蜿句�呵｣懊�ｯ縺薙ｓ縺ｪ譁ｹ縲�笆ｼ
--------------------
笳�30莉｣逕ｷ諤ｧ(遨ｺ髢薙�励Ο繝�繝･繝ｼ繧ｵ繝ｼ)
繧｢繝翫ち縺ｮ縺雁･ｽ縺阪↑譎る俣縺ｧ讒九＞縺ｾ縺帙ｓ縺ｮ縺ｧ縲�
繝｡繝ｼ繝ｫ縺ｧ霆ｽ縺上♀隧ｱ縺励※鬆ゅ¢繧後�ｰ螫峨＠縺�縺ｧ縺吮��
莉穂ｺ区氛縲∝･ｳ諤ｧ縺ｮ諢滓�ｧ繧偵ラ繝ｳ繝峨Φ蜷ｸ蜿弱＠縺溘＞縺ｮ縺ｧ縺�!!
繧ゅ■繧阪◎繧檎嶌蠢懊�ｮ縺顔､ｼ縺ｯ繧ｭ繝�繝√Μ縺輔○縺ｦ鬆ゅ″縺ｾ縺呻ｼ�
萓九∴縺ｰ(邯壹″繧定ｪｭ繧�竍� http://angelmarriages.info/mn/works/
--------------------
笳�40莉｣逕ｷ諤ｧ(IT莨夂､ｾ遉ｾ髟ｷ)
50蜷堺ｻ･荳翫�ｮ驛ｨ荳九ｒ謚ｱ縺医�∵律縲�螟ｧ縺阪↑繝励Ξ繝�繧ｷ繝｣繝ｼ縺ｨ髣倥＞縺ｪ縺後ｉ莉穂ｺ九ｒ縺励※縺翫ｊ縺ｾ縺吶��
縺輔＆繧�縺九↑逋偵＠縺ｮ譎る俣縺ｨ縺励※縲√い繝翫ち縺ｨ菴墓ｰ励↑縺�莠九�∽ｸ九ｉ縺ｪ縺�莠九↑縺ｩ豌怜�ｼ縺ｭ縺ｪ縺剰ｩｱ縺帙◆繧牙ｬ峨＠縺乗�昴＞縺ｾ縺吶��
隧ｱ縺励′蜷医▲縺ｦ縲√ｂ縺励＃霑ｷ諠代〒縺ｪ縺代ｌ縺ｰ縲∫峩謗･莨壹▲縺ｦ縺企｣滉ｺ九↑縺ｩ繧ょ�ｺ譚･繧後�ｰ螫峨＠縺�縺ｧ縺吶��
蟷ｾ縺､繧ゅ�ｮ鬮倡ｴ壼ｺ励ｒ鬟溘∋豁ｩ縺�縺ｦ縺阪◆遘√′閾ｪ菫｡繧偵ｂ縺｣縺ｦ繧ｪ繧ｹ繧ｹ繝｡縺吶ｋ邨ｶ蜩∵侭逅�繧偵＃鬥ｳ襍ｰ縺励∪縺吶��
萓九∴縺ｰ遘√�ｮ譛�霑代�ｮ陦後″縺､縺代�ｯ(邯壹″繧定ｪｭ繧�竍檀ttp://angelmarriages.info/mn/works/
--------------------

縺輔＝�ｼ√ｂ縺�遽�邏�逕滓ｴｻ縺九ｉ隗｣謾ｾ縺輔ｌ縺ｾ縺励ｇ縺�!!
縲�笆ｼ縲�笆ｽ縲�笆ｼ縲�笆ｽ縲�笆ｼ
http://angelmarriages.info/mn/works/




------------------------------------------------------------------



2





From patrice at xs4all.nl  Fri Feb  1 23:32:44 2013
From: patrice at xs4all.nl (Patrice Riemens)
Date: Sat, 2 Feb 2013 08:32:44 +0100
Subject: <nettime> Raphael Satter: Minister: Iceland refused to help FBI on
Message-ID: <mailman.4173.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

(bwo Eveline Lubbers)

original to:
http://www.star-telegram.com/2013/02/01/4592727/minister-iceland-refused-fbi-aid.html

Minister: Iceland refused to help FBI on WikiLeaks
Posted Friday, Feb. 01, 2013.
By RAPHAEL SATTER
(Associated Press)

LONDON ? Iceland's interior minister said Friday that he ordered the
country's police not to cooperate with FBI agents sent to investigate
WikiLeaks two years ago, offering a rare glimpse into the U.S. Department
of Justice's investigation of the secret-busting site.

Ogmundur Jonasson told The Associated Press that he was upset when he
found out that FBI agents had flown to the country to interview an
unidentified WikiLeaks associate in August 2011.

"I, for one, was not aware that they were coming to Iceland," he said in a
brief telephone interview. "When I learned about it, I demanded that
Icelandic police cease all cooperation and made it clear that people
interviewed or interrogated in Iceland should be interrogated by Icelandic
police."

Jonasson said that Icelandic diplomats protested the FBI's trip to their
U.S. counterparts.

"We made clear to the American authorities that this was not well-seen by
us," he said.

The exact purpose of the FBI's trip to Iceland isn't clear - the U.S.
Embassy in Reykjavik referred questions to the FBI, and the bureau did not
immediately return an email seeking comment - but the tiny north Atlantic
nation has been a key hub for WikiLeaks and its supporters.

In 2010 WikiLeaks founder Julian Assange helped craft Iceland's
journalist-friendly media law, and WikiLeaks payment processor, DataCell,
is based in Reykjavik. Several key allies, including lawmaker Birgitta
Jonsdottir and WikiLeaks spokesman Kristinn Hrafnsson, are also from the
country. Hrafnsson said in a telephone interview that he believed the
target of the FBI's trip might have been a former WikiLeaks volunteer,
whom he declined to name.

Regardless of what the target was, the minister's account of the FBI's
trip opens a window into a sensitive inquiry which has so far remained
largely under wraps. The U.S. Department of Justice has been investigating
WikiLeaks since it began pouring classified U.S. documents into the public
domain, but officials have refused to reveal almost any information about
the size, scope, or nature of their inquiry, citing national security
concerns.

---

Online:

Raphael Satter can be reached at: http://raphae.li/twitter


Read more here:
http://www.star-telegram.com/2013/02/01/4592727/minister-iceland-refused-fbi-aid.html#storylink=cpy



#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime at kein.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Sat Feb  2 02:58:00 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 2 Feb 2013 11:58:00 +0100
Subject: [HacDC:Byzantium] A wild release candidate appears!
Message-ID: <20130202105800.GS6172@leitl.org>

----- Forwarded message from The Doctor <drwho at virtadpt.net> -----


From wggpdfm at mymom.info  Sat Feb  2 10:29:02 2013
From: wggpdfm at mymom.info (50万円の収入を得る為に)
Date: Sat, 02 Feb 2013 16:29:02 -0200
Subject: 愚かなお金と時間の浪費をまだ続けるんですか?
Message-ID: <201302021734.r12HYRAY019561@proton.jfet.org>

莉翫�ｮ縺ｾ縺ｾ縺ｮ閾ｪ蛻�縺ｧ縺ｯ縲�
縲舌♀驥代→譎る俣繧剃ｽｿ縺�縺�縺代Β繝�縲代□縺ｨ縺�縺�縺薙→縺ｫ豌励′縺､縺�縺ｦ縺�縺ｾ縺吶°�ｼ�

萓九∴繧九↑繧峨��
繝輔Ν繝槭Λ繧ｽ繝ｳ縺ｫ邱ｴ鄙偵ｂ縺帙★縺ｫ蜍｢縺�縺�縺代〒蜃ｺ蝣ｴ縺励◆縺ｨ縺薙ｍ縺ｧ縲�
螳瑚ｵｰ縺ｯ縺翫ｍ縺九�∽ｸ区焔縺吶ｌ縺ｰ豁ｻ縺ｫ縺ｾ縺吶��


縺ｧ縺ｯ縲∝ｮ瑚ｵｰ縺吶ｋ縺溘ａ縺ｫ縺ｯ菴輔′蠢�隕√°�ｼ�


莠句燕縺ｫ遏･縺｣縺ｦ縺翫￥
縲梧ュ蝣ｱ縲阪→縲後さ繝�縲�
縺薙�ｮ�ｼ偵▽縺悟ｿ�隕√〒縺吶��
縲�笆ｼ縲�笆ｽ縲�笆ｼ縲�笆ｽ
http://angelmarriages.info/mn/money/


騾�縺ｫ險�縺医�ｰ縲∫ｨｼ縺舌◆繧√�ｮ邏ｰ縺九＞逅�螻医�ｯ縺輔＠縺ｦ驥崎ｦ√〒縺ｯ縺ｪ縺�縺ｮ縺ｧ縺吶��

縲梧ュ蝣ｱ縲阪�後さ繝�縲阪′蜑肴署縺ｨ縺励※縺ゅｌ縺ｰ縲�
遞ｼ縺舌�ｮ縺ｯ邁｡蜊倥☆縺弱※隨代▲縺｡繧�縺�縺ｾ縺吶��

縺ｪ縺懊↑繧臥ｧ∬�ｪ霄ｫ縲�
�ｼ第律�ｼ偵�懶ｼ捺凾髢薙�ｮ菴懈･ｭ縺ｧ縲∝濠蟷ｴ縺ｧ�ｼ托ｼ厄ｼ嶺ｸ�蜀�繧堤ｪ∫�ｴ縺励��
譛�邨ら噪縺ｫ縺ｯ縲��ｼ大ｹｴ縺ｧ�ｼ�,�ｼ撰ｼ撰ｼ蝉ｸ�蜀�繧ゅ�ｮ縺企�代ｒ逕溘∩蜃ｺ縺励∪縺励◆縲�
http://angelmarriages.info/mn/money/


豁｣逶ｴ縺ｫ逕ｳ縺励∪縺吶��

蛟倶ｺｺ蟾ｮ縺後≠繧九�ｮ縺ｧ隱ｰ縺励ｂ�ｼ�,�ｼ撰ｼ撰ｼ蝉ｸ�蜀�縺ｨ縺�縺�縺ｮ縺ｯ菫晁ｨｼ縺ｧ縺阪∪縺帙ｓ縲�

縺励°縺励�√←縺�蟆代↑縺剰ｦ狗ｩ阪ｂ縺｣縺ｦ繧ゑｼ抵ｼ撰ｼ蝉ｸ�蜀�縺ｯ蝗ｺ縺�縺ｧ縺励ｇ縺�縲�


縺薙�ｮ繝偵Α繝�繧偵�∽ｻ翫↑繧臥┌譁吶〒繝励Ξ繧ｼ繝ｳ繝医＠縺ｾ縺吶��

繝ｪ繧ｹ繝医↑縺励�√せ繧ｭ繝ｫ縺ｪ縺励�∝膚蜩√↑縺励〒
蜊ｳ譌･�ｼ呈凾髢薙〒�ｼ台ｸ�蜀�繧堤ｨｼ縺�(譎らｵｦ謠帷ｮ�5,000蜀�)縲�
縺昴�ｮ蠕後�ｮ蜊雁ｹｴ髢薙〒�ｼ托ｼ厄ｼ嶺ｸ�繧ゅ�ｮ螟ｧ驥代ｒ遞ｼ縺�縺�譁ｹ豕輔〒縺吶��

莉翫°繧峨ロ繝�繝医ン繧ｸ繝阪せ繧貞ｧ九ａ繧区婿縺ｧ繧ょｮ溯ｷｵ蜿ｯ閭ｽ縺ｧ縺吶��
縲�縲�笆ｼ縲�笆ｽ縲�笆ｼ縲�笆ｽ
http://angelmarriages.info/mn/money/


繧ゅ≧荳�蠎ｦ縲∵ｭ｣逶ｴ縺ｫ險�縺�縺ｾ縺吶��
縺薙�ｮ蜀�螳ｹ縺ｯ縺九↑繧翫Ζ繝舌う縺ｧ縺吶��

縺ｧ縺吶�ｮ縺ｧ縲∵ｬ｡縺ｮ鬆�逶ｮ縺ｫ荳�縺､縺ｧ繧ょｽ薙※縺ｯ縺ｾ繧倶ｺｺ譁ｹ縺ｯ逋ｻ骭ｲ縺励↑縺�縺ｧ荳九＆縺�縲�

===============================================================
1.縺吶＄縺ｫ辟｡逅�縺ｨ隲ｦ繧√ｋ莠ｺ
2.蛻晏ｿ�閠�縺ｧ縺吶′縺ｧ縺阪∪縺吶°?縺ｪ縺ｩ縺ｨ諢壹°縺ｪ縺薙→繧貞ｹｳ豌励〒險�縺�莠ｺ
3."閾ｪ蛻�閾ｪ霄ｫ縺ｮ縺溘ａ縺ｫ繧�繧�"縺ｨ縺�縺�蠖薙◆繧雁燕縺ｮ豌玲戟縺｡縺後↑縺�莠ｺ
4.遞ｼ縺偵※繧ゅ＞縺ｪ縺�縺ｮ縺ｫ逅�螻医�ｰ縺九ｊ縺薙�ｭ縺ｦ繧ｫ繝ｳ繧ｿ繝ｳ縺ｪ陦悟虚縺吶ｉ縺励↑縺�莠ｺ
5.繧｢繝輔ぅ繝ｪ繧ｨ繧､繝医↑縺ｩ縺ｮ繝阪ャ繝医ン繧ｸ繝阪せ縺ｧ譌｢縺ｫ遞ｼ縺�縺ｧ縺�繧倶ｺｺ
===============================================================

荳願ｨ倥�ｮ鬆�逶ｮ縺ｫ縺ｲ縺ｨ縺､縺ｧ繧ょｽ薙※縺ｯ縺ｾ繧擬荳�逕溽ｨｼ縺偵↑縺�螻樊�ｧ縺ｮ譁ｹ]縺ｯ縺秘□諷ｮ荳九＆縺�縲�

縺昴ｌ莉･螟悶�ｮ譁ｹ縺ｯ荳玖ｨ篭RL繧医ｊ縲�
莉翫∪縺ｧ縺ｮ萓｡蛟､隕ｳ縺後￥縺､縺後∴繧倶ｸ也阜縺ｸ縺ｮ隨ｬ荳�豁ｩ繧定ｸ上∩蜃ｺ縺励※荳九＆縺�!!

縲�縲�縲�縲�竊薙��縲�縲�縲�竊薙��縲�縲�縲�竊薙��縲�縲�縲�竊薙��縲�縲�縲�竊薙��縲�縲�縲�竊�

http://angelmarriages.info/mn/money/



-----------------------------------------------------------------

1






From lists at infosecurity.ch  Sun Feb  3 12:46:47 2013
From: lists at infosecurity.ch (Fabio Pietrosanti (naif))
Date: Sun, 03 Feb 2013 21:46:47 +0100
Subject: [tor-talk] TOR Fone - p2p secure and anonymous VoIP tool
Message-ID: <mailman.4174.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On 2/3/13 9:23 PM, coderman wrote:
> "push-to-talk" with procedure words over zrtp would be applicable. use
> FEC to accommodate reasonable loss over datagram Tor.
>
> both Whisper Systems and Guardian Project are working on PTT
> capabilities, iirc.
>
> last but not least, the codec makes no difference until larger issues
> are worked out, for those arguing about OPUS vs. G729a/729.1 vs Speex,
> etc. in practice the G729 implementations in cSipSimple (over ZRTP)
> seem to be best, but this is most likely the other implementations
> sucking. i have high hopes for a better OPUS codec...

For my daily-for-profit-job i made in past stuff for secure telephony
over GPRS that:
- can have variable latencies on CS1 between 800ms-2200ms
- is a reliable transport (the low level of the OS does retransmissions
at GSM RLP level)

To work over high latency (and tipically also low-bandwidth) with
reliable transport (like TCP/Tor) you need to use those multimedia strategy:
- setup a large static jitter buffer (you define the added artificial
latency of the call to compensate variable latency)
- reduce transport protocol overhead by setting a large "packetization time"
- detect retransmission behaviours, in that case apply small TX cutting
(transmission)

With such approach you can avoid "PTT" and even if the communication
will sounds like an old analog satellite connection, it works.

Fabio
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Sun Feb  3 13:11:44 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 3 Feb 2013 22:11:44 +0100
Subject: [tor-talk] TOR Fone - p2p secure and anonymous VoIP tool
Message-ID: <20130203211144.GD6172@leitl.org>

----- Forwarded message from "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> -----


From kyrwuaqjmtjdmp at mefound.com  Sun Feb  3 20:08:57 2013
From: kyrwuaqjmtjdmp at mefound.com (即日稼げる副業!)
Date: Mon, 04 Feb 2013 05:08:57 +0100
Subject: 初月50万は誰でも稼げる
Message-ID: <201302040316.r143GGlR010907@proton.jfet.org>


縲�縲�笏鞘煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏�
縲�縲�笏�----------------------------------------------------------笏�
縲��ｼｿ笏� 縲�縲�笘�蠖捺律謖ｯ霎ｼ!荳ｻ蟀ｦ縺ｧ繧０L縺ｧ繧りｪｰ縺ｧ繧らｨｼ縺偵ｋ繧ｫ繝ｳ繧ｿ繝ｳ蜑ｯ讌ｭ笘�縲�笏��ｼｿ
縲��ｼｼ笏�----------------------------------------------------------笏��ｼ�
縲��ｼ鞘迫笏ｯ笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫髪笏幢ｼｼ
縲��ｿ｣�ｿ｣縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲��ｿ｣�ｿ｣

縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�蜊ｳ譌･遞ｼ縺偵ｋ蜑ｯ讌ｭ!!!
縲�縲�譌･謇輔＞蜿ｯ閭ｽ!螳牙ｿ��ｽ､螳牙�ｨ�ｽ､謳ｺ蟶ｯ縺ｲ縺ｨ縺､縺ｧ邁｡蜊倥↓遞ｼ縺偵ｋ蜑ｯ讌ｭ�ｽｻ�ｽｲ�ｾ�縺ｮ莉｣蜷崎ｩ�!!
縲�縲�縲�縲�縲�縲�縲�縲�荳ｻ蟀ｦ縺ｧ繧�200荳�縺ｯ縺吶＄縺ｫ遞ｼ縺偵∪縺�!!
縲主�晏ｿ�閠�縺九ｉ蛻昴ａ縺ｦ蛻晄怦50荳�縺ｯ隱ｰ縺ｧ繧らｨｼ縺偵ｋ縲上→�ｽ､譛牙錐縺ｪ莠ｺ豌励�ｮ蜑ｯ讌ｭ�ｽｻ�ｽｲ�ｾ�笘�
                http://angelmarriages.info/mn/fukugyo/

縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縺ｿ繧薙↑縺後ｄ繧狗炊逕ｱ縺ｯ縺薙ｌ縺�!!!

縲�縲�縲�縲�縲�縲�縲�縲�縲� 縲�1.邁｡蜊倥↑繝｡繝ｼ繝ｫ繧偵ｄ繧翫→繧翫☆繧九□縺�
                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  螂ｽ縺阪↑譎る俣縲√♀證�縺ｪ譎る俣縺�縺代ｒ蛻ｩ逕ｨ縺励※縲√Γ繝ｼ繝ｫ繧呈焚騾壹ｄ繧翫→繧翫☆繧九□縺�
                 http://angelmarriages.info/mn/fukugyo/

 縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�2.蛻晄悄雋ｻ逕ｨ縺後ぞ繝ｭ蜀�
                         ~~~~~~~~~~~~~~~~~~
 蜑ｯ讌ｭ繧貞ｧ九ａ繧医≧縺ｨ諤昴∴縺ｰ縲√←繧薙↑莠九ｒ縺吶ｋ縺ｫ繧ょ�晄悄謚戊ｳ�縺悟ｿ�隕√↑繧ゅ�ｮ縺ｧ縺吶��
        縺励°縺励�√％縺ｮ譁ｹ豕輔�ｯ荳�蛻�縺ｮ蛻晄悄雋ｻ逕ｨ繧よ橿陦薙ｂ蠢�隕√≠繧翫∪縺帙ｓ�ｼ�
                  http://angelmarriages.info/mn/fukugyo/

縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�3.蜿主�･鬘阪′辟｡髯仙､ｧ
縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�~~~~~~~~~~~~~~~~
縲�縲�縲�縺薙�ｮ蜑ｯ讌ｭ繧偵＆繧後※縺�繧区婿縺ｮ蟷ｳ蝮�鬘阪′荳�繝ｶ譛医↓邏�50荳�蜀�縺ｧ縺吶��
縲�50荳�蜀�縺ｧ繧ょ憶讌ｭ縺ｨ縺励※縺ｯ蜈�蛻�縺吶℃繧句庶蜈･縺ｧ縺吶′縲∝､壹＞譁ｹ縺ｧ蟷ｳ蝮�邏�150荳�蜀�縲�
蝣ｴ蜷医↓繧医▲縺ｦ縺ｯ謨ｰ蜊�荳�蜀�縺ｫ縺ｪ繧九％縺ｨ繧ゅ≠縺｣縺溘ｊ縺ｨ縲∝庶蜈･縺ｫ荳企剞縺後≠繧翫∪縺帙ｓ�ｼ�
                http://angelmarriages.info/mn/fukugyo/


縲�縲�縲�縲�縲�縲�縲�縲�縲�笘�縲�隧ｳ縲�邏ｰ縲�縺ｯ縲�縺薙��縺｡縲�繧峨��笘�
縲�縲�縲�縲�縲�縲�縲�縲�縲�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�
縲�縲�縲�縲�縲�縲�縲�縲�http://angelmarriages.info/mn/fukugyo/
縲�



----------------------------------------------------


4





From eugen at leitl.org  Mon Feb  4 02:29:47 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 4 Feb 2013 11:29:47 +0100
Subject: [silk] Power and the Internet
Message-ID: <20130204102947.GL6172@leitl.org>

----- Forwarded message from Udhay Shankar N <udhay at pobox.com> -----


From udhay at pobox.com  Sun Feb  3 23:09:54 2013
From: udhay at pobox.com (Udhay Shankar N)
Date: Mon, 04 Feb 2013 12:39:54 +0530
Subject: [silk] Power and the Internet
Message-ID: <mailman.4175.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Bruce Schneier on what worries him about the state of the net today.

Money quote:

"The Internet is what we make it, and is constantly being recreated by
organizations, companies, and countries with specific interests and
agendas. Either we fight for a seat at the table, or the future of the
Internet becomes something that is done to us."

https://www.schneier.com/blog/archives/2013/01/power_and_the_i.html

January 31, 2013
Power and the Internet

All disruptive technologies upset traditional power balances, and the
Internet is no exception. The standard story is that it empowers the
powerless, but that's only half the story. The Internet empowers
everyone. Powerful institutions might be slow to make use of that new
power, but since they are powerful, they can use it more effectively.
Governments and corporations have woken up to the fact that not only can
they use the Internet, they can control it for their interests. Unless
we start deliberately debating the future we want to live in, and
information technology in enabling that world, we will end up with an
Internet that benefits existing power structures and not society in general.

We've all lived through the Internet's disruptive history. Entire
industries, like travel agencies and video rental stores, disappeared.
Traditional publishing -- books, newspapers, encyclopedias, music --
lost power, while Amazon and others gained. Advertising-based companies
like Google and Facebook gained a lot of power. Microsoft lost power (as
hard as that is to believe).

The Internet changed political power as well. Some governments lost
power as citizens organized online. Political movements became easier,
helping to topple governments. The Obama campaign made revolutionary use
of the Internet, both in 2008 and 2012.

And the Internet changed social power, as we collected hundreds of
"friends" on Facebook, tweeted our way to fame, and found communities
for the most obscure hobbies and interests. And some crimes became
easier: impersonation fraud became identity theft, copyright violation
became file sharing, and accessing censored materials -- political,
sexual, cultural -- became trivially easy.

Now powerful interests are looking to deliberately steer this influence
to their advantage. Some corporations are creating Internet environments
that maximize their profitability: Facebook and Google, among many
others. Some industries are lobbying for laws that make their particular
business models more profitable: telecom carriers want to be able to
discriminate between different types of Internet traffic, entertainment
companies want to crack down on file sharing, advertisers want
unfettered access to data about our habits and preferences.

On the government side, more countries censor the Internet -- and do so
more effectively -- than ever before. Police forces around the world are
using Internet data for surveillance, with less judicial oversight and
sometimes in advance of any crime. Militaries are fomenting a cyberwar
arms race. Internet surveillance -- both governmental and commercial --
is on the rise, not just in totalitarian states but in Western
democracies as well. Both companies and governments rely more on
propaganda to create false impressions of public opinion.

In 1996, cyber-libertarian John Perry Barlow issued his "Declaration of
the Independence of Cyberspace." He told governments: "You have no moral
right to rule us, nor do you possess any methods of enforcement that we
have true reason to fear." It was a utopian ideal, and many of us
believed him. We believed that the Internet generation, those quick to
embrace the social changes this new technology brought, would swiftly
outmaneuver the more ponderous institutions of the previous era.

Reality turned out to be much more complicated. What we forgot is that
technology magnifies power in both directions. When the powerless found
the Internet, suddenly they had power. But while the unorganized and
nimble were the first to make use of the new technologies, eventually
the powerful behemoths woke up to the potential -- and they have more
power to magnify. And not only does the Internet change power balances,
but the powerful can also change the Internet. Does anyone else remember
how incompetent the FBI was at investigating Internet crimes in the
early 1990s? Or how Internet users ran rings around China's censors and
Middle Eastern secret police? Or how digital cash was going to make
government currencies obsolete, and Internet organizing was going to
make political parties obsolete? Now all that feels like ancient history.

It's not all one-sided. The masses can occasionally organize around a
specific issue -- SOPA/PIPA, the Arab Spring, and so on -- and can block
some actions by the powerful. But it doesn't last. The unorganized go
back to being unorganized, and powerful interests take back the reins.

Debates over the future of the Internet are morally and politically
complex. How do we balance personal privacy against what law enforcement
needs to prevent copyright violations? Or child pornography? Is it
acceptable to be judged by invisible computer algorithms when being
served search results? When being served news articles? When being
selected for additional scrutiny by airport security? Do we have a right
to correct data about us? To delete it? Do we want computer systems that
forget things after some number of years? These are complicated issues
that require meaningful debate, international cooperation, and iterative
solutions. Does anyone believe we're up to the task?

We're not, and that's the worry. Because if we're not trying to
understand how to shape the Internet so that its good effects outweigh
the bad, powerful interests will do all the shaping. The Internet's
design isn't fixed by natural laws. Its history is a fortuitous
accident: an initial lack of commercial interests, governmental benign
neglect, military requirements for survivability and resilience, and the
natural inclination of computer engineers to build open systems that
work simply and easily. This mix of forces that created yesterday's
Internet will not be trusted to create tomorrow's. Battles over the
future of the Internet are going on right now: in legislatures around
the world, in international organizations like the International
Telecommunications Union and the World Trade Organization, and in
Internet standards bodies. The Internet is what we make it, and is
constantly being recreated by organizations, companies, and countries
with specific interests and agendas. Either we fight for a seat at the
table, or the future of the Internet becomes something that is done to us.

This essay appeared as a response to Edge's annual question, "What
*Should* We Be Worried About?"


-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From stepanovich at epic.org  Mon Feb  4 10:23:08 2013
From: stepanovich at epic.org (Amie Stepanovich)
Date: Mon, 4 Feb 2013 13:23:08 -0500
Subject: [drone-list] Mini Drones Used by British Troops
Message-ID: <mailman.4176.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

This story didn't get passed around much yesterday (I hear there was some sport event on? ;)) but I thought some of you may find it interesting - http://news.sky.com/story/1047004/mini-drones-army-deploys-tiny-helicopters


"British troops are using a nano drone just 10cm long and weighing 16 grams on the front line in Afghanistan to provide vital information on the ground.
They are the first to use the state-of-the-art handheld tiny surveillance helicopters, which relay reliable full motion video and still images back to the devices' handlers in the battlefield.

The Black Hornet Nano Unmanned Air Vehicle is the size of a child's toy, measuring just 10cm (4 ins) by 2.5cm (1 inch), and is equipped with a tiny camera."



Amie Stepanovich
Associate Litigation Counsel
Electronic Privacy Information Center
202.483.1140 x104
@astepanovich

Defend Privacy. Support EPIC.
http://www.epic.org/donate/










_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Mon Feb  4 05:29:14 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 4 Feb 2013 14:29:14 +0100
Subject: <nettime> Raphael Satter: Minister: Iceland refused to help FBI
  on
Message-ID: <20130204132914.GV6172@leitl.org>

----- Forwarded message from Patrice Riemens <patrice at xs4all.nl> -----


From ppnwdiyab at ua-hosting.com.ua  Mon Feb  4 04:42:49 2013
From: ppnwdiyab at ua-hosting.com.ua (Patek Philippe)
Date: Mon, 04 Feb 2013 16:42:49 +0400
Subject: Replica watch
Message-ID: <A64CE367.7D8EE233@ua-hosting.com.ua>

http://replica-8.ru/rw/bobauro





From ehchangovuke at resinexbmy.com  Mon Feb  4 08:19:23 2013
From: ehchangovuke at resinexbmy.com (=?koi8-r?B?8NLFy9LB3cXOycUg1NLVxM/Xz8fPIMTPx8/Xz9LB?=)
Date: Mon, 04 Feb 2013 17:19:23 +0100
Subject: =?koi8-r?B?59LBzc/Uzs/FINXXz8zYzsXOycUg08/U0tXEzsnLz9c=?=
Message-ID: <2408151D.FEBCC333@resinexbmy.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5883 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20130204/c45e2346/attachment.txt>

From eugen at leitl.org  Mon Feb  4 12:53:58 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 4 Feb 2013 21:53:58 +0100
Subject: [drone-list] Mini Drones Used by British Troops
Message-ID: <20130204205358.GC6172@leitl.org>

----- Forwarded message from Amie Stepanovich <stepanovich at epic.org> -----


From kanzure at gmail.com  Tue Feb  5 02:58:50 2013
From: kanzure at gmail.com (Bryan Bishop)
Date: Tue, 5 Feb 2013 04:58:50 -0600
Subject: Removing watermarks from pdfs
Message-ID: <mailman.4177.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Tue, Jan 15, 2013 at 6:34 PM, Bryan Bishop wrote:

> How about getting rid of those pesky watermarks in pdfs?


Working proof of concept:

https://github.com/kanzure/pdfparanoia
https://pypi.python.org/pypi/pdfparanoia

To install:

git clone git://github.com/kanzure/pdfparanoia.git

or:

sudo pip install pdfparanoia

or:

sudo easy_install pdfparanoia

Right now there's IEEE and AIP support. I need more samples to work with.

- Bryan
http://heybryan.org/
1 512 203 0507

-- 
You received this message because you are subscribed to the Google Groups "science-liberation-front" group.
To unsubscribe from this group and stop receiving emails from it, send an email to science-liberation-front+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From tqlauyrb at dynamic-dns.net  Mon Feb  4 23:14:51 2013
From: tqlauyrb at dynamic-dns.net (夢への道!)
Date: Tue, 05 Feb 2013 05:14:51 -0200
Subject: お金がなくても夢がかなう
Message-ID: <201302050618.r156HxfQ002239@proton.jfet.org>

縺企�大･ｽ縺阪〒縺吶°�ｼ�



    笏鞘煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫箔
笏鞘煤笏ｫ縲�縲�縲�縲�縲�螟｢縺ｸ縺ｮ驕�!!縺企�代′縺ｪ縺上※繧ょ､｢縺後°縺ｪ縺�縲�縲�縲�縲�縲�縲�笏｣笏≫箔
笏�笆�笏冷筏笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏≫煤笏ｳ笏帚蔓笏�
笏冷煤笏≫縛縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�笏冷煤笏≫縛



縲�縲�雉ｪ蝠�1縲�縲�縺企�代′縺ｪ縺上※繧ょ､｢縺悟掌縺�縺｣縺ｦ縺ｩ縺�繧�縺�縺薙→�ｼ�

縲�縲�縲�縲�縲�縲�縲�譎る俣縺ｨ縺企�代′縺ゅｌ縺ｰ縺九↑縺�縺ｨ諤昴＞縺ｾ縺帙ｓ縺具ｼ�
縲�縲�縲�縺昴≧縺ｪ繧薙〒縺�!!縺ゅ↑縺溘�ｮ螟｢縺後°縺ｪ縺�縺ｾ縺ｧ縺ｮ驥鷹姦逧�繧ｵ繝昴�ｼ繝医ｒ
縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縺励※縺上ｌ繧九ｓ縺ｧ縺�!!



縲�縲�雉ｪ蝠�2縲�縲�縲�縲�縺ｧ繧ゅ↑繧薙〒縺昴ｓ縺ｪ莠九＠縺ｦ縺上ｌ繧九�ｮ�ｼ�

縲�縲�縲�繧�縺ｯ繧企�鷹姦逧�繧ｵ繝昴�ｼ繝医�ｯ縺企�代ｂ縺｡縺励°縺ｧ縺阪∪縺帙ｓ繧医�ｭ�ｼ�
縲�縲�縲�縲�縲�縲�縲�縺企�第戟縺｡縺ｮ譁ｹ縺ｯ縺昴ｌ縺ｪ繧翫�ｮ遶句�ｴ縺後≠繧翫∪縺吶��
縲�縲�縲�縲�縲�縲�縲�縺�縺九ｉ隱ｰ縺ｫ繧よか縺ｿ繧呈遠縺｡譏弱¢繧後↑縺�繧薙〒縺�
縲�縲�縲�縲�縲�縺�縺九ｉ縺企�第戟縺｡縺ｮ莠ｺ縺ｮ隧ｱ繧�謔ｩ縺ｿ繧定◇縺�縺ｦ縺ゅ£繧後�ｰ
縲�縲�縲�繧ｫ繧ｦ繝ｳ繧ｻ繝ｪ繝ｳ繧ｰ譁吶→縺励※謠ｴ蜉ｩ縺励※繧ゅｉ縺医ｋ縺ｨ縺�縺�繧上¢縺ｧ縺吶��




縲�縲�雉ｪ蝠�3縲�縲�縲�縲�縺ｩ縺�縺吶ｌ縺ｰ繧ｵ繝昴�ｼ繝医＠縺ｦ繧ゅｉ縺医ｋ縺ｮ�ｼ�

縲�縲�縲�縲�縲�縲�縺ｾ縺壹�ｯ螳悟�ｨ辟｡譁咏匳骭ｲ繧偵＠縺ｾ縺吶��
縲�縲�縲�縲�縲�谺｡縺ｫ繧ｵ繧､繝亥��縺ｧ閾ｪ蛻�縺ｮ繝励Ο繝輔ぅ繝ｼ繝ｫ繧定ｨｭ螳壹＠縺ｾ縺吶��
縲�縲�縲�縲�縲�縲�縲�縲�縲�縲�縺ゅ→縺ｯ繝｡繝ｼ繝ｫ繧貞ｾ�縺､縺�縺�!!



縲�縲�縲�縲�笘�縺ｩ縺ｮ繧医≧縺ｪ譁ｹ縲�縺後＞繧九�ｮ縺九ｒ縺皮ｴｹ莉九＠縺ｾ縺励ｇ縺�笘�

笘�蟷ｴ蜿弱げ繝ｩ繝補��

縲�縲�荳�蜆�莉･荳翫��笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�
5000荳�縲�9000荳�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�
1000荳�縲�5000荳�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�
500荳�縲�1000荳�縲�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�
縲�縲�500荳�莉･荳九��笆�笆�笆�縲�縲�
縲�

笘�閨ｷ讌ｭ蛻･繧ｰ繝ｩ繝補��縲�

縲�縲�縲�縲�蛹ｻ閠�縲�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�縲�
縲�縲�莨夂､ｾ邨悟霧縲�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�笆�
縲�縲�縲�蠑∬ｭｷ螢ｫ縲�笆�笆�笆�笆�笆�笆�笆�笆�
縲�縲�縲�豌ｴ蝠�螢ｲ縲�笆�笆�笆�笆�
縲�縲�縲�縺昴�ｮ莉悶��笆�笆�笆�笆�笆�笆�縲�

縲�縲�縲�縲�縲�縲�縺ｨ縺薙�ｮ繧医≧縺ｫ縺企�第戟縺｡縺ｮ譁ｹ縺ｰ縺九ｊ縺ｧ縺吶��
縲�縲�縲�縲�閾ｪ蛻�繧偵←縺薙∪縺ｧ繧｢繝斐�ｼ繝ｫ縺ｧ縺阪ｋ縺玖ｩｦ縺励※縺ｿ縺ｾ縺励ｇ縺�!!縲�..

         http://angelmarriages.info/mn/dream/


笆｡笆�*:;;;:*笆｡笆�*:;;;:*笆�笆｡*:;;;:*笆�笆｡*:;;;:*笆｡笆�*: 

1





From eugen at leitl.org  Tue Feb  5 04:31:37 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 5 Feb 2013 13:31:37 +0100
Subject: Removing watermarks from pdfs
Message-ID: <20130205123137.GQ6172@leitl.org>

----- Forwarded message from Bryan Bishop <kanzure at gmail.com> -----


From kanzure at gmail.com  Tue Feb  5 12:20:22 2013
From: kanzure at gmail.com (Bryan Bishop)
Date: Tue, 5 Feb 2013 14:20:22 -0600
Subject: [DIYbio] Removing watermarks from pdfs (pdfparanoia)
Message-ID: <mailman.4178.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

How about removing those pesky watermarks from pdfs? Sometimes they
completely obfuscate the contents of a paper we're trying to read, or
sometimes they have more sinister purposes.

Working proof of concept:

https://github.com/kanzure/pdfparanoia
https://pypi.python.org/pypi/pdfparanoia

Discussion history:
https://groups.google.com/group/science-liberation-front/t/c68964cf55d8f6fa

People who could theoretically benefit from this:
http://scholar.google.com/scholar?q=%22Authorized+licensed+use+limited+to%22
http://scholar.google.com/scholar?q="Redistribution+subject+to+SEG+license+or+copyright"<http://scholar.google.com/scholar?q=%22Redistribution+subject+to+SEG+license+or+copyright%22>
http://scholar.google.com/scholar?q="Redistribution+subject+to+AIP"<http://scholar.google.com/scholar?q=%22Redistribution+subject+to+AIP%22>
http://scholar.google.com/scholar?q="Downloaded+from+http%3A%2F%2Fpubs.acs.org+on"<http://scholar.google.com/scholar?q=%22Downloaded+from+http%3A%2F%2Fpubs.acs.org+on%22>
http://scholar.google.com/scholar?q="Downloaded+*+*+2001..2013+to+*"<http://scholar.google.com/scholar?q=%22Downloaded+*+*+2001..2013+to+*%22>

To get source code:

git clone git://github.com/kanzure/pdfparanoia.git

To install:

sudo pip install pdfparanoia

or:

sudo easy_install pdfparanoia

Right now there's IEEE and AIP support. I need more samples to work with.

- Bryan
http://heybryan.org/
1 512 203 0507

-- 
-- You received this message because you are subscribed to the Google Groups DIYbio group. To post to this group, send email to diybio at googlegroups.com. To unsubscribe from this group, send email to diybio+unsubscribe at googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/diybio?hl=en
Learn more at www.diybio.org
--- 
You received this message because you are subscribed to the Google Groups "DIYbio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to diybio+unsubscribe at googlegroups.com.
To post to this group, send email to diybio at googlegroups.com.
Visit this group at http://groups.google.com/group/diybio?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From openssl at master.openssl.org  Tue Feb  5 06:18:28 2013
From: openssl at master.openssl.org (OpenSSL)
Date: Tue,  5 Feb 2013 15:18:28 +0100 (CET)
Subject: OpenSSL Security Advisory
Message-ID: <mailman.4179.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OpenSSL Security Advisory [05 Feb 2013]
========================================

SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
============================================================

Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
differences arising during MAC processing. Details of this attack can be
found at: http://www.isg.rhul.ac.uk/tls/

All versions of OpenSSL are affected including 1.0.1c, 1.0.0j and 0.9.8x

Note: this vulnerability is only partially mitigated when OpenSSL is used
in conjuction with the OpenSSL FIPS Object Module and the FIPS mode of
operation is enabled.

Thanks go to Nadhem J. AlFardan and Kenneth G. Paterson of the Information
Security Group Royal Holloway, University of London for discovering this flaw.

An initial fix was prepared by Adam Langley <agl at chromium.org> and Emilia
Kdsper <ekasper at google.com> of Google. Additional refinements were added by
Ben Laurie, Andy Polyakov and Stephen Henson of the OpenSSL group.

Affected users should upgrade to OpenSSL 1.0.1d, 1.0.0k or 0.9.8y

TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)
=============================================

A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on
AES-NI supporting platforms can be exploited in a DoS attack. If you are
unsure if you are using AES-NI see "References" below.

Anyone using an AES-NI platform for TLS 1.2 or TLS 1.1 on OpenSSL 1.0.1c is
affected. Platforms which do not support AES-NI or versions of OpenSSL which
do not implement TLS 1.2 or 1.1 (for example OpenSSL 0.9.8 and 1.0.0) are
not affected.

Thanks go to Adam Langley <agl at chromium.org> for initially discovering the
bug and developing a fix and to Wolfgang Ettlingers
 <wolfgang.ettlinger at gmail.com> for independently discovering this issue.

Affected users should upgrade to OpenSSL 1.0.1d

OCSP invalid key DoS issue (CVE-2013-0166)
============================================

A flaw in the OpenSSL handling of OCSP response verification can be exploitedin a denial of service attack.

All versions of OpenSSL are affected including 1.0.1c, 1.0.0j and 0.9.8x

This flaw was discovered and fixed by Stephen Henson of the OpenSSL core team.

Affected users should upgrade to OpenSSL 1.0.1d, 1.0.0k or 0.9.8y.

References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20130204.txt
Wikipedia AES-NI description:
http://en.wikipedia.org/wiki/AES-NI

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBURETXqLSm3vylcdZAQLE2QgAuHTRN3khjkmt/NRS4hg/mT+YRD+aJMsU
mhCoqYvVuW0GVJHCY4yiBUoj0bgTfwWyazQRaWSFX8ewc/mHqNKYoVBSczb9nxqZ
Kh41maLcKGMHtDNQlb5bINa95+9Ix9+J9Izdd7dWycpApN/azCV+r/kkXVArAq8J
jYZ5Wl7PtSELArAtN5R56TgmSpcZvnIkqm7dV9rkJZGE9PBXskiLJjozWqPHgvQC
HcAXNuAgrWJjuCKimictGoC0gP+tmF7tMIqYKT8/16qAqWs4vBk/Z0rxpQ4wV6pU
6jWjcFL+dVQm/59RKtYwsnBPmXgH9zg7kS2y0xcHTWJG3EKucxe8zQ==
=BgHn
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Announcement Mailing List                 openssl-announce at openssl.org
Automated List Manager                           majordomo at openssl.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Tue Feb  5 07:31:33 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 5 Feb 2013 16:31:33 +0100
Subject: OpenSSL Security Advisory
Message-ID: <20130205153133.GU6172@leitl.org>

----- Forwarded message from OpenSSL <openssl at master.openssl.org> -----


From liberationtech at lewman.us  Tue Feb  5 15:59:03 2013
From: liberationtech at lewman.us (liberationtech at lewman.us)
Date: Tue, 5 Feb 2013 18:59:03 -0500
Subject: [liberationtech] Removing watermarks from pdfs (pdfparanoia)
Message-ID: <mailman.4180.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Tue, 5 Feb 2013 14:20:22 -0600
Bryan Bishop <kanzure at gmail.com> wrote:

> How about removing those pesky watermarks from pdfs? Sometimes they
> completely obfuscate the contents of a paper we're trying to read, or
> sometimes they have more sinister purposes.

I get PDFs watermarked to me by their placement of sections in relation
to one another, their word choice in opening sentences of paragraphs,
and figure/image locations within the PDF. The idea being that the
content is the watermark, not some silly overlay watermark which is
fairly easily stripped out in most free operating systems.

-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Tue Feb  5 13:14:48 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 5 Feb 2013 22:14:48 +0100
Subject: [DIYbio] Removing watermarks from pdfs (pdfparanoia)
Message-ID: <20130205211448.GG6172@leitl.org>

----- Forwarded message from Bryan Bishop <kanzure at gmail.com> -----


From nadim at nadim.cc  Tue Feb  5 19:29:49 2013
From: nadim at nadim.cc (Nadim Kobeissi)
Date: Tue, 5 Feb 2013 22:29:49 -0500
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4181.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Dear LibTech,
I'm frankly not sure about this idea, it may certainly be a bad one, but
I've been using a Chromebook for almost a week now, and I've had some
observations regarding this device. I'd like to discuss whether it's a good
idea to hypothetically have Chromebooks used by activists, journalists,
human rights workers and so on, as opposed to laptops with either Windows
or Mac OS X running on top.

First, the security and operational models are very interesting. In fact, I
think this is probably the most secure end-user laptop OS currently on the
mainstream market. Namely, Chromebooks use verified boot, disk encryption
(with hardware-level tamper-resistance,) and sandboxing. This compounds
with a transparent automatic update schedule from Google's Chrome team,
which already has (from my experience) a truly superb reputation for
security management. I'm looking at you, Adam Langley!

The operating system itself is minimal. There is *much* less room for
malware to be executed or for spyware to embed itself on the OS level. The
difference in attack vector size between Chromebooks and Mac OS/Windows
appears phenomenal to me. Of course, Chromebooks still have a filesystem
and users are allowed to plug in USB drives, but due to the minimal nature
of the operating system, its highly unusual strength of focus on security,
and its relatively new nature, even malware delivered from these mediums
may end up being much less common than in other platforms (Windows/Mac).

I also feel that the minimal nature of Chromebooks leaves security
considerations out of the way while offering an interface that is
accessible to activists and journalists around the world. This
accessibility is also a security feature! (I've long argued that
accessibility should be considered a security feature.)

Now, for the obvious (and unfortunate!) downsides: Chromebooks natively
encourage users to store all of their data on Google, leaving the company
with an unbalanced amount of control over these machines, and attracting
itself as a compromise target relevant to Chromebook users. Another
downside: No Tor. No PGP. No encryption software. Cryptocat is available
for Chrome OS, but I can hardly say that's enough at all!

The restricted, minimal nature of the operating system and the
security-focused design of both the hardware and boot process are really
appealing to me, and are the brunt of what makes me write this email.
Should Chromebooks be recommended for activists and journalists in
dangerous situations?

As I've disclaimed above, this is only a theoretical discussion, please
feel free to disagree and don't take me seriously just yet. :-)

NK

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Tue Feb  5 23:48:34 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 6 Feb 2013 08:48:34 +0100
Subject: [liberationtech] Removing watermarks from pdfs
  (pdfparanoia)
Message-ID: <20130206074834.GR6172@leitl.org>

----- Forwarded message from liberationtech at lewman.us -----


From trrevv at gmail.com  Wed Feb  6 09:06:01 2013
From: trrevv at gmail.com (T N)
Date: Wed, 6 Feb 2013 09:06:01 -0800
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4182.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Just FYI:

Chrome OS devices are not subject to roll back attacks because the verified
boot does not allow that.  Google has extensive documentation on this, and
you can review the implementation by viewing the source code.  Rollback
attacks were an attack vector they specifically designed to prevent.  In
fact as a chrome OS user this is as much an disadvantage as it an
advantage: updates are forced- you can not go back and bug regressions
which don't effect security but that are annoying can occur and there isn't
anything you can do about that.

Also, it isn't just verified boot an attacker would have to overcome.  The
DM verity means any OS and onboard application code must checksum correctly
or it will never run, this is true at all times.  Realize as well that all
of this code is always running off read only file systems.

Note that the builtin data partition (not executable code, in fact data
filesystem is mounted no exec)  encryption is defeatable in the minimal
sense that Chrome OS does allow users to choose to not have to login when
waking from sleep, so user stupidity allows a small opening here.  Heh-
happened to me.  Lost my chromebook and could not remember if I had left it
"locked" (long story!), but I knew it was asleep.  Finderay have had access
to my login session, albeit og little use since I changed my password and I
believe this deactivated access to current email login, eg.  Also
enterprise administrators may have the option of overriding user choice
here, saving users from their stupidity.

Another interesting point: the onboard ssh client is implemented partially
in javavscript (the terminal portion).  Before you whince, know that Google
argues this is more secure than normal ssh Unix clients because in addition
to all the usual ssh protections, it is necessarily running in a Chrome
sandbox!  They are probably right about that?  I think so.

Finally, I wrote up some stuff on their wiki: you can run in dev mode but
still have fully verified boot and auto update.  This gives the machine a
larger local attack surface (not remote though), but opens access to some
Unix user land such as the onboard openssl which you could use for
additional encryption.

Not too that chrome is devices share well and do while totally protecting
users from each other.

Not a security expert myself.  But I have been administering Unix systems
fulltime for over 15 years.  No question in my mind that these things are
more secure BY FAR than any other off the shelf solution you can buy as a
consumer.  That a normal Unix distro could be made to be as secure is IMO
not true as well.

Google has of course just made Chrome OS the target for their Pawnium
challenge this year.  Should be interesting!

Trever
On Feb 6, 2013 8:31 AM, "Tom Ritter" <tom at ritter.vg> wrote:

> On 6 February 2013 10:52, micah anderson <micah at riseup.net> wrote:
> >
> > Can you say what you mean here? What is SOP in this context?
>
> ChromeOS's 'Apps' are all extensions or webpages.  One can't interact
> with any other do to the standard Same Origin Policy browsers enforce.
>  It's what stops evilco.com from reading your logged in gmail.com tab
> in FF/Chrome/IE/any browser today.
>
>
> > I would be surprised if you actually 'bricked' these systems, since
> > neither operating system you mention involves a procedure that has the
> > risk of bricking a device. I suspect this is hyperbole?
>
> Well, I have a colleague rebuilding a FDE Ubuntu computer right now
> because we can't figure out how to repair its partition table and get
> it to boot without a LiveCD.  It's probably possible, but we're pretty
> technical people and we made the call it would take less time to
> recreate the machine than 'fix' it.  Similarly, I recently paid the
> gentoo tax while upgrading udev and not having a kernel switch turned
> on - wouldn't boot, requiring me to LiveCD it, enable the setting,
> recompile the kernel and replace it.
>
> So bricked in the sense of it's now a brick and might as well be sold
> for parts - you're right, that's hyperbole.  But for a non-technical
> person, with no access to someone to repair a machine for him/her - I
> don't know, I think it might as well be bricked.  They can't fix it on
> their own, and it's not going to boot.
>
>
> >> - Verified Boot, automatic FDE, tamper-resistant hardware
> >
> > All of this reminds me of this post:
> > http://mjg59.dreamwidth.org/22465.html
> >
> > which concludes:
> >
> > "Some people don't like Secure Boot because they don't trust
> > Microsoft. If you trust Google more, then a Chromebook is a reasonable
> > choice. But some people don't like Secure Boot because they see it as an
> > attack on user freedom, and those people should be willing to criticise
> > Google's stance. Unlike Microsoft, Chromebooks force the user to choose
> > between security and freedom. Nobody should be forced to make that
> > choice."
>
> I don't disagree with the notion that Chromebooks, Windows 8, iOS, and
> other examples make you choose between "Insecure and running your own
> stuff" and "Secure and running their stuff".  I completely agree with
> it.  I do disagree with a phrase of your except "Chromebooks force the
> user to choose between security and freedom" - I would rephrase it
> "Chromebooks force the user to choose between freedom and Google's
> stewardship".
>
> My gender-inspecific-nontechnical-family-member is not interesting in
> running after-market app stores or tethering apps on their phone, so
> if security was the only concern I would recommend iPhone because it
> is harder to root.  Similarly, if an activist is not going to run
> third party apps or 'jailbreak' their device (and nobody is going to
> take the responsibility to do it for them and then be full time tech
> support) - choosing a more secure, albeit stewarded by Google/Apple,
> system makes sense.  I know some people don't believe this, and I know
> some people (like RMS) say we should always fight the good fight and
> never give way...
>
> But if you nailed me down and said "Make a computer recommendation,
> someone's life may depend on it." Depending on who their adversary is,
> I would probably not make the Free OS recommendation.
>
>
>
> On 6 February 2013 10:52, Rich Kulawiec <rsk at gsp.org> wrote:
> > On Wed, Feb 06, 2013 at 10:24:28AM -0500, Tom Ritter wrote:
> >> - ChromeOS's update mechanism is automatic, transparent, and basically
> >> foolproof.  Having bricked Ubuntu and Gentoo systems, the same is not
> >> true of Linux.
> >
> > Concur on this point, and wish to ask a related question:
> >
> > Many operating systems and applications and even application extensions
> > (e.g., Firefox extensions) now attempt to discover the presence of
> updates
> > for themselves either automatically or because a user instructs them to
> do.
> > Is there any published research on the security consequences of doing so?
> > (What I'm thinking of is an adversary who observes network traffic
> > and thus can ascertain operating system type/version/patch level,
> > installed application base/version/patch level, etc.)
>
> I don't know of any research to point you to.
>
> Obviously any automatic or manual upgrade process is fraught with
> peril, as it is essentially designed to be an endpoint for remote code
> execution.  It would be nice if Google or Microsoft did a case study
> on how they architected their update systems.  Obviously MSFT's went
> screwy with Flame, but I still think there's lessons we can learn.
>
> To Michael's point, how these systems deal with rollbacks and network
> isolation is interesting.  I've heard that Tor Project's Thandy is an
> implementation of a research paper that covers this and other topics,
> but I can't find a reference.  Maybe someone can find it and provide
> one.
>
>
>
> On 6 February 2013 11:23, Andreas Bader <noergelpizza at hotmail.de> wrote:
> > I think SL, Debian, Suse or CentOS are not less secure than ChromeOS.
> > And if there is a secure problem then you have enough control to fix the
> > system.
>
> I disagree with this.  All of those OS (I'm actually not sure of
> 'SL'?) do not do process isolation.  If I get code execution in FF, I
> can compromise thunderbird.  You are not able to 'fix' this except by
> rewriting the OS or doing some jinky hack to run every app as a
> separate user.  Likewise, every app running is not written to the
> quality that Chrome Browser/ChromeOS is.  Additionally, the OS and the
> applications are stewarded by different people, and the interface
> between those groups leads to bugs.  Put a $100K bounty on exploiting
> a desktop app running in one of those OSs and see how quickly you get
> takers.  And finally, I think most people who say "you have control to
> fix things" forget that the 'you' in this context is a person who does
> not write code (python even, let alone c), does not know what a
> partition table is, does not compile their own kernel, doesn't even
> have a compiler installed, doesn't understand the nuances of security
> - and just needs their computer to work.
>
> -tom
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From tedks at riseup.net  Wed Feb  6 06:53:58 2013
From: tedks at riseup.net (Ted Smith)
Date: Wed, 06 Feb 2013 09:53:58 -0500
Subject: [liberationtech] Removing watermarks from pdfs
  (pdfparanoia)
In-Reply-To: <20130206074834.GR6172@leitl.org>
References: <20130206074834.GR6172@leitl.org>
Message-ID: <1360162438.17009.9.camel@anglachel>

On Wed, 2013-02-06 at 08:48 +0100, Eugen Leitl wrote:
> I get PDFs watermarked to me by their placement of sections in
> relation
> to one another, their word choice in opening sentences of paragraphs,
> and figure/image locations within the PDF. The idea being that the
> content is the watermark, not some silly overlay watermark which is
> fairly easily stripped out in most free operating systems.

Whoa.

Permuting word choice in opening sentences seems like a way more
resource intensive way of doing things than most journal publishers
could do -- especially since the source materials are a mix of Word and
latex.

I wonder if this is because Andrew gets PDFs from government agency-type
places, as a Tor Project staff member.

This is scary from a leaker's perspective -- you'd have to get two (or
more) different copies of any given watermarked document and merge them
in some way to obfuscate the original source.

-- 
Sent from Ubuntu




From tedks at riseup.net  Wed Feb  6 06:53:58 2013
From: tedks at riseup.net (Ted Smith)
Date: Wed, 06 Feb 2013 09:53:58 -0500
Subject: [liberationtech] Removing watermarks from pdfs
	(pdfparanoia)
Message-ID: <mailman.4183.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Wed, 2013-02-06 at 08:48 +0100, Eugen Leitl wrote:
> I get PDFs watermarked to me by their placement of sections in
> relation
> to one another, their word choice in opening sentences of paragraphs,
> and figure/image locations within the PDF. The idea being that the
> content is the watermark, not some silly overlay watermark which is
> fairly easily stripped out in most free operating systems.

Whoa.

Permuting word choice in opening sentences seems like a way more
resource intensive way of doing things than most journal publishers
could do -- especially since the source materials are a mix of Word and
latex.

I wonder if this is because Andrew gets PDFs from government agency-type
places, as a Tor Project staff member.

This is scary from a leaker's perspective -- you'd have to get two (or
more) different copies of any given watermarked document and merge them
in some way to obfuscate the original source.

-- 
Sent from Ubuntu

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb  6 02:44:38 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 6 Feb 2013 11:44:38 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130206104438.GB6172@leitl.org>

----- Forwarded message from Nadim Kobeissi <nadim at nadim.cc> -----


From gnu at toad.com  Wed Feb  6 12:31:42 2013
From: gnu at toad.com (John Gilmore)
Date: Wed, 06 Feb 2013 12:31:42 -0800
Subject: [Freedombox-discuss] Package Lists and Configuration
Message-ID: <mailman.4184.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

> I don't think concealing your IP address would protect you against
> rocket attacks. As far as I know, there are two ways to locate a
> satellite phone that have nothing to do with its IP address. The first
> is radio triangulation. The second is the GPS location that the phone
> transmits when it connects to the satellite.

I have heard from people who ought to know, that a popular satellite
phone protocol actually *broadcasts* the reported/calculated location
of each phone, in plaintext beacons from the satellite that anyone who
tunes to the right frequency can receive.  I wonder what sort of NSA
influence was used in designing *that* protocol.

If you care about location privacy, don't use a satphone.  Or hack
your phone deeply, to report a false location, perhaps one that
belongs to your enemies.

	John Gilmore

_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From trrevv at gmail.com  Wed Feb  6 12:34:07 2013
From: trrevv at gmail.com (T N)
Date: Wed, 6 Feb 2013 12:34:07 -0800
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4185.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

The word "Linux" doesn't refer to anything, other than maybe the kernel.

Chrome OS is linux.  But it's a massively stripped down "distribution" that
has a radical design, including the fact that it will ONLY run if all of
the cryptographic checks are verified from the root of trust.  That root of
trust is Google's massively large PKI public key that is burned into the
firmware.

For a journalist in the field, that's a great reassurance.  Take your
Chromebook to China.  The Chinese government can not alter what you are
running without either (a) modifying your hardware, which means they take
possession of it for a period of time and manage to do something that is
tricky to do (i.e. circumstances under which you'd no longer trust your
computer anyways) or (b) you will know they tried to hack it and your
Chromebook will refuse to boot, and will instead wipe away the hacks and
update itself and won't boot unless the update is a legitimate one signed
by Google.

Yes, you can't compare Chrome OS's attack surface to a typical linux
distribution, or even a highly customized linux install which doesn't have
the hardware root of trust.




On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> The biggest (and very important) difference between Linux and Chromebooks
> is the hugely smaller attack surface.
>
>
> NK
>
>
> On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley <brianc at smallworldnews.tv>wrote:
>
>> Andreas,
>>
>> Plenty of Syrians do have internet access, and use it on a regular basis.
>>
>> Also, lack of appropriateness for one use-case doesn't necessitate lack
>> of appropriateness across the board.
>>
>> Linux is a great solution for many use cases, but as has been elaborated,
>> quite a terrible one for many others.
>>
>> Brian
>>
>>
>> On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader <noergelpizza at hotmail.de>wrote:
>>
>>> On 02/06/2013 04:24 PM, Tom Ritter wrote:
>>> > Nadim, I'm with you.  I'm not sure it's the perfect solution for
>>> > everyone, but like Nathan said, if you already trust Google, I think
>>> > it's a good option.
>>> >
>>> > On 6 February 2013 07:12, Andreas Bader <noergelpizza at hotmail.de>
>>> wrote:
>>> >> Why don't you use an old thinkpad or something with Linux, you have
>>> the
>>> >> same price like a Chromebook but more control over the system. And you
>>> >> don't depend on the 3G and Wifi net.
>>> > We started with the notion of Linux, and we were attracted to
>>> > Chromebooks for a bunch of reasons.  Going back to Linux loses all the
>>> > things we were attracted to.
>>> >
>>> > - ChromeOS's attack surface is infinitely smaller than with Linux
>>> > - The architecture of ChromeOS is different from Linux - process
>>> > separation through SOP, as opposed to no process separation at all
>>> > - ChromeOS was *designed* to have you logout, and hand the device over
>>> > to someone else to login, and get no access to your stuff.  Extreme
>>> > Hardware attacks aside, it works pretty well.
>>> > - ChromeOS's update mechanism is automatic, transparent, and basically
>>> > foolproof.  Having bricked Ubuntu and Gentoo systems, the same is not
>>> > true of Linux.
>>> > - Verified Boot, automatic FDE, tamper-resistant hardware
>>> >
>>> > Something I'm curious about is, if any less-popular device became
>>> > popular amoung the activist community - would the government view is
>>> > as an indicator of interest?  Just like they block Tor, would they
>>> > block Chromebooks?  It'd have to get pretty darn popular first though.
>>> >
>>> > -tom
>>> > --
>>> >
>>> But you can't use it for political activists e.g. in Syria because of
>>> its dependence on the internet connection. This fact is authoritative.
>>> For Europe and USA and so on it might be a good solution.
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>>
>> --
>>
>>
>>
>> Brian Conley
>>
>> Director, Small World News
>>
>> http://smallworldnews.tv
>>
>> m: 646.285.2046
>>
>> Skype: brianjoelconley
>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From lwmkjdxccb at ns1.name  Wed Feb  6 08:39:24 2013
From: lwmkjdxccb at ns1.name (副業情報館)
Date: Wed, 06 Feb 2013 14:39:24 -0200
Subject: 副業100万円を無料で稼ぐ！暇をお金に変える方法、教えます
Message-ID: <201302061542.r16FgSBJ027563@proton.jfet.org>

縺ｩ縺ｪ縺溘〒繧らｰ｡蜊倥↓證�繧偵♀驥代↓螟峨∴繧九♀隧ｱ繧剃ｻ翫°繧峨＠縺ｾ縺吶��
�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣

螳牙ｿ�縲∝ｮ牙�ｨ縲∫┌譁吶〒蟋九ａ繧具ｼ�
縺ｿ繧薙↑縺御ｸ�蠎ｦ縺ｯ繧�縺｣縺ｦ繧句憶讌ｭ�ｼ��ｼ�


萓九∴縺ｰ窶ｦ
笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�
1譌･15蛻�縺ｮ菴懈･ｭ縺ｧ譛� 1 0 0 荳� 遞ｼ 縺�!!
笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�

邁｡蜊倥〒縺吮��
http://angelmarriages.info/mn/money/

萓九∴縺ｰ窶ｦ
笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�
譌･縲�縺ｮ逕滓ｴｻ縺ｮ荳ｭ縺ｧ繧ゅ▲縺ｨ閾ｪ逕ｱ縺ｫ菴ｿ縺医ｋ縺企�代ｒ蠅励ｄ縺�!
笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�=笘�

邁｡蜊倥〒縺吮��
http://angelmarriages.info/mn/money/


譎る俣繧呈戟縺ｦ菴吶＠縺ｦ繝懊�ｼ縺｣縺ｨ�ｼｴ�ｼｶ繧定ｦ九※縺�繧九�梧嚊縲阪ｒ
縲後♀蟆城▲縺�縲阪↓螟峨∴縺ｦ縺ｿ縺ｾ縺帙ｓ縺具ｼ�

髱｢蛟偵↑逋ｻ骭ｲ縲�髮｣縺励＞菴懈･ｭ縺ｪ縺ｩ縺ｯ荳�蛻�繝翫す�ｼ�
閾ｪ螳�縺ｫ縺�縺ｪ縺後ｉ譛亥庶100荳�蜀�繧ょ､｢縺倥ｃ縺ｪ縺�笘�

繧ｳ繝ｬ縺御ｻ翫ｂ縺｣縺ｨ繧ら洒譎る俣縺ｧ邁｡蜊倥↓
縺企�代ｒ遞ｼ縺偵ｋ繝薙ず繝阪せ縺ｪ縺ｮ縺ｧ縺�!!


窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ隴ｦ蜻岩�ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ
窶ｻ縺企�代↓菴呵｣輔′縺ゅｋ譁ｹ縺ｯ莉翫☆縺舌％縺ｮ繝｡繝ｼ繝ｫ繧貞炎髯､縺励※荳九＆縺�窶ｻ
窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ窶ｻ


[豈取怦100荳�蜀�螂ｽ縺阪↓菴ｿ縺医ｋ縺企�曽縺後≠縺｣縺溘ｉ縲�
縺ｩ繧後□縺第ｯ取律縺悟��螳溘☆繧九°繧､繝｡繝ｼ繧ｸ縺ｧ縺阪∪縺吶ｈ縺ｭ�ｼ�

蟆�譚･縺ｮ雋ｯ驥代�ｮ謔ｩ縺ｿ縲∵ｬｲ縺励°縺｣縺溘≠縺ｮ譛阪ｄ繝悶Λ繝ｳ繝峨ヰ繝�繧ｰ笘�鬟溘∋縺溘＞鬟滉ｺ銀��譌�陦�

繧｢繝翫ち縺ｯ繧ゅ≧縺昴ｌ繧峨�ｮ驥鷹｡阪ｒ荳�蛻�豌励↓縺帙★縺ｫ
諤昴≧蟄伜��雋ｷ縺｣縺溘ｊ讌ｽ縺励ｓ縺�繧翫☆繧倶ｺ九′縺ｧ縺阪ｋ縺ｮ縺ｧ縺�!!


螟｢縺ｮ繧医≧縺ｪ隧ｱ縺励□縺ｨ諤昴＞縺ｾ縺吶°�ｼ�


繧ｳ繝ｬ縺碁ｩ壹￥縺ｻ縺ｩ邁｡蜊倥↓迴ｾ螳溘↓縺ｪ繧九�ｮ縺ｧ縺�!!

竊楢ｩｳ縺励＞縺贋ｻ穂ｺ九�ｮ蜀�螳ｹ繧堤｢ｺ隱阪☆繧銀��
 縲�縲�笆ｼ縲�笆ｽ縲�笆ｼ縲�笆ｽ縲�笆ｼ縲�笆ｽ
http://angelmarriages.info/mn/money/


--------------------------------------------------------

8





From kris at kriskinc.com  Wed Feb  6 12:33:42 2013
From: kris at kriskinc.com (Kristian Kielhofner)
Date: Wed, 6 Feb 2013 15:33:42 -0500
Subject: Interesting debugging: Specific packets cause some Intel gigabit
	ethernet controllers to reset
Message-ID: <mailman.4186.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Over the year I've read some interesting (horrifying?) tales of
debugging on NANOG.  It seems I finally have my own to contribute:

http://blog.krisk.org/2013/02/packets-of-death.html

The strangest issue I've experienced, that's for sure.

-- 
Kristian Kielhofner


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb  6 07:16:18 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 6 Feb 2013 16:16:18 +0100
Subject: [liberationtech] Removing watermarks from pdfs
  (pdfparanoia)
Message-ID: <20130206151618.GQ6172@leitl.org>

----- Forwarded message from Ted Smith <tedks at riseup.net> -----


From eugen at leitl.org  Wed Feb  6 09:49:47 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 6 Feb 2013 18:49:47 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130206174947.GI6172@leitl.org>

----- Forwarded message from T N <trrevv at gmail.com> -----


From jacob at appelbaum.net  Wed Feb  6 14:16:24 2013
From: jacob at appelbaum.net (Jacob Appelbaum)
Date: Wed, 06 Feb 2013 22:16:24 +0000
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4187.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Brian Conley:
> Micah,
> 
> Perhaps you can tell us the secret to convince all family members and
> colleagues to become Linux hackers able to be completely self-sufficient
> managing their own upgrades and modifications indefinitely?

Stop supporting the use of non-free software? We're all part of the
problem when we help people to be less free and to use proprietary
software or proprietary services. This is both an education and a
problem with enabling. We all suffer from it, I think.

When we encourage people to say, buy a Macbook or a Chromebook because
we're happy to support it over say, Windows, we're making things worse.
Largely because the choice is actually between Free Software and
proprietary software or free software on devices where we're not
actually able to exercise all of our freedoms.

Thus, when we aren't helping people to get off of the non-free platforms
or to reduce our dependency on non-free software, we're basically not
doing a great job at educating people that we care about and otherwise
wish to support. When we pass the buck, we're enabling them with
harmful, sometimes seriously so, solutions.

> 
> Otherwise what is your point?
> 

This essay seems like a longer version of what Micah has expressed:

  http://www.gnu.org/philosophy/free-sw.html
  http://www.gnu.org/philosophy/right-to-read.html

I also suggest reading these two essays by RMS:

  http://www.gnu.org/philosophy/shouldbefree.html


http://www.gnu.org/philosophy/when_free_software_isnt_practically_better.html


He is also talking about how the threats to a user might include Google
itself (eg: my legal cases!) or perhaps even the network you're using
(hint: ChromeOS has no way to protect you against such an attacker, so
no, it isn't safe to use everywhere or perhaps anywhere depending on
your trust of the local network).

> It seems like you are being needlessly confrontational or outright ignoring
> the quite reasonable counter arguments to various linux OSes,Ubuntu/gentoo/
> etc etc being made here.

Most of arguments I've heard here boil down to privileged wealthy people
complaining that learning and mutual aid or solidarity is simply too
hard. The worst is when people who train people in risky situations make
those kinds of statements.

It's frankly, really and seriously embarrassing.

All the best,
Jake

> On Feb 6, 2013 7:09 PM, "micah anderson" <micah at riseup.net> wrote:
> 
>> Andy Isaacson <adi at hexapodia.org> writes:
>>
>>> On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote:
>>>>> - ChromeOS's update mechanism is automatic, transparent, and basically
>>>>> foolproof.  Having bricked Ubuntu and Gentoo systems, the same is not
>>>>> true of Linux.
>>>>
>>>> I would be surprised if you actually 'bricked' these systems, since
>>>> neither operating system you mention involves a procedure that has the
>>>> risk of bricking a device. I suspect this is hyperbole?
>>>
>>> I've had dist-upgrade (or the GUI equivalent) make an Ubuntu system
>>> unbootable and unrecoverable without recourse to a rescue-image and deep
>>> magic grub hacking, etc.  That counts as "bricked" when the easiest
>>> course of action is to simply reinstall the OS from scratch.  It's not
>>> "bricked" in the sense that an Android install gone awry can require
>>> specialized hardware (JTAG dongle etc) and crypto keys to fix, but it's
>>> equivalent from a user's point of view.
>>
>> I understand where you are going with this, but when it comes to
>> terminology, I think it serves to confuse the issue to misuse the term
>> 'brick'. You cannot, as you say, "simply reinstall the OS from scratch"
>> on a device that has been bricked.
>>
>> I can't wait for the day when Google accidentally pushes an update out
>> that actually bricks their devices, because when that happens, there is
>> no way to "simply reinstall the OS from scratch".
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
> 
> 
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From jacob at appelbaum.net  Wed Feb  6 14:16:27 2013
From: jacob at appelbaum.net (Jacob Appelbaum)
Date: Wed, 06 Feb 2013 22:16:27 +0000
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4188.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

T N:
> The word "Linux" doesn't refer to anything, other than maybe the kernel.
> 
> Chrome OS is linux.  But it's a massively stripped down "distribution" that
> has a radical design, including the fact that it will ONLY run if all of
> the cryptographic checks are verified from the root of trust.  That root of
> trust is Google's massively large PKI public key that is burned into the
> firmware.
> 

It runs software that is in Debian, the GNU/Linux operating system. I
know, I've written some of it (eg: tlsdate). They do a good job of
locking things down but it is basically just another distribution of Linux.

> For a journalist in the field, that's a great reassurance.  Take your
> Chromebook to China.  The Chinese government can not alter what you are
> running without either (a) modifying your hardware, which means they take
> possession of it for a period of time and manage to do something that is
> tricky to do (i.e. circumstances under which you'd no longer trust your
> computer anyways) or (b) you will know they tried to hack it and your
> Chromebook will refuse to boot, and will instead wipe away the hacks and
> update itself and won't boot unless the update is a legitimate one signed
> by Google.

This is hilarious.

I would *never* use a laptop that lacks a way to protect all your
traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious
surveillance as an at risk person. Not only because the remote systems
will have your exact geographic location and because a lack of anonymity
allows for targeted attacks, but also because the local network is well
known to be seriously hostile!

A persistent backdoor on your Chromebook is not actually impossible. I
have a few ideas for how to make it happen and I've discuss
security/development issues with the ChromeOS team on a nearly daily basis.

> Yes, you can't compare Chrome OS's attack surface to a typical linux
> distribution, or even a highly customized linux install which doesn't have
> the hardware root of trust.
> 

Actually, I think you can compare it - one major advantage is that you
can protect your network traffic and compartmentalize your risk with any
Secure Boot enabled Linux distro. You can also do it without secure boot
and it isn't terribly hard as long as you draw arbitrary lines like "the
EFI firmware blobs and hardware are out of scope" which is what happens
with Secure Boot systems anyway.

All the best,
Jake

> 
> 
> 
> On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:
> 
>> The biggest (and very important) difference between Linux and Chromebooks
>> is the hugely smaller attack surface.
>>
>>
>> NK
>>
>>
>> On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley <brianc at smallworldnews.tv>wrote:
>>
>>> Andreas,
>>>
>>> Plenty of Syrians do have internet access, and use it on a regular basis.
>>>
>>> Also, lack of appropriateness for one use-case doesn't necessitate lack
>>> of appropriateness across the board.
>>>
>>> Linux is a great solution for many use cases, but as has been elaborated,
>>> quite a terrible one for many others.
>>>
>>> Brian
>>>
>>>
>>> On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader <noergelpizza at hotmail.de>wrote:
>>>
>>>> On 02/06/2013 04:24 PM, Tom Ritter wrote:
>>>>> Nadim, I'm with you.  I'm not sure it's the perfect solution for
>>>>> everyone, but like Nathan said, if you already trust Google, I think
>>>>> it's a good option.
>>>>>
>>>>> On 6 February 2013 07:12, Andreas Bader <noergelpizza at hotmail.de>
>>>> wrote:
>>>>>> Why don't you use an old thinkpad or something with Linux, you have
>>>> the
>>>>>> same price like a Chromebook but more control over the system. And you
>>>>>> don't depend on the 3G and Wifi net.
>>>>> We started with the notion of Linux, and we were attracted to
>>>>> Chromebooks for a bunch of reasons.  Going back to Linux loses all the
>>>>> things we were attracted to.
>>>>>
>>>>> - ChromeOS's attack surface is infinitely smaller than with Linux
>>>>> - The architecture of ChromeOS is different from Linux - process
>>>>> separation through SOP, as opposed to no process separation at all
>>>>> - ChromeOS was *designed* to have you logout, and hand the device over
>>>>> to someone else to login, and get no access to your stuff.  Extreme
>>>>> Hardware attacks aside, it works pretty well.
>>>>> - ChromeOS's update mechanism is automatic, transparent, and basically
>>>>> foolproof.  Having bricked Ubuntu and Gentoo systems, the same is not
>>>>> true of Linux.
>>>>> - Verified Boot, automatic FDE, tamper-resistant hardware
>>>>>
>>>>> Something I'm curious about is, if any less-popular device became
>>>>> popular amoung the activist community - would the government view is
>>>>> as an indicator of interest?  Just like they block Tor, would they
>>>>> block Chromebooks?  It'd have to get pretty darn popular first though.
>>>>>
>>>>> -tom
>>>>> --
>>>>>
>>>> But you can't use it for political activists e.g. in Syria because of
>>>> its dependence on the internet connection. This fact is authoritative.
>>>> For Europe and USA and so on it might be a good solution.
>>>> --
>>>> Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> Brian Conley
>>>
>>> Director, Small World News
>>>
>>> http://smallworldnews.tv
>>>
>>> m: 646.285.2046
>>>
>>> Skype: brianjoelconley
>>>
>>>
>>>
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
> 
> 
> 
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From bogus@does.not.exist.com  Wed Feb  6 14:21:34 2013
From: bogus@does.not.exist.com ()
Date: Wed, 06 Feb 2013 22:21:34 -0000
Subject: Three Indicted in Florida A&M University Hacking Case
Message-ID: <mailman.4189.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Jacksonville Press Releases has been updated: http://www.fbi.gov/jacksonville/press-releases/2013/three-indicted-in-florida-a-m-university-hacking-case




From kanzure at gmail.com  Thu Feb  7 00:26:09 2013
From: kanzure at gmail.com (Bryan Bishop)
Date: Thu, 7 Feb 2013 02:26:09 -0600
Subject: [DIYbio] Removing watermarks from pdfs (pdfparanoia)
Message-ID: <mailman.4190.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Wed, Feb 6, 2013 at 12:12 PM, Cathal Garvey wrote:
> For example, to remove a frontpage, you might need to "explode" the PDF
> into images, discard the first image, and recompress into a new PDF.

I don't recommend this method, because converting most pdfs into
images will cause loss of text. You can delete entire pages in the pdf
format by deleting the "stream" objects and modifying the xref table.

> To remove text/images embedded on the bottom of each PDF page, you could
> do the same except use imagemagick on each image before recompression.

Most text in a pdf document is "semantic", surrounded by pdf markup
that can be directly deleted. I can imagine there might be one or two
cases where publishers are adding an image to a pdf with your ip
address, in which case you can delete that single image. However, if
the page content is an image itself (no selectable text), then they
might have chosen to add the image into the page, in which case the
only way to remove the watermark would be to use imagemagick as you
say, and draw over the offending image. So far I haven't seen this yet
in any of the documents I have read over the years.

> Major disadvantage to this route is that it would convert a text +
> images PDF (high compression ratio, easy to extract text for re-use)
> into an images-only PDF (large file size, poor compression, impossible
> to extract text without OCR).

right..

> If you can extract text of course, you could try extracting text +
> images and perhaps script the creation of an entirely new PDF file. This
> is the opposite approach; instead of blacklisting content ("This bit
> contains IP address info"), you're whitelisting content ("These bits are
> the text and images that form the actual paper").

How would you whitelist content you've never seen before?

- Bryan
http://heybryan.org/
1 512 203 0507

-- 
-- You received this message because you are subscribed to the Google Groups DIYbio group. To post to this group, send email to diybio at googlegroups.com. To unsubscribe from this group, send email to diybio+unsubscribe at googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/diybio?hl=en
Learn more at www.diybio.org
--- 
You received this message because you are subscribed to the Google Groups "DIYbio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to diybio+unsubscribe at googlegroups.com.
To post to this group, send email to diybio at googlegroups.com.
Visit this group at http://groups.google.com/group/diybio?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From kanzure at gmail.com  Thu Feb  7 00:30:18 2013
From: kanzure at gmail.com (Bryan Bishop)
Date: Thu, 7 Feb 2013 02:30:18 -0600
Subject: [DIYbio] Removing watermarks from pdfs (pdfparanoia)
Message-ID: <mailman.4191.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Wed, Feb 6, 2013 at 12:24 PM, Cathal Garvey wrote:
> One reason I suggested exploding/recompressing is that by doing so, you
> will naturally destroy lots of metadata that you might not have realised
> was there, otherwise.

One of the advantages of using pdfparanoia is that you can directly
remove watermarks based on what we know about what publishers are
doing, instead of blindly guessing. If there is metadata about ip
addresses, write a plugin for pdfparanoia to detect it and remove it.
(Also write a unit test, so that future contributors can make sure
your code doesn't break). So far, I haven't seen evidence of metadata
being used like this. Really, they are all extremely pdf servers like
itext that are serving up http requests for unsuspecting scholars. My
guess is that the most "advanced" watermarking infrastructure is just
some LaTeX template that is being applied for each incoming http
request.

- Bryan
http://heybryan.org/
1 512 203 0507

-- 
-- You received this message because you are subscribed to the Google Groups DIYbio group. To post to this group, send email to diybio at googlegroups.com. To unsubscribe from this group, send email to diybio+unsubscribe at googlegroups.com. For more options, visit this group at https://groups.google.com/d/forum/diybio?hl=en
Learn more at www.diybio.org
--- 
You received this message because you are subscribed to the Google Groups "DIYbio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to diybio+unsubscribe at googlegroups.com.
To post to this group, send email to diybio at googlegroups.com.
Visit this group at http://groups.google.com/group/diybio?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Thu Feb  7 01:12:12 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 10:12:12 +0100
Subject: [DIYbio] Removing watermarks from pdfs (pdfparanoia)
Message-ID: <20130207091212.GU6172@leitl.org>

----- Forwarded message from Bryan Bishop <kanzure at gmail.com> -----


From eugen at leitl.org  Thu Feb  7 01:12:26 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 10:12:26 +0100
Subject: [DIYbio] Removing watermarks from pdfs (pdfparanoia)
Message-ID: <20130207091226.GV6172@leitl.org>

----- Forwarded message from Bryan Bishop <kanzure at gmail.com> -----


From chris at soghoian.net  Thu Feb  7 09:12:42 2013
From: chris at soghoian.net (Christopher Soghoian)
Date: Thu, 7 Feb 2013 10:12:42 -0700
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4192.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

> Chris,
> You have repeatedly stood up asking VoIP software to be more transparent
> about their encryption. You have repeatedly stood up when the media
> overblew coverage into hype.
>
>
I've never asked Skype to release the source code to their products, nor
have I berated Apple, Facebook or Microsoft for not releasing the source
code to their products. I have, however, asked Skype to be more transparent
about the extent to which it can provide communications interception
assistance to law enforcement and intelligence agencies. There is a big
difference.

If you don't want to use Silent Circle without seeing the source code, that
is an entirely legitimate point of view (and in fact, one that I share, and
that I expressed to Ryan Gallagher last year):
http://www.slate.com/articles/technology/future_tense/2012/10/silent_circle_mike_janke_s_iphone_app_makes_encryption_easy_governments.single.html

Christopher Soghoian, principal technologist at the ACLU's Speech Privacy
and Technology Project, said he was excited to see a company like Silent
Circle visibly competing on privacy and security but that he was waiting
for it to go open source and be audited by independent security experts
before he would feel comfortable using it for sensitive communications.


Even though I am not using Silent Circle for sensitive conversations, I am
still absolutely delighted to see them be as proactive as they have been
about embracing and documenting progressive law enforcement policies.
https://silentcircle.com/web/law-compliance/

My area of research is the intersection of law, policy and technology. As
such, I am most interested in companies' surveillance policies, their
commitment to transparency, and their stated willingness to tell the
government to GTFO if they come and ask for backdoors. On this front,
Silent Circle is extremely interesting, probably more so than any other
Internet company.

For many people on this list, source code is their #1 priority. That is
fine. However, it is not my priority. I am more concerned with surveillance
policy, because that is what I study and where I think I can be most
effective in applying pressure.

What I resent though, is Nadim's repeated, malicious attempts to drag my
name through the mud, simply because I will not join his witch hunt against
Silent Circle. Since he cannot find a single example of me saying anything
false in the handful of interviews I have given to journalists writing
about this company, instead he criticizes me for not throwing rocks at Phil
Zimmermann.

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Thu Feb  7 01:54:20 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 10:54:20 +0100
Subject: [Freedombox-discuss] Package Lists and Configuration
Message-ID: <20130207095420.GA6172@leitl.org>

----- Forwarded message from John Gilmore <gnu at toad.com> -----


From eugen at leitl.org  Thu Feb  7 01:55:43 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 10:55:43 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130207095543.GD6172@leitl.org>

----- Forwarded message from T N <trrevv at gmail.com> -----


From eugen at leitl.org  Thu Feb  7 02:07:23 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 11:07:23 +0100
Subject: Interesting debugging: Specific packets cause some Intel
  gigabit 	ethernet controllers to reset
Message-ID: <20130207100723.GF6172@leitl.org>

Now if this would be remotely exploitable, you could 0wn the
NIC firmware.

----- Forwarded message from Kristian Kielhofner <kris at kriskinc.com> -----


From adi at hexapodia.org  Thu Feb  7 11:15:16 2013
From: adi at hexapodia.org (Andy Isaacson)
Date: Thu, 7 Feb 2013 11:15:16 -0800
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4193.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Thu, Feb 07, 2013 at 02:11:22AM -0700, Christopher Soghoian wrote:
> It is clear that you seem to have developed a foaming-in-the-mouth,
> irrational hate of Silent Circle. As such, anyone who fails to denounce
> Phil Zimmermann as the great Satan is, in your eyes, some kind of corrupt
> shill.

Silent Circle has some significant credibility gaps.  They repeatedly
claimed, and AFAIK continue to claim, to be "open source", but the
source isn't even available for inspection under restrictive license,
much less actually open source per OSI or DFSG or common sense
guidelines.  They haven't justified or explained this gap in any of
their statements I've seen.

They're trading very heavily on the excellent pedigrees of their
principals, while making outlandish and unsupported claims to credulous
mainstream journalists.

Your participation in their marketing interviews makes you complicit in
this problematic enterprise, Chris.

I think it's incredibly unfair of you to attack Nadim for pointing out
the flaws in this system without addressing your role in those flaws.

We all want privacy and security for users.  Silent Circle's
misappropriation of the "open source" label and hagiographic mainstream
press treatment in advance of actual public review, abetted by a wide
variety of experts and public voices, is deeply problematic for the
liberation technology community's role in civil society.

Silent Circle may be an excellent privacy app.  It might not have any
significant security problems.  It might even do a good job of
mitigating important platform-based attacks and supporting important new
use cases (the "burn after reading" feature).  When it's actually open
source I'll take a look and if it is good, I'll recommend it to users.

Until that open review happens, I think it's inappropriate for voices in
our community to commend or recommend such a proprietary system.  Each
person makes their own choices, of course, and nobody should base their
actions solely on what *I* think is right, but I hope you can hear my
concerns and consider the outcomes of your actions.

-andy
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Thu Feb  7 02:30:10 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 11:30:10 +0100
Subject: Remotely Exploiting the PHY Layer
Message-ID: <20130207103010.GK6172@leitl.org>

http://travisgoodspeed.blogspot.de/2011/09/remotely-exploiting-phy-layer.html

THURSDAY, SEPTEMBER 1, 2011

Remotely Exploiting the PHY Layer

or, Bobby Tables from 1938 to 2011 

by Travis Goodspeed <travis at radiantmachines.com> 

concerning research performed in collaboration with 

Sergey Bratus, Ricky Melgares, Rebecca Shapiro, and Ryan Speers.

The following technique is a trick that some very good neighbors and I
present in Packets in Packets: Orson Welles' In-Band Signaling Attacks for
Modern Radios (pdf) at Usenix WOOT 2011. As the title suggests, Orson Welles
authored and implemented the attack in 1938 as a form of social engineering,
but our version acts to remotely inject raw frames into wireless networks by
abuse of the PHY layer. As that paper is limited to a formal, academic style,
I'd like to take the opportunity to describe the technique here in my
people's native language, which has none of that formal mumbo-jumbo and
high-faluttin' wordsmithin'. This being just a teaser, please read the paper
for full technical details. 

The idea is this: Layer 1 radio protocols are vulnerable injections similar
to those that plague naively implemented SQL websites. You can place one
packet inside of another packet and have the inner packet drop out to become
a frame of its own. We call the technique Packet-in-Packet, or PIP for short. 

As I've mentioned in my article on promiscuously sniffing nRF24L01+ traffic,
every modern digital radio has a Layer 1 form that consists of a Preamble,
followed by a Sync, followed by a Body. The Body here is Layer 2, and that is
the lowest that a normal packet sniffer will give you. (Keykeriki, Ubertooth,
and GoodFET/NRF give a bit more.) 

In the specific case of IEEE 802.15.4, which underlies ZigBee, the Preamble
consists of the 0 symbol repeated eight times, or 00000000. The Sync is A7.
After that comes the Body, which begins with a byte for the length, a few
bytes for flags, the addresses, and some sort of data. Suppose that an
attacker, Mallory, controls some of that data, in the same way that she might
control an HTTP GET parameter. To cause a PIP injection of a Layer 2 packet,
she need only prepend that packet with 00000000A7 then retransmit a
large--but not unmanageably large--number of times. I'm not joking, and I'm
not exaggerating. It actually works like that. 

Below is a photograph of the first packet capture in which we had this
technique working. The upper packet capture shows those packets addressed to
any address, while the lower capture only sniffs broadcast (0xFFFF) messages.
The highlighted region is a PIP injection, a broadcast packet that the
transmitter intended to only be data within the payload of an outer packet. 


How it works.

When Alice transmits a packet containing Mallory's PIP to Bob, Bob's
interpretation can go one of three ways, two of which are depicted in the
diagram below. In the first case, as shown in the left column, Bob receives
every symbol correctly and interprets the packet as Alice would like him to,
with Mallory's payload sitting harmlessly in the Body. In the second case,
which is not depicted, a symbol error within the Body causes the packet's
checksum to fail, and Mallory's packet is dropped along with the rest of
Alice's. 

 

The third interpretation, shown above in the right column, is the interesting
one. If a symbol error occurs before the Body, within the Preamble or the
Sync, then there's no checksum to cause the packet to be dropped. Instead,
the receiver does not know that it is within a packet, and Mallory's PIP is
mistaken as a frame of its own. Mallory's Preamble and Sync will mark the
start of the frame, and Mallory's Body will be returned to the receiver. 

In this way, Mallory can remotely inject radio frames from anywhere on the
network to which she can send her payload. That is, this is a PHY-Layer radio
vulnerability that requires no physical access to the radio environment. Read
the WOOT paper for complications that arise when applying this to IEEE
802.11, as well as the conditions under which a PIP injection can succeed on
every attempt. 

War of the Worlds

In 1938, Orson Welles implemented a similar exploit as a form of social
engineering in order to cause panic with his War of the Worlds (mp3,
transcript) performance. 

Recall that PIP injection works by having the victim miss the real start of
frame marker, then fraudulently including another start of frame marker
inside of the broadcast. As per the FCC requirements of his time, Orson
begins with a real start of broadcast marker: 

ANNOUNCER: The Columbia Broadcasting System and its affiliated stations
present Orson Welles and the Mercury Theatre on the Air in The War of the
Worlds by H. G. Wells. 

(MUSIC: MERCURY THEATRE MUSICAL THEME) 

ANNOUNCER: Ladies and gentlemen: the director of the Mercury Theatre and star
of these broadcasts, Orson Welles . . . 

ORSON WELLES: We know now that in the early years of the twentieth century
this world was being watched closely by intelligences greater than man's and
yet as mortal as his own. We know now that as human beings busied themselves
about their various concerns they were scrutinized and studied, perhaps
almost as narrowly as a man with a microscope might scrutinize the transient
creatures that swarm and multiply in a drop of water. With infinite
complacence people went to and fro over the earth about their little affairs,
serene in the assurance of their dominion over this small spinning fragment
of solar driftwood which by chance or design man has inherited out of the
dark mystery of Time and Space. Yet across an immense ethereal gulf, minds
that to our minds as ours are to the beasts in the jungle, intellects vast,
cool and unsympathetic, regarded this earth with envious eyes and slowly and
surely drew their plans against us. In the thirty-ninth year of the twentieth
century came the great disillusionment.  It was near the end of October.
Business was better. The war scare was over. More men were back at work.
Sales were picking up. On this particular evening, October 30, the Crosley
service estimated that thirty-two million people were listening in on radios. 

That introduction is two minutes and twenty seconds long, and it was
scheduled to begin while a popular show on another station was still in
progress. Many of the listeners tuned in late, causing them to miss the Sync
and not know which show they were listening to, just as in a PIP injection!
What follows is thirty-eight minutes of a first act, without a single word
out of character or a single commercial message from a sponsor. The play
begins in the middle of a weather report, followed by repeated false station
and show announcements, a few of which follow. 

We now take you to the Meridian Room in the Hotel Park Plaza in downtown New
York, where you will be entertained by the music of Ramsn Raquello and his
orchestra. 

>From the Meridian Room in the Park Plaza in New York City, we bring you the
music of Ramsn Raquello and his orchestra. 

Ladies and gentlemen, we interrupt our program of dance music to bring you a
special bulletin from the Intercontinental Radio News.  We are now ready to
take you to the Princeton Observatory at Princeton where Carl Phillips, or
commentator, will interview Professor Richard Pierson, famous astronomer. 

Good evening, ladies and gentlemen. This is Carl Phillips, speaking to you
from the observatory at Princeton.  Just a moment, ladies and gentlemen,
someone has just handed Professor Pierson a message. While he reads it, let
me remind you that we are speaking to you from the observatory in Princeton,
New Jersey, where we are interviewing the world- famous astronomer, Professor
Pierson. 

By repeatedly lying to the listeners about the station and the program,
Welles was able to convince them that they were listening to legitimate news
broadcasts of an alien invasion. Ensuring that the listener missed the
starting broadcast announcement breaks the encapsulation that was intended to
prevent such confusion, just as a PIP injection relies upon the start of
frame to be missed in order to break OSI model encapsulation. 

How the hell did this happen?

This class of vulnerability is a really, really big deal. An attacker can use
it to inject raw frames into any wireless network that lacks cryptography,
such as a satellite link or an open wifi hotspot. Not only that, but because
the injection is remote, the attacker needs no radio to perform the
injection! Not only that, but this vulnerability has sat unexploited in
nearly every unencrypted digital radio protocol that allows for variable
frame length since digital radio began! So why did no one notice before 2011? 

Packet in Packet injection works because when Bob forwards a wrapped string
to Alice over the air, he is trusting Mallory to control the radio symbols
that are broadcast for that amount of time. The potential for abusing that
trust wasn't considered, despite communications experts knowing full well
that sometimes a false Sync was detected or a true Sync missed. This is
because a symbol error in the Sync field causes the packet to be implicitly
dropped, with the same behavioral effect that would be had if the error were
later in the packet and it were explicitly dropped. Except when faced with a
weaponized PIP injection, nothing seems strange or amiss. Sync errors were
just a nuisance to communications engineers, as we security guys were staying
a few layers higher, allowing those layers of abstraction to become
boundaries of competence. 

That same trust is given in wired networks and busses, with the lesser
probability of missing a Sync being the only defense against PIP injection.
Just as PIP has shown that unencrypted wireless networks are vulnerable even
when the attacker is not physically present, I expect wired networks to be
found vulnerable as soon as an appropriate source of packet errors is
identified. Packet collisions provide this in unswitched Ethernet networks,
and noisy or especially long links might provide it for more modern wired
networks. 

If I've not yet convinced you that this attack is worth studying, I probably
won't be able to. For the rest of you, please print and read the paper and
extend this research yourself. There's a hell of a lot left to be done at the
PHY layer, and it might as well be you who does it. 

Thank you kindly, 

--Travis Goodspeed 




From eugen at leitl.org  Thu Feb  7 03:53:52 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 12:53:52 +0100
Subject: [cryptography] "Meet the groundbreaking new encryption app
  set 	to revolutionize privacy..."
Message-ID: <20130207115352.GQ6172@leitl.org>

----- Forwarded message from ianG <iang at iang.org> -----


From rsk at gsp.org  Thu Feb  7 10:08:43 2013
From: rsk at gsp.org (Rich Kulawiec)
Date: Thu, 7 Feb 2013 13:08:43 -0500
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4194.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Alchemy is to chemistry, astrology is to astronomy, as closed-source
is to open source.

Closed-source is intellectual fraud.  It is the equivalent of an academic
paper which has a synopsis and conclusions -- but nothing else.  No honest
reviewer would ever approve such tripe for publication in a refereed
journal of mechanical engineering or physics or medicine...yet we, in
computer science, are expected to do the equivalent.  We're actually
expected to take someone's word that their code does what they say it
does -- even though we have a mountain of evidence stretching back to the
beginning of our field that says it's NEVER been true, even when the
code's written by people who are smart/experienced/honest/diligent/etc.

Not even Stephen Hawking gets his papers published without showing
his data/reasoning/work/etc.  As it should be.

So yes, my response to this is "source or GTFO".  Extraordinary claims
require extraordinary proof and in this case, there is none.

---rsk
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From rsk at gsp.org  Thu Feb  7 10:18:23 2013
From: rsk at gsp.org (Rich Kulawiec)
Date: Thu, 7 Feb 2013 13:18:23 -0500
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4195.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Tue, Feb 05, 2013 at 10:29:49PM -0500, Nadim Kobeissi wrote:
> Now, for the obvious (and unfortunate!) downsides: Chromebooks natively
> encourage users to store all of their data on Google, leaving the company
> with an unbalanced amount of control over these machines, and attracting
> itself as a compromise target relevant to Chromebook users. 

Strongly agreed.

As the size of the organization grows, the probability that zero employees
are (a) taking payoffs/bribes (b) succumbing to extortion/blackmail
and/or (c) otherwise political/socially/economically/personal motivated
to do Bad Things decreases.

We could debate the shape of the curve, but I think it's darn near certain
that there is -- somewhere -- a Google employee doing (a) and a Google
employee doing (b) and a Google employee doing (c).  Of course there are.
There are simply too many of them for this not to be true.  The same
can be said of every large company and organization.

The question is thus not "do they exist?" because I think we already
know that they do.  The question, or questions rather, become things
like "What is their goal?", "What do they have access to?", "What
measures exist to prevent them from accessing things they shouldn't?",
"What measures exist to detect them trying to access things they
shouldn't?", "Will I find out if it happens to be my data?", and so on.

My own experience suggests that the answers to those last questions
are nearly always "nothing", "not much" and "no" even in places where we
would all hope otherwise.

So if you (rhetorical and plural you) are becoming an annoyance to whatever
government you're antagonizing because you're smart and effective,
then why wouldn't they consider dropping $100K in cash on a cloud engineer
in return for a USB drive full of everything you've all stored there?
Seems like a good investment.  Much less tedious than infiltrating
your group.  Probably cheaper and less risky.

Or why wouldn't they plan ahead and start getting their own people in the
pipeline for jobs there?  They could play the long game and gamble that
spending years training some of their own, putting them through school
at RIT or Michigan or GaTech and getting them into Rackspace and Google
and Twitter will one day pay off, when someone very very loyal to their
ideology and politics feeds them timely information.

Yes, you can encrypt everything -- if you're all diligent about that.
But the logs will still show when and where you were, and possibly who
is talking to who, how much information they're exchanging, and when.
(And there's the possibility that, in extremis, your communications can
be "accidentally" cut off just when you need them most.)

My point is that I don't think trusting *any* large organization is a
good move.  If you're going to store this kind of data anywhere but on
systems that you personally control, then pick the smallest, most obscure
ones you can find.  Better yet: don't build an architecture that relies
on centralized communications and thus is vulnerable to centralized
compromises; we've discussed Usenet here before and I think that sort
of decentralized architecture is a much better model for this application.

---rsk
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From iang at iang.org  Thu Feb  7 03:52:17 2013
From: iang at iang.org (ianG)
Date: Thu, 07 Feb 2013 14:52:17 +0300
Subject: [cryptography] "Meet the groundbreaking new encryption app set
	to revolutionize privacy..."
Message-ID: <mailman.4196.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On 7/02/13 02:35 AM, Jeffrey Walton wrote:
> On Wed, Feb 6, 2013 at 7:17 AM, Moti <m at cyberia.org.il> wrote:
>> Interesting read.
>> Mostly because the people behind this project.
>> http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.html
>
> No offense to folks like Mr. Zimmermann, but I'm very suspect of his
> claims. I still remember the antithesis of the claims reported at
> http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/.


When we [0] were building the original Hushmail applet, we knew the flaw - 
the company could switch the applet on the customer.  The response to that 
was to publish the applet, and then the customer could check the applet 
wasn't switched.

Now, you can look at this two ways:  one is that it isn't perfect as  
nobody would bother to check their applet.  Another is that it isn't  
perfect but it was a whole lot better than futzing around with OpenPGP  
keys and manual decrypting.  And it was the latter 'risk' view that won,  
Hushmail filled that niche between the hard core pgp community, and the  
people who did business and needed an easy tool.

This is also the same thing that is the achilles heel of Skype.  It turns 
out (rumour has it) that the attack kit for Skype that circulated in the 
late 00s amongst the TLAs was simply a PC breach kit that captured the 
Skype externals - keystrokes, voice, screen etc.  Once the TLAs had that, 
they were happy and they shut up.  It was easier for them to breach the PC, 
slip in the wrapper tacker, and listen in than seriously hack the skype 
model.  And, then, media perception that Skype was unhackable worked again, 
everyone was happy.

Same will be true of Silent Circle, and they will already know this (note 
that I have nothing to do with them, I just read the model like anyone 
else).  The security requirement here is that they don't need it to be 
completely unbreakable, they just have to push 99% of the attacks onto the 
next easy thing -- the phone itself.  Security is lowest common  
denominator, not highest uncommon numerator.  See below.

FWIW, their security model looks pretty damn good, in that it is nicely  
balanced to their business model (the only metric that matters) and they  
trialled this through several iterations (ZRTP, I think).  They are the  
right team.  Even their business customer looks fantastic (hints abound).  
If you're looking for an investment tip, this wouldn't be so far off ;)


> I'm also suspect of "... the sender of the file can set it [the
> program?] on a timer so that it will automatically bburnb - deleting
> it [encrypted file] from both devices after a set period of, say,
> seven minutes." Apple does not allow arbitrary background processing -
> its usually limited to about 20 minutes. So the process probably won't
> run on schedule or it will likely be prematurely terminated. In
> addition, Flash Drives and SSDs are notoriously difficult to wipe an
> unencrypted secret.


Don't be suspicious, be curious -- this is where security is at. Remember:  
The threat is always on the node, it is never on the wire.

Looking back at that Hushmail app, another anecdote.  When I was doing  
business with a guy who was security paranoid, he used an unpublished nym, 
encrypted his messages with PGP, and then sent them via Hushmail to me.  
Life then turned aggressive, and we ended up in court.  His side demanded 
discovery.  I took all his untraceable, pgp-encrypted and  
Hushmail-protected mails and filed them in as cleartext discovery, as I  
was severely told to do by the court.  Oops.  From there they entered into 
the transcript as evidence, and from there, others were able to acquire the 
roadmap via subpoena.

The threat is always on the node.  Never the wire.

Your node, your partners node, your partner's friend's node ....  It is  
this that the Mission Impossible deletion feature is aimed at, and it is  
this real world node threat that it viably addresses.  This is what people 
want.  The fact that it is theoretically imperfect doesn't make it 
unreasonable.


> Perhaps a properly scoped PenTest with published results would ally my
> suspicions. It would be really bad if people died: "... a handful of
> human rights reporters in Afghanistan, Jordan, and South Sudan have
> tried Silent Textbs data transfer capability out, using it to send
> photos, voice recordings, videos, and PDFs securely."


Nah, this again is the wrong approach.  Instead think of it this way: of 
100 human rights reporters, if 99 are protected by this tool, and one  
dies, that is probably a positive.  If 100 human rights reporters are  
scared away by media geeks that say it is unlikely to be perfect, and  
instead they use gmail, and 99 are caught (remember Petreus) then this is 
probably a negative.

Human rights reporters already put their life on the line.  Your mission  
is not to protect their life absolutely, as if we are analysing the need  
for a neighbour's swimming pool fence, but to make their reporting more  
efficient.  Which coincidentally also means raising the chances that they 
live to report the next one.

Risks, not absolutes.



iang



[0] I saw we - my company had a hand in the original crypto back when  
Hushmail was Cliff+1.  FWIW.

_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From thierry.moreau at connotech.com  Thu Feb  7 12:56:41 2013
From: thierry.moreau at connotech.com (Thierry Moreau)
Date: Thu, 07 Feb 2013 15:56:41 -0500
Subject: [cryptography] "Meet the groundbreaking new encryption app set
	to revolutionize privacy..."
Message-ID: <mailman.4197.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

ianG wrote:
>
> [Hushmail design]  isn't
> perfect but it was a whole lot better than futzing around with OpenPGP  
> keys and manual decrypting.  And it was the latter 'risk' view that won, 
> Hushmail filled that niche between the hard core pgp community, and the  
> people who did business and needed an easy tool.
>
> Don't be suspicious, be curious -- this is where security is at. 
>
> Human rights reporters already put their life on the line.  Your mission 
> is not to protect their life absolutely,

One design aspect seems missing from the high-level discussion: how do you 
define the security mechanism failure mode? You have basically two  
options: connect with an insecure protocol, or do not connect at all.

If it's a life-preserving application, this question should be addressed  
explicitly. A "fail safe" system may be either way, but stakeholders  
should know which way. Airplane pilots are trained according to the  
failure mode of each aircraft subsystem. E.g. if two-way radio fails, the 
pilot may remain confident (from an indication on the cockpit) that the air 
traffic controller (ATC) still sees the aircraft identifier on the radar 
(see Wikipedia entry for transponder) during the emergency landing. Thus 
the decision to land at the major airport (instead of a secondary airport 
with less traffic in conflict but lower grade facilities) is taken based on 
the "fail-safe" property of the aircraft-to-ATC communications subsystem.

Regards,

-- 
- Thierry Moreau

_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From scarp at tormail.org  Thu Feb  7 08:09:43 2013
From: scarp at tormail.org (scarp)
Date: Thu, 07 Feb 2013 16:09:43 +0000
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4198.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Nadim Kobeissi:
> Small follow-up: Maybe it's true I look like my goal here is just
> to foam at the mouth at Silent Circle. Maybe it looks like I'm just
> here to annoy Chris, and I'm truly sorry. These are not my goals,
> even if my method seems forced.
> 
> I've tried writing multiple blog posts about Silent Circle,
> contacting Silent Circle, asking journalists to *please* mention
> the importance of free, open source in cryptography, and so on. All
> of this has failed. It has simply become clear to me that Silent
> Circle enjoys a double standard because of the reputation of those
> behind it.
> 
> Silent Circle may be developed by Gods, but this is just quite
> plainly unfair. If someone repeatedly claims, towards activists, to
> have developed "unbreakable encryption", markets it closed-source
> for money, and receives nothing but nods of recognition and
> applause from the press and even from *security experts* (?!) then
> something is seriously wrong! No one should be allowed to commit
> these wrongs, not even Silent Circle.
> 
> I feel like I'm fighting for our own sanity here. Look at what
> you're allowing to happen!

I've been monitoring this discussion about Silent Circle and the one
on cryptography at randombit.net

Software such as TrueCrypt would never have gained the popularity and
widespread usage if it were closed source. Likewise things like SSL
and TLS would not have gained widespread usage without standards
bodies and technical specifications.

I don't see Silent Circle being anything revolutionary. Encryption
software which encrypts the contents before uploading it to the cloud
already exists, see Cyphertite. They have actually released their source.

I also don't see how any "burn" function of software on sensitive data
has any useful purpose. I see that as a false sense of security. If
someone were to take a photo of the phone with another phone, it would
be circumvented.

I also don't see any problem in Silent Circle releasing source, and
using a restrictive license if they so please, the point is while it
is closed source we're really just expected to "trust" these big names.

Rich and popular men can be bought and sold, so really their
identities or names mean nothing to me. We need independent verifiable
proof by people who understand the most inner workings of the
implementations of the encryption to say "yes this works", and also
people attempting to break it.

Also by saying "unbreakable encryption" do they mean to say they've
developed encryption technology using unbreakable ciphers? or is it
just the implementation of them. To me it seems like a massive
marketing campaign if they're using social media as much as people say
they are this would further support this.

Also "unbreakable encryption" is similar to saying to you've made an
unsinkable ship, and we all know what happened last time someone said
that.

I also think journalists publishing about "Secret Circle" should find
independent qualified sources to verify the claims of it being
"unbreakable" before publishing it. To  me that seems like good
journalism vs bad.

- -- 
scarp | A4F7 25DB 2529 CB1A 605B  3CB4 5DA0 4859 0FD4 B313
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJRE9HGAAoJEF2gSFkP1LMTiT0P/RP6WeR9MEBX3ps8O/9dFaAt
nsxh47sU9cTlbsxkRQJaRgVMUIWMGNBW2Zm6IdkZtXB63O1fm2jzt/6Oy7+2HJ80
s9WBVD3hKJd0lKED0Qj9aPIwdaSl0+7cu9GkdnwptpW6rLTyZGpk0aV1NI0CTSLQ
30BPYzb2LYFOrNt+F3KIZODX7czPHlCqxhLjvRuJ5+392qYnLE6f8/I2RiS4BKD3
cVULmzRvg05RiJRHuTsYtgum8CicKK6OENoFqmvfu8Y80I04Gy6H/toD8IGZvTKC
AnW2SkDfyUW2wxJ5Bm5YL7+u3LQlgpB9C9e44pbUjEcFJVD0A6NHhkEuKDZ/NEU6
F/I5bKsI5m3v0FKKt7xKO1UTC4uIzmN4yLyVo32qz++N3ejiYyvrLHTuTWRQkCoT
GyrShIQvzvAlt6qOYPdOdMYNVq/E4dlF51aDD+9Oiq3uua6EAQSwbT/Tx+eAj4C4
n2Pin1fYOBm1mm1V7llgtj7BStPbfOOZaywE7XIFfXpAdQS4I3N+xcp1owmD6wg7
EuJ77z7mM/lE7g2vuaMYQKTqeH16tXb6V5B639q8FLdYu/NNDRuN11GnMhvuTmqX
tYTM6/4/cQyk0wC1ggzLAPjqdJ8RrxbvSSVuSl29PTIr2Wkdee8YudEYSeg2BBlx
hZdbWhuhzGHZKEsfU27a
=o2k+
-----END PGP SIGNATURE-----
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Thu Feb  7 08:17:39 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 17:17:39 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130207161739.GS6172@leitl.org>

----- Forwarded message from scarp <scarp at tormail.org> -----


From scarp at tormail.org  Thu Feb  7 09:25:09 2013
From: scarp at tormail.org (scarp)
Date: Thu, 07 Feb 2013 17:25:09 +0000
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4199.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

scarp:
> Douglas Lucas:
>> Is it because something unverifiable is allegedly better than 
>> nothing? Even if we had divine knowledge to tell us Silent
>> Circle is secure, isn't it an overriding problem to encourage
>> lock-in of closed source being acceptable for something as common
>> as text-messaging?
> 
>> It is good to have a scrappy talented young person such as Nadim 
>> being pesky to older, accepted people.
> 
> Agreed, and this is one of the larger problems people in social 
> censorship bubbles, where basically if you don't have the tech you 
> can't talk to the person. One of the things that encryption 
> technologies like Off the Record Messaging try to bridge.
> 
> Nobody wants to be forced to use specific technology from a
> specific individual or entity. It's bad enough everyone uses
> Facebook.
> 
> Decentralization is the only way to avoid this becoming a weak
> link.
> 

Which brings me to another point, what if in 1991 Phil Zimmermann said
you must use his bbs/email server to use PGP, and wouldn't release the
source for the encrypting client? I wonder if it would be as popular
as it is today if that was the case.

I find it also amusing:

https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation
> Shortly after its release, PGP encryption found its way outside the
> United States, and in February 1993 Zimmermann became the formal
> target of a criminal investigation by the US Government for
> "munitions export without a license". Cryptosystems using keys
> larger than 40 bits were then considered munitions within the
> definition of the US export regulations; PGP has never used keys
> smaller than 128 bits so it qualified at that time. Penalties for
> violation, if found guilty, were substantial. After several years,
> the investigation of Zimmermann was closed without filing criminal
> charges against him or anyone else. Zimmermann challenged these
> regulations in a curious way. He published the entire source code
> of PGP in a hardback book,[13]

To me this seems like a big middle finger to totalitarian government
dictating how and who it must be used by. Of course by this point the
government couldn't stop people using it even if they wanted to, the
source was everywhere.

Given his interest in anti-nuclear activism, I wonder if in today's
world that could have been construed as anti-government and possibly a
person of interest by the government.

The other question is what's to stop Apple being legally forced to
push a modified copy of this software to a person's phone that has a
backdoor?

While people might say this isn't possible due to XXX law, what is to
prevent one being created that changes that. Encryption technology's
effectiveness should not be based on what the government is allowed
and not allowed to do. I guess this is an inherent problem with
storing data in the cloud.

> For an annual price of $20/month (closer to $30/month on their
> 3-month plan)

Poorer people of poorer nations won't be able to afford this, and
neither will the average citizen care enough to pay this.

I don't imagine some factory worker in china for example who earns 50
cents a day being able to pay for this so he can talk about how shitty
the conditions are.

To me it seems like it will only get used by businesses and enterprise
needing security abroad rather than activists residing in areas where
they would need it in order to have some semblance of freedom.

- -- 
scarp | A4F7 25DB 2529 CB1A 605B  3CB4 5DA0 4859 0FD4 B313
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJRE+N1AAoJEF2gSFkP1LMT4HAQAJOKz9LOqn0eY7/TDB5T4dhH
VuHzEq58jWeCedz4S2YMJx1oqymTLtuVAx8Z3K3KUrqlJZUOw3bWoqjK9QyfvnmD
fGdsqXY9GlUDEEc33DENXhAuRyFSuDMluu01DbB0c8HK4o64U1fiA7DrH9lXEGcT
vxBCBzh3fuenfcsxqAQMxNv0D8owSMfDsyeGhm52bUeaiCZ5HzXcUcHEiRJ1Ij9Q
nb1alnBFokyY8XJR6CdLvETgoCthnPM2JM3ZbHsybqHKQxCMU/35eO2+T1AbZN+n
XeJPwp42BLH7S44sPpQJ3huE1JBxrbRY3zv1tIZgWnm50mmUHOuOQhQQUgDFUzRk
zf1WksZqtonHtC5NerXvLASnBx38cEfAOSrQCJHWS7cVsc1IXbk6bGK9VCNUzTpe
IS9x+D2Ch5xBwNQayBGrE93mjwwoEwkXVnTDLPJVlktU7lI6DZkvY+r0OYDEmIfC
3ZnFQs+/wVFzdk0I/ZZeebm2BfxB5xyf8Lvks/6F0ixy40MXXAOCfZnyI83NpdED
MckjQeX9uMeNKmS7HHxgH5OYAcN+k2O6qsQVxGtURhxS5p3l1pQWREJTVcScC7u7
9I1hXp9LuMMpsG+QjVZu/EYn0cnT8qp8xU2ttYslXFkxvhGpdhvvLVN0Qy3YHpwf
c0TB1wxstLSouyjw/ep2
=whpX
-----END PGP SIGNATURE-----
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From measl at mfn.org  Thu Feb  7 17:21:20 2013
From: measl at mfn.org (J.A. Terranson)
Date: Thu, 7 Feb 2013 19:21:20 -0600 (CST)
Subject: Three Indicted in Florida A&M University Hacking Case (fwd)
Message-ID: <Pine.LNX.4.64.1302071920480.22408@mx1.mfn.org>



From nuzz604 at gmail.com  Thu Feb  7 19:33:21 2013
From: nuzz604 at gmail.com (Mark Nuzzolilo II)
Date: Thu, 7 Feb 2013 19:33:21 -0800
Subject: [ZS] Money transfers, due process, and freedom
Message-ID: <mailman.4200.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

It seems like the bottleneck for any organization that wants freedom,
comes down to accepting donations or payments from members.  When a
law is broken, there is supposed to be due process.  Presumably, with
the way the law is supposed to work, laws should be enforced through a
lawsuit or criminal proceeding, in an actual courtroom.

But what happens when the laws aren't actually broken, but someone
wants to shut you down anyway?  They will just tell the credit card
companies and the banks to stop accepting payments for that vendor.
So we have a situation where due process is sidestepped.  But it's
likely that the government isn't even the problem here, but the banks
themselves (more later).

While I don't condone breaking any laws, the fact remains that power
is being abused in this way in a perversion of justice.  There is a
concrete example of this here, where Fetlife.com got screwed by a
payment processor, who claims there were illegal images (the images in
question were actually a simpsons cartoon, and a picture of a dog):
 http://ft.trillian.im/30a23cd835c1a6834bcb6c7b2740649b0f2aaf28/6egJy16qp1Fh6Jt16xCPYwWekRJCu.jpg

http://ft.trillian.im/30a23cd835c1a6834bcb6c7b2740649b0f2aaf28/6egJWdWX2OcB6exeDE4u2Byt8aDE3.jpg

We have some Bitcoin experts here.  Bitcoin, as we know, cannot be
regulated by the banks.  But because our financial system is largely
dependent on these banks and credit cards, there needs to be a way to
connect these two systems together in such a way where to get that
money into the Bitcoin system.  The currency itself is relatively
viable, but the financial system just isn't there.

Any attempt to set up an anonymous payment processor will likely
result in some sort of termination by any mainstream bank that is
used.  And for what reason?  Even without any proof of wrongdoing, or
any due process, the banks will do what they can to shut down any
financial processor that operates outside their realm of influence.

So how do we overthrow this cartel?  We would need a smoothly
operating financial system that would need to reach enough critical
mass where it could be completely outside the influence of the banking
elite.  Credit card payments would still be necessary.  We would need
some sort of abstraction layer between the point where a user enters
in their payment information, and where a payment is made to its
destination.  Assume that the banks will close it off, but think about
this, it's easy to turn off one valve, but how easy is it to turn off
10,000 valves at once?  A swarm of financial channels could be used,
and only one of them would actually have to be operational for the
system to succeed.

And the money that could be made from such a system would be astounding.

This would be a great Zero State project to have, definitely worthy of
having the need for secrecy, while still not breaking any actual laws.
 We have the technological smarts to get something like this in the
works.  Has it really been tried before?

Here is a "Bitcoin Bank" but they don't even accept anything other
than Bitcoins, which doesn't solve the problem at all:
http://www.flexcoin.com/

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From measl at mfn.org  Thu Feb  7 18:13:13 2013
From: measl at mfn.org (J.A. Terranson)
Date: Thu, 7 Feb 2013 20:13:13 -0600 (CST)
Subject: "I am the walking Exigent Circumstances you created"
Message-ID: <Pine.LNX.4.64.1302072012390.22408@mx1.mfn.org>

For those not yet following this...

http://documents.latimes.com/christopher-dorner-manifesto/


//Alif

-- 
Those who make peaceful change impossible,
make violent revolution inevitable.

An American Spring is coming:
   one way or another.




From eugen at leitl.org  Thu Feb  7 13:14:37 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 7 Feb 2013 22:14:37 +0100
Subject: [cryptography] "Meet the groundbreaking new encryption app
  set 	to revolutionize privacy..."
Message-ID: <20130207211437.GW6172@leitl.org>

----- Forwarded message from Thierry Moreau <thierry.moreau at connotech.com> -----


From eugen at leitl.org  Fri Feb  8 02:07:52 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 11:07:52 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130208100752.GB6172@leitl.org>

----- Forwarded message from Christopher Soghoian <chris at soghoian.net> -----


From eugen at leitl.org  Fri Feb  8 02:09:05 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 11:09:05 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130208100905.GC6172@leitl.org>

----- Forwarded message from scarp <scarp at tormail.org> -----


From jon at callas.org  Fri Feb  8 11:26:23 2013
From: jon at callas.org (Jon Callas)
Date: Fri, 8 Feb 2013 11:26:23 -0800
Subject: [cryptography] "Meet the groundbreaking new encryption app set
	to revolutionize privacy..."
Message-ID: <mailman.4201.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for your comments, Ian. I think they're spot on.

At the time that the so-called Arab Spring was going on, I was invited to a confab where there were a bunch of activists and it's always interesting to talk to people who are on the ground. One of the things that struck me was their commentary on how we can help them.

A thing that struck me was one person who said, "Don't patronize us. We know what we're doing, we're the ones risking our lives." Actually, I lied. That person said, "don't fucking patronize us" so as to make the point stronger. One example this person gave was that they talked to people providing some social meet-up service and they wanted that service to use SSL. They got a lecture how SSL was flawed and that's why they weren't doing it. In my opinion, this was just an excuse -- they didn't want to do SSL for whatever reason (very likely just the cost and annoyance of the certs), and the imperfection was an excuse. The activists saw it as being patronizing and were very, very angry. They had people using this service, and it would be safer with SSL. Period.

This resonates with me because of a number of my own peeves. I have called this the "the security cliff" at times. The gist is that it's a long way from no security to the top -- what we'd all agree on as adequate security. The cliff is the attitude that you can't stop in the middle. If you're not going to go all the way to the top, then you might as well not bother. So people don't bother.

This effect is also the same thing as the best being the enemy of the good, and so on. We're all guilty of it. It's one of my major peeves about security, and I sometimes fall into the trap of effectively arguing against security because something isn't perfect. Every one of us has at one time said that some imperfect security is worse than nothing because it might lull people into thinking it's perfect -- or something like that. It's a great rhetorical flourish when one is arguing against some bit of snake oil or cargo-cult security. Those things really exist and we have to argue against them. However, this is precisely being patronizing to the people who really use them to protect themselves.

Note how post-Diginotar, no one is arguing any more for SSL Everywhere. Nothing helps the surveillance state more than blunting security everywhere.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFRFVFhsTedWZOD3gYRAjX5AKCw+SBcR1TDlDuPorgri2makt30wACgs3iI
2f+SwEqjbAVyPhf9SH67Aa8=
=tB7/
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb  8 02:31:03 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 11:31:03 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130208103103.GH6172@leitl.org>

----- Forwarded message from Jacob Appelbaum <jacob at appelbaum.net> -----


From eugen at leitl.org  Fri Feb  8 02:31:09 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 11:31:09 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130208103109.GI6172@leitl.org>

----- Forwarded message from Jacob Appelbaum <jacob at appelbaum.net> -----


From eugen at leitl.org  Fri Feb  8 03:31:59 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 12:31:59 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130208113158.GM6172@leitl.org>

----- Forwarded message from Rich Kulawiec <rsk at gsp.org> -----


From eugen at leitl.org  Fri Feb  8 03:32:34 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 12:32:34 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130208113234.GN6172@leitl.org>

----- Forwarded message from Rich Kulawiec <rsk at gsp.org> -----


From eugen at leitl.org  Fri Feb  8 03:37:01 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 12:37:01 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130208113701.GO6172@leitl.org>

----- Forwarded message from Andy Isaacson <adi at hexapodia.org> -----


From joe at cdt.org  Fri Feb  8 10:46:50 2013
From: joe at cdt.org (Joseph Lorenzo Hall)
Date: Fri, 08 Feb 2013 13:46:50 -0500
Subject: [liberationtech] Bellovin, Blaze, Clark, Landau
Message-ID: <mailman.4202.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

This appears to be in front of the IEEE paywall for a bit, so grab it
now unless you want to #icanhazpdf it later...

http://www.computer.org/portal/web/computingnow/security/content?g=53319&type=article&urlTitle=going-bright%3A-wiretapping-without-weakening-communications-infrastructure

Going Bright: Wiretapping without Weakening Communications Infrastructure

Steven M. Bellovin , Columbia University
Matt Blaze , University of Pennsylvania
Sandy Clark , University of Pennsylvania
Susan Landau , Privacyink.org

Abstract:

Mobile IP-based communications and changes in technologies have been a
subject of concern for law enforcement, which seeks to extend current
wiretap design requirements for digital voice networks. Such an
extension would create considerable security risks as well as seriously
harm innovation. Exploitation of naturally occurring bugs in the
platforms being used by targets may be a better alternative.

Mobile IP-based communications and changes in technologies, including
wider use of peer-to-peer communication methods and increased deployment
of encryption, has made wiretapping more difficult for law enforcement,
which has been seeking to extend wiretap design requirements for digital
voice networks to IP network infrastructure and applications. Such an
extension to emerging Internet-based services would create considerable
security risks as well as cause serious harm to innovation. In this
article, the authors show that the exploitation of naturally occurring
weaknesses in the software platforms being used by law enforcement's
targets is a solution to the law enforcement problem. The authors
analyze the efficacy of this approach, concluding that such law
enforcement use of passive interception and targeted vulnerability
exploitation tools creates fewer security risks for non-targets and
critical infrastructure than do design mandates for wiretap interfaces.


-- 
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe at cdt.org
PGP: https://josephhall.org/gpg-key

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb  8 04:56:24 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 13:56:24 +0100
Subject: "I am the walking Exigent Circumstances you created"
In-Reply-To: <Pine.LNX.4.64.1302072012390.22408@mx1.mfn.org>
References: <Pine.LNX.4.64.1302072012390.22408@mx1.mfn.org>
Message-ID: <20130208125624.GU6172@leitl.org>

On Thu, Feb 07, 2013 at 08:13:13PM -0600, J.A. Terranson wrote:
> For those not yet following this...
> 
> http://documents.latimes.com/christopher-dorner-manifesto/

Innocents already hurt by the hunt:

http://latimesblogs.latimes.com/lanow/2013/02/torrance-shootings.html




From eugen at leitl.org  Fri Feb  8 04:59:22 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 13:59:22 +0100
Subject: Is This the Secret U.S. Drone Base in Saudi Arabia?
Message-ID: <20130208125922.GV6172@leitl.org>

http://www.wired.com/dangerroom/2013/02/secret-drone-base-2/

Is This the Secret U.S. Drone Base in Saudi Arabia?

BY NOAH SHACHTMAN

02.07.138:12 PM

These satellite images show a remote airstrip deep in the desert of Saudi
Arabia. It may or may not be the secret U.S. drone base revealed by reporters
earlier this week. But the basebs hangars bear a remarkable resemblance to
similar structures found on other American drone outposts. And its remote
location b dozens of miles from the nearest highway, and farther still to the
nearest town b suggests that this may be more than the average civilian
airstrip.

According to accounts from the Washington Post and The New York Times, the
U.S. built its secret Saudi base approximately two years ago. Its first
lethal mission was in September of 2011: a strike on Anwar al-Awlaki, the
American-born propagandist for al-Qaidabs affiliate in Yemen, which borders
Saudi Arabia. Since then, the U.S. has launched dozens of drone attacks on
Yemeni targets. News organizations eventually found out about the base. But
they agreed to keep it out of their pages b part of an informal arrangement
with the Obama administration, which claimed that the disclosure of the
basebs location, even in a general way, might jeopardize national security.
On Tuesday, that loose embargo was broken.

The location of the airfield. Click to enlarge. Image: via Bing Maps

The image of the airfield, available in Bing Maps, would be almost impossible
to discover randomly. At moderate resolutions, satellite images of the area
show nothing but sand dunes. Only on close inspection does the base reveal
itself. In Googlebs catalog of satellite pictures, the base doesnbt appear at
all.

The images show a trio of bclamshellb-style hangars, surrounded by fencing.
Each is more than 150 feet long and approximately 75 feet wide; thatbs
sufficient to hold U.S. Predator and Reaper drones. The hangars are slightly
larger, though similar in shape, to ones housing unmanned planes at Kandahar
Air Field in Afghanistan. Shamsi Air Field in Pakistan, which once held U.S.
drones, boasts a group of three hangars not unlike the ones of the Saudi
base. No remotely piloted aircraft are visible in the images. But a pair of
former American intelligence officers tell Danger Room that they are
reasonably sure that this is the base revealed by the media earlier this
week.

bI believe itbs the facility that the U.S. uses to fly drones into Yemen,b
one officer says. bItbs out in eastern Saudi Arabia, near Yemen and where the
bad guys are supposed to hang out. It has those clamshell hangars, which
webve seen before associated with U.S. drones.b

The former officer was also impressed by the basebs remote location.bItbs
way, way out in the Rub al Khali, otherwise known as Hell, and must have been
built, at least initially, with stuff flown into Sharorah and then trucked
more than 400 kilometers up the existing highway and newly-built road,b the
ex-officer adds in an e-mail. bItbs a really major logistics feat. The way it
fits inconspicuously into the terrain is also admirable.b

Three airstrips are visible in the pictures; two are big enough to land
drones or conventional light aircraft. A third runway, under construction, is
substantially longer and wider. In other words: The facility is growing, and
it is expanding to fly much larger planes.

The growth has been rapid. When the commercial imaging company Digital Globe
flew one of its satellites over the region on Nov. 17, 2010, there was no
base present. By the time the satellite made a pass on March 22, 2012, the
airfield was there. This construction roughly matches the timeline for the
Saudi base mentioned in the Post and in the Times.

bItbs obviously a military base,b says a second intelligence analyst, who
reviewed the images and asked to remain anonymous because of the sensitivity
of the subject. bItbs clearly an operating air base in the middle of nowhere,
but near the Yemeni border. You tell me what it is.b

If this picture does prove to be of a secret U.S. drone base, it wouldnbt be
the first clandestine American airfield revealed by public satellite imagery.
In 2009, for instance, Sen. Diane Feinstein accidentally revealed that the
U.S. was flying its robotic aircraft from Pakistani soil. The News of
Pakistan quickly dug through Google Earthbs archives to find Predator drones
sitting on a runway not far from the Jacobabad Air Base in Pakistan b one of
five airfields in the country used for unmanned attacks. The pictures proved
that the Pakistani officials were actively participating in the American
drone campaign, despite their public condemnation of the strikes. Until then,
such participation had only been suspected. While the drone attacks
continued, the U.S. was forced to withdraw from some of the bases.

So far, reaction to the Saudi base has been relatively muted. American forces
officially withdrew from Saudi Arabia years ago, in part because the presence
of foreign troops in the Muslim holy land so inflamed militants. Itbs unclear
how the drone base changes this calculation, if at all.

The drone basebs exposure is part of a series of revelations about the
American target killing campaign that have accompanied John Brennanbs
nomination to be the director of the CIA. Brennan currently oversees targeted
killing operations from his perch as White House counterterrorism adviser,
and would be responsible for executing many of the remotely piloted missions
as CIA chief.

In addition to the drone base disclosure, an unclassified Justice Department
white paper summing up the Obama administrationbs criteria for eliminating
U.S. citizens was leaked this week to NBC News; the document argues that a
judgment from an binformed, high-levelb official can mark an American or
robotic death b even without bclear evidence that a specific attack on U.S.
persons and interests will take place in the immediate future.b (.pdf) The
White House has since promised to give select Congressmen the classified and
detailed legal rationales behind the white paper. But Sen. Ron Wyden told
Brennan at his Senate confirmation hearing that the Justice Department is not
yet complying with President Obamabs promise to disclose those legal
memoranda. Feinstein said she was seeking eight such memos in total.

In their hours of questioning Brennan, however, the Senators didnbt once ask
the CIA nominee about the secret Saudi drone base. Perhaps thatbs because
they didnbt have a visual aid.




From tom at ritter.vg  Fri Feb  8 13:35:08 2013
From: tom at ritter.vg (Tom Ritter)
Date: Fri, 8 Feb 2013 16:35:08 -0500
Subject: [liberationtech] Bellovin, Blaze, Clark, Landau
Message-ID: <mailman.4203.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

When law enforcement relies on vulnerabilities in the system (be it
protocols, operating systems, applications, or web sites), they are
incentivized to keep it insecure.  If it were secure, how would they
get in?

Would the FBI patch their own systems against the bugs they know
about?  How would they control that information across all their
systems?  (This is an old hackers' puzzle: if you had an OpenSSH 0day,
would you patch yourself against it?)

If I were a communications provider (e.g. Silent Circle), and I found
that the FBI was hacking me to learn customer data... what is my
recourse?  To borrow from the CFAA, the FBI is certainly performing
unauthorized access or exceeding authorized access to a computer
system.  Am I allowed to kick them out? Sue them? What if they
accidently crash a system because they're crappy exploit writers?

Just like when Matt Blaze wrote it in Wired, this feels like a
mistimed April Fools joke.

-tom
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From FC  Fri Feb  8 08:10:00 2013
From: FC (FC)
Date: Fri, 08 Feb 2013 17:10:00 +0100
Subject: [liberationtech] Comments on the EU Commissionbs Flawed Cybersecurity Strategy
Message-ID: <mailman.4204.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Hi all,

Frustrated by the lack of critical reporting on the matter, I put
together a post on the EU Cybersecurity Strategy that was announced
yesterday. Apart from prof. Ross Anderson's, I've read very few
worthwhile analysis of it coming from civil society or academia. So I
thought it would be useful to have your take:

http://www.wethenet.eu/2013/02/comments-on-the-eu-commissions-flawed-cybersecurity-strategy/

Corrections welcome, especially if you think I'm being overly
pessimistic/negative.

Best,

FC)lix

PS: Since this is my first post to the list, a few introductory words: I
was a policy analyst (now volunteer) at Paris-based La Quadrature du Net
for three years, and I'm currently writing my PhD thesis on the
Internet's consequence for free speech law and citizen empowerment in EU
democracies.


------------------------------------


    Comments on the EU Commissionbs Flawed Cybersecurity Strategy

On Thursday February 7th 2013, during a press conference, the European
Commission announced a milestone initiative in the field of
bcybersecurityb, publishing two documents:

- A *proposal for a directive
<http://www.wethenet.eu/wp-content/uploads/CYBERSECURITY-DRAFT-PROPOSAL.pdf>
*bconcerning measures to ensure a high common level of network and
information, security across the Unionb (apparently nicknamed the bNIS
directiveb).

- A *communication
<http://www.wethenet.eu/wp-content/uploads/CYBERSECURITY-JOINT-COMMUNICATION.pdf>
*on a bCyberSecurity Strategy of the European Union : An Open, Safe and
Secure Cyberspaceb.

[Reminder : Cybersecurity in the sense used by the Commission is a
buzzword covering issues ranging from the management of computer
security systems in defense and private sector, to "cyberwar",
payment-fraud, zero-day exploits and malicious code, trafficking (among
other things), but also the protection of Internet freedom
internationally (just a few unconvincing words on the matter, but
theybre there, in bold
<http://europa.eu/rapid/press-release_IP-13-94_en.htm>! And there is
"open internet and online freedoms" in the title of the Commission's
press release <http://europa.eu/rapid/press-release_IP-13-94_en.htm>!!
If that's not a proof...).]/
/
Both the press conference <https://www.youtube.com/watch?v=qYOIlT9hqPA>
of commissioners Kroes, MalmstrC6m and Ashton as well as the documents
released show two things: *the Commission is not taking freedom
seriously in Internet policy*, *and it might be paving the way for the
militarization of cyberspace.
*


    EC should start by getting the math right

The commissioners started off by presenting very *vague and inflated
statistics about the cost of cybercrime* (several studies
<http://www.commercialriskeurope.com/cre/1588/239/Report-rails-against-in...>
have already made that point clear)**. From copyright to cybersecurity
policy debates, bogus numbers remain, in this case to the benefit of the
security and surveillance industry1
<http://comments-on-eu-commissions-vague-cybersecurity-strategy-0#footnote2_9oip6ek>.
This is classic, lobby-induced, pure *threat inflation* (on that note,
see Brito & Watkinsbs 2011 article
<http://mercatus.org/sites/default/files/publication/loving-cyber-bomb-dangers-threat-inflation-cybersecurity-policy_0.pdf>:
/Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity
Policy/).

Then, the commissioners moved to the substance of the proposal. Things
were not particularly clear, as the questions of the journalists sitting
in the press room would later reveal. The few reporters in attendance
had interesting questions, but sadly these were largely unrelated to the
actual texts2
<http://comments-on-eu-commissions-vague-cybersecurity-strategy-0#footnote2_9oip6ek>.
They had apparently not been able to read the recent leaks of both texts
by anonymous Brussels sources, released on the Internet last month (as I
write, the documents officially released yesterday still cannot be found
on the EU Commission website).

Going over the 60-plus pages of the proposed directive
<http://www.wethenet.eu/wp-content/uploads/CYBERSECURITY-DRAFT-PROPOSAL.pdf>
and the accompanying communication
<http://www.wethenet.eu/wp-content/uploads/CYBERSECURITY-JOINT-COMMUNICATION.pdf>,
it becomes clear that the EU cybersecurity strategy suffers from several
flawsb&


    Towards a centralized network of cybersecurity authorities

The proposed bNetwork and Information Securityb directive aims to set up
a b*NIS network*b of bcybersecurity firemenb, headed by the EU agency
ENISA
<https://en.wikipedia.org/wiki/European_Network_and_Information_Security_Agency>
(created in 2004 and based in Athens). ENISA will lead a group of
national counterparts (each Member State shall have its own NIS
authority). For the most part, these already exist and are usually
primarily in charge of *defense and military networks* (see this
analysis
<http://www.edri.org/edrigram/number11.1/cybersecurity-draft-directive-eu>
by computer security researcher at Cambridge University, Prof. Ross
Anderson, about how the proposal risks centralizing cybersecurity
policy-making within the public sector).

This centralized network of /de facto/ cybersecurity policy-makers will
operate *out of public scrutiny*, with the always-convenient excuse of
handling bconfidential informationb (see recital 17 and 18). Behind the
scene, these public authorities of course risk being *under the harmful
influence of security vendors* and other bprivate sector providersb, who
will help pushing for the kind of fear-mongering displayed at the very
beginning of the conference/./

The new bdata breach disclosureb obligations that made the headlines
<http://www.zdnet.com/businesses-forced-to-admit-data-breaches-under-eu-cybersecurity-plan-7000010985/>
/may/ be made public, at the entire discretion of NIS authorities. As
Prof. Anderson, points out
<http://www.lightbluetouchpaper.org/2013/02/08/eu-cyber-security-directive-considered-harmful/>:

    bWhereas security-breach notification laws in the USA require firms
    to report breaches to affected citizens, articles 14 and 15 instead
    require breach notification to the bcompetent authorityb.
    Notification requirements can be changed later by order (14.5-7) and
    the bcompetent authoritiesb only have to tell us if they determine
    itbs in the bpublic interestb (14.4).b

What is more, this NIS network will also be *absorbing a potentially
enormous amount of information* (article 15.2) *from virtually all the
significant players of the Internet* (among the many bmarket operatorsb
concerned, see Annexe IV), which in return will benefit from nice
insurance premiums if they properly follow the recommendations on
security practices and the standards imposed by the NIS authorities
(elaborated how? Following what procedures or criteria? In the same
vein, article 15.3 does not say much about the b*binding instructions*
to market operators and public administrationsb that NIS authorities
will have the power to issue). Meanwhile, the EU Commission is given
broad competency to impose b*standards* and/or technical specifications
relevant to network and information securityb (article 16).

The NIS network will work with Computer Emergency Response Teams (CERTs
are official security experts teams, already exist, but will be beefed
up under the proposed directive) and law enforcement agencies,
especially Europolbs brand-new EC3: the bEuropean Cyber Crime Centerb
(watch this bcoolb video
<http://ec.europa.eu/avservices/video/player.cfm?ref=I075479> to get a
sense of how hype EC3 is)b&


    The strategybs missing players

This all could have been a little different. And better.

For instance, the Commission could have promoted a more *decentralized
governance of cybersecurity*, insisting on *procedural safeguards *on
how cybersecurity policy is made and conducted (at least general but
tangible legal principles). Many peoples in many places today are doing
a great job in ensuring the resiliency of the Internet (in the spirit of
Prof. Zittrainbs enlightening TED talk
<http://www.ted.com/talks/jonathan_zittrain_the_web_is_a_random_act_of_kindness.html>).
Many of them would probably have wanted actual *guarantees for broad
participation in an /open/ policy forum* (guarantees enacted preferably
not just as a nice gesture, but out of conviction that it is how you can
best ensure trust and reliability in cybersecurity policy).

But these contributors to cybersecurity (in academia, in civil liberty
organizations, in hackerspaces, etc.) are mostly kept out of the loop.
And they have reasons to worry. Not only can they righlty question the
competence of the EU executives in caring after the Internet. Actually,
several state actors bincluding in EU and USb are rather promoting
bcyber-/in/securityb (i.e: trade of Zero-Day exploits
<http://Should%20the%20secretive%20hacker%20zero-day%20exploit%20market%20be%20regulated>,
attendance in trade fairs on Internet surveillance
<http://Valentino-Devries,%20Jennifer,%20Julia%20Angwin%20et%20Steve%20Stecklow.%202011.%20%C2%AB%C2%A0Document%20Trove%20Exposes%20Surveillance%20Methods%C2%A0%C2%BB,%20Wall%20Street%20Journal.>,
etc).They also have to bear
<http://www.wired.com/threatlevel/2012/04/hacking-tools/> the risk of
repression because of another proposed directive (directive 2010/0273
<http://parltrack.euwiki.org/dossier/2010/0273%28COD%29> on bcombating
attacks against information systemsb), currently in first reading in the
EU Parliament and which could criminalize
<http://www.wired.com/threatlevel/2012/04/hacking-tools/> security
researchers and white-hat hackers.


    Trying to put some bnet freedomsb flavor

The articles of the proposed directive on cybersecurity and the overall
strategy bring *very little protection to the rights of Internet users*,
and none to the decentralized architecture of the network (the text
makes no mention of Net neutrality, for instance). It all comes down to
a few reassuring lines:

- The directive makes a short reference to the EU *privacy* legislation
(recital 23, 37, 39 and article 5). This is a smart move, underlining
that EU is big on privacy (webll see what comes out of the new data
protection regulation <http://www.privacycampaign.eu/>b&), and above all
useful to differentiate the proposed EU directive from its infamous US
cousin, the ill-fated Cyber Intelligence Sharing and Protection Act
<https://duckduckgo.com/Cyber_Intelligence_Sharing_and_Protection_Act>
(CISPA3
<https://ww-on-eu-commissions-vague-cybersecurity-strategy-0#footnote3_pi82d6q>).

- The cybersecurity communication released alongside the directive makes
mention of the pompous NO DISCONNECT strategy
<http://europa.eu/rapid/press-release_IP-11-1525_en.htm?locale=en>,
announced in late 2011 by Neelie Kroes4
<https://ws-on-eu-commissions-vague-cybersecurity-strategy-0#footnote4_p6b6an7>,
and which has yet to achieve anything significant (see below).

- The Commission also announces the upcoming release of*international
guidelines on freedom of expression* boffline and onlineb to assist its
diplomacy.

- b& (There might be some other similar bnet freedomsb overtones in there).

Overall, these good words will do very, very little to put into practice
the bDigital Freedom Strategyb report
<http://www.marietjeschaake.eu/2012/12/european-parliament-endorses-first-ever-digital-freedom-strategy/>
adopted by the EU Parliament in December 2012, or any of the policy
proposals made by civil society and academia to better protect human
rights online, both in the EU and globally.


    In the meantimeb&

In the meantime, no /ad hoc/ and effective regulation exists for
regulating the use of privacy invasive technologies in network
architectures5
<https://won-eu-commissions-vague-cybersecurity-strategy-0#footnote5_2i8hl48>.
And Net neutrality is officially
<http://www.laquadrature.net/en/net-neutrality-neelie-kroes-yields-to-operator-pressure>
abandonned as an actual regulatory objective by Neelie Kroes.

In the meantime, workshops and consultations are being organized in
Brussels, while free speech NGOS are left suing bcensorwareb vendors
before theb& OECD (??! b& yes, the OECD is not known to be an actual
judicial authority but, at least they have some useful words put on
paper against what these companies appear to have done band still seem
to be doingb in authoritarian regimes around the world. See the RSF
press release
<http://en.rsf.org/bahrein-human-rights-organisations-file-04-02-2013,44016.html>).
There are also criminal charges brought in France for complicity of
torture
<http://www.edri.org/edrigram/number10.10/amesys-complicity-in-torture>
against Amesys (later bought by BULL) for its former cooperation
<http://online.wsj.com/article/SB10001424053111904199404576538721260166388.html>
with Kaddhafibs political police. However, the trial is taking quite a
long time; Amesys has been absorbed by BULL; the French government
invests
<http://reflets.info/qosmos-et-fsi-restons-optimistes-il-reste-quelques-dictatures-et-quelques-etats-policiers/>
public money in BULL; and BULL thrives on defense and private-sector
contracts, in France and abroad6
<https://wwments-on-eu-commissions-vague-cybersecurity-strategy-0#footnote6_z5qyizd>.
It is also very hard to have any information on these companiesb
controversial activities, in spite of parliamentary requests to
governments7
<http://.net/en/comments-on-eu-commissions-vague-cybersecurity-strategy-0#footnote7_e4oubml>,
or whether and how they are being regulated under dual-use export
<http://ec.europa.eu/trade/creating-opportunities/trade-topics/dual-use/> controls.

In the meantime, in an interview, the EC3 chief Troels Crting lists
<http://www.euractiv.com/infosociety/cybercrime-centre-work-fbi-us-se-news-516968>
bhacktivism <https://en.wikipedia.org/wiki/Hacktivism>b as a
cybersecurity threat alongside terrorist activities and extremism. This
shows once again that high-ranking officials tend to overlook crucial
policy distinctions in apprehending the bcybercrimeb phenomenon, and in
particular politically-motivated hacking and other forms of online civil
disobedience.

After the Telecoms Package, after HADOPI, after SOPA/PIPA, after CISPA,
after ACTA, after the WCIT, our dear democracies still donbt seem to get
it right. And so we are left watching our political system put much
effort and spending lots of time on discussions that in the end deliver
so little. *Repressive proposals keep coming. One after the other.* A
significant bcoreb of policy-makers remains stuck in fear, and keeps
refusing to put the protection of freedoms online onto the legislative
agenda. And so webre left with questions.

Will more citizen pressure on Internet policy-making do the trick? Will
the EU Parliament come to the rescue? Because this proposed NIS
directive could use some serious improvement. A much more open
discussion on cybersecurity policy is urgent.


--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb  8 08:14:51 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 17:14:51 +0100
Subject: [liberationtech] Comments on =?utf-8?Q?the?= 
  =?utf-8?Q?_EU_Commission=E2=80=99s?= Flawed Cybersecurity Strategy
Message-ID: <20130208161451.GE6172@leitl.org>

----- Forwarded message from FC)lix TrC)guer <ft at laquadrature.net> -----


From kanzure at gmail.com  Fri Feb  8 16:44:44 2013
From: kanzure at gmail.com (Bryan Bishop)
Date: Fri, 8 Feb 2013 18:44:44 -0600
Subject: Cost of Knowledge update, Elsevier boycott one year on
Message-ID: <mailman.4205.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

The Elsevier boycott one year on
http://gowers.wordpress.com/2013/01/28/the-elsevier-boycott-one-year-on/

"""
A few days ago was the anniversary of the beginning of the Cost of
Knowledge boycott of Elsevier. It seems a good moment to take stock of what
the boycott has achieved and to think about what progress has or hasnbt
been made since it started. This post is a short joint statement by many of
the people who signed the original Cost of Knowledge statement last year.
At some point in the not too distant future I plan to write a longer post
giving a more personal view.

The Elsevier boycott: where do we now stand?

In the first few months after the boycott started, the number of
signatories grew very rapidly. The growth is now much slower, but this was
to be expected: given that, for understandable reasons, no editorial boards
of Elsevier journals were ready to take the drastic step of leaving
Elsevier, it was inevitable that further progress would depend on the
creation of new publication models, which takes time and work, much of it
not in the public eye. We are very pleasantly surprised by how much
progress of this kind there has already been, with the setting up of Forum
of Mathematics, a major new open-access journal, and the recent
announcement of the Episciences Project, a new platform for overlay
journals. We are also pleased by the rapid progress made by the wider Open
Access movement over the last year.

In one respect the boycott has been an unqualified success: it has helped
to raise awareness of the concerns we have about academic publishing. This,
we believe, will make it easier for new publishing initiatives to succeed,
and we strongly encourage further experimentation. We believe that
commercial publishers could in principle play a valuable role in the future
of mathematical publishing, but we would prefer to see publishers as
bservice providersb: that is, mathematicians would control journals,
publishers would provide services that mathematicians deemed necessary, and
prices would be kept competitive since mathematicians would have the option
of obtaining these services elsewhere.

We welcome the moves that Elsevier made last year in the months that
followed the start of the boycott: the dropping of support for the Research
Works Act, the fact that back issues for many journals have now been made
available, a clear statement that authors can post preprints on the arXiv
that take into account comments by referees, and some small price
reductions. However, the fundamental problems remain. Elsevier still has a
stranglehold over many of our libraries as a result of Big Deals (a.k.a.
bundling) and this continues to do real damage, such as forcing them to
cancel subscriptions to more independent journals and to reduce their
spending on books. There has also been no improvement in transparency: it
as hard as ever to know what libraries are paying for Big Deals. We
therefore plan to continue boycotting Elsevier and encourage others to do
the same.

The problem of expensive subscriptions will not be solved until more
libraries are prepared to cancel subscriptions and Big Deals. To be an
effective negotiating tactic this requires support from the community: we
must indicate that we would be willing to put up with cancelling overly
expensive subscriptions. The more papers are made freely available online
(e.g., through the arXiv), the easier that will be. Many already are, and
we regard it as a moral duty for mathematicians to make their papers
available when publishers allow it. Unfortunately, since mathematics papers
are bundled together with papers in other subjects, real progress on costs
will depend on coordinated action by mathematicians and scientists, many of
whom have very different publication practices. However, a statement by
mathematicians that they would not be unduly inconvenienced by the
cancelling of expensive subscriptions would be a powerful one.

We are well aware that the problems mentioned above are not confined to
Elsevier. We believe that the boycott has been more successful as a result
of focusing attention on Elsevier, but the problem is a wider one, and many
of us privately try to avoid the other big commercial publishers. We
realize that this is not easy for all researchers. When there are more
alternatives available, it will become easier: we encourage people to
support new ventures if they are in a position do so without undue risk to
their careers.

We acknowledge that there are differing opinions about what an ideal
publishing system would be like. In particular, the issue of article
processing charges is a divisive one: some mathematicians are strongly
opposed to them, while others think that there is no realistic alternative.
We do not take a collective position on this, but we would point out that
the debate is by no means confined to mathematicians: it has been going on
in the Open Access community for many years. We note also that the
advantages and disadvantages of article processing charges depend very much
on the policies that journals have towards fee waivers: we strongly believe
that editorial decisions should be independent of an authorbs access to
appropriate funds, and that fee-waiver policies should be designed to
ensure this.

To summarize, we believe that the boycott has been a success and should be
continued. Further success will take time and effort, but there are simple
steps that we can all take: making our papers freely available, and
supporting new and better publication models when they are set up.

Doug Arnold, John Baez, Folkmar Bornemann, Danny Calegari, Henry Cohn,
Ingrid Daubechies, Jordan Ellenberg, Marie Farge, David Gabai, Timothy
Gowers, Michael Harris, FrC)dC)ric HC) lein, Rolf Jeltsch, Rob Kirby, Vincent
Lafforgue, Randall J. LeVeque, Peter Olver, Olof Sisask, Terence Tao,
Richard Taylor, Nick Trefethen, Marie-France Vigneras, Wendelin Werner,
GC<nter M. Ziegler
"""

- Bryan
http://heybryan.org/
1 512 203 0507

-- 
You received this message because you are subscribed to the Google Groups "science-liberation-front" group.
To unsubscribe from this group and stop receiving emails from it, send an email to science-liberation-front+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb  8 12:26:55 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 21:26:55 +0100
Subject: [liberationtech] Bellovin, Blaze, Clark, Landau
Message-ID: <20130208202655.GG6172@leitl.org>

----- Forwarded message from Joseph Lorenzo Hall <joe at cdt.org> -----


From eugen at leitl.org  Fri Feb  8 12:46:34 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 21:46:34 +0100
Subject: [cryptography] "Meet the groundbreaking new encryption app
  set 	to revolutionize privacy..."
Message-ID: <20130208204634.GH6172@leitl.org>

----- Forwarded message from Jon Callas <jon at callas.org> -----


From eugen at leitl.org  Fri Feb  8 13:03:11 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 22:03:11 +0100
Subject: [ZS] Money transfers, due process, and freedom
Message-ID: <20130208210311.GL6172@leitl.org>

----- Forwarded message from Mark Nuzzolilo II <nuzz604 at gmail.com> -----


From eugen at leitl.org  Fri Feb  8 13:39:57 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 8 Feb 2013 22:39:57 +0100
Subject: [liberationtech] Bellovin, Blaze, Clark, Landau
Message-ID: <20130208213957.GQ6172@leitl.org>

----- Forwarded message from Tom Ritter <tom at ritter.vg> -----


From jon at callas.org  Fri Feb  8 23:06:55 2013
From: jon at callas.org (Jon Callas)
Date: Fri, 8 Feb 2013 23:06:55 -0800
Subject: [cryptography] "Meet the groundbreaking new encryption app set
	to revolutionize privacy..."
Message-ID: <mailman.4206.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am separating this from my previous as I went into a rant.

As we were designing Silent Text, we talked to a lot of people about what they
needed. I don't remember who told me this anecdote, but this person went over
to a colleague's office after they'd been texting to just talk. They walked
into the colleagues office and noticed their phone open with a conversation
plainly visible with someone else. A third party who was their mutual
colleague was texting about that meeting.

In short: Alice goes to Bob's office for a meeting and sees texts from Charlie
about that meeting, including comments about Alice.

There wasn't anything untoward about the texting. No insults about Alice or
anything, but there was an obvious privacy loss here. What if it *had* been
included an intemperate comment about our Alice? Alice said nothing about it
to Bob, but I got an earful. That earful included the opinion that the threat
of accidental disclosure of messages within a group of people is greater than
either the messages "being plucked out of the air" or seizure and forensic
groveling over the device. Alice's opinion was that when people have a secure
communications channel, they loosen up and say things that are more dramatic
than they would be otherwise. It's not that they're more honest, they're less
honest. They're exaggerated to the point of hyperbolic at times. Alice said
that she knew that she'd texted some things to Bob that she really wouldn't
want the person she'd said them about to see them. They were said quickly, in
frustration, and so on. It's not that they'd be taken out of context, it's
 that they'd be taken *in* context.

It's interesting underlying the story, Alice suddenly saw Bob not as an ally
in snark, but a threat -- the sort of person who leaves their phone unlocked
on their desk. Bob, of course, would say something like that if the texts had
been potentially offensive, he'd have locked his phone. This explanation would
thus convince Alice that Bob is *really* not to be trusted with snark.

This is incredibly perceptive, that the greatest security threat is not the
threat from outside, it's the threat from inside. It is exactly Douglas
Adams's point about the babelfish that by removing barriers to communication,
it created more and bloodier wars than anything else.

That's where "Burn Notice" came from. It's a safety net so that when Charlie
texts Bob, "I'm tired of Alice always..." it goes away.

What I find amusing is the reaction to it all around. There's a huge
manic-depressive, bimodal reaction. Lots of people get ahold of this and
they're like girls who've gotten ahold of makeup for the first time. ZOMG! You
mean my eyelids can be PURPLE and SPARKLY? This is the same thing that happens
when people discover font libraries or text-to-speech systems. For a couple of
days that someone gets the new app, there's nothing but text messages that are
self-destructing, purple, sparkly eyelids with font-laden Tourette's Syndrome
with the Mission Impossible theme song playing in the background. (Note, if
you are using Silent Text, you can't actually make the text purple, nor
sparkly, nor change fonts. You need to put all of that in a PDF or an animated
GIF -- and you will. This is a metaphor, not a requirements document.)

The next thing that happens is that they are so impressed with some
particularly inspired bit self-desctructing childishness that they take a
screen shot. As they gaze at the screen shot, or sometimes just as they take
the screen shot, light dawns. Oh. You mean.... Oh. Then the depressive phase
kicks in.

Back in the dark ages, PGP had the "For Your Eyes Only" feature. This is
pretty much the ancestor of Burn Notice. Simultaneously useful and worthless.
It's useful because it signals to your partner that this is not only secret
but sensitive and does something to stop accidental disclosure. It is utterly
ineffective against a hostile partner for many of the same reasons. We did all
sorts of silly things with FYEO that included an anti-TEMPEST/Van Eck font,
and other things. Silent Text actually has an FYEO feature that isn't exposed,
thank heavens.

I mention all of that because once you're in the depressive phase, it's easy
to go down the same rathole we did with FYEO. I spent time researching if you
can prevent screen shots on iOS (you can't). I did this while telling people
that it was dumb because I can take a picture of my iPhone with my iPad. I
held up my phone to video chat and said, "Here, see this? This is what you can
do!"

Sanity prevailed, but I think that fifteen years of FYEO helped a lot. When
you stare into self-destructing messages, trying to figure out how make them
really go away flawlessly, they stare back. You will end up trying to figure
out how to do a destructive two-phase commit, what class libraries need to be
patched so those that non-mutable strings inherit from mutable strings (not
the other way around), all while a nagging voice whispers in the back of your
head about how brave freedom fighters are gonna die because of this.

After the depressive phase comes the patronizing, retributive phase in which
it's clear that letting people delete potentially embarrassing messages is
bad, because it's imperfect. Imperfect security is worse than plaintext.
People have to learn self-control. Cue the Kalil Gibran quotes. People can't
just say any old thing on a secure chat program because that leads to purple
eyeshadow and thus inevitably to brave freedom fighters having their phones
seized at borders, and then people will die -- all because we let them delete
their incriminating messages. This phase makes so little sense that it's hard
for me even to mock it. But the gist of that objection really is that it's bad
to let people delete sensitive things because that will cause seizure of
sensitive things. Otherwise sane people have said this to me, and they don't
seem to see how funny they are.

Nonetheless, there's two things that happen. On the one hand, there are people
who think this cute, simple feature is the second coming of sliced bread. The
other hand is the people who insist it must be impossible (because they've
over-thought it) or evil (because security shouldn't be fun, let alone
purple). There is a small point to the dour, greyfaced side of this, I admit.
You cannot solve human problems with technology. Technology often just
shuffles around the brilliance that humans have at shooting themselves in the
foot. I'm well aware of Laotse's snarky comment that the invention of locks
created burglary, and I often agree with him.

But I think there has to be fun with security. We talk a lot about how
security has to be usable, but I think fun is up there, too. If it's fun,
people will use it. They make their mistakes cheaply, and in a reasonably safe
environment. Most of all, they'll actually use it. That's been the challenge
of the last couple decades, getting people to use it. People use things that
they play with. I think thus that play is part of security, too. What's
"groundbreaking" in what we're doing is that we're having fun and encouraging
others to do so, too.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFRFfWQsTedWZOD3gYRAmYJAKDJ8exiTiWgzMy11mp/FKEN8TXpUACdHTPW
dHbRrgTqwb3R5oPHvWEC8Pg=
=b3gk
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From metahorse at gmail.com  Sat Feb  9 07:42:40 2013
From: metahorse at gmail.com (Michael Hrenka)
Date: Sat, 9 Feb 2013 07:42:40 -0800 (PST)
Subject: [ZS] Troll Attack Patterns
Message-ID: <mailman.4207.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

I know a little bit about how trolls operate. There are different types of 
trolls, but most of them present a threat to the community that is trolled. 
So, the community needs some awareness of the attack patterns in order to 
withstand such attacks.

I was an active member of a certain small community, let's call it 
community X. X has a charismatic leader, let's call him Z, with radical 
ideas about progress, community, and stuff like that. Because Z wants a 
large high quality community and it is hard to find candidates with the 
required prerequisites ("really freely thinking individuals" or so), Z 
resorts to an unconventional strategy of member recruitment which I call 
"forum fishing" for simplicity. It consists in entering forums of other 
communities and advertising the ideals of X. Members are encouraged to 
check out X, because it's really great and so on (which is not too far from 
the truth actually). At the same time the targeted community C is 
criticized in different ways:
1. It is criticised for not upholding the ideals of X.
2. It is criticised for supporting destructive ideals which are detrimental 
to individuals.
3. It is criticised for being stupid, dysfunctional and inefficient.
4. It is criticised for not even sticking to its own ideals and rules.
5. It is criticised for a bad administration style, which is characterized 
as despotic.

Many points that the infiltration group of X make are thoughtful, true, and 
justified. But at the same time the group is quite vehement and aggressive, 
which sooner or later gets them flagged as trolls. They react by pointing 
out that they are acting in accordance with the rules, even if the C admins 
have erroneous differing positions and that they have good intentions. 
Often, a few members of C agree with the X members and consider joining X. 
These individuals may be painted as traitors by the C admins. But that 
reaction makes the accused traitors likely to question their allegiance to 
C and likely to join X instead.

Sooner or later, the infiltrators from X are kicked out of C, possibly 
together with some sympathizers. But they will have incited hot discussions 
about values, ideals, administration styles, and perhaps even recruited a 
few intelligent and open minded members for X. The reactions of the C 
admins will have antagonized a couple of C members, so they will leave, 
rebel, or generally will feel unwelcome, protest, and cause further 
trouble. In any case, the free expression of ideas will be restricted to 
some degree. The community C may become more dictatorial, up to the point 
of becoming an empty shell that doesn't remind anyone of the what it once 
was. It may split up because of that or just die silently.

And those were the benign trolls. Now I'll explain the methods of malignant 
trolls. The motive of the malignant troll is to destroy the targeted 
community, or to take it over, or to cause as much trouble as possible. 
Let's call the targeted community C. It is not without irony that I was an 
admin of X when it was infiltrated by malignant trolls.

Malignant trolls infiltrate hard and deep. They try to earn the trust of C 
members, and especially C admins. If they are good, they will not come 
alone, but as a highly coordinated trolling troupe "T". Once a single 
member of T gains admin status, the other members of T will also get that 
status soon. Sooner or later a significant fraction of C admins belong to 
T. Once they are in that position, it is hard to remove them. Here's what 
happens if someone identifies them as infiltrators and takes action against 
them:
1. T denies that they are a problem for C. Instead T members claim that 
they are highly beneficial for C.
2. The offending C member will be accused of being unjust and will be 
defamed until he loses his status in C.
3. Defamation campaigns can include banning the offending member (remember: 
T has a lot of admins) and creating fake accounts who claim to be the 
banned member. The fake account write lots of nonsense which makes the 
original C member look bad. Additional T members or fake accounts of T 
members join in to corroborate that the initial C member needs to be 
excluded from the community forever.
4. If members of T are banned, the bans are reversed by T admins and the C 
member who tried to remove a T member is blamed for his "misbehaviour" and 
targeted for further attacks.
5. If T is threatened with defeat nevertheless, T may make serious threats: 
Psychological terror, physical attacks, legal action, etc. These threats 
are probably not serious, but the problem is that one doesn't actually know 
that.

In general, a troll troupe T consists of many different accounts:
1. The account of the master troll
2. Accounts of other members of T
3. Fake accounts of T members for additional impact
4. Fake accounts that claim to be accounts of genuine C members.

With all these fake and supporting accounts it is really hard to delineate 
between T members and genuine C members. Without real awareness of what 
might be going on, there will be hell of a chaos. C can only resist the 
chaos effectively if it uses communication channels with are not 
infiltrated, yet. Private emails, phone calls, and private meetings are 
generally hard to be infiltrated and can therefore be seen as rather safe.

How to defend against such attacks?
1. Have a clear identity and sensible principles.
2. Stick to your principles.
3. Have a brilliant team of admins who are reasonable and not too paranoid.
4. Don't give potential trolls power. People with power should be 
"screened" to guarantee that they are loyal to the community.
5. Private communication - lots of it.

How to differentiate between trolls and genuine members?
* Know them!
* Trolls are generally not very constructive
* Malignant trolls are rather cynical, unfriendly, and nihilistic, but 
demand fair treatment nevertheless, or even preferential treatment.
* Trolls are unlikely to be loyal to the ideals of the community.

I hope this was helpful. Zero State is too precious to be a victim to 
trolls and other infiltrators.

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Sat Feb  9 00:38:11 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 9 Feb 2013 09:38:11 +0100
Subject: [cryptography] "Meet the groundbreaking new encryption app
  set 	to revolutionize privacy..."
Message-ID: <20130209083810.GW6172@leitl.org>

----- Forwarded message from Jon Callas <jon at callas.org> -----


From eugen at leitl.org  Sat Feb  9 00:55:24 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 9 Feb 2013 09:55:24 +0100
Subject: Cost of Knowledge update, Elsevier boycott one year on
Message-ID: <20130209085524.GZ6172@leitl.org>

----- Forwarded message from Bryan Bishop <kanzure at gmail.com> -----


From measl at mfn.org  Sat Feb  9 08:51:23 2013
From: measl at mfn.org (J.A. Terranson)
Date: Sat, 9 Feb 2013 10:51:23 -0600 (CST)
Subject: "I am the walking Exigent Circumstances you created"
In-Reply-To: <CAA8U0RT=YyDGKsdig_J=MexZA=Hb5uVxvjxaS=BpbZWHDSRpLw@mail.gmail.com>
References: <Pine.LNX.4.64.1302072012390.22408@mx1.mfn.org> 
  <20130208125624.GU6172@leitl.org>
  <CAA8U0RT=YyDGKsdig_J=MexZA=Hb5uVxvjxaS=BpbZWHDSRpLw@mail.gmail.com>
Message-ID: <Pine.LNX.4.64.1302091050020.22408@mx1.mfn.org>

On Fri, 8 Feb 2013, SiNA Rabbani wrote:

> Those newspaper delivery ladies that got shot at by the cops will never
> have to deliver newspapers again.
> 
> I guess if you survive such an attack the up side is that you become a
> millionaire, in some parts of the world there is no such a liability.
> 
> P.s. its absolutely sad to see cops open fire like this
> On Feb 8, 2013 5:13 AM, "Eugen Leitl" <eugen at leitl.org> wrote:

Unfortunately, police in the US open fire - often killing their victims - 
all the time for no good reason  And they almost always get away with it.  
The US has been an actual Police State for at least 12 years now.


//Alif

-- 
Those who make peaceful change impossible,
make violent revolution inevitable.

An American Spring is coming:
   one way or another.




From skquinn at rushpost.com  Sat Feb  9 16:37:16 2013
From: skquinn at rushpost.com (Shawn K. Quinn)
Date: Sat, 09 Feb 2013 18:37:16 -0600
Subject: "I am the walking Exigent Circumstances you created"
In-Reply-To: <Pine.LNX.4.64.1302091050020.22408@mx1.mfn.org>
References: <Pine.LNX.4.64.1302072012390.22408@mx1.mfn.org> 	 
  <20130208125624.GU6172@leitl.org> 	
  <CAA8U0RT=YyDGKsdig_J=MexZA=Hb5uVxvjxaS=BpbZWHDSRpLw@mail.gmail.com> 	
  <Pine.LNX.4.64.1302091050020.22408@mx1.mfn.org>
Message-ID: <1360456636.17840.1.camel@klax>

On Sat, 2013-02-09 at 10:51 -0600, J.A. Terranson wrote:
> The US has been an actual Police State for at least 12 years now.

I can believe it has for 11 years and change, but 12 years would mean
starting 7-8 months before 9/11. Sorry if it seems like I'm splitting
hairs, but I don't remember things getting really bad until a few months
after 9/11.

-- 
Shawn K. Quinn <skquinn at rushpost.com>




From demonfighter at gmail.com  Sat Feb  9 17:02:14 2013
From: demonfighter at gmail.com (Steve Furlong)
Date: Sat, 9 Feb 2013 20:02:14 -0500
Subject: "I am the walking Exigent Circumstances you created"
In-Reply-To: <1360456636.17840.1.camel@klax>
References: <Pine.LNX.4.64.1302072012390.22408@mx1.mfn.org> 
  <20130208125624.GU6172@leitl.org> 
  <CAA8U0RT=YyDGKsdig_J=MexZA=Hb5uVxvjxaS=BpbZWHDSRpLw@mail.gmail.com> 
  <Pine.LNX.4.64.1302091050020.22408@mx1.mfn.org> 
  <1360456636.17840.1.camel@klax>
Message-ID: <CAOFDsm1KRxrg9EcPHhm8UBg_OTFnE5Qa-VqtOetSmun9fu00_g@mail.gmail.com>

On Sat, Feb 9, 2013 at 7:37 PM, Shawn K. Quinn <skquinn at rushpost.com> wrote:
> On Sat, 2013-02-09 at 10:51 -0600, J.A. Terranson wrote:
>> The US has been an actual Police State for at least 12 years now.
>
> I can believe it has for 11 years and change, but 12 years would mean
> starting 7-8 months before 9/11. Sorry if it seems like I'm splitting
> hairs, but I don't remember things getting really bad until a few months
> after 9/11.

Note that the disgustingly-named PATRIOT Act was the wish-list of
every federal police(-state) agency. They'd been asking for
unwarranted wiretaps and immunity and watch-lists of non-criminal
travellers and all the rest for years, but kept getting denied ...
until 9/11 made all their wishes come true.

-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209




From virtualadept at gmail.com  Sat Feb  9 18:54:43 2013
From: virtualadept at gmail.com (Bryce Lynch)
Date: Sat, 9 Feb 2013 21:54:43 -0500
Subject: [ZS] Re: AGI optimism.
Message-ID: <mailman.4208.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Wed, Feb 6, 2013 at 5:04 PM, Dirk Bruere <dirk.bruere at gmail.com> wrote:

> I find it difficult to believe that at least the NSA is not funding AI
> to this level.
>

The thing about government agencies (US government agencies, in particular)
is that they are brutally pragmatic.

If they thought - really, really thought - that having a human-equivalent
AGI running in a data center would let them accomplish their goals, they'd
do it in a heartbeat.  There's no guarantee that it would actually happen,
because the government/contractors system is horribly inefficient, but an
attempt would be made.

It seems, by all accounts, that the NSA is more concerned with being able
to break crypto than they are having a human-equivalent intelligence.  From
what I've heard from more-or-less reliable sources, they need raw number
crunching power and disk space for huge rainbow tables to do what they need
to do and be able to show results.

If anything, I think the DoD would be more interested in having an AGI, but
they have more than enough trouble to deal with on the infosec side of the
house.

-- 
The Doctor [412/724/301/703] [ZS|Media]
https://drwho.virtadpt.net/
"I am everywhere."

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Sat Feb  9 13:14:47 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 9 Feb 2013 22:14:47 +0100
Subject: [ZS] Troll Attack Patterns
Message-ID: <20130209211447.GE6172@leitl.org>

----- Forwarded message from Michael Hrenka <metahorse at gmail.com> -----


From virtualadept at gmail.com  Sat Feb  9 19:24:29 2013
From: virtualadept at gmail.com (Bryce Lynch)
Date: Sat, 9 Feb 2013 22:24:29 -0500
Subject: [ZS] Re: Money transfers, due process, and freedom
Message-ID: <mailman.4209.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Fri, Feb 8, 2013 at 3:06 AM, Michael Hrenka <metahorse at gmail.com> wrote:

> Sooner or later the financial system will have to adapt to use Bitcoin
> anyway. The question is when and how that will happen.
>
>>
Word has it that the Canadian government is trying to by reinventing it a)
in a centralized fashion so they can control it, and b) only for low value
transactions.  Whether or not it'll stand up to any real scrutiny remains
to be seen.

http://www.wired.com/threatlevel/2012/05/mintchip/

http://bits.blogs.nytimes.com/2012/04/12/canada-seeks-to-turn-coins-into-digital-currency/

http://www.fastcompany.com/1829662/canada-launch-its-own-version-bitcoin-called-mintchip

-- 
The Doctor [412/724/301/703] [ZS|Media]
https://drwho.virtadpt.net/
"I am everywhere."

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From virtualadept at gmail.com  Sat Feb  9 19:36:18 2013
From: virtualadept at gmail.com (Bryce Lynch)
Date: Sat, 9 Feb 2013 22:36:18 -0500
Subject: [ZS] Re: Money transfers, due process, and freedom
Message-ID: <mailman.4210.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Fri, Feb 8, 2013 at 3:30 AM, Mark Nuzzolilo II <nuzz604 at gmail.com> wrote:

> Because it would have to have a low barrier to entry.  An average
> Internet user would have to be able to be able to use this with only a
> couple minutes of setup, at the most.  If there is another way to do
> this I am all ears.


Smartphone users are already starting to buy into Square (
https://squareup.com/) because the startup cost is free (to get the reader
and app) and the transaction cost is, at this time, a flat 2.75%.

What does Bitcoin have?

easywallet.org, an online Bitcoin wallet which, by being bookmarkable,
means that it's usable a) on iProducts (Apple routinely hunts down and
kills any Bitcoin apps in the Appstore) and b) means that you don't have to
install anything if you don't want to:

https://easywallet.org/en/bitcoin_for_iphone

Coinapult, which lets you send Bitcoins via text messages:

https://coinapult.com/sms-wallet

blockchain.info, which not only has an excellent Android app but also has
what seem to be fairly easy to use web-based APIs for transactions:

https://blockchain.info/api

There are very easy to use apps out there.  Not many people seem to have
any interest in using Bitcoins.  Yet.

-- 
The Doctor [412/724/301/703] [ZS|Media]
https://drwho.virtadpt.net/
"I am everywhere."

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Sun Feb 10 02:57:03 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 10 Feb 2013 11:57:03 +0100
Subject: [ZS] Re: AGI optimism.
Message-ID: <20130210105703.GM6172@leitl.org>

----- Forwarded message from Bryce Lynch <virtualadept at gmail.com> -----


From eugen at leitl.org  Sun Feb 10 02:58:35 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 10 Feb 2013 11:58:35 +0100
Subject: [ZS] Re: Money transfers, due process, and freedom
Message-ID: <20130210105835.GN6172@leitl.org>

----- Forwarded message from Bryce Lynch <virtualadept at gmail.com> -----


From eugen at leitl.org  Sun Feb 10 02:59:08 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 10 Feb 2013 11:59:08 +0100
Subject: [ZS] Re: Money transfers, due process, and freedom
Message-ID: <20130210105908.GO6172@leitl.org>

----- Forwarded message from Bryce Lynch <virtualadept at gmail.com> -----


From liberationtech at lewman.us  Mon Feb 11 06:22:28 2013
From: liberationtech at lewman.us (liberationtech at lewman.us)
Date: Mon, 11 Feb 2013 14:22:28 +0000
Subject: [liberationtech] Happy Creepy February!
Message-ID: <mailman.4211.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Sun, Feb 10, 2013 at 01:47:18PM -0600, nick.m.daly at gmail.com wrote 1.8K bytes in 0 lines about:
: Thanks to investigative work by the Guardian, we can tell just how many
: steps back online privacy's taken this year.  It's unfortunate:
: 
:     http://www.guardian.co.uk/world/2013/feb/10/software-tracks-social-media-defence

Not too much investigative work in my opinion. This Guardian article
reads like a press release for Raytheon, announcing their new product.

http://bits.blogs.nytimes.com/2011/08/02/pentagon-seeks-social-networking-experts/

and https://www.fbo.gov/index?s=opportunity&mode=form&id=972cbc835c3702e9758aedcf032fb4ec&tab=core&_cview=1

My guess is this video is a demo made for the DARPA BAA. And what did you
expect? People put their lives online and share everything, of course
someone is going to record and collate it all. And these same people
will get the bright idea to predict the future with suspect data. 

-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From companys at stanford.edu  Mon Feb 11 15:26:22 2013
From: companys at stanford.edu (Yosem Companys)
Date: Mon, 11 Feb 2013 15:26:22 -0800
Subject: [liberationtech] Stanford Security Seminar Tomorrow: Jay Lorch --
	Ensuring Private Access to Large-Scale Data in the Data Center
Message-ID: <mailman.4212.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

From: Joe Zimmerman <jzim at cs.stanford.edu>

*Jay Lorch*  --  *Ensuring Private Access to Large-Scale Data in the Data
Center*

Tuesday, February 12, 2013
Talk at 4:30pm in Gates 463A

Abstract:

Recent events have shown online service providers the perils of possessing
private information about users. Encrypting data mitigates but does not
eliminate this threat: the pattern of data accesses still reveals
information. Thus, this talk will present Shroud, a general storage system
that hides data access patterns from the servers running it, protecting
user privacy. Shroud functions as a virtual disk with a new privacy
guarantee: the user can look up a block without revealing the block's
address. Such a virtual disk can be used for many purposes, including map
lookup, microblog search, and social networking. Shroud aggressively
targets hiding accesses among hundreds of terabytes of data. We achieve our
goals by adapting oblivious RAM algorithms to enable large-scale
parallelization. Specifically, we show, via new techniques such as
oblivious aggregation, how to securely use many inexpensive secure
coprocessors acting in parallel to improve request latency. Our evaluation
combines large-scale emulation with an implementation on secure
coprocessors and suggests that these adaptations bring private data access
closer to practicality.

Bio:

Jacob R. Lorch has been a Researcher at Microsoft Research in Redmond, WA
for the last eleven years. Before that, he received his Ph.D. in Computer
Science from UC Berkeley in 2001 under the supervision of Alan Jay Smith.
Jacob's research focuses broadly on computer systems, with particular
emphasis on distributed systems, web security, cloud computing, and energy
management. In recent work, he has developed TrInc (NSDI 2009), a simple
piece of trusted hardware useful in securing a variety of distributed
systems; Memoir (IEEE S&P 2011), a framework for building stateful,
crash-resilient trusted modules; and GreenUp (NSDI 2012), a decentralized
system for maintaining the availability of machines while letting them save
energy by sleeping. His current work includes protecting user privacy when
using online services and simplifying the construction and deployment of
fault-tolerant systems.

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Mon Feb 11 07:11:21 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 11 Feb 2013 16:11:21 +0100
Subject: [liberationtech] Happy Creepy February!
Message-ID: <20130211151121.GE6172@leitl.org>

----- Forwarded message from liberationtech at lewman.us -----


From noreply at pdxtex.com  Mon Feb 11 23:30:07 2013
From: noreply at pdxtex.com (Canadian-Meds)
Date: Tue, 12 Feb 2013 12:30:07 +0500
Subject: =?windows-1251?Q?We=92ll_show_you_the_truth!_There=92s_no_interdependence?=
 =?windows-1251?Q?_between_medicine_quality_and_its_price!?=
Message-ID: <D9EBC193BCD2FEF45EF5D82F6AABBCA830D6@pdxtex.com>



		lh

		SePrPlArSy
 		roedavmont
 		quniixurhr
 		elsooi
 		lod
 		ne

 		$0$0$0$0$0
 		.5.2.8.2.3
 		50527

		(55+) See more...

		hB

		ViUlTrCiLe
 		agtramalvi
 		raamadistr
 		ola

 		$1$0$1$1$2
 		.8.9.5.7.5
 		59050

		(600+) See more...

		hA

		NaStAdFlSi
 		soervaovng
 		neapirenul
 		xretai
 		dr

 		$1$0$2$1$2
 		7..64.9..0
 		99895959

		(32+) See more...

		hf
		hW

		NeReFeClDe
 		xitimaomfl
 		umn-leiduc
 		ACan
 		ia
 		li
 		s

 		$0$9$1$0$0
 		.5.9.1.4.7
 		59152

		(45+) See more...

		LeAuCiAmZi
 		vagmproxth
 		quenoicro
 		intiilma
 		nlix
 		n

 		$0$1$0$0$0
 		.9.5.3.5.5
 		59528

		(60+) See more...

		UlDiFlCeTo
 		trclexlera
 		amoferbrdo
 		enilexl
 		ac
 		G
 		el

 		$0$9$0$0$0
 		.9.0.8.5.5
 		90999

		(39+) See more...

		gh
		hD

		WePrCePrZo
 		llisleozlo
 		butixaacft
 		trq
 		in
 		S
 		R

 		$1$1$0$0$0
 		.2.1.5.4.8
 		51018

		(24+) See more...

		hf
		hM

		CiViViViCi
 		alagagagal
 		isrararais
 		S+S
 		ofof
 		ttT
 		Taab
 		bss

 		$2$4$2$1$1
 		.5.8.0.8.7
 		05255

		(65+) See more...

		 Unsubscribe [1] 



Links:
------
[1]
http://184.154.251.98/GilenyaWeb/docbase/dc432.html?id=5&act=Unsubscribe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 36521 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20130212/3bbb1c2a/attachment.txt>

From eugen at leitl.org  Tue Feb 12 05:30:23 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 12 Feb 2013 14:30:23 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130212133023.GM6172@leitl.org>

----- Forwarded message from Maxim Kammerer <mk at dee.su> -----


From mk at dee.su  Tue Feb 12 04:42:03 2013
From: mk at dee.su (Maxim Kammerer)
Date: Tue, 12 Feb 2013 14:42:03 +0200
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4213.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Tue, Feb 12, 2013 at 10:01 AM, Andreas Bader <noergelpizza at hotmail.de> wrote:
> So why not create a own OS that is really small because of its security?

http://dee.su/liberte-build

-- 
Maxim Kammerer
Liberti Linux: http://dee.su/liberte
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Tue Feb 12 06:23:25 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 12 Feb 2013 15:23:25 +0100
Subject: [liberationtech] Stanford Security Seminar Tomorrow: Jay Lorch
  -- 	Ensuring Private Access to Large-Scale Data in the Data Center
Message-ID: <20130212142325.GQ6172@leitl.org>

----- Forwarded message from Yosem Companys <companys at stanford.edu> -----


From eqmfonwjvh at isa-geek.net  Tue Feb 12 07:21:52 2013
From: eqmfonwjvh at isa-geek.net (簡単副業)
Date: Tue, 12 Feb 2013 20:21:52 +0500
Subject: １日15分でも100万稼ぎます。
Message-ID: <201302121425.r1CEPXOQ019910@proton.jfet.org>

譌･邨ｦ3000000蜀��ｼ∫ｰ｡蜊伜憶讌ｭ
�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣
蜑ｯ讌ｭ縺｣縺ｦ�ｼ�
�ｿ･300荳�繧らｨｼ縺舌�ｮ縺｣縺ｦ辟｡逅�縺ｨ諤昴▲縺ｦ縺ｪ縺�縺ｧ縺吶°�ｼ�

遘√◆縺｡縺悟匡繧√ｋ蜑ｯ讌ｭ縺ｯ繝弱�ｼ繝ｪ繧ｯ繧ｹ繝ｻ繝上う繝ｪ繧ｿ繝ｼ繝ｳ
髮｣縺励＞莠九�ｯ縺ゅｊ縺ｾ縺帙ｓ縲�

繝弱Ν繝槭ｄ蠢�隕√↑驕灘�ｷ遲峨�ｯ隕√ｊ縺ｾ縺帙ｓ縲�

蠢�隕√↑縺ｮ縺ｯ繧､繝ｳ繧ｿ繝ｼ繝阪ャ繝医′菴ｿ縺医ｋ迺ｰ蠅�縺後≠繧後�ｰOK

螳牙ｿ�縺ｧ螳牙�ｨ縺ｪ蜑ｯ讌ｭ縺ｧ縺吶��

http://puremarriages.net/mn/money/

蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗�
萓九∴縺ｰ窶ｦ
�ｼ第律15蛻�縺ｧ繧�100荳�遞ｼ縺�縺�譁ｹ繧ゅ＞縺ｾ縺吶��
蜿り��縺ｯ繧ｳ繝√Λ
http://puremarriages.net/mn/money/
蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗�

菴穂ｸ�縺､蠢�隕√≠繧翫∪縺帙ｓ縲�
縺溘□繧､繝ｳ繧ｿ繝ｼ繝阪ャ繝医′蜃ｺ譚･繧狗腸蠅�縺ｧ縲�
繝�繝ｬ繝薙↑縺ｩ繧定ｦ九↑縺後ｉ縺ｧ縺阪∪縺吶��

http://puremarriages.net/mn/money/

髮｣縺励＞菴懈･ｭ縺ｯ荳�蛻�繝翫す笘�
雋ｴ譁ｹ縺ｯ繧､繝ｳ繧ｿ繝ｼ繝阪ャ繝医〒縺願ｩｱ繧偵☆繧九□縺托ｼ�
閾ｪ螳�縺ｫ螻�縺ｪ縺後ｉ讌ｽ縺励￥遞ｼ縺偵■繧�縺�(#^.^#)

http://puremarriages.net/mn/money/

蟆�譚･縺ｮ雋ｯ驥代�∝･ｽ縺阪↑繝悶Λ繝ｳ繝峨�∵ｵｷ螟匁羅陦後∪縺ｧ蠢�縺壼ｮ溽樟縺励∪縺呻ｼ�

莉贋ｻ･荳翫�ｮ繝上ャ繝斐�ｼ繝ｩ繧､繝輔′雋ｴ譁ｹ繧貞ｾ�縺｣縺ｦ縺ｾ縺呻ｼ�

笏鞘煤笏�
笏�笘�笏�繝上ャ繝斐�ｼ繝ｩ繧､繝穂ｺ句漁螻�
笏冷煤笊�...笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏� 


7






From eqmfonwjvh at isa-geek.net  Tue Feb 12 07:21:52 2013
From: eqmfonwjvh at isa-geek.net (簡単副業)
Date: Tue, 12 Feb 2013 20:21:52 +0500
Subject: １日15分でも100万稼ぎます。
Message-ID: <201302121424.r1CEOgwn019899@proton.jfet.org>

譌･邨ｦ3000000蜀��ｼ∫ｰ｡蜊伜憶讌ｭ
�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣�ｿ｣
蜑ｯ讌ｭ縺｣縺ｦ�ｼ�
�ｿ･300荳�繧らｨｼ縺舌�ｮ縺｣縺ｦ辟｡逅�縺ｨ諤昴▲縺ｦ縺ｪ縺�縺ｧ縺吶°�ｼ�

遘√◆縺｡縺悟匡繧√ｋ蜑ｯ讌ｭ縺ｯ繝弱�ｼ繝ｪ繧ｯ繧ｹ繝ｻ繝上う繝ｪ繧ｿ繝ｼ繝ｳ
髮｣縺励＞莠九�ｯ縺ゅｊ縺ｾ縺帙ｓ縲�

繝弱Ν繝槭ｄ蠢�隕√↑驕灘�ｷ遲峨�ｯ隕√ｊ縺ｾ縺帙ｓ縲�

蠢�隕√↑縺ｮ縺ｯ繧､繝ｳ繧ｿ繝ｼ繝阪ャ繝医′菴ｿ縺医ｋ迺ｰ蠅�縺後≠繧後�ｰOK

螳牙ｿ�縺ｧ螳牙�ｨ縺ｪ蜑ｯ讌ｭ縺ｧ縺吶��

http://puremarriages.net/mn/money/

蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗�
萓九∴縺ｰ窶ｦ
�ｼ第律15蛻�縺ｧ繧�100荳�遞ｼ縺�縺�譁ｹ繧ゅ＞縺ｾ縺吶��
蜿り��縺ｯ繧ｳ繝√Λ
http://puremarriages.net/mn/money/
蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗槫屓蝗�

菴穂ｸ�縺､蠢�隕√≠繧翫∪縺帙ｓ縲�
縺溘□繧､繝ｳ繧ｿ繝ｼ繝阪ャ繝医′蜃ｺ譚･繧狗腸蠅�縺ｧ縲�
繝�繝ｬ繝薙↑縺ｩ繧定ｦ九↑縺後ｉ縺ｧ縺阪∪縺吶��

http://puremarriages.net/mn/money/

髮｣縺励＞菴懈･ｭ縺ｯ荳�蛻�繝翫す笘�
雋ｴ譁ｹ縺ｯ繧､繝ｳ繧ｿ繝ｼ繝阪ャ繝医〒縺願ｩｱ繧偵☆繧九□縺托ｼ�
閾ｪ螳�縺ｫ螻�縺ｪ縺後ｉ讌ｽ縺励￥遞ｼ縺偵■繧�縺�(#^.^#)

http://puremarriages.net/mn/money/

蟆�譚･縺ｮ雋ｯ驥代�∝･ｽ縺阪↑繝悶Λ繝ｳ繝峨�∵ｵｷ螟匁羅陦後∪縺ｧ蠢�縺壼ｮ溽樟縺励∪縺呻ｼ�

莉贋ｻ･荳翫�ｮ繝上ャ繝斐�ｼ繝ｩ繧､繝輔′雋ｴ譁ｹ繧貞ｾ�縺｣縺ｦ縺ｾ縺呻ｼ�

笏鞘煤笏�
笏�笘�笏�繝上ャ繝斐�ｼ繝ｩ繧､繝穂ｺ句漁螻�
笏冷煤笊�...笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏�笏� 


7






From dit55emqyo at rosemortuary.com  Tue Feb 12 20:49:23 2013
From: dit55emqyo at rosemortuary.com (=?koi8-r?B?7s/Xz8UgzyD3wczA1M7ZyCDP0MXSwcPJ0cg=?=)
Date: Wed, 13 Feb 2013 05:49:23 +0100
Subject: =?koi8-r?B?98HMwNTOz8Ug0sXH1czJ0s/Xwc7JxQ==?=
Message-ID: <gupa.um.xfeuypa.whic.ink@hgkidyxphedequqid>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4912 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20130213/4923081d/attachment.txt>

From gfoster at entersection.org  Wed Feb 13 06:38:03 2013
From: gfoster at entersection.org (Gregory Foster)
Date: Wed, 13 Feb 2013 08:38:03 -0600
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4214.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Incidentally, NICTA are the same researchers hired by DARPA to make the  
U.S. drone fleet safe from hackers.  Looks like there might be some open  
source tools emerging from the effort.
http://www.theregister.co.uk/2012/11/19/nicta_develops_drone_protection/

gf


On 2/13/13 6:54 AM, Eugen Leitl wrote:
> On Tue, Feb 12, 2013 at 09:01:37AM +0100, Andreas Bader wrote:
>
>> So why not create a own OS that is really small because of its security?
>> Chrome OS is small because it's cheap. If you were right then Android
>> was the most secure system. Aren't there any Android viruses? RedHat
>> seems to have less security holes than Chrome OS.
> http://ertos.nicta.com.au/research/l4.verified/
>
> The L4.verified project
>
> A Formally Correct Operating System Kernel
>
> In current software practice it is widely accepted that software will always have problems and that we will just have to live with the fact that it may crash at the worst possible moment: You might be on a deadline. Or, much scarier, you might be on a plane and there's a problem with the board computer.
>
> Now think what we constantly want from software: more features, better performance, cheaper prices. And we want it everywhere: in mobile phones, cars, planes, critical infrastructure, defense systems.
>
> What do we get? Mobile phones that can be hacked by SMS. Cars that have more software problems than mechanical ones. Planes where computer problems have lead to serious incidents. Computer viruses spreading through critical infrastructure control systems and defense systems. And we think "See, it happens to everybody."
>
> It does not have to be that way. Imagine your company is commissioning a new vending software. Imagine you write down in a contract precisely what the software is supposed to do. And then b it does. Always. And the developers can prove it to you b with an actual mathematical machine-checked proof.
>
> Of course, the issue of software security and reliability is bigger than just the software itself and involves more than developers making implementation mistakes. In the contract, you might have said something you didn't mean (if you are in a relationship, you might have come across that problem). Or you might have meant something you didn't say and the proof is therefore based on assumptions that don't apply to your situation. Or you haven't thought of everything you need (ever went shopping?). In these cases, there will still be problems, but at least you know where the problem is not: with the developers. Eliminating the whole issue of implementation mistakes would be a huge step towards more reliable and more secure systems.
>
> Sounds like science fiction?
>
> The L4.verified project demonstrates that such contracts and proofs can be done for real-world software. Software of limited size, but real and critical.
>
> We chose an operating system kernel to demonstrate this: seL4. It is a small, 3rd generation high-performance microkernel with about 8,700 lines of C code. Such microkernels are the critical core component of modern embedded systems architectures. They are the piece of software that has the most privileged access to hardware and regulates access to that hardware for the rest of the system. If you have a modern smart-phone, your phone might be running a microkernel quite similar to seL4: OKL4 from Open Kernel Labs.
>
> We prove that seL4 implements its contract: an abstract, mathematical specification of what it is supposed to do.
>
> Current status: completed successfully.
>
> Availablility
>
> Binaries of seL4 on ARM and x86 architectures are available for academic research and education use. The release additionally contains the seL4 formal specification, user-level libraries and sample code, and a para-virtualised Linux (x86)
>
> Click here to download seL4
>
> More information:
>
> What we prove and what we assume (high level, some technical background assumed)
> Statistics (sizes, numbers, lines of code)
> Questions and answers (high-level, some technical background assumed)
> Verification approach (for technical audience)
> Scientific publications (for experts)
> Acknowledgements and team
> What does a formal proof look like? [pdf]
> Contact
>
> For further information, please contact Gerwin Klein (project leader): gerwin.klein(at)nicta.com.au

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From iang at iang.org  Tue Feb 12 22:27:54 2013
From: iang at iang.org (ianG)
Date: Wed, 13 Feb 2013 09:27:54 +0300
Subject: [cryptography] "Zero knowledge" as a term for end-to-end
	encryption
Message-ID: <mailman.4215.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On 13/02/13 05:33 AM, Tony Arcieri wrote:
> I have seen several services/people using the phrase "zero knowledge"
> recently, e.g.:
>
> https://spideroak.com/
>
> Based on my understanding of zero knowledge proofs and the traditional
> use of "zero knowledge" in cryptography, this usage seems... novel, to
> put it politely.


Not without some precedent, there was a company called Zero Knowledge  
Systems back in the early 2000s that tried to build what we now would see 
as a Skype or Tor competitor.

> In the case of SpiderOak, they're using it to mean "we
> never see plaintext and we hold no keys to your ciphertexts so there's
> no way we can read them"
>
> I've seen the Tahoe-LAFS folks, for example, attempt to use the phrase
> "least authority" to imply the same thing, which makes sense to me, but
> figuring out what "least authority" means in the context of a
> distributed filesystem may be a tad... indirect.


AFAIK, the term 'least authority' as used by Tahoe-LAFS folks does not  
refer to 'zero knowledge' as per cryptographic protocols, but to the  
concept of least authority as derived from the 'capabilities' school of  
security thought.  This school has it in short that once one agent has  
authority over some object (data perhaps) then there is no economic model 
available to us to stop that agent from sharing the authority (by accident 
or intent) and thus breaching security.  Given this 'truth', it derives 
that the best strategy for security is to reduce the amount of authority in 
many and serious ways.

> Is there a better phrase to describe this? End-to-end encryption?
> Client-side encryption? Or is it okay to let people start using the
> phrase "zero knowledge" refer to this idea?


As a technical paradigm, the capabilities school models everything more or 
less in the same way as OO programming.  Every active thing is an object, 
and references (called capabilities) are passed around carefully.  I think 
this fits precisely with what Tahoe-LAFS tries to do (although I'm writing 
from osmosis not real knowledge).  It seems from a quick browser that 
SpiderOak use the same design?


> How do people feel about "zero knowledge" being used in this way?


Although there are parallels, I don't think it helpful to interchange the 
terms 'least authority' and 'zero knowledge' in more technical  
conversations.  They operate at different layers or levels, and achieve  
rather different things.

That said, in the world of marketing, it is far more appropriate to tell  
the customer something they understand.  Least authority isn't meaningful 
to the end-user;  zero knowledge does come much closer to what grandma can 
conceive of.

iang
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From jeremy at servalproject.org  Tue Feb 12 17:05:09 2013
From: jeremy at servalproject.org (Jeremy Lakeman)
Date: Wed, 13 Feb 2013 11:35:09 +1030
Subject: [serval-project-dev] Smart Phone Ad-Hoc Networks
Message-ID: <mailman.4216.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

We are already aware of the SPAN project and have been communicating with them.

On Wed, Feb 13, 2013 at 9:18 AM, Lachlan Musicman <datakid at gmail.com> wrote:
> I saw this article and thought you might be interested.
>
> "A new prototype backup network connects Android phones through a mesh
> network established with the phones' Wi-Fi chips, which can come in handy
> during emergency situations.
> "
>
> http://www.networkworld.com/community/blog/android-phones-are-connecting-without-carrier-networks
>
> Unfortunately I'm not able to read it atm but it looks interesting.
>
> cheers
> L.
>
> --
> So the future isn't a boot stamping on a human face, forever. It's a person
> in a beige business outfit advocating beige policies that nobody wants (but
> nobody can quite articulate a coherent alternative to) with a false mandate
> obtained by performing rituals of representative democracy that offer as
> much actual choice as a Stalinist one-party state. And resistance is futile,
> because if you succeed in overthrowing the beige dictatorship, you will
> become that which you opposed.
>
> http://www.antipope.org/charlie/blog-static/2013/02/political-failure-modes-and-th.html
>
> --
> You received this message because you are subscribed to the Google Groups
> "Serval Project Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to serval-project-developers+unsubscribe at googlegroups.com.
> To post to this group, send email to
> serval-project-developers at googlegroups.com.
> Visit this group at
> http://groups.google.com/group/serval-project-developers?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

-- 
You received this message because you are subscribed to the Google Groups "Serval Project Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to serval-project-developers+unsubscribe at googlegroups.com.
To post to this group, send email to serval-project-developers at googlegroups.com.
Visit this group at http://groups.google.com/group/serval-project-developers?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From clonearmy at gmail.com  Wed Feb 13 08:48:30 2013
From: clonearmy at gmail.com (Meredith L. Patterson)
Date: Wed, 13 Feb 2013 11:48:30 -0500
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <mailman.4217.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

seL4 has had readily available code for quite some time now, although
it's under a tl;dr "Non-Commercial License Agreement" that
differentiates itself from open source.
http://ertos.nicta.com.au/software/seL4/home.pyl It's unfortunate, but
it's also par for the course with a lot of academic code. The article
does make it sound like a better license is coming, though.

I'm not surprised that DARPA was first in line for a productized
verified microkernel. Software verification has been a high priority
for DoD since there was software -- it's why the Ada programming
language was developed in the first place. Turns out nobody likes
programming in Ada if they can help it, so DoD is turning to academia
and industry to satisfy the need for verifiability. (Full disclosure:
one of my projects is currently funded under the DARPA Cyber Fast
Track program, and is GPLv2. The software I'm producing is related to
verifiability, and could in fact be used to help secure drones -- but
it can also be used to help secure web servers, end-user applications,
pretty much any software that talks to other software. seL4 is even
more generally useful than that.)

The good news about a verified microkernel, at least, is that you
*can* be assured of whether there's a backdoor in it. (Provided you,
or someone, are able to express that as a formal property and verify
it with a [machine-assisted] proof, that is. I think it's reasonable
to expect the developers of said kernel to provide that proof.)

Cheers,
--mlp

On Wed, Feb 13, 2013 at 9:38 AM, Gregory Foster
<gfoster at entersection.org> wrote:
> Incidentally, NICTA are the same researchers hired by DARPA to make the U.S.
> drone fleet safe from hackers.  Looks like there might be some open source
> tools emerging from the effort.
> http://www.theregister.co.uk/2012/11/19/nicta_develops_drone_protection/
>
> gf
>
>
>
> On 2/13/13 6:54 AM, Eugen Leitl wrote:
>>
>> On Tue, Feb 12, 2013 at 09:01:37AM +0100, Andreas Bader wrote:
>>
>>> So why not create a own OS that is really small because of its security?
>>> Chrome OS is small because it's cheap. If you were right then Android
>>> was the most secure system. Aren't there any Android viruses? RedHat
>>> seems to have less security holes than Chrome OS.
>>
>> http://ertos.nicta.com.au/research/l4.verified/
>>
>> The L4.verified project
>>
>> A Formally Correct Operating System Kernel
>>
>> In current software practice it is widely accepted that software will
>> always have problems and that we will just have to live with the fact that
>> it may crash at the worst possible moment: You might be on a deadline. Or,
>> much scarier, you might be on a plane and there's a problem with the board
>> computer.
>>
>> Now think what we constantly want from software: more features, better
>> performance, cheaper prices. And we want it everywhere: in mobile phones,
>> cars, planes, critical infrastructure, defense systems.
>>
>> What do we get? Mobile phones that can be hacked by SMS. Cars that have
>> more software problems than mechanical ones. Planes where computer problems
>> have lead to serious incidents. Computer viruses spreading through critical
>> infrastructure control systems and defense systems. And we think "See, it
>> happens to everybody."
>>
>> It does not have to be that way. Imagine your company is commissioning a
>> new vending software. Imagine you write down in a contract precisely what
>> the software is supposed to do. And then b it does. Always. And the
>> developers can prove it to you b with an actual mathematical machine-checked
>> proof.
>>
>> Of course, the issue of software security and reliability is bigger than
>> just the software itself and involves more than developers making
>> implementation mistakes. In the contract, you might have said something you
>> didn't mean (if you are in a relationship, you might have come across that
>> problem). Or you might have meant something you didn't say and the proof is
>> therefore based on assumptions that don't apply to your situation. Or you
>> haven't thought of everything you need (ever went shopping?). In these
>> cases, there will still be problems, but at least you know where the problem
>> is not: with the developers. Eliminating the whole issue of implementation
>> mistakes would be a huge step towards more reliable and more secure systems.
>>
>> Sounds like science fiction?
>>
>> The L4.verified project demonstrates that such contracts and proofs can be
>> done for real-world software. Software of limited size, but real and
>> critical.
>>
>> We chose an operating system kernel to demonstrate this: seL4. It is a
>> small, 3rd generation high-performance microkernel with about 8,700 lines of
>> C code. Such microkernels are the critical core component of modern embedded
>> systems architectures. They are the piece of software that has the most
>> privileged access to hardware and regulates access to that hardware for the
>> rest of the system. If you have a modern smart-phone, your phone might be
>> running a microkernel quite similar to seL4: OKL4 from Open Kernel Labs.
>>
>> We prove that seL4 implements its contract: an abstract, mathematical
>> specification of what it is supposed to do.
>>
>> Current status: completed successfully.
>>
>> Availablility
>>
>> Binaries of seL4 on ARM and x86 architectures are available for academic
>> research and education use. The release additionally contains the seL4
>> formal specification, user-level libraries and sample code, and a
>> para-virtualised Linux (x86)
>>
>> Click here to download seL4
>>
>> More information:
>>
>> What we prove and what we assume (high level, some technical background
>> assumed)
>> Statistics (sizes, numbers, lines of code)
>> Questions and answers (high-level, some technical background assumed)
>> Verification approach (for technical audience)
>> Scientific publications (for experts)
>> Acknowledgements and team
>> What does a formal proof look like? [pdf]
>> Contact
>>
>> For further information, please contact Gerwin Klein (project leader):
>> gerwin.klein(at)nicta.com.au
>
>
> --
> Gregory Foster || gfoster at entersection.org
> @gregoryfoster <> http://entersection.com/
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From felix at openflows.com  Wed Feb 13 06:58:45 2013
From: felix at openflows.com (Felix Stalder)
Date: Wed, 13 Feb 2013 15:58:45 +0100
Subject: <nettime> Copy & Paste in Brussels
Message-ID: <mailman.4218.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>


It's interesting how ideas and experiences shift shapes over time.

For the few years now there has been a particularly German obsession
with plagiarism in academic dissertations. Initially, this has been
employed to embarrass political figures and promote a self-righteous
discourse of academic pedantry, but it has also led to a distributed
infrastructure/community for checking unacknowledged sources in texts.

And now, this infrastructure is used for quite different purposes:
matching lobbying text to legal documents that are being drafted by
the EU.

While nobody can be surprised by the fact that lobbyists do shape
legislation, it's still revealing to this this nicely visualized and
connected to the names of the MPs who did the actual copy & pasting.


-> www.lobbyplag.eu

Felix





Tory MEPs 'copy and paste Amazon and Google lobbyist text'

Senior Conservative MEPs have been accused of cutting and pasting text  
from lobbyists from Amazon, Google and other major online enterprises  
directly into legal amendments to European Union legislation on consumer  
data protection

http://www.telegraph.co.uk/technology/9865977/Tory-MEPs-copy-and-paste-Amazon-and-Google-lobbyist-text.html

The European Parliament is debating a new EU "general data protection  
regulation" with important implications for how internet search engines  
and online retailers handle users' personal information, including  
sensitive health, background and credit details.

The legislation, proposed by the European Commission a year ago, is going 
through the EU assembly, which has the power to amend the law, triggering a 
huge lobbying campaign by the internet industry to change the regulations.

Campaigners for tighter privacy laws covering social media and online  
retailers have published research at www.lobbyplag.eu showing close links 
between the wording of industry proposals and amendments tabled in the 
European Parliament's committees.

The campaigners have charted what they claim are "striking similarities  
between proposed amendments and lobby papers written by representatives of 
Amazon, eBay, the American Chamber of Commerce and the European Banking 
Federation". "Dozens of amendments are being copied word-for-word from 
corporate lobby papers," they said.

Privacy campaigners are concerned that industry amendments tabled by MEPs 
will dilute legal requirements allowing companies to water down tough new 
rules on the processing of sensitive, personal information and loosening a 
requirement for mandatory data protection supervisors within businesses.

Malcolm Harbour, Conservative MEP for the West Midlands and chairman of  
the parliament's committee on the internal market and consumer protection, 
which is overseeing the legislation, has been accused of copying over 25 
per cent of his amendments from industry.

Research found that 14 out of 55 amendments tabled by Mr Harbour were  
"copied directly from lobby papers", with the senior Tory also taking a  
coordinating role in getting other MEPs, to table similar changes in other 
committees.

Sajjad Karim, Conservative MEP for the North West of England and a member 
of the parliament's committee on legal affairs, proposed amendments "with 
over 23 per cent copy-pasted content".

Another Tory, Giles Chichester, MEP for South West England and Gibraltar  
and a member of the committee on industry, research and energy, followed  
with "over 22 per cent copy-pasted content".

While there is no suggestion of wrongdoing or breaches of the parliament's 
rules, privacy campaigners fear that MEPs are listening to industry and not 
consumers.

"We would hope that MEPs are taking all sides of the argument into account 
when making law, not just the richest and most powerful corporate 
interests," said Anna Fielder, a trustee of Privacy International.

Mr Harbour insisted that listening to industry, and privacy campaigners,  
was part of the democratic process and "disputed" the 25 per cent figure  
found.

"Many of our points were aimed at making the regulation fit for small  
enterprises, many of whom feel that their businesses would be threatened  
by the costs generated from certain provisions in the original proposal.  
That was why we modified a number of the detailed requirements," he said.

"I do not believe we should immediately discount proposed amendments when 
they come from businesses that make use of and are responsible for  
protecting personal data. I will continue to consider all amendments on  
the basis of their merits in making the proposal more workable."

Mr Karim and Mr Chichester declined to comment, but Conservative sources  
said that they had followed Mr Harbour's lead in tabling amendments.


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime at kein.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 13 07:37:49 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 13 Feb 2013 16:37:49 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130213153748.GY6172@leitl.org>

----- Forwarded message from Gregory Foster <gfoster at entersection.org> -----


From eugen at leitl.org  Wed Feb 13 07:38:27 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 13 Feb 2013 16:38:27 +0100
Subject: <nettime> Copy & Paste in Brussels
Message-ID: <20130213153827.GZ6172@leitl.org>

----- Forwarded message from Felix Stalder <felix at openflows.com> -----


From bernhard at ICSI.Berkeley.EDU  Wed Feb 13 17:47:05 2013
From: bernhard at ICSI.Berkeley.EDU (Bernhard Amann)
Date: Wed, 13 Feb 2013 17:47:05 -0800
Subject: [cryptography] Q: CBC in SSH
Message-ID: <mailman.4219.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>


On Feb 13, 2013, at 3:22 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> Bodo Moeller <bmoeller at acm.org> writes:
>> On Wed, Feb 13, 2013 at 12:52 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
>> 
>>> active use of ECC suites on the public Internet is practically nonexistent
>> 
>> That's not entirely accurate; try www.google.com.
> 
> It was based on the last (SSL Observatory?) scans at the time which found
> about five or six servers worldwide, presumably the test servers being run by
> Certicom, Red Hat, Microsoft, etc.  If Google supports ECC now that'd be good,
> one more site to test against.

We see quite a bit of ECDHE traffic at the sites that feed our notary. At the moment,
the top-3 cipher suites we see (by connection count) are TLS_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA and TLS_ECDHE_RSA_WITH_RC4_128_SHA.

We also see TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (7th most popular).
If http://www.imperialviolet.org/2012/03/02/ieecdhe.html is still correct, RC4+ECDHE
is chosen by Chrome and Firefox. AES+ECDHE is Safari and Internet Explorer. 

The first non-AES/RC4 cipher suite is TLS_RSA_WITH_3DES_EDE_CBC_SHA 
(9th most popular) followed by TLS_RSA_WITH_CAMELLIA_256_CBC_SHA.

Bernhard
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 13 08:50:55 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 13 Feb 2013 17:50:55 +0100
Subject: [liberationtech] Chromebooks for Risky Situations?
Message-ID: <20130213165055.GP6172@leitl.org>

----- Forwarded message from "Meredith L. Patterson" <clonearmy at gmail.com> -----


From joe at cdt.org  Wed Feb 13 14:51:40 2013
From: joe at cdt.org (Joseph Lorenzo Hall)
Date: Wed, 13 Feb 2013 17:51:40 -0500
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4220.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

looks like the Silent Circle code is up on github?

https://github.com/SilentCircle
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 13 09:01:56 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 13 Feb 2013 18:01:56 +0100
Subject: [serval-project-dev] Smart Phone Ad-Hoc Networks
Message-ID: <20130213170156.GS6172@leitl.org>

----- Forwarded message from Jeremy Lakeman <jeremy at servalproject.org> -----


From uuolyxyx.pohoagan at poconnell.co.uk  Wed Feb 13 11:17:38 2013
From: uuolyxyx.pohoagan at poconnell.co.uk (Algernon Abele)
Date: Wed, 13 Feb 2013 20:17:38 +0100
Subject: Want Brand RX?
Message-ID: <1D95F9CC.6773E52C@poconnell.co.uk>

USPS - Fast Delivery Shipping 1-4 day USA
Best quality drugs
Fast Shipping USA 
Professional packaging
100% guarantee on delivery
Best prices in the market
Discounts for returning customers
FDA approved productas
35000+ satisfied -customers

=============================================================
If you can't click on link, please click "no spam" or copy and paste it to
address bar
=============================================================

http://vukrvy.globalhealth-pro.ru





From edrigram at edri.org  Wed Feb 13 13:07:53 2013
From: edrigram at edri.org (EDRi-gram)
Date: Wed, 13 Feb 2013 23:07:53 +0200
Subject: EDRi-gram newsletter - Number 11.3, 13 February 2013
Message-ID: <mailman.4221.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>


======================================================================

EDRi-gram

biweekly newsletter about digital civil rights in Europe

Number 11.3, 13 February 2013

=======================================================================
Contents
=======================================================================

1. Copyright: challenges of the digital era
2. Most Internet users would use DNT settings if easily available
3. US privacy groups believe US officials lobby to weaken EU privacy
4. Dutch government maintains private copying-exception for downloading
5. Denmark: Government postpones the data retention law evaluation
6. Ancillary copyright law under discussion in Germany
7. Human rights orgs ask OECD to investigate surveillance companies
8. Big Brother Awards 2013 Bulgaria
9. ENDitorial: Licences for Europe and fight club... only one rule
10. Recommended Action: support your privacy rights
11. Recommended Reading
12. Agenda
13. About

=======================================================================
1. Copyright: challenges of the digital era
=======================================================================

EDRi has freshly launched a booklet that overviews the challenges that
copyright is facing in the digital environment.

For the past twelve years, the European Union has discussed how to
support, develop and protect creation in the digital environment. Two
months ago, the College of Commissioners recognised the necessity that
copyright bstays fit for purposeb in the digital economy.

Until now, the focus point has been on the enforcement of pre-existing
legislative norms not only within the rule of law but also through
private policing via internet service providers. However, despite all
these efforts, there is still an ubiquitous lack of respect for copyright.

The booklet looks at the reasons for this profound gap that has emerged
between citizens and the law. Following a brief introduction to the
logic behind granting monopoly rights, the booklet lists some reasons
that lead to difficulties in respecting copyright law, ranging from
excessive penalties for breaching the law to legally-protected
restrictions on citizens' rights to use digital products they paid for.
It then focuses on the impact of rigid and outdated copyright law on
legitimate businesses. Finally, it gives a glance at the wide range of
excessive enforcement measures that underline the deterioration of
copyright leading to unreasonable and wrongful practices.

In short, this booklet presents a simplified overview of the
difficulties facing public support for copyright. EDRi hopes that it
will have a positive impact on the current debate regarding the
necessity of reforming copyright law and adapting the current system to
the digital age, allowing the achievement of the digital single market,
removing existing barriers and giving citizens a better access to their
culture.

Copyright: challenges of the digital era (02.2013)
http://www.edri.org/files/paper07_copyright.pdf

Commission agrees way forward for modernising copyright in the digital
economy (5.12.2012)
http://europa.eu/rapid/press-release_MEMO-12-950_en.htm

Report from the Commission on the application of Directive 2004/48/EC
(22.12.2010)
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0779:FIN:EN:PDF

(Contribution by Marie Humeau - EDRi)

=======================================================================
2. Most Internet users would use DNT settings if easily available
=======================================================================

According to a survey by IT service analysts Ovum, 68% of the Internet
users would use bdo-not-trackb (DNT) settings to restrict the use of
their personal data, if such a tool was "easily availableb.

Websites and third-parties, such as advertisers, may record Internet
usersb behaviour in order to serve targeted, personalised ads. Such
user-specific data can be collected by several means, including the use
of cookies. The information thus stored can be passed on by operators to
advertisers for behavioural adverts, based on the users' activity and
declared interests.

Yet, lately, consumers have become more aware of the fact that their
personal information can be used as merchandise. Ovumbs survey has shown
that only 14% of consumers believe Internet firms are honest about the
way they use their consumers' personal data. "Unfortunately, in the gold
rush that is big data, taking the supply of blittle datab b personal
data b for granted seems to be an accident waiting to happen," said Mark
Little, principal analyst at Ovum who added: "However, consumers are
being empowered with new tools and services to monitor, control, and
secure their personal data as never before, and it seems they
increasingly have the motivation to use them."

In Littlebs opinion, the Internet companies would have to change their
attitudes towards their customers. The operators should make privacy
tools available to consumers and use ba new set of messages to change
consumersb attitudes. These messages must be based on positive direct
relationships, engagement with consumers, and the provision of genuine
and trustworthy privacy controls.b Although EU Commissioner Neelie Kroes
had previously asked for a new DNT standard to enable Internet users to
indicate their consent for the use of their personal data in a manner
that would comply with the EU's Privacy and Electronic Communications
Directive, last year she indicated that she would accept a DNT
standard that would only partially meet the requirements under the
Directive. Under the EU's amended Privacy and Electronic Communications
Directive, storing and accessing information on users' computers is only
lawful "on condition that the subscriber or user concerned has given his
or her consent, having been provided with clear and comprehensive
information b& about the purposes of the processing".

The World Wide Web Consortium (W3C) has been working on developing a new
DNT controls system which, in its opinion, should not be switched on by
default but require an explicit instruction to operate. Firefox has
already implemented it since 2011.

Microsoft, on the other hand, has developed its own DNT tool for its new
Internet Explorer 10 web browser. The DNT setting is automatically
activated and the users have to change the settings in case they wish to
let websites and advertising networks track their online activity. This
has obviously crossed advertising companies and the system does not
actually guarantee that all companies would respect it. Yahoo! for
instance, has stated that it would not "recognise IE10bs default DNT
signal".

Google introduced the DNT standard in November 2012, with the launching
of its Chrome 23, but warned that the results could be variable. "The
effectiveness of such requests is dependent on how websites and services
respond, so Google is working with others on a common way to respond to
these requests in the future," wrote Google engineer Ami Fischman on the
companybs blog.

Most consumers would activate do-not-track privacy settings if they were
'easily available', according to Ovum survey (6.02.2013)
http://www.out-law.com/en/articles/2013/february/most-consumers-would-activate-do-not-track-privacy-settings-if-they-were-easily-available-according-to-ovum-survey/

The data black hole that could suck the life out of the internet economy
(8.02.2013)
http://www.zdnet.com/the-data-black-hole-that-could-suck-the-life-out-of-the-internet-economy-7000011002/

Google's Chrome finally embraces Do Not Track, but with a warning
(7.11.2012)
http://www.zdnet.com/googles-chrome-finally-embraces-do-not-track-but-with-a-warning-7000007022/

=======================================================================
3. US privacy groups believe US officials lobby to weaken EU privacy
=======================================================================

A coalition of 18 US privacy groups sent a letter on 30 January 2013 to
US politicians such as the Attorney General Eric Holder, Secretary
of State John Kerry and the Acting Secretary of Commerce Rebecca Blank,
asking for assurances that US policy makers in Europe "advance the aim
of privacy" and do not hinder the European data law proposals.

The European Union is considering the data protection regulation that
could give the citizens significant control over the use of their
personal data by websites and marketing companies. Several proposals
would require companies to obtain permission before collecting personal
data and specify exactly what information will be collected and how it
will be used.

One proposal refers to the so-called bright to be forgottenb that
obliges companies like Facebook to delete all information about users
who want to do that. The coalition shows concern over the fact that, as
the new EU Data Protection Regulation is under discussion and debate,
Members of the European Parliament (MEPs) have lately reported that US
policy makers are "mounting an unprecedented lobbying campaign to limit
the protections that European law would provide."

The privacy groups believe that U.S. policymakers, politicians and
bureaucrats are undermining the work of the European Parliament. "The
U.S. should not stand in the way of Europe's efforts to strengthen and
modernize its legal framework," the letter states. Jeff Chester,
Executive Director of the Center for Digital Democracy told ZDNet that
despite President Obamabs pro-privacy speeches, his administration is
"working to protect the U.S. data lobby."

He added: "One of the U.S.' few growth areas is stealing other peoples
data. So, the U.S. is arguing that the EU should not enact strong
baselines rules requiring citizens to provide affirmative consent for
such critical uses as profiling, and adopt its weak industry friendly
approach based primarily on industry self-regulation."

EU Justice Commissioner Viviane Reding said in 2012 that the lobbying
effort had been "absolutely fierce" and unprecedented in scale.

On 3 February 2013, the head of a big pan-European industry group
revealed "intensifying pressure from U.S. lobbyists on behalf of
Google and Facebook," as reported the Financial Times. Jacob
Kohnstamm, the chairman of the EU's Article 29 Working Party also said
European lawmakers were "fed up" of U.S. lobbying.

The letter of the coalition notes that updating the U.S. Electronic
Communications Privacy Act (ECPA), under which authorities need only a
subpoena approved by a federal prosecutor, rather than a judge, to
obtain electronically stored messages six months old or older, would be
a good start for the U.S. officials to bring the country in compliance
with international human rights standards.

The US lobby has shown its practical results after several newspapers
and websites have pointed out that MEPs in the EP's Internal Market and
Consumer Committee (IMCO) have included copy-paste amendments written by
Amazon, eBay or the American Chamber of Commerce (AmCham EU).

Privacy groups call on U.S. government to stop lobbying against EU data
law changes (4.02.2013)
http://www.zdnet.com/privacy-groups-call-on-u-s-government-to-stop-lobbying-against-eu-data-law-changes-7000010721/

The E.U. could approve a new privacy policy later this year. Europe
Moves Ahead on Privacy (3.02.2013)
http://www.nytimes.com/2013/02/04/opinion/europe-moves-ahead-on-privacy-laws.html

Lobby groups take CTRL+V of data protection proposal (11.02.2013)
http://edri.org/lobbyplag-eudatap

LobbyPlag
http://www.lobbyplag.eu/

=======================================================================
4. Dutch government maintains private copying-exception for downloading
=======================================================================

The Dutch government announced that it wouldn't prohibit the
unauthorised downloading of copyrighted material.

It did so on 4 February 2013 in a letter to the Parliament, putting an
end to a heated debate that lasted for years. As a result, the
Netherlands remains one of the few countries in Europe where downloading
without permission of the rightsholders is allowed under the private
copying-exception. Dutch digital rights organisation Bits of Freedom
urged that this should be the first step in a long overdue modernisation
of the copyright system.

The Dutch government responded to a resolution by the Dutch Parliament
earlier this year. In this resolution, the Parliament called on the
government to maintain the application of the private copying-exception
to downloading. It did so after the government did not respond to a
similar resolution one year earlier, instead continuing its plans to
abolish the private copying-exception for downloading. Now, however, it
admitted defeat in the face of enduring opposition.

Bits of Freedom hopes that this decision paves the way for the
modernisation of the copyright system. Past political endeavours focused
on the criminalisation of sharing by individual internet users. This is
counterproductive and does not address the real challenge: ensuring that
knowledge and culture is shared as widely as possible while remunerating
rightsholders. The Dutch government should start together with the
Parliament exploring remuneration models which support this goal.

Letter of government to parliament (only in Dutch, 04.02.2013)
https://www.bof.nl/live/wp-content/uploads/briefTeeven040213.pdf

Resolution of Dutch parliament (only in Dutch, 11.12.2012)
https://www.bof.nl/2012/12/11/parlement-spreekt-zich-uit-tegen-downloadverbod/

Blog Bits of Freedom: Download Prohibition finally buried (only in
Dutch, 05.02.2013)
https://www.bof.nl/2013/02/05/downloadverbod-eindelijk-begraven/

(Contribution by Ot van Daalen - EDRi member Bits of Freedom Netherlands)

=======================================================================
5. Denmark: Government postpones the data retention law evaluation
=======================================================================

In the coming months, the Danish Parliament will conduct an evaluation
and revision of the Danish data retention law which implements directive
2006/24/EC. The review process has been postponed twice on earlier
occasions (2010 and 2012), and the Danish government wants another
two-year extension, officially in order to coordinate with any changes
in the directive at the EU level.

The Danish law exceeds the requirements of the data retention directive
in several respects, especially as far as Internet logging is concerned.
The Danish law contains a requirement for session logging which includes
data about every Internet packet being transmitted.

Specifically, the following information must be retained: source and
destination IP address, source and destination port number, transmission
protocol (like TCP and UDP) and timestamps. The contents of the
Internet packets are not being logged, but the IP addresses will contain
information about visits to websites of political parties (that is, in
effect, registration of political preferences) and the online news
services that the citizen reads. Last year in the Danish Parliament,
there was considerable debate about the Danish over-implementation of
the data retention directive, in particular Internet session logging.

The Parliament instructed the Danish government to produce an evaluation
report with special focus on session logging. The Danish Ministry of
Justice published this report in December 2012.

The evaluation report contains detailed descriptions of nine police
cases where telephone logging was useful, or maybe even critical, to the
Danish police. These cases are taken from an earlier report submitted to
the EU Commission. All nine cases are about serious and violent crimes
such as murder, armed robbery and organized narcotics smuggling.

For Internet logging there are only three police cases. Moreover, one of
the three cases is really about telephone logging since location data
from a mobile device is used by the police. The location registration
just happens to be triggered by "data calls" from a smartphone. This
leaves two police cases to demonstrate the value of internet logging,
and only one case uses session logging. Both cases involve economic
crimes (fraud) on a relatively minor scale. There is a huge discrepancy
between the nature of the police cases involving telephone and Internet
logging.

The report confirms the EDRi member IT-Pol suspicion that Internet
logging, and especially Internet session logging, is rarely used by the
Danish police. Quite interestingly, the Ministry of Justice formally
states in their own evaluation report that session logging was
implemented in a way that made it useless for the police (the
implementation is according to the requirements of the law). Before
September 2007, the Danish Internet service providers repeatedly warned
the Ministry of Justice that session logging would be useless for the
police.

The Danish Ministry of Justice report (only in Danish, 12.2012)
http://www.ft.dk/samling/20121/lovforslag/l142/bilag/2/1213533.pdf

Danish government wants to postpone the evaluation of the data retention
law for the third time (12.02.2013)
http://www.itpol.dk/notater/Danish-data-retention-evaluation-Feb13

EDRi-gram: Key privacy concerns in Denmark 2007 (30.01.2008)
http://www.edri.org/edrigram/number6.2/privacy-denmark-2007

(Contribution by Jesper Lund, EDRi member IT-Pol Denmark)

=======================================================================
6. Ancillary copyright law under discussion in Germany
=======================================================================

The Judiciary Committee of the German Bundestag held on 30 January 2013
an expert hearing on the proposed bLeistungsschutzrechtb (LRS, known
also as bancillary copyrightb) law for news publishers which will
require search engines and others to ask permission from news publishers
to link to their content or even give summarize news content.

The draft law was criticized by civil society groups as well as the
German association of Internet economy which pointed out the lack of
clarity of the terms used in the text and the negative effects that the
law may bring by restricting the diversity of information on the
internet. Moreover, the legislation is superfluous as publishers are
already protected by copyright provisions. If this bill is enacted
as-is, search engines would be allowed to display snippets only after
having received permission which may involve or not some payment to the
news publishers.

In some cases, a press publisher might pay a search engine to be
included in its searches. The important issue is that a search engine,
and maybe even social networks, will be obliged to ask permission to
provide snippets from a news publisher. The law has several unclear
areas. For instance, it is not clear whether blogs will be considered as
press products due to the vague definition of the term. The expert
hearing was not focused on technological expertise but rather
on how such a law might fit into the current legal framework.

A representative from the publishersb associations asked for a
technical language to express conditions such as temporal, topical or
size restrictions, payment requirements and other conditions but did not
succeed in presenting a proper way of how this could be implemented. All
experts in the hearing agreed the law would create a period (estimated
at about 5 years) of legal uncertainty, requiring a series of lawsuits
before realizing who will actually be within the sights of the LRS. This
uncertainty also applies when we talk about Facebook or Twitter. It is
not yet clear whether the law will cover only search engines such as
Google or it will extend to social networks. MP Siegfried Kauder of the
Christian Democrats party stated that in his opinion, after hearing the
experts, there seemed to be no reason for the promotion of the law as,
it appeared to be unlikely the law would help in actually producing new
income for news publishers.

In the meantime, in France, Google seems to give in under similar
pressure. Eric Schmidt, Executive Chairman of Google made a statement on
the company blog on 1 February 2013, in an attempt to point out that the
search engine had generated bbillions of clicks each monthb for news
publishers, band our advertising solutions (in which we have
invested billions of dollars) help them make money from that traffic.b

But Schmidt also stated that on the same date, he, together
with President Hollande of France, announced two new initiatives bto
help stimulate innovation and increase revenues for French publishers.b

One was the creation of a 60 million euro Digital Publishing Innovation
Fund financed by Google bto help support transformative digital
publishing initiatives for French readers.b The second initiative is to
increase the partnership with French publishers bto help increase their
online revenues using our advertising technology.b

German Parliament Hears Experts On Proposed Law To Limit Search Engines
(31.01.2013)
http://searchengineland.com/german-leistungsschutzrecht-146826

Google creates b,60m Digital Publishing Innovation Fund to support
transformative French digital publishing initiatives (1.02.2013)
http://googleblog.blogspot.co.uk/2013/02/google-creates-60m-digital-publishing.html

EDRi-gram: Ancillary copyright madness in Germany and France (26.09.2012)
http://www.edri.org/edrigram/number10.18/ancillary-copyright-proposal-madness

=======================================================================
7. Human rights orgs ask OECD to investigate surveillance companies
=======================================================================

In the beginning of February 2013 several human rights organisations,
including Privacy International, the European Center for
Constitutional and Human Rights, the Bahrain Center for Human Rights,
Bahrain Watch and Reporters without Borders, filed formal complaints
against surveillance software firms Gamma International and Trovicor.

The OECD (Organisation for Economic Cooperation and Development)
National Contact Point (NCP) in the UK was asked to investigate Gamma
International regarding the companybs potential complicity in serious
human rights abuses in Bahrain and in Germany, the complaint was
directed against Munich-based Trovicor.

In the opinion of the complainants, there are grounds to believe that
the surveillance products and services provided by the two companies
have led to human rights abuses in Bahrain, including arbitrary
detention and torture, violations of the right to privacy, freedom of
expression and freedom of association. It appears that the information
gathered from intercepted phone and internet communications have been
used to detain and torture bloggers, political dissidents and activists
and to extract confessions from them. If the investigation concludes
that the complaints have a real basis, the companies are likely to be
found in breach of the OECD Guidelines for Multinational Enterprises
which sets out principles and standards for responsible business conduct.

bThe failure of governments to properly control exports of surveillance
technology has left companies like Gamma and Trovicor regulated
exclusively by their own moral compasses. Unfortunately, these compasses
seem to have malfunctioned and directed companies towards some of the
most dangerous and repressive regimes in the world. We very much hope
the OECD process will persuade Gamma and Trovicor to take a long hard
look at their current and future clients, and to think carefully about
the role their products play in the targeting and torture of activists
and the suppression of pro-democracy voices,b stated Eric King, Head of
Research at Privacy International.

Miriam Saage-MaaC, Vice Legal Director at ECCHR, said: bBy maintaining
permanent business relations with the state of Bahrain and maintaining
their surveillance software, both companies have accepted the risk that
they may be accused of abetting torture and other grave human rights
violations. If true, such actions would amount to a violation of the
OECD Guidelines.b

These are not the only companies involved in providing surveillance
equipment to countries where freedom of expression is oppressed. Many
suppliers, besides the two companies in question, such as Nokia Siemens
Networks, Hacking Team and Bull / Amesys have supplied equipment to
Libya, Egypt, Syria, Bahrain, Morocco and many more countries that have
violated human rights during the last years.

Human rights organisations filed formal complaints with the OECD against
surveillance companies (4.02.2013)
http://en.rsf.org/bahrein-human-rights-organisations-file-04-02-2013,44016.html

Briefing note on OECD Complaints against Gamma International and
Trovicor in the UK and Germany (02.2013)
http://www.statewatch.org/news/2013/feb/oecd-complaint.pdf

Human rights organisations file formal complaints against surveillance
firms Gamma International and Trovicor with British and German
governments (3.02.2013)
https://www.privacyinternational.org/press-releases/human-rights-organisations-file-formal-complaints-against-surveillance-firms-gamma

EDRi-gram: Export Controls for Digital Weapons (19.12.2013)
http://edri.org/edrigram/number10.24/export-controls-digital-weapons

EDRi-gram: German government intends to use FinFisher Spyware (30.01.2013)
http://edri.org/edrigram/number11.2/germany-finfisher-spyware

=======================================================================
8. Big Brother Awards 2013 Bulgaria
=======================================================================

EDRi member ISOC Bulgaria and the Access to Information Program organized 
the Big Brother Awards for 2012. This year the "winners" are the Council of 
Ministers of the Republic of Bulgaria - for lack of action in changing the 
way special investigative resources (wiretapping) is being used with 
regards to data traffic, which should ensure high protection of privacy.

For private companies, the "winner" is Toplofikatsia (Central Heating) for 
collecting and processing private data of its customers.

The BBA awards have been given in Bulgaria since 2003, and usually the  
worst governmental institution to deal with privacy is either the Council 
of Ministers, or the Ministry of Interior. Among private company winners 
have been also mobile operators, advertising companies and power  
distributing companies.

Details about the Bulgarian Big Brother Awards 2013 (only in Bulgarian,  
28.01.2013)
http://bg.bigbrotherawards.org

(Contribution by Veni Markovski - EDRi member ISOC Bulgaria)

=======================================================================
9. ENDitorial: Licences for Europe and fight club... only one rule
=======================================================================

There was a moment in November 2012 when even the most cynical observers
of the European Commission were hopeful of an effective reform of
copyright. Commissioner Barnier gave a speech where he demonstrated that
he understood the problems. He explained that bthe digital revolution
has not yet lived up to expectations in the European contextb and
described some barriers to cross-border access to content as
illegitimate. Finally, the problems had been identified. And recognising
a problem is a first step to solving it.

Then, in December 2012, the Commission was even more explicit. It
explained that the following would be addressed: territoriality in the
Internal Market; harmonisation, limitations and exceptions to copyright
in the digital age; fragmentation of the EU copyright market; and how to
improve effectiveness and efficiency of enforcement while underpinning
its legitimacy in the wider context of copyright reform.

So far, all that has actually happened is the launch of the Commission's
blicences for Europeb initiative. Or rather, the Commission's launched
industry's initiative... or... well, whoever it is that owns it, was
launched. The last line of Commissioner Barnier's speech at the opening
event was very telling. bThe ball is in your court,b he said. He didn't
explain who byoub are b the overwhelming majority of participants
(industry lobbyists), the tiny minority of civil society... or society
in general?

Actually, we know that byoub is not society in general. The first rule
of fight club ...blicences for Europeb is... you do not talk about
blicences for Europeb. No web streaming of the working groups, bChatham
House Rulesb that forbid the attribution of statements to particular
participants or their organisations. The public at large is kept firmly
outside of the process. After the lack of transparency that helped bring
down ACTA, we now have closed doors and bChatham House Rulesb for
blicences for Europeb. And no problem definition for the working groups
to work on.

Barnier's subsequent comment that bit is incomprehensible that Europeans
are coming up against obstacles online which they have been dismantling
in the physical world for more than 50 years,b hovers somewhere between
tragedy and comedy. This statement comes from a Commissioner who
inherited a demonstrably failed 2001 Copyright Directive but has not
acted to fix it. This is the Commissioner that inherited a demonstrably
failed 2004 IPR Enforcement Directive, but has not acted to fix it.

After four years of inaction on licensing and four years of inaction on
exceptions and limitations to copyright, Commissioner Barnier demanded
action... by everyone in the room except himself, to bmeet together to
find fast, specific solutions to problems arising in the here and nowb.
Fast? Faster than what?

So, what now? Well, we will have months of working group meetings,
carefully shielded from the public by the opaque walls of the European
Commission, bringing us closer and closer to the end of this
legislature, at which time Commissioner Barnier can hand over the
dossier to the next incumbent of the bInternal Marketb portfolio.
Instead of less red tape and fewer licences, licences bforb Europe are
likely to generate new barriers and new bureaucracy.

For example, one of the working groups is on buser-generated contentb.
User-generated content is... well... how can this be explained...? It is
user-generated and should not require licensing. Obviously? In many
European countries, users can generate content that avails of exceptions
to copyright for parody/pastiche, for incidental use, uses of minor
importance etc., without licences. However, none of these exceptions are
mandatory, so there is a lack of harmonisation across Europe caused by a
European Directive which the Commission has no obvious intention of
resolving. So, if harmonisation is not possible by the removal of
licensing obligations in those countries which don't have appropriate
exceptions... what will the bworking groupb be bworkingb on? Adding
voluntary blicensingb to remove rights that citizens currently have?

The speech from Commissioner Kroes was not much more inspiring. She said
that she was not btoo keen on heavy-handed legislative measures. They
aren't always needed.b This is true. The question is: when you've
already got heavy-handed legislative measures that are not fit for
purpose b do you repeal or reform them, or do you farm the problem out
to an ad hoc collection of industry lobbyists in order to make it seem
that the problem is being solved?

It normally takes at least 9-12 months for the European Parliament to
adopt a legislative text. The next elections are in 15 months. Is there
no hope for a real reform in the next two years?

Licenses for Europe
https://ec.europa.eu/licences-for-europe-dialogue/en

Commissioner Kroes speech: Digital technology and copyright can fit
together (4.02.2013)
http://europa.eu/rapid/press-release_SPEECH-13-96_en.htm

Commissioner Barnier speech: Making European copyright fit for purpose
in the age of internet (7.11.2012)
http://europa.eu/rapid/press-release_SPEECH-12-785_en.htm

Commissioner Barnier speech: Licences for Europe: quality content and
new opportunities for all Europeans in the digital era (4.02.2013)
http://europa.eu/rapid/press-release_SPEECH-13-97_en.htm

(Contribution by Joe McNamee - EDRi)

=======================================================================
10. Recommended Action: support your privacy rights
=======================================================================

EDRi together with other civil rights and data protection organisations
launched on 5 February 2013 the European campaign portal
Privacycampaign.eu in support of better protection for European
citizens' rights to privacy and data protection.

bThis is our one opportunity to develop a strong legal framework,
building trust and removing unnecessary red tape for business. We need a
framework that is guided by clear, predictable legal principles and
strong enforcement. Instead, we have an unprecedented wave of
ill-informed, ill-advised and destructive corporate lobbying. Democracy
needs to be injected back into this debate in order to protect the
rights of European citizensb says Joe McNamee, Executive Director of
European Digital Rights.

The joint campaign launched by European Digital Rights (representing 32
organisations), Privacy International, The Julia Group, La Quadrature du
Net and Access aims at creating a counterweight to the massive lobbying
by the US government, trade associations and big internet business on
the data protection reform.

The organisations believe that without a successful reform of the data
protection framework European citizens will be left with a series of
legal loopholes and a range of unpredictable enforcement gaps where
nobody, neither citizens nor business, knows what law will be enforced.

The action of the European citizens is even more needed after the recent
news that prove that MEPs in the Internal Market and Consumer Committee
(IMCO) have adopted amendments written by Amazon, eBay or the American
Chamber of Commerce (AmCham EU) b to the detriment of European citizens
and their fundamental rights to privacy and data protection.

Privacy Campaign - European Campaign Portal for the Data Protection Reform<
http://www.privacycampaign.eu/

Lobby groups take CTRL+V of data protection proposal (11.02.2013)
http://edri.org/lobbyplag-eudatap

LobbyPlag
http://www.lobbyplag.eu/

=======================================================================
11. Recommended Reading
=======================================================================

EU: Protection of human rights in the EU "rarely a priority", says
Human Rights Watch (02.2013)
http://www.statewatch.org/news/2013/feb/03hrw-eu-report.htm

EU cyber security directive considered harmful (8.02.2013)
http://www.lightbluetouchpaper.org/2013/02/08/eu-cyber-security-directive-considered-harmful/

=======================================================================
12. Agenda
=======================================================================

14-15 February 2013, Vienna, Austria
Internet 2013 - Shaping policies to advance media freedom
http://www.osce.org/event/internet2013

21-22 February 2013, Washington DC, USA
Intellectual Property and Human Rights Conference and Roundtable Discussion
Webcasted live and archived
http://www.wcl.american.edu/pijip/go/blog-post/intellectual-property-and-human-rights-conference-and-roundtable-discussion

22 February 2013, Warsaw, Poland
ePSIplatform Conference: "Gotcha! Getting everyone on board"
http://epsiplatform.eu/content/save-date-22-february-2013-epsiplatform-conference

21-22 March 2013, Malta
Online Privacy: Consenting to your Future
http://www.onlineprivacyconference.eu/

6-8 May 2013, Berlin, Germany
re:publica 2013
http://re-publica.de/en/

20-21 June 2013, Lisbon, Portugal
EuroDIG 2013
http://www.eurodig.org/

25-26 June 2013, Barcelona, Spain
9th International Conference on Internet Law & Politics: Big Data:
Challenges and Opportunities.
http://edcp.uoc.edu/symposia/idp2013/?lang=en

25-26 June 2013, Washington, DC, USA
23rd Computers, Freedom and Privacy Conference (CFP)
CfP by 1 March 2013
http://www.cfp.org/2013

31 July b 4 August 2013, Geestmerambacht, Netherlands
Observe. Hack. Make. - OHM2013
CfP by 1 March 2013
https://ohm2013.org/

23-26 September 2013, Warsaw, Poland
Public Voice Conference 2013
35th International Data Protection and Privacy Commissioners conference
http://www.giodo.gov.pl/259/id_art/762/j/en/

============================================================
13. About
============================================================

EDRi-gram is a biweekly newsletter about digital civil rights in Europe.
Currently EDRi has 32 members based or with offices in 20 different
countries in Europe. European Digital Rights takes an active interest in
developments in the EU accession countries and wants to share knowledge
and awareness through the EDRi-gram.

All contributions, suggestions for content, corrections or agenda-tips
are most welcome. Errors are corrected as soon as possible and are
visible on the EDRi website.

Except where otherwise noted, this newsletter is licensed under the
Creative Commons Attribution 3.0 License. See the full text at
http://creativecommons.org/licenses/by/3.0/

Newsletter editor: Bogdan Manolea <edrigram at edri.org>

Information about EDRi and its members:
http://www.edri.org/

European Digital Rights needs your help in upholding digital rights in
the EU. If you wish to help us promote digital rights, please consider
making a private donation.
http://www.edri.org/about/sponsoring
http://flattr.com/thing/417077/edri-on-Flattr

- EDRI-gram subscription information

subscribe by e-mail
To: edri-news-request at edri.org
Subject: subscribe

You will receive an automated e-mail asking to confirm your request.
Unsubscribe by e-mail
To: edri-news-request at edri.org
Subject: unsubscribe

- EDRI-gram in Macedonian

EDRI-gram is also available partly in Macedonian, with delay.
Translations are provided by Metamorphosis
http://www.metamorphosis.org.mk/mk/vesti/edri

- EDRI-gram in German

EDRI-gram is also available in German, with delay. Translations are
provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian
Association for Internet Users
http://www.unwatched.org/

- Newsletter archive

Back issues are available at:
http://www.edri.org/edrigram

- Help
Please ask <edrigram at edri.org> if you have any problems with subscribing
or unsubscribing.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From gfoster at entersection.org  Wed Feb 13 21:08:21 2013
From: gfoster at entersection.org (Gregory Foster)
Date: Wed, 13 Feb 2013 23:08:21 -0600
Subject: [drone-list] MeCam
Message-ID: <mailman.4222.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

...or, American 21st Century Death Match: Narcissism vs. Privacy

liliputing (Jan 24) - "MeCam $49 flying camera concept follows you around, 
streams video to your phone":
http://liliputing.com/2013/01/mecam-49-flying-camera-concept-follows-you-around-streams-video-to-your-phone.html

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/

_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 13 14:33:47 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 13 Feb 2013 23:33:47 +0100
Subject: [cryptography] "Zero knowledge" as a term for end-to-end 
  encryption
Message-ID: <20130213223347.GJ6172@leitl.org>

----- Forwarded message from ianG <iang at iang.org> -----


From eugen at leitl.org  Wed Feb 13 14:37:27 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 13 Feb 2013 23:37:27 +0100
Subject: U.S. sanctions Iranian broadcasters, locks up oil revenues
Message-ID: <20130213223727.GL6172@leitl.org>

http://www.reuters.com/article/2013/02/06/us-usa-iran-broadcasters-idUSBRE9150VE20130206

U.S. sanctions Iranian broadcasters, locks up oil revenues

By Timothy Gardner

WASHINGTON | Wed Feb 6, 2013 5:22pm EST

(Reuters) - The United States said on Wednesday it had sanctioned Iran's main
agency in charge of broadcasting for helping the government censor Western
reports, part of a broader effort by Washington to pressure Tehran's nuclear
program.

The Treasury Department also said sanctions that shackle Iran's oil earnings
took effect, as scheduled, on Wednesday. Iran's earnings now have to be
credited to accounts in countries that buy Iranian crude.

Under the conditions, Tehran can only use the funds to buy goods from its oil
customers, preventing the money from being repatriated and used on the
nuclear program the West believes is developing weapons. Iran says the
program is for purely civilian purposes.

"This will significantly restrict Iran's ability to make use of the oil
revenue that it's earning," a senior U.S. official told reporters about the
sanctions.

In its crackdown on Iran's state-sponsored media, the Treasury named the
Islamic Republic of Iran Broadcasting, its director, Ezzatollah Zarghami, and
others as subject to sanctions that effectively block their access to the
U.S. financial system.

Human rights groups have said Iran is using state media reports to trample
dissent, and have pointed to forced confessions of political detainees in
front of state media outlets.

Iran is using social media to hunt down political activists and is engaged in
a campaign to filter out unwanted television content, the senior U.S.
official said. After Iran's 2009 presidential election, the government
increased its jamming of foreign channels, including the BBC and Voice of
America, the Treasury said.

The United States will target people and organizations in Iran "responsible
for human right abuses, especially those who deny the Iranian people their
basic freedoms of expression, assembly and speech," said David Cohen, the
undersecretary for terrorism and financial intelligence at the Treasury.

The new sanctions also target the Iranian Cyber Police, a unit formed in 2009
that has hacked into email accounts related to political action, deleted
anti-government blogs and arrested bloggers, the Treasury said. The Iran
Electronics Industries, which the Treasury said had helped the government
crush activism by monitoring text messages, was also targeted by the
sanctions.

ECONOMIC PRESSURE

Iran's currency, the rial, has lost about half its value against the dollar
in the past year as U.S. and EU sanctions halved the country's oil exports.

The new sanctions on oil revenues do not specifically try to deepen cuts in
Iran's oil exports.

But the measures could reward Iran's oil customers for working with the
United States on the sanctions by forcing Tehran to buy their products. "By
bottling up this revenue in each one of these countries, it will I think
enhance the attractiveness of the goods they sell to Iran," he said.

The extra revenues from sales of their goods could make it easier for India,
Turkey and South Korea and other Iran oil customers to continue to seek
alternatives to Iranian oil even if petroleum prices go higher.

Washington is expected to keep pressuring Iran's customers to make deeper
cuts, as dictated by the U.S. sanctions law.

The new measure has not sat well with all of Iran's customers. India, Iran's
second largest oil customer, plans to seek an exception to the new provision.

The United States has granted all 20 of Iran's major oil buyers 180-day
exemptions to the sanctions in return for their reduced purchases of the
petroleum. The exceptions to China, India and others were granted in
December.

(Editing by Doina Chiacu and Peter Cooney)




From lists at infosecurity.ch  Wed Feb 13 17:03:26 2013
From: lists at infosecurity.ch (Fabio Pietrosanti (naif))
Date: Thu, 14 Feb 2013 02:03:26 +0100
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4223.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Here some notes i collected with a quick review of the source code:

https://pad.riseup.net/p/silentcircle

-naif

On 2/14/13 1:36 AM, Nadim Kobeissi wrote:
> This is good news! Still far from a complete source code release, but
> it's good that they're progressing, even if very slowly.
>
> Once all of the code is out I'll finally shut up about Silent Circle.
>
>
> NK
>

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From lists at infosecurity.ch  Wed Feb 13 21:01:57 2013
From: lists at infosecurity.ch (Fabio Pietrosanti (naif))
Date: Thu, 14 Feb 2013 06:01:57 +0100
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4224.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Wait, wait, i just read some code around but without taking care much
about the logic of the code itself.

So there are stuff that should be checked more in details by someone
else, notes also by other people ended up on that sort of
collaborative/caotic pad https://pad.riseup.net/p/silentcircle .

-naif

On 2/14/13 5:54 AM, Nadim Kobeissi wrote:
> Fabio just discovered that Silent Phone derives device IDs by hashing
> the device IMEI with MD5...
>
> WOW
>
>
> NK
>
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 13 23:18:10 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 14 Feb 2013 08:18:10 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130214071810.GO6172@leitl.org>

----- Forwarded message from Joseph Lorenzo Hall <joe at cdt.org> -----


From eugen at leitl.org  Thu Feb 14 02:00:02 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 14 Feb 2013 11:00:02 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130214100002.GQ6172@leitl.org>

----- Forwarded message from "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> -----


From eugen at leitl.org  Thu Feb 14 02:02:15 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 14 Feb 2013 11:02:15 +0100
Subject: [cryptography] Q: CBC in SSH
Message-ID: <20130214100215.GT6172@leitl.org>

----- Forwarded message from Bernhard Amann <bernhard at ICSI.Berkeley.EDU> -----


From eugen at leitl.org  Thu Feb 14 02:11:31 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 14 Feb 2013 11:11:31 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130214101131.GZ6172@leitl.org>

----- Forwarded message from "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> -----


From eugen at leitl.org  Thu Feb 14 02:12:24 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 14 Feb 2013 11:12:24 +0100
Subject: [drone-list] MeCam
Message-ID: <20130214101224.GA6172@leitl.org>

----- Forwarded message from Gregory Foster <gfoster at entersection.org> -----


From lists at infosecurity.ch  Thu Feb 14 03:04:35 2013
From: lists at infosecurity.ch (Fabio Pietrosanti (naif))
Date: Thu, 14 Feb 2013 12:04:35 +0100
Subject: [liberationtech] Cryptography super-group creates unbreakable
	encryption
Message-ID: <mailman.4225.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On 2/14/13 8:36 AM, Jacob Appelbaum wrote:
> The live code review with ascii art was really something to behold. It
> was some kind of new art form that isn't very good but at the same time
> is nearly impossible to not watch...
Something interesting happened yesterday, here a summary in case someone
would like to get on it again

* After few hours the pad was vandalized insulting nadim
https://pad.riseup.net/p/silentcircle

* A Backup of the Pad content has been put read-only online (with some
comments and further analysis to be done)
  * http://pastebit.com/pastie/12001
  * http://pastebin.com/dKRPrGMN

* SilentCircle source code has been temporarly removed from Github:
https://github.com/SilentCircle/silent-phone-base

* Nadim opened a ticket to ask about the code back:
https://github.com/SilentCircle/silent-phone-base/issues/1

* A new (different) version of the code has been uploaded online:
https://github.com/SilentCircle/silent-phone-base

* Someone in the meantime put the original code back online (as a zip
archive):
http://jednorog.sneakyness.com/1U060B2S3I1P

* A diff between the "original SC opensource release"  and the "modified
SC opensource release" reveal some code difference
 * Output of git diff "original/silent-phone-base new/silent-phone-base/
> sc.patch" is available at
    http://temp-share.com/show/f3Yg95cXn

-naif
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Thu Feb 14 03:24:40 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 14 Feb 2013 12:24:40 +0100
Subject: [liberationtech] Cryptography super-group creates
  unbreakable 	encryption
Message-ID: <20130214112440.GI6172@leitl.org>

----- Forwarded message from "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> -----


From mahrens at delphix.com  Thu Feb 14 13:32:35 2013
From: mahrens at delphix.com (Matthew Ahrens)
Date: Thu, 14 Feb 2013 13:32:35 -0800
Subject: [zfs] Edon-R hashing and dedup
Message-ID: <mailman.4226.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Mon, Feb 11, 2013 at 6:22 AM, SaE!o Kiselkov <skiselkov.ml at gmail.com>wrote:

> So I've been talking to some people around storage and found out that
> SHA-256 hashing *is* a significant cost in implementing dedup.


I know  I'm arriving late to this discussion.  For my own understanding,
I'd like to attempt to summarize the various positions and get everyone's
feedback.

SHA-256 is slow; we'd like to find a faster algorithm to replace it, which
will use less CPU.  Such a replacement must be usable for dedup without
verification.  (Performance and behavior with verification is a secondary
concern to the points outlined here.)

Dedup inherently relies on probabilistic correctness: if there is a hash
collision, incorrect data will be returned.  This is true even with the
best hash algorithms (including SHA-256), and even without the possibility
of storing malicious data.  However, the probability involved is
exceedingly small.  Given 2^64 bytes (16 exabytes) in 8KB blocks, the odds
of a collision are approximately 1/2^155. This is less likely than
consecutively buying 5 jackpot-winning lottery tickets (assuming lottery
odds 1/100 million).

Dedup is sometimes used with user-generated data (i.e. untrusted, possibly
malicious users provide the data to store).  In the case, the hash
algorithm should be such that it is infeasible to find a block which hashes
to a given value.  Otherwise an untrusted user may cause ZFS to return
incorrect data.

Dedup is sometimes used only with trusted data (i.e. none of the data can
be maliciously generated).  In this case, the algorithm need only
distribute input blocks evenly over all 2^256 possible hash values.  It is
OK if it is feasible to find a block with a given hash value, because the
risk associated is no worse than the ideal case (e.g 1/2^155 chance of
returning incorrect data with the workload described above).

SHA-256 is currently used for both of these use cases (trusted and
untrusted data).  So a replacement should also be usable for both.

Optionally, we could implement a third, even faster, algorithm for use only
in the trusted case.  Some people believe that this choice may be misused
(i.e. used even when the data can not be trusted), and therefore this
option should not be offered.

I'm not an expert in crypto algorithms; I've only read the wikipedia page
on the SHA-3 competition (
http://en.wikipedia.org/wiki/NIST_hash_function_competition).  Being fairly
paranoid mainly due to my lack of expertise in this area, I would prefer to
choose one of the finalists as a replacement for SHA-256.  It sounds like
BLAKE and Skein have reasonable performance.

I think that the easiest way forward will be to first agree on a
high-performance replacement for SHA-256, which is usable in all cases that
SHA-256 is, including with untrusted data. We can then evaluate demand for
an even faster algorithm to be used only with trusted data.

--matt



-------------------------------------------
illumos-zfs
Archives: https://www.listbox.com/member/archive/182191/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182191/22842876-6fe17e6f
Modify Your Subscription: https://www.listbox.com/member/?member_id=22842876&id_secret=22842876-a25d3366
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From asquidwwuq at regenesistv.com  Thu Feb 14 12:12:43 2013
From: asquidwwuq at regenesistv.com (=?koi8-r?B?88/L0sHdxc7JxSDOwczPx8/X?=)
Date: Thu, 14 Feb 2013 21:12:43 +0100
Subject: =?koi8-r?B?7sHMz8fP18/FINDMwc7J0s/Xwc7JxSDM1d7bycUgwsXM2cUg08jFzdk=?=
Message-ID: <heeyge.prifuk.cygegualo.b.wgvwysu@eaaleualsaroao>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 15627 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20130214/820f5f98/attachment.txt>

From eugen at leitl.org  Thu Feb 14 13:51:55 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 14 Feb 2013 22:51:55 +0100
Subject: [zfs] Edon-R hashing and dedup
Message-ID: <20130214215155.GB6172@leitl.org>

----- Forwarded message from Matthew Ahrens <mahrens at delphix.com> -----


From badtrashvyyx at rotarylift.com  Thu Feb 14 18:43:54 2013
From: badtrashvyyx at rotarylift.com (=?koi8-r?B?987JzcHOycAg4sHOy8/X?=)
Date: Fri, 15 Feb 2013 03:43:54 +0100
Subject: =?koi8-r?B?98HMwNTOz8Ug0sXH1czJ0s/Xwc7JxSAo4+Ig8uYp?=
Message-ID: <A0E320D9.BD387A97@rotarylift.com>

ﾐ� ﾐｿﾐｸﾑ�ﾑ糊ｼﾑ� ﾐｿﾑ�ﾐｸﾐｻﾐｰﾐｳﾐｰﾐｵﾑび�ﾑ� ﾐｿﾑ�ﾐｸﾐｻﾐｾﾐｶﾐｵﾐｽﾐｸﾐｵ

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ???????? ?????????????. ?????????? ??? ??? ?????????? ? ????????? ?????????.rtf
Type: application/octet-stream
Size: 27258 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20130215/902cfd8b/attachment.obj>

From ali at packetknife.com  Fri Feb 15 07:19:55 2013
From: ali at packetknife.com (Ali-Reza Anghaie)
Date: Fri, 15 Feb 2013 10:19:55 -0500
Subject: [cryptography] Fwd: Answers to some of your questions (Silent
	Circle responds..)
Message-ID: <mailman.4227.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

This was circulated on libtech and here it is for your consideration too.

It confirms some of the ramblings on the pad, disposes of some others, ..

Also attached is a condensed version of the pad after "summary" was
put at the top.

Cheers, -Ali


---------- Forwarded message ----------
From: Jon Callas <jon at silentcircle.com>
Date: Thu, Feb 14, 2013 at 11:28 AM
Subject: Answers to some of your questions
To: Ali-Reza Anghaie <ali at packetknife.com>
Cc: Jon Callas <jon at silentcircle.com>


Hi, Ali-Reza.

I saw your pastebit with some questions, and let me answer. You may
repost this mail to liberation tech or anywhere else.

* A Latvian company wrote most of the software, not SilentCircle

When we formed Silent Circle, we looked around for people to partner
with. We selected Tivi because they're really cool people -- I used
their ZRTP-enabled VOIP client back in the days when I had a Nokia
N95. We picked them in part because they were willing to release
source code. (Other potential partners were not willing.)

Our partnership with them includes that code base, and that they work
for us full-time now. They're some of our main developers now.

I have a bit of a raised eyebrow at this comment. (Yes, I know it's
not your words, you're also explaining.) It sounds to me like whoever
is making that comment is implying that there's something wrong with
Latvia. Riga was for many, many years a center of European high-tech
until the dark days of WWII and Soviet occupation. It's a lovely place
filled with incredibly smart, friendly people. It is a part of the EU,
and also a NATO nation. Our team in Riga. We picked them because they
rock.

Perhaps the comment comes from the fact that they were in business
before our partnership. It's relatively common in high-tech that
companies enter into partnerships with others. Google, Microsoft,
Apple, Facebook, and others often use some sort of relationship like
this to get software or technologies that they didn't have, so that it
speeds up development. We are hardly unique in this.

Perhaps I don't understand. If someone could explain the objection to
me, I'm happy to address it further.

* Application is designed for VoIP, not specifically for Security

It's a secure VOIP client. Because of its history, there's a lot of
latent capability in it that is VOIP related. Is there an actual
question or objection?

* It does use an outdated SSL library (PolarSSL 1.1.1) with some known
security vulnerabilities ?

No, we're using PolarSSL 1.1.4. We did not include the PolarSSL code
in the drop because we didn't want to figure out the licensing
details.

* It does not use LibZRTP by Philip Zimmermann used in Zfone but ZRTPCPP

That is correct. We're using Werner Dittmann's library. We like it. We
like it so much that Werner is working for us. Werner rocks.

* It does use an outdated version of ZRTPCPP library?

I don't believe so. If anything, we're using a version of it that is
newer than anyone else's; Werner works for us, now.

Should we need release a new version, we will.

* It does reveal their test/development server?

- "I wonder if they are hiring new iOS devs now?"

Yes, we are. We also need Android devs, and need them more than iOS
devs. Feel free to send risumis to <jobs at silentcircle.com>. Note that
we are a highly-distributed company with developers and staff
stretched from Latvia to Greece, to the Pacific West. Location almost
does not matter. 31337 skillz do.

I will also note that the code of the VOIP system is the same across
all our apps. It gets compiled for iOS and Android, as well as Windows
(Silent Eyes). Each OS has its own UX skin on top of the code VOIP
system.

- "I'd say anything that gets Silent Circle to actually answer
questions proper is useful, if that is the result."

Feel free to send questions to me, or to "security at silentcircle.com"

* In ./silentphone/tiviengine/prov.cpp there is some kind of
provisioning protocols, used probably to auto-configure the voip
clients.

Good catch! Yes, indeed, we provision the clients ourselves. Silent
Circle is a *SERVICE* not an app.

* It should be evaluated the capability for a government
censoring/filtering host to block the user out by blocking
accounts.silentcircle.com or sccps.silentcircle.com. Maybe some
dynamic methods is in place?

We'd love to hear suggestions. If someone's suggestion is particularly
clever, feel free to attach a risumi.

* It should be asked what are the privacy handling for those data and
if those can be additionally "privacy enforced" .

Feel free to ask. I don't understand the question, myself.

* QUESTION: What this certificate is used for ?
TODO: We should check to see if this certificate is used for TLS
Validation? If so that's cool, that it does not rely on third party
CA.

Got it in one! Thank you for thinking it's cool.

Again, feel free to forward this mail to anyone, and I'm happy to
entertain questions from anyone.

        Jon

-----
Jon Callas
Chief Technical Officer
Silent Circle, LLC
email: jon at silentcircle.com Silent Phone: jon

NOTE: The original pad is being vadalized. A backup of the content, before nonsense, of that pad can be had at http://pastebit.com/pastie/12001 for background reading. A Summary of the useful parts of that pad is:

- The TiViPhone base appears to be an acquisition by SilentCircle and the (c) reflects that. Also a number of the TiViPhone employees are SC employees.
- The ZRTPCPP library being used is also maintained primarily by a SC employee and is not entirely unrelated.
- We do not have a clear source vs binary tree relationship here and can't vouch that the code that has been released is a fully accurate representation of the product Silent Circle has shipped.

What remains below is now the "meat" of the interesting discussion.

CODE: https://github.com/SilentCircle

---

* It does use an outdated SSL library (PolarSSL 1.1.1) with some known security vulnerabilities ?
        ???    Latest version is 1.2.5 (2013-02-02), the project seems very active as 1.1.1 has been released 2012-01-23
        ???    PolarSSL Security Advisory: https://polarssl.org/tech-updates/security-advisories (most recent advisory Feb 2nd) .
        ???    PolarSSL Changelog https://github.com/polarssl/polarssl/blob/master/ChangeLog 
        ???    they embed 1.1.1 and 1.1.4 in libs, but I only find 1.1.1 usage in the code
        ???    TODO: It should be checked in details if that 1.1.1 is vuln and/or patched to some of the advisory.
        ???    ^--- PolarSSL 1.1.1 suffers from "Weak Diffie-Hellman and RSA key generation": https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2012-01
        ???    Easily a non-issue as w/ many other projects. Verifying against binaries is tougher. The updated codebase that was uploaded does not appear to show signs of back-ported patching so they keep upgrading the version they use - perfectly reasonable as long as we can get an idea of what is exactly used in each subsequent release to the App Store and Google Play.

---

* It does use an outdated version of ZRTPCPP library?
  Looking at libs/zrtp/Changelog it does use ZRTPCPP 1.5.2 version (released on 05-Dec-2010).
  Latests version is libzrtpcpp 2.3.2 (released on 20-Nov-2012)
  ZRTPCPP 1.5/1.6/2.3 download: http://ftp.gnu.org/gnu/ccrtp/ .

---

* It does reveal their test/development server?
  In the file ./apple/ios/VoipPhone/settings.txt there is the hostname fs-devel.silentcircle.org with ip 50.116.49.43

   Do we have that code too? It would be nice to have a full development enviornment to play with / even a fake one would have its uses.

   That's a nice inquiry. It would be also very interesting, while i think it's not doable technically for smartphone platforms's constraints, to have "Deterministic Building" to always have the exact checksum of files given the same build process repeated in the same environment (Unfortunately that's an hard topic, due to various timestamps and stuff that linked put into the executable files).//AppStore binaries are encrypted/heavily obfusticated... right, proving the released binary match the released source code is hard.

---

Unless the build is reproducible and verifiable, releasing the source is pretty meaningless. <-- THIS <--- Seconded

A release of source against each App Store or Google Play edition seems to be in order - that isn't unlike other projects spreading legs on both sides of the App Store and FOSS fence.

---

TODO: It would be nice if someone could share an url with a backup of an "Installed and configured SilentCircle" to look at!.
I am trying to read some code. They are just a peice of mess. Like this: smartphone/codecs/vTiVi/ep.cpp. It is like something from a decompiler (even the indentation didn't conform)+1 definitely not iOS devs

---

Like this: (this is a library search path for one of the libs) "$(SRCROOT)/../../../../../Library/Developer/Xcode/DerivedData/werner_zrtp-gibkbzjaoguukggnpjvrvnwattfm/Build/Products/Debug-iphoneos"  <that's very bad and stupid, if they just brought the zrtp project into the same workspace xcode would handle all of this automagically for them
// I am wondering how did they get this mess run on a phone. It's very fraigle, likely this environement works on the developer's machine (lol) and was good enough to generate a binary for app store submission. If we would have gotten lucky we might have seen his username in one of the search paths but no dice.

---

* In ./silentphone/tiviengine/prov.cpp there is some kind of provisioning protocols, used probably to auto-configure the voip clients.
Interesting the following strings:
        http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg.xml?api_key=12345^M
        http://sccps.silentcircle.com/provisioning/silent_phone/settings.txt?api_key=12345^M
        http://sccps.silentcircle.com/provisioning/silent_phone/tivi_cfg_glob.txt?api_key=12345^M
   const char *pLink="https://accounts.silentcircle.com";^M

        It should be evaluated the capability for a government censoring/filtering host to block the user out by blocking accounts.silentcircle.com or sccps.silentcircle.com. Maybe some dynamic methods is in place?

---

   const char *dev_id=t_getDevID_md5();^M <--- What's up with these functions? Maybe the IMEI/UDID of the Phone hashed with md5?
   TODO: Someone should check it!
   const char *dev_name=t_getDev_name();^M Only works on IOS, returns UTF8String of NSString *n = [[UIDevice currentDevice]model]; That's something like "iPhone5" or "iPhone4s"? If so, it's less privacy invasive.

   It should be evaluated the privacy impact of retrieving the "name" of the device (Is that the name of the phone?) that could be stored somewhere (how?).
        Additionally it should be considered that if the "Device ID" is an IMEI, even hashing it with MD5, could make it easily reversable by Silentcircle to retrieve it. TODO: Checkit
   NSString *n = [[UIDevice currentDevice]uniqueIdentifier];
        These UDID's were rendered useless a while ago weren't they? There is an advertising udid framework but you can request a fresh ID whenever you want.
It's IOS's ^^^ yeah.
It is deprcated since iOS5: https://developer.apple.com/library/prerelease/ios/#documentation/UIKit/Reference/UIDevice_Class/DeprecationAppendix/AppendixADeprecatedAPI.html
   It should be asked what are the privacy handling for those data and if those can be additionally "privacy enforced" .

---

Are UI Bugs worth finding? Sometimes they can actually lead to code execution. For example, setting your nickname to be something that can exploit the UI for nickname display and execute code... or just mislead the user? Part of the UI includes presenting security phrases for validation, it's worth scrutinizing. From an OPSEC perspective it might lead to leeks as well.

---

Random iOS tidbit of information: if you go into settings.app and change any permissions for address book/photos/etc??? any applications running that require those permissions will automatically forcequit.

---

QUESTION: What this certificate is used for ?
TODO: We should check to see if this certificate is used for TLS Validation? If so that's cool, that it does not rely on third party CA.
const char *pEntrustCert=^M
"-----BEGIN CERTIFICATE-----\r\n"^M
"MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\r\n"^M
"VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\r\n"^M
"ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\r\n"^M
"KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\r\n"^M
"ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\r\n"^M
"MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\r\n"^M
"ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\r\n"^M
"b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\r\n"^M
"bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\r\n"^M
"U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\r\n"^M
"A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\r\n"^M
"I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\r\n"^M
"wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\r\n"^M
"AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\r\n"^M
"oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\r\n"^M
"BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\r\n"^M
"dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\r\n"^M
"MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\r\n"^M
"b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\r\n"^M
"dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\r\n"^M
"MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\r\n"^M
"E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\r\n"^M
"MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\r\n"^M
"hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\r\n"^M
"95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\r\n"^M
"2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\r\n"^M
"-----END CERTIFICATE-----\r\n"^M

---

* A Backup of the Pad content has been put read-only online (with some
comments and further analysis to be done)
  * http://pastebit.com/pasties/store/12001/silentcircle.html 
  * http://pastebin.com/dKRPrGMN

* SilentCircle source code has been temporarily removed from Github:https://github.com/SilentCircle/silent-phone-base

* Nadim opened a ticket to ask about the code back:https://github.com/SilentCircle/silent-phone-base/issues/1 

* A new (different) version of the code has been uploaded online:https://github.com/SilentCircle/silent-phone-base

* Someone in the meantime put the original code back online (as a zip
archive):http://jednorog.sneakyness.com/1U060B2S3I1P

* A diff between the "original SC open source release"  and the "modified
SC open source release" reveal some code difference
 * Output of git diff "original/silent-phone-base new/silent-phone-base/ sc. patch" is available at
http://codepad.org/eQkexG2R


_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From jaromil at dyne.org  Fri Feb 15 02:08:14 2013
From: jaromil at dyne.org (Jaromil)
Date: Fri, 15 Feb 2013 11:08:14 +0100
Subject: <nettime> 200k Caymans companies hijacked to democratize offshore
	business - Press Release
Message-ID: <mailman.4228.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>



re all,

Loophole for All - http://Loophole4All.com

now, how do we call this art? :^) accountancy art? I do believe
accountants are very creative people in fact.

BTW sorry for hijacking the announcement, but on the same genre,
a few days ago Enric Duran has sent out a communicate on how
the court-case against him is becoming a farce. check it on
http://enricduran.cat/comunicate-enric-duran-before-a-trial-that-could
-become-a-farce/

----- Forwarded message -----

   Loophole for All - [1]http://Loophole4All.com
   Press Release. NYC, 15th February 2013.

   Paolo Cirio, contemporary artist and pirate, hacked the governmental
   servers of the Cayman Islands and stole a list of all the companies
   incorporated in the country, making it public for the first time. Now
   on [2]Loophole4All.com he is selling the identities of those companies
   at a low cost to democratize the privileges of offshore businesses.

   Paolo hijacks the identities of more than 200,000 companies registered
   in the Cayman Islands by moving their addresses to his Caymans mailbox
   and issuing counterfeited certificates of incorporation from the
   Caymans company registry. This massive corporate identity theft
   benefits from the anonymous nature of those companies since the real
   owners' secrecy allows anybody to impersonate them. In short, this
   project turns the main feature of offshore centers into a
   vulnerability.

   Through [3]Loophole4All.com, anyone can hijack a Caymans company, from
   99? for a certificate of incorporation for a real company to $49 for a
   mailbox in the offshore country with mail rerouting. Finally, small
   businesses and middle class people can invoice from the major offshore
   centers and avoid unfair taxes, legal responsibility and economic
   disruption in their own indebted home countries, in a form of global
   civil disobedience.

   For this operation, the artist set up a company in the City of London
   as a shield for legal persecution and to compete in the market against
   offshore centers. He utilizes aggressive business strategies for a
   political work of art and reverses corporate machination for creative
   subversive agendas. With the money generated by selling companies'
   identities, Paolo plans to expand his business into Bermuda, Jersey,
   the Seychelles, and Delaware, among others.

   Further, Paolo Cirio interviewed major experts and produced a video
   documentary investigating offshore centers, where he shares his
   extensive research and conclusions about offshore business:
   [4]http://Loophole4all.com/doc.php

   In the offline art installation, the paper trail of the project is
   displayed with prints of the documents of the scheme set up for the
   operation. Ultimately, the installation will be a low cost identity
   shop for offshore companies, and in doing so democratize both offshore
   business and the sale of subversive works of conceptual art.

   Watch the introductory-meme video:
   [5]http://www.youtube.com/watch?v=-qGg7YIvnMQ

   Quick notes:
   - The Cayman Islands are second only after Switzerland in the global
   Financial Secrecy Index.
   - The Caymans state is considered to be one of the major offshore
   centers for high finance and the global economy.
   - Among the several thousand anonymous companies in the Caymans you
   will find most of the major global multinationals, Chinese businesses,
   criminal organizations and all the major global banks.
   - There is neither real money in the Caymans nor a real market. Caymans
   companies are only booked on paper.
   - The Cayman Islands is a British crown colony situated 150 miles south
   of Cuba in the Caribbean Sea.

   In the next months you will find Paolo Cirio's works at:
   - Public Private exhibition at Kellen Gallery of The New School, New
   York - U.S.
   - The Big Picture, exhibition at Contemporary Museum of Denver,
   Colorado - U.S.
   - MediaCities festival, exhibition, Buffalo - U.S.
   - Eastern Bloc festival, exhibition, Montreal - Canada
   - ISEA 2013, keynote, Sydney - Australia

   Thanks for the attention.
   [6]http://PaoloCirio.net

----- End forwarded message -----

-- 
http://jaromil.dyne.org
GPG: B2D9 9376 BFB2 60B7 601F 5B62 F6D3 FBD9 C2B6 8E39






#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime at kein.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb 15 02:56:28 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 15 Feb 2013 11:56:28 +0100
Subject: <nettime> 200k Caymans companies hijacked to democratize
  offshore 	business - Press Release
Message-ID: <20130215105628.GL6172@leitl.org>

----- Forwarded message from Jaromil <jaromil at dyne.org> -----


From paul at servalproject.org  Thu Feb 14 17:59:38 2013
From: paul at servalproject.org (Paul Gardner-Stephen)
Date: Fri, 15 Feb 2013 12:29:38 +1030
Subject: [Freedombox-discuss] This white space spectrum chip might be
	uninteresting
Message-ID: <mailman.4229.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

Hello John, All,

We have been thinking about related issues in the Serval Project.
Being based in .AU, we don't (yet) have the luxury of white spaces.
Also, as we are also targeting disaster use cases we have to be able
to work in situations where geodatabases may not be available or
accessible for whatever reason.

So our initial efforts that are being sponsored by the NLnet
Foundation are being focussed on the ISM band at 915MHz, that is
available in a number of countries (.US and .AU are of particular
interest).  This band has fairly generous rules, and is capable of
fairly long distance communications.

Our very early tests, using what we know is sub-optimal forward error
correction, and with purposely poorly placed antennae (on a couch or a
desk inside a house, similar to the kinds of places a freedombox would
be expected to be plugged in) already show that it is possible to
maintain links through O(10) houses.

This is important, because WiFi does only O(1) house, PI*r^2 = O(1)
houses covered (including your own), and so you need Almost Everyone
to join to form a mesh.

But assuming a range of O(10) houses, PI*r^2 = PI*10^10 = O(100)
houses, and so you need only about 1% up-take to enable metropolitan
networks to be feasible.  That seems much more likely than the ~100%
up-take needed to make a WiFi mesh.

The trade-off is the relatively low bandwidths that are feasible.  We
are using 250kbit, and that is about as high as is feasible.  However,
it isn't as bad as it sounds, because we can use some clever frequency
hopping and related tricks to create a "multi-threaded" radio
environment, where there can be 50 senders operating in the band for
250k x 50 = 12.5mbit total throughput, with the nice property that no
one node can consume all the bandwidth. I can provide some further
explanation on this if it is of interest.

We are using the RFD900 radios that run open-source firmware, and our
GPL Serval Mesh software on top of that to give us a fully open stack,
complete with our baked in crypto layer that the Serval Mesh is based
on, and could be integrated into the FB stack if desired at some
point.

We are beginning to make a few Mesh Helper prototypes, that combine an
RFD900 radio + OpenWRT 802.11n router and battery, and will be testing
these in New Zealand over the next couple of weeks, and can feedback
here if people would like to hear more about how it goes.  Or
alternatively, I will blog about it.  There are already a couple of
blog posts that show some of what we have been up to already, e.g.:

http://servalpaul.blogspot.com.au/2013/02/breaking-wifi-barrier-serval-mesh.html
http://servalpaul.blogspot.com.au/2013/02/building-serval-mesh-helper-device.html

If anyone is interested in knowing more, or helping us out (there is a
fair bit of radio firmware rewriting to be done to realise the full
potential), just drop me a line.

Paul.

On Fri, Feb 15, 2013 at 9:38 AM, John Gilmore <gnu at toad.com> wrote:
>> http://www.v3.co.uk/v3-uk/news/2243662/white-space-spectrum-chip-approved-for-m2m-use
>> http://www.theregister.co.uk/2013/02/13/weightless_neul/
>>
>> If this could somehow be incorporated in the Novena freedom box that Bdale is trying to whip up...
>
> (0) White Space spectrum doesn't have to be used with the Weightless
> chips or protocol.  The idea is that anybody can use it with any
> modulation that stays within the bandplan.  Whitespace does not equal
> Weightless, though they of course neglect to tell you that.
>
> (1) this is a proprietary standard, all tied up in patents.  You
> aren't allowed to know how it actually works, and you can't use it
> without paying one or many patent holders (some of whom may only
> surface years from now and start demanding royalties).  It's a classic
> proprietary radio hardware ploy in that regard.
>
> (2) this is low speed (14 megabits max -- but that's for two devices
> sitting right next to each other in a faraday cage, I'm sure) yet it
> uses large amounts of bandwidth, hundreds of megahertz).  It's
> bleeding edge, and probably full of bugs and interoperability
> problems.  It is the very first entrant in using "white space" and of
> course later entrants are likely to be more efficient, more standard,
> better debugged, cheaper, better integrated, and more open.
>
> (3) The FCC's white space stuff is a catch-22.  You can't use this
> radio spectrum until you have found out, via some out-of-band
> mechanism, both exactly where you are on earth (like with a GPS chip) and
> accessed some global database of what frequencies are available at
> your GPS locations.  This has multiple painful results:
>
>   *  You need a GPS.
>   *  You need Internet access independent of this chip.
>   *  You need to contact a centralized service, and tell it your GPS location.
>   *  Your communication can easily be censored by either pressuring or
>      spoofing that centralized service, or by cutting off your
>      Internet access so you can't find out what frequencies to use.
>      Not to mention spoofing your GPS.
>   *  Your use of the spectrum can be remotely monitored by monitoring
>      the centralized service (who checks in from what locations).  And
>      since the centralized service is proprietary and/or government
>      provided, it will probably also require some kind of "credential"
>      that proves you have paid your "licensing fees" or some such,
>      which can also be used to identify your device uniquely.  Even if
>      they *don't* feed you bad results based on your identity, they
>      will know where you are and that you are using device #
>      123-456-789-1011 there, consistently over a period of years.  If
>      you bought device 123-456-789-1011 with a credit card or had it
>      delivered to an address, those records will be available to
>      inquisitive totalitarian governments, tying the device to
>      an individual person and their whole dossier.
>
> All of these suck for a FreedomBox.  What we would want is a
> communications medium that anyone can use, anyone can build into
> devices, with public specs, that uses scarce bandwith efficiently, and
> that you can just turn on and start using immediately to talk between
> two nodes (or among two hundred nodes) that wish to communicate.
> Weightless ain't that.  WiFi is much closer, particularly as its
> early patents expire.
>
> Oh, and:
>
>   *  White space communication is illegal everywhere except the United
>      States.  While I think we certainly need protection from the US
>      government, there are also lots of other governments that are
>      egregious at suppressing basic human rights.  We should build stuff
>      that works worldwide.
>
> For more details, see the documents here:
>
>   http://www.weightless.org/media/resources
>
>         John
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From virtualadept at gmail.com  Fri Feb 15 10:38:17 2013
From: virtualadept at gmail.com (Bryce Lynch)
Date: Fri, 15 Feb 2013 13:38:17 -0500
Subject: [ZS] Byzantium cell-phone service
Message-ID: <mailman.4230.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On Thu, Feb 14, 2013 at 7:13 PM, Mark Nuzzolilo II <nuzz604 at gmail.com>wrote:

>
> http://www.networkworld.com/news/2010/083010-open-source-voip-cell-phones-at-burning-man.html
>

OpenBTS has been in use and under heavy development for a couple of years.
It was deployed at Occupy Wall Street by Isaac Wilder of the Free Network
Foundation (he's a good guy, we geeked out at ContactCon), it's seen a lot
of use at the past few DefCons, and we had cellular at HOPE 2012 with such
a setup.  There was also cell service at ToorCamp last summer with OpenBTS,
too.  I think 2013 will be the second or third year that Burning Man will
have GSM cell service.

It has been used to set up a P2P cellular network, but to be usable the
network in question would either have to have FCC permission, fly
sufficiently below the radar that the cell companies didn't sic the FCC on
them, operate at a low PEP, or be re-tuned to use frequencies that aren't
otherwise controlled (but then the problem becomes hacking GSM cellphones
to use those new freqs).  Modulo DefCon hijinks (subtype, wacky) they've
all had permission or low PEP to operate for extended periods, so it's as
practical as things get.

-- 
The Doctor [412/724/301/703] [ZS]
https://drwho.virtadpt.net/
"I am everywhere."

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb 15 05:37:30 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 15 Feb 2013 14:37:30 +0100
Subject: [Freedombox-discuss] This white space spectrum chip might
  be 	uninteresting
Message-ID: <20130215133730.GR6172@leitl.org>

----- Forwarded message from Paul Gardner-Stephen <paul at servalproject.org> -----


From eugen at leitl.org  Fri Feb 15 07:24:08 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 15 Feb 2013 16:24:08 +0100
Subject: [cryptography] Fwd: Answers to some of your questions (Silent 
  Circle responds..)
Message-ID: <20130215152408.GV6172@leitl.org>

----- Forwarded message from Ali-Reza Anghaie <ali at packetknife.com> -----


From eugen at leitl.org  Fri Feb 15 07:48:13 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 15 Feb 2013 16:48:13 +0100
Subject: EDRi-gram newsletter - Number 11.3, 13 February 2013
Message-ID: <20130215154813.GX6172@leitl.org>

----- Forwarded message from EDRi-gram <edrigram at edri.org> -----


From eugen at leitl.org  Fri Feb 15 11:30:04 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 15 Feb 2013 20:30:04 +0100
Subject: [ZS] Byzantium cell-phone service
Message-ID: <20130215193004.GG6172@leitl.org>

----- Forwarded message from Bryce Lynch <virtualadept at gmail.com> -----


From sondheim at panix.com  Fri Feb 15 20:06:52 2013
From: sondheim at panix.com (Alan Sondheim)
Date: Fri, 15 Feb 2013 23:06:52 -0500 (EST)
Subject: <nettime> we are all damned
Message-ID: <mailman.4231.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>



[post dorner rhetoric: read this:

"San Bernardino County sheriff.s officials said they tried to force
the suspect to surrender before accidentally setting the cabin
where he was holed up on fire when they shot a pyrotechnic chemical
device inside." Yes - "accidently" because "pryotechnic" devices are
"accidental."]


we are all damned

Yea, the that's navy, why a he police was officer, in hunted the
officers, navy, and a Yea, police that's officer, why hunted he
officers, was and in engaged won them several won firefights. several
Does firefights. ignoring Does reality ignoring to reality preserve
to engaged preserve them your make happy you little feel view better?
of The world is make that you murdered feel your better? happy The
little is view that of murdered world innocent(and people. unarmed
coward....with people. "c". coward....with Well "c". when Well try
when rat try out rat innocent(and out unarmed corrupted they law start
enforcement their they attacks start against their you? attacks what
against else you? corrupted what law else enforcement do. innocent
You people, all how claim do killed we innocent know? people, Because
how same do do. we You know? all Because claim same killed cops
criminals revealed said be so? criminals Not said defending so? him,
Not just defending playing him, cops just revealed playing be devil's
with advocate. his Plus, training, with I his highly training, doubt
I hes highly dead. doubt devil's hes advocate. dead. Plus, believe
before did SOTU, end humiliation it fact before couldnt SOTU, stop
humiliation one fact man... couldnt believe stop did one end man...
it We on shall record see. (which were msnbc caught fox on news
record or (which any msnbc We fox shall news see. or were any caught
mainstream burn would house never down. air), amy saying not burn
agree house but down. few amy mainstream not would agree never but
air), few saying things They made cared obvious: for They Due cared
Process for Constitutional Due right Process tried Constitutional
things right made tried obvious: by ALL jury factual peers, evidence
WITH presented. ALL Was factual first evidence American presented. US
Was by first jury American peers, US WITH Soil if authorized spotted
drone (we strike see if well spotted those (we go see overseas, well
Soil those authorized go drone overseas, strike 1200 dead children
counting). dead Regardless counting). criminal, Regardless our
criminal, judicial our system judicial has system 1200 has children
shown swore care uphold. law, know swore EVERYTHING uphold. transpired
know here, EVERYTHING this transpired real here, shown this care real
law, story, are is, expected re it. told calling thing him are hero,
expected again, it. Devil's calling story, him is, hero, re again,
told Devil's thing Advocate. been He brought should court have PEERS,
been public brought forum, court so PEERS, could public Advocate.
forum, He so should could have reveal add side, more WHY this, did..
about To who add fired more people this, due about reveal who side,
fired WHY people did.. due To mistaken where identity, investigation
where criminal investigation charges criminal into charges that? into
41 that? 71 41 mistaken 71 identity, year hispanic old women hispanic
cretainly women meet cretainly description, meet truck description,
had truck burned, had year burned, old still it? looking What it?
mean What miserably mean failed miserably officer failed lied officer
female lied still female looking supervisor own cover mistakes own
like mistakes tiny like man tiny was, man completely was, couple
completely supervisor couple cover included success young loser
black two success good loser officers two didn't good even officers
brains didn't included even young brains black get creep mexico
brother every (of creep nationality) brother successfully (of fled.
nationality) Too successfully bad fled. get Too mexico bad every take
that, aim since at don't you, seem that, appreciate since person don't
situation seem hurt appreciate take person aim situation at hurt you,
care, defend whether not. defend "The not. people" "The So people"
soldiers, So police, soldiers, homicidal police, care, homicidal
whether maniacs, etc... psychopaths, lack etc... fear. lack That fear.
makes That murderer makes nothing murderer more. nothing maniacs,
more. psychopaths, Feeling need need label label someone someone
something something solely solely appease appease feelings feelings
weakness. weakness. Feeling honey, 13 ive olds, shot i 13 protect
olds, CONSTITUTION i enemies protect foreign CONSTITUTION domestic.
enemies honey, foreign ive domestic. shot Just do, because will dont
give it, my doesnt life dont. rights, do, no will amtter give Just
my because life dont rights, it, no doesnt amtter dont. other SWORE
deserves TO. not, Glad why, can SWORE LAPD TO. proven Glad capable
can wrose LAPD other proven deserves capable not, wrose why, crimes.
back If barn, MSNBC sheep. then But back open barn, mind sheep.
possibility But being open crimes. mind If possibility MSNBC being
then full three story... sides there everything, three Side sides
A, everything, B, Side truth. A, Usually, B, full truth. story...
Usually, there places both cnn, Hence A mostly B. troll Never these
both pages Hence use mostly some troll places these cnn, pages A use
B. some Never critical REALLY? thinking. bold REALLY? faced bold liar!
faced STAND liar! FOR STAND NOTHING!!! FOR Donser NOTHING!!! critical
Donser thinking. DEFENDED also HIM, lawyer, HE righteous LOST!! sue?
also His lawyer, actions righteous PROVE sue? HIS His DEFENDED actions
HIM, PROVE HE HIS LOST!! CHARACTER!!! YOUR YOUR WORDS WORDS YOURS!!!!!
YOURS!!!!! It It sounds sounds yourself, yourself, bitterness
bitterness NOT NOT CHARACTER!!! result righteousness!! result Your
righteousness!! statements Your pure statements slander, pure shows
slander, anti-government, anti-government, anti anti rhetoric.
rhetoric. military, military, many many terrorists terrorists blew
blew up up airlines, Camp nutcase Pendleton, opened does Camp heroes!
Pendleton, sir does an heroes! idiot! sir Bold an airlines, idiot!
nutcase Bold opened liar? seen Have track seen enforcement? track
Anti enforcement? government? Anti Maybe, government? ruin Maybe,
everything ruin liar? everything Have touch. anything tell profits.
truth, Im anything slandering profits. anyone, Im mind. slandering
My anyone, county mind. touch. My tell county truth, sheriffs, them.
Damn Why? proud arent them. giving Why? gun arent control giving
crap gun congress control sheriffs, crap Damn congress proud trying
going pass refuse (IE orders going confiscation). refuse Ive orders
am confiscation). abiding. Ive follow am trying abiding. pass follow
(IE law. helping Part down time computer helping skills. down me,
computer accuse skills. slander. me, Hypocrasy accuse law. slander.
Part Hypocrasy time its think? finest, bitter, think? learned bitter,
long learned ago long thinking ago research, thinking ask research,
its ask finest, questions. sir, Apparently, wish sir, luck wish
future. luck shooting future. 2 shooting elderly 2 women, elderly
questions. women, Apparently, obviously Chris looked Dorner.. Chris
Dorner Dorner.. given Dorner fair given trial. fair Judge trial.
Yafee Judge obviously Yafee looked accepted over over $500,000.00
$500,000.00 illegal illegal payments. payments. lie lie judges judges
bribed. bribed. This This accepted petition petition corrupt corrupt
entities entities investigated investigated excessive excessive force.
force. Sign Sign remember remember deadline webpage . facebook Post
email webpage friends, facebook co email workers, friends, family co
victims workers, deadline family . victims Post simply based harassed
ethnicity based want ethnicity big want Brother big watching Brother
too watching stroke too simply stroke harassed out... valid valid
gripes... gripes... kill kill innocents?? innocents?? lose lose
vote! vote! significant significant strides strides out... circuit..
outfit... maybe rest better peace ver from outfit... me... rest a:
peace sorry from cope, me... circuit.. a: maybe sorry better cope,
ver sad. apparently Let im me stupid apparently blind im 'real stupid
truth', blind government 'real always truth', sad. government Let
always me right... Marijuana Do (and really ahve Marijuana smoked (and
anyone ahve suggests smoked such anyone thing.) suggests right... such
Do thing.) really making cause legal crime cause rate crime soar/open
rate harder soar/open drugs/kill harder people? drugs/kill may people?
making may legal treated fairly fairly firing firing LAPD. LAPD.
license license except except under under most most perverse perverse
treated interpretation Second interpretation Amendment Second which,
Amendment unfortunately, which, nuts unfortunately, advocating. nuts
sympathy murderer; murderer; but, but, honest. honest. "accidentally"
"accidentally" set set place place afire afire pyrotechnic pyrotechnic
sympathy device.!? problem Really? doing problem purpose doing
believed purpose safest believed way safest avoid way others avoid
device.!? others Really? injured common killed, sense! defies wants
common - sense! And wants blatantly - recorded And audio blatantly
injured recorded killed, audio defies video... less... top won't prior
about? less... taken won't revenge about? screwed taken then, revenge
ok. screwed video... then, top ok. prior wrong. Only Only Mafia,
Mafia, officials officials that. that. ONE ONE named named manifesto,
manifesto, consider consider wrong. dedicated. dedicated. took took
"opportunistic" "opportunistic" approach, approach, which which labels
labels coward. coward. dedication dedication words, words, decided
decided easiest easiest course course action, action, innocent,
innocent, unsuspecting unsuspecting victims. victims. cannot stand
stand behind behind nothing. nothing. Can't Can't comments. comments.
next next think think wrongfully wrongfully cannot treated, treated,
gather gather arsenal; arsenal; issue issue manifesto; manifesto;
constitution constitution God-given God-given so. so. raping boss
pillaging. disciplined boss today, disciplined I'm today, everyone.
I'm At everyone. least At posters least raping posters pillaging.
newsvine gonna gonna ever ever way..you way..you supporters supporters
way. way. heard heard wrongs wrongs right?..neither right?..neither
newsvine 4..idiots. process say trial? denied turned process himself
trial? in. turned knew himself die in. sure knew 4..idiots. die
say sure denied wasn't turn captured done. turn through done.
another through agency, another wanted. agency, used wanted. wonder
used wasn't wonder captured considering seems seems be, be, looks
looks indeed indeed INNOCENT INNOCENT couple. couple. Supposedly,
Supposedly, taunted taunted considering father chief (ex-police
Quan, chief defended Quan, during defended inquiry) during thought
inquiry) Quan thought fight Quan father fight (ex-police felt Court.
got So, deal help Kangaroo him. Court. Still, So, daughter help her
him. fiance. Still, felt daughter got her deal fiance. Kangaroo
horrible. NO There EXCUSE NO killing EXCUSE tear killing gas--NOT tear
pyrotechnics. gas--NOT Tear pyrotechnics. gas Tear horrible. gas There
notorious starting starting fires fires flame flame sparks sparks
(short (short electricity electricity off). off). fire fire notorious
accidental. #1.22 anyway. Fri Maybe Feb off 15, gas. 2013 #1.22 10:27
Fri PM Feb EST 15, accidental. 2013 anyway. 10:27 Maybe PM off EST
gas.


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime at kein.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From david-sarah at jacaranda.org  Sat Feb 16 17:07:06 2013
From: david-sarah at jacaranda.org (David-Sarah Hopwood)
Date: Sun, 17 Feb 2013 01:07:06 +0000
Subject: [tahoe-dev] [tahoe-lafs] #867: use ipv6
Message-ID: <mailman.4232.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

On 16/02/13 21:05, Eugen Leitl wrote:
> On Sat, Feb 16, 2013 at 03:14:54PM +0200, Randall Mason wrote:
>> On Fri, Feb 15, 2013 at 9:06 PM, Greg Troxel <gdt at ir.bbn.com> wrote:
>>
>>> Also, fe80:: addresses should probably be ignored, as they are meant to
>>> be used only on a single link.
> 
> Please do not forget http://en.wikipedia.org/wiki/Cjdns and related, which
> 
> cjdns addresses are the first 16 bytes (128 bits) of the SHA-512 of the
> public key. All addresses must begin with the byte 0xFC, which in IPv6 resolution,
> is a private address (so there is no collision with any external Internet addresses).

The prefix FC00::/7 (i.e. first byte 0xFC or 0xFD) is reserved for
"unique local addresses" (see http://en.wikipedia.org/wiki/Unique_local_address
and RFC 4193). However, I don't think that the arguments that Greg Troxel put
forward apply to such addresses, in general. It's quite plausible that a
Tahoe-LAFS grid could be made up entirely of nodes that are inter-routable
using FC00::/7 addresses.

-- 
David-Sarah Hopwood b%




----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From natanael.l at gmail.com  Sat Feb 16 20:19:21 2013
From: natanael.l at gmail.com (Natanael)
Date: Sun, 17 Feb 2013 05:19:21 +0100
Subject: [cryptography] Bitmessage
Message-ID: <mailman.4233.1576008247.31620.cypherpunks-legacy@lists.cpunks.org>

This is precisely how I2P eepsites work. The true addresses are [52
characters of b32 encoded checksum of public key].b32.i2p while the
hosts.txt file is a list of these with their readable [sitename].i2p
domains. You can modify your own lists as you wish.

I2P Messenger and Bote mail could be combined to do what you suggest. :)

- Sent from my tablet
Den 17 feb 2013 01:39 skrev "James A. Donald" <jamesd at echeque.com>:
>
> On 2013-02-17 4:49 AM, Jonathan Warren wrote:
>>
>>
>> A primary goal has been to make a clean and simple interface so that the
key management, authentication, and encryption is simple even for people
who do not understand public-key cryptography.
>
> ________________________________
> This is of course, the hard problem.
>
> If I understand correctly what you have done, in the system, true names
are long random non memorable bit strings, and introductions are not
inherently part of the system, nor are petnames part of the system.
>
> So no one has anyone to talk to, nor anything to talk about, and if they
did, they would have trouble recollecting who they were talking to, since
all truenames look like gibberish, thus all truenames look alike.
> ________________________________
>
> A proposed alternative user interface design:
>
> Seems to me that you need something like public web pages, and something
like a favorites list / bookmarks list, where when you add something or
someone to your list, a petname/truename pair is added to your bookmark
list.
>
> Note how Tor's browser thinks it is communicating by http, while in
reality communicating by a completely different protocol.
>
> A link in the webpage would be nickname/truename pair, thus clicking on
such a link, you would be guaranteed to go to where the author the web page
intended (trusted path) and the destination would be capable of being added
to your bookmarks list.  The long random gibberish true name would almost
always be hidden behind nicknames, petnames, and trusted path links.
>
> When you click on something in your list, you either find yourself on a
webpage(by trusted path), or open a text message window to an individual,
by trusted path.  If the recipient is not currently dealing with your
window, (windows open simultaneously on both machines) messages get saved
and are available in an email like interface, so that instant messaging and
email are variant user interfaces on the same function.
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>

_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Sun Feb 17 01:24:28 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 17 Feb 2013 10:24:28 +0100
Subject: <nettime> we are all damned
Message-ID: <20130217092428.GK6172@leitl.org>

----- Forwarded message from Alan Sondheim <sondheim at panix.com> -----


From eugen at leitl.org  Sun Feb 17 01:30:47 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 17 Feb 2013 10:30:47 +0100
Subject: [cryptography] Bitmessage
Message-ID: <20130217093047.GL6172@leitl.org>

----- Forwarded message from Natanael <natanael.l at gmail.com> -----


From eugen at leitl.org  Sun Feb 17 09:50:55 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 17 Feb 2013 18:50:55 +0100
Subject: [tahoe-dev] [tahoe-lafs] #867: use ipv6
Message-ID: <20130217175055.GW6172@leitl.org>

----- Forwarded message from David-Sarah Hopwood <david-sarah at jacaranda.org> -----


From gdt at ir.bbn.com  Mon Feb 18 07:41:09 2013
From: gdt at ir.bbn.com (Greg Troxel)
Date: Mon, 18 Feb 2013 10:41:09 -0500
Subject: [tahoe-dev] new pubgrid, stability, old servers?
Message-ID: <mailman.4234.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>


The new pubgrid is functional, but the server populations seems
unstable.  It would be nice if people providing a server could have it
generally be running.

It would also be cool if people with servers from the old pubgrid could
repoint them to the new one.  I am trying to repair my old files.
There's nothing of value of course, but it's an interesting point case
of the power of multiple copies and the actual (rather than theoretical)
ability to recover bits.

The servers coming and coming (currently three) is also pointing out the
issue with "repair of mutable files increments sequence number".  Every
time I repair there is churn, it seems.

  https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1209



_______________________________________________
tahoe-dev mailing list
tahoe-dev at tahoe-lafs.org
https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From macwheel99 at wowway.com  Mon Feb 18 11:48:52 2013
From: macwheel99 at wowway.com (Al Mac Wow)
Date: Mon, 18 Feb 2013 13:48:52 -0600
Subject: [drone-list] DoJ Memo on targeted killing of Americans
Message-ID: <mailman.4235.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

The memo, as leaked thru NBC:
http://msnbcmedia.msn.com/i/msnbc/sections/news/020413_DOJ_White_Paper.pdf

A copy from DoJ without the annoying NBC watermarks, and with clarity of
publication date:  https://www.fas.org/irp/eprint/doj-lethal.pdf

I uploaded to both my Scribd and Google Drive Drone info collections.

 

Al Mac (WOW) = Alister William Macintyre

 


_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Mon Feb 18 07:07:52 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 18 Feb 2013 16:07:52 +0100
Subject: [cryptography] Which CA sells the most malware-signing certs?
Message-ID: <20130218150752.GA6172@leitl.org>

----- Forwarded message from Peter Gutmann <pgut001 at cs.auckland.ac.nz> -----


From eugen at leitl.org  Mon Feb 18 07:44:10 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 18 Feb 2013 16:44:10 +0100
Subject: [tahoe-dev] new pubgrid, stability, old servers?
Message-ID: <20130218154410.GB6172@leitl.org>

----- Forwarded message from Greg Troxel <gdt at ir.bbn.com> -----


From eugen at leitl.org  Mon Feb 18 12:18:48 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 18 Feb 2013 21:18:48 +0100
Subject: [drone-list] DoJ Memo on targeted killing of Americans
Message-ID: <20130218201848.GI6172@leitl.org>

----- Forwarded message from Al Mac Wow <macwheel99 at wowway.com> -----


From pgut001 at cs.auckland.ac.nz  Mon Feb 18 07:07:11 2013
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Tue, 19 Feb 2013 04:07:11 +1300
Subject: [cryptography] Which CA sells the most malware-signing certs?
Message-ID: <mailman.4236.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

I've just done a quick tally of the certs posted to
http://www.ccssforum.org/malware-certificates.php, a.k.a. "Digital
Certificates Used by Malware".  Looks like Verisign (and its sub-brand Thawte)
are the malware-authors' CA of choice, selling more certs used to sign malware
than all other CAs combined.  GeoTrust comes second, and everything below that
is in the noise.  GoDaddy, the most popular CA, barely rates.  Other CAs
who've sold their certs to malware authors include ACNLB, Alpha SSL (which
isn't supposed to sell code-signing certificates at all as far as I can tell),
Certum, CyberTrust, DigiCert, GeoTrust, GlobalSign, GoDaddy, Thawte,
StarField, TrustCenter, VeriSign, and WoSign.  Everyone's favourite whipping-
boy CAs CNNIC and TurkTrust don't feature at all.

Caveats: These are malware certs submitted by volunteers, so they're not a
comprehensive sample.  The site tracks malware-signing certs and not criminal-
website certs, for which the stats could be quite different.

Peter.

_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Tue Feb 19 01:43:43 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 19 Feb 2013 10:43:43 +0100
Subject: France to reduce money transaction limit from 3 kEUR to 1 kEUR
  in 	2014
Message-ID: <20130219094343.GP6172@leitl.org>

http://www.gouvernement.fr/sites/default/files/dossier_de_presses/conseil_national_de_lutte_contre_la_fraude_dp.pdf

<kraut>http://www.heise.de/tp/artikel/38/38586/1.html</kraut>




From mr.dash.four at googlemail.com  Tue Feb 19 11:08:26 2013
From: mr.dash.four at googlemail.com (Mr Dash Four)
Date: Tue, 19 Feb 2013 19:08:26 +0000
Subject: [tor-talk] Email provider for privacy-minded folk
Message-ID: <mailman.4237.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>


> IMO, only stupid idiot doesn't use https with gmail.
> That's why I think all talkings about gmail and beeing hacked is useless.
> Let him set "Use always https" in the gmail settings, then log out, log in, change password and secure q/answer and that's all.
>
> This should be about Tor and Tor close stuff...
>
>
> Game's over.
>   
Indeed! I also employ one additional measure, which, admittedly, may not  
be to everyone's taste - I have all my  
browser/system/email/everything-else-you-care-to-name root certificate  
store wiped out clean!

If I have to access a specific (https) site or access a new email account 
(by using secure pop/starttls, secure smtp or secure imap) I tend to get 
the site's certificate well in advance via other means (not through tor, 
obviously) and store it manually on my system for use by these programs. 
That way, I know that if the "certificate unrecognised" error pops up there 
is either 1) a new site I have never accessed before (most likely); or 2) 
someone is trying to use spoof certificates.

The latter doesn't occur very often, though I've had this on a number of  
(rare) occasions when a tor exit node for example (prior to being banned  
in my torrc file and banished forever) tries to pretend to be my email  
server and gets caught out with its pants down, quite literally... This  
measure also prevents the likes of hacked/rogue CA's out there leaking  
certificates to people/organisations who use them for various  
criminal/unsavoury purposes.
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From macwheel99 at wowway.com  Tue Feb 19 21:55:15 2013
From: macwheel99 at wowway.com (Al Mac Wow)
Date: Tue, 19 Feb 2013 23:55:15 -0600
Subject: [drone-list] Drone Journalism via U of Missouri
Message-ID: <mailman.4238.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

Professor Bill Allen, a former St. Louis Post-Dispatch reporter, is teaching
a three-hour course titled "Science Investigative Reporting: Drone
Journalism."

The class is using drones made by the school's engineering department.

http://gatewayjr.org/2013/02/05/lawmaker-concerned-about-using-drones-to-col
lect-news/ 

 

To fly a drone in US National Air Space (NAS), requires FAA licensing, which
includes certification that the drone is safe, and that it is flown by
someone who has a pilot's license.  I do not see U of Missouri on list of
authorized drone licensees which EFF found out from FAA via FOIA.

https://www.eff.org/deeplinks/2012/04/faa-releases-its-list-drone-certificat
es-leaves-many-questions-unanswered

 

They keep adding to the list, so maybe UM is on a list I have not yet seen.
If flying exclusively indoors, drones do not need FAA licensing.

I am sure that as soon as someone is caught flying a drone inside Congress,
White House, a Legislature, Court Building, or other official site, this
loophole will be altered.

 

Al Mac (WOW) = Alister William Macintyre


_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From kb at karelbilek.com  Wed Feb 20 00:09:34 2013
From: kb at karelbilek.com (=?ISO-8859-1?Q?Karel_B=EDlek?=)
Date: Wed, 20 Feb 2013 09:09:34 +0100
Subject: saving files to blockchain
Message-ID: <CAGUkT8Yo17SX4FAbjtqdY9METtUjRiUpGTwjnxky9AhOXbiw9g@mail.gmail.com>

I built a way to save any arbitrary files to the namecoin blockchain.
(so you can save any stuff forever and anonymously)

It is totally slow and inefficient but I think it's partly the fault
of the namecoin daemon.

see

https://github.com/runn1ng/namecoin-files




From surfer at mauigateway.com  Wed Feb 20 11:34:20 2013
From: surfer at mauigateway.com (Scott Weeks)
Date: Wed, 20 Feb 2013 11:34:20 -0800
Subject: NYT covers China cyberthreat
Message-ID: <mailman.4239.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>



--- Valdis.Kletnieks at vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
> boys and girls, all the cyber-capable countries are cyber-culpable.  you
> can bet that they are all snooping and attacking eachother, the united
> states no less than the rest.  news at eleven.

The scary part is that so many things got hacked by a bunch of people
who made the totally noob mistake of launching all their attacks from
the same place....
------------------------------------------------


Maybe.  The report says the following, but it doesn't make clear 
(I'm only on page 31, so I don't know if they do later in the report) 
if this is a small botnet, or individuals manning the 937 C&C servers:


B;B; APT1 controls thousands of systems in support of their computer 
intrusion activities.

B;B; In the last two years we have observed APT1 establish a minimum of 
937 Command and Control (C2) servers hosted on 849 distinct IP addresses 
in 13 countries. The majority of these 849 unique IP addresses were
registered to organizations in China (709), followed by the U.S. (109).

B;B; In the last three years we have observed APT1 use fully qualified 
domain names (FQDNs) resolving to 988 unique IP addresses.

B;B; Over a two-year period (January 2011 to January 2013) we confirmed 
1,905 instances of APT1 actors logging into their attack infrastructure 
from 832 different IP addresses with Remote Desktop, a tool that provides 
a remote user with an interactive graphical interface to a system.

B;B; In the last several years we have confirmed 2,551 FQDNs attributed to 
APT1.

B;B; We observed 767 separate instances in which APT1 intruders used the 
bHUC Packet Transmit Toolb or HTRAN to communicate between 614 distinct 
routable IP addresses and their victimsb systems using their attack
infrastructure.



scott

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 20 03:47:47 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 20 Feb 2013 12:47:47 +0100
Subject: [tor-talk] Email provider for privacy-minded folk
Message-ID: <20130220114746.GL6172@leitl.org>

----- Forwarded message from Mr Dash Four <mr.dash.four at googlemail.com> -----


From ahebert at pubnix.net  Wed Feb 20 10:14:27 2013
From: ahebert at pubnix.net (Alain Hebert)
Date: Wed, 20 Feb 2013 13:14:27 -0500
Subject: About private networks (Was Re: NYT covers China cyberthreat)
Message-ID: <mailman.4240.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

    ( Well I'm sure that there is a few hundrends of paper on this subject )

    I have a few ideas but it involve:

         .Dark Fiber;
        . All devices at FIPS 140 level;
        . Tonnes of resin;
        . Wire mesh;
        . Fiber DB monitoring;
        . Cable Shield monitoring;
        . Single Encryption Key injection for the FIPS 140 devices;
        . Central Provisioning;
        . Kill switch for suspected segments;
        <add your own crazy ideas>
        <etc>
        <add more of your own crazy ideas>

    And a private fab because it would not be a good idea to
sub-contract that to lets says... some Chinese outfit =D

    TLDR: Feasable, hella costly.

    PS:

http://spybusters.blogspot.ca/2010/11/fiber-optics-easier-to-wiretap-than.html

    Enjoy this week end of the world news.

-----
Alain Hebert                                ahebert at pubnix.net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From gavinandresen at gmail.com  Wed Feb 20 12:36:49 2013
From: gavinandresen at gmail.com (Gavin Andresen)
Date: Wed, 20 Feb 2013 15:36:49 -0500
Subject: [bitcoin-list] Version 0.8.0 released
Message-ID: <mailman.4241.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

Bitcoin-Qt version 0.8.0 are now available from:
  http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.0/

This is a major release designed to improve performance and handle the
increasing volume of transactions on the network.

Please report bugs using the issue tracker at github:
  https://github.com/bitcoin/bitcoin/issues

How to Upgrade
--------------

If you are running an older version, shut it down. Wait
until it has completely shut down (which might take a few minutes for older
versions), then run the installer (on Windows) or just copy over
/Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux).

The first time you run after the upgrade a re-indexing process will be
started that will take anywhere from 30 minutes to several hours,
depending on the speed of your machine.

Incompatible Changes
--------------------

This release no longer maintains a full index of historical transaction ids
by default, so looking up an arbitrary transaction using the
getrawtransaction
RPC call will not work. If you need that functionality, you must run once
with -txindex=1 -reindex=1 to rebuild block-chain indices (see below for
more
details).

Improvements
------------

Mac and Windows binaries are signed with certificates owned by the Bitcoin
Foundation, to be compatible with the new security features in OSX 10.8 and
Windows 8.

LevelDB, a fast, open-source, non-relational database from Google, is
now used to store transaction and block indices.  LevelDB works much better
on machines with slow I/O and is faster in general. Berkeley DB is now only
used for the wallet.dat file (public and private wallet keys and
transactions
relevant to you).

Pieter Wuille implemented many optimizations to the way transactions are
verified, so a running, synchronized node uses less working memory and does
much less I/O. He also implemented parallel signature checking, so if you
have a multi-CPU machine all CPUs will be used to verify transactions.

New Features
------------

"Bloom filter" support in the network protocol for sending only relevant
transactions to
lightweight clients.

contrib/verifysfbinaries is a shell-script to verify that the binary
downloads
at sourceforge have not been tampered with. If you are able, you can help
make
everybody's downloads more secure by running this occasionally to check PGP
signatures against download file checksums.

contrib/spendfrom is a python-language command-line utility that
demonstrates
how to use the "raw transactions" JSON-RPC api to send coins received from
particular
addresses (also known as "coin control").

New/changed settings (command-line or bitcoin.conf file)
--------------------------------------------------------

dbcache : controls LevelDB memory usage.

par : controls how many threads to use to validate transactions. Defaults
to the number
of CPUs on your machine, use -par=1 to limit to a single CPU.

txindex : maintains an extra index of old, spent transaction ids so they
will be found
by the getrawtransaction JSON-RPC method.

reindex : rebuild block and transaction indices from the downloaded block
data.

New JSON-RPC API Features
-------------------------

lockunspent / listlockunspent allow locking transaction outputs for a
period of time so
they will not be spent by other processes that might be accessing the same
wallet.

addnode / getaddednodeinfo methods, to connect to specific peers without
restarting.

importprivkey now takes an optional boolean parameter (default true) to
control whether
or not to rescan the blockchain for transactions after importing a new
private key.

Important Bug Fixes
-------------------

Privacy leak: the position of the "change" output in most transactions was
not being
properly randomized, making network analysis of the transaction graph to
identify
users' wallets easier.

Zero-confirmation transaction vulnerability: accepting zero-confirmation
transactions
(transactions that have not yet been included in a block) from somebody you
do not
trust is still not recommended, because there will always be ways for
attackers to
double-spend zero-confirmation transactions. However, this release includes
a bug
fix that makes it a little bit more difficult for attackers to double-spend
a
certain type ("lockTime in the future") of zero-confirmation transaction.

Dependency Changes
------------------

Qt 4.8.3 (compiling against older versions of Qt 4 should continue to work)


Thanks to everybody who contributed to this release:
----------------------------------------------------

Alexander Kjeldaas
Andrey Alekseenko
Arnav Singh
Christian von Roques
Eric Lombrozo
Forrest Voight
Gavin Andresen
Gregory Maxwell
Jeff Garzik
Luke Dashjr
Matt Corallo
Mike Cassano
Mike Hearn
Peter Todd
Philip Kaufmann
Pieter Wuille
Richard Schwab
Robert Backhaus
Rune K. Svendsen
Sergio Demian Lerner
Wladimir J. van der Laan
burger2
default
fanquake
grimd34th
justmoon
redshark1802
tucenaber
xanatos
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
bitcoin-list mailing list
bitcoin-list at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-list

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From clubmstromy at roverscan.com  Wed Feb 20 09:14:46 2013
From: clubmstromy at roverscan.com (=?koi8-r?B?xM/L1c3FztTZ?=)
Date: Wed, 20 Feb 2013 18:14:46 +0100
Subject: =?koi8-r?B?987FxNLFzsnFIMLAxNbF1MnSz9fBzsnRLiA=?=
Message-ID: <0D16CD55.DA889865@roverscan.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8821 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20130220/e1aa0ba7/attachment.txt>

From wbailey at satelliteintelligencegroup.com  Wed Feb 20 10:21:37 2013
From: wbailey at satelliteintelligencegroup.com (Warren Bailey)
Date: Wed, 20 Feb 2013 18:21:37 +0000
Subject: Network security on multiple levels (was Re: NYT covers China
	cyberthreat)
Message-ID: <mailman.4242.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

I did not approach the inline encryption units on purpose. Obviously
anything that leaves .mil land not riding something blessed by DISA is
going to have something like a KG on both ends. Generally Satellite
systems use TRANSEC, though in our line of work it's an extremely
expensive add-on to an otherwise decent security implementation. I'm not
saying it can NEVER be owned, I'm just saying that 90% of the l33t hax0rs
who are going to look to own something are doing so because it is somehow
exposed to public infrastructure. If I were to put up an SCPC (single
channel per carrier, synonymous to point to point circuits) circuit
between point A and B, the persons looking to intercept my traffic would
need to know quite a bit of information about my signals.. Origination
Point, Destination Point, Modulation, Symbol Rates, Center Frequencies, PN
codes, TRANSEC keys, IP lay out, etc.

You won't hear me talk about how something is absolutely and completely
secure, but you will hear me preach from the rooftops the application of
technology that many people believe is outdated and abandoned. There is a
reason media providers and MSO's still use Satellite to downlink video
signals. The military is still heavily invested in this type of technology
because you are able to completely bypass traditionally used
infrastructure, and Utility companies are jumping on the band wagon as
well. I know of several SCADA (massive power companies) networks that ride
satellite completely for this reason. You can justify the cost and latency
with the security of owning a network that is completely removed from the
usual infrastructure.


On 2/20/13 10:05 AM, "Jamie Bowden" <jamie at photon.com> wrote:

>> From: Warren Bailey [mailto:wbailey at satelliteintelligencegroup.com]
>
>
>> If you are doing DS0 splitting on the DACS, you'll see that on the
>> other
>> end (it's not like channelized CAS ds1's or PRI's are difficult to look
>> at
>> now) assuming you have access to that. If the DACS is an issue, buy the
>> DACS and lock it up. I was on a .mil project that used old school
>> Coastcom
>> DI III Mux with RLB cards and FXO/FXS cards, that DACS carried some
>> pretty
>> top notch traffic and the microwave network (licensed .gov band)
>> brought
>> it right back to the base that project was owned by. Security is
>> expensive, because you cannot leverage a service provider model
>> effectively around it. You can explain the billion dollars you spent on
>> your global network of CRS-1's, but CRS-1's for a single application
>> usually are difficult to swallow. I'm not saying that it isn't done
>> EVER,
>> I'm just saying there are ways to avoid your 1998 red hat box from
>> rpc.statd exploitation - unplug aforementioned boxen from inter webs.
>
>Our connections to various .mil and others are private ds1's with full on
>end to end crypto over them.  You can potentially kill our connections,
>but you're not snooping them or injecting traffic into them.
>
>Jamie
>




----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From macwheel99 at wowway.com  Wed Feb 20 17:12:07 2013
From: macwheel99 at wowway.com (Al Mac Wow)
Date: Wed, 20 Feb 2013 19:12:07 -0600
Subject: [drone-list] Sovereignty violated by drones of China, Mexico, Turkey,
	USA, other nations
Message-ID: <mailman.4243.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

Some time in April 2012, China planned a drone strike in Myanmar against a
drug lord responsible for the death of 13 Chinese sailors.  Before
implementation, the target got arrested, and now is in China appealing a
death sentence.  News media stories Feb 2013 speculate that China had no
intention of informing Myanmar of this operation. 

 

http://worlddefenseandpolitics.blogspot.com/2013/02/china-planned-to-use-dro
ne-to-bomb-drug.html 

and
<http://blog.foreignpolicy.com/posts/2013/02/19/china_now_considering_drone_
strikes_in_its_drug_war>
http://blog.foreignpolicy.com/posts/2013/02/19/china_now_considering_drone_s
trikes_in_its_drug_war

 

This parallels:

*       USA and NATO allies drone strikes in Pakistan and other nations,
ignoring their sovereignty;

*        Israel uses drones in its war with various enemies in the occupied
territories;
http://www.lawfareblog.com/2012/10/todays-headlines-and-commentary-285/

o       And
https://www.nytimes.com/2012/10/08/world/middleeast/lebanon-says-israeli-pla
nes-circled-its-airspace-for-an-hour.html?ref=world

o       Also
http://www.hrw.org/news/2013/02/12/israel-gaza-airstrikes-violated-laws-war 

o       and
https://dronewarsuk.wordpress.com/2013/02/13/hrw-israeli-drone-strikes-kill-
palestinian-civilians-and-violate-laws-of-war/

*        Mexico army drones against drug cartels just inside USA territory;
http://www.bbc.co.uk/news/world-us-canada-12024766 

*         Turkey drone killed 34 innocent Kurdish villagers, just inside
Iraq, mistaking them for drug smugglers.
<http://www.eurasianet.org/node/65614> http://www.eurasianet.org/node/65614


o        and
<http://www.e-ir.info/2012/06/27/flying-blind-why-armed-drones-may-detract-f
rom-turkish-security/>
http://www.e-ir.info/2012/06/27/flying-blind-why-armed-drones-may-detract-fr
om-turkish-security/

 

There are probably more such cross-border drone attacks, whose details I do
not have handy.

 

Al Mac (WOW) = Alister William Macintyre


_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From smb at cs.columbia.edu  Wed Feb 20 18:07:07 2013
From: smb at cs.columbia.edu (Steven Bellovin)
Date: Wed, 20 Feb 2013 21:07:07 -0500
Subject: NYT covers China cyberthreat 
Message-ID: <mailman.4244.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>


On Feb 20, 2013, at 1:33 PM, valdis.kletnieks at vt.edu wrote:

> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
>> boys and girls, all the cyber-capable countries are cyber-culpable.  you
>> can bet that they are all snooping and attacking eachother, the united
>> states no less than the rest.  news at eleven.
> 
> The scary part is that so many things got hacked by a bunch of people
> who made the totally noob mistake of launching all their attacks from
> the same place....


This strongly suggests that it's not their A-team, for whatever value of
"their" you prefer.  (My favorite mistake was some of them updating their
Facebook pages when their work took them outside the Great Firewall.) They
just don't show much in the way of good operational security.

Aside: A few years ago, a non-US friend of mine mentioned a conversation
he'd had with a cyber guy from his own country's military.  According to
this guy, about 130 countries had active military cyberwarfare units.  I
don't suppose that the likes of Ruritania has one, but I think it's a safe
assumption that more or less every first and second world country, and not
a few third world ones are in the list.

The claim here is not not that China is engaging in cyberespionage.  That
would go under the heading of "I'm shocked, shocked to find that there's
spying going on here." Rather, the issue that's being raised is the target:
commercial firms, rather than the usual military and government secrets.
That is what the US is saying goes beyond the usual rules of the game.  In
fact, the US has blamed not just China but also Russia, France, and Israel
(see http://www.israelnationalnews.com/News/News.aspx/165108 -- and note
that that's an Israeli news site) for such activities.  France was notorious
for that in the 1990s; there were many press reports of bugged first class
seats on Air France, for example.

The term for what's going on is "cyberexploitation", as opposed to "cyberwar".
The US has never come out against it in principle, though it never likes it
when aimed at the US.  (Every other nation feels the same way about its
companies and networks, of course.)  For a good analysis of the legal aspects,
see http://www.lawfareblog.com/2011/08/what-is-the-government%E2%80%99s-strategy-for-the-cyber-exploitation-threat/




		--Steve Bellovin, https://www.cs.columbia.edu/~smb







----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 20 12:14:50 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 20 Feb 2013 21:14:50 +0100
Subject: About private networks (Was Re: NYT covers China cyberthreat)
Message-ID: <20130220201450.GL6172@leitl.org>

----- Forwarded message from Alain Hebert <ahebert at pubnix.net> -----


From eugen at leitl.org  Wed Feb 20 12:15:25 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 20 Feb 2013 21:15:25 +0100
Subject: Network security on multiple levels (was Re: NYT covers
  China 	cyberthreat)
Message-ID: <20130220201525.GN6172@leitl.org>

----- Forwarded message from Warren Bailey <wbailey at satelliteintelligencegroup.com> -----


From eugen at leitl.org  Wed Feb 20 12:17:15 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 20 Feb 2013 21:17:15 +0100
Subject: NYT covers China cyberthreat
Message-ID: <20130220201715.GO6172@leitl.org>

----- Forwarded message from Scott Weeks <surfer at mauigateway.com> -----


From eugen at leitl.org  Wed Feb 20 13:06:48 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 20 Feb 2013 22:06:48 +0100
Subject: [bitcoin-list] Version 0.8.0 released
Message-ID: <20130220210648.GP6172@leitl.org>

----- Forwarded message from Gavin Andresen <gavinandresen at gmail.com> -----


From companys at stanford.edu  Thu Feb 21 08:27:39 2013
From: companys at stanford.edu (Yosem Companys)
Date: Thu, 21 Feb 2013 08:27:39 -0800
Subject: [liberationtech] Chinese Hacking, Mandiant & Cyber War
Message-ID: <mailman.4245.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

From: Gary McGraw <gem at cigital.com>

No doubt all of you have seen the NY Times article about the Mandiant
report that pervades the news this week:
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

I believe it is important to understand the difference between cyber
espionage and cyber war.  Because espionage unfolds over months or years in
realtime, we can triangulate the origin of an exfiltration attack with some
certainty.  During the fog of a real cyber war attack, which is more likely
to happen in milliseconds,  the kind of forensic work that Mandiant did
would not be possible.  (In fact, we might just well be "Gandalfed" and pin
the attack on the wrong enemy as explained here:
http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare
.)

Sadly, policymakers seem to think we have completely solved the attribution
problem.  We have not.  This article published in Computerworld does an
adequate job of stating my position:
http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9

Those of us who work on security engineering and software security can help
educate policymakers and others so that we don't end up pursuing the folly
of active defense.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From rsk at gsp.org  Thu Feb 21 08:00:24 2013
From: rsk at gsp.org (Rich Kulawiec)
Date: Thu, 21 Feb 2013 11:00:24 -0500
Subject: NYT covers China cyberthreat
Message-ID: <mailman.4246.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

On Thu, Feb 21, 2013 at 01:34:13AM +0000, Warren Bailey wrote:
> I can't help but wonder what would happen if US Corporations simply
> blocked all inbound Chinese traffic. Sure it would hurt their business,
> but imagine what the Chinese people would do in response.

Would it hurt their business?  Really?

Well, if they're eBay, probably.  If they're Joe's Fill Dirt and
Croissants in Omaha, then probably not, because nobody, NOBODY in China
is ever actually going to purchase a truckload of dirt or a tasty
croissant from Joe.  So would it actually matter if they couldn't
get to Joe's web site or Joe's mail server or especially Joe's VPN server?
Probably not.

Nobody in Peru, Egypt, or Romania is likely to be buying from Joe
any time soon either.

This is why I've been using geoblocking at the network and host levels
for over a decade, and it works. But it does require that you make an
effort to study and understand your own traffic patterns as well as your
organizational requirements. [1]

I use it on a country-by-country basis (thank you ipdeny.com) and
on a service-by-service basis: a particular host might allow http
from anywhere, but ssh only from the country it's in.  I also
deny selected networks access to selected services, e.g., Amazon's
cloud doesn't get access to port 25 because of the non-stop spam
and Amazon's refusal to do anything about it.  Anything on the
Spamhaus DROP or EDROP lists (thank you Spamhaus) is not part
of my view of the Internet.  And so on.  Combined, all this
achieves lossless compression of abusive traffic.

This is not a security fix, per se; any services that are vulnerable
are still vulnerable.  But it does cut down on the attack surface as
measured along one axis, which in turn reduces the scope of some
problems and renders them more tractable to other approaches.

An even better approach, when appropriate, is to block everything
and then only enable access selectively.  This is a particularly
good idea when defending things like ssh.  Do you *really* need to
allow incoming ssh from the entire planet?  Or could "the US, Canada,
the UK and Germany" suffice?  If so, then why aren't you enforcing that?
Do you really think it's a good idea to give someone with a 15-million
member global botnet 3 or 5 or 10 brute-force attempts *per bot*
before fail2ban or similar kicks in?  I don't.  I think 0 attempts per
most bots is a much better idea.  Let 'em eat packet drops while they
try to figure out which subset of bots can even *reach* your ssh server.

Which brings me to the NYTimes, and the alleged hacking by the Chinese.
Why, given that the NYTimes apparently handed wads of cash over to
various consulting firms, did none of those firms get the NYTimes to
make a first-order attempt at solving this problem?  Why in the world
was anything in their corporate infrastructure accessible from the 2410
networks and 143,067,136 IP addresses in China?  Who signed off on THAT?

(Yes, yes, I *know* that the NYTimes has staff there, some permanently
and some transiently.  A one-off solution crafted for this use case
would suffice.  I've done it.  It's not hard.  And I doubt that
it would need to work for more than, what, a few dozen of the NYTimes'
7500 employees?  Clone and customize for Rio, Paris, Moscow, and
other locations.  This isn't hard either.  Oh, and lock it out of
everything that a field reporter/editor/photographer doesn't need,
e.g., there is absolutely no way someone coming in through one of
those should be able to reach the subscriber database.)

Two more notes: first, blocking inbound traffic is usually not enough.
Blocks should almost always be bidirectional. [2]  This is especially
important for things like the DROP/EDROP lists, because then spam
payloads, phishes, malware, etc. won't be able to phone home quite
so readily, and while your users will still be able to click on
links that lead to bad things...they won't get there.

Second, this may sound complex.  It's not.  I handle my needs with
make, rsync, a little shell, a little perl, and other similar tools,
but clearly you could do the same thing with any system configuration
management setup.  And with proper logging, it's not hard to discover
the mistakes and edge cases, to apply suitable fixes and temporary
point exceptions, and so on.

---rsk

[1] 'Now, your typical IT executive, when I discuss this concept with
him or her, will stand up and say something like, "That sounds great,
but our enterprise network is really complicated. Knowing about all the
different apps that we rely on would be impossible! What you're saying
sounds reasonable until you think about it and realize how absurd it
is!" To which I respond, "How can you call yourself a 'Chief Technology
Officer' if you have no idea what your technology is doing?" A CTO isn't
going to know detail about every application on the network, but if you
haven't got a vague idea what's going on it's impossible to do capacity
planning, disaster planning, security planning, or virtually any of the
things in a CTO's charter.'  --- Marcus Ranum

[2] "We were so concerned with getting out that we never stopped to
consider what we might be letting in, until it was too late."

Let's see who recognizes that one. ;-)


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From SNaslund at medline.com  Thu Feb 21 09:47:44 2013
From: SNaslund at medline.com (Naslund, Steve)
Date: Thu, 21 Feb 2013 11:47:44 -0600
Subject: NYT covers China cyberthreat
Message-ID: <mailman.4247.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

> I can't help but wonder what would happen if US Corporations simply 
> blocked all inbound Chinese traffic. Sure it would hurt their 
> business, but imagine what the Chinese people would do in response

First thing is the Chinese government would rejoice since they don't
want their citizens on our networks (except the ones they recruit for
cyber warfare, they can get other address ranges for those guys).  

Second thing is someone will make a ton of money bouncing Chinese
traffic through somewhere else (and someone will create a SPAMHAUS like
service to detect that, and so on, and so on, and so on)

Third thing is all the companies that do business in and around China
would be screaming because tons of them use VPNs that are sourced from
Chinese IP address space.  Some people even like to travel and access
things back home, you know weird stuff, like email, news, music, videos.

One of the biggest problems with geoblocking is that often the addresses
do not reveal the true source of the traffic.  If you block everything
from China, you miss attacks sourced from China that are bouncing
through bot networks with hosts worldwide.  Remember Tor, it is built to
defeat just that sort of security by obscuring source locations.
Corporations also often have egress points to the Internet in countries
other than the one the user is in.  If you block everything from China,
then you are locking out any of your own personnel that travel
Internationally or any of your customers that travel.  Who here has not
surfed the web from a hotel room on business.  Anyone with malicious
intent has a zillion ways to bypass that sort of security.  Obscuring
your source address is child's play.  The management of the geoblocking
will not be worth the minimal protection it provides.  Trying to locate
someone by address is a complete PITA in my opinion.  If you go to
Europe you will often get sent to the wrong Google sites because they
attempt to locate you instead of just letting you put in the correct URL
(if you are in the UK, it is not that hard to include .co.uk in your
URL.  I have been in the UK and gotten Google Germany and Google Spain
for no apparent reason (except that carriers in Europe have addresses
from all over the place because of mergers, alliances, and all sort of
other arrangements).

Blocking networks by service will also be a management nightmare since
addresses often change and new blocks get assigned and companies offer
different services.  Who manages all of that and who is going to tell
you when something changes (the answer is nobody, you will know when
stuff breaks).  If my network security guy had enough time to keep track
of all of Amazon's address space and what services they are offering
this week and all the services they host in their datacenters, I would
fire him for having that much time on his hands.  Can you keep track of
all the stuff coming from Akamai and where all their servers are at on a
continuing basis?  Cloud services will make blocking by service nearly
impossible since the network can reconfigure at any time.

I would love to see this implementation in a large corporate or
government network.  What a huge game of whack a mole that is.  Seems to
me that the time would be much better spent tuning up firewalls and
securing hosts properly. 

I think geoblocking gives you nothing but a false sense of security.  I
also believe that if you see an attack coming from China in particular
it is because they WANT you to know it is coming from China.  I would
think any state sponsor conducting a very serious attack would conceal
themselves better than that.  I also believe that a lot of attacks that
look like they are coming from China are actually coming from elsewhere.
Think about this,  if I am a hacker in the US, attacking a US victim, it
would be a big advantage to look like I was coming from China because it
almost guarantees no attempt to prosecute or track me down since
everyone in this business knows that if it comes out of China you can't
do anything about it.  I would not be surprised to find out China is
letting their capabilities be known just to remind everyone of what the
implications of messing with them is.  Remember Doctor Strangelove,
"what good is a doomsday bomb if you don't tell anyone about it ?!?!?"



Steven Naslund



-----Original Message-----
From: Rich Kulawiec [mailto:rsk at gsp.org] 
Sent: Thursday, February 21, 2013 10:00 AM
To: nanog at nanog.org
Subject: Re: NYT covers China cyberthreat

On Thu, Feb 21, 2013 at 01:34:13AM +0000, Warren Bailey wrote:
> I can't help but wonder what would happen if US Corporations simply 
> blocked all inbound Chinese traffic. Sure it would hurt their 
> business, but imagine what the Chinese people would do in response.

Would it hurt their business?  Really?

Well, if they're eBay, probably.  If they're Joe's Fill Dirt and
Croissants in Omaha, then probably not, because nobody, NOBODY in China
is ever actually going to purchase a truckload of dirt or a tasty
croissant from Joe.  So would it actually matter if they couldn't get to
Joe's web site or Joe's mail server or especially Joe's VPN server?
Probably not.

Nobody in Peru, Egypt, or Romania is likely to be buying from Joe any
time soon either.

This is why I've been using geoblocking at the network and host levels
for over a decade, and it works. But it does require that you make an
effort to study and understand your own traffic patterns as well as your
organizational requirements. [1]

I use it on a country-by-country basis (thank you ipdeny.com) and on a
service-by-service basis: a particular host might allow http from
anywhere, but ssh only from the country it's in.  I also deny selected
networks access to selected services, e.g., Amazon's cloud doesn't get
access to port 25 because of the non-stop spam and Amazon's refusal to
do anything about it.  Anything on the Spamhaus DROP or EDROP lists
(thank you Spamhaus) is not part of my view of the Internet.  And so on.
Combined, all this achieves lossless compression of abusive traffic.

This is not a security fix, per se; any services that are vulnerable are
still vulnerable.  But it does cut down on the attack surface as
measured along one axis, which in turn reduces the scope of some
problems and renders them more tractable to other approaches.

An even better approach, when appropriate, is to block everything and
then only enable access selectively.  This is a particularly good idea
when defending things like ssh.  Do you *really* need to allow incoming
ssh from the entire planet?  Or could "the US, Canada, the UK and
Germany" suffice?  If so, then why aren't you enforcing that?
Do you really think it's a good idea to give someone with a 15-million
member global botnet 3 or 5 or 10 brute-force attempts *per bot* before
fail2ban or similar kicks in?  I don't.  I think 0 attempts per most
bots is a much better idea.  Let 'em eat packet drops while they try to
figure out which subset of bots can even *reach* your ssh server.

Which brings me to the NYTimes, and the alleged hacking by the Chinese.
Why, given that the NYTimes apparently handed wads of cash over to
various consulting firms, did none of those firms get the NYTimes to
make a first-order attempt at solving this problem?  Why in the world
was anything in their corporate infrastructure accessible from the 2410
networks and 143,067,136 IP addresses in China?  Who signed off on THAT?

(Yes, yes, I *know* that the NYTimes has staff there, some permanently
and some transiently.  A one-off solution crafted for this use case
would suffice.  I've done it.  It's not hard.  And I doubt that it would
need to work for more than, what, a few dozen of the NYTimes'
7500 employees?  Clone and customize for Rio, Paris, Moscow, and other
locations.  This isn't hard either.  Oh, and lock it out of everything
that a field reporter/editor/photographer doesn't need, e.g., there is
absolutely no way someone coming in through one of those should be able
to reach the subscriber database.)

Two more notes: first, blocking inbound traffic is usually not enough.
Blocks should almost always be bidirectional. [2]  This is especially
important for things like the DROP/EDROP lists, because then spam
payloads, phishes, malware, etc. won't be able to phone home quite so
readily, and while your users will still be able to click on links that
lead to bad things...they won't get there.

Second, this may sound complex.  It's not.  I handle my needs with make,
rsync, a little shell, a little perl, and other similar tools, but
clearly you could do the same thing with any system configuration
management setup.  And with proper logging, it's not hard to discover
the mistakes and edge cases, to apply suitable fixes and temporary point
exceptions, and so on.

---rsk

[1] 'Now, your typical IT executive, when I discuss this concept with
him or her, will stand up and say something like, "That sounds great,
but our enterprise network is really complicated. Knowing about all the
different apps that we rely on would be impossible! What you're saying
sounds reasonable until you think about it and realize how absurd it
is!" To which I respond, "How can you call yourself a 'Chief Technology
Officer' if you have no idea what your technology is doing?" A CTO isn't
going to know detail about every application on the network, but if you
haven't got a vague idea what's going on it's impossible to do capacity
planning, disaster planning, security planning, or virtually any of the
things in a CTO's charter.'  --- Marcus Ranum

[2] "We were so concerned with getting out that we never stopped to
consider what we might be letting in, until it was too late."

Let's see who recognizes that one. ;-)



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From greatfire at greatfire.org  Wed Feb 20 20:19:56 2013
From: greatfire at greatfire.org (Martin Johnson)
Date: Thu, 21 Feb 2013 12:19:56 +0800
Subject: [liberationtech] "Chinas Internet?"
Message-ID: <mailman.4248.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

The majority of Internet users in Mainland China spend 100% of their online
time on Chinese websites. Google+, Facebook, YouTube, Twitter, Blogspot and
many more (see https://en.greatfire.org) are completely blocked in Mainland
China. Most other foreign websites are both considerably slower than
domestic ones, and subject to keyword-based blocking of certain URLs.

The majority of Internet users outside Mainland China spend 0% of their
online time on Chinese websites. This is not just a language issue - there
are a lot of Chinese-speaking people outside of Mainland China, and several
Chinese websites have English-language interfaces. It's also because they
are slow. The Great Firewall slows down traffic in both directions. Concern
with censorship may also discourage some users, as seen recently regarding
WeChat.

In this sense, there is a Chinese Internet or a Chinanet, as opposed to the
rest of the Internet. They are not completely cut off from each other, but
in practice there is little communication between the two. Unfortunately.

Martin Johnson
Founder of GreatFire.org | FreeWeibo.com | Unblock.cn.com
PGP key <https://en.greatfire.org/contact>


On Thu, Feb 21, 2013 at 11:57 AM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> Most likely it's bad writing. What they likely meant by "China's Internet"
> is China's social network sphere, such as Sina Weibo communities and so
> on...
>
>
> NK
>
>
> On Wed, Feb 20, 2013 at 10:53 PM, Brian Conley <brianc at smallworldnews.tv>wrote:
>
>> Photos of the dead sailors, their bodies gagged and blindfolded and some
>> with head wounds suggesting execution-style killings, circulated on Chinabs
>> Internet.
>>
>> From:
>> http://www.nytimes.com/2013/02/21/world/asia/chinese-plan-to-use-drone-highlights-military-advances.html?_r=0
>>
>> I know about the GFW of course, but anyone know the exact meaning of
>> nytimes referencing "China's Internet" as opposed to "was circulated in the
>> Internet by Chinese citizens?"
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Thu Feb 21 05:36:01 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 21 Feb 2013 14:36:01 +0100
Subject: [drone-list] Sovereignty violated by drones of China, Mexico, 
  Turkey, USA, other nations
Message-ID: <20130221133601.GZ6172@leitl.org>

----- Forwarded message from Al Mac Wow <macwheel99 at wowway.com> -----


From eugen at leitl.org  Thu Feb 21 05:56:36 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 21 Feb 2013 14:56:36 +0100
Subject: NYT covers China cyberthreat
Message-ID: <20130221135636.GF6172@leitl.org>

----- Forwarded message from Steven Bellovin <smb at cs.columbia.edu> -----


From eugen at leitl.org  Thu Feb 21 06:12:41 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 21 Feb 2013 15:12:41 +0100
Subject: [liberationtech] "Chinas Internet?"
Message-ID: <20130221141240.GI6172@leitl.org>

----- Forwarded message from Martin Johnson <greatfire at greatfire.org> -----


From macwheel99 at wowway.com  Thu Feb 21 19:35:10 2013
From: macwheel99 at wowway.com (Al Mac Wow)
Date: Thu, 21 Feb 2013 21:35:10 -0600
Subject: [drone-list] DHS FOIA on Privacy from Drones
Message-ID: <mailman.4249.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

DHS (US Dept of Homeland Security) came out TODAY with a FOIA document
internally dated Sep 2012, regarding Privacy from Drones.

http://www.dhs.gov/sites/default/files/publications/foia/working-group-to-sa
feguard-privacy-civil-rights-and-civil-liberties-in-the-departments-use-and-
support-of-unmanned-aerial-systems-uas-s1-information-memorandum-09142012.pd
f 

I started subscribing to news of OTHER people FOIA regarding drones.
Occasionally I see some very interesting info there.

I downloaded it, naming my copy "DHS Drone Privacy 2012 Sep" (I name based
on institution, topic, vintage)

I don't see any copyright notice, limiting re-distribution.

It is 3 pages, 221 k, informing us about a working group led by:

*        CRCL = Office for Civil Rights and Civil Liberties

*        PRIV = Privacy Office

*        Alphabet soup of organizations within DHS which use drones, or plan
to use them.  There are some unfamiliar acronyms there, which I will be
working on finding translations for.

 

This working group will address privacy, civil rights, and civil liberties
issues, with drones, which people have been screaming at DHS for years to
address.

They just thought this would be a good idea to do.  I suspect some of the
screaming directed via Congress may have something to do with the timing.

 

CRCL and PRIV are aware of

*        CBP (US Customs and Border Patrol) allegedly operates approx 10
Predator drones at and along US borders.

*        USCG (US Coast Guard) helps train CBP, and is evaluating their own
future drone acquisition.

*        S&T (I am guessing this refers to Science and Technology
Directorate of DHS) which oversees a partnership with local law enforcement
and first responder drone usage.

o       I learned about S&T of DHS at
http://www.gizmag.com/homeland-security-predictions/24452/ 

 

They do not believe that DHS has any other active drone programs, but
recognize things may change in the future.  I will be checking my notes,
because that list looks awful small.

*        DHS = US Department of Homeland Security <http://www.dhs.gov/> [1]

o       Some US states also have departments with the same name.

o       DHS is one of the largest departments in the US government.  Its
mandate includes:

*        Anti-Terrorism Domestic

*        Border protection

*        Citizenship

*        Critical Infrastructure protection

*        Cyber Security

*        Emergency Management - FEMA

*        Immigration

*        Ready dot Gov

*        Transportation Security Agency (TSA)

*        US Coast Guard

*        US Secret Service, which protects the Currency, President, and
other key officials

o       DHS is one of several federal departments and agencies supposedly
flying drones over US National Air Space (NAS).[2]

 

 

Al Mac (WOW) = Alister William Macintyre

  _____  

From: U.S. Department of Homeland Security
[mailto:departmentofhomelandsecurity at govdelivery.com] 
Sent: Thursday, February 21, 2013 12:08 PM
To: macwheel99 at wowway.com
Subject: DHS FOIA Published September 12, 2012 Working Group to Safeguard
Privacy, Civil Rights, and Civil Liberties in the Department's Use and
Support of Unmanned Aerial Systems (UAS) Memorandum

 



 



February 21, 2013


 DHS Privacy Office banner
<http://content.govdelivery.com/attachments/fancy_images/USDHS/2012/11/13399
3/143870/pobannerfinal-72dpi_original_crop.jpg> 


New DHS FOIA Document


You are subscribed to receive new DHS FOIA documents when they are issued by
the DHS Privacy Office.  Today we published the DHS FOIA Published September
14, 2012 Working Group to Safeguard Privacy, Civil Rights, and Civil
Liberties in the Department's Use and Support of Unmanned Aerial Systems
(UAS) Information Memorandum.

DHS FOIA Published September 14, 2012 Working Group to Safeguard Privacy,
Civil Rights, and Civil Liberties in the Department's Use and Support of
Unmanned Aerial Systems (UAS) Memorandum

 =============
<http://content.govdelivery.com/attachments/fancy_images/stock/2011/03/12307
/new-main-hr_original.gif?1308456128> 



Learn more about our mission


Find a wealth of privacy-related information on our
<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkP
TIwMTMwMjIxLjE1ODIzNjMxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDEzMDIyMS4xNTgyMzYzM
SZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDExNTc5JmVtYWlsaWQ9bWFjd2hlZWw5OUB3b3d3Y
XkuY29tJnVzZXJpZD1tYWN3aGVlbDk5QHdvd3dheS5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0Z
UlkPSYmJg==&&&101&&&http://www.dhs.gov/topic/privacy> website.

 

 DHS Seal Identity
<http://content.govdelivery.com/attachments/fancy_images/USDHS/2011/08/34700
/143871/dhs-seal-identity_original_crop.jpg> 


 =============
<http://content.govdelivery.com/attachments/fancy_images/stock/2011/02/10616
/modern-graphite-footer-shadow_original.jpg?1308456173> 

 
<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkP
TIwMTMwMjIxLjE1ODIzNjMxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDEzMDIyMS4xNTgyMzYzM
SZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDExNTc5JmVtYWlsaWQ9bWFjd2hlZWw5OUB3b3d3Y
XkuY29tJnVzZXJpZD1tYWN3aGVlbDk5QHdvd3dheS5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0Z
UlkPSYmJg==&&&102&&&http://content.govdelivery.com/bulletins/gd/USDHS-6d6794
?reqfrom=share> Bookmark and Share

  _____  

Update your subscriptions, modify your password or e-mail address, or stop
subscriptions at any time on your Subscriber
<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkP
TIwMTMwMjIxLjE1ODIzNjMxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDEzMDIyMS4xNTgyMzYzM
SZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDExNTc5JmVtYWlsaWQ9bWFjd2hlZWw5OUB3b3d3Y
XkuY29tJnVzZXJpZD1tYWN3aGVlbDk5QHdvd3dheS5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0Z
UlkPSYmJg==&&&103&&&https://public.govdelivery.com/accounts/USDHS/subscriber
/edit?preferences=true#tab1>  Preferences Page. You will need to use your
e-mail address to log in. If you have questions or problems with the
subscription service, please contact support at govdelivery.com.

This service is provided to you at no charge by the U.S.
<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkP
TIwMTMwMjIxLjE1ODIzNjMxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDEzMDIyMS4xNTgyMzYzM
SZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDExNTc5JmVtYWlsaWQ9bWFjd2hlZWw5OUB3b3d3Y
XkuY29tJnVzZXJpZD1tYWN3aGVlbDk5QHdvd3dheS5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0Z
UlkPSYmJg==&&&104&&&http://www.dhs.gov/index.shtm>  Department of Homeland
Security.

Privacy
<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkP
TIwMTMwMjIxLjE1ODIzNjMxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDEzMDIyMS4xNTgyMzYzM
SZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDExNTc5JmVtYWlsaWQ9bWFjd2hlZWw5OUB3b3d3Y
XkuY29tJnVzZXJpZD1tYWN3aGVlbDk5QHdvd3dheS5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0Z
UlkPSYmJg==&&&105&&&http://www.dhs.gov/xutil/gc_1157139158971.shtm>  Policy
| GovDelivery is providing this information on behalf of U.S. Department of
Homeland Security, and may not use the information for any other purposes.

  <https://service.govdelivery.com/banners/USDHS/dhs_logo.jpg> 

 

 

  _____  


This email was sent to macwheel99 at wowway.com using GovDelivery, on behalf
of: U.S. Department of Homeland Security . U.S. Department of Homeland
Security . Washington, DC 20528 . 800-439-1420

 
<http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkP
TIwMTMwMjIxLjE1ODIzNjMxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDEzMDIyMS4xNTgyMzYzM
SZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3NDExNTc5JmVtYWlsaWQ9bWFjd2hlZWw5OUB3b3d3Y
XkuY29tJnVzZXJpZD1tYWN3aGVlbDk5QHdvd3dheS5jb20mZmw9JmV4dHJhPU11bHRpdmFyaWF0Z
UlkPSYmJg==&&&106&&&http://www.govdelivery.com/portals/powered-by> Powered
by GovDelivery

 
<http://links.govdelivery.com:80/track?enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTMwMjIx
LjE1ODIzNjMxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDEzMDIyMS4xNTgyMzYzMSZkYXRhYmFz
ZWlkPTEwMDEmdHlwZT1vcGVuJnNlcmlhbD0xNzQxMTU3OSZlbWFpbGlkPW1hY3doZWVsOTlAd293
d2F5LmNvbSZ1c2VyaWQ9bWFjd2hlZWw5OUB3b3d3YXkuY29tJmZsPSZleHRyYT1NdWx0aXZhcmlh
dGVJZD0mJiY=> 


  _____  

[1] http://www.dhs.gov/ 

https://en.wikipedia.org/wiki/United_States_Department_of_Homeland_Security 

http://www.theatlantic.com/technology/archive/2012/06/what-the-heck-is-homel
and-security-doing-with-180-million-in-drones-mostly-sitting-around/258474/ 

[2] https://rt.com/usa/news/dhs-drone-surveillance-napolitano-156/ 


_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From rsk at gsp.org  Fri Feb 22 02:29:40 2013
From: rsk at gsp.org (Rich Kulawiec)
Date: Fri, 22 Feb 2013 05:29:40 -0500
Subject: [liberationtech] Fwd: [greg@pryzby.org: Ubuntu, Dash,
	Shuttleworth and privacy]
Message-ID: <mailman.4250.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

On Tue, Feb 19, 2013 at 04:53:48AM +0000, Jacob Appelbaum wrote:
> Sounds like someone should upload a package that fixes all of the
> privacy problems, eh?

I've thought about this for a couple of days and about 20 miles, and
although my initial reaction was "yes, they should", I'm now going to
reverse myself and say "well...maybe not".  Here's why.

I think the problem here is not susceptible to patching, because the
root cause isn't software: it's mindset.  The people who think that this
is actually a good idea -- and persist in thinking so despite cogent
(and in my opinion, highly persuasive) arguments to the contrary -- are
unlikely to shift course.  The course they've embarked on inevitably leads
to more of the same -- oh, with different technical details and levels of
impact, of course, but still: more of the same.  I am reminded of one
of my favorite quotes:

	"I could warn you of course, but you would not listen.  I could
	kill you, but someone would take your place.  So I do the only
	thing I can.  I go."

I don't think the situation is salvageable; I think the effort that could
be put into trying to do so is better spent elsewhere.

I think it's time to go.

---rsk
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Fri Feb 22 02:38:36 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 22 Feb 2013 11:38:36 +0100
Subject: [liberationtech] Fwd: [greg@pryzby.org: Ubuntu, Dash, 
  Shuttleworth and privacy]
Message-ID: <20130222103836.GG6172@leitl.org>

----- Forwarded message from Rich Kulawiec <rsk at gsp.org> -----


From eugen at leitl.org  Fri Feb 22 03:48:33 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 22 Feb 2013 12:48:33 +0100
Subject: [drone-list] DHS FOIA on Privacy from Drones
Message-ID: <20130222114833.GN6172@leitl.org>

----- Forwarded message from Al Mac Wow <macwheel99 at wowway.com> -----


From eugen at leitl.org  Fri Feb 22 04:31:11 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 22 Feb 2013 13:31:11 +0100
Subject: NYT covers China cyberthreat
Message-ID: <20130222123111.GV6172@leitl.org>

----- Forwarded message from Rich Kulawiec <rsk at gsp.org> -----


From eugen at leitl.org  Fri Feb 22 04:56:53 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 22 Feb 2013 13:56:53 +0100
Subject: [liberationtech] Chinese Hacking, Mandiant & Cyber War
Message-ID: <20130222125653.GY6172@leitl.org>

----- Forwarded message from Yosem Companys <companys at stanford.edu> -----


From zupemubiu.bgasken at onuci.net.jfet.org  Sat Feb 23 00:24:32 2013
From: zupemubiu.bgasken at onuci.net.jfet.org (applebury)
Date: Sat, 23 Feb 2013 09:24:32 +0100
Subject: I am Julia, 27 y.o. Russia (dating)
Message-ID: <BD8AE134.3D341CE7@onuci.net>

 Hi - I'm the girl in a pink jacket with the inscription Russia, remember
me?
http://girlsruonline.ru/?haapozuvl




From eugen at leitl.org  Sat Feb 23 03:25:43 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 23 Feb 2013 12:25:43 +0100
Subject: NYT covers China cyberthreat
Message-ID: <20130223112543.GT6172@leitl.org>

----- Forwarded message from "Naslund, Steve" <SNaslund at medline.com> -----


From cryptome at earthlnk.net  Sun Feb 24 04:22:42 2013
From: cryptome at earthlnk.net (John Young)
Date: Sun, 24 Feb 2013 07:22:42 -0500
Subject: [drone-list] Drones Beyond Drones
Message-ID: <mailman.4251.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

Other remote invaders often cloaked in benign rationales with little
attention to collateral damage caused by technological capabilities
not yet adequately perceived much less resisted and regulated:

Google's driverless vehicle drones are likely to be used for 24x7
surveillance by governments, corporations and individuals. Taxis
to be as driverless spy tools and archivists as black-boxed rental
vehicles and household appliances and security systems now are.

And never to be overlooked, pun, are satellite drones of dozens of
governments and corporations. Along with industrial, medical and
educational devices such as manufacturing robots and pipeline pigs,
medical orifice and organ probes and veinous blood-borne tags, and
"educational-scientific" data siphons, bots, aggregators and their
algorithmic, nano-minute-stethoscopic-colonoscopic processing.

The most comprehensive drone is the Internet massively tracking,
archiving, predicting behavior and aggregating content and usage of
websites, mail lists, chats, text, SM alluringly lightly protected, not
all really, by deceptive privacy policies and negligible government
oversight to favor rapacious spying, mining and targeting. We are
all implicated in this drone of drones by believing we can
asymmetrically control our input and output despite evidence
of counter-asymmetrical exploitation of drone behavior surveillance
overriding our puny self-protection.

It might be suspected that the age-old ploy of positing a shallow
threat to conceal a greater with the superficial furor over drone
spotting of the simplest sort to divert attention from the profound
drones we eagerly favor for our own secret rapacity not only for the
most popular pasttime of online porn but for lurking, spying on and
mining data, gossip, ridicule and hacking of each other.

Panoptic policy-wonkettes, strategists, theorists, think-tankers, critics,
compilators, controllers and pilots of drone systems, might be
seen as unwitting Benthamic-piloted drones fueled and inebriated
with illusory perceptive sagacity to perform robotic dispensation
of presbyopics through media, publication, teaching, conferencing,
blogging, op-eding, din-din palaver at $1000-plate engorgements,
comforted by solid-returns on investments in drone factories of
DoD, DoJ, Wall Street, Lockheed, Northrup, Google, Apple, Intel,
ATT, NYT et al, and their obedient monocular propagandic NGOs
entertaining, prattling, pontificating about not-a-chance-in-hell
privacy.


_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From coderman at gmail.com  Sun Feb 24 14:06:05 2013
From: coderman at gmail.com (coderman)
Date: Sun, 24 Feb 2013 14:06:05 -0800
Subject: [qubes-devel] please look at Comparison of Whonix, Tails,
  TBB and  Qubes OS TorVM
In-Reply-To: <51257AEE.8010202@riseup.net>
References: <51176FBD.6000702@riseup.net> 
  <51181318.5010505@invisiblethingslab.com> 
  <51257AEE.8010202@riseup.net>
Message-ID: <CAJVRA1RjantZOuJFAAy-wOgbdi2TQbJTvYACg6xAChPe8gyf5A@mail.gmail.com>

> On Mon, Feb 11, 2013 at 1:12 PM, Joanna Rutkowska <joanna at invisiblethingslab.com> wrote:
>> 1) You mention "vm exploit" in a few places. While I understand your
>> intention, I think it's not quite fair to compare e.g. a vm exploit
>> against Virtual Box with a vm exploit against Qubes. Even comparing
>> Virtual Box against Xen would be unfair, and in Qubes we have
>> additionally put some more work into further (comparing to Xen)
>> minimizing possibility of such attacks, e.g. by moving network backends
>> to untrusted netvm by default, by using explicit kernels for PV domains,
>> by using our custom GUI virtualization, by refactoring/hardening HVM
>> support, and ...

On Wed, Feb 20, 2013 at 5:39 PM, adrelanos <adrelanos at riseup.net> wrote:
> I see. Any suggestion how I could highlight that?

Qubes is built with security in mind and a clear intent to minimize
attacks surface. this is akin to the proactive defense grsecurity and
a hardened distro provides against a generic distribution.

compare the opposite approach of VMWare or VirtualBox which focus on
features and low level accelerations (kernel driver for network,
graphics, USB, acceleration, other extensions) without thought to the
added risk these less then hardened components expose the host
operating systems and other guests to.

for example, but not limited to, networking passive and active attacks
on physical and virtual endpoints, local and host privilege
escalations, driver level privilege escalations, and many other
serious vulnerabilities Qubes prevents outright by design and explicit
intent.


> [re cold boot attacks]
> but they are quite active and it's reasonable, that they will succeed. I
> can only give you a bunch of links. Should there be still questions, I
> recommend to sign up for the tails-dev mailing lists. They are friendly
> and if you read their pages and there are still questions, I am sure
> they answer very detailed. Even if there are no questions, I am sure
> they enjoy your comments.
>
> https://tails.boum.org/doc/advanced_topics/cold_boot_attacks/index.en.html
> https://tails.boum.org/contribute/design/memory_erasure/
> https://tails.boum.org/bugs/sdmem_does_not_clear_all_memory/
> https://tails.boum.org/todo/protect_against_external_bus_memory_forensics/
> https://tails.boum.org/todo/erase_memory_when_the_USB_stick_is_removed/
> https://tails.boum.org/todo/erase_video_memory_on_shutdown/
> https://tails.boum.org/todo/hugetlb_mem_wipe/ ...


all of these protections require zeroization to be performed before
physical access; an interesting HCI design detail itself...

  (at DEF CON there are the usual hack the software attack challenges,
and non computing seal and lock based physical attack challenges, but
i have not yet seen a hack the running system cold boot attack
challenge - perhaps because a real attack would likely be destructive
to some or most of the hardware to be tested.  i'd still be game for
mobile and workstation challenges if anyone else is interested :)




From eugen at leitl.org  Sun Feb 24 05:15:51 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 24 Feb 2013 14:15:51 +0100
Subject: [drone-list] Drones Beyond Drones
Message-ID: <20130224131551.GA6172@leitl.org>

----- Forwarded message from John Young <cryptome at earthlnk.net> -----


From ho.niodiaruj at lazyrockinw.net  Sun Feb 24 20:31:44 2013
From: ho.niodiaruj at lazyrockinw.net (EMELY LIVERS)
Date: Mon, 25 Feb 2013 05:31:44 +0100
Subject: Pharmaceuticals on the Web
Message-ID: <2A26F78D.4AB89B34@lazyrockinw.net>

USPS - Fast Delivery Shipping 1-4 day

PRODUCT QUALITY - 100% Guaranteed

   * U.S. Licensed Pharmacies
   * U.S. Licensed Physicians
   * Discreet Packaging
   * Confidential Ordering
   
3500000+ satisfied customers

http://gi.zonahealth-pro.ru/?bodyxvuz





From gwschulz30 at gmail.com  Mon Feb 25 11:02:28 2013
From: gwschulz30 at gmail.com (G.W. Schulz)
Date: Mon, 25 Feb 2013 13:02:28 -0600
Subject: [liberationtech] Mexico's most vulnerable reporters lack digital
	security skills
Message-ID: <mailman.4252.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

>
> "Most Mexican journalists and bloggers reporting on highly sensitive
> topics (such as crime, corruption, violence and human rights issues) do not
> fully understand the risks and threats they face when they use digital and
> mobile technology, even though the topics they cover make them even more
> vulnerable, a new survey<http://www.icfj.org/resources/digital-and-mobile-security-mexican-journalists-and-bloggers>
>  by Freedom House <http://www.freedomhouse.org/> and the International
> Center for Journalists <http://www.icfj.org/> finds."


http://ijnet.org/stories/mexicos-most-vulnerable-reporters-lack-digital-security-skills


-- 
G.W. Schulz
Center for Investigative Reporting
Desk: 512-382-5969
E-mail: gwschulz at cironline.org
About.Me/GWSchulz
www.cironline.org

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From macwheel99 at wowway.com  Mon Feb 25 14:10:31 2013
From: macwheel99 at wowway.com (Al Mac Wow)
Date: Mon, 25 Feb 2013 16:10:31 -0600
Subject: [drone-list] Feb 28 USB on Drones
Message-ID: <mailman.4253.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

http://www.independent.com/news/2013/feb/25/ucsb-symposium-examine-use-drone
s-humanist-perspec/ 

http://www.ia.ucsb.edu/pa/display.aspx?pkey=2949 

UC Santa Barbara on Thursday, February 28 will have a symposium: "Life in
the Age of Drones" to begin at 2 p.m. in the McCune Conference Room, 6020
Humanities and Social Sciences Building. The event is free and open to the
public.  Speakers to include:

 

*        Keynote address, "After the Drones," by Arthur Kroker, the Canada
Research Chair in Technology and Theory at the University of Victoria in
British Columbia; 

*        Marko Peljhan, professor of media arts and technology at UCSB and
co-director of the UC Institute for Research in the Arts, will discuss "The
Art and Science of Unmanned Systems -- A Brief History"; 

*        Lisa Parks, professor of film and media studies, and director of
UCSB's Center for Information Technology and Society (CITS), will discuss
"Targeted Homelands: Networked Visions of the U.S. Drone War in Pakistan"; 

*        filmmaker Casey Cooper Johnson, will screen and discuss his film
"UNMANNED: A Filmmaker's Journey"; 

*        and Nancy Mancias, a CODEPINK campaign organizer, whose talk is
titled "Much Ado About Drones: New Media to New War."

 

Al Mac = Alister William Macintyre

2013 Feb I become temporarily famous:
http://cryptome.org/2013/02/drone-nations.htm

 


_______________________________________________
drone-list mailing list
drone-list at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/drone-list

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From kanzure at gmail.com  Tue Feb 26 00:46:40 2013
From: kanzure at gmail.com (Bryan Bishop)
Date: Tue, 26 Feb 2013 02:46:40 -0600
Subject: [DIYbio] Fwd: 3D printing & intellectual property rights - So why are
	we bothering with GPL,CC etc licenses?
Message-ID: <mailman.4254.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>



From rsk at gsp.org  Tue Feb 26 04:35:22 2013
From: rsk at gsp.org (Rich Kulawiec)
Date: Tue, 26 Feb 2013 07:35:22 -0500
Subject: [liberationtech] Looking for collaborators for free-range
	voting project at Knight News Challenge:
Message-ID: <mailman.4255.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>


It won't work.  Until the bot/zombie is solved, online voting is
a non-starter, since any election worthy of being stolen can be.
It doesn't matter what you do on the server side: you can construct as
elaborate and clever and secure an infrastructure as you wish...because
on the client side, there is no way to ensure that what the user sees
is what's actually happening.  (After all: it's not *their* computer
any more.  Its new owners can, if they wish, cause a vote for candidate
A to be sent as a vote for candidate B, and they can prevent the user
from knowing that's happened.)

And given that (a) we're now about a decade into the zombie problem
(b) no significant effort against them has ever been attempted,
let alone completed [1] and (c) the problem is already epidemic and
continues to get worse [2] [3], there is no reason whatsoever to think
it will be mitigated, let alone solved, in the forseeable future.

This doesn't just apply to your proposal: it applies to *all* of
them.  Unless you can propose and execute a viable plan for solving
the zombie problem, then whatever you design/build can be undercut
whenever someone chooses to make the effort.  (And provided they're
not foolishly heavy-handed about it, it's unlikely you would be able
to detect this. [4])

---rsk

[1] Botnet "takedowns" are unimportant and irrelevant; their only
purpose is to provide a forum for the spokesliars at Microsoft et.al.
to trumpet their prowess while a gullible press and public overlook
that they *created* this problem.  Merely removing C&C networks does
nothing to remediate the individual members of the botnets, which are
still compromised, still vulnerable, and likely to be conscripted into
other botnets before the day is out.

[2] We're now seeing portable devices zombie'd: phones, tablets, etc.

[3] Estimates of zombie population vary, of course, but clearly, any
estimate under 100M should be laughed out of the room.  Vint Cerf gave
an estimate of 150M just about six years ago, and based on my own work
as well as that of others in the anti-spam/abuse area, I thought that
was on the high side at the time...but it's most certainly not now.
I think the number's probably in the 200-300M range at this point.
See: http://arstechnica.com/news.ars/post/20070125-8707.html for
Cerf's comments.

[4] See Schneier's insightful and chilling piece on this here:

	https://www.schneier.com/crypto-gram-0404.html#4

That piece should be absolutely mandatory reading for anyone even
considering voting systems.  It not only provides a method for
estimating attacker budgets, but it correctly points out that attackers
quite often could tip the balance of an election by manipulating a
rather small number of votes -- with a corresponding reduction in the
probability that the manipulation will be detected.

Note that Schneier wrote that in 2004.  If you repeat his analysis
with numbers from the 2012 election cycle you'll end up with *much*
large attacker budgets.  For example, Schneier says that in 2002,
Congressional candidates raised over 500M.  But

	https://www.opensecrets.org/news/2012/10/2012-election-spending-will-reach-6.html

says that in 2012, they spent about $1.82B.

--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

-- 
-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

--- 
You received this message because you are subscribed to the Google Groups "Doctrine Zero" group.
To unsubscribe from this group and stop receiving emails from it, send an email to DoctrineZero+unsubscribe at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Mon Feb 25 23:50:43 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 26 Feb 2013 08:50:43 +0100
Subject: [liberationtech] Mexico's most vulnerable reporters lack
  digital 	security skills
Message-ID: <20130226075042.GN6172@leitl.org>

----- Forwarded message from "G.W. Schulz" <gwschulz30 at gmail.com> -----


From edwincheese at gmail.com  Tue Feb 26 09:24:48 2013
From: edwincheese at gmail.com (Edwin Chu)
Date: Tue, 26 Feb 2013 09:24:48 -0800
Subject: [liberationtech] Looking for collaborators for free-range
	voting project at Knight News Challenge:
Message-ID: <mailman.4256.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

I would argue that voting backed by re-countable physical paper is
more reliable than pure electronic voting in an official election.
However, I think that an electronic voting is still very useful under
some specific situations.

In Hong Kong, the Chief Execute are not elected by citizen through
universal suffrage. The CE is instead chosen by a Election Committee
consist of about a thousand of persons mainly appointed. The demands
for an universal suffrage is clear, but the progress is hindered by
the CCP of mainland China and the vested interests. On the 2012 CE
election day, some people from the University of Hong Kong set up a
mock poll, dubbed "civic referendum", to allow the citizen to express
their views on the CE election. The mock is funded by public
donations.

The mock poll provided 15 physical polling stations, and online voting
via its website and smartphone. However, shortly after the mock poll
began, the online voting server were overwhelmed by huge amount of
requests from attackers and legitimate voters. It completely brought
down the online voting. Many people went to the physical stations,
which may be far away from their home, to cast their vote. Despite the
difficulties, a total of 222,990 votes are still casted in the
physical stations and online voting combined.
(http://en.wikipedia.org/wiki/Hong_Kong_Chief_Executive_election,_2012#Mock_polls)

The goal of this "civic referendum" is never to officially elect the
governor. By providing an unofficial election result which has higher
creditability and legitimacy than the official result from the
Election Committee, we hope to discredit the elected CE and the
Election Committee, demonstrating the demand for a truth universal
suffrage, and to push the democratic development forward.

Because the mock poll is funded by the community, we have no way to
set up enough physical voting stations and voter registry comparable
to the election organized by the government. Indeed, it is difficult
to prevent double voting in such "poor man's election". Some
supporters of the CCP criticized the mock poll for lack of
creditability with these reasons.

Due to the lack of resource, internet voting might be one of the only
means to allow most Hong Kong citizen to participate in a mock poll.
What we need is a deployable solution to allow people to vote
anonymously, either online or offline, at the same time provides
enough creditability and verifiability. A perfect solution is not
necessary because the goal isn't to replace the official paper votes.

Edwin


On Tue, Feb 26, 2013 at 6:49 AM, Joseph Lorenzo Hall <joe at cdt.org> wrote:
>
> (most of the statements I make below can be cited... holler if you want
> some reading.)
>
> On Tue Feb 26 08:15:54 2013, Ruben Bloemgarten wrote:
> > Irrespective of zombies et al. Voting requires the following basic
> > elements :
> > 1. verifiability when casting the vote, i.e. the voter can see that the
> > vote that is cast will be the vote that is counted. This is not possible
> > without a paper trail which is also a valid vote.
>
> This is a very complex topic, one that I've worked on for many years and
> was the central them of my PhD thesis. I think it's important to
> recognize that there are cryptographic voting systems that do verifiable
> paperless voting. With out-of-band secret sharing, it gets most of the
> way to what one would want to see... of course, the client-side malware
> problem and the general problem of unsupervised voting (people voting
> outside of an official location with polices that make sure only one
> person enters the booth, etc.).
>
> As a member of the board of directors of the Verified Voting Foundation,
> I should say that currently a paper trail backed by robust
> "risk-limiting audits" are the state-of-the-art for governmental elections.
>
> > 2. Counting control. Each step of the electoral process has to be
> > transparent for it to be valid. This means that *anyone* is allowed to
> > observe the counting of the votes, *and* is able to understand that
> > counting process. A printout of a result is not sufficient. Don4t forget
> > that casting the vote is the least important of the process, counting
> > the votes is.
>
> This is somewhat of a strawman... there is no way that one individual
> can observe all the steps in an election as complicated as the ones we
> regularly run in the U.S. (the U.S. is very strange compared to most
> other countries in terms of the massive requirements we place on the
> voting process... I would argue for very good public policy reasons).
> This is why the academic literature on these kinds of topics
> increasingly uses cryptographic auditing mechanisms to ensure that once
> a valid ballot enters the system, it can be tracked. (And, believe it or
> not, RFID-based inventory controls can do a lot.)
>
> > 3. Anonimity. There can not be any moment that a vote can be backtracked
> > to the person voting. Again, this can not be based on "trusting a
> > system". In many voting laws this anonymity has to be guaranteed, a
> > guarantee that even with paper ballots is problematic, but is
> > practically impossible in the case of electronic voting.
>
> I wouldn't agree that it's practically impossible... fancy primitives
> like mix-nets and interactive zero-knowledge proofs have been put to
> good use to come up with some basic assurances of secrecy. As I think
> you imply, there are fundamental limits... e.g., there are a number of
> small precincts in CA that I'm familiar with where all the cast ballots
> are virtually identical (this is just to underline that there are
> fundamental practical limits on ballot secrecy). And, as Josh Benaloh
> from MSR highlighted recently, this can be extended in steps to
> construct pretty interesting ballot secrecy violations (as one example,
> if I vote for candidate B and I see that all other ballots were counted
> for candidate A, I know everyone else's vote with certainty while they
> don't necessarily have the same level of certainty about others' ballots).
>
> > When we are discussing voting in its function of the backbone of a
> > democratic system, i.e. the moment when we temporarily delegate our
> > individual power to a representative, deciding who will wield the
> > monopoly on violence, there can be no aspect of this process that is
> > based on trust. If ever there was a system which has distrust at its
> > core, it is voting.
>
> The popular refrain in the field, I believe from Rice's Dan Wallach is:
> "the purpose of voting is to convince the loser they lost."
>
> > The only way to have any form of electronic voting be reliable is when
> > it is seconded by a re-countable paper copy, which means the choice is
> > between one big central printer distributing paper ballots or lots of
> > little little ones printing the ballot on the fly. This excludes online
> > voting completely and makes the entire concept a little silly really.
>
> I would say paper is necessary (at the moment) but not sufficient...
> meaningful audits are key. And no state in the U.S. is currently doing
> them in a robust manner. CA is the only state that has a pilot program
> to study and test practical implementation of "risk limiting audits";
> the idea being that an audit must test the hypothesis "hand-counting all
> ballots will not find enough error to change the outcome of the race."
> This is a formalized notion that many of us have worked on for a number
> of years... and, frankly, it's the biggest development in elections *for
> the entire world* in many decades. Here is a great Ars post on this that
> profiles UC Berkeley's Philip Stark, who is the leading mind here:
>
> http://arstechnica.com/tech-policy/2012/07/saving-american-elections-with-10-sided-dice-one-stats-profs-quest/
>
> > Apart from a child-like enthusiasm for anything with buttons and shiny
> > lights, can anyone here explain to me what the intended benefits of
> > electronic voting over paper voting would be ?
>
> Experts in voting distinguish between "electronic voting" --
> computer-mediated vote casting -- and "internet voting" -- adding in
> public networks to the equation. Electronic voting is no panacea, but
> most experts would agree (that may not matter to you, I'm not sure) that
> some of the real gains of computer interactivity with voting interfaces
> and the unique pressures of U.S. elections are such that we won't go
> back to completely paper-based elections. Sure, there are some very
> small jurisdictions that do all-paper in the U.S., but they're outliers.
>
> > Please note that all of the above only applies to political elections,
> > electronic voting is perfectly fine when voting for the X-factor.
>
> I would also raise labor union elections... they're different but
> subject to some seriously heavy regulation in the U.S. due to past abuse.
>
> best, Joe
>
> >
> >
> >
> > On 02/26/2013 01:35 PM, Rich Kulawiec wrote:
> >>
> >> It won't work.  Until the bot/zombie is solved, online voting is
> >> a non-starter, since any election worthy of being stolen can be.
> >> It doesn't matter what you do on the server side: you can construct as
> >> elaborate and clever and secure an infrastructure as you wish...because
> >> on the client side, there is no way to ensure that what the user sees
> >> is what's actually happening.  (After all: it's not *their* computer
> >> any more.  Its new owners can, if they wish, cause a vote for candidate
> >> A to be sent as a vote for candidate B, and they can prevent the user
> >> from knowing that's happened.)
> >>
> >> And given that (a) we're now about a decade into the zombie problem
> >> (b) no significant effort against them has ever been attempted,
> >> let alone completed [1] and (c) the problem is already epidemic and
> >> continues to get worse [2] [3], there is no reason whatsoever to think
> >> it will be mitigated, let alone solved, in the forseeable future.
> >>
> >> This doesn't just apply to your proposal: it applies to *all* of
> >> them.  Unless you can propose and execute a viable plan for solving
> >> the zombie problem, then whatever you design/build can be undercut
> >> whenever someone chooses to make the effort.  (And provided they're
> >> not foolishly heavy-handed about it, it's unlikely you would be able
> >> to detect this. [4])
> >>
> >> ---rsk
> >>
> >> [1] Botnet "takedowns" are unimportant and irrelevant; their only
> >> purpose is to provide a forum for the spokesliars at Microsoft et.al.
> >> to trumpet their prowess while a gullible press and public overlook
> >> that they *created* this problem.  Merely removing C&C networks does
> >> nothing to remediate the individual members of the botnets, which are
> >> still compromised, still vulnerable, and likely to be conscripted into
> >> other botnets before the day is out.
> >>
> >> [2] We're now seeing portable devices zombie'd: phones, tablets, etc.
> >>
> >> [3] Estimates of zombie population vary, of course, but clearly, any
> >> estimate under 100M should be laughed out of the room.  Vint Cerf gave
> >> an estimate of 150M just about six years ago, and based on my own work
> >> as well as that of others in the anti-spam/abuse area, I thought that
> >> was on the high side at the time...but it's most certainly not now.
> >> I think the number's probably in the 200-300M range at this point.
> >> See: http://arstechnica.com/news.ars/post/20070125-8707.html for
> >> Cerf's comments.
> >>
> >> [4] See Schneier's insightful and chilling piece on this here:
> >>
> >>      https://www.schneier.com/crypto-gram-0404.html#4
> >>
> >> That piece should be absolutely mandatory reading for anyone even
> >> considering voting systems.  It not only provides a method for
> >> estimating attacker budgets, but it correctly points out that attackers
> >> quite often could tip the balance of an election by manipulating a
> >> rather small number of votes -- with a corresponding reduction in the
> >> probability that the manipulation will be detected.
> >>
> >> Note that Schneier wrote that in 2004.  If you repeat his analysis
> >> with numbers from the 2012 election cycle you'll end up with *much*
> >> large attacker budgets.  For example, Schneier says that in 2002,
> >> Congressional candidates raised over 500M.  But
> >>
> >>      https://www.opensecrets.org/news/2012/10/2012-election-spending-will-reach-6.html
> >>
> >> says that in 2012, they spent about $1.82B.
> >>
> >> --
> >> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >>
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Joseph Lorenzo Hall
> Senior Staff Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe at cdt.org
> PGP: https://josephhall.org/gpg-key
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Tue Feb 26 04:58:15 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 26 Feb 2013 13:58:15 +0100
Subject: [ZS] Re: [liberationtech] Looking for collaborators for free-range
	voting project at Knight?News Challenge:
Message-ID: <mailman.4257.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>


I already mentioned that online voting is dangerous, hence
this is apropos.

The best way to deal with compromisability long-term is to issue
paying, voting ZS members a smartcard (and probably
a matching reader, probably USB). The user then generates a
secret onboard, and submits the fingerprint out of band
(i.e. not via his computer) so that it can be validated.
This can be combined with the CAcert way of doing things.
While smartcard secrets are extractable/cloneable in principle, this
attack is very expensive for decent hardware designs, and 
doesn't scale.

Before, things like surveymonkey and liquid feedback can be
only used to gauge public sentiment, not being tools trusted
enough to result in actual vote-taking, or even reflect
accurate sentiments. All voting for persons should not be
electronic, until a useful system is established.

Distributed P2P data structures, very similiar to the BitCoin
blockchain can act as tamper-proof public ledgers.

There are ways to upgrade these to anonymous, traceable
and recept-free votes. Such doesn't work for the general 
public, but should work for ZS, given we have the talent
to get it implemented and reviewed.

----- Forwarded message from Rich Kulawiec <rsk at gsp.org> -----


From eugen at leitl.org  Tue Feb 26 04:58:52 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 26 Feb 2013 13:58:52 +0100
Subject: [ZS] Re: [liberationtech] Looking for collaborators for
  free-range 	voting project at Knight?News Challenge:
Message-ID: <20130226125852.GT6172@leitl.org>

----- Forwarded message from Eugen Leitl <eugen at leitl.org> -----


From ruben at abubble.nl  Tue Feb 26 05:15:54 2013
From: ruben at abubble.nl (Ruben Bloemgarten)
Date: Tue, 26 Feb 2013 14:15:54 +0100
Subject: [liberationtech] Looking for collaborators for free-range
	voting project at Knight News Challenge:
Message-ID: <mailman.4258.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

Irrespective of zombies et al. Voting requires the following basic
elements :
1. verifiability when casting the vote, i.e. the voter can see that the
vote that is cast will be the vote that is counted. This is not possible
without a paper trail which is also a valid vote.

2. Counting control. Each step of the electoral process has to be
transparent for it to be valid. This means that *anyone* is allowed to
observe the counting of the votes, *and* is able to understand that
counting process. A printout of a result is not sufficient. Don4t forget
that casting the vote is the least important of the process, counting
the votes is.

3. Anonimity. There can not be any moment that a vote can be backtracked
to the person voting. Again, this can not be based on "trusting a
system". In many voting laws this anonymity has to be guaranteed, a
guarantee that even with paper ballots is problematic, but is
practically impossible in the case of electronic voting.

When we are discussing voting in its function of the backbone of a
democratic system, i.e. the moment when we temporarily delegate our
individual power to a representative, deciding who will wield the
monopoly on violence, there can be no aspect of this process that is
based on trust. If ever there was a system which has distrust at its
core, it is voting.

The only way to have any form of electronic voting be reliable is when
it is seconded by a re-countable paper copy, which means the choice is
between one big central printer distributing paper ballots or lots of
little little ones printing the ballot on the fly. This excludes online
voting completely and makes the entire concept a little silly really.

Apart from a child-like enthusiasm for anything with buttons and shiny
lights, can anyone here explain to me what the intended benefits of
electronic voting over paper voting would be ?

Please note that all of the above only applies to political elections,
electronic voting is perfectly fine when voting for the X-factor.

- Ruben



On 02/26/2013 01:35 PM, Rich Kulawiec wrote:
> 
> It won't work.  Until the bot/zombie is solved, online voting is
> a non-starter, since any election worthy of being stolen can be.
> It doesn't matter what you do on the server side: you can construct as
> elaborate and clever and secure an infrastructure as you wish...because
> on the client side, there is no way to ensure that what the user sees
> is what's actually happening.  (After all: it's not *their* computer
> any more.  Its new owners can, if they wish, cause a vote for candidate
> A to be sent as a vote for candidate B, and they can prevent the user
> from knowing that's happened.)
> 
> And given that (a) we're now about a decade into the zombie problem
> (b) no significant effort against them has ever been attempted,
> let alone completed [1] and (c) the problem is already epidemic and
> continues to get worse [2] [3], there is no reason whatsoever to think
> it will be mitigated, let alone solved, in the forseeable future.
> 
> This doesn't just apply to your proposal: it applies to *all* of
> them.  Unless you can propose and execute a viable plan for solving
> the zombie problem, then whatever you design/build can be undercut
> whenever someone chooses to make the effort.  (And provided they're
> not foolishly heavy-handed about it, it's unlikely you would be able
> to detect this. [4])
> 
> ---rsk
> 
> [1] Botnet "takedowns" are unimportant and irrelevant; their only
> purpose is to provide a forum for the spokesliars at Microsoft et.al.
> to trumpet their prowess while a gullible press and public overlook
> that they *created* this problem.  Merely removing C&C networks does
> nothing to remediate the individual members of the botnets, which are
> still compromised, still vulnerable, and likely to be conscripted into
> other botnets before the day is out.
> 
> [2] We're now seeing portable devices zombie'd: phones, tablets, etc.
> 
> [3] Estimates of zombie population vary, of course, but clearly, any
> estimate under 100M should be laughed out of the room.  Vint Cerf gave
> an estimate of 150M just about six years ago, and based on my own work
> as well as that of others in the anti-spam/abuse area, I thought that
> was on the high side at the time...but it's most certainly not now.
> I think the number's probably in the 200-300M range at this point.
> See: http://arstechnica.com/news.ars/post/20070125-8707.html for
> Cerf's comments.
> 
> [4] See Schneier's insightful and chilling piece on this here:
> 
> 	https://www.schneier.com/crypto-gram-0404.html#4
> 
> That piece should be absolutely mandatory reading for anyone even
> considering voting systems.  It not only provides a method for
> estimating attacker budgets, but it correctly points out that attackers
> quite often could tip the balance of an election by manipulating a
> rather small number of votes -- with a corresponding reduction in the
> probability that the manipulation will be detected.
> 
> Note that Schneier wrote that in 2004.  If you repeat his analysis
> with numbers from the 2012 election cycle you'll end up with *much*
> large attacker budgets.  For example, Schneier says that in 2002,
> Congressional candidates raised over 500M.  But
> 
> 	https://www.opensecrets.org/news/2012/10/2012-election-spending-will-reach-6.html
> 
> says that in 2012, they spent about $1.82B.
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 

--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Tue Feb 26 05:17:28 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 26 Feb 2013 14:17:28 +0100
Subject: [liberationtech] Looking for collaborators for free-range 
  voting project at Knight?News Challenge:
Message-ID: <20130226131728.GU6172@leitl.org>

----- Forwarded message from Ruben Bloemgarten <ruben at abubble.nl> -----


From eugen at leitl.org  Tue Feb 26 05:26:34 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 26 Feb 2013 14:26:34 +0100
Subject: [DIYbio] Fwd: 3D printing & intellectual property rights - So
  why 	are we bothering with GPL,CC etc licenses?
Message-ID: <20130226132634.GV6172@leitl.org>

----- Forwarded message from Bryan Bishop <kanzure at gmail.com> -----


From fatalityk295 at rogersgray.com  Tue Feb 26 11:53:32 2013
From: fatalityk295 at rogersgray.com (rssilka+)
Date: Tue, 26 Feb 2013 16:53:32 -0300
Subject: =?koi8-r?B?8sHT09nMy8Eg0M8g3MzFy9TSz87Oz8og0M/e1MUgySDz7fMgLSDP3sXO?=
	=?koi8-r?B?2CDcxsbFy9TJ187B0SE=?=
Message-ID: <9A33FDA5764740F087B0EA720B70A9A0@shadowlitesp3>

ﾐ�ﾐｰﾑ�ﾑ�ﾑ巾ｻﾐｺﾐｰ ﾐｿﾐｾ ﾑ災ｻﾐｵﾐｺﾑび�ﾐｾﾐｽﾐｽﾐｾﾐｹ ﾐｿﾐｾﾑ�ﾑひｵ ﾐｸ ﾐ｡ﾐ慴｡ (ﾐ慴ｾﾑ�ﾐｺﾐｲﾐｰ ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾑ� ﾐ｡ﾐ斷�)
ﾐｦﾐｵﾐｽﾐｰ ﾐｾﾑ� 2500 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ
ﾐ｡ﾐｺﾐｸﾐｴﾐｺﾐｸ ﾐｽﾐｰ ﾐｾﾐｱﾑ諌ｵﾐｼﾑ�
ﾐ�ﾐｰﾐｷﾐｽﾑ巾ｵ ﾐｱﾐｰﾐｷﾑ�

ﾐ｡ﾐｵﾐｳﾐｾﾐｴﾐｽﾑ� ﾐ籍ｺﾑ�ﾐｸﾑ� 3 email ﾑ�ﾐｰﾑ�ﾑ�ﾑ巾ｻﾐｺﾐｸ ﾐｿﾐｾ ﾐ慴ｾﾑ�ﾐｺﾐｲﾐｵ ﾐｸﾐｻﾐｸ ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾐｸ  ﾐｷﾐｰ 5 000 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ!

ﾐ渙ｾﾐｴﾑ�ﾐｾﾐｱﾐｽﾐｵﾐｵ ﾐｿﾐｾ ﾐｿﾐｾ4ﾑひｵ -   rassilka at yahoo.com (ﾐｽﾐｵ ﾐｾﾑひｲﾐｵﾑ�ﾐｰﾐｹﾑひｵ  ﾐｰﾐｲﾑひｾﾐｼﾐｰﾑひｸﾑ�ﾐｵﾑ�ﾐｺﾐｸ  ﾐｽﾐｰ ﾐｿﾐｸﾑ�ﾐｼﾐｾ , ﾐｲﾐｲﾐｾﾐｴﾐｸﾑひｵ ﾐｽﾐｰﾑ� ﾐｰﾐｴﾑ�ﾐｵﾑ�  ﾐｲﾑ�ﾑτ�ﾐｽﾑτ�)
ﾐ｢ﾐｵﾐｻﾐｵﾑ�ﾐｾﾐｽ  ﾐｿﾐｾ ﾐｷﾐｰﾐｿﾑ�ﾐｾﾑ�ﾑ�




From macwheel99 at wowway.com  Tue Feb 26 18:45:16 2013
From: macwheel99 at wowway.com (Al Mac Wow)
Date: Tue, 26 Feb 2013 20:45:16 -0600
Subject: [drone-list] Feb 27 US House Judiciary Drones hearing
Message-ID: <mailman.4259.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

http://www.lawfareblog.com/2013/02/house-judiciary-committee-written-stateme
nts-for-tomorrows-hearing/ 

Witness statements now available for Feb 27 hearing of US House Judiciary
committee http://judiciary.house.gov/ hearing Wed Feb 27 at 10 a.m., on 

"Drones and the War on Terror: When Can the U.S. Target Alleged American
Terrorists Overseas?"

 

Testimony from the various witnesses:

Bellinger 11 pages
http://www.lawfareblog.com/wp-content/uploads/2013/02/Bellinger-02272013.pdf


Chesney 11 pages
http://www.lawfareblog.com/wp-content/uploads/2013/02/Chesney-02272013.pdf 

Vladeck 12 pages

Wittes 18 pages

See http://judiciary.house.gov/hearings/113th/hear_02272013_2.html and 

http://www.lawfareblog.com/2013/02/house-judiciary-committee-written-stateme
nts-for-tomorrows-hearing/ 

 

Other relevant links:

 

House Judiciary Press Release

http://judiciary.house.gov/news/2013/02252013_3.html 

All House Judiciary Committee hearings are webcast live at
www.judiciary.house.gov. 

 

Witness list for
http://judiciary.house.gov/hearings/113th/hear_02272013_2.html Feb 27
hearing:

http://www.lawfareblog.com/2013/02/witness-list-for-feb-27-house-judiciary-h
earing-on-drones-and-the-war-on-terror/

 

Initial discovery that this was coming

http://www.lawfareblog.com/2013/02/february-27-house-judiciary-hearing-on-dr
ones-and-the-war-on-terror/ 

http://www.volokh.com/2013/02/24/house-judiciary-committee-feb-27-hearing-on
-drones-and-the-war-on-terror/?ModPagespeed=noscript 

 

 

Al Mac (WOW) = Alister William Macintyre


--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/drone-list

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From tzarsapg33 at ray-q.com  Tue Feb 26 22:22:40 2013
From: tzarsapg33 at ray-q.com (=?koi8-r?B?IvfB1s7PISI=?=)
Date: Tue, 26 Feb 2013 22:22:40 -0800
Subject: =?koi8-r?B?9dPU0sHOyc0g1dHa18nNz9PUySDXwdvFx88g08HK1MEhIOLl8/Ds4fTu?=
	=?koi8-r?B?7yAtINzL09DSxdPTIMHVxMnUINPBytTBIQ==?=
Message-ID: <F2309D9FFBAE45BDAA0167FCEE8EC67E@user47217ae0af>

ﾐ片ｶﾐｵﾐｴﾐｽﾐｵﾐｲﾐｽﾐｾ  ﾑ�ﾐｾﾑひｽﾐｸ ﾑび錦�ﾑ肖� ﾑ�ﾐｰﾐｹﾑひｾﾐｲ ﾐｿﾐｾﾐｴﾐｲﾐｵﾑ�ﾐｳﾐｰﾑ紗び�ﾑ� ﾐｲﾐｷﾐｻﾐｾﾐｼﾑ� ﾐｸ ﾐｰﾑひｰﾐｺﾐｰﾐｼ!

ﾐ渙ｾﾐｻﾐｽﾐｰﾑ� ﾐｷﾐｰﾑ禍ｸﾑひｰ ﾐｸ ﾑτ�ﾑび�ﾐｰﾐｽﾐｵﾐｽﾐｸﾐｵ ﾑτ紹ｷﾐｲﾐｸﾐｼﾐｾﾑ�ﾑひｵﾐｹ  ﾐｲﾐｰﾑ威ｵﾐｳﾐｾ ﾑ�ﾐｰﾐｹﾑひｰ!
ﾐ厘ｰﾐｺﾐｰﾐｶﾐｸﾑひｵ ﾑ�ﾐｾﾐｲﾐｵﾑ�ﾑ威ｵﾐｽﾐｽﾐｾ ﾐ岱片｡ﾐ渙嶢籍｢ﾐ斷� - ﾐｭﾐ墟｡ﾐ渙片�ﾐ片｡ﾐ｡ ﾐ籍｣ﾐ頒侑｢ ﾐ｡ﾐ籍厰｢ﾐ�

ﾐ｣ﾐｷﾐｽﾐｰﾐｹ ﾐｿﾐｾﾐｴﾑ�ﾐｾﾐｱﾐｽﾐｵﾐｵ ﾐｽﾐｰ www.ﾐｱﾐｵﾐｷﾐｾﾐｿﾐｰﾑ�ﾐｽﾐｾﾑ�ﾑび袴�ﾐｰﾐｹﾑひｰ.ﾑ�ﾑ�




From nadim at nadim.cc  Tue Feb 26 20:47:51 2013
From: nadim at nadim.cc (Nadim Kobeissi)
Date: Wed, 27 Feb 2013 05:47:51 +0100
Subject: [liberationtech] Mexico's most vulnerable reporters lack
	digital security skills
Message-ID: <mailman.4260.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

That's incredible. I honestly did not know any of this. Drug lords in the
Middle East aren't half as terrifying.

With this kind of terrifying landscape, what accessible technology could
possibly secure the communications of Mexican journalists against not only
interception, but against their own future torture and other such
ancillary, surrounding threats that may be borne from using encryption?
This situation is so awful that we security people should add it to our
repertoire of absolutes ("will this survive NSA intervention?" "will this
survive Mexican drug cartel intervention?")

They really add to the threat landscape by being not only more unbridled
and omnipotent than a bad regime, but not even subject to the smallest
shred of responsibility in terms of governance and stability. Even the
worst governments still are.

 I don't know what on earth Mexican journalists are supposed to do when
confronted with such an absurd threat landscape.


NK


On Wed, Feb 27, 2013 at 1:42 AM, Ryan Gallagher <ryan at rjgallagher.co.uk>wrote:

> On 27 February 2013 00:01, Eva Galperin <eva at eff.org> wrote:
>
>> I'm not sure that I would support ranking drug cartels as a less
>> technologically sophisticated threat than the government in Mexico.
>>
>
> Very much agree, Eva. If I were working out of Mexico it would be under
> the assumption that the cartels could, if they really wanted to, obtain the
> same info that is available to law enforcement agencies and/or government
> officials via the use of surveillance tech.
>
> Mexico has a fairly sophisticated surveillance infrastructure. Since at
> least 2006 it has has apparently operated a Verint mass monitoring system
> that can intercept "virtually any wired, wireless or broadband
> communication network and service," and this system has since been upgraded
> with the help of the US government:
> http://www.nextgov.com/technology-news/2012/04/state-department-provide-mexican-security-agency-surveillance-apparatus/55490/
>
> Mexican authorities also have access to other tools, such as spy trojans:
> http://www.slate.com/blogs/future_tense/2012/08/03/surveillance_technology_in_mexico_s_drug_war_.html
>
> And as Bloomberg Businessweek reported in 2011: "Recent killings indicate
> the cartels are taking the new online tactics seriouslyband that the
> activists may have miscalculated in counting on nicknames and IP addresses
> for protection....the U.S. firm Stratfor and security experts in Mexico
> warned that, with so many government officials on the take, the cartels
> likely have access to the military-grade tracking technology used by the
> Mexican government. In at least one case, according to journalist Valdez,
> the Sinaloan cartel hired a hacker to hunt down a government informant."
> http://www.businessweek.com/magazine/mexicos-drug-war-takes-to-the-blogosphere-11092011.html#p2
>
> Best,
>
> Ryan
>
>
>> While there isn't a lot of evidence that drug cartels have used
>> technologically sophisticated means to track down anonymous/pseudonymous
>> bloggers and journalists, corruption is sufficiently widespread that if
>> my life depended on it, I would assume that the drug cartels could have
>> access to the same information that the government has through bribery
>> and threats.
>>
>> There are circumstances in which I would support the use of Cryptocat by
>> Mexican journalists (and it's certainly an improvement over sending
>> messages in the clear, which many Mexican journalists are doing) but
>> transmitting information which you would like to keep secret from drug
>> cartels is probably not one of them.
>>
>> ************************************************
>> Eva Galperin
>> Global Policy Analyst
>> Electronic Frontier Foundation
>> eva at eff.org
>> (415) 436-9333 ex. 111
>> ************************************************
>>
>> On 2/25/13 1:36 PM, Nadim Kobeissi wrote:
>> > Hi,
>> > At Cryptocat we are developing an easy to use instant messaging tool
>> that
>> > is available in 34 languages. It encrypts all of your conversations,
>> > preserves your privacy and works in your browser.
>> >
>> > If you are a Mexican journalist and your opponent is not highly skilled
>> in
>> > information technology intelligence (not a government, but a drug
>> cartel)
>> > then you should try Cryptocat. It does not leave a record of
>> conversations
>> > anywhere and does not transmit anything in the clear.
>> >
>> > Get Cryptocat here: https://crypto.cat
>> > Make sure to read the warnings on the site to get familiar with the
>> app's
>> > limitations.
>> >
>> >
>> > NK
>> >
>> >
>> > On Mon, Feb 25, 2013 at 10:13 PM, Brian Conley <
>> brianc at smallworldnews.tv>wrote:
>> >
>> >> Hi Kyle,
>> >>
>> >> I've been developing a tool called StoryMaker for journalists and
>> citizen
>> >> journalists.
>> >>
>> >> It's private/secure by design, so ideal for this use case.
>> >>
>> >>  There is a 10 lesson curriculum in mobile digital safety, and the app
>> >> itself that could all be translated into Spanish. Then perhaps the app
>> >> and/or curriculum might be used to educate and assist them in their
>> work?
>> >>
>> >> https://www.transifex.com/projects/p/storymaker/language/es/
>> >>
>> >> Resources 20-29 + 210 are the digital safety lessons.
>> >>
>> >> cheers
>> >>
>> >> brian
>> >>
>> >> On Mon, Feb 25, 2013 at 1:04 PM, Kyle Maxwell <krmaxwell at gmail.com>
>> wrote:
>> >>
>> >>> I'm curious how the infosec community, particularly those of us who
>> >>> speak and write Spanish, can assist in helping Mexican activists and
>> >>> journalists. I understand that a large portion of that community
>> >>> actively exchanges data on Twitter; any pointers would be appreciated.
>> >>>
>> >>> Feel free to contact me off-list if desired.
>> >>>
>> >>> On Mon, Feb 25, 2013 at 1:02 PM, G.W. Schulz <gwschulz30 at gmail.com>
>> >>> wrote:
>> >>>>> "Most Mexican journalists and bloggers reporting on highly sensitive
>> >>>>> topics (such as crime, corruption, violence and human rights issues)
>> >>> do not
>> >>>>> fully understand the risks and threats they face when they use
>> digital
>> >>> and
>> >>>>> mobile technology, even though the topics they cover make them even
>> >>> more
>> >>>>> vulnerable, a new survey by Freedom House and the International
>> Center
>> >>> for
>> >>>>> Journalists finds."
>> >>>>
>> >>>>
>> >>>>
>> >>>
>> http://ijnet.org/stories/mexicos-most-vulnerable-reporters-lack-digital-security-skills
>> >>>
>> >>>
>> >>> --
>> >>> Kyle Maxwell [krmaxwell at gmail.com]
>> >>> http://www.xwell.org
>> >>> Twitter: @kylemaxwell
>> >>> --
>> >>> Unsubscribe, change to digest, or change password at:
>> >>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >>
>> >>
>> >>
>> >> Brian Conley
>> >>
>> >> Director, Small World News
>> >>
>> >> http://smallworldnews.tv
>> >>
>> >> m: 646.285.2046
>> >>
>> >> Skype: brianjoelconley
>> >>
>> >>
>> >>
>> >> --
>> >> Unsubscribe, change to digest, or change password at:
>> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >>
>> >
>> >
>> >
>> > --
>> > Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by
>> emailing moderator at companys at stanford.edu or changing your settings at
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From Marcie.Tomopoulos at xddddx.net.jfet.org  Wed Feb 27 00:19:10 2013
From: Marcie.Tomopoulos at xddddx.net.jfet.org (Tamsyn)
Date: Wed, 27 Feb 2013 09:19:10 +0100
Subject: Classic ED-pack for cheap
Message-ID: <03931630.AFF31160@xddddx.net>

USPS - Fast Delivery Shipping 1-4 day

PRODUCT QUALITY - 100% Guaranteed

   * U.S. Licensed Pharmacies
   * U.S. Licensed Physicians
   * Discreet Packaging
   * Confidential Ordering
   
3500000+ satisfied customers

http://phybkuwvi.vhealth-pro.ru/?rlku




From virtualadept at gmail.com  Wed Feb 27 09:39:43 2013
From: virtualadept at gmail.com (Bryce Lynch)
Date: Wed, 27 Feb 2013 12:39:43 -0500
Subject: saving files to blockchain
Message-ID: <mailman.4261.1576008248.31620.cypherpunks-legacy@lists.cpunks.org>

On Wed, Feb 27, 2013 at 7:13 AM, Eugen Leitl <eugen at leitl.org> wrote:

> ----- Forwarded message from Karel Bmlek <kb at karelbilek.com> -----
>
> From: Karel Bmlek <kb at karelbilek.com>
> Date: Wed, 20 Feb 2013 09:09:34 +0100
> To: Cypherpunks list <cypherpunks at al-qaeda.net>
> Subject: saving files to blockchain
>
> I built a way to save any arbitrary files to the namecoin blockchain.
> (so you can save any stuff forever and anonymously)
>

The Namecoin codebase hasn't been touched for over a year.  It's dead as
the proverbial doornail.

These are worth investigating, however:

https://xcayp.com/
http://pouchdb.com/

-- 
The Doctor [412/724/301/703] [ZS]
https://drwho.virtadpt.net/
"I am everywhere."

-- 
You received this message because you are subscribed to the Google Groups "ZS-P2P" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zs-p2p+unsubscribe at googlegroups.com.
To post to this group, send email to zs-p2p at googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From eugen at leitl.org  Wed Feb 27 04:09:44 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 27 Feb 2013 13:09:44 +0100
Subject: [drone-list] Drone Journalism via U of Missouri
Message-ID: <20130227120944.GK6172@leitl.org>

----- Forwarded message from Al Mac Wow <macwheel99 at wowway.com> -----


From eugen at leitl.org  Wed Feb 27 04:15:02 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 27 Feb 2013 13:15:02 +0100
Subject: saving files to blockchain
In-Reply-To: <CAGUkT8Yo17SX4FAbjtqdY9METtUjRiUpGTwjnxky9AhOXbiw9g@mail.gmail.com>
References: <CAGUkT8Yo17SX4FAbjtqdY9METtUjRiUpGTwjnxky9AhOXbiw9g@mail.gmail.com>
Message-ID: <20130227121502.GN6172@leitl.org>

On Wed, Feb 20, 2013 at 09:09:34AM +0100, Karel Bmlek wrote:
> I built a way to save any arbitrary files to the namecoin blockchain.
> (so you can save any stuff forever and anonymously)
> 
> It is totally slow and inefficient but I think it's partly the fault
> of the namecoin daemon.
> 
> see
> 
> https://github.com/runn1ng/namecoin-files

Interesting. This isn't DoSable, as you can charge
for ledger transactions, right?

I was thinking about implementing a public
tamper-resistant voting ledger for secure online voting,
and was thinking of a blockchain-like infrastructure.

See any problems with that?




From eugen at leitl.org  Wed Feb 27 06:55:39 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 27 Feb 2013 15:55:39 +0100
Subject: [drone-list] Feb 28 USB on Drones
Message-ID: <20130227145539.GW6172@leitl.org>

----- Forwarded message from Al Mac Wow <macwheel99 at wowway.com> -----


From eugen at leitl.org  Wed Feb 27 09:45:13 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 27 Feb 2013 18:45:13 +0100
Subject: saving files to blockchain
Message-ID: <20130227174513.GK6172@leitl.org>

----- Forwarded message from Bryce Lynch <virtualadept at gmail.com> -----


From kb at karelbilek.com  Wed Feb 27 10:03:01 2013
From: kb at karelbilek.com (=?ISO-8859-1?Q?Karel_B=EDlek?=)
Date: Wed, 27 Feb 2013 19:03:01 +0100
Subject: saving files to blockchain
In-Reply-To: <20130227174513.GK6172@leitl.org>
References: <20130227174513.GK6172@leitl.org>
Message-ID: <CAGUkT8aje=XK1Fk0F0RYqHkRHf3ArYEt=5NN5j5CV33VAit_eA@mail.gmail.com>

Well it's dead (as in codebase), but the p2p network still works, there are
stuff added to the blockchain all the time.

However it is currently not suited for saving bigger files (as I wrote to
the git repo, it eats too much memory and diskspace and I am not exactly
sure why), just smaller text files, I would say. I wanted to build some
simple GUI for that but I currently don't have time for that.

KB


On Wed, Feb 27, 2013 at 6:45 PM, Eugen Leitl <eugen at leitl.org> wrote:

> ----- Forwarded message from Bryce Lynch <virtualadept at gmail.com> -----
>
> From: Bryce Lynch <virtualadept at gmail.com>
> Date: Wed, 27 Feb 2013 12:39:43 -0500
> To: zs-p2p at googlegroups.com
> Subject: Re: saving files to blockchain
> Reply-To: zs-p2p at googlegroups.com
>
> On Wed, Feb 27, 2013 at 7:13 AM, Eugen Leitl <eugen at leitl.org> wrote:
>
> > ----- Forwarded message from Karel Bmlek <kb at karelbilek.com> -----
> >
> > From: Karel Bmlek <kb at karelbilek.com>
> > Date: Wed, 20 Feb 2013 09:09:34 +0100
> > To: Cypherpunks list <cypherpunks at al-qaeda.net>
> > Subject: saving files to blockchain
> >
> > I built a way to save any arbitrary files to the namecoin blockchain.
> > (so you can save any stuff forever and anonymously)
> >
>
> The Namecoin codebase hasn't been touched for over a year.  It's dead as
> the proverbial doornail.
>
> These are worth investigating, however:
>
> https://xcayp.com/
> http://pouchdb.com/
>
> --
> The Doctor [412/724/301/703] [ZS]
> https://drwho.virtadpt.net/
> "I am everywhere."
>
> --
> You received this message because you are subscribed to the Google Groups
> "ZS-P2P" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zs-p2p+unsubscribe at googlegroups.com.
> To post to this group, send email to zs-p2p at googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
> ----- End forwarded message -----
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




From platooning172 at rotating.com  Wed Feb 27 14:33:40 2013
From: platooning172 at rotating.com (=?koi8-r?B?IvPUyczYztnFIN7B09kgz9QgNyA2OTkg0tXCzMXKISI=?=)
Date: Wed, 27 Feb 2013 23:33:40 +0100
Subject: =?koi8-r?B?+9fFysPB0tPLycUg3sHT2SEg8M/EwdLJ1MUg1sXO3cnOwc0g0s/Ty8/b?=
	=?koi8-r?B?ztnKINDPxMHSz8s=?=
Message-ID: <646CC5E61AAF4905B052A0304271D709@bacepc>

ﾐ｢ﾐｾﾐｻﾑ糊ｺﾐｾ 100% ref. ﾐｨﾐｲﾐｵﾐｹﾑ�ﾐｰﾑ�ﾑ�ﾐｺﾐｸﾑ� ﾐｧﾐｰﾑ�ﾐｾﾐｲ ﾐｿﾑ�ﾐｾﾐｸﾐｷﾐｲﾐｾﾐｴﾑ�ﾑひｲﾐｾ ﾐ岱ｵﾐｻﾑ糊ｳﾐｸﾐｸ. 
ﾐ｢ﾐｾﾐｻﾑ糊ｺﾐｾ  ﾐｨﾐｲﾐｵﾐｹﾑ�ﾐｰﾑ�ﾑ�ﾐｺﾐｸﾐｵ ﾐｼﾐｵﾑ�ﾐｰﾐｽﾐｸﾐｷﾐｼﾑ�. ﾐ墟ｾﾐｶﾐｰ. ﾐ厘ｾﾐｻﾐｾﾑひｾﾐｵ ﾐｽﾐｰﾐｿﾑ巾ｻﾐｵﾐｽﾐｸﾐｵ. ﾐ､ﾐｸﾐｰﾐｽﾐｸﾑび�. 
ﾐ寅ｰﾑ�ﾐｰﾐｽﾑひｸﾑ� ﾐｴﾐｾ 2ﾑ� ﾐｻﾐｵﾑ� 
ﾐｦﾐｵﾐｽﾑ� ﾐｾﾑ� 7  699 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ!  
 
ﾐ頒ｾﾑ�ﾑひｰﾐｲﾐｺﾐｰ ﾐｿﾐｾ ﾐ慴ｾﾑ�ﾐｺﾐｲﾐｵ ﾐｸ  ﾐｲ ﾑ�ﾐｵﾐｳﾐｸﾐｾﾐｽﾑ�  ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾐｸ!
ﾐ頒ｰﾑ�ﾐｸﾑひｵ ﾑ�ﾐｵﾐｱﾐｵ ﾐｸ ﾐｴﾑ�ﾑσｳ ﾐｴﾑ�ﾑσｳﾑ� ﾑひｾﾐｻﾑ糊ｺﾐｾ  ﾐｺﾐｰﾑ�ﾐｵﾑ�ﾑひｲﾐｵﾐｽﾐｽﾑ巾ｵ ﾐｲﾐｵﾑ禍ｸ ﾐｽﾐｰ ﾐｴﾐｾﾐｻﾐｳﾐｸﾐｵ ﾐｳﾐｾﾐｴﾑ�.

ﾐ斷ｰﾑ� ﾑ�ﾐｰﾐｹﾑ�: www.ﾑ威ｲﾐｵﾐｹﾑ�ﾐｰﾑ�ﾐｸﾑ�-ﾑ�ﾐｰﾑ�ﾑ�.ﾑ�ﾑ�




From dropper8 at risky1mail.com  Wed Feb 27 15:06:59 2013
From: dropper8 at risky1mail.com (=?koi8-r?B?IvTJzSI=?=)
Date: Thu, 28 Feb 2013 00:06:59 +0100
Subject: =?koi8-r?B?8sHT09nMy8Eg0M8g3MzFy9TSz87Oz8og0M/e1MUg/MbGxcvUydfOwdEg?=
	=?koi8-r?B?0sXLzMHNwSE=?=
Message-ID: <228238C1B64C4973B3592B0EF9983741@HOME37620FBD2C>

ﾐ�ﾐｰﾑ�ﾑ�ﾑ巾ｻﾐｺﾐｰ ﾐｿﾐｾ ﾑ災ｻﾐｵﾐｺﾑび�ﾐｾﾐｽﾐｽﾐｾﾐｹ ﾐｿﾐｾﾑ�ﾑひｵ ﾐｸ ﾐ｡ﾐ慴｡ (ﾐ慴ｾﾑ�ﾐｺﾐｲﾐｰ ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾑ� ﾐ｡ﾐ斷�)
ﾐｦﾐｵﾐｽﾐｰ ﾐｾﾑ� 2500 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ
ﾐ｡ﾐｺﾐｸﾐｴﾐｺﾐｸ ﾐｽﾐｰ ﾐｾﾐｱﾑ諌ｵﾐｼﾑ�
ﾐ�ﾐｰﾐｷﾐｽﾑ巾ｵ ﾐｱﾐｰﾐｷﾑ�

ﾐ｡ﾐｵﾐｳﾐｾﾐｴﾐｽﾑ� ﾐ籍ｺﾑ�ﾐｸﾑ� 3 email ﾑ�ﾐｰﾑ�ﾑ�ﾑ巾ｻﾐｺﾐｸ ﾐｿﾐｾ ﾐ慴ｾﾑ�ﾐｺﾐｲﾐｵ ﾐｸﾐｻﾐｸ ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾐｸ  ﾐｷﾐｰ 5 000 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ!

ﾐ渙ｾﾐｴﾑ�ﾐｾﾐｱﾐｽﾐｵﾐｵ ﾐｿﾐｾ ﾐｿﾐｾ4ﾑひｵ -   rassilka at yahoo.com (ﾐｽﾐｵ ﾐｾﾑひｲﾐｵﾑ�ﾐｰﾐｹﾑひｵ  ﾐｰﾐｲﾑひｾﾐｼﾐｰﾑひｸﾑ�ﾐｵﾑ�ﾐｺﾐｸ  ﾐｽﾐｰ ﾐｿﾐｸﾑ�ﾐｼﾐｾ , ﾐｲﾐｲﾐｾﾐｴﾐｸﾑひｵ ﾐｽﾐｰﾑ� ﾐｰﾐｴﾑ�ﾐｵﾑ�  ﾐｲﾑ�ﾑτ�ﾐｽﾑτ�)
ﾐ｢ﾐｵﾐｻﾐｵﾑ巾ｾﾐｽ ﾐｿﾐｾ ﾐｷﾐｰﾐｿﾑ�ﾐｾﾑ�ﾑ�




From bolted9160 at roth-polska.com  Wed Feb 27 23:18:13 2013
From: bolted9160 at roth-polska.com (=?koi8-r?B?IuLZ09TS2cog7MXTIg==?=)
Date: Thu, 28 Feb 2013 09:18:13 +0200
Subject: =?koi8-r?B?8M/TwcTLwSDJINDF0sXTwcTLwSDExdLF19jF1w==?=
Message-ID: <8C105623A6D54549B5F0B6BC3421773E@nivasrv>

ﾐ墟ｾﾐｼﾐｿﾐｰﾐｽﾐｸﾑ� "ﾐ帯錦�ﾑび�ﾑ巾ｹ ﾐ嶢ｵﾑ�" ﾐｿﾑ�ﾐｵﾐｴﾐｻﾐｰﾐｳﾐｰﾐｵﾑ� ﾑτ�ﾐｻﾑσｳﾐｸ ﾐｿﾐｾ ﾐｿﾐｾﾑ�ﾐｰﾐｴﾐｺﾐｵ ﾐｸ ﾐｿﾐｵﾑ�ﾐｵﾑ�ﾐｰﾐｴﾐｺﾐｵ ﾐｺﾑ�ﾑσｿﾐｽﾐｾﾐｼﾐｵﾑ�ﾐｽﾑ錦� ﾐｴﾐｵﾑ�ﾐｵﾐｲﾑ糊ｵﾐｲ ﾑ�ﾐｿﾐｵﾑ�ﾐｸﾐｰﾐｻﾐｸﾐｷﾐｸﾑ�ﾐｾﾐｲﾐｰﾐｽﾐｽﾐｾﾐｹ ﾑひｵﾑ�ﾐｽﾐｸﾐｺﾐｾﾐｹ.
 
ﾐ湲�ﾐｾﾑ�ﾐｵﾑ�ﾑ� ﾐｿﾐｾﾑ�ﾐｰﾐｴﾐｺﾐｸ ﾐｿﾐｾﾐｻﾐｽﾐｾﾑ�ﾑび袴� ﾐｼﾐｵﾑ�ﾐｰﾐｽﾐｸﾐｷﾐｸﾑ�ﾐｾﾐｲﾐｰﾐｽ, ﾑひｵﾑ�ﾐｽﾐｸﾐｺﾐｰ ﾐｸﾐｷﾐｲﾐｻﾐｵﾐｺﾐｰﾐｵﾑ� ﾐｴﾐｵﾑ�ﾐｵﾐｲﾐｾ ﾐｲﾐｼﾐｵﾑ�ﾑひｵ ﾑ� ﾐｺﾐｾﾐｼﾐｾﾐｼ ﾐｼﾐｰﾑひｵﾑ�ﾐｸﾐｽﾑ�ﾐｺﾐｾﾐｹ ﾐｷﾐｵﾐｼﾐｻﾐｸ ﾐｷﾐｰ 15 ﾐｼﾐｸﾐｽﾑτ�. ﾐ寅ｻﾐｰﾐｲﾐｽﾑ巾ｼ ﾐｺﾐｾﾐｽﾐｺﾑτ�ﾐｵﾐｽﾑひｽﾑ巾ｼ ﾐｿﾑ�ﾐｵﾐｸﾐｼﾑτ禍ｵﾑ�ﾑひｲﾐｾﾐｼ ﾐｴﾐｰﾐｽﾐｽﾐｾﾐｹ ﾑひｵﾑ�ﾐｽﾐｾﾐｻﾐｾﾐｳﾐｸﾐｸ ﾑ紹ｲﾐｻﾑ紹ｵﾑび�ﾑ� ﾑひｾ, ﾑ�ﾑひｾ ﾐｴﾐｵﾑ�ﾐｵﾐｲﾑ袴� ﾐｽﾐｵ ﾑひｵﾑ�ﾑ肖紗� ﾑ�ﾐｲﾐｾﾑ� ﾐｺﾐｾﾑ�ﾐｽﾐｵﾐｲﾑτ� ﾑ�ﾐｸﾑ�ﾑひｵﾐｼﾑ�, ﾑひｵﾐｼ ﾑ�ﾐｰﾐｼﾑ巾ｼ ﾐｿﾑ�ﾐｾﾑ�ﾐｵﾐｽﾑ� ﾐｿﾑ�ﾐｸﾐｶﾐｸﾐｲﾐｰﾐｵﾐｼﾐｾﾑ�ﾑひｸ ﾐｿﾑ�ﾐｸﾐｱﾐｻﾐｸﾐｶﾐｵﾐｽ ﾐｺ 100%.
 
ﾐ｡ﾑひｾﾐｸﾐｼﾐｾﾑ�ﾑび� ﾐｿﾐｾﾑ�ﾐｰﾐｴﾐｺﾐｸ ﾐｴﾐｵﾑ�ﾐｵﾐｲﾐｰ, ﾐｲﾐｺﾐｻﾑ紗�ﾐｰﾑ� ﾐｿﾐｾﾑ�ﾐｰﾐｴﾐｾﾑ�ﾐｽﾑ巾ｹ ﾐｼﾐｰﾑひｵﾑ�ﾐｸﾐｰﾐｻ ﾐｸ ﾑ�ﾐｰﾑ�ﾑ�ﾐｾﾐｴﾑ� ﾐｿﾐｾ ﾐｴﾐｾﾑ�ﾑひｰﾐｲﾐｺﾐｵ, ﾑ�ﾐｾﾑ�ﾑひｰﾐｲﾐｻﾑ紹ｵﾑ� 35 000 - 40 000 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ ﾐｲ ﾐｷﾐｰﾐｲﾐｸﾑ�ﾐｸﾐｼﾐｾﾑ�ﾑひｸ ﾐｾﾑ� ﾐｺﾐｰﾑひｵﾐｳﾐｾﾑ�ﾐｸﾐｸ.
 
ﾐ渙ｵﾑ�ﾐｵﾑ�ﾐｰﾐｴﾑ�ﾐｸﾐｺ ﾐｴﾐｵﾑ�ﾐｵﾐｲﾑ糊ｵﾐｲ ﾐｽﾐｰ ﾐｱﾐｰﾐｷﾐｵ ﾐｳﾑ�ﾑσｷﾐｾﾐｲﾐｾﾐｳﾐｾ ﾐｰﾐｲﾑひｾﾐｼﾐｾﾐｱﾐｸﾐｻﾑ� ﾐｲﾑ巾ｺﾐｰﾐｿﾑ巾ｲﾐｰﾐｵﾑ� ﾐｺﾐｾﾐｼ ﾐｴﾐｸﾐｰﾐｼﾐｵﾑび�ﾐｾﾐｼ 2,20 ﾐｼﾐｵﾑび�ﾐｰ ﾐｸ ﾐｳﾐｻﾑσｱﾐｸﾐｽﾐｾﾐｹ 1,53 ﾐｼﾐｵﾑび�ﾐｰ. ﾐ｡ﾑひｾﾐｸﾐｼﾐｾﾑ�ﾑび� 8-ﾐｼﾐｸ ﾑ�ﾐｰﾑ�ﾐｾﾐｲﾐｾﾐｹ ﾑ�ﾐｰﾐｱﾐｾﾑ�ﾐｵﾐｹ ﾑ�ﾐｼﾐｵﾐｽﾑ� ﾐｾﾑ� 40 000 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ.
 
ﾐ渙ｾﾑ�ﾐｰﾐｴﾐｺﾐｰ ﾐｴﾐｵﾑ�ﾐｵﾐｲﾑ糊ｵﾐｲ ﾐｿﾑ�ﾐｾﾐｸﾐｷﾐｲﾐｾﾐｴﾐｸﾑび�ﾑ� ﾐｺﾑ�ﾑσｳﾐｻﾑ巾ｹ ﾐｳﾐｾﾐｴ!
 
ﾐ斷ｰﾐｴﾐｵﾐｵﾐｼﾑ�ﾑ� ﾐｽﾐｰ ﾐｿﾐｻﾐｾﾐｴﾐｾﾑひｲﾐｾﾑ�ﾐｽﾐｾﾐｵ ﾑ�ﾐｾﾑび�ﾑσｴﾐｽﾐｸﾑ�ﾐｵﾑ�ﾑひｲﾐｾ!
ﾐ斷ｰﾑ威ｸ ﾑ�ﾐｿﾐｵﾑ�ﾐｸﾐｰﾐｻﾐｸﾑ�ﾑび� ﾐｾﾑひｲﾐｵﾑび肖� ﾐｽﾐｰ ﾐｲﾑ�ﾐｵ ﾐｸﾐｽﾑひｵﾑ�ﾐｵﾑ�ﾑτ紗禍ｸﾐｵ ﾐ漬ｰﾑ� ﾐｲﾐｾﾐｿﾑ�ﾐｾﾑ�ﾑ�!

ﾐ｢ﾐｵﾐｻ.:       +7 (812) 944 2 944 (ﾐｿﾐｾﾑ�ﾐｰﾐｴﾐｺﾐｰ, ﾐｿﾐｵﾑ�ﾐｵﾑ�ﾐｰﾐｴﾐｺﾐｰ ﾐｴﾐｵﾑ�ﾐｵﾐｲﾑ糊ｵﾐｲ)
ﾐ｢ﾐｵﾐｻ.:       +7 (812) 944 7 944 (ﾐｿﾑ�ﾐｾﾐｴﾐｰﾐｶﾐｰ ﾐｾﾐｱﾐｾﾑ�ﾑσｴﾐｾﾐｲﾐｰﾐｽﾐｸﾑ� ﾐｴﾐｻﾑ� ﾐｿﾐｵﾑ�ﾐｵﾑ�ﾐｰﾐｴﾐｺﾐｸ)

ﾐ漬ｸﾐｴﾐｵﾐｾﾐｷﾐｰﾐｿﾐｸﾑ�ﾑ� ﾐｿﾑ�ﾐｾﾑ�ﾐｵﾑ�ﾑ�ﾐｰ ﾐｿﾐｵﾑ�ﾐｵﾑ�ﾐｰﾐｴﾐｺﾐｸ ﾐｴﾐｵﾑ�ﾐｵﾐｲﾑ糊ｵﾐｲ ﾑ�ﾐｿﾐｵﾑ�ﾐｸﾐｰﾐｻﾐｸﾐｷﾐｸﾑ�ﾐｾﾐｲﾐｰﾐｽﾐｽﾐｾﾐｹ ﾑひｵﾑ�ﾐｽﾐｸﾐｺﾐｾﾐｹ:
http://youtu.be/A88a7SKAvR8




From eugen at leitl.org  Thu Feb 28 04:40:29 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 28 Feb 2013 13:40:29 +0100
Subject: FreedomBox 0.1 released
Message-ID: <20130228124029.GE6172@leitl.org>

http://www.freedomboxfoundation.org/news/FreedomBox_version_0.1_Released/index.en.html

FreedomBox Version 0.1 Released

I am pleased to announce our first FreedomBox software release. The
FreedomBox 0.1 image is available here (.torrent) (sha512sum:
867f5bf462102daef82a34165017b9e67ed8e09116fe46edd67730541bbfb731083850ab5e28ee40bdbc5054cb64e4d0e46a201797f27e0b8f0d2881ef083b40).

This 0.1 version is primarily a developer release, which means that it
focuses on architecture and infrastructure rather than finish work. The
exception to this is privoxy-freedombox, the web proxy discussed in previous
updates, which people can begin using right now to make their web browsing
more secure and private and which will very soon be available on
non-FreedomBox systems. More information on that tool at the end of this
post.

What have we accomplished? This first release completes a number of important
milestones for the project.

Full hardware support in Debian 

A big part of the vision for the FreedomBox project revolves around the
"Boxs", tiny plug servers that are capable of running full size computing
loads cheaply and with little use of electricity.  In many respects these are
wireless routers given the brains of a smart phone. If you want to change the
software on a router or smart phone today you normally need to worry about
bootloader images, custom roms, and a whole collection of specialized build
and install tools. We wanted to the FreedomBox to move beyond this fragmented
environment and, with the help of some embedded device experts, we have
managed to make our development hardware into a fully supported Debian
platform. That means that anyone with a device can install Debian on it just
like a laptop or desktop computer.  This support is very important for
ensuring that the work we do on the FreedomBox is as portable and reusable as
possible.

Basic software tools selected 

There is a lot of great free software out there to choose from and we put a
lot of thought into which elements would be included in our basic tool kit.
This includes the user interface system "plinth" that I outlined in a recent
kickstarter update as well as basic cryptography tools like gpg and a one
named "monkeysphere" that leverages gpg as an authentication tool. All of
these are now bundled together and installed on the release image. This
common working environment will simplify development going forward.

Box-to-box communication design 

Some goals of the FreedomBox can be accomplished with one user and one
FreedomBox but many, like helping someone route around repressive government
firewalls, will require groups of people and groups of boxes working
together. One of our greatest architectural challenges has been finding a way
for boxes to communicate securely without so slowing down or breaking network
access as to make the system unpleasant to use. We have now outlined and
built the first version of our proposed solution: Freedom-buddy.
Freedom-buddy uses the world class TOR network so that boxes can find each
other regardless of location or restrictive firewall and then allows the
boxes to negotiate secure direct connections to each other for actually
sending large or time sensitive data. We believe this blended approach will
be most effective at improving the security and usability of personal-server
communications and all the services we plan to build into those servers.

Web cleaning 

Our first service, a piece of software you can use today to start making your
web browsing more secure and private, is called "privoxy-freedombox". This
software combines the functionality of the Adblock Plus ad blocker, the Easy
Privacy filtering list, and the (HTTPS
Everywhere](https://www.eff.org/https-everywhere) website redirection plugin
into a single piece of software to run on your FreedomBox. Combining these
different plugins into software for your FreedomBox means that you can use
them with almost any browser or mobile device using a standard web proxy
connection. Because of our focus on building the FreedomBox as part of Debian
this software will soon be available to anyone running a Debian system
regardless of whether you are using our target DreamPlug hardware, a laptop,
or a large rack server somewhere. As you read this packages should already be
available in the Raspbian repositories, which is the optimized version of
Debian used on the Raspberry Pi hardware. Hopefully we will get that onto the
main Debian mirrors over the next month; if you are interested in building it
for yourself in the meantime, the source is available from gitorious. As we
build additional components for the FreedomBox we will continue to work on
making them widely available.

What is next? 

As you may have seen, our Project Lead, Bdale Garbee, is about to begin a
well earned early retirement from his long time role as Open Source & Linux
Chief Technologist at Hewlett-Packard. Over the coming month Bdale and the
rest of the Foundation team will be putting together plans for the next stage
of FreedomBox development and the road to a 1.0 release. News and updates
will follow at freedomboxfoundation.org (rss).




From epicentergkwm at radianmi.com  Thu Feb 28 03:45:46 2013
From: epicentergkwm at radianmi.com (=?koi8-r?B?IuLF09Qtyc7XxdPUISI=?=)
Date: Thu, 28 Feb 2013 13:45:46 +0200
Subject: =?koi8-r?B?9cTXz8XOycUg98Hbycgg18vMwcTP1yAtINrBIDQwIMTOxcou?=
Message-ID: <A1678386EBE542B7ABDF899C884AE117@CONEV>

ﾐ｣ﾐｴﾐｲﾐｾﾐｵﾐｽﾐｸﾐｵ ﾐ漬ｰﾑ威ｸﾑ� ﾐｲﾐｺﾐｻﾐｰﾐｴﾐｾﾐｲ - ﾐｷﾐｰ 40 ﾐｴﾐｽﾐｵﾐｹ.

ﾐ｡ﾐ榧漬｡ﾐ片� ﾐ｡ﾐ漬片孟侑� ﾐ渙�ﾐ榧片墟｢, ﾐｲ ﾐｺﾐｾﾑひｾﾑ�ﾐｾﾐｼ ﾐｲﾑ巾ｿﾐｻﾐｰﾑ�ﾐｸﾐｲﾐｰﾐｵﾑ� 100% ﾐｿﾑ�ﾐｸﾐｱﾑ巾ｻﾐｸ ﾐｷﾐｰ 40 ﾐｴﾐｽﾐｵﾐｹ ﾐｭﾑひｰ ﾐ斷ｾﾐｲﾐｾﾑ�ﾑび� ﾑσｶﾐｵ ﾐｿﾐｾﾐｺﾐｾﾑ�ﾑ紹ｵﾑ� ﾑ�ﾐｵﾑ�ﾐｴﾑ�ﾐｰ ﾐｵﾐｲﾑ�ﾐｾﾐｿﾐｵﾐｹﾑ�ﾐｵﾐｲ ﾐｸ ﾐｰﾐｼﾐｵﾑ�ﾐｸﾐｺﾐｰﾐｽﾑ�ﾐｵﾐｲ. ﾐ｢ﾐｵﾐｿﾐｵﾑ�ﾑ� ﾐｴﾐｾﾑ�ﾑびσｿﾐｽﾐｾ ﾐｸ ﾐｴﾐｻﾑ� ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾐｸ!

ﾐ湲�ﾐｾﾐｵﾐｺﾑ� ﾐｿﾑ�ﾐｵﾐｴﾐｻﾐｰﾐｳﾐｰﾐｵﾑ� ﾐｴﾐｲﾐｰ ﾐｲﾐｸﾐｴﾐｰ ﾐｸﾐｽﾐｲﾐｵﾑ�ﾑひｸﾑ�ﾐｸﾐｹ ﾑ� ﾐｼﾐｾﾐｼﾐｵﾐｽﾑひｰﾐｻﾑ糊ｽﾑ巾ｼﾐｸ ﾐｲﾑ巾ｿﾐｻﾐｰﾑひｰﾐｼﾐｸ!

1) ﾐ慴ｾﾐｶﾐｽﾐｾ ﾐｲﾐｺﾐｻﾐｰﾐｴﾑ巾ｲﾐｰﾑび� ﾐｽﾐｰ ﾑ災ｻﾐｵﾐｺﾑび�ﾐｾﾐｽﾐｽﾑτ� ﾐｿﾐｻﾐｰﾑび岱ｶﾐｽﾑτ� ﾑ�ﾐｸﾑ�ﾑひｵﾐｼﾑ� ﾐｸ ﾐｺﾐｰﾐｶﾐｴﾑ巾ｹ ﾐｴﾐｵﾐｽﾑ� ﾐｿﾐｾﾐｻﾑτ�ﾐｰﾑび� 5% ﾐｾﾑ� ﾐｲﾐｻﾐｾﾐｶﾐｵﾐｽﾐｽﾐｾﾐｹ ﾑ�ﾑσｼﾐｼﾑ�. ﾐ厘ｰ 40 ﾐｴﾐｽﾐｹ ﾐｲﾑ� ﾐｿﾐｾﾐｻﾑτ�ﾐｰﾐｵﾑ� ﾑ�ﾐｲﾐｾﾐｹ ﾐｲﾐｺﾐｻﾐｰﾐｴ+100% ﾐｿﾑ�ﾐｸﾐｱﾑ巾ｻﾐｸ.
2) ﾐ慴ｾﾐｶﾐｽﾐｾ ﾐｸ ﾐｽﾐｵ ﾐｲﾐｺﾐｻﾐｰﾐｴﾑ巾ｲﾐｰﾑび�, ﾐｰ ﾐｿﾑ�ﾐｸﾐｳﾐｻﾐｰﾑ威ｰﾑび�  ﾐｸ ﾐｿﾐｾﾐｻﾑτ�ﾐｰﾑび� 20 % ﾐｾﾑ� ﾐｸﾑ� ﾐｲﾐｺﾐｻﾐｰﾐｴﾐｾﾐｲ ﾐｼﾐｾﾐｼﾐｵﾐｽﾑひｰﾐｻﾑ糊ｽﾐｾ!. ﾐ慴ｾﾐｶﾐｽﾐｾ ﾐｸ ﾐｲﾐｺﾐｻﾐｰﾐｴﾑ巾ｲﾐｰﾑび� ﾐｸ ﾐｿﾑ�ﾐｸﾐｳﾐｻﾐｰﾑ威ｰﾑび�.

ﾐ湲�ﾐｾﾐｵﾐｺﾑ� ﾐｿﾐｾﾐｻﾑ糊ｷﾑσｵﾑび�ﾑ�  ﾐｲﾑ�ﾐｵﾐｼﾐｸﾑ�ﾐｽﾑ巾ｼﾐｸ ﾑ災ｻﾐｵﾐｺﾑび�ﾐｾﾐｽﾐｽﾑ巾ｼﾐｸ  ﾐｿﾐｻﾐｰﾑひｵﾐｶﾐｽﾑ巾ｼﾐｸ ﾑ�ﾐｸﾑ�ﾑひｵﾐｼﾐｰﾐｼﾐｸ (ﾐｵﾑ禍ｵ ﾐｿﾐｾﾐｺﾐｰ  ﾐｽﾐｾﾐｲﾑ巾ｼﾐｸ ﾐｴﾐｻﾑ� ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾐｸ), ﾐｽﾐｾ ﾐｺﾐｾﾑひｾﾑ�ﾑ巾ｵ ﾐｻﾐｵﾐｳﾐｺﾐｾ ﾐｲﾐｲﾐｾﾐｴﾑ肖び�ﾑ� ﾐｸ ﾐｿﾐｵﾑ�ﾐｵﾐｲﾐｾﾐｴﾑ肖び�ﾑ� ﾑ�ﾐｵﾑ�ﾐｵﾐｷ ﾐｸﾐｽﾑひｵﾑ�ﾐｽﾐｵﾑ�-ﾐｾﾐｱﾐｼﾐｵﾐｽﾐｽﾐｸﾐｺﾐｸ ﾐｽﾐｰ ﾐｻﾑ社ｱﾑ巾ｵ  ﾑσｴﾐｾﾐｱﾐｽﾑ巾ｵ ﾐｲﾐｰﾐｼ  ﾐｺﾐｾﾑ威ｵﾐｻﾑ糊ｺﾐｸ ﾐｸﾐｻﾐｸ ﾐｱﾐｰﾐｽﾐｺﾐｾﾐｲﾑ�ﾐｺﾐｸﾐｵ ﾐｺﾐｰﾑ�ﾑび�! 

ﾐ渙ｾﾐｴﾑ�ﾐｾﾐｱﾐｽﾐｵﾐｵ  ﾐｽﾐｰ ﾑ�ﾐｰﾐｹﾑひｵ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑひｰ www.ﾐｱﾐｵﾑ�ﾑ�-ﾐｸﾐｽﾐｲﾐｵﾑ�ﾑ�.ﾑ�ﾑ�

ﾐ頒ｻﾑ� ﾑ�ﾐｵﾐｳﾐｸﾑ�ﾑび�ﾐｰﾑ�ﾐｸﾐｸ ﾐｽﾐｵﾐｾﾐｱﾑ�ﾐｾﾐｴﾐｸﾐｼ  ﾑ�ﾐｵﾑ�ﾐｵﾑ�ﾐｰﾐｻﾑ糊ｽﾑ巾ｹ ﾐｽﾐｾﾐｼﾐｵﾑ� (ﾐｿﾑ�ﾐｸﾐｳﾐｻﾐｰﾑ威ｵﾐｽﾐｸﾐｵ): 59401

	窶｢	ﾐ柘�ﾑ� ﾑ�ﾐｰﾐｱﾐｾﾑひｰﾐｵﾑ� ﾐｾﾑ�ﾐｵﾐｽﾑ� ﾐｿﾑ�ﾐｾﾑ�ﾑひｾ:
	窶｢	ﾐｱﾐｵﾐｷ ﾐｾﾐｱﾑ紹ｷﾐｰﾑひｵﾐｻﾑ糊ｽﾑ錦� ﾐｿﾑ�ﾐｸﾐｳﾐｻﾐｰﾑ威ｵﾐｽﾐｸﾐｹ;
	窶｢	ﾐｲ ﾑひｵﾑ�ﾐｵﾐｽﾐｸﾐｵ 20 ﾐｴﾐｽﾐｵﾐｹ ﾐｲﾐｽﾐｵﾑ�ﾐｵﾐｽﾐｽﾑ巾ｵ ﾐｴﾐｵﾐｽﾑ糊ｳﾐｸ ﾐ漬ｰﾐｼ ﾐｲﾐｾﾐｷﾐｲﾑ�ﾐｰﾑ禍ｰﾑ紗び�ﾑ� ﾑ�ﾐｰﾐｲﾐｽﾑ巾ｼﾐｸ ﾑ�ﾐｰﾑ�ﾑび紹ｼﾐｸ ﾐｵﾐｶﾐｵﾐｴﾐｽﾐｵﾐｲﾐｽﾐｾ;
	窶｢	ﾐｵﾑ禍ｵ ﾐｲ ﾑひｵﾑ�ﾐｵﾐｽﾐｸﾐｵ 20 ﾑ�ﾐｻﾐｵﾐｴﾑτ紗禍ｸﾑ� ﾐｴﾐｽﾐｵﾐｹ ﾐ柘� ﾐｿﾐｾﾐｻﾑτ�ﾐｰﾐｵﾑひｵ ﾑひｰﾐｺﾑτ� ﾐｶﾐｵ ﾑ�ﾑσｼﾐｼﾑ� (ﾐｾﾐｽﾐｸ ﾐ漬ｰﾐｼ ﾐｲﾐｾﾐｷﾐｲﾑ�ﾐｰﾑ禍ｰﾑ紗び�ﾑ� ﾑ�ﾐｰﾐｲﾐｽﾑ巾ｼﾐｸ ﾑ�ﾐｰﾑ�ﾑび紹ｼﾐｸ ﾐｵﾐｶﾐｵﾐｴﾐｽﾐｵﾐｲﾐｽﾐｾ);
	窶｢	ﾐｵﾑ�ﾐｻﾐｸ ﾐｿﾑ�ﾐｸﾐｳﾐｻﾐｰﾑ威ｰﾐｵﾑひｵ, ﾑひｾ 20% ﾐｾﾑ� ﾐｴﾐｵﾐｿﾐｾﾐｷﾐｸﾑひｰ ﾐｿﾐｰﾑ�ﾑひｽﾐｵﾑ�ﾐｾﾐｲ ﾐｼﾐｳﾐｽﾐｾﾐｲﾐｵﾐｽﾐｽﾐｾ ﾐｽﾐｰ ﾐ漬ｰﾑ� ﾑ�ﾑ�ﾐｵﾑ� ﾐｲﾑ�ﾐｵﾐｹ ﾑ�ﾑσｼﾐｼﾐｾﾐｹ;
	窶｢	ﾑ�ﾐｵﾑ�ﾐｵﾑ�ﾐｰﾐｻﾑ糊ｽﾐｰﾑ� ﾐｿﾑ�ﾐｾﾐｳﾑ�ﾐｰﾐｼﾐｼﾐｰ ﾐｽﾐｰ 4 ﾑτ�ﾐｾﾐｲﾐｽﾑ�;
	窶｢	ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑ� ﾐｸﾐｷ ﾐ｡ﾐｨﾐ�, ﾑ�ﾐｰﾐｱﾐｾﾑひｰﾐｵﾑ� ﾑ� ﾐｴﾐｵﾐｺﾐｰﾐｱﾑ�ﾑ� 2012, ﾑ�ﾐｵﾐｹﾑ�ﾐｰﾑ� ﾐｸﾐｴﾑ帯� ﾐｱﾑτ�ﾐｽﾑ巾ｹ ﾑ�ﾐｾﾑ�ﾑ� ﾐｸ ﾐｲ ﾐ籍ｼﾐｵﾑ�ﾐｸﾐｺﾐｵ, ﾐｸ ﾐｲ ﾐ片ｲﾑ�ﾐｾﾐｿﾐｵ, ﾐｸ ﾐｲ ﾐ｡ﾐ斷� ﾐｸ ﾐｲ ﾐ墟ｸﾑひｰﾐｵ;
	窶｢	ﾐｲﾑ�ﾐｵ ﾐｲﾑ巾ｿﾐｻﾐｰﾑび� ﾐｰﾐｲﾑひｾﾐｼﾐｰﾑひｸﾑ�ﾐｵﾑ�ﾐｺﾐｸ ﾐｸﾐｽﾑ�ﾑひｰﾐｽﾑひｾﾐｼ (ﾐｼﾐｳﾐｽﾐｾﾐｲﾐｵﾐｽﾐｽﾐｾ) ﾐｿﾑ�ﾑ紹ｼﾐｾ ﾐｽﾐｰ ﾐ漬ｰﾑ� ﾑ�ﾑ�ﾐｵﾑ�, ﾑσｺﾐｰﾐｷﾐｰﾐｽﾐｽﾑ巾ｹ ﾐｿﾑ�ﾐｸ ﾑ�ﾐｵﾐｳﾐｸﾑ�ﾑび�ﾐｰﾑ�ﾐｸﾐｸ;
	窶｢	ﾐｺﾐｰﾐｶﾐｴﾑ巾ｹ ﾐｴﾐｵﾐｽﾑ�, ﾑ�ﾐｵﾐｼﾑ� ﾐｴﾐｽﾐｵﾐｹ ﾐｲ ﾐｽﾐｵﾐｴﾐｵﾐｻﾑ�, 24 ﾑ�ﾐｰﾑ�ﾐｰ ﾐｲ ﾑ�ﾑτひｺﾐｸ.
	窶｢	ﾐｵﾑ�ﾐｻﾐｸ ﾐｽﾐｵ ﾑ�ﾐｲﾐｰﾑひｰﾐｵﾑ� ﾐｴﾐｵﾐｽﾐｵﾐｳ ﾐｽﾐｰ ﾐｴﾐｵﾐｿﾐｾﾐｷﾐｸﾑ� 窶� ﾐｼﾐｾﾐｶﾐｵﾑひｵ ﾐｽﾐｰﾐｺﾐｾﾐｿﾐｸﾑび� ﾐｿﾐｾ 20% ﾐｾﾑ� ﾐｴﾐｵﾐｿﾐｾﾐｷﾐｸﾑひｾﾐｲ ﾐｿﾐｰﾑ�ﾑひｽﾐｵﾑ�ﾐｾﾐｲ.

ﾐ篇禍ｵ ﾐｱﾐｾﾐｻﾑ袴威ｵ ﾐｸﾐｽﾑ�ﾑ� ﾐｸ ﾐｲﾐｸﾐｴﾐｵﾐｾ ﾐｾ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑひｵ   ﾐｽﾐｰ ﾑ�ﾐｰﾐｹﾑひｵ 
www.ﾐｱﾐｵﾑ�ﾑ�-ﾐｸﾐｽﾐｲﾐｵﾑ�ﾑ�.ﾑ�ﾑ�




From eugen at leitl.org  Thu Feb 28 04:46:58 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 28 Feb 2013 13:46:58 +0100
Subject: Aaron Swartz Was Right
Message-ID: <20130228124657.GF6172@leitl.org>

https://chronicle.com/article/Aaron-Swartz-Was-Right/137425/

The Chronicle Review 
  
February 25, 2013

Aaron Swartz Was Right

By Peter Ludlow

The suicide of the Internet wunderkind Aaron Swartz has given rise to a great
deal of discussion, much of it centered on whether the penalty sought against
him by the prosecutor was proportional to his "crime."

The consensus so far has been that Swartz did something wrong by accessing
and releasing millions of academic papers from the JSTOR archive. But perhaps
it is time to ask whether Swartz did in fact act wrongly. We might entertain
the possibility that Swartz's act of civil disobedience was an attempt to
help rectify a harm that began long ago. Perhaps he was not only justified in
his actions but morally impelled to act as he did. Moreover, we too might be
morally impelled to take action.

To put it bluntly, the current state of academic publishing is the result of
a series of strong-arm tactics enabling publishers to pry copyrights from
authors, and then charge exorbitant fees to university libraries for access
to that work. The publishers have inverted their role as disseminators of
knowledge and become bottlers of knowledge, releasing it exclusively to the
highest bidders. Swartz simply decided it was time to take action.

He laid the philosophical groundwork back in 2008, in an essay entitled
"Guerilla Open Access Manifesto."

"Information is power," he wrote. "But like all power, there are those who
want to keep it for themselves. The world's entire scientific and cultural
heritage, published over centuries in books and journals, is increasingly
being digitized and locked up by a handful of private corporations. Want to
read the papers featuring the most famous results of the sciences? You'll
need to send enormous amounts to publishers like Reed Elsevier."

Swartz said that this state of affairs was being driven by systemic problems,
beginning with the need of corporations to extract maximum profit. "Large
corporations, of course, are blinded by greed," he wrote. "The laws under
which they operate require itbtheir shareholders would revolt at anything
less. And the politicians they have bought off back them, passing laws giving
them the exclusive power to decide who can make copies."

Finally, he argued that the situation called for action:

"There is no justice in following unjust laws. It's time to come into the
light and, in the grand tradition of civil disobedience, declare our
opposition to this private theft of public culture."

You might think that Swartz's prose is over the top ("bought off"
politicians? "theft of culture"?), but it is very much on target. The
academic publisher Elsevier has contributed to many U.S. Congressional
representatives, pushing the Elsevier-supported Research Works Act, which
among other things would have forbidden any effort by any federal agency to
ensure taxpayer access to work financed by the federal government without
permission of the publisher. An outcry effectively killed the proposed law,
but it wasn't the first such publisher power play, and it probably won't be
the last.

What is more important to human culture than access to the knowledge in our
scholarly journals? If anything, Swartz's manifesto understates the
egregiousness with which this theft of public culture has been allowed to
happen.

Why did Swartz think that information in JSTOR belonged in the public domain?
First, for the most part the articles in JSTOR were written with government
supportbeither through agencies like the National Science Foundation and the
National Endowment for the Humanities, through state-financed educational
institutions, or through the tuition of students and the donations of alumni.

Once a student graduates from her college she no longer has access to
JSTORbeven though her tuition supported the research that went into the data
represented there. She may go on to be a generous donor to her college and
still not have access to JSTOR. You have to be a faculty member or student to
have access, even though, to some degree, everyone helped pay for that
research.

Many people I talk to assume payments to JSTOR flow through to the authors of
the archived publications. But authors of academic publications, for the most
part, don't see a dime from their journal publications. Ever. Worse still,
some academic publishers now demand payments from authors to publish their
papers. The academic publisher Springer, for example, has attempted to steer
journal submissions to its online publication Springer Plus, offering to
publish them for 850 euros each, albeit allowing some waivers.

How is that even possible? Here it is important to think about one of the
consequences of the publish-or-perish model in academe. If you don't publish,
you won't get tenure. Even if you have tenure, your reputation (and salary)
is staked to your publication record. In my field, philosophy, the top
journals accept only about 5 percent of submissions. That means that
publishers of academic journals have tremendous bargaining power with their
authors.

When an academic signs away copyright to an academic publisher, it amounts to
a "contract of adhesion"bmeaning a contract in which one party has all the
power and it was not freely bargained. One could even make the case that the
courts ought to void these contracts.

There was a time when securing a contract with an academic publisher meant
that the work would receive the widest audience possible. The publishers
could deliver journals to academic libraries, and other scholars would find
those works when they went to browse the library (I used to do that on a
monthly basis). Today, however, it would be much more efficient to simply
make the articles available online to anyone who wishes to read them.
Academic publishers have inverted their whole purpose for being; they used to
be vehicles for the dissemination of knowledge in the most efficient way
possible. Today they are useless choke points in the distribution of
knowledge, even taking advantage of their positions to demand fees.

Noam Scheiber, in a February 13 New Republic article, traces how Swartz
focused on JSTOR in part because of a retreat he'd attended in Italy
organized by the international nonprofit EIFL. According to its Web site,
EIFL "works with libraries worldwide to enable access to digital information
in developing and transition countries." Scheiber writes that EIFL is careful
about obeying the law in the ways it disseminates information, but its key
message apparently got to Swartz. "Rich people pay huge amounts of money to
access articles," Scheiber quotes the EIFL official Monika Elbert as saying
about the conference. "But what about the researcher in Accra? Dar es Salaam?
Cambodia? It genuinely opened his eyes," she said of Swartz.

JSTOR, which did not pursue criminal charges against Swartz and "regretted
being drawn into" the U.S. attorney's case against him, came into existence
in 1995 with good intentions. It sought a solution to the rapidly expanding
problem of paying for and storing an ever-growing list of academic journals.
The situation for libraries was becoming untenable.

But like the original authors, JSTOR had to negotiate its licensing
agreements from a position of weakness. There is a wonderful history of JSTOR
written by Roger C. Schonfeld. In it he notes that the charter publishers
signed up by JSTOR (in particular the University of Chicago Press) demanded
that they be compensated if there was a loss to their (minimal) sales of
rights to older materials, and they demanded compensation even before JSTOR
covered its own expenses.

And JSTOR really was in an impossible bargaining position. Important
scientific papers do not have cheaper alternatives. If someone wants to read
Watson and Crick's paper on DNA or Einstein's paper on the photoelectric
effect, it is not as if there is a paper by John Doe that is just as good and
available for less. Academic publishers are, in effect, natural monopolies
that can demand as much money as we can afford, and possibly more. The result
today is that a university like mine must subscribe to more than 10
databases, at a cost of tens of thousands of dollars per year and without the
ability to share the content with alumni, donors, or the community. JSTOR is
experimenting with a "Register and Read" program that allows independent
scholars free access to a subset of its database, but we need more solutions.

It's not as if there are no other options. For example, the philosophy
department at the University of Michigan at Ann Arbor started an online
journal called Philosophers' Imprint, noting in its mission statement the
possibility of a sunnier alternative:

"There is a possible future in which academic libraries no longer spend
millions of dollars purchasing, binding, housing, and repairing printed
journals, because they have assumed the role of publishers, cooperatively
disseminating the results of academic research for free, via the Internet.
Each library could bear the cost of publishing some of the world's scholarly
output, since it would be spared the cost of buying its own copy of any
scholarship published in this way. The results of academic research would
then be available without cost to all users of the Internet, including
students and teachers in developing countries, as well as members of the
general public."

But a few paragraphs later the editors of Imprint acknowledge that "we don't
know how to get to that future from here." While "academic institutions have
access to the Internet [and] they have no reason to pay subscription or
subvention fees to anyone for disseminating the results of academic
research," they continue to do so. And I would argue that the fault lies with
us academics.

Why do scholars still submit their articles to journals that are behind pay
walls, and more important why do they serve as editors and referees for these
journals (usually gratis)? They submit articles because there is still
prestige attached to these journals and because online alternatives do not
carry the same weight in tenure and promotion decisions. This is of course
due to the general inertia of academic life. Academics need to do some soul
searching: Is placing so much weight on tradition worth the cost to members
of the profession and the public at large?

Until academics get their acts together and start using new modes of
publication, we need to recognize that actions like Aaron Swartz's civil
disobedience are legitimate. They are attempts to liberate knowledge that
rightly belongs to all of us but that has been acquired by academic
publishers through tens of thousands of contracts of adhesion and then
bottled up and released for exorbitant fees in what functionally amounts to
an extortion racket.

When Swartz wrote his manifesto he pulled no punches, claiming that all of us
with access to these databases have not just the right but the responsibility
to liberate this information and supply it to those who are not as
information-wealthy.

"Those with access to these resourcesbstudents, librarians, scientistsbyou
have been given a privilege," he wrote. "You get to feed at this banquet of
knowledge while the rest of the world is locked out. But you need notbindeed,
morally, you cannotbkeep this privilege for yourselves. You have a duty to
share it with the world. And you have: trading passwords with colleagues,
filling download requests for friends."

Aaron Swartz's act of hacktivism was an act of resistance to a corrupt system
that has subverted distribution of the most important product of the
academybknowledge. Until the academy finally rectifies this situation, our
best hope is that there will be many more Aaron Swartz-type activists to
remind us how unconscionable the current situation is, and how important it
is that we change it.

Peter Ludlow is a professor of philosophy at Northwestern University. His
books include "Crypto Anarchy, Cyberstates, and Pirate Utopias" (MIT Press,
2001) and "The Second Life Herald: The Virtual Tabloid That Witnessed the
Dawn of the Metaverse" (MIT, 2007).




From eugen at leitl.org  Thu Feb 28 05:52:17 2013
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 28 Feb 2013 14:52:17 +0100
Subject: [liberationtech] Looking for collaborators for free-range 
  voting project at Knight News Challenge:
Message-ID: <20130228135217.GK6172@leitl.org>

----- Forwarded message from Edwin Chu <edwincheese at gmail.com> -----


From smuggingqx at rotanalive.com  Thu Feb 28 16:36:23 2013
From: smuggingqx at rotanalive.com (=?koi8-r?B?IvPUyczYztnFIN7B09kgz9QgNyA1OTkg0tXCzMXKISI=?=)
Date: Thu, 28 Feb 2013 19:36:23 -0500
Subject: =?koi8-r?B?+9fFysPB0tPLycUg3sHT2SEg8M/EwdLJ1MUg1sXO3cnOwc0g0s/Ty8/b?=
	=?koi8-r?B?ztnKINDPxMHSz8s=?=
Message-ID: <C8C24A764713484894F1650772BED7BF@jlou>

ﾐ｢ﾐｾﾐｻﾑ糊ｺﾐｾ 100% ref. ﾐｨﾐｲﾐｵﾐｹﾑ�ﾐｰﾑ�ﾑ�ﾐｺﾐｸﾑ� ﾐｧﾐｰﾑ�ﾐｾﾐｲ ﾐｿﾑ�ﾐｾﾐｸﾐｷﾐｲﾐｾﾐｴﾑ�ﾑひｲﾐｾ ﾐ岱ｵﾐｻﾑ糊ｳﾐｸﾐｸ. 
ﾐ｢ﾐｾﾐｻﾑ糊ｺﾐｾ  ﾐｨﾐｲﾐｵﾐｹﾑ�ﾐｰﾑ�ﾑ�ﾐｺﾐｸﾐｵ ﾐｼﾐｵﾑ�ﾐｰﾐｽﾐｸﾐｷﾐｼﾑ�. ﾐ墟ｾﾐｶﾐｰ. ﾐ厘ｾﾐｻﾐｾﾑひｾﾐｵ ﾐｽﾐｰﾐｿﾑ巾ｻﾐｵﾐｽﾐｸﾐｵ. ﾐ､ﾐｸﾐｰﾐｽﾐｸﾑび�. 
ﾐ寅ｰﾑ�ﾐｰﾐｽﾑひｸﾑ� ﾐｴﾐｾ 2ﾑ� ﾐｻﾐｵﾑ� 
ﾐｦﾐｵﾐｽﾑ� ﾐｾﾑ� 7  699 ﾑ�ﾑσｱﾐｻﾐｵﾐｹ!  
 
ﾐ頒ｾﾑ�ﾑひｰﾐｲﾐｺﾐｰ ﾐｿﾐｾ ﾐ慴ｾﾑ�ﾐｺﾐｲﾐｵ ﾐｸ  ﾐｲ ﾑ�ﾐｵﾐｳﾐｸﾐｾﾐｽﾑ�  ﾐ�ﾐｾﾑ�ﾑ�ﾐｸﾐｸ!
ﾐ頒ｰﾑ�ﾐｸﾑひｵ ﾑ�ﾐｵﾐｱﾐｵ ﾐｸ ﾐｴﾑ�ﾑσｳ ﾐｴﾑ�ﾑσｳﾑ� ﾑひｾﾐｻﾑ糊ｺﾐｾ  ﾐｺﾐｰﾑ�ﾐｵﾑ�ﾑひｲﾐｵﾐｽﾐｽﾑ巾ｵ ﾐｲﾐｵﾑ禍ｸ ﾐｽﾐｰ ﾐｴﾐｾﾐｻﾐｳﾐｸﾐｵ ﾐｳﾐｾﾐｴﾑ�.

ﾐ斷ｰﾑ� ﾑ�ﾐｰﾐｹﾑ�: www.ﾑ威ｲﾐｵﾐｹﾑ�ﾐｰﾑ�ﾐｸﾑ�-ﾑ�ﾐｰﾑ�ﾑ�.ﾑ�ﾑ�