From mv at cdc.gov Wed Sep 1 09:31:24 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 01 Sep 2004 09:31:24 -0700 Subject: making your own stamps Message-ID: <4135F95B.21C72C0C@cdc.gov> http://www.thesmokinggun.com/archive/0831041_photostamps_1.html?link=eaf From roy at rant-central.com Wed Sep 1 06:37:08 2004 From: roy at rant-central.com (Roy M. Silvernail) Date: Wed, 01 Sep 2004 09:37:08 -0400 Subject: Remailers an unsolveable paradox? In-Reply-To: <3891e44b4d78f79a4867c856a3893ddf@dizum.com> References: <3891e44b4d78f79a4867c856a3893ddf@dizum.com> Message-ID: <4135D084.4070507@rant-central.com> Nomen Nescio wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Are remailers an unsolveable paradox? > > Yes. Adios, Lemuria. Hate to see you go, but I understand completely. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFS SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From hal at finney.org Wed Sep 1 09:57:51 2004 From: hal at finney.org (Hal Finney) Date: Wed, 1 Sep 2004 09:57:51 -0700 (PDT) Subject: Remailers an unsolveable paradox? Message-ID: <20040901165751.33B1457E2C@finney.org> Spam is the least of the problems for remailers when it comes to abuse. You should be more concerned about possible liability for illegal messages. In a way, spam has actually made the remailer operator's life easier as people today are used to receiving annoying and obscene email. Ten years ago, when I ran a remailer, people were genuinely shocked to receive unsolicited pornography. Yes, it's hard to believe today, but in those quaint times, when the Internet was in black and white, most users got only a few email messages a day and they were all from their friends, family and co-workers. As far as spam, next-generation remailers should incorporate hashcash, www.hashcash.org, to make sending an anonymous message relatively costly. Let it take a minute or more to generate the "stamp" necessary for a message to enter the remailer system and spam will not be a problem, while legitimate users will have no barrier. Hal From mv at cdc.gov Wed Sep 1 10:03:00 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 01 Sep 2004 10:03:00 -0700 Subject: Remailers an unsolveable paradox? Message-ID: <413600C4.8ABC8358@cdc.gov> At 01:30 PM 9/1/04 +0200, Nomen Nescio wrote: > Yet we need >to make sure we're not abused too much since sooner or later laws >will catch up with the remailers should abuse sky-rocket. You need a Bill of Rights that specifies freedom of expression, and judges that understand it. Since you appear to be European, where eg singers can be busted for singing political songs, these ideas may be foreign to you. > Using techniques like Hashcash should be >more or less mandatory even today to make it harder to mailbomb or >send large amounts spam? Why is it not? Because when someone tells us that something is *mandatory*, we tell them to fuck off, and we put them on our watch list. OTOH nothing prevents you from 1. implementing a hashcash-based node 2. automatically filtering what you receive. > Regardless of what any hardcore cypherpunk or old-timers in the >remailer community may think about any ideas imposing restrains on >the useability of remailers something just have to be made about the >abuse of the system. Will no one think of the chiiildren? > Making sure we have robust remailing services in one shape or >another and at the same time have some kind of at least indirect >acceptance from legislators and also a low degree of spam flowing >through are essential goals. Any legislator seeking to control how people use a communications medium needs killing. > The average naive and ignorant redneck will never ever understand >the principal arguments for free speech that makes remailers useful. That's why mob rule^H^H^H^H democracy loses to the constitution. If you don't have the latter, you suffer the former. >The average american do not think and analyze what is told to him. Well duh. > Since providing a true non-censoring remailing service and at the >same time safeguard against spam and abuse are therotically >incompatible I guess remailers are indeed a paradox waiting to be >shut down sooner or later by politicians if we're not open to at >least discuss some aspects of how these services are operated. Why not use one of those "are you human" visually-distorted checks that various websites use? That is robust to automated spam. Adding *voluntary* hashcash to remailer injection nodes is another layer of defense in depth against spammers. BTW, while spam is abuse, is a threatening message really abuse, or just uncomfortable feedback? From jya at pipeline.com Wed Sep 1 10:05:44 2004 From: jya at pipeline.com (John Young) Date: Wed, 01 Sep 2004 10:05:44 -0700 Subject: Remailers an unsolveable paradox? In-Reply-To: <4135D084.4070507@rant-central.com> References: <3891e44b4d78f79a4867c856a3893ddf@dizum.com> <3891e44b4d78f79a4867c856a3893ddf@dizum.com> Message-ID: Remailers remain effective when you run your own as the first hop and accept no incoming remail. To be sure, if everyone did that no remailer would accept remails. Shhh. From camera_lumina at hotmail.com Wed Sep 1 07:10:50 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 01 Sep 2004 10:10:50 -0400 Subject: Remailers an unsolveable paradox? Message-ID: Some good points, Johnny. I'm not convinced Spam and the remailers are inherently incompatible. Or at least, I'm thinking there's a sort of uncertainty principle that should work between legit remailable messages and spam. it may be a tricky business, but I suspect that the need of spammers to send out huge numbers of messages may be exploitable. Hell...they may in some ways be an asset if handled correctly: Much easier to hide remailed messages in larger torrents than in sparsely trafficked remailer networks. And of course, it may be that the need to sell goods (ie, from a specific URL) means that anonymity is not so useful, particularly if there are time+bandwidth constraints on portions of the network (eg a remailer has a max bandwidth that gets throttled back if there's a large woosh of traffic in a certain period of time). So I don't think the problem is unsolvable, but I agree with your essential point that it needs looking into. -TD >From: Nomen Nescio >To: cypherpunks at al-qaeda.net >Subject: Remailers an unsolveable paradox? >Date: Wed, 1 Sep 2004 13:30:01 +0200 (CEST) > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Are remailers an unsolveable paradox? > > We want to be able to provide the means for whistleblowers and >others to communicate in a secure and anonymous fashion. Yet we need >to make sure we're not abused too much since sooner or later laws >will catch up with the remailers should abuse sky-rocket. > > Once upon a time all email servers were open relays. This was a >friendly time and spam wasn't invented. As time changed the focus >turned on securing the relaying procedures and has continued until >this day. Yet as we know the flow of spam (most of it coming directly >or indirectly from US) continued to increase, despite even existing >legislation today. > > What are the possible solutions for the remailers? Make all >remailers middleman only and adding the ability to opt-in for >delivery outside the network? Having a network of middleman remailers >and some nymservers that only delivers to other nymserver or opted-in >servers will at least provide some means for people to communicate >between themselves. It would in practise destroy the ability to >contact anyone outside the network though, making the network an >isolated place for a few. Using techniques like Hashcash should be >more or less mandatory even today to make it harder to mailbomb or >send large amounts spam? Why is it not? > > Regardless of what any hardcore cypherpunk or old-timers in the >remailer community may think about any ideas imposing restrains on >the useability of remailers something just have to be made about the >abuse of the system. I also predict that the abuse will increase so >time is ticking in a sense. > > Making sure we have robust remailing services in one shape or >another and at the same time have some kind of at least indirect >acceptance from legislators and also a low degree of spam flowing >through are essential goals. > > The average naive and ignorant redneck will never ever understand >the principal arguments for free speech that makes remailers useful. >The average american do not think and analyze what is told to him. >You will probably today find millions of americans who believe that >Saddam and Al-Qaeda did business just because Bush and the >administration lied about that initially, even though it's more or >less confirmed today that those links were not there. > > The rednecks also vote however (to some extent) and that's why it >will be a piece of cake to strike against the remailers if the >politicians would like to. And they will, if and when serious abuse >were to happen more often utilizing remailers. What would happen if >it was found (or simply suspected or claimed) that some terror deed >was planned using remailers? How long time would it take for us to >see new laws being proposed? Not long. And don't forget that anyone >(like Tom Ridge himself) could send bogues messages through the >system trying to > > Since providing a true non-censoring remailing service and at the >same time safeguard against spam and abuse are therotically >incompatible I guess remailers are indeed a paradox waiting to be >shut down sooner or later by politicians if we're not open to at >least discuss some aspects of how these services are operated. > > >Johnny Doelittle > > >-----BEGIN PGP SIGNATURE----- >Version: Tom Ridge Special v1.01 > >iQA/AwUBQTWdszVaKWz2Ji/mEQJlUwCfT/jWnw/p2ydTJTKMYKA5/hs+Dm8AoNoE >r9bl2EtJ3CQpZPgfkSPfGBWB >=B8dt >-----END PGP SIGNATURE----- > > > > > > Effective today, Lemuria will be going middlemen. > > > > Sometime around the middle of the month, Lemuria will go away. > > > > This is final. > > > > > > The main reasons are that I've lost my faith in the usefulness of > > the remailer network. I have indications that the remailer network > > is > > being massively abused, on the scale where the legitimate mails are > > a tiny fraction that would be better served using other means. > > > > There are two main reasons for my thoughts. One is I have looked at > > the bounces I receive, and compared their numbers to my statistics. > > According to that data, without having run a statistically > > significant analysis, the major traffic coming through Lemuria is > > Spam, with > > threats and harrassment a second. I realize that in the no-bounces, > > the fraction of legitimate mails will be higher, but even assuming > > a factor of 10, it is still a negligable part. > > > > Second, I've the mail attached below yesterday. In case you can't > > read german, it is essentially spam advertising the mixmaster > > software and some book and/or software I haven't tested, might be a > > mixmaster > > client, might be a trojan. This is a sign for me that the anonymous > > remailer network is being used systematically for abuse, on a large > > scale. I don't want to be a part of that. > > > > As mixmaster has no features whatsoever to prevent this crap, and > > the "encrypted only" switch doesn't do what it should do, and > > legitimate traffic is close to zero anyways, I'll be taking Lemuria > > down and > > leaving the remailer community. > > > > It was an interesting time, and between frog, the SciTol fanatics > > (from both sides) and a couple really cool people, I've learned a > > lot about society that I'm not sure I really needed to know. :) _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From morlockelloi at yahoo.com Wed Sep 1 10:18:24 2004 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Wed, 1 Sep 2004 10:18:24 -0700 (PDT) Subject: Remailers an unsolveable paradox? In-Reply-To: <3891e44b4d78f79a4867c856a3893ddf@dizum.com> Message-ID: <20040901171824.67284.qmail@web40603.mail.yahoo.com> > What are the possible solutions for the remailers? Make all > remailers middleman only and adding the ability to opt-in for Open wireless access points. No one said you are entitled to mail anonymously from the comfort of your home/office. Stop whining. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail From nobody at dizum.com Wed Sep 1 04:30:01 2004 From: nobody at dizum.com (Nomen Nescio) Date: Wed, 1 Sep 2004 13:30:01 +0200 (CEST) Subject: Remailers an unsolveable paradox? Message-ID: <3891e44b4d78f79a4867c856a3893ddf@dizum.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are remailers an unsolveable paradox? We want to be able to provide the means for whistleblowers and others to communicate in a secure and anonymous fashion. Yet we need to make sure we're not abused too much since sooner or later laws will catch up with the remailers should abuse sky-rocket. Once upon a time all email servers were open relays. This was a friendly time and spam wasn't invented. As time changed the focus turned on securing the relaying procedures and has continued until this day. Yet as we know the flow of spam (most of it coming directly or indirectly from US) continued to increase, despite even existing legislation today. What are the possible solutions for the remailers? Make all remailers middleman only and adding the ability to opt-in for delivery outside the network? Having a network of middleman remailers and some nymservers that only delivers to other nymserver or opted-in servers will at least provide some means for people to communicate between themselves. It would in practise destroy the ability to contact anyone outside the network though, making the network an isolated place for a few. Using techniques like Hashcash should be more or less mandatory even today to make it harder to mailbomb or send large amounts spam? Why is it not? Regardless of what any hardcore cypherpunk or old-timers in the remailer community may think about any ideas imposing restrains on the useability of remailers something just have to be made about the abuse of the system. I also predict that the abuse will increase so time is ticking in a sense. Making sure we have robust remailing services in one shape or another and at the same time have some kind of at least indirect acceptance from legislators and also a low degree of spam flowing through are essential goals. The average naive and ignorant redneck will never ever understand the principal arguments for free speech that makes remailers useful. The average american do not think and analyze what is told to him. You will probably today find millions of americans who believe that Saddam and Al-Qaeda did business just because Bush and the administration lied about that initially, even though it's more or less confirmed today that those links were not there. The rednecks also vote however (to some extent) and that's why it will be a piece of cake to strike against the remailers if the politicians would like to. And they will, if and when serious abuse were to happen more often utilizing remailers. What would happen if it was found (or simply suspected or claimed) that some terror deed was planned using remailers? How long time would it take for us to see new laws being proposed? Not long. And don't forget that anyone (like Tom Ridge himself) could send bogues messages through the system trying to Since providing a true non-censoring remailing service and at the same time safeguard against spam and abuse are therotically incompatible I guess remailers are indeed a paradox waiting to be shut down sooner or later by politicians if we're not open to at least discuss some aspects of how these services are operated. Johnny Doelittle -----BEGIN PGP SIGNATURE----- Version: Tom Ridge Special v1.01 iQA/AwUBQTWdszVaKWz2Ji/mEQJlUwCfT/jWnw/p2ydTJTKMYKA5/hs+Dm8AoNoE r9bl2EtJ3CQpZPgfkSPfGBWB =B8dt -----END PGP SIGNATURE----- > Effective today, Lemuria will be going middlemen. > > Sometime around the middle of the month, Lemuria will go away. > > This is final. > > > The main reasons are that I've lost my faith in the usefulness of > the remailer network. I have indications that the remailer network > is > being massively abused, on the scale where the legitimate mails are > a tiny fraction that would be better served using other means. > > There are two main reasons for my thoughts. One is I have looked at > the bounces I receive, and compared their numbers to my statistics. > According to that data, without having run a statistically > significant analysis, the major traffic coming through Lemuria is > Spam, with > threats and harrassment a second. I realize that in the no-bounces, > the fraction of legitimate mails will be higher, but even assuming > a factor of 10, it is still a negligable part. > > Second, I've the mail attached below yesterday. In case you can't > read german, it is essentially spam advertising the mixmaster > software and some book and/or software I haven't tested, might be a > mixmaster > client, might be a trojan. This is a sign for me that the anonymous > remailer network is being used systematically for abuse, on a large > scale. I don't want to be a part of that. > > As mixmaster has no features whatsoever to prevent this crap, and > the "encrypted only" switch doesn't do what it should do, and > legitimate traffic is close to zero anyways, I'll be taking Lemuria > down and > leaving the remailer community. > > It was an interesting time, and between frog, the SciTol fanatics > (from both sides) and a couple really cool people, I've learned a > lot about society that I'm not sure I really needed to know. :) From camera_lumina at hotmail.com Wed Sep 1 11:46:22 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 01 Sep 2004 14:46:22 -0400 Subject: Remailers an unsolveable paradox? Message-ID: Variola wrote... > > Making sure we have robust remailing services in one shape or > >another and at the same time have some kind of at least indirect > >acceptance from legislators and also a low degree of spam flowing > >through are essential goals. > >Any legislator seeking to control how people use a communications >medium needs killing. Well, although the sentiment is appreciated, I'm not sure it's well applied in this case. What this guy seems to be saying is that it's better to 'solve' the SPAM problem now rather than waiting for legislators to use Spam as a reason to try to shut down the remailers (and this seems distinctly possible particularly if George W makes it to his 3rd term!). I don't think the guy is looking for state-ish 'OK', but pointing out that things get a lot more difficult if/when remailers or their use is outlawed. Like back in the day when I used to toke on a regular basis...I sure was going to keep scoring nicklebags and whatnot, but my count would probably have been better at my potstore if it were legal. (And yes, a potstore...there's tons of them in NYC with plexiglass walls and a few canned food props lying around. You stand in line and order your nickel/dime bag just like buying tokens.) The hascash idea is OK, and obviously will work (as of now...the dividing line between human and machine is clearly not static, and smarter spam operations will start doing some segmentation analysis and then find it worthwhile to pay up). But the kind of person that may have legitimate need of a remailer may not understand and/or trust what would probably be necessary to use hashcash. And OK "that's their tough luck", but then I always feel there's safety in numbers. -TD _________________________________________________________________ Get ready for school! Find articles, homework help and more in the Back to School Guide! http://special.msn.com/network/04backtoschool.armx From sunder at sunder.net Wed Sep 1 13:38:59 2004 From: sunder at sunder.net (Sunder) Date: Wed, 1 Sep 2004 16:38:59 -0400 (edt) Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) Message-ID: Wheee! NYC==Police State for the last week for those of you living under rocks... ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- ---------- Forwarded message ---------- Date: Wed, 1 Sep 2004 15:26:13 -0400 From: Edward Potter To: grimmwerks Cc: wwwac Subject: Re: [wwwac] Yes, it's relevent! The cages on the Hudson, AKA Little Guantanamo He's out. You can't get near the place today. I tell people what happened and they can't believe it. I would not have believed it either, except I was there for 11 hours. Then another 15 hours downtown. Excellent first hand account here: http://nyc.indymedia.org/newswire/display/107675/index.php If I had not been arrested, I would not have known anything like this was going on. 1000- 2000 people, in barb-wire cages, at this very moment on the Hudson River. No joke. Totally surrounded by police. ACLU lawyers, Reporters, everyone being denied access. Just starting to hit the media. -ed On Sep 1, 2004, at 2:57 PM, grimmwerks wrote: > I read the same thing - and the guy with the bike is STILL there? And > held > on what grounds? Has any pics surfaced yet? > > > On 9/1/04 2:51 PM, "Edward Potter" wrote: > >> I cross posted this to the Politics list, just getting so little media >> coverage, and yes, I met a few Java Programmers there, plus the guy >> that has the bike that writes messages by WifI got nailed by the >> police >> too (writing "America Home of the Free") ... so I guess hopefully the >> word gets out. >> --------------- >> >> Does anyone on this list know there are now up to 2000 people >> imprisoned in barb-wire cages on the Hudson River that don't know what >> their charges are, have not had any rights read to them and are being >> denied any access to any legal representation? >> >> I was there, it was real. It would blow your mind. YOU HAVE NEVER SEEN >> ANYTHING LIKE IT IN AMERICA BEFORE. >> >> Or as the police call it: Little Guantanamo >> >> Keep up with the news here: >> http://nyc.indymedia.org > > > ## The World Wide Web Artists' Consortium - http://www.wwwac.org/ ## ## To Unsubscribe, send email to: wwwac-unsubscribe at lists.wwwac.org ## From measl at mfn.org Wed Sep 1 18:30:34 2004 From: measl at mfn.org (J.A. Terranson) Date: Wed, 1 Sep 2004 20:30:34 -0500 (CDT) Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) In-Reply-To: References: Message-ID: <20040901202752.A96718@ubzr.zsa.bet> On Wed, 1 Sep 2004, Sunder wrote: > except these cops don't (yet?) have tanks Actually, in New York, they do. At least they *did* when I lived there, all the way up to 1985. They had exactly one tank (used to mow down the drug houses in AlphabetTown), and an APC. Oh, and the PD helicopters were bought, paid for, and maintained through inventive use of the "Auxiliary Police" program (more appropriately the Placebo Police program. STOP or I'll hurt myself!). -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From camera_lumina at hotmail.com Wed Sep 1 17:34:06 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 01 Sep 2004 20:34:06 -0400 Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) Message-ID: >Wheee! NYC==Police State for the last week for those of you living under >rocks... Not totally. That cop on a scooter rightfully got the crap kicked out of him for mowing down demonstrators. They can gain local, temporary control but if we take to the streets en masse then there's not much they can do, and they know it. -TD _________________________________________________________________ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx From sunder at sunder.net Wed Sep 1 18:02:18 2004 From: sunder at sunder.net (Sunder) Date: Wed, 1 Sep 2004 21:02:18 -0400 (edt) Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) In-Reply-To: References: Message-ID: Um, don't know what you've been smoking but: a. there is no "we", except individuals with the freedom to chose their own actions. b. cops have guns. c. some cops have armor and semi (or full?) automatics along with the "non-lethal" weaponry. d. non-cops don't and aren't allowed to carry the same weaponry. (Unless your version of "we" includes some arsenal and has been watching lots of A-Team reruns, I doubt that there's not much the cops can't do and mostly get away with it.) Yeah, "Not totally." Just like Red China isn't a total totalitarian state, and it allowed the students at Tienamen Sq to demonstrate. We're not too far away from that, except these cops don't (yet?) have tanks and as far as has been reported in the media, haven't murdered anyone in the protests, and that the arrested have been let out a few days later rather than tortured. It's certainly inching towards totalitarianism and away from "the right of the people peaceably to assemble, and to petition the government for a redress" (not, there's nothing in that text about protest pens, open your bag searches, show me your ID, or protest permits.) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Wed, 1 Sep 2004, Tyler Durden wrote: > Not totally. That cop on a scooter rightfully got the crap kicked out of him > for mowing down demonstrators. > > They can gain local, temporary control but if we take to the streets en > masse then there's not much they can do, and they know it. From camera_lumina at hotmail.com Wed Sep 1 19:46:54 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 01 Sep 2004 22:46:54 -0400 Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) Message-ID: >a. there is no "we", except individuals with the freedom to chose their >own actions. Bullshit. Live in New York for a while and you'll see there's a "we". >b. cops have guns. So do we, and guns they're not allowed to have. (Well, we're not allowed to have 'em either...) >Yeah, "Not totally." Just like Red China isn't a total totalitarian state, >and it allowed the students at Tienamen Sq to demonstrate. We're not too >far away from that, except these cops don't (yet?) have tanks and as far >as has been reported in the media, haven't murdered anyone in the >protests, and that the arrested have been let out a few days later rather >than tortured. This ain't Red China. We're armed and not peaceful. We're not cream of the crop, true-believer Beijing DaXue types like the Chinese kids in TianAnMen Fang. If we grew up here we know how to fight back, and we will after a certain point. >It's certainly inching towards totalitarianism and away from "the right of >the people peaceably to assemble, and to petition the government for a >redress" (not, there's nothing in that text about protest pens, open your >bag searches, show me your ID, or protest permits.) Well, I didn't say it was going to be a downhill ride. But you're clearly "not from around here, are you boy"? Try growing up in Washington Heights and Brooklyn, and you'll understand why the cops were nervous enough to even try this kind of shit. This ain't the nice little suburb you do your contract programming in...this is New York City. We only obey the law because we know there's a thin line between order and chaos in this town. -TD > > >----------------------Kaos-Keraunos-Kybernetos--------------------------- > + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ > \|/ :They never stop thinking about new ways to harm our country /\|/\ ><--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ > /|\ : \|/ > + v + : War is Peace, freedom is slavery, Bush is President. >------------------------------------------------------------------------- > >On Wed, 1 Sep 2004, Tyler Durden wrote: > > > Not totally. That cop on a scooter rightfully got the crap kicked out of >him > > for mowing down demonstrators. > > > > They can gain local, temporary control but if we take to the streets en > > masse then there's not much they can do, and they know it. _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From bill.stewart at pobox.com Wed Sep 1 22:55:29 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 01 Sep 2004 22:55:29 -0700 Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) In-Reply-To: <20040901202752.A96718@ubzr.zsa.bet> References: <20040901202752.A96718@ubzr.zsa.bet> Message-ID: <200409020601.i82618XQ018375@positron.jfet.org> >On Wed, 1 Sep 2004, Sunder wrote: > > except these cops don't (yet?) have tanks >Actually, in New York, they do. At least they *did* when I lived there, >all the way up to 1985. They had exactly one tank (used to mow down the Middletown NJ has one also (about an hour from the city by car, YMMV by tank.) Back in the revolutionary days of the 60s and 70s, the police chief, who was actually named Joe McCarthy and tried to live up to the name, was concerned that the Puerto Ricans in the ethnic neighborhoods along the shore might get uppity and take over the naval base, which everybody knew had Nuke-u-lur Weapons even though they'd never admit it, and the naval base might not be able to defend itself against a mob, so he convinced the town council that they needed to buy a tank. I haven't seen it, but one of my friends said that when he last saw it, it hadn't been moved in a while and had sunk about a foot into the mud. (When I'd first heard they had a tank, I'd assumed it was really some amphibious military vehicle they used for hauling cars out of the swamps or something, but no, it's a regular tank.) Bill From bill.stewart at pobox.com Wed Sep 1 23:01:15 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 01 Sep 2004 23:01:15 -0700 Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) In-Reply-To: References: Message-ID: <200409020603.i8263Elv018455@positron.jfet.org> At 07:46 PM 9/1/2004, you wrote: > This ain't the nice little suburb you do your contract programming in... > this is New York City. We only obey the law because we know there's a > thin line between order and chaos in this town. Hey, those cops aren't here to create disorder, they're here to preserve disorder.... From mv at cdc.gov Thu Sep 2 10:04:48 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 02 Sep 2004 10:04:48 -0700 Subject: The cages on the Hudson, AKA Little Guantanamo (fwd) Message-ID: <413752B0.4085A507@cdc.gov> At 10:55 PM 9/1/04 -0700, Bill Stewart wrote: >Puerto Ricans in the ethnic neighborhoods along the shore >might get uppity and take over the naval base, which everybody knew >had Nuke-u-lur Weapons even though they'd never admit it, >and the naval base might not be able to defend itself against a mob, >so he convinced the town council that they needed to buy a tank. Its quite clear (from the Empire Wars in the middle east) that the 2nd amendment requires citizens to bear RPGs to defeat tyranny. Alas, even neutered rifles are illegal in many places; thus among the first order of business will be to raid the Armories for the right tools. ---- And I'm tired of all these soldiers here And everything's broken, And no one speaks english.. -Tom Waits From beberg at mithral.com Thu Sep 2 20:39:09 2004 From: beberg at mithral.com (Adam L Beberg) Date: Thu, 02 Sep 2004 22:39:09 -0500 Subject: [FoRK] Veeery Intewesting... Message-ID: http://www.sianews.com/modules.php?name=News&file=article&sid=1062 There over 800 prison camps in the United States, all fully operational and ready to receive prisoners. They are all staffed and even surrounded by full-time guards, but they are all empty. These camps are to be operated by FEMA (Federal Emergency Management Agency) should Martial Law need to be implemented in the United States and all it would take is a presidential signature on a proclamation and the attorney general's signature on a warrant to which a list of names is attached. Ask yourself if you really want to be on Ashcroft's list. ... -- Adam L. Beberg - beberg at mithral.com http://www.mithral.com/~beberg/ _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From shaddack at ns.arachne.cz Thu Sep 2 19:44:58 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 3 Sep 2004 04:44:58 +0200 (CEST) Subject: gmail as a gigabyte of an external filesystem In-Reply-To: <0408291853030.-1210261228@somehost.domainz.com> References: <0408291853030.-1210261228@somehost.domainz.com> Message-ID: <0409030403580.10722@somehost.domainz.com> On Sun, 29 Aug 2004, Thomas Shaddack wrote: > Question for the crowd: How difficult it would be to write a suitable > crypto engine as a plug-in module for FUSE itself? Then we could have > support for encrypted files on any filesystem accessible through FUSE. > > ----------- > http://www.boingboing.net/2004/08/29/turn_gmail_storage_i.html It seems that there is a solution Out There already, in the form of EncFS. See http://arg0.net/users/vgough/encfs.html Mount the GmailFS as eg. /mnt/gmail, and then mount encfs to eg. /mnt/gmailsec with /mnt/gmail as its root. Voila, problem solved! (At least theoretically. I didn't test it.) What are your thoughts on EncFS, please? Related note: Is there a way to encrypt a removable medium, eg. a CD or DVD disk, in a way that makes it readable under all major OSs (with the required add-ons installed), namely Linux, BSD, and Windows 98/2000/XP? The appeal (and a certain disadvantage) of EncFS is its file-oriented approach, making it easy to have a portable userspace decoding utility, for data access anywhere if you got the password. From camera_lumina at hotmail.com Fri Sep 3 05:57:06 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 03 Sep 2004 08:57:06 -0400 Subject: [FoRK] Veeery Intewesting... (fwd from beberg@mithral.com) Message-ID: Well, W did say he'd do "whatever is necessary". -TD >From: Eugen Leitl >To: cypherpunks at al-qaeda.net >Subject: [FoRK] Veeery Intewesting... (fwd from beberg at mithral.com) >Date: Fri, 3 Sep 2004 11:10:24 +0200 > >----- Forwarded message from Adam L Beberg ----- > >From: Adam L Beberg >Date: Thu, 02 Sep 2004 22:39:09 -0500 >To: FoRK >Subject: [FoRK] Veeery Intewesting... >User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803) > >http://www.sianews.com/modules.php?name=News&file=article&sid=1062 > >There over 800 prison camps in the United States, all fully operational >and ready to receive prisoners. They are all staffed and even surrounded >by full-time guards, but they are all empty. These camps are to be >operated by FEMA (Federal Emergency Management Agency) should Martial >Law need to be implemented in the United States and all it would take is >a presidential signature on a proclamation and the attorney general's >signature on a warrant to which a list of names is attached. Ask >yourself if you really want to be on Ashcroft's list. > >... > >-- >Adam L. Beberg - beberg at mithral.com >http://www.mithral.com/~beberg/ >_______________________________________________ >FoRK mailing list >http://xent.com/mailman/listinfo/fork > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07078, 11.61144 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE >http://moleculardevices.org http://nanomachines.net > >[demime 1.01d removed an attachment of type application/pgp-signature] _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From mv at cdc.gov Fri Sep 3 09:47:16 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 03 Sep 2004 09:47:16 -0700 Subject: whatever is necessary Message-ID: <4138A014.74211D00@cdc.gov> At 08:57 AM 9/3/04 -0400, Tyler Durden wrote: >Well, W did say he'd do "whatever is necessary". I caught the last bit of Bush's rant. The scary part was him talking about the "resurrection" of NYC. Given how his little bubble-brain is addicted to xianity, and his coterie has geo-political messianic delusions, this is not good. Just heard Clinton's going in the hospital to get a heart. Maybe W can get a brain? And Rummy some courage? Maybe Frances is Nature reminding FLA to shape up this time.. From eugen at leitl.org Fri Sep 3 02:10:24 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 3 Sep 2004 11:10:24 +0200 Subject: [FoRK] Veeery Intewesting... (fwd from beberg@mithral.com) Message-ID: <20040903091023.GU1458@leitl.org> ----- Forwarded message from Adam L Beberg ----- From eugen at leitl.org Fri Sep 3 02:25:43 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 3 Sep 2004 11:25:43 +0200 Subject: Big Brother in perfidous Albion Message-ID: <20040903092543.GX1458@leitl.org> http://www.cnn.com/2004/TECH/ptech/08/31/constantsurveillance.ap/index.html Big Brother watches Britain Will the technology find acceptance in U.S.? Tuesday, August 31, 2004 Posted: 10:55 AM EDT (1455 GMT) LONDON, England (AP) -- The teenagers who stabbed wealthy Joao Da Costa Mitendele to death before burgling his home were careful to conceal the crime. They used a pretty girl to gain access to his apartment, where they wore rubber gloves while committing their crimes. What they hadn't counted on was the phalanx of video cameras that silently watched and recorded them leaving the local subway station, buying those gloves and approaching 45-year-old Mitendele's apartment in suburban north London. The same cameras caught their hasty return journey to the station half an hour later. The tapes sealed the fate of the so-called "Honey Trap" gang when played in court earlier this year. Seven of the group were convicted of offenses ranging from manslaughter to conspiracy to rob and sent to jail for a minimum of seven years each. Big Brother is always watching in Britain. An estimated 4.2 million closed-circuit TV cameras observe people going about their everyday business, from getting on a bus to lining up at the bank to driving around London. It's widely estimated that the average Briton is scrutinized by 300 cameras a day. The phenomenon is enabled by the arrival of digital video, cheap memory and sophisticated software. And Britain is acknowledged as the world leader of Orwellian surveillance -- perhaps because it has the experience of Irish terrorism, and is on guard for even worse today. Authorities maintain the cameras deter crime, and despite some claims to contrary and the outrage of civil libertarians, the public seems willing to accept the constant monitoring for the greater good. In the past two months, British police used or publicized CCTV imagery during investigations into a 12-year-old robbing a store at gunpoint, the disappearance of a doctor, attacks by a serial rapist, a father and son hit by a train, laptops stolen from a school and a soccer riot. Cameras loom over city centers, shopping malls, train stations, university grounds, public parks, beaches, airports, offices and schools. "Britain, almost without anyone noticing, has become the surveillance capital possibly of the world, certainly of Europe," said Barry Hugill, a spokesman for the civil rights group Liberty. The cameras are concentrated mostly in the main cities. In London alone, the train stations contain 1,800 cameras. And there are more than 6,000 cameras in the London Underground -- including at Edgware Station in north London where Mitendele's killers were caught on tape -- and 260 around Parliament. "The uses are absolutely phenomenal. In some places, there are cameras in schools in the classroom so parents can be shown the footage if a child misbehaves," said Peter Fry, spokesman for the CCTV Users Group. The ability to store images digitally has played a key role in fostering the industry's growth. Gas stations around the country are testing automatic number plate recognition to catch people who fill up but don't pay. The technology is also being used to enforce London's $9 charge for vehicles entering the city center. A police database scans license plate numbers for everything from suspected terrorists to traffic offenders. Other video-cam networks use software that instructs the cameras to pick up unusual activity. "They can identify something, like a bag in an airport, that shouldn't be part of the scene," said Fry. In London's busy Soho district, officials are using wireless CCTV cameras that can be moved in less than an hour, allowing police to quickly target crime hotspots. The portable cameras are also cheaper to install than fixed cameras. Some critics say the scheme will simply push crime further out but Simon Norbury, head of IT at Westminster City Council, said the cameras' mobility would keep criminals on their toes. "As the problem moves, we move with it and can blitz it," said Norbury. In the next phase of the Soho trial, the cameras will be viewed and controlled by a mobile response unit, allowing quick deployment of officers in the event of an incident. The abduction was recorded by this parking lot surveillance camera in the U.S. The abduction was recorded by this parking lot surveillance camera in the U.S. Soho resident Brooke Hartney, 24, a cafe manager, said she felt comforted by the cameras, including a fixed one right outside her apartment bedroom window. "I do feel safer knowing that Big Brother is watching. I'd walk around here at 5 a.m. but I wouldn't out in the suburbs," Hartney said. "I guess I just take the cameras for granted and hope that they are going to help me one way or another if I need it." An earlier form of CCTV -- back in the day of videotapes monitored, changed and rewound by workers -- was embraced in Britain after two deadly IRA bombings in London in 1992 and 1993. CCTV also caught the 1993 abduction of toddler James Bulger by two 10-year-old boys who were later convicted of his murder. Some British communities have even asked for cameras to be installed on their streets, seeking to scare off prostitutes and drug dealers. In his new book, "The Naked Lunch, Reclaiming Security and Freedom in an Anxious Age," American author Jeffrey Rosen expressed amazement at the easy acceptance. "Instead of being perceived as an Orwellian intrusion, the cameras in Britain ... were hailed as the people's technology, a friendly eye in the sky, not Big Brother but a kindly and watchful uncle or aunt," he wrote. Now Britain is beginning to export its expertise. Fry's industry group has just incorporated in the United States, and reports particular interest from universities and schools. Britain contributed to the network of more than 1,000 cameras that watched over the Olympics in Athens. The London-based Autonomy Corp., whose clients include the U.S. National Security Agency, provided technology that examines words and phrases collected by surveillance cameras and in communications traffic. In much of the rest of the world, the technology is viewed with more suspicion. The use of cameras to film people in the street is banned in Germany -- although it uses cameras to catch speeders _ Canada, Denmark and several other countries. In the United States, CCTV is use primarily at airports, casinos and in city centers -- Manhattan has almost 2,400 cameras patrolling its streets. However, not everyone in Britain is happy with the seemingly relentless march of CCTV across the country. Last year, a 47-year-old man won $14,400 in damages following public airing of CCTV footage of police preventing his suicide attempt. There have also been incidents of nightclubs selling footage of couples having sex to TV stations. The Trades Union Council has warned of a rise in the illegal use of cameras to monitor employee behavior. Will Kittow, 38, a van driver enjoying a coffee break in Soho, said he was concerned about how many times he is captured on film driving around London and just who else has access to the information recorded by CCTV that is enough to send him a parking ticket. "All this information is going somewhere. It doesn't take a genius to work out that it is going to be misused, even if it is only petty larceny," said Kittow. Ian Brown, a researcher at the Foundation for Information Policy Research, said that CCTV has been shown to work only in detecting car theft and shoplifting. It doesn't prevent rape or assault, he said. A study by crime reduction charity NACRO found the technology reduced crime by only 3 percent to 4 percent while better street lighting led to a 20 percent reduction. The Home Office is conducting its own evaluation. "Much of it is deeply intrusive," said Brown. "There's an illusion that it makes people safe when it does no such thing." Copyright 2004 The Associated Press. All rights reserved.This material may not be published, broadcast, rewritten, or redistributed. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From adam at cypherspace.org Fri Sep 3 08:37:03 2004 From: adam at cypherspace.org (Adam Back) Date: Fri, 3 Sep 2004 11:37:03 -0400 Subject: gmail as a gigabyte of an external filesystem In-Reply-To: <0409030403580.10722@somehost.domainz.com> References: <0408291853030.-1210261228@somehost.domainz.com> <0409030403580.10722@somehost.domainz.com> Message-ID: <20040903153703.GA23313@bitchcake.off.net> Don't know anything about EncFS, but you could also use loopback encryption on top of gmailfs. Just make a large file in gmail fs, and make a filesystem in it via loopback virtual block device-in-a-file. Adam On Fri, Sep 03, 2004 at 04:44:58AM +0200, Thomas Shaddack wrote: > On Sun, 29 Aug 2004, Thomas Shaddack wrote: > > > Question for the crowd: How difficult it would be to write a suitable > > crypto engine as a plug-in module for FUSE itself? Then we could have > > support for encrypted files on any filesystem accessible through FUSE. > > > > ----------- > > http://www.boingboing.net/2004/08/29/turn_gmail_storage_i.html > > It seems that there is a solution Out There already, in the form of EncFS. > See http://arg0.net/users/vgough/encfs.html > > Mount the GmailFS as eg. /mnt/gmail, and then mount encfs to eg. > /mnt/gmailsec with /mnt/gmail as its root. > > Voila, problem solved! (At least theoretically. I didn't test it.) > > What are your thoughts on EncFS, please? From rah at shipwright.com Fri Sep 3 11:04:17 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 3 Sep 2004 12:04:17 -0600 Subject: PGP Identity Management: Secure Authentication and Authorization over the Internet Message-ID: Click for illustrations, etc... Cheers, RAH -------- PGP Corporation - Resources - CTO Corner United States | International? Resources > CTO Corner > Guest Contributors > PGP Identity Management Welcome CTO Corner Data Sheets Flash Government Regulations Webcasts White Papers PGP Identity Management: Secure Authentication and Authorization over the Internet By Vinnie Moscaritolo, PGP Cryptographic Engineer 3 September 2004 Abstract Access to computer services has conventionally been managed by means of secret passwords and centralized authentication databases. This method dates back to early timeshare systems. Now that applications have shifted to the Internet, it has become clear that the use of passwords is not scalable or secure enough for this medium. As an alternative, this paper discusses ways to implement federated identity management using strong cryptography and the same PGP key infrastructure that is widely deployed on the Internet today. Beyond Passwords The inherent security weakness and management complexities of password-based authentication and centralized authorization databases make such systems inadequate for the real-world requirements of today's public networks. However, by applying the same proven cryptographic technology used today for securing email, we can construct a robust authentication system with the following goals in mind: * Provide a single sign-on experience in which users only need to remember one password, yet make it less vulnerable to "cracking" (hacking) attempts. * Employ strong user authentication, extendable to multi-factor methods such as tokens or smart cards. The only copy of the authenticating (secret) material is in the possession of the user. * Design such a system so it does not depend on any trusted servers and so that the compromise of any server does not affect the security of other servers or users. * Build on existing and well-accepted infrastructures that scale to fit a very large base of users and servers. * Enable users to sign on to the networks of more than one enterprise securely to conduct transactions. Authentication with Cryptographic Signatures Email communications via the Internet face a security challenge similar to network user authentication. Messages traveling through public networks can be eavesdropped or counterfeited without much effort. Yet we have been able to successfully mitigate these risks by using public key cryptography to digitally sign and authenticate email messages. With public key cryptography, each user generates a pair of mathematically related cryptographic keys. These keys are created in such a way that it is computationally infeasible to derive one key from the other. One of the keys is made publicly available to anyone who wishes to communicate with that user. The other key is kept private and never revealed to anyone else. This private key can be further secured by either placing it in a hardware token, encrypting it to a passphrase, or sometimes both. The holder uses the private key to digitally sign data. This digital signature can later be checked with the matching public key to ensure the data has not been tampered with and that it originated from the holder of the private key. Because the holder of the private key is the only entity that can create a digital signature that verifies with the corresponding public key, there is a strong association between a user's identity and the ability to sign with that private key. Thus, a digital signature is strong testimony to the authenticity of the sender. Cryptographic Challenge-Response Because the public key functions as a user's identity in cyberspace, we can apply digital signatures to strongly authenticate users of network services. One way to do this is to challenge the user to sign a randomly generated message from the server. The server then verifies the identity of the user with the public key. This process is illustrated below. 1. The user initiates network service access. 2. The server looks up the user's public key in its authentication database. The server then generates a random challenge string and sends the challenge to the client. 3. The client digitally signs the challenge string and returns the cryptographic signature to the server. The client also sends a counter-challenge string, which is used to verify the server's authenticity. 4. The server then checks the client's signature, and if successful, grants access. It also signs and returns the client's counter-challenge. The use of such cryptographic user authentication offers a number of advantages over password-based systems. For example, if we employ the same key used to sign email, user authentication becomes as strong as the applied cryptographic digital signature algorithm. This approach reduces the need for users to periodically change the password, yet means they only need to remember one passphrase for all servers using this system. In addition, because the user maintains the only secret material in the system, compromising a server's user database results in only limited damage. All this can be accomplished without the risks associated with passphrase caches or key chains. PGPuam - Proof of Concept A public key login system was originally prototyped by the author as PGPuam and later distributed as sample code by Apple Computer in 1998 [PGPUAM]. Consisting of an AppleShare-IP client and server plugin, the system enabled a user to perform two-way strongly authenticated logins to an AppleShare-IP server from a Mac OS client. The cryptographic routines were provided by the PGP Software Development Kit (SDK) shipped with PGP 6.0. The user interface was an extension of the existing AppleShare login and is illustrated below. Although entirely functional, the PGPuam sample was never intended to be a shipping product. Rather, it was meant to be a practical demonstration of why public key cryptography should be treated as a core operating system component. Unfortunately in the late 1990s, cryptography was mired in both commercial and political constraints and widespread public key infrastructure (PKI) was slow to solidify. Nevertheless, PGPuam was successful in demonstrating that cryptography could be used for more than encrypting email. (Note that AppleShare-IP was just a convenient test platform. This concept is portable to file servers that support plugin authentication modules such as Apache modules or Windows GINA Authentication DLL.) Authentication vs. Authorization Although the PGPuam authentication effectively addresses most password management and single sign-on issues, it does nothing for user authorization. File servers still have to maintain some form of user-file access control database. Managing and maintaining these user authorization databases securely quickly become cumbersome for server administrators when more than a handful of servers are involved. Consider, for example, what happens when a new user wishes to gain access to a server. The system administrator must create an account and add the user's name and access information to the appropriate server database. If the user wishes to access a number of servers, this process must be duplicated and kept synchronized on each server. This process is further exacerbated when the servers are owned by different organizations. Conversely, when a user departs from an organization, each of the servers must then be updated to reflect this change. Often, removed users are overlooked and left active on servers managed by different departments, thus creating a security risk. Although have been a number of attempts to create automated systems to replicate or centralize the authorization databases, such as Kerberos, they all seem to share the following drawbacks: * The authorization server itself must be physically secure and is a critical link in the security chain. * Each server must be in communication with the authorization server to verify user identity and authorizations. This could be an unreasonable requirement for remote sites or devices such as a door badge reader, for example. * The authorization server is an ideal target for denial-of-service attacks because they affect all the servers managed by it. PGPticket - Secure Federated User Authorization A number of papers have described ingenious alternatives for distributing network service authorization [BFL] [SPKI]. In particular, the Simple Public Key Infrastructure (SPKI) model introduces a change in how authorization is performed for network services. Instead of maintaining a per-server database of users' names, passwords, and their corresponding access rights, we can apply digital-signature technology to create an authorization certificate. Think of this certificate as a digital "permission slip," valid only for a specific user's key over a certain period of time. The authorization certificate is signed by the organization or a proxy that owns the server and presented by the user upon accessing a restricted service. One way to encapsulate these certificates is in the form of an OpenPGP standalone signature packet [OPENPGP]. These packets, known as PGPtickets , form the basis of a lightweight but very secure federated authorization protocol [PGPTICKET]. Each PGPticket contains the following fields: * The ISSUER who generates and signs the certificate, represented by a PGP Key-ID. * The SUBJECT, the principal or set of principals to which the certificate grants its authorization. A combination of KeyID, algorithm ID and key fingerprint is used to represent the subject. * VALIDITY is some combination of dates or online tests specifying the validity period/conditions of the certificate-typically, a creation and expiration date. This field might be useful for a school that wants to allow access to facilities for a limited period such as a term. * AUTHORIZATION is a structured field expressing the authorization this certificate grants to the subject. This data could be represented as SAML or some form of XML. * DELEGATION is a flag that indicates if the subject is allowed to delegate the specified authorization further. PGPtickets can be issued in or out of band and are uniquely identified by the hash of the ticket packet, known as its Ticket-ID. The issuer verifies the subject's key information through standard practice, such as key fingerprint. Unless there is a specific requirement to encrypt the signed tickets, they can be returned via cleartext email or even placed on a public website and accessed by the Ticket-ID. The subject can even store the ticket in a database, smart card, or token. The following illustrates the process of accessing a service with a PGPticket: 1. The user requests server access from the system admin. The user provides either a copy of his/her public key or makes the key available on a keyserver. The issuer verifies the validity of this key. 2. The administrator generates the PGPticket with appropriate authorizations and validity information, signing the ticket with the server admin key. The ticket is either posted in a public place or sent by email to the user. 3. The user retrieves the PGPticket and stores it in a local ticket database. 4. When the user attempts to access a network service, the client searches its ticket database for the appropriate ticket and sends a copy of it along with the access request. 5. The server checks the validity of the ticket by verifying the admin signature and expiration date of the ticket. The server then generates a random challenge string and sends the challenge to the client, requesting that the key specified in the ticket sign it. 6. The client signs and returns the challenge, which is checked by the server and, if successful, access is granted with the authorizations specified in the ticket. The server only requires a copy of the root issuer's public key. It does not need to store copies of the subject's public keys because the key fingerprint is signed into the ticket body. The subject public key can be provided by request from the client and cached for later use. The same is true for delegated tickets. There is no specific requirement for a certifying authority, although its use is certainly not precluded and would make PGPtickets usable for small sites as well as enterprises. One of the more interesting features of this design is that it enables the servers to function without access to a keyserver, independent of outside influences and resilient to denial-of-service attacks. This approach allows the use of PGPtickets for standalone devices where no network connection is practical, which opens a number of possibilities. PGPtickets can be transported in a token or Bluetooth device, and not only used for such things as Web Service or VPN access but also for restricted door access. In essence, PGPtickets could extend the usefulness of the PGP PKI to the physical world. PGPcoupon - Building on XML Web Services Other interesting possibilities occur when you consider that PGPticket piggybacks on the flexibility of the PGP key infrastructure. Consider a system that produced tickets automatically through some pay-per-use service and combine that with anonymous keys. Or what about using the key-splitting features to create a ticket that needs a certain amount of shares for service access? Another possibility is to mix the technologies of PGPticket and XML object Web Services. A client could post a Web request for a proposal whereby vendors could reply with a PGP-signed coupon that would be honored by various distributors for a given period. For example, imagine a school wants to purchase a number of books; various vendors compete for the order and send replies. In the replies is a 20% off PGPcoupon that Amazon or BN.com would honor. The client could then present this coupon upon purchase and have the transaction processed automatically. Conclusion I have outlined a number of alternate uses for PGP technology that go far past email encryption. Most of these designs have been around for a number of years, but were untapped because of political or commercial restraints and, at times, lack of vision. Fortunately, the environment has changed and cryptographic technology can be used to solve a number of real-world identity management problems today. References [OPENPGP] Callas, J., Donnerhacke, L., Finney, H., Thayer, R. "OpenPGP Message Format." RFC 2440, November 1998 [SPKI] Ellison, C. "SPKI Requirements." RFC 2692, September 1999 Ellison, C., Frantz, B., Lampson, B., Rivest, R. "SPKI Certificate Theory." RFC 2693, September 1999 [BFL] Blaze, M., Feigenbaum, J., and Lacy, J. "Decentralized Trust Management." Proceedings 1996 IEEE Symposium on Security and Privacy. [PGPTICKET] Moscaritolo, V. "PGPticket - A Secure Authorization Protocol." Mac-Crypto Workshop, October 1998 Moscaritolo, V., Mione, A. draft-ietf-pgpticket-moscaritolo-mione-02.txt [PGPUAM] Moscaritolo, V. "PGPuam - Public Key Authentication for AppleShare-IP." Mac-Crypto Workshop, October 1998 "Now that applications have shifted to the Internet, the use of secret passwords is not scalable or secure enough. Instead, there are ways to implement federated identity management using strong cryptography and same PGP key infrastructure that is widely deployed on the Internet today." - Vinnie Moscaritolo, PGP Cryptographic Engineer Related Links * Expert advice from Jon Callas: "Encryption 101 - Triple DES Explained" * Video: HNS interview with Jon Callas * Summary: HNS interview with Jon Callas Company | Privacy Statement | Legal Notices | Site Map )2002-2004 PGP Corporation. All Rights Reserved. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Fri Sep 3 08:46:18 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 3 Sep 2004 17:46:18 +0200 (CEST) Subject: gmail as a gigabyte of an external filesystem In-Reply-To: <20040903153703.GA23313@bitchcake.off.net> References: <0408291853030.-1210261228@somehost.domainz.com> <0409030403580.10722@somehost.domainz.com> <20040903153703.GA23313@bitchcake.off.net> Message-ID: <0409031739350.0@somehost.domainz.com> On Fri, 3 Sep 2004, Adam Back wrote: > Don't know anything about EncFS, but you could also use loopback > encryption on top of gmailfs. Just make a large file in gmail fs, and > make a filesystem in it via loopback virtual block device-in-a-file. According to the shards of knowledge about GmailFS (gained on Slashdot), every file write sends the entire file to the Gmail mailbox. So this approach would be VERY taxing on the bandwidth. (Besides, even "free" resources should be conserved, whenever practical.) For GmailFS, we need a file-oriented approach, for which the EncFS one is perhaps the best of the few ones known to me. (A workaround could be to modify the loopback driver, so instead of one loop file one could use a directory with a suitable number of "clusters" of suitable size. Could be useful for the situations where we need a filesystem realized on a device allowing file access with coarse granularity, without easy random access to file offsets. But I am not sure if it is worth the hassle. (Sure is, just find the proper scenario.)) From nobody at cypherpunks.to Fri Sep 3 17:10:49 2004 From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer) Date: Sat, 4 Sep 2004 02:10:49 +0200 (CEST) Subject: Anonymizer outsourcing customer data? Message-ID: <20040904001049.51F78117D6@mail.cypherpunks.to> On Tue, 17 Aug 2004, Nomen Nescio wrote: > > They claim they have over 1 million users. Is a class action suit in > > order? Their privacy policy clearly states > > > > "We consider your email address to be confidential information. We will > > never rent, sell, or otherwise reveal it to any other party without prior > > consent, except under the conditions set forth in the User Agreement for > > spamming and related abuses of netiquette, or unless we are compelled to > > do so by court order." > > > > As if that's not bad enough, I emailed their (useless) support about > this and some retarded drone emailed back claiming that the email came > from Anonymizer not lyris.net (even though I pointed out the IP address > in the email belonged to lyris.net). > > *sigh* > Such incompetance :( Oh, look! Anonymizer has fixed the problem in their latest HTML-laden email! Return-Path: See, they >>care< References: <4138A014.74211D00@cdc.gov> Message-ID: <0409040410280.10808@somehost.domainz.com> On Fri, 3 Sep 2004, Major Variola (ret) wrote: > Just heard Clinton's going in the hospital to get a heart. Clinton was a victim of an assassination attempt by junk food. McQaeda, the cardiovascular terrorist organization endangering the Developed World and deemed responsible for millions lives every year, didn't issue a statement yet. From rah at shipwright.com Sat Sep 4 10:44:28 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 4 Sep 2004 11:44:28 -0600 Subject: University Students in California Warned of Possible Identity Theft Message-ID: The Wall Street Journal September 2, 2004 10:03 p.m. EDT University Students in California Warned of Possible Identity Theft Associated Press September 2, 2004 10:03 p.m. LOS ANGELES -- California university officials have warned nearly 600,000 students and faculty that they might be exposed to identity theft following incidents where computer hard drives loaded with their private information were lost or hacked into. Since January, at least 580,000 people who had personal information about them stored in university computers received warnings they might be at risk. The latest instance of missing equipment occurred in June at California State University, San Marcos. An auditor lost a small external hard drive for a laptop computer. Personal data, including names, addresses, Social Security numbers and other identifiers for 23,500 students, faculty and staff in the California State University system were contained on the missing hard drive. At the University of California, San Diego, and San Diego State University, hackers broke into computers and obtained access to files of personal data for more than 500,000 current or former students, applicants, staff, faculty and alumni. Officials from the Cal State system and UC San Diego said they have no evidence any personal data were stolen. At the University of California, Los Angeles, a stolen laptop in June led officials to notify as many as 145,000 blood donors that their data might be in the open. A California law requires people be notified when they might be exposed to identity theft went into in July 2003. Officials say that might explain the rash of notices. "There's no reason to assume that suddenly in July 2003 all these computer security breaches started occurring," said Joanne McNabb of the Office of Privacy Protection in the California Department of Consumer Affairs. "It's just that we know about them now, when we didn't hear before." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From lloyd at randombit.net Sat Sep 4 13:04:22 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Sat, 4 Sep 2004 16:04:22 -0400 Subject: Remailers an unsolveable paradox? In-Reply-To: <2249059d9182de10e58ce8fcf14602e0@dizum.com> References: <2249059d9182de10e58ce8fcf14602e0@dizum.com> Message-ID: <20040904200422.GD8498@acm.jhu.edu> On Sat, Sep 04, 2004 at 09:50:14PM +0200, Nomen Nescio wrote: > Let's take our shining example of truth and freedom, the whistle-blower. > When they send out mail to the media or whomever, one of two things happens: > they see the story published or they don't. If not, there's no idea why: was > it received? Did the media want more information? Did they need more > support? Do they want to verify it? Do they want to help the whistle-blower? > Even if the story is published, whistle-blowing is kneecapped: it can't be > supported, or expanded on, or debated in any but the most rudimentary > fashion. It's easy. The whistleblower says: if you want more info, post your questions encrypted with this PGP key I just generated to alt.test.messages with a subject that contains "Fluffy Bunnies", and I will reply to you. Of course they'll want to trash that key pretty quickly afterward, since it's "proof" that they where the whistleblower. Obviously that is more technical that many journalists could handle, but nothing saying it can't be largely automated with a web frontend stuck on it. And don't most/all remailers support responder blocks? -Jack From mv at cdc.gov Sat Sep 4 18:16:09 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 04 Sep 2004 18:16:09 -0700 Subject: Private GPS tracking Message-ID: <413A68D9.9E38FC1@cdc.gov> GLENDALE, Calif. - Police arrested a man they said tracked his ex-girlfriend's whereabouts by attaching a global positioning system to her car. Ara Gabrielyan, 32, was arrested Aug. 29 on one count of stalking and three counts of making criminal threats. He was being held on $500,000 bail and was to be arraigned Wednesday. "This is what I would consider stalking of the 21st century," police Lt. Jon Perkins said. Police said Gabrielyan tracked the 35-year-old woman, who was not identified, after she ended their relationship, showing up unexpectedly at a book store, an airport and dozens of other places where she was. Police said Gabrielyan attached a cellular phone to the woman's car on Aug. 16 with a motion switch that turned on when the car moved, transmitting a signal each minute to a satellite. Information was then sent to a Web site that allowed Gabrielyan to monitor the woman's location. The woman learned how Gabrielyan was following her when she discovered him under her car attempting to change the cell phone's battery, police said. http://story.news.yahoo.com/news?tmpl=story&cid=519&ncid=718&e=10&u=/ap/20040905/ap_on_re_us/gps_stalking ----- Beslan, coming to a school near you From nobody at dizum.com Sat Sep 4 12:50:14 2004 From: nobody at dizum.com (Nomen Nescio) Date: Sat, 4 Sep 2004 21:50:14 +0200 (CEST) Subject: Remailers an unsolveable paradox? Message-ID: <2249059d9182de10e58ce8fcf14602e0@dizum.com> > We want to be able to provide the means for whistleblowers and > others to communicate in a secure and anonymous fashion. Yet we need > to make sure we're not abused too much since sooner or later laws > will catch up with the remailers should abuse sky-rocket. The ratio of remailer use to abuse is painfully low because there's no way to actually communicate. You can broadcast but not recieve, because no system exists to receive mail psuedononymously. This is not communication. Remailer use is restricted to when senders don't care about listenerssss, which means rants, death threats, and the abuse of spam. The only systems for receiving mail are at best some college student's unimplemented thesis. Let's take our shining example of truth and freedom, the whistle-blower. When they send out mail to the media or whomever, one of two things happens: they see the story published or they don't. If not, there's no idea why: was it received? Did the media want more information? Did they need more support? Do they want to verify it? Do they want to help the whistle-blower? Even if the story is published, whistle-blowing is kneecapped: it can't be supported, or expanded on, or debated in any but the most rudimentary fashion. It doesn't matter if remailers disappear, they've already failed. From jtrjtrjtr2001 at yahoo.com Mon Sep 6 06:22:29 2004 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Mon, 6 Sep 2004 06:22:29 -0700 (PDT) Subject: Vote for nobody In-Reply-To: <20040906035449.39CCFC0B980@tank.mixmaster.it> Message-ID: <20040906132229.56934.qmail@web21207.mail.yahoo.com> hello, the election commision of india had a proposal to the govt. that the voter should be able to vote for 'none of the above'. Though one can predict that such a proposal will never be approved by the government, it makes a lot of sense. Is any other democratic country seriously thinking of implementing such an option? Sarath. __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail From bill.stewart at pobox.com Mon Sep 6 11:26:12 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 06 Sep 2004 11:26:12 -0700 Subject: Vote for nobody In-Reply-To: <20040906165718.GA13437@arion.soze.net> References: <20040906035449.39CCFC0B980@tank.mixmaster.it> <20040906132229.56934.qmail@web21207.mail.yahoo.com> <20040906165718.GA13437@arion.soze.net> Message-ID: <200409061829.i86ITUXT006693@positron.jfet.org> I think the US state of Nevada has "None of the above" as an option, though I'm not sure the implementation of it. The Libertarian Party in the US always has NOTA as a candidate in internal elections, and sometimes NOTA wins and the job goes unfilled until either there's a new election with new candidates or some executive committee appoints somebody. At 09:57 AM 9/6/2004, Justin wrote: >If someone would vote for "none of the above" rather than write in >his/her ideal candidate, that someone is a lazy oaf. Everyone who >writes in a candidate is voting "none of the above." NOTA's a bit different - there may be a large plurality of voters who don't like the major candidates, even if they don't agree on who else they want. In a election where you're voting for a party, like most parliamentary governments use, voting NOTA is telling the parties to run different candidates, so for instance you might want the Labour Party to win but you don't like Tony Blair so you vote NOTA in his home district. In candidate-based elections, you're telling the individual candidates that you don't like them. ---- Bill Stewart bill.stewart at pobox.com From rah at shipwright.com Mon Sep 6 10:52:03 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 6 Sep 2004 11:52:03 -0600 Subject: Spam Spotlight on Reputation Message-ID: EWeek Spam Spotlight on Reputation Spam Spotlight on Reputation September 6, 2004 By Dennis Callaghan As enterprises continue to register Sender Protection Framework records, hoping to thwart spam and phishing attacks, spammers are upping the ante in the war on spam and registering their own SPF records. E-mail security company MX Logic Inc. will report this week that 10 percent of all spam includes such SPF records, which are used to authenticate IP addresses of e-mail senders and stop spammers from forging return e-mail addresses. As a result, enterprises will need to increase their reliance on a form of white-listing called reputation analysis as a chief method of blocking spam. E-mail security appliance developer CipherTrust Inc., of Alpharetta, Ga., also last week released a study indicating that spammers are supporting SPF faster than legitimate e-mail senders, with 38 percent more spam messages registering SPF records than legitimate e-mail. The embrace of SPF by spammers means enterprises' adoption of the framework alone will not stop spam, which developers of the framework have long maintained. Enter reputation analysis. With the technology, authenticated spammers whose messages get through content filters would have reputation scores assigned to them based on the messages they send. Only senders with established reputations would be allowed to send mail to a user's in-box. Many anti-spam software developers already provide such automated reputation analysis services. MX Logic announced last week support for such services. "There's no question SPF is being deployed by spammers," said Dave Anderson, CEO of messaging technology developer Sendmail Inc., in Emeryville, Calif. "Companies have to stop making decisions about what to filter out and start making decisions about what to filter in based on who sent it," Anderson said. The success of reputation lists in organizations will ultimately depend on end users' reporting senders as spammers, Anderson said. "In the system we're building, the end user has the ultimate control," he said. Scott Chasin, chief technology officer of MX Logic, cautioned that authentication combined with reputation analysis services still won't be enough to stop spam. Chasin said anti-spam software vendors need to work together to form a reputation clearinghouse of good sending IP addresses, including those that have paid to be accredited as such. "There is no central clearinghouse at this point to pull all the data that anti-spam vendors have together," said Chasin in Denver. "We're moving toward this central clearinghouse but have to get through authentication first." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ben at algroup.co.uk Mon Sep 6 04:19:24 2004 From: ben at algroup.co.uk (Ben Laurie) Date: Mon, 06 Sep 2004 12:19:24 +0100 Subject: Remailers an unsolveable paradox? In-Reply-To: References: Message-ID: <413C47BC.3020708@algroup.co.uk> Tyler Durden wrote: > The hascash idea is OK, and obviously will work (as of now...the > dividing line between human and machine is clearly not static, and > smarter spam operations will start doing some segmentation analysis and > then find it worthwhile to pay up). But the kind of person that may have > legitimate need of a remailer may not understand and/or trust what would > probably be necessary to use hashcash. And OK "that's their tough luck", > but then I always feel there's safety in numbers. Since you already have to use a special client to inject email to the remailer network, they would have no need to understand hashcash. It would just happen. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From bill.stewart at pobox.com Mon Sep 6 12:53:54 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 06 Sep 2004 12:53:54 -0700 Subject: Remailers an unsolvable paradox? In-Reply-To: <3891e44b4d78f79a4867c856a3893ddf@dizum.com> References: <3891e44b4d78f79a4867c856a3893ddf@dizum.com> Message-ID: <200409061956.i86JujZi014154@positron.jfet.org> There are several different types of problem messages, and some are easier to avoid than others. - Spam - Harassing messages sent to remailer users - Harassing messages sent to mundanes to annoy the mundane - Harassing messages sent to mundanes to get the remailer in trouble - Harassing messages sent to third-parties (e.g. sending Bob slander about Alice.) - Forged messages - Usenet flamebait Two of the things I never built back when I was running a remailer could have helped this problem - Encrypted-sending only. Sure, you want to only accept encrypted messages to preserve privacy, but if you require outgoing messages to be encrypted, you not only protect privacy, you eliminate most of the spam, except for spam that's sent to people with easily-located public keys. Sadly, that's a small set of people, but it's also tougher for harvester programs, and it's a set of people less likely to buy from spammers. This also significantly reduces harassment potential. Most crypto users are more likely to understand remailers, or at least to read the "this is a remailer" headers. It's possible for harassers to work around this, if you're verifying encryption just by syntax, but it's a good start: ----- BEGIN PGP ENCRYPTED STUFF Alice - your mother was a hamster and your father smells of elderberries. And your hovercraft is full of eels. Bob ----- END PGP ENCRYPTED STUFF --- - Recipient permission for outbound remailers - have the remailer ask for permission before sending somebody mail, and optionally store addresses (or hashes of addresses) of people who want to accept remailed messages in the future (obviously including other remailers in that list.) So instead of sending the message directly, you send "Subject: You've received an anonymous message #1234567 You've received an anonymous message at (foo-remailer) It may be from someone you know, or may be a forgery or spam (explain remailers blah blah blah) If you'd like to pick up the message, reply to this message. If you don't want it, just ignore this message. If you'd like us to never bother you again, reply with Subject: BLOCK If you'd like to automatically receive all remailer messages in the future, reply with Subject: SUBSCRIBE (and/or provide web URL interfaces for these functions.) Even if the remailed mail is spam or harassment, it starts out with getting permission from the recipient and building a positive relationship and some understanding of what's going on. It also means that if somebody who doesn't care about remailers gets spam or harassing mail, they don't have to get it more than once. Bill Stewart bill.stewart at pobox.com From justin-cypherpunks at soze.net Mon Sep 6 09:57:18 2004 From: justin-cypherpunks at soze.net (Justin) Date: Mon, 6 Sep 2004 16:57:18 +0000 Subject: Vote for nobody In-Reply-To: <20040906132229.56934.qmail@web21207.mail.yahoo.com> References: <20040906035449.39CCFC0B980@tank.mixmaster.it> <20040906132229.56934.qmail@web21207.mail.yahoo.com> Message-ID: <20040906165718.GA13437@arion.soze.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2004-09-06T06:22:29-0700, Sarad AV wrote: > > the election commision of india had a proposal to the > govt. that the voter should be able to vote for 'none > of the above'. Though one can predict that such a > proposal will never be approved by the government, it > makes a lot of sense. Is any other democratic country > seriously thinking of implementing such an option? If someone would vote for "none of the above" rather than write in his/her ideal candidate, that someone is a lazy oaf. Everyone who writes in a candidate is voting "none of the above." The 50% of the U.S. population which doesn't vote is also voting "none of the above" in a way. There's a difference in that some non-voters may slightly prefer one candidate over another, but _assuming that everyone has an ideal candidate_ they'd be willing to go to the polls for, not voting is the same as saying all the candidates are significantly less than the ideal. - -- "When in our age we hear these words: It will be judged by the result--then we know at once with whom we have the honor of speaking. Those who talk this way are a numerous type whom I shall designate under the common name of assistant professors." -- Kierkegaard, Fear and Trembling (Wong tr.), III, 112 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBPJbunH0ZJUVoUkMRAgGkAJ4k4tdjeAQ99GfccGpFWaxSNJlhHACgnjFp xvPFAlzIQeMLmRQ7/PfSZiE= =jcfW -----END PGP SIGNATURE----- From will at memefeeder.com Mon Sep 6 10:25:05 2004 From: will at memefeeder.com (Will Morton) Date: Mon, 06 Sep 2004 18:25:05 +0100 Subject: Vote for nobody In-Reply-To: <20040906165718.GA13437@arion.soze.net> References: <20040906035449.39CCFC0B980@tank.mixmaster.it> <20040906132229.56934.qmail@web21207.mail.yahoo.com> <20040906165718.GA13437@arion.soze.net> Message-ID: <413C9D71.3050302@memefeeder.com> Justin wrote: >On 2004-09-06T06:22:29-0700, Sarad AV wrote: > > >>the election commision of india had a proposal to the >>govt. that the voter should be able to vote for 'none >>of the above'. Though one can predict that such a >>proposal will never be approved by the government, it >>makes a lot of sense. Is any other democratic country >>seriously thinking of implementing such an option? >> >> > > >If someone would vote for "none of the above" rather than write in >his/her ideal candidate, that someone is a lazy oaf. Everyone who >writes in a candidate is voting "none of the above." > >The 50% of the U.S. population which doesn't vote is also voting "none >of the above" in a way. There's a difference in that some non-voters >may slightly prefer one candidate over another, but _assuming that >everyone has an ideal candidate_ they'd be willing to go to the polls >for, not voting is the same as saying all the candidates are >significantly less than the ideal. > > The difference being that in a system such as Sarad describes, if 'None of the above' gets more votes than any candidate, the election is declared void and a re-election is called (possibly excluding any of the candidates from the first round, depending on the details); hence, the 50% of the population who think 'they're all fvckers' have a reason to go to the polls. I've experienced such a system in action (within a student body) and it works well, provided you like your democracy to be loud and participatory. For this reason it's unlikely to be implemented by an incumbent government, though I guess it's possible an uber-populist like Chavez or Lula might consider it. W From njohnsn at njohnsn.com Mon Sep 6 16:35:26 2004 From: njohnsn at njohnsn.com (Neil Johnson) Date: Mon, 6 Sep 2004 18:35:26 -0500 Subject: Test - Ignore. Message-ID: <200409061835.26790.njohnsn@njohnsn.com> Test. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From rah at shipwright.com Mon Sep 6 19:52:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 6 Sep 2004 20:52:39 -0600 Subject: Maths holy grail could bring disaster for internet Message-ID: The Guardian Maths holy grail could bring disaster for internet Two of the seven million dollar challenges that have baffled for more than a century may be close to being solved Tim Radford, science editor Tuesday September 7, 2004 The Guardian Mathematicians could be on the verge of solving two separate million dollar problems. If they are right - still a big if - and somebody really has cracked the so-called Riemann hypothesis, financial disaster might follow. Suddenly all cryptic codes could be breakable. No internet transaction would be safe. On the other hand, if somebody has already sorted out the so-called Poincari conjecture, then scientists will understand something profound about the nature of spacetime, experts told the British Association science festival in Exeter yesterday. Both problems have stood for a century or more. Each is almost dizzyingly arcane: the problems themselves are beyond simple explanation, and the candidate answers published on the internet are so intractable that they could baffle the biggest brains in the business for many months. They are two of the seven "millennium problems" and four years ago the Clay Mathematics Institute in the US offered $1m (#563,000) to anyone who could solve even one of these seven. The hypothesis formulated by Georg Friedrich Bernhard Riemann in 1859, according to Marcus du Sautoy of Oxford University, is the holy grail of mathematics. "Most mathematicians would trade their soul with Mephistopheles for a proof," he said. The Riemann hypothesis would explain the apparently random pattern of prime numbers - numbers such as 3, 17 and 31, for instance, are all prime numbers: they are divisible only by themselves and one. Prime numbers are the atoms of arithmetic. They are also the key to internet cryptography: in effect they keep banks safe and credit cards secure. This year Louis de Branges, a French-born mathematician now at Purdue University in the US, claimed a proof of the Riemann hypothesis. So far, his colleagues are not convinced. They were not convinced, years ago, when de Branges produced an answer to another famous mathematical challenge, but in time they accepted his reasoning. This time, the mathematical community remains even more sceptical. "The proof he has announced is rather incomprehensible. Now mathematicians are less sure that the million has been won," Prof du Sautoy said. "The whole of e-commerce depends on prime numbers. I have described the primes as atoms: what mathematicians are missing is a kind of mathematical prime spectrometer. Chemists have a machine that, if you give it a molecule, will tell you the atoms that it is built from. Mathematicians haven't invented a mathematical version of this. That is what we are after. If the Riemann hypothesis is true, it won't produce a prime number spectrometer. But the proof should give us more understanding of how the primes work, and therefore the proof might be translated into something that might produce this prime spectrometer. If it does, it will bring the whole of e-commerce to its knees, overnight. So there are very big implications." The Poincari conjecture depends on the almost mind-numbing problem of understanding the shapes of spaces: mathematicians call it topology. Bernhard Riemann and other 19th century scholars wrapped up the mathematical problems of two-dimensional surfaces of three dimensional objects - the leather around a football, for instance, or the distortions of a rubber sheet. But Henri Poincari raised the awkward question of objects with three dimensions, existing in the fourth dimension of time. He had already done groundbreaking work in optics, thermodynamics, celestial mechanics, quantum theory and even special relativity and he almost anticipated Einstein. And then in 1904 he asked the most fundamental question of all: what is the shape of the space in which we live? It turned out to be possible to prove the Poincari conjecture in unimaginable worlds, where objects have four or five or more dimensions, but not with three. "The one case that is really of interest because it connects with physics, is the one case where the Poincari conjecture hasn't been solved," said Keith Devlin, of Stanford University in California. In 2002 a Russian mathematician called Grigori Perelman posted the first of a series of internet papers. He had worked in the US, and was known to American mathematicians before he returned to St Petersburg. His proof - he called it only a sketch of a proof - was very similar in some ways to that of Fermat's last theorem, cracked by the Briton Andrew Wiles in the last decade. Like Wiles, Perelman is claiming to have proved a much more complicated general problem and in the course of it may have solved a special one that has tantalised mathematicians for a century. But his papers made not a single reference to Poincari or his conjecture. Even so, mathematicians the world over understood that he tackled the essential challenge. Once again the jury is still out: this time, however, his fellow mathematicians believe he may be onto something big. The plus: the multidimensional topology of space in three dimensions will seem simple at last and a million dollar reward will be there for the asking. The minus: the solver does not claim to have found a solution, he doesn't want the reward, and he certainly doesn't want to talk to the media. "There is good reason to think the kind of approach Perelman is taking is correct. However there are some problems. He is very reclusive, won't talk to the press, has shown no indication of publishing this as a paper, which you would have to do if you wanted to get the prize from the Clay Institute, and has shown no interest in the prize whatsoever," Dr Devlin said. "Has it been proved? We don't know. We have good reason to assume it has been and within the next 12 months, in the inner core of experts in differential geometry, which is the field we are speaking about, people will start to say, yes, OK, this looks right. But there is not going to be a golden moment." The implications of a proof of the Poincari conjecture would be enormous, but like the problem itself, very difficult to explain, he said. "It can't fail to have huge ramifications: not only the result, but the methods as well. At that level of abstraction, that level of connection, so much can follow. Differential geometry is the subject that is really underneath understanding everything about space and spacetime." Seven baffling pillars of wisdom 1 Birch and Swinnerton-Dyer conjecture Euclid geometry for the 21st century, involving things called abelian points and zeta functions and both finite and infinite answers to algebraic equations 2 Poincari conjecture The surface of an apple is simply connected. But the surface of a doughnut is not. How do you start from the idea of simple connectivity and then characterise space in three dimensions? 3 Navier-Stokes equation The answers to wave and breeze turbulence lie somewhere in the solutions to these equations 4 P vs NP problem Some problems are just too big: you can quickly check if an answer is right, but it might take the lifetime of a universe to solve it from scratch. Can you prove which questions are truly hard, which not? 5 Riemann hypothesis Involving zeta functions, and an assertion that all "interesting" solutions to an equation lie on a straight line. It seems to be true for the first 1,500 million solutions, but does that mean it is true for them all? 6 Hodge conjecture At the frontier of algebra and geometry, involving the technical problems of building shapes by "gluing" geometric blocks together 7 Yang-Mills and Mass gap A problem that involves quantum mechanics and elementary particles. Physicists know it, computers have simulated it but nobody has found a theory to explain it -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From hadmut at danisch.de Mon Sep 6 15:15:33 2004 From: hadmut at danisch.de (Hadmut Danisch) Date: Tue, 7 Sep 2004 00:15:33 +0200 Subject: Spam Spotlight on Reputation In-Reply-To: References: Message-ID: <20040906221533.GA29063@danisch.de> On Mon, Sep 06, 2004 at 11:52:03AM -0600, R. A. Hettinga wrote: > > E-mail security company MX Logic Inc. will report this week that 10 percent > of all spam includes such SPF records, I have mentioned this problem more than a year ago in context of my RMX draft (SPF, CallerID and SenderID are based on RMX). Interestingly, nobody really cared about this major security problem. All RMX-derivatives block forged messages (more or less). But what happens if the attacker doesn't forge? That's a hard problem. And a problem known from the very beginning of the sender verifikation discussion. The last 17 month of work in ASRG (Anti Spam Research Group, IRTF) and MARID (Mail authorization records in DNS, IETF) are an excellent example of how to not design security protocols. This was all about marketing, commercial interests, patent claims, giving interviews, spreading wrong informations, underminding development, propaganda. It completely lacked proper protocol design, a precise specification of the attack to defend against, engineering of security mechanisms. It was a kind of religious war. And while people were busy with religious wars, spammers silently realized that this is not a real threat to spam. Actually, it sometimes was quite the opposite: I was told of some cases where MTAs were configured to run every mail through spam assassin. Spam assassin assigns a message a higher score if the sender had a valid SPF record. Since most senders with valid recors were the spammers, spam received a higher score than plain mail, which is obviously the opposite of security. People spent more time in marketing and public relations than in problem analysis and verifikation of the solution. That's the result. What can we learn from this? Designing security protocols requires a certain level of security skills and discipline in what you want to achieve. Although RMX/SPF/CallerID/SenderID does not make use of cryptography, similar problems can be sometimes found in context of cryptography. Knowing security primitives is not enough, you need to know how to assemble them to a security mechanism. Good lectures are given about the mathematical aspects of cryptography. But are there lectures about designing security protocols? I don't know of any yet. And there is a new kind of attack: Security protocols themselves can be hijacked and raped by patent claims. regards Hadmut From sunder at sunder.net Tue Sep 7 02:53:08 2004 From: sunder at sunder.net (Sunder) Date: Tue, 7 Sep 2004 05:53:08 -0400 (edt) Subject: stegedetect - looks like "we" need better mice Message-ID: http://freshmeat.net/projects/stegdetect/?branch_id=52957&release_id=172055 http://www.outguess.org/detection.php Steganography Detection with Stegdetect Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are * jsteg, * jphide (unix and windows), * invisible secrets, * outguess 01.3b, * F5 (header analysis), * appendX and camouflage. Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b. Stegdetect and Stegbreak have been developed by Niels Provos. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- From measl at mfn.org Tue Sep 7 04:50:16 2004 From: measl at mfn.org (J.A. Terranson) Date: Tue, 7 Sep 2004 06:50:16 -0500 (CDT) Subject: Gilmore case: CNN Message-ID: <20040907064925.S12515@ubzr.zsa.bet> http://www.cnn.com/2004/LAW/09/06/airline.id.ap/index.html Government wants ID arguments secret Monday, September 6, 2004 Posted: 4:07 PM EDT (2007 GMT) SAN FRANCISCO, California (AP) -- The U.S. Department of Justice has asked an appellate court to keep its arguments secret for a case in which privacy advocate John Gilmore is challenging federal requirements to show identification before boarding an airplane. A federal statute and other regulations "prohibit the disclosure of sensitive security information, and that is precisely what is alleged to be at issue here," the government said in court papers filed Friday with the U.S. Ninth Circuit Court of Appeals. Disclosing the restricted information "would be detrimental to the security of transportation," the government wrote. Attorneys for Gilmore, a 49-year-old San Francisco resident who co-founded the Electronic Frontier Foundation, a civil liberties group, said they don't buy the government's argument and that its latest request raises only more questions. "We're dealing with the government's review of a secret law that now they want a secret judicial review for," one of Gilmore's attorneys, James Harrison, said in a phone interview Sunday. "This administration's use of a secret law is more dangerous to the security of the nation than any external threat." Gilmore first sued the government and several airlines in July 2002 after airline agents refused to let him board planes in San Francisco and Oakland without first showing an ID or submitting to a more intense search. He claimed in his lawsuit the ID requirement was vague and ineffective and violated his constitutional protections against illegal searches and seizures. A U.S. District Court judge earlier this year dismissed his claims against the airlines, but said his challenge to the government belonged in a federal appellate court. Now in his appellate case, Gilmore maintains the federal government has yet to disclose the regulations behind the ID requirement to which he was subjected. "How are people supposed to follow laws if they don't know what they are?" Harrison said. The government contends its court arguments should be sealed from public view and heard before a judge outside the presence of Gilmore and his attorneys. The government, however, said it would plan to file another redacted public version of its arguments. A date for a hearing on the matter has not yet been set. From rah at shipwright.com Tue Sep 7 06:41:52 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 7 Sep 2004 07:41:52 -0600 Subject: Digital content spurs micropayments resurgence Message-ID: Digital content spurs micropayments resurgence By Matt Hines CNET News.com September 7, 2004, 4:00 AM PT URL: http://zdnet.com.com/2100-1104-5347513.html Think small. With its meteoric rise to success, Apple Computer's iTunes digital music service not only changed perceptions about whether consumers were willing to pay for online content, but it also highlighted the rising promise of micropayments. On Tuesday, 2-year-old BitPass, a payment company in Palo Alto, Calif., is expected to announce $11.75 million in venture capital, along with the news that former American Express Chairman James Robinson III will join its board of directors. Robinson is also a partner in one of the firms investing in BitPass, New York-based RRE Ventures. News.context What's new: The success of digital music sales has purveyors of micropayment services humming a happy tune. Bottom line:Micropayments have failed to become a macro-business, but the increasing popularity of digital content could bring a cloudburst of pennies from heaven. More stories on micropayments While credit card companies and online transaction specialists like PayPal are ringing up bigger sales online, business models aimed at helping e-commerce vendors facilitate smaller deals, or micropayments, are getting a boost from digital content sales. If this sounds familiar, it should. But the so-called Internet currency vendors of the dot-com era, companies including Beenz, Flooz and DigiCash, failed to generate enough business fostering micropayments to survive. Fast-forward a few years, and news that iTunes topped 125 million downloads last week is more evidence that digital content may hold the key to unlocking the low end of e-commerce. Micropayments are typified by the 99 cents that iTunes charges to download a song or the $2.99 users might see on their Cingular Wireless phone bills after buying a custom ring tone. According to recent research published by TowerGroup, the total market for Internet and wireless micropayments, led by demand for digital content, will increase by 23 percent annually over the next five years to reach $11.5 billion by 2009. TowerGroup, based in Needham, Mass., charted the micropayments market at just over $2 billion in 2003. Bruce Cundiff, an analyst with Jupiter Research, thinks the e-commerce market is in its third or fourth wave of development of micropayment technologies. The success of iTunes, coupled with continued growth of broadband, will make digital content the catalyst that pushes the sector forward rapidly, Cundiff said. "What it comes down to is that there simply must be a viable transaction model for smaller-cost products to make a dollar off e-commerce sales, but I think with what we've seen already in digital media, it's clear that people are figuring out how to make it work," Cundiff said. Tuning up for takeoff Web shoppers have historically preferred to pay with credit cards. But because credit card companies typically charges fees for processing and customer service on every transaction, credit cards can be an extremely inefficient way of making a small purchase, with the fees often eating most of the profit margin. Still consumers have begun to get used to the idea of buying small items over the Net. Growth of the digital content market seems almost a certainty, based on the projected expansion of segments including music services, Internet publishing, and applications for mobile devices, such as custom ring tones or games. Cambridge, Mass., analyst firm Forrester Research has predicted that music downloads alone will become a $1.4 billion business by 2006, accounting for nearly 10 percent of annual music sales in the United States. Jupiter Research estimates that revenue from online content will reach $3.1 billion by 2009, driven by an increasing number of broadband-ready homes spending money on Web-based music services, games and e-books, among other things. Industry experts agree that iTunes deserves a lot of the credit for opening consumers' eyes to the option of buying online in micro-size increments, and most seem to feel that digital content will continue to dominate the market for small Web-based transactions. "Micropayments don't just represent buying low-priced items. They can also can be used to get people to test new products, or try out a service that charges a lot more for a subscription." --analyst Nick Holland, Mercator Advisory Group According to Nick Holland, an analyst with Shrewsbury, Mass.-based Mercator Advisory Group, growth of the micropayments market will be almost completely dependent on music, ring tones and games, specifically, at least for the next several years. The analyst estimates that such content will constitute a $2.3 billion market in the United States this year alone, and while Holland said subscriptions will remain consumers' favorite method of payment for digital content, wider use of micropayments will increase opportunities for vendors to lure new customers. "Micropayments don't just represent buying low-priced items," Holland said. "They can also be used to get people to test new products, or try out a service that charges a lot more for a subscription. There's certainly demand for downloads, ring tones and pay-as-you-go gaming, but it remains to be seen how profitable this market can be using micropayments." For officials at eBay's online transaction subsidiary, PayPal--who say the company is already handling millions of low-dollar transactions--it is clear that digital content represents the most promising opportunity for immediate growth in micropayments. Peter Ashley, director of business development for San Jose, Calif.-based PayPal, believes that with iTunes, Apple drew up a template that many other companies will try to emulate. "Once there is ability for more companies to facilitate smaller charges, going as far down as pennies, nickels and dimes, without incurring the same sort of credit card transaction fees you see today, new businesses will open that simply could not exist in the past," Ashley said. The executive envisions transaction systems soon allowing e-commerce companies to process any transaction, no matter how small, letting people creating new kinds of digital content, such as games or ring tones, to more profitably market their wares. Ashley said that PayPal's role as an established leader in online transaction processing will give it the ability to watch other firms test the waters with different micropayment systems before it begins more actively pursuing the market. PayPal parent eBay is already piloting a program that lets a select group of people auction digital music via its site, a test which could illustrate how profitable it can be for individuals or smaller companies to execute the smaller deals inherent to digital music sales. "We've already had to develop a unique product for the music pilot, and we're excited about seeing other areas of the market develop," said Ashley. "The opportunity is huge, say, if you consider how many wireless customers there are out there. You get an idea of how significant the demand for content like ring tones or screen savers could become." How the deal is won The biggest question facing the micropayments market is just what method of transaction will appeal to consumers while allowing vendors to slice out enough profit to keep small-ticket sales lucrative. Apple has admitted that iTunes is not a major source of revenue. It works primarily as a sales tool for its iPod digital music players. Apple does a majority of its business with credit cards but also offers payments methods ranging from stored-value accounts to gift certificates. But smaller companies looking to build their core businesses around marketing digital content must have alternatives to credit cards--including subscriptions, prepaid accounts, merchant charge aggregation and direct-to-bill. In the wireless sector, direct-to-bill is expected to continue to lead. Mobile-service providers encourage customers to download content onto their devices, with the cost added to their wireless bills. Subscriptions remain preferable for content providers in other areas because they allow companies to more easily digest credit card transaction fees, because monthly or annual fees are typically larger transactions. "Subscriptions are what every vendor wants to sell, but you have to start somewhere with the consumer, and the other types of micropayments can allow companies to do get in the door with buyers," said Mercator's Holland. "A lot of content companies are going to look at micropayments as a stepping stone to future subscriptions." ""That first wave of payment technologies, the currency companies especially, were too early in the development of e-commerce to succeed." --BitPass CEO Michael O'Donnell Among the vendors vying for a place on the micropayments landscape with alternative payment technologies are firms including BitPass and Peppercoin, which are taking markedly different approaches to the sector. Peppercoin serves as a micropayment transaction aggregator that helps vendors save money on credit card charges, while BitPass markets stored-credit accounts and transaction processing to help facilitate both buyers and sellers. BitPass' system works much like the prepaid calling cards you can buy at many convenience stores. Customers put money into debit accounts and can use the funds at any site affiliated with the company. Vendors can begin accepting the BitPass cards simply by downloading a free software client provided by the company. "That first wave of payment technologies, the currency companies especially, were too early in the development of e-commerce to succeed, and the content companies weren't ready to handle it either," said Michael O'Donnell, chief executive of BitPass. "We're seeing an online payment evolution moving from free content, to subscriptions, and now per-item sales, with the options for vendors and consumers growing quickly." At Peppercoin, the emphasis is placed squarely on e-commerce vendors. The Waltham, Mass., company acts as a proxy between vendors and credit card companies, allowing its users to aggregate their small-value transactions into larger bills to cut down on the fees charged them by the credit card companies themselves. Peppercoin signed a deal with the Smithsonian Institute last year to help the organization begin marketing music files stored in its archives on a per-song basis. The organization had previously struggled to do so, based on the percentage of its income that was in turn headed back out to the credit companies in the form of transaction fees. According to Rob Carney, vice president of marketing at Peppercoin, increased demand for digital content is driving short-term growth of micropayments, but the potential for the market is far greater. "Online digital content sales, specifically for music, are generating more attention for micropayments than ever before, but it makes sense, because what are you going to sell for dollars online that you have to pay to ship?" Carney said. "Digital content is leading the way, but it's really just the thin edge of the wedge when you consider the possibilities in the physical world as well." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Tue Sep 7 08:30:48 2004 From: jamesd at echeque.com (James A. Donald) Date: Tue, 07 Sep 2004 08:30:48 -0700 Subject: Remailers an unsolveable paradox? In-Reply-To: <2249059d9182de10e58ce8fcf14602e0@dizum.com> Message-ID: <413D71B8.13109.432BAD32@localhost> -- On 4 Sep 2004 at 21:50, Nomen Nescio wrote: > The ratio of remailer use to abuse is painfully low because > there's no way to actually communicate. You can broadcast but > not recieve, because no system exists to receive mail > psuedononymously. This is not communication. > > Remailer use is restricted to when senders don't care about > listenerssss, which means rants, death threats, and the abuse > of spam. The only systems for receiving mail are at best some > college student's unimplemented thesis. alt.anonymous.messages provides a channel for people who wish to receive messages without themselves being identified. If I want to receive a message without providing and email address that can be traced, I ask the recipient to post in in the newsgroups such as alt.anonymous.messages. For obvious reasons people who read alt.anonymous.messages, or think they might need to read it in the future, download the newsgroup in its entireity. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fzparMQ1YGMHFGGQ4eabvrdbfX3oQPnGSeUNNkuX 4UV3sPQUJdBwqav34D5pBXRBNtLg+GX5dxE+YM5P8 From chuckw at quantumlinux.com Tue Sep 7 08:55:53 2004 From: chuckw at quantumlinux.com (Chuck Wolber) Date: Tue, 7 Sep 2004 08:55:53 -0700 (PDT) Subject: Gilmore case...Who can make laws? In-Reply-To: References: Message-ID: On Tue, 7 Sep 2004, Tyler Durden wrote: > This describes the "Government" as creating secret laws. But, > theoretically, only the congress and the Senate can create new laws, > correct? The Executive branch has never been empowered to create laws, > and I'm thinking these travel laws did not go through congress or the > senate. Well, there's the "Executive Order", as well as the fact that many organizations are empowered to create "policy". Although policy is not specifically law, it may as well be. I am curious though: 1) Can the laws that grant policy making privileges be themselves secret? 2) Are policy making privilege laws restricted within a certain scope (within a specific organization)? 3) Are all *SIGNED* executive orders publically available? -Chuck -- http://www.quantumlinux.com Quantum Linux Laboratories, LLC. ACCELERATING Business with Open Technology "The measure of the restoration lies in the extent to which we apply social values more noble than mere monetary profit." - FDR From crawdad at fnal.gov Tue Sep 7 07:29:49 2004 From: crawdad at fnal.gov (Matt Crawford) Date: Tue, 07 Sep 2004 09:29:49 -0500 Subject: Maths holy grail could bring disaster for internet In-Reply-To: References: Message-ID: <601F1C0F-00DA-11D9-8C23-000A95A0BF96@fnal.gov> On Sep 6, 2004, at 21:52, R. A. Hettinga wrote: > But the proof should give us more understanding of how the > primes work, and therefore the proof might be translated into something > that might produce this prime spectrometer. If it does, it will bring > the > whole of e-commerce to its knees, overnight. So there are very big > implications." This would be a good thing. Because to rebuild the infrastructure based on symmetric crypto would bring the trusted third party (currently the CA) out of the shadows and into the light. From measl at mfn.org Tue Sep 7 08:30:15 2004 From: measl at mfn.org (J.A. Terranson) Date: Tue, 7 Sep 2004 10:30:15 -0500 (CDT) Subject: Gilmore case...Who can make laws? In-Reply-To: References: Message-ID: <20040907102824.M12515@ubzr.zsa.bet> On Tue, 7 Sep 2004, Tyler Durden wrote: > Hum. Another wrinkle in this thing occurred to me here, though I'm sure > various Cypherpunks will (rightly) declare me naive. > > This describes the "Government" as creating secret laws. But, theoretically, > only the congress and the Senate can create new laws, correct? Incorrect. There are serveral backdoors. The POTUS can issue a Presidential Finding, and said "finding" effectively creates a "law". The SCOTUS can make laws as well, also by issuing findings, although they are then called "decisions" :-/ -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From sunder at sunder.net Tue Sep 7 07:41:53 2004 From: sunder at sunder.net (Sunder) Date: Tue, 7 Sep 2004 10:41:53 -0400 (edt) Subject: Maths holy grail could bring disaster for internet In-Reply-To: <601F1C0F-00DA-11D9-8C23-000A95A0BF96@fnal.gov> References: <601F1C0F-00DA-11D9-8C23-000A95A0BF96@fnal.gov> Message-ID: Forgive my ignorance, but would other PK schemes that don't rely on prime numbers such as Elliptic Curve be affected? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Tue, 7 Sep 2004, Matt Crawford wrote: > On Sep 6, 2004, at 21:52, R. A. Hettinga wrote: > > This would be a good thing. Because to rebuild the infrastructure > based on symmetric crypto would bring the trusted third party > (currently the CA) out of the shadows and into the light. From camera_lumina at hotmail.com Tue Sep 7 08:11:47 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 07 Sep 2004 11:11:47 -0400 Subject: Gilmore case...Who can make laws? Message-ID: Hum. Another wrinkle in this thing occurred to me here, though I'm sure various Cypherpunks will (rightly) declare me naive. This describes the "Government" as creating secret laws. But, theoretically, only the congress and the Senate can create new laws, correct? The Executive branch has never been empowered to create laws, and I'm thinking these travel laws did not go through congress or the senate. So not only are these laws secret, they emanate from a body that is not empowered to make laws within the US. Is there a precedent, or perhaps because the "War on Terror" must be waged everywhere, the Commander in Chief can claim the right to make new domestic laws as a function of his wartime leadership. -TD >From: "J.A. Terranson" >To: "cypherpunks at al-qaeda.net" >Subject: Gilmore case: CNN >Date: Tue, 7 Sep 2004 06:50:16 -0500 (CDT) > >http://www.cnn.com/2004/LAW/09/06/airline.id.ap/index.html > > >Government wants ID arguments secret >Monday, September 6, 2004 Posted: 4:07 PM EDT (2007 GMT) > > >SAN FRANCISCO, California (AP) -- The U.S. Department of Justice has asked >an appellate court to keep its arguments secret for a case in which >privacy advocate John Gilmore is challenging federal requirements to show >identification before boarding an airplane. > >A federal statute and other regulations "prohibit the disclosure of >sensitive security information, and that is precisely what is alleged to >be at issue here," the government said in court papers filed Friday with >the U.S. Ninth Circuit Court of Appeals. Disclosing the restricted >information "would be detrimental to the security of transportation," the >government wrote. > >Attorneys for Gilmore, a 49-year-old San Francisco resident who co-founded >the Electronic Frontier Foundation, a civil liberties group, said they >don't buy the government's argument and that its latest request raises >only more questions. > >"We're dealing with the government's review of a secret law that now they >want a secret judicial review for," one of Gilmore's attorneys, James >Harrison, said in a phone interview Sunday. "This administration's use of >a secret law is more dangerous to the security of the nation than any >external threat." > >Gilmore first sued the government and several airlines in July 2002 after >airline agents refused to let him board planes in San Francisco and >Oakland without first showing an ID or submitting to a more intense >search. He claimed in his lawsuit the ID requirement was vague and >ineffective and violated his constitutional protections against illegal >searches and seizures. > >A U.S. District Court judge earlier this year dismissed his claims against >the airlines, but said his challenge to the government belonged in a >federal appellate court. > >Now in his appellate case, Gilmore maintains the federal government has >yet to disclose the regulations behind the ID requirement to which he was >subjected. > >"How are people supposed to follow laws if they don't know what they are?" >Harrison said. > >The government contends its court arguments should be sealed from public >view and heard before a judge outside the presence of Gilmore and his >attorneys. The government, however, said it would plan to file another >redacted public version of its arguments. > >A date for a hearing on the matter has not yet been set. _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From camera_lumina at hotmail.com Tue Sep 7 08:22:28 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 07 Sep 2004 11:22:28 -0400 Subject: stegedetect & Variola's Suitcase Message-ID: So here's the 'obvious' question: How fast can dedicated hardware run if it were a dedicated Stegedetect processor? In other words, how easy would it be for NSA, et al to scan 'every' photo on the internet for Stego traces? (And then, every photo being emailed?) And then, how fast can someone write a worm that will make every photo stored on a harddrive look like it's been stegoed? -TD >From: Sunder >To: cypherpunks at al-qaeda.net >Subject: stegedetect - looks like "we" need better mice >Date: Tue, 7 Sep 2004 05:53:08 -0400 (edt) > >http://freshmeat.net/projects/stegdetect/?branch_id=52957&release_id=172055 > >http://www.outguess.org/detection.php > >Steganography Detection with Stegdetect >Stegdetect is an automated tool for detecting steganographic content in >images. It is capable of detecting several different steganographic >methods to embed hidden information in JPEG images. Currently, the >detectable schemes are > > * jsteg, > * jphide (unix and windows), > * invisible secrets, > * outguess 01.3b, > * F5 (header analysis), > * appendX and camouflage. > >Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide >and OutGuess 0.13b. > >Stegdetect and Stegbreak have been developed by Niels Provos. > > >----------------------Kaos-Keraunos-Kybernetos--------------------------- > + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ > \|/ :They never stop thinking about new ways to harm our country /\|/\ ><--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ > /|\ : \|/ > + v + : War is Peace, freedom is slavery, Bush is President. >------------------------------------------------------------------------- _________________________________________________________________ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx From meadows at itd.nrl.navy.mil Tue Sep 7 08:29:56 2004 From: meadows at itd.nrl.navy.mil (Catherine Meadows) Date: Tue, 7 Sep 2004 11:29:56 -0400 Subject: No subject Message-ID: Paul: The IETF has been discussing setting up a working group for anonymous IPSec. They will have a BOF at the next IETF in DC in November. They're also setting up a mailing list you might be interested in if you haven't heard about it already. Information is below. At 10:08 PM -0700 9/6/04, Joe Touch wrote: >Hi, all, > >To follow-up on related presentations at both SAAG and TCPM, we've >created a mailing list for discussions of anonymous security. > >Further information on the list and how to join it, as well as >pointers to related resources can be found at: > > http://www.postel.org/anonsec > >The mailing list address is: anonsec at postel.org > >Joe > Cathy ----- End forwarded message ----- _______________________________________________ NymIP-res-group mailing list NymIP-res-group at nymip.org http://www.nymip.org/mailman/listinfo/nymip-res-group --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From meadows at itd.nrl.navy.mil Tue Sep 7 08:29:56 2004 From: meadows at itd.nrl.navy.mil (Catherine Meadows) Date: Tue, 7 Sep 2004 11:29:56 -0400 Subject: No subject Message-ID: Paul: The IETF has been discussing setting up a working group for anonymous IPSec. They will have a BOF at the next IETF in DC in November. They're also setting up a mailing list you might be interested in if you haven't heard about it already. Information is below. At 10:08 PM -0700 9/6/04, Joe Touch wrote: >Hi, all, > >To follow-up on related presentations at both SAAG and TCPM, we've >created a mailing list for discussions of anonymous security. > >Further information on the list and how to join it, as well as >pointers to related resources can be found at: > > http://www.postel.org/anonsec > >The mailing list address is: anonsec at postel.org > >Joe > Cathy ----- End forwarded message ----- _______________________________________________ NymIP-res-group mailing list NymIP-res-group at nymip.org http://www.nymip.org/mailman/listinfo/nymip-res-group --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Tue Sep 7 11:30:08 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 07 Sep 2004 11:30:08 -0700 Subject: stegedetect & Variola's Suitcase Message-ID: <413DFE30.3BAF22B7@cdc.gov> At 11:57 AM 9/7/04 -0400, Sunder wrote: >The answer to that question depends on some leg work which involves >converting the source code to stegetect into hardware and seeing how fast >that hardware runs, then multiplying by X where X is how many of the chips >you can afford to build. A quick perusal of stegdetect.c, attending to how it analyzes jphide images, indicates that it computes histograms of DCT coefficients and then performs chi^2 tests on the distributions. Since this is fairly easy on a generic RISC CPU, one might be better off with a rack o' blades or even a cluster. Particularly because most JPGs will fit inside your typical 21st century-sized processor cache. Note that a streaming implementation is not easy because JPG data will have to be reassembled from transport-level packet quantization; e.g., a 200KB JPG is a lot of 1500 byte packets. Better to snarf & reassemble the JPG then analyze the whole captured image. Contrast this with e.g., block cipher accelerators that benefit from hardware implementation because they use bit-diddling not well supported by a typical instruction set. Or modexp() accelerators that benefit from parallelism. Joseph Holsten is right that its a complete waste (and not really stego) to look for data appended to the image data. Any data appended there, especially noise :-), will be suspicious. >I'd image that it's a lot faster to have some hw that gives you a yea/nay >on each JPG, than to say, attempt to crack DES. Stegdetect is performing a signal-detection task. As such, it measures a continuous variable, then thresholds it to make a decision. Therefore there is a tradeoff between sensitivity and false positives. For instance, I produced a test, jphide stego'd JPG which is *not* detected by stegdetect with default sensitivity, but using the "-s 3" argument it scores one asterisk. The steganographer can make the steganalysts' jobs much harder by keeping the S/N down, ie by only using short messages in large images. This is alluded to in the jphide pages: "Given a typical visual image, a low insertion rate (under 5%) and the absence of the original file, it is not possible to conclude with any worthwhile certainty that the host file contains inserted data." and follows from signal detection theory. It is also empirically true from some casual experimentation. Further commentary: * Stegdetect, though clever and well written (if poorly commented), barfs on a number of valid JPGs, including monochrome ones. * One could write a jphide variant which doesn't skew the coefficients e.g., if you use the upper half of an image for cargo, and the lower half to hide the changes. If instead of simplistic "halves" you used the passphrase to seed a PRNG you could disperse the cargo & re-balancing changes much more subtly. * MPx format files have great potential, for both image, image-N-tuple, and audio stego; is that http://irenarchy.org hip-hop recruiting video really just a video? (And is morphing someone into a sesame-street character "fair use"?) * Note that stego dictionary-attack breaking *would* benefit from compression- and crypto- accelerators for obvious reasons. But the topic here is stego detection. ------- Steganography is in the eye of the beholder. -Viktor. From emc at artifact.psychedelic.net Tue Sep 7 11:44:46 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Tue, 7 Sep 2004 11:44:46 -0700 (PDT) Subject: Gilmore case...Who can make laws? In-Reply-To: Message-ID: <200409071844.i87IikX2001630@artifact.psychedelic.net> TD writes: > This describes the "Government" as creating secret laws. But, theoretically, > only the congress and the Senate can create new laws, correct? The Executive > branch has never been empowered to create laws, and I'm thinking these > travel laws did not go through congress or the senate. The big loophole here is "regulation." Congress passes a law declaring that some governmental organization has the power to regulate something, and then that organization may create rules, impose financial penalties, and send people to jail under a plethora of laws against obstructing organizations blessed with regulatory powers. Congress, for instance, does not make every single law governing the behavior of pharmacutical companies, or every single law governing the use of the radio spectrum. Instead, it makes one law granting the FDA or FCC regulatory powers, and exercises only oversight with regards to their subsequent behavior. An argument that the TSA cannot make rules, even secret rules, regulating air travel, because it is not Congress, will not pass the giggle test in court, unless you can show that the TSA exceeded its regulatory powers. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From emc at artifact.psychedelic.net Tue Sep 7 11:53:58 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Tue, 7 Sep 2004 11:53:58 -0700 (PDT) Subject: Maths holy grail could bring disaster for internet In-Reply-To: Message-ID: <200409071853.i87IrwD4001894@artifact.psychedelic.net> RAH pastes: > Tim Radford, science editor > Tuesday September 7, 2004 > The Guardian > Mathematicians could be on the verge of solving two separate million dollar > problems. If they are right - still a big if - and somebody really has > cracked the so-called Riemann hypothesis, financial disaster might follow. > Suddenly all cryptic codes could be breakable. No internet transaction > would be safe. Bullshit. A constructive proof of NP=P would doom strong crypto. A proof of the Riemann hypothesis MIGHT lead to polynomial time factoring, which would break RSA, but leave the rest of cryptography largely untouched. The Guardian needs to raise the bar a bit for that which it alleges to be "Science Writing." Louis de Branges "proves" the Riemann Hypothesis every year, by the way. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From sunder at sunder.net Tue Sep 7 08:57:44 2004 From: sunder at sunder.net (Sunder) Date: Tue, 7 Sep 2004 11:57:44 -0400 (edt) Subject: stegedetect & Variola's Suitcase In-Reply-To: References: Message-ID: The answer to that question depends on some leg work which involves converting the source code to stegetect into hardware and seeing how fast that hardware runs, then multiplying by X where X is how many of the chips you can afford to build. I'd image that it's a lot faster to have some hw that gives you a yea/nay on each JPG, than to say, attempt to crack DES. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Tue, 7 Sep 2004, Tyler Durden wrote: > So here's the 'obvious' question: > > How fast can dedicated hardware run if it were a dedicated Stegedetect > processor? > > In other words, how easy would it be for NSA, et al to scan 'every' photo on > the internet for Stego traces? (And then, every photo being emailed?) > > And then, how fast can someone write a worm that will make every photo > stored on a harddrive look like it's been stegoed? From pantosys at gmail.com Tue Sep 7 09:02:42 2004 From: pantosys at gmail.com (Joseph Holsten) Date: Tue, 7 Sep 2004 12:02:42 -0400 Subject: stegedetect & Variola's Suitcase In-Reply-To: References: Message-ID: <873a03a60409070902824d22@mail.gmail.com> On Tue, 07 Sep 2004 11:22:28 -0400, Tyler Durden wrote: > How fast can dedicated hardware run if it were a dedicated Stegedetect > processor? ... > In other words, how easy would it be for NSA, et al to scan 'every' photo on > the internet for Stego traces? (And then, every photo being emailed?) Although I haven't looked at the code behind stegedetect yet, I can assume that a single dedicated processor would be less efficient that perhaps two or three dedicated processors. Some steg (appendx, camouflage) isn't steg, just data appended to the end of the file, in valid jpeg encapsulation. Real steg (f5, jsteg, jphide, steghide) would require looking at more data, for more time. it would be a waste to have the same processor working on appended data and real steg. Quick answer: I don't know / Depends on the data. > And then, how fast can someone write a worm that will make every photo > stored on a harddrive look like it's been stegoed? Again, you'd have to decide between real and fake steg. Appending a fortune message to the end of an image would be really quick, and would alert stegedetect. But if you want to signal the nsa, you'd need real steg with real (but breakable) crypto. The difference is quick perl script versus a modified jpeg library. who are ya tryin to fool? -pantosys at gmail.com From camera_lumina at hotmail.com Tue Sep 7 09:41:13 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 07 Sep 2004 12:41:13 -0400 Subject: stegedetect & Variola's Suitcase Message-ID: Joseph Holsten wrote... >who are ya tryin to fool? Well, just in case it's not obvious, the clear issue here is whether the use of Stego is actually merely a red flag, in which case it may actually be worse than using nothing on some levels. If every message used it, though... -TD _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From measl at mfn.org Tue Sep 7 11:52:40 2004 From: measl at mfn.org (J.A. Terranson) Date: Tue, 7 Sep 2004 13:52:40 -0500 (CDT) Subject: Gilmore case...Who can make laws? In-Reply-To: <200409071844.i87IikX2001630@artifact.psychedelic.net> References: <200409071844.i87IikX2001630@artifact.psychedelic.net> Message-ID: <20040907135102.B12515@ubzr.zsa.bet> On Tue, 7 Sep 2004, Eric Cordian wrote: > An argument that the TSA cannot make rules, even secret rules, regulating > air travel, because it is not Congress, will not pass the giggle test in > court, unless you can show that the TSA exceeded its regulatory powers. Absolutely correct. I am however intrigued that they may be preparing to posit that secret rules (which act under color of law) can be enforced without being described publicly. This, if accepted, would effectively end all constitutional protections. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From wk at gnupg.org Tue Sep 7 05:06:29 2004 From: wk at gnupg.org (Werner Koch) Date: Tue, 07 Sep 2004 14:06:29 +0200 Subject: What are the risks associated with partially know cipher keys In-Reply-To: <2b22425d04090622241903a9c0@mail.gmail.com> (Padraig MacIain's message of "Tue, 7 Sep 2004 13:24:39 +0800") References: <2b22425d04090622241903a9c0@mail.gmail.com> Message-ID: <87pt4y4722.fsf@wheatstone.g10code.de> On Tue, 7 Sep 2004 13:24:39 +0800, Padraig MacIain said: > problem. However, does it offer a great risk for something like > OpenPGP if the passphrase used to access the secretkey is partially That depends on quality of the passphrase; it makes dictionary attacks easier. > compromised? And in turn if the passphrase is completely known yet the > secret key is still secured (physically) does knowing this passphrase > risk a complete compromise of the key pair? No. The protection of the private key is is independent of the key. They are in no way related. The key is based on a random string and only the protection of this key is based on the passphrase. This protection only helps against a lost (but protected) private key. Salam-Shalom, Werner From bill.stewart at pobox.com Wed Sep 8 00:40:31 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 08 Sep 2004 00:40:31 -0700 Subject: Spam Spotlight on Reputation In-Reply-To: <20040906221533.GA29063@danisch.de> References: <20040906221533.GA29063@danisch.de> Message-ID: <200409080743.i887hlBJ021453@positron.jfet.org> At 03:15 PM 9/6/2004, Hadmut Danisch wrote: >On Mon, Sep 06, 2004 at 11:52:03AM -0600, R. A. Hettinga wrote: > > > > E-mail security company MX Logic Inc. will report this week that 10 percent > > of all spam includes such SPF records, > >I have mentioned this problem more than a year ago in context of >my RMX draft (SPF, CallerID and SenderID are based on RMX). >Interestingly, nobody really cared about this major security problem. >All RMX-derivatives block forged messages (more or less). But what >happens if the attacker doesn't forge? That's a hard problem. And a >problem known from the very beginning of the sender verification discussion. It's not a hard problem, just a different problem. Whitelisting your friends and aggressively filtering strangers is an obvious technique for reducing false positives without increasing false negatives, but it fails if spammers can forge identities of your friends. RMX-derivatives help this problem, and they help the joe-job problem. If a spammer wants to claim that they're the genuine spammers-are-us.biz, well, let them. I find it more annoying that there are spammers putting PGP headers in their messages, knowing that most people who use PGP assume PGP-signed mail is from somebody genuine and whitelist it. ---- Bill Stewart bill.stewart at pobox.com From jtrjtrjtr2001 at yahoo.com Wed Sep 8 02:41:18 2004 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Wed, 8 Sep 2004 02:41:18 -0700 (PDT) Subject: Maths holy grail could bring disaster for internet In-Reply-To: Message-ID: <20040908094118.1542.qmail@web21208.mail.yahoo.com> hello, The security of elliptic curve cryptosystems depend on the difficulty in solving the elliptic curve discrete log problem(ECDLP). If any body gets to prove that P=NP, then all the public key cryptosystemts which rely on 'hard' problems will be useless for crypto. Sarath. --- Sunder wrote: > Forgive my ignorance, but would other PK schemes > that don't rely on prime > numbers such as Elliptic Curve be affected? > > ----------------------Kaos-Keraunos-Kybernetos--------------------------- > + ^ + :"Our enemies are innovative and resourceful, > and so are we. /|\ > \|/ :They never stop thinking about new ways to > harm our country /\|/\ > <--*-->:and our people, and neither do we." -G. W. > Bush, 2004.08.05 \/|\/ > /|\ : > \|/ > + v + : War is Peace, freedom is slavery, Bush > is President. > ------------------------------------------------------------------------- > > On Tue, 7 Sep 2004, Matt Crawford wrote: > > > On Sep 6, 2004, at 21:52, R. A. Hettinga wrote: > > > > This would be a good thing. Because to rebuild > the infrastructure > > based on symmetric crypto would bring the trusted > third party > > (currently the CA) out of the shadows and into the > light. > > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail From mv at cdc.gov Wed Sep 8 08:47:29 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 08 Sep 2004 08:47:29 -0700 Subject: Gilmore case...Who can make laws? Message-ID: <413F2991.EAB2E1AC@cdc.gov> At 11:19 AM 9/8/04 -0400, Tyler Durden wrote: >Hum. I wonder. Do you think these secret regulations are communicated via >secure channels? What would happen if someone decided to send their own >regulations out to all of the local airline security offices rescinding any >private regs, particularly if one used official-looking letterhead? It would be better to inject *more heinous* secret rules than to attempt to remove them. "Why" is left as an exercise to the reader. Fax would probably suffice. At 01:52 PM 9/7/04 -0500, J.A. Terranson wrote: >I am however intrigued that they may be preparing to posit that secret >rules (which act under color of law) can be enforced without being >described publicly. This, if accepted, would effectively end all >constitutional protections. The phrase "constitutional protections" doesn't pass the giggle test these days. However the courts --when trials get that far-- will still toss out cases in which the state's evidence is not revealed. I expect that behavior will stop when domestic-US secret trials become common. To protect means, methods, and the chiiiildren, of course. At least the Europeans don't take the US seriously, esp after the use of torture was made clear, see eg the German trials. But the US is trying to control them via the oil connection. Rome did not fall in a day. From mv at cdc.gov Wed Sep 8 11:18:56 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 08 Sep 2004 11:18:56 -0700 Subject: insider threat report, by SS Message-ID: <413F4D10.BC1E6F6C@cdc.gov> Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector Marisa Reddy Randazzo, Ph.D. Dawn Cappelli Michelle Keeney, Ph.D. Andrew Moore Eileen Kowalski CERT. Coordination Center National Threat Assessment Center Software Engineering Institute United States Secret Service Carnegie Mellon University Washington, DC Pittsburgh, PA August 2004 http://www.secretservice.gov/ntac/its_report_040820.pdf Only amateurs attack machines; professionals target people. Bruce Schneier From camera_lumina at hotmail.com Wed Sep 8 08:19:08 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 08 Sep 2004 11:19:08 -0400 Subject: Gilmore case...Who can make laws? Message-ID: Well, still ruminating... The kind of regulations that regulatory bodies have made in the past are in their nature different from these secret rules I still believe. This is of course aside from their secret nature. Previously, if a regulatory body such as the FCC enacted some kind of policy, they could fine companies that did not comply. From my naive perspective, I didn't view these regs as really having a direct impact on private citizen units/individuals, apart from their organization, but then again I could probably think of exceptions. Hum. I wonder. Do you think these secret regulations are communicated via secure channels? What would happen if someone decided to send their own regulations out to all of the local airline security offices rescinding any private regs, particularly if one used official-looking letterhead? -TD >From: "J.A. Terranson" >To: Eric Cordian >CC: cypherpunks at minder.net >Subject: Re: Gilmore case...Who can make laws? >Date: Tue, 7 Sep 2004 13:52:40 -0500 (CDT) > >On Tue, 7 Sep 2004, Eric Cordian wrote: > > > An argument that the TSA cannot make rules, even secret rules, >regulating > > air travel, because it is not Congress, will not pass the giggle test in > > court, unless you can show that the TSA exceeded its regulatory powers. > >Absolutely correct. > >I am however intrigued that they may be preparing to posit that secret >rules (which act under color of law) can be enforced without being >described publicly. This, if accepted, would effectively end all >constitutional protections. > >-- >Yours, > >J.A. Terranson >sysadmin at mfn.org >0xBD4A95BF > > "...justice is a duty towards those whom you love and those whom you do > not. And people's rights will not be harmed if the opponent speaks out > about them." Osama Bin Laden > - - - > > "There aught to be limits to freedom!" George Bush > - - - > >Which one scares you more? _________________________________________________________________ Get ready for school! Find articles, homework help and more in the Back to School Guide! http://special.msn.com/network/04backtoschool.armx From rah at shipwright.com Wed Sep 8 10:28:49 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 8 Sep 2004 11:28:49 -0600 Subject: FSTC Issues Call for Participation for Two New Projects Message-ID: The Financial Services Technology Consortium wants to assist banks in providing an "authentication service to government agencies"... Cheers, RAH --- begin forwarded text From jim.salters at fstc.org Wed Sep 8 08:39:05 2004 From: jim.salters at fstc.org (Jim Salters) Date: Wed, 08 Sep 2004 11:39:05 -0400 Subject: FSTC Issues Call for Participation for Two New Projects Message-ID: From hal at finney.org Wed Sep 8 11:48:02 2004 From: hal at finney.org (Hal Finney) Date: Wed, 8 Sep 2004 11:48:02 -0700 (PDT) Subject: Seth Schoen's Hard to Verify Signatures Message-ID: <20040908184802.D187857E2B@finney.org> Seth Schoen of the EFF proposed an interesting cryptographic primitive called a "hard to verify signature" in his blog at http://vitanuova.loyalty.org/weblog/nb.cgi/view/vitanuova/2004/09/02 . The idea is to have a signature which is fast to make but slow to verify, with the verification speed under the signer's control. He proposes that this could be useful with trusted computing to discourage certain objectionable applications. The method Seth describes is to include a random value in the signature but not to include it in the message. He shows a sample signature with 3 decimal digits hidden. The only way to verify it is to try all possibilities for the random values. By controlling how much data is hidden in this way, the signer can control how long it will take to verify the signature. This idea is nice and simple, but one disadvantage is that it is probabilistic. It works on average, but occasionally someone might choose an n digit value which happens to be low (assuming the values are chosen at random). Then they don't get as much protection. They could fix this by eliminating too-low values, but then verifiers might exploit that by doing low values last in their testing. Another problem is that this method is inherently parallelizable, so that someone with N computers could solve it N times faster, by having each computer test a subset of the values. An alternative is based on the paper, "Time-lock puzzles and timed release Crypto", by Rivest, Shamir and Wagner, from 1996, http://theory.lcs.mit.edu/~rivest/RivestShamirWagner-timelock.pdf or .ps. They are looking more at the problem of encrypting data such that it can be decrypted only after a chosen amount of computing time, but many of their techniques are applicable to signatures. The first solution they consider is essentially the same as Seth's, doing an encryption where n bits of the encryption key are unknown, and letting people search for the decryption key. They identify the problems I noted above (which I stole from their paper). They also point out BTW that this concept was used by Ralph Merkle in his paper which basically foreshadowed the invention of public key cryptography. Merkle had to fight for years to get his paper published, otherwise he would be known as the father of the field rather than just a pioneer or co-inventor. The next method they describe can be put into signature terms as follows. Choose the number of modular squarings, t, that you want the verifier to have to perform. Suppose you choose t = 1 billion. Now you will sign your value using an RSA key whose exponent e = 2^t + 1. (You also need to make sure that this value is relatively prime to p-1 and q-1, but that is easily arranged, for example by letting p and q be strong primes.) The way you sign, even using such a large e, is to compute phi = (p-1)*(q-1) and to compute e' = e mod phi, which can be done using about 30 squarings of 2 mod phi. You then compute the secret exponent d as the multiplicative inverse mod phi of e', in the standard way that is done for RSA keys. Using this method you can sign about as quickly as for regular RSA keys. However, the verifier has a much harder problem. He does not know phi, hence cannot reduce e. To verify, he has to raise the signature to the e power as in any RSA signature, which for the exponent I described will require t = 1 billion modular squaring operations. This will be a slow process, and the signer can control it by changing the size of t, without changing his own work factor materially. The authors also point out that modular squaring is an intrinsically sequential process which cannot benefit from applying multiple computers. So the only speed variations relevant will be those between individual computers. Another idea I had for a use of hard to verify signatures would be if you published something anonymously but did not want to be known as the author of it until far in the future, perhaps after your death. Then you could create a HTV signature on it, perhaps not identifying the key, just the signature value. Only in the future when computing power is cheap would it be possible to try verifying the signature under different keys and see which one worked. Hal Finney From dave at farber.net Wed Sep 8 08:57:00 2004 From: dave at farber.net (Dave Farber) Date: Wed, 08 Sep 2004 11:57 -0400 Subject: [IP] New research on foreign intelligence surveillance/wiretapping Message-ID: ...... Forwarded Message ....... From: Peter Swire To: dave at farber.net Date: Wed, 08 Sep 2004 11:50:34 -0400 Subj: New research on foreign intelligence surveillance/wiretapping Dave: Earlier today you posted one of my current research papers on secrecy/openness that a reader sent you. Here is a link to the other new paper, "The System of Foreign Intelligence Surveillance Law." http://papers.ssrn.com/sol3/papers.cfm?abstract_id=586616 Last year, for the first time, more wiretap orders were issued in the United States under the Foreign Intelligence Surveillance Act than for all law enforcement actions. This paper gives the most thorough discussion to date of the history and theory of the special laws and institutions used for foreign intelligence surveillance. It analyzes the major changes in the USA-PATRIOT Act, most of which sunset at the end of 2005. It then provides a number of proposals for reform. As part of the overhaul of the U.S. intelligence system, there should be more discussion of the legal rules that govern intelligence activities conducted within the United States. There are compelling reasons to keep much of this surveillance activity secret. There are also compelling reasons to create effective checks and balances in the system, so that secret surveillance powers do not slide into abuses of those powers. As key FISA provisions sunset in 2005, this paper seeks to provide a basis for a more informed public debate. Best, Peter Prof. Peter P. Swire Moritz College of Law of the Ohio State University John Glenn Scholar in Public Policy Research (240) 994-4142; www.peterswire.net ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From mv at cdc.gov Wed Sep 8 12:44:39 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 08 Sep 2004 12:44:39 -0700 Subject: Seth Schoen's Hard to Verify Signatures Message-ID: <413F6127.711FF78A@cdc.gov> At 11:48 AM 9/8/04 -0700, Hal Finney wrote: >Seth Schoen of the EFF proposed an interesting cryptographic primitive >called a "hard to verify signature" in his blog at >http://vitanuova.loyalty.org/weblog/nb.cgi/view/vitanuova/2004/09/02 . >The idea is to have a signature which is fast to make but slow to verify, >with the verification speed under the signer's control. He proposes >that this could be useful with trusted computing to discourage certain >objectionable applications. > >The method Seth describes is to include a random value in the signature >but not to include it in the message. He shows a sample signature >with 3 decimal digits hidden. The only way to verify it is to try all >possibilities for the random values. By controlling how much data is >hidden in this way, the signer can control how long it will take to >verify the signature. This could be called a "salt-free" algorithm :-) Basically its like the problem that a salted-password cracker has to solve when the salt has to be guessed. As far as a modexp() solution, I suggest this, which is as far as I can tell different from what you reference: In an RSA cryptosystem the public exponent is typically low, often 3 or 65537 (for efficiency reasons only a few bits are set; the other constraint is that your message, raised to that power, wraps in your modulus, which makes 65537 a little better). The private exponent is big. Therefore, traditional encryption is "fast", and decryption is slow; the reverse is that signing is slow, verifying a signature is fast. This can be used to achieve Seth's required "fast to make, slow to verify". To achieve the required "user-controllable", the user gets to set the number of bits in the modulus. One might have to use extraordinarily long moduli (making 4Kbits look puny), depending on the time-scale of "slow" and "fast", but so what, primes are free :-) and might even be re-used. If this passes group-muster pass it on.. From bill.stewart at pobox.com Wed Sep 8 12:44:55 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 08 Sep 2004 12:44:55 -0700 Subject: Savvis dropping major spammers (cypherpunk sighting.) In-Reply-To: <20040907102824.M12515@ubzr.zsa.bet> References: <20040907102824.M12515@ubzr.zsa.bet> Message-ID: <6.0.3.0.0.20040908123724.037a8af8@pop.idiom.com> http://news.bbc.co.uk/2/hi/technology/3634572.stm John Young and John Gilmore aren't the only cypherpunks in the news lately. J. Alif Terranson was in a BBC article about getting the company to agree to drop the hundred or so major spammers who've been using their network. Some of them are former C&W customers, some are new, and they've been estimated to be about $2M/month business for Savvis, so this is a non-trivial step for Savvis. On the other hand, Savvis risked getting its whole network blacklisted by the major spam anti-spam groups if it didn't do something. We'll see if they follow through. From syverson at itd.nrl.navy.mil Wed Sep 8 12:24:53 2004 From: syverson at itd.nrl.navy.mil (Paul Syverson) Date: Wed, 8 Sep 2004 15:24:53 -0400 Subject: potential new IETF WG on anonymous IPSec Message-ID: ----- Forwarded message from Catherine Meadows ----- From syverson at itd.nrl.navy.mil Wed Sep 8 12:24:53 2004 From: syverson at itd.nrl.navy.mil (Paul Syverson) Date: Wed, 8 Sep 2004 15:24:53 -0400 Subject: potential new IETF WG on anonymous IPSec Message-ID: ----- Forwarded message from Catherine Meadows ----- From maroney1939 at address.com Wed Sep 8 12:48:08 2004 From: maroney1939 at address.com (Margaret Maroney) Date: Wed, 8 Sep 2004 15:48:08 -0400 (Eastern Daylight Time) Subject: FASTER THAN BROADBAND and FREE!...without Any Cost Ever !!! Message-ID: <413F61F8.000010.03800@MARGARET> FASTER THAN BROADBAND and FREE! Greetings! My Name Is Margaret; I thought this might be something you might like to check out. I think it's something we could all use. ********************************************************** FASTER THAN BROADBAND and FREE! JUICE is the solution for millions of Internet users who are frustrated by having a slow Internet connection and is the ONLY real alternative to Broadband. JUICE offers a revolutionary and unique internet service to anyone who wants to experience it, world wide and for FREE. JUICE is 4 times quicker than broadband and 40 times faster than dial-up however, the best thing is it's totally FREE and available via any telephone line worldwide. It is revolutionising the way millions of people are connecting to the Internet. It is unique and takes 1 minute to install and is very easy to use. No more Internet bills or call charges, ever again. All you need is a telephone line to get JUICE broadband for FREE. Don't compare this service with any other similar sounding one. JUICE offers revolutionary, unique service that does not reduce the quality of the pages you surf whilst giving you a blistering 2MB (2000kbps) connection for FREE. This is better than broadband. It's faster and cheaper than broadband and it's totally 100% FREE. If you are currently paying for ADSL/Broadband or for call charges via dial-up then JUICE is definitely for you. You can cancel your existing broadband connection and use JUICE without paying the standard monthly rental or call charges on dial-up. JUICE is the only FREE for all service. That's right you don't have to pay for broadband any longer! It's FREE. Upgrade your existing slower ADSL/Broadband or dial-up to a blistering 2MB for FREE and keep your existing email address. If you would like to give away JUICE broadband and earn either £27GBP,$48USD, $64AUSD, 39Euro or $74NZD per client, click below. If you think you have read enough and are interested in going to the website and seeing all that is mentioned here and more, & checking it all out just send me an email with *MORE INFORMATION* in the subject line. My Email: onewhocares65 at netscape.net This offer is open to Internet users world wide. Wherever you live, you can now get a JUICE broadband connection without paying for it. All you need is a telephone line. No wires. No engineers. No need to alter your PC and No CHARGES! JUICE is a software download which utilises a unique 23 patent approved compression technology that increases your existing Internet connection speed to way past faster than broadband. State-of-the-art data compression, byte stream and ultimate data burst technology now guarantees every Internet user an unbelievable lightening connection speed of 2MB. It'll SAVE YOU money. It takes 25 seconds to join and a moment to connect. JUICE is: Easy to install and very simple to use Available anywhere in the world Works with your existing ISP A software download so there is NO need for new hardware FOUR times the speed of normal broadband Compatible with any type of phone line. Works with any PC or MAC of the lowest specification believable Compatible with old 9,600kbps modems upwards to the most modern. Guaranteed to provide a minimum of 2MB and that's SUPER FAST Coming very soon worldwide......... If you would like more information please send me an email with *MORE INFORMATION* in the subject line. My Email: onewhocares65 at netscape.net Thank You, Margaret E Maroney ************************************************************************ Please note that due to huge demand for FASTER than broadband, you may experience difficulties with the website. If you do find our server either slow or not responding please try again. If you think you have received this offer in error then please accept our apologies. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7304 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: BackGrnd1111111.jpg Type: image/jpeg Size: 2284 bytes Desc: not available URL: From lloyd at randombit.net Wed Sep 8 13:06:47 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Wed, 8 Sep 2004 16:06:47 -0400 Subject: Seth Schoen's Hard to Verify Signatures In-Reply-To: <413F6127.711FF78A@cdc.gov> References: <413F6127.711FF78A@cdc.gov> Message-ID: <20040908200647.GC11323@acm.jhu.edu> On Wed, Sep 08, 2004 at 12:44:39PM -0700, Major Variola (ret) wrote: [...] > In an RSA cryptosystem the public exponent is typically low, often > 3 or 65537 (for efficiency reasons only a few bits are set; the other > constraint is that your message, raised to that power, wraps in your > modulus, which makes 65537 a little better). The private exponent > is big. > > Therefore, traditional encryption is "fast", and decryption is slow; > the reverse is that signing is slow, verifying a signature is fast. > This can be used to achieve Seth's required "fast to make, slow > to verify". To achieve the required "user-controllable", the user > gets to set the number of bits in the modulus. One might have > to use extraordinarily long moduli (making 4Kbits look puny), depending > on the time-scale of "slow" and "fast", but so what, primes are free :-) > > and might even be re-used. > > If this passes group-muster pass it on.. Can't be too short, less than about a third the size of the modulus you start running into problems [*], which, with the sizes you're suggesting (you would need, what, a 100K+ bit key to do this?) would make signature generation pretty slow too. Easier to do standard RSA and then encrypt the whole thing with a 64 or 80 bit symmetric key. [*] http://crypto.stanford.edu/~dabo/papers/RSA-survey.pdf -Jack From kelsey.j at ix.netcom.com Wed Sep 8 13:36:52 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Wed, 8 Sep 2004 16:36:52 -0400 (GMT-04:00) Subject: Seth Schoen's Hard to Verify Signatures Message-ID: <8350658.1094675813781.JavaMail.root@skeeter.psp.pas.earthlink.net> >From: "\"Hal Finney\"" >Sent: Sep 8, 2004 2:48 PM >To: cypherpunks at al-qaeda.net >Subject: Seth Schoen's Hard to Verify Signatures >The method Seth describes is to include a random value in the signature >but not to include it in the message. He shows a sample signature >with 3 decimal digits hidden. The only way to verify it is to try all >possibilities for the random values. By controlling how much data is >hidden in this way, the signer can control how long it will take to >verify the signature. I've seen this described in a paper by Abadi, Lomas & Needham as an alternative to a high iteration count for password hashing. >Hal Finney --John Kelsey From rah at shipwright.com Wed Sep 8 16:01:31 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 8 Sep 2004 17:01:31 -0600 Subject: potential new IETF WG on anonymous IPSec Message-ID: --- begin forwarded text From rah at shipwright.com Wed Sep 8 16:01:31 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 8 Sep 2004 17:01:31 -0600 Subject: potential new IETF WG on anonymous IPSec Message-ID: --- begin forwarded text From adam at cypherspace.org Wed Sep 8 14:03:03 2004 From: adam at cypherspace.org (Adam Back) Date: Wed, 8 Sep 2004 17:03:03 -0400 Subject: Seth Schoen's Hard to Verify Signatures In-Reply-To: <20040908184802.D187857E2B@finney.org> References: <20040908184802.D187857E2B@finney.org> Message-ID: <20040908210303.GA9528@bitchcake.off.net> Hi I proposed a related algorithm based on time-lock puzzles as a step towards non-parallelizable, fixed-minting-cost stamps in section 6.1 of [1], also Dingledine et al observe the same in [2]. The non-parallelizable minting function is in fact the reverse: sender encrypts (expensively) and the verifier encrypts again (but more cheaply) and compares, but I think the relationship is quite analogous to the symmetry between RSA encryption and RSA signatures. I think maybe you have observed an additional simplification. In my case I use sender chooses x randomly (actually hash output of random value and resource string), and computes y = x^{x^w} mod n as the work function (expensive operation); and z = x^w mod phi(n), y =? x^z mod n as the cheap operation (verification). I think your approach could be applied on the encryption side too resulting in simpler, faster verification. Instead it would be: x is random, compute y = x^{2^t+1} mod n; verify x =? y^d mod n I'll add a note about that when I get around to updating it next. Adam [1] Hashcash - Amortizable Publicly Auditable Cost-Functions http://www.hashcash.org/papers/amortizable.pdf [2] Andy Oram, editor. Peer-to-Peer: Harnessing the Power of Disruptive Technologies. O'Reilly and Associates, 2001. Chapter 16 also available as http://freehaven.net/doc/oreilly/accountability-ch16.html. On Wed, Sep 08, 2004 at 11:48:02AM -0700, "Hal Finney" wrote: > Seth Schoen of the EFF proposed an interesting cryptographic primitive > called a "hard to verify signature" in his blog at > > An alternative is based on the paper, "Time-lock puzzles and > timed release Crypto", by Rivest, Shamir and Wagner, from 1996, > [...] > Choose the number of modular squarings, t, that you want the > verifier to have to perform. [...] you will sign your value using > an RSA key whose exponent e = 2^t + 1. > The way you sign, even > using such a large e, is to compute phi = (p-1)*(q-1) and to compute > e' = e mod phi, which can be done using about 30 squarings of 2 mod > phi. You then compute the secret exponent d as the multiplicative > inverse mod phi of e', in the standard way that is done for RSA > keys. Using this method you can sign about as quickly as for > regular RSA keys. From eugen at leitl.org Wed Sep 8 09:05:42 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 8 Sep 2004 18:05:42 +0200 Subject: [IP] New research on foreign intelligence surveillance/wiretapping (fwd from dave@farber.net) Message-ID: <20040908160542.GP1457@leitl.org> ----- Forwarded message from Dave Farber ----- From measl at mfn.org Wed Sep 8 16:45:52 2004 From: measl at mfn.org (J.A. Terranson) Date: Wed, 8 Sep 2004 18:45:52 -0500 (CDT) Subject: Savvis dropping major spammers (cypherpunk sighting.) In-Reply-To: <6.0.3.0.0.20040908123724.037a8af8@pop.idiom.com> References: <20040907102824.M12515@ubzr.zsa.bet> <6.0.3.0.0.20040908123724.037a8af8@pop.idiom.com> Message-ID: <20040908184353.D12515@ubzr.zsa.bet> On Wed, 8 Sep 2004, Bill Stewart wrote: > http://news.bbc.co.uk/2/hi/technology/3634572.stm > > John Young and John Gilmore aren't the only cypherpunks > in the news lately. J. Alif Terranson was in a BBC article > about getting the company to agree to drop the > hundred or so major spammers who've been using their network. > > Some of them are former C&W customers, some are new, > and they've been estimated to be about $2M/month business for Savvis, > so this is a non-trivial step for Savvis. > On the other hand, Savvis risked getting its whole network blacklisted > by the major spam anti-spam groups if it didn't do something. > > We'll see if they follow through. The actual memos are at http://www.savvis.info Other articles (mostly with greater detail) include: http://www.nwfusion.com/edge/news/2004/0908leakmemos.html http://www.computerworld.com/managementtopics/outsourcing/isptelecom/story/0,108 01,95769,00.html http://arstechnica.com/news/posts/20040908-4168.html http://news.bbc.co.uk/1/hi/technology/3634572.stm http://techdirt.com/articles/20040908/103247.shtml http://ads.osdn.com/?ad_id=4985&alloc_id=10663&site_id=1&request_id=1806376 -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From measl at mfn.org Wed Sep 8 18:28:25 2004 From: measl at mfn.org (J.A. Terranson) Date: Wed, 8 Sep 2004 20:28:25 -0500 (CDT) Subject: Savvis dropping major spammers (cypherpunk sighting.) In-Reply-To: References: Message-ID: <20040908202629.T12515@ubzr.zsa.bet> On Wed, 8 Sep 2004, Tyler Durden wrote: > I see Savvis has a sales office in a Building I used to work in here in NYC. > They also seem to be be somewhat deadbeat-ish with respect to paying some of > their bills, Um, yeah.... They even "forgot" to pay the renewal for their domain name around two years ago! Now *that* was funny! > so I bet they need that Spam revenue. That exec probably needed > that revenue in order to qualify for some absurd bonus. That is *precisely* how it works. No makie the numbers, no takeee the $500,000.00 (really) annual bonus. > -TD -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From camera_lumina at hotmail.com Wed Sep 8 18:17:31 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 08 Sep 2004 21:17:31 -0400 Subject: Savvis dropping major spammers (cypherpunk sighting.) Message-ID: I see Savvis has a sales office in a Building I used to work in here in NYC. They also seem to be be somewhat deadbeat-ish with respect to paying some of their bills, so I bet they need that Spam revenue. That exec probably needed that revenue in order to qualify for some absurd bonus. -TD >From: "J.A. Terranson" >To: Bill Stewart >CC: cypherpunks at al-qaeda.net >Subject: Re: Savvis dropping major spammers (cypherpunk sighting.) >Date: Wed, 8 Sep 2004 18:45:52 -0500 (CDT) > >On Wed, 8 Sep 2004, Bill Stewart wrote: > > > http://news.bbc.co.uk/2/hi/technology/3634572.stm > > > > John Young and John Gilmore aren't the only cypherpunks > > in the news lately. J. Alif Terranson was in a BBC article > > about getting the company to agree to drop the > > hundred or so major spammers who've been using their network. > > > > Some of them are former C&W customers, some are new, > > and they've been estimated to be about $2M/month business for Savvis, > > so this is a non-trivial step for Savvis. > > On the other hand, Savvis risked getting its whole network blacklisted > > by the major spam anti-spam groups if it didn't do something. > > > > We'll see if they follow through. > >The actual memos are at http://www.savvis.info > >Other articles (mostly with greater detail) include: > >http://www.nwfusion.com/edge/news/2004/0908leakmemos.html >http://www.computerworld.com/managementtopics/outsourcing/isptelecom/story/0,108 >01,95769,00.html >http://arstechnica.com/news/posts/20040908-4168.html >http://news.bbc.co.uk/1/hi/technology/3634572.stm >http://techdirt.com/articles/20040908/103247.shtml >http://ads.osdn.com/?ad_id=4985&alloc_id=10663&site_id=1&request_id=1806376 > >-- >Yours, > >J.A. Terranson >sysadmin at mfn.org >0xBD4A95BF > > "...justice is a duty towards those whom you love and those whom you do > not. And people's rights will not be harmed if the opponent speaks out > about them." Osama Bin Laden > - - - > > "There aught to be limits to freedom!" George Bush > - - - > >Which one scares you more? _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From isn at c4i.org Thu Sep 9 03:41:59 2004 From: isn at c4i.org (InfoSec News) Date: Thu, 9 Sep 2004 05:41:59 -0500 (CDT) Subject: [ISN] Mitnick movie comes to the US Message-ID: http://www.theregister.co.uk/2004/09/09/mitnick_movie_us/ [ http://www.amazon.com/exec/obidos/ASIN/B0002L57YQ/c4iorg - WK] By Kevin Poulsen, SecurityFocus 9th September 2004 Nearly six years after it was filmed, Hollywood's trouble-plagued movie version of the hunt for hacker Kevin Mitnick is headed for video stores in the US Originally titled Takedown, then Cybertraque, the film is set for a September 28th U.S. release on DVD with the new title, Track Down. The movie is from Miramax's horror and sci-fi label Dimension Films, and is based on the book Takedown: The Pursuit and Capture of America's Most Wanted Computer Outlaw - By The Man Who Did It, authored by computer scientist Tsutomu Shimomura and New York Times reporter John Markoff. Shimomura electronically tracked Mitnick to his Raleigh, North Carolina hideout in February, 1995, and sold the book and movie rights for an undisclosed sum amidst the storm of publicity following the fugitive hacker's arrest. Early versions of the screenplay for the movie adaptation of Takedown cast Mitnick - played by Scream star Skeet Ulrich - as violent and potentially homicidal. In July, 1998, supporters of the then-imprisoned cyberpunk rallied against the film outside Miramax's New York City offices. Writers later revised the script, and shooting wrapped on the project in December, 1998. The film then languished without a US release date amid rumors of poor test screenings and a re-shot ending. Perhaps hoping to recoup some of their losses, Miramax finally released the movie to French theatres in March, 2000, as Cybertraque. It was generally panned by critics: a reviewer for the newspaper Le Monde noted the film's problems in translating a virtual manhunt to the action-adventure genre. "Can the repeated image of faces sweating over keyboards renew the principles of the Hollywood thriller?," the paper asked. "It's easy to say that the filmmaker hardly reaches that point, regardless of his saturation of the soundtrack with rock music to defeat the boredom of the viewer." Cybertraque was later released in Europe on DVD with French subtitles, and enjoyed some underground circulation on peer-to-peer networks, often misidentified as the sequel to the 1995 film Hackers. The real-life Mitnick cracked computers at cellphone companies, universities and ISPs. He pleaded guilty in March, 1999, to seven felonies, and was released from prison on 21 January, 2000, after nearly five years in custody. Now a security consultant and author, the ex-hacker says he's not happy to see the movie come to America. "I didn't expect the film would ever be released to the US, so this is kind of shock to me," he says. "I'm kind of disappointed because the film depicts me doing things that are not real." The fictionalized plot of Track Down centers around Shimomura's efforts to capture Mitnick before the hacker can access a terrifying computer program capable of causing blackouts, disabling hospital equipment and scrambling air traffic control systems. Hollywood's Mitnick character is portrayed somewhat sympathetically, but is prone to random outbursts of rage, and suffers a creepy penchant for electronic eavesdropping and a lurking hatred of women. "You wouldn't believe the amount of emails I get from all around the world saying, 'I saw this movie about you, it's great, you're my hero, it was a fantastic movie,'" says Mitnick. "I'm thinking, these guys are a little bit off... It's not an interesting film. I think it was done pretty poorly." _________________________________________ Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Thu Sep 9 01:10:20 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 9 Sep 2004 10:10:20 +0200 Subject: potential new IETF WG on anonymous IPSec (fwd from rah@shipwright.com) Message-ID: <20040909081019.GX1457@leitl.org> ----- Forwarded message from "R. A. Hettinga" ----- From hal at finney.org Thu Sep 9 12:57:29 2004 From: hal at finney.org (Hal Finney) Date: Thu, 9 Sep 2004 12:57:29 -0700 (PDT) Subject: potential new IETF WG on anonymous IPSec Message-ID: <20040909195729.4798957E2B@finney.org> > The IETF has been discussing setting up a working group > for anonymous IPSec. They will have a BOF at the next IETF > in DC in November. They're also setting up a mailing list you > might be interested in if you haven't heard about it already. > ... > http://www.postel.org/anonsec To clarify, this is not really "anonymous" in the usual sense. Rather it is a proposal to an extension to IPsec to allow for unauthenticated connections. Presently IPsec relies on either pre-shared secrets or a trusted third party CA to authenticate the connection. The new proposal would let connections go forward using a straight Diffie-Hellman type exchange without authentication. It also proposes less authentication of IP message packets, covering smaller subsets, as an option. The point has nothing to do with anonymity; rather it is an attempt to secure against weaknesses in TCP which have begun to be exploited. Sequence number guessing attacks are more successful today because of increasing bandwidth, and there have been several instances where they have caused disruption on the net. While workarounds are in place, a better solution is desirable. This new effort is Joe Touch's proposal to weaken IPsec so that it uses less resources and is easier to deploy. He calls the weaker version AnonSec. But it is not anonymous, all the parties know the addresses of their counterparts. Rather, it allows for a degree of security on connections between communicators who don't share any secrets or CAs. I don't think "anonymous" is the right word for this, and I hope the IETF comes up with a better one as they go forward. Hal Finney From mv at cdc.gov Thu Sep 9 14:49:03 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 09 Sep 2004 14:49:03 -0700 Subject: The Garwin Archive Message-ID: <4140CFCE.55D6644E@cdc.gov> A nuke physicist talks about taking out a US city, nonlethal weapons, and more http://www.fas.org/rlg/index.html http://www.fas.org/rlg/040000-nonlethal.pdf http://www.fas.org/rlg/040309-drell.htm From rah at shipwright.com Thu Sep 9 18:50:05 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 9 Sep 2004 21:50:05 -0400 Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city Message-ID: ABC7Chicago.com: Mayor outlines elaborate camera network for city By Paul Meincke September 9, 2004 (Chicago) - From a hi-tech command center, the City of Chicago plans to monitor a vast security network. Thousands of surveillance cameras will be linked -- and authorities will be alerted to crimes and terrorist acts. The mayor unveiled the plans for this new security network at a news conference this morning. Some people are concerned about "Big Brother" invading their privacy but Mayor Daley says the cameras will be located in public areas. The technology that is now so much a part of crime-fighting and anti-terrorism has gone -- as one police spokesman says -- from Stone Age to Star Wars in less than a decade. This step in the evolution will link more than 2,000 public surveillance cameras in Chicago into a unified system. George Orwell might be restless that Big Brother is growing, but the city believes that more efficient response to emergency will help the public rest easier There are, of course, thousands of cameras watching -- it seems -- everywhere. The city's plan is to route the live images provided by those cameras on the public way into a unified network piped into the 911 Center. "That includes every city department. That includes the Chicago public schools, the CTA, city colleges. That includes the park district, any other sister agencies that have cameras out there," said Mayor Daley. There are well over 2,000 cameras that the city and its sister agencies -- like the school system -- monitor everyday. The city is adding another 250 cameras to potential high risk areas, most of them downtown. For instance, if there is a crime on a CTA platform-- most of which are or will be equipped with surveillance cameras, a call to 911 will activate a video link-up. "When the system determines there's a camera in the vicinity of the 911 call, it will automatically beam back an image to the call-taker of the origin of where it occurred," said Ron Huberman, Emergency Mgt. and Com. Dir. The 911 dispatcher will have -- in many cases -- the ability to remotely control cameras at the scene of a crime miles away. The system is also equipped with software that can alert the 911 Center to changes in traffic flow, or the presence of people where they're not supposed to be. "If this is a water filtration plant or a field in O'Hare where no one should be walking, it will issue an alert that someone is walking," said Huberman. All those images will be monitored in a room that is under construction as the 911 Operations Center. In 18-months it will look more like the bridge of the Starship Enterprise with a wall of 200 constantly changing images. How the software is tweaked will determine which pictures pop up, which the city says will greatly enhance emergency response. The mayor dismisses concerns about invasion of privacy since the cameras record what happens on the public way. "You could photograph me walking down the street. They do it every day. I don't object. You do it every day. You have that right. Why do you have that right?" said Mayor Daley. Critics say the cameras ought not be regarded as a panacea in crime fighting. They say the more there are, the greater the potential for abuse. In some Chicago neighborhoods, the cameras have led to a marked reduction in crime. The new unified system is being financed by a $5 million grant from the Department of Homeland Security and is scheduled to be up and running in 18 months. It will also have the capacity to watch crowds at the marathon downtown, football games, etc... -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Fri Sep 10 05:44:27 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 10 Sep 2004 05:44:27 -0700 Subject: Perplexing proof Message-ID: <4141A1AB.427926A9@cdc.gov> At 08:23 AM 9/10/04 -0400, R. A. Hettinga wrote: > > Perplexing proof > >E-commerce is only one mathematical breakthrough away from disaster >Robert Valpuesta, IT Week 09 Sep 2004 > >The fact that even experts often do not fully understand how IT systems >work was underlined by recent reports that the Riemann hypothesis, >established in 1859, may finally have been proved. This doesn't follow. >It seems the hypothesis would explain the apparently random pattern of >prime numbers that form the basis for much internet cryptography, used for >e-commerce and online banking to guard accounts and credit card details. Can someone explain how finding regularity in the distribution of primes would affect any modexp() system? Suppose that you have a function F(i) which gives you the i-th prime. Since the PK systems (eg RSA, DH) use *randomness* to pick primes, how does being able to generate the i-th prime help? >Louis de Branges, a renowned mathematician at Purdue University in the US, >has claimed he can prove the hypothesis. But the maths is so complicated >that no one has yet been able to say whether his solution is right. > >"[The suggested proof] is rather incomprehensible," professor Marcus du >Sautoy of Oxford University told The Guardian, adding that if correct it >could lead to the creation of a "prime spectrometer" that would bring "the >whole of e-commerce to its knees overnight". Methinks the "expert" du Sautoy is an expert in number theory, not crypto... >Unfortunately, most managers have no way of telling whether the proof is >right or its implications are indeed as stated. Most managers don't understand crypto. This could be an >embarrassment if they are asked to assess risks for corporate governance >reports, since they clearly now have a duty to own up and admit that >business could be threatened by a theoretical prime spectrometer. > >Alternatively they might accept that security is a matter of faith, declare >that nothing can truly be "known", and add that the way of Zen shows that >security is probably an illusion anyway. I think this latter indicates the cluelessness of the author. From mv at cdc.gov Fri Sep 10 05:53:06 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 10 Sep 2004 05:53:06 -0700 Subject: Flying with Libertarian Hawks Message-ID: <4141A3B2.AB7ECB99@cdc.gov> At 07:53 AM 9/10/04 -0400, R. A. Hettinga wrote: > > >Is it possible for one to be libertarian about policies at home and >neo-conservative about policies abroad? After all, isn't the principle of >non-coercion incompatible with the interventionist policies of the current >Administration? Simply put: is there such an animal as a libertarian hawk >and if he exists, why do we so seldom hear from him? On the contrary, the Ayn Rand institute has been taken over by vocal Zionists. They would never bomb Dimona but if a non-israeli semite even thinks about uranium, its missiles away. Or if the South Koreans do a bit of clandestine enrichment, no big deal, they're "our" *friends*. ----- "Stop shedding our blood to save your own and the solution to this simple but complex equation is in your hands. You know matters will escalate the more you delay and then do not blame us but blame yourselves. Rational people do not risk their security, money and sons to appease the White House liar." UBL The only language the American people understand is dead Americans. -EC From rah at shipwright.com Fri Sep 10 04:53:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 10 Sep 2004 07:53:39 -0400 Subject: Flying with Libertarian Hawks Message-ID: Tech Central Station Flying with Libertarian Hawks By Max Borders Published 09/09/2004 And covenants, without the sword, are but words and of no strength to secure a man at all. -- Thomas Hobbes Is it possible for one to be libertarian about policies at home and neo-conservative about policies abroad? After all, isn't the principle of non-coercion incompatible with the interventionist policies of the current Administration? Simply put: is there such an animal as a libertarian hawk and if he exists, why do we so seldom hear from him? There is a reticence among many libertarians to speak out about their bellicosity. You might say they're doves at the dinner table, perhaps worried they'll be shunned by their peers. But I think it's time we give some substance to what, at the moment, may be little more than an intuition, and speak up about our support for foreign policies that require armed conflicts -- even preemptive ones. Most libertarians fall in line behind the superficial notion that domestic and foreign policies should be mirror images of each other, each reflecting classical liberal principles where self-defense is applied universally like some scriptural edict. Alas, were the threats of the twenty first century so simple to counter, the complexities of world so easily distilled. The libertarian hawk takes her cues from Hobbes, not Locke, as the spaces mostly untouched by globalization are, in her view, like a state-of-nature. She sees threats that organize themselves in the shadows beyond civilization; operating, no less, in an age of deadly weapons proliferation. She fears the world's great, but nimble powers coalescing into a slothful and ineffectual global body -- where the toughest decisions of life and limb must be made in committee. She understands that freedom does not drop like manna from heaven, but is earned drop-for-drop and coin-for-coin by the sacrifices of blood and treasure. And this is the crux of the libertarian hawk's position: "rights" as such, are not some Cartesian substance that animates the body in the manner of a soul. Rights are a human construct, just like money. The more we believe in them, the better they work. But there are situations in which the currency becomes, uh, devalued. Better said: there are limits to those on whom we can ascribe rights. We get rights by virtue of some sort of social contract, not from our Creator. In this way, social contract theory splits the difference in many respects between libertarianism and conservatism. The social contract is an idea that people would rationally choose certain constraints on their behavior, constraints which culminate in certain reciprocal rules under which to live. I won't harm you if you won't harm me. We benefit through cooperation. And so forth. Those who would choose the rules enjoy the full benefits they confer. Criteria of mutual benefit are embedded in the social contract condition -- which is devoid of: "natural rights" notions that have failed in the libertarian tradition on metaphysical grounds; the totalitarian-leaning "social" aspects which can creep into utilitarian theories (requiring individuals to be sacrificial lambs to the "many"); and of the stodgy moralizing that tends to weigh on domestic conservatism. The overall beauty of social contract theory is that it offers us a justification for political liberalism and pluralism that rests neither on the foundational axioms associated with traditional moral theories, nor on the nihilism and disorderly assertions of the so-called Postmoderns. In short, social contract theory is a constructivist enterprise. And if you stand outside the covenants of Man, you are presumed "enemy." In light of all this, I find it sad that so many otherwise bright libertarians seem so unreflective about war. Some of my favorite freedom-loving publications have steered their editorial styles into the hashish den of protest music and anti-Bush priggishness. Some of my favorite think tanks issue press releases almost daily, calling for the immediate withdrawal of troops from Iraq, calling for the US to extend Constitutional privileges to enemy combatants, and claiming that it will be impossible to bring democracy and the Rule of Law to the Middle East. Which brings me to what could be the best criticism against the current conflict in Iraq. Let's call it the Hayekian Argument. It can be summarized in the following way: a complex order, like a country, is very difficult to plan or impose upon a people. It emerges, pace Hayek, "spontaneously." Under certain institutional conditions backed by years of tradition and certain entrenched cultural mores, civil societies can form. But these conditions simply are not in place in Iraq, so we may have gotten ourselves into a (OK, here goes) a quagmire. Much of the Hayekian Argument depends on considerations in complexity theory. That is, preference for "networks" over "hierarchies," as the former tend to do a better job of sustaining complexity among agents in a society. But further investigation along these lines may reveal something like a "feed-forward network" that is formed when inputs of a certain type allow a system is changed, in a sense, by example. Of course, this is somewhat of a metaphor in the context of Iraq. And, of course, nation-building isn't an exact science. But I would have always preferred to hedge my bets that given enough of the appropriate initial conditions, Iraqis would find that -- in the absence of a dangerous dictator -- they would begin to form of the mutually beneficial relationships with one another that bring about prosperity and peace. I doubt they could've done this alone. I think the Coalition was right to help them towards a tipping point. And if we fail, the failure will have been a practical one, not a moral one. My guess is that there are others who would like to see less of this accretion of libertarians around the Dove. I am one of those who doesn't fancy the idea of staring down the point of a chemical warhead before I decide to act. (Even if such warheads turn out to be a chimera today, they won't likely be tomorrow.) In the nuclear age, when the degree of certainty that you will be attacked is at fifty percent, you are as good as done for in terms of your ability to protect yourself. Thus, preventive action in a world of uncertainty is, unfortunately, the only reasonable course. In the meantime, it behooves us to try to make our enemies more like us and then allow globalization to proceed apace. For the more like us they are, the more likely they are to enter into the tenuous human covenants that are our only means of having peace. The author is a TCS contributor. He is Program Director, Institute for Humane Studies. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Sep 10 04:58:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 10 Sep 2004 07:58:50 -0400 Subject: Intego ChatBarrier X3 10.3.2 Message-ID: VersionTracker Intego ChatBarrier X3 encryption for iChat instant messaging E-mail a Friend about Intego ChatBarrier X3 Download Now ( File Size: 5.0M ) All Time: Overall Rating:? (2.2) This Version: Overall Rating: Not rated (0.0) Ease of Use: Not rated (0.0) Support: Not rated (0.0) Features: Not rated (0.0) Quality / Stability: Not rated (0.0) Price: Not rated (0.0) Company: Intego Developer Page: Product Info Current Version: 10.3.2 Release Date: 2004-09-09 License: Update Downloads (this version) 85 Downloads (all versions) 671 Price: $39.95 View Screenshots Select Intego ChatBarrier X3 Version: What's this Product Description: Intego ChatBarrier works in conjunction with Apple's iChat instant messaging software to provide two-way, real-time encryption of text chats. Intego ChatBarrier is easy to use, transparent, and inviolable, using military-grade 512-bit encryption that no one can break. When Intego ChatBarrier is installed, a simple click of a button turns on its functions, and any text you send during a chat using iChat is encrypted. Only a user who also has Intego ChatBarrier installed, and to whom you send a message, will be able to decrypt it. Neither the sender nor the receiver has to do anything other than activate Intego ChatBarrier for encryption and decryption to occur. What's new in this version: Bug fixes. Product Requirements: Mac OS X 10.2.3 or later Screen Shots: See More: View Slideshow (new window) Download Links: Download Intego ChatBarrier X3 Now (File Size: 5.0M) Latest Feedback:View All (8) | Finally tombovo ?? Version: 10.3.1, 7/11/2004 06:18PM PST This is a long needed product. Installation was easy, and using it seems a little too easy. I would like to see more information on the encryption type and how it works, its priced a little high for a one-trick-pony, and its pretty simplistic in how you use this, so i have to reduce its rating one star. I do like its integration with NetUpdate so i can update NetBarrier along with this product. More Info Post a comment | alert admin | Vendor without a clue LEoOfBORG ?? Version: 1.0, 7/6/2004 06:18PM PST I installed this, and while I didn't have anyone to try this out with, here are some observations. 1 Why does this hack need -2- Preference Panes? Prefpane #1 (The on-off switch) is simply that. This should not be in PrefPanes, but in iChat itself. 2 The 'Net Update' Pref Pane does more of a service for Intego than the user. There are -2- checkboxes for 'Opt-in Spam' from Intego. And -why- do they need an email address -and- password for the updater? All in all, this comes across as some marketing flunkys idea of what's good for Windows is good for MacOSX. It's obvious that Intego doesn't know how to integrate with MacOSX. So, to recap; 1/ Put Settings and functionality for the app you are enhancing IN THE APP ITSELF -- NOT IN THE OS. If you need a primer on how to do this, look at the FREE sofware PithHelmet with its Safari integration. 2/ If you expect to receive $40 for your hack, don't add insult to injury by bloating our systems with extra flotsam like 'Opt-in Spam' in the Net Update. That is just plain insulting. Shareware authors have version checking down to one menu item. Why do you need such a convoluted updater, Intego? To top off what others have been saying about how Apple may just have this functionality in the next version of iChat anyway (it's SSL, and Windows folks already have it), Bitwise and Fire have encryption capabilities for FREE. Also, if you really NEED crypto, PGP also has an Encryption service built into the service menu. You can encrypt text to your chat partner's public key and -know- that its meant only for them (and is not just some SSL stream). Concieveable you could mix 'chatty' cleartext with PGP's 2048-bit encryption, which blows Intego's away. In short, if you're willing to do some homework, there are alternatives out there that smoke this hack. Don't fall for this Windows vendor's price taking, learn about Crypto. At the very least, pick up PGP Freeware. Or personal desktop, which costs the same, is applicable to a number of applications, and DOES NOT EXPIRE after one year (I read Intego's license). That being said, at least it comes with a de-installer. More Info Comments: 2 | alert admin | 2 of 3 users found this helpful ChatBarrier V3 Helpinghand ?? Version: 1.0, 6/27/2004 06:01PM PST I have used it and it works as they say as far as I can tell. Price could be better but over all its not a bad product, I also use their netbarrier and it works great. Its a nice product for saying things you don't want carnivor to see but its not a must for everyone. More Info Post a comment | alert admin | View All(8) | -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Sep 10 05:23:06 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 10 Sep 2004 08:23:06 -0400 Subject: Perplexing proof Message-ID: Perplexing proof E-commerce is only one mathematical breakthrough away from disaster Robert Valpuesta, IT Week 09 Sep 2004 The fact that even experts often do not fully understand how IT systems work was underlined by recent reports that the Riemann hypothesis, established in 1859, may finally have been proved. It seems the hypothesis would explain the apparently random pattern of prime numbers that form the basis for much internet cryptography, used for e-commerce and online banking to guard accounts and credit card details. Louis de Branges, a renowned mathematician at Purdue University in the US, has claimed he can prove the hypothesis. But the maths is so complicated that no one has yet been able to say whether his solution is right. "[The suggested proof] is rather incomprehensible," professor Marcus du Sautoy of Oxford University told The Guardian, adding that if correct it could lead to the creation of a "prime spectrometer" that would bring "the whole of e-commerce to its knees overnight". Unfortunately, most managers have no way of telling whether the proof is right or its implications are indeed as stated. This could be an embarrassment if they are asked to assess risks for corporate governance reports, since they clearly now have a duty to own up and admit that business could be threatened by a theoretical prime spectrometer. Alternatively they might accept that security is a matter of faith, declare that nothing can truly be "known", and add that the way of Zen shows that security is probably an illusion anyway. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From kelsey.j at ix.netcom.com Fri Sep 10 05:51:54 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 10 Sep 2004 08:51:54 -0400 (GMT-04:00) Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city Message-ID: <5996272.1094820715059.JavaMail.root@kermit.psp.pas.earthlink.net> >From: "R. A. Hettinga" >Sent: Sep 9, 2004 9:50 PM >To: cypherpunks at al-qaeda.net >Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city ... > Some people are concerned about "Big Brother" invading their privacy but >Mayor Daley says the cameras will be located in public areas. Fortunately, all this is happening in a town noted for its trustworthy and honest government, and under a mayor with no tendency to use any excuse he can find to grab power, tear up airports he doesn't like in the middle of the night, etc. ... >R. A. Hettinga --John Kelsey From touch at ISI.EDU Fri Sep 10 09:03:50 2004 From: touch at ISI.EDU (Joe Touch) Date: Fri, 10 Sep 2004 09:03:50 -0700 Subject: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd Message-ID: Clarifications below... Eugen Leitl wrote: >----- Forwarded message from "\"Hal Finney\"" ----- > >From: hal at finney.org ("Hal Finney") >Date: Thu, 9 Sep 2004 12:57:29 -0700 (PDT) >To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net, > rah at shipwright.com >Subject: Re: potential new IETF WG on anonymous IPSec > > >>The IETF has been discussing setting up a working group >>for anonymous IPSec. They will have a BOF at the next IETF >>in DC in November. They're also setting up a mailing list you >>might be interested in if you haven't heard about it already. >>... >> http://www.postel.org/anonsec > > >To clarify, this is not really "anonymous" in the usual sense. It does not authenticate the endpoint's identification, other than "same place I had been talking to." There's no difference between having no "name" and having a name you cannot trust. I.e., I could travel under the name "anonymous" or "", or under the name "A. Smith". If you don't know whether I am actually A. Smith, the latter is identical to the former. >Rather it >is a proposal to an extension to IPsec to allow for unauthenticated >connections. Correction: it is a proposal to extend Internet security - including Ipsec, but also including TCP-MD5 (sometimes called "BGP MD5") and other security mechanisms at various layers. It is not focused only on IPsec. >Presently IPsec relies on either pre-shared secrets or a >trusted third party CA to authenticate the connection. The new proposal >would let connections go forward using a straight Diffie-Hellman type >exchange without authentication. This is one option, but not the only one. >It also proposes less authentication >of IP message packets, covering smaller subsets, as an option. There are two aspects: - smaller portion of the packet is hashed - none of the packet is hashed, but a cookie is used >The point has nothing to do with anonymity; The last one, agreed. But the primary assumption is that we can avoid a lot of infrastructure and impediment to deployment by treating an ongoing conversation as a reason to trust an endpoint, rather than a third-party identification. Although anonymous access is not the primary goal, it is a feature of the solution. >rather it is an attempt >to secure against weaknesses in TCP which have begun to be exploited. Please review the draft; there are a number of reasons this is being considered, not the least of which is to reduce the cumbersome requirement of key infrastructure as well as to avoid performance penalties. >Sequence number guessing attacks are more successful today because of >increasing bandwidth, and there have been several instances where they >have caused disruption on the net. While workarounds are in place, a >better solution is desirable. Please be more specific; how would it be better? >This new effort is Joe Touch's proposal to weaken IPsec so that it uses >less resources and is easier to deploy. He calls the weaker version >AnonSec. But it is not anonymous, all the parties know the addresses >of their counterparts. Address != identity. Agreed, if what you want to do is hide traffic, this does not provide traffic confidentiality. But it does not tell you whether the packets come from 128.9.x.x (ISI, e.g.) or from someone spoofing 128.9.x.x; all you know is that whoever is using that address is capable of having an ongoing conversation (TCP connection, e.g.) with you. I.e., there are two ways to be anonymous, as noted earlier: 1) don't give out your name (A. Smith, e.g.) 2) give out a name, but it doesn't necessarily mean anything (e.g., Mickey Mouse) Even if you use "real" names in (2), there's no difference with (1), since you don't know whether the real Mickey Mouse is using it. >Rather, it allows for a degree of security on >connections between communicators who don't share any secrets or CAs. >I don't think "anonymous" is the right word for this, and I hope the >IETF comes up with a better one as they go forward. > >Hal Finney > >--------------------------------------------------------------------- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com > >----- End forwarded message ----- > > >------------------------------------------------------------------------ > >_______________________________________________ _______________________________________________ ---------- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Fri Sep 10 07:14:07 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 10 Sep 2004 10:14:07 -0400 Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city Message-ID: >cameras will be linked -- and authorities will be alerted to crimes and >terrorist acts. Whew. I feel better already. If only we had had cameras rolling on 9/11/2001, none of that would have ever happened. -TD _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From Victor.Duchovni at MorganStanley.com Fri Sep 10 08:40:08 2004 From: Victor.Duchovni at MorganStanley.com (Victor Duchovni) Date: Fri, 10 Sep 2004 11:40:08 -0400 Subject: Perplexing proof Message-ID: On Fri, Sep 10, 2004 at 08:23:06AM -0400, R. A. Hettinga wrote: > "[The suggested proof] is rather incomprehensible," professor Marcus du > Sautoy of Oxford University told The Guardian, adding that if correct it > could lead to the creation of a "prime spectrometer" that would bring "the > whole of e-commerce to its knees overnight". http://www.maths.ox.ac.uk/~dusautoy/flash/1hard/listpub.htm So at least now we have a named source, even one who works on generalized zeta functions. The out of the blue "prime spectrometer" claim is still rather puzzling... Does anyone know why Du Sautoy is making this claim (if it is indeed reported correctly). -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Fri Sep 10 09:02:12 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 10 Sep 2004 12:02:12 -0400 Subject: Flying with Libertarian Hawks Message-ID: Damn right. 'Conservative' means agreeing with the most vocal proponents of the current right wing apparatchiks. It seems to have little or no relationship to fiscally conservative ideas. "Left wing" now refers to anyone who disagrees with the 'Conservatives', even if said left wing policies are practically identical to those of the 'right'. -TD >From: "Major Variola (ret)" >To: cypherpunks at al-qaeda.net >Subject: Re: Flying with Libertarian Hawks >Date: Fri, 10 Sep 2004 05:53:06 -0700 > >At 07:53 AM 9/10/04 -0400, R. A. Hettinga wrote: > > > > > >Is it possible for one to be libertarian about policies at home and > >neo-conservative about policies abroad? After all, isn't the principle >of > >non-coercion incompatible with the interventionist policies of the >current > >Administration? Simply put: is there such an animal as a libertarian >hawk > >and if he exists, why do we so seldom hear from him? > >On the contrary, the Ayn Rand institute has been taken over by >vocal Zionists. They would never bomb Dimona but if a non-israeli >semite even thinks about uranium, its missiles away. > >Or if the South Koreans do a bit of clandestine enrichment, no big deal, > >they're "our" *friends*. > > >----- >"Stop shedding our blood to save your own and the solution to this >simple > but complex equation is in your hands. You know matters will escalate >the more you >delay and then do not blame us but blame yourselves. Rational people do >not risk their >security, money and sons to appease the White House liar." UBL > >The only language the American people understand is >dead Americans. -EC _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From zooko at zooko.com Fri Sep 10 08:55:04 2004 From: zooko at zooko.com (Zooko O'Whielcronx) Date: 10 Sep 2004 12:55:04 -0300 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <20040909195729.4798957E2B@finney.org> References: <20040909195729.4798957E2B@finney.org> Message-ID: On 2004, Sep 09, , at 16:57, Hal Finney wrote: > To clarify, this is not really "anonymous" in the usual sense. Rather > it > is a proposal to an extension to IPsec to allow for unauthenticated > connections. Presently IPsec relies on either pre-shared secrets or a > trusted third party CA to authenticate the connection. The new > proposal > would let connections go forward using a straight Diffie-Hellman type > exchange without authentication. ... > I don't think "anonymous" is the right word for this, and I hope the > IETF comes up with a better one as they go forward. I believe that in the context of e-mail [1, 2, 3, 4] and FreeSWAN this is called "opportunistic encryption". Regards, Zooko [1] http://www.templetons.com/brad/crypt.html [2] http://bitconjurer.org/envelope.html [3] http://pps.sourceforge.net/ [4] http://www.advogato.org/article/391.html From rah at shipwright.com Fri Sep 10 10:47:02 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 10 Sep 2004 13:47:02 -0400 Subject: P2P company sues RIAA over patent Message-ID: CNET News P2P company sues RIAA over patent By John Borland Staff Writer, CNET News.com http://news.com.com/2100-1027-5357332.html Story last modified September 8, 2004, 5:45 PM PDT Altnet, a company that sells music and other digital goods through file-swapping services, sued the Recording Industry Association of America on Wednesday for alleged patent infringement. The company, a subsidiary of Brilliant Digital Entertainment, contends that the RIAA has been infringing on one of its patents in the course of copyright enforcement efforts inside peer-to-peer networks. Overpeer, a copyright company owned by Loudeye, and MediaDefender, also are named in the lawsuit. "We've exhausted every means of trying to work with these defendants and those they represent to patiently encourage and positively develop the P2P distribution channel," said Altnet Chief Executive Officer Kevin Bermeister in a statement. "We cannot stand by and allow them to erode our business opportunity by the wholesale infringement of our rights." The patent infringement suit comes as one of the sideshows in an ongoing legal battle over peer-to-peer networks that has led to piracy charges against technology companies and antitrust claims against record companies, and that now appears to be headed ultimately to Congress for resolution. Altnet and Brilliant Digital Entertainment are joint venture partners with Sharman Networks, the Australian company that owns the Kazaa software. The company has been trying for several years to persuade record labels and music studios to allow Altnet to sell authorized versions of their products through the Kazaa file-swapping network. The big entertainment companies have unanimously said no, however. They've lost recent court battles that aimed to put companies like Sharman out of business, but are now seeking legislation that would revive their claims against file-swapping ventures. Altnet has also been seeking other funding sources and ways to strike back at the record labels' efforts to undermine peer-to-peer networks. In the summer of 2003, it announced that it had purchased patent rights to the process of identifying files on a peer-to-peer network using a "hash," or digital fingerprint based on the contents of the file. Initially, Bermeister indicated the company would approach other file-swapping companies to sign them up for licenses. That proved controversial, but Altnet did send cease-and-desist letters last November to nine companies engaged in businesses related to peer-to-peer networks. Some of these, such as data collection company Big Champagne, said they weren't using any technology that would infringe on the Altnet patent. An attorney for Altnet said the disputes with most of the nine had been resolved. Altnet's lawsuit says that antipiracy companies Overpeer and MediaDefender are still on the hook, however. Overpeer is a "spoofing" company that posts millions of false or corrupted files on networks such as Kazaa, trying to make real files harder to find. Media Defender uses "interdiction" techniques, which essentially clog networks with requests that block real download efforts. Both of these services use unauthorized versions of Kazaa and the underlying FastTrack peer-to-peer technology, and so are using Altnet's patent without permission, the company contends. In its complaint, Altnet said that RIAA executives had been notified several times in 2003 about the patent, but that the trade group has continued to support Overpeer and to conduct its own enforcement efforts on the Kazaa network without permission. Overpeer said it did not believe it had infringed on Altnet's patents. "We vigorously deny these claims and find them to be completely baseless and without merit," said Marc Morgenstern, who heads Loudeye's Overpeer division, in a statement. Representatives from the RIAA could not immediately be reached for comment. Altnet and Brilliant Digital Entertainment have been skating on thin financial ice in recent years. In its last quarterly report to federal regulators, Brilliant said it had just $509,000 in cash on hand. An attorney representing Altnet said that financial considerations would not impede the company's attempt to enforce the patent, however. The lawsuit was filed in a Los Angeles federal court. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Sep 10 10:51:35 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 10 Sep 2004 13:51:35 -0400 Subject: Man jailed for sending email threats Message-ID: Print this article | Close this window Man jailed for sending email threats Stuttgart, Germany September 9, 2004 - 10:10AM A German doctor's assistant has been jailed for 312 years for trying to extort money from banks, hotels and airports with email threats sent from internet cafes in Thailand. The court in this southern city ruled that the 44-year-old had sent dozens of emails threatening to kill people or blow up buildings if he was not paid because he needed money for a flight home from Asia. The man also said he was facing a heavy fine because he had overstayed his visa for Thailand after falling in love with a Thai woman, but that his girlfriend had left him when he ran out of money. Under the aliases Jonathan Drake and Vincent Baxter, he sent out 39 emails to German and Austrian institutions demanding between $5000 and $10,000 from the recipients and threatening to kill someone close to them if they failed to pay. He told airport authorities in the messages that he would detonate hidden bombs if he did not receive between $50,000 and $100,000. At Vienna's Schwechat airport, a security team was forced to hold a crisis meeting over the threats while security officials at Tegel airport in Berlin dispatched sniffer dogs to hunt for explosives. Most of the institutions targeted, however, ignored the threats on the advice of the police. Authorities were able to trace the emails back to Thailand and arrested the suspect when he flew back to Germany. The defendant, who had already run into trouble with the law in 1992 for threatening a German pop singer, told the court that he had found the email addresses for "the crazy idea of blackmail" on the internet. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Sep 10 11:11:56 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 10 Sep 2004 14:11:56 -0400 Subject: Perplexing proof Message-ID: --- begin forwarded text From eugen at leitl.org Fri Sep 10 09:20:28 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 10 Sep 2004 18:20:28 +0200 Subject: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd Message-ID: from hal at finney.org) (fwd from touch at ISI.EDU) User-Agent: Mutt/1.4i Sender: owner-cryptography at metzdowd.com From justin-cypherpunks at soze.net Fri Sep 10 11:38:07 2004 From: justin-cypherpunks at soze.net (Justin) Date: Fri, 10 Sep 2004 18:38:07 +0000 Subject: Flying with Libertarian Hawks In-Reply-To: References: Message-ID: <20040910183807.GA19540@arion.soze.net> On 2004-09-10T12:02:12-0400, Tyler Durden wrote: > > Damn right. 'Conservative' means agreeing with the most vocal proponents of > the current right wing apparatchiks. It seems to have little or no > relationship to fiscally conservative ideas. Aren't the most vocal proponents of right-wing policies the Republican apparatchiks themselves? I think "the most vocal proponents of" is redundant. > "Left wing" now refers to anyone who disagrees with the > 'Conservatives', even if said left wing policies are practically > identical to those of the 'right'. The notion of right-wing and left-wing as an axis/dimension is garbage. I think anyone who votes Republican is right-wing and anyone who votes Democrat is left-wing. There is no remotely accurate one-dimensional political scale, and left-wing or right-wing voting doesn't imply anything about a person's views on the two-dimensional (personal vs economic liberty) scale that seems to be "in" these days. From rah at shipwright.com Fri Sep 10 15:59:29 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 10 Sep 2004 18:59:29 -0400 Subject: Call for 'hackers' to try to access voting machines draws stern warning Message-ID: The Virgin Islands Daily News - A Pulitzer Prize Winning Newspaper Call for 'hackers' to try to access voting machines draws stern warning By AESHA DUVAL Thursday, September 9th 2004 ST. CROIX - Law enforcement officials and the V.I. Board of Elections issued warnings Wednesday saying anyone who tampers with voting machines will face criminal prosecution. The warning came after Elections officials received a faxed document last week stating that a $10,000 cash award would be offered to anyone who can successfully "hack" into electronic voting machines to prove whether vote tallies can be changed. The flier lists on top in large bold letters, "Cash Payout" and further reads, "The first person to change vote tallies undetectably can claim $10,000!" Hope Gibson, a St. Croix resident and former senatorial candidate, said she sent the document to Elections offices and the media and insists she is not asking that anyone break the law. Gibson states in the document that she is calling the Joint Board of Elections to allow challengers the opportunity to access the voting machines and prove that the machines can or cannot be programmed to give false results. She said similar challenges are being offered on the mainland and that the accuracy of the same machines used in the territory - the 1242 ELECTronic voting machine which is manufactured by the Danaher Corp. - have come into question. Gibson said the $10,000 is being offered by Michael Shamos, a Carnegie Mellon University computer scientist. "I didn't do anything illegal," Gibson said Wednesday. U.S. Attorney's Office spokesman Azekah Jennings disagrees, saying the document can be misinterpreted as an open invitation for anyone to illegally tamper with voting machines and that by changing voting results, a cash award can be claimed. "It is unlawful for anyone to engage in any kind of voter fraud," Jennings said. "There are substantial criminal penalties for such violations. If such actions are taken, those individuals run the risk of being exposed to criminal prosecution." Jennings said tampering with voting machines is a federal offense and violators could face substantial fines and possibly imprisonment depending on the violation. He declined to say if criminal action would be taken. Elections board member Alicia Wells and other members were shocked and appalled by Gibson's challenge. "We want to make it clear that any tampering with voting machines will not be tolerated," Wells said. Gibson said although Supervisor of Elections John Abramson Jr. has said fail-safes are built into the machines to ensure accuracy, she believes the machines are unreliable and vulnerable. She said a paper ballot system is the only means for a voter to physically verify their vote before they cast it. "The point that is being made here is the only people who really know if your vote counts are the voting machine vendor, the local programmer and the potential hacker - not the voter," Gibson said. Abramson said Wednesday he forwarded the document to the FBI, U.S. Attorney's Office and V.I. Attorney General Iver Stridiron. "We are leaving this in the hands of law enforcement," Abramson said. [CLOSE WINDOW] -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Fri Sep 10 22:54:09 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 10 Sep 2004 22:54:09 -0700 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <20040909195729.4798957E2B@finney.org> References: <20040909195729.4798957E2B@finney.org> Message-ID: <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> At 12:57 PM 9/9/2004, Hal Finney wrote: > > http://www.postel.org/anonsec > >To clarify, this is not really "anonymous" in the usual sense. Rather it >is a proposal to an extension to IPsec to allow for unauthenticated >connections. Presently IPsec relies on either pre-shared secrets or a >trusted third party CA to authenticate the connection. The new proposal >would let connections go forward using a straight Diffie-Hellman type >exchange without authentication. It also proposes less authentication >of IP message packets, covering smaller subsets, as an option. I read the draft, and I don't see how it offers any improvement over draft-ietf-ipsec-internet-key-00.txt or Gilmore's proposal touse "open secret" as a not-very-secret pre-shared secret that anybody who wants to can accept. It does introduce some lower-horsepower alternatives for authenticating less than the entire packet, and suggests using AH which I thought was getting rather deprecated these days, but another way to reduce horsepower needs is to use AES instead of 3DES. Also, the author's document discusses protecting BGP to prevent some of the recent denial-of-service attacks, and asks for confirmation about the assertion in a message on the IPSEC mailing list suggesting "E.g., it is not feasible for BGP routers to be configured with the appropriate certificate authorities of hundreds of thousands of peers". Routers typically use BGP to peer with a small number of partners, though some big ISP gateway routers might peer with a few hundred. (A typical enterprise router would have 2-3 peers if it does BGP.) If a router wants to learn full internet routes from its peers, it might learn 1-200,000, but that's not the number of direct connections that it has - it's information it learns using those connections. And the peers don't have to be configured "rapidly without external assistance" - you typically set up the peering link when you're setting up the connection between an ISP and a customer or a pair of ISPs, and if you want to use a CA mechanism to certify X.509 certs, you can set up that information at the same time. ---- Bill Stewart bill.stewart at pobox.com From touch at ISI.EDU Sat Sep 11 00:00:08 2004 From: touch at ISI.EDU (Joe Touch) Date: Sat, 11 Sep 2004 00:00:08 -0700 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> Message-ID: <4142A278.3090403@isi.edu> Bill Stewart wrote: > At 12:57 PM 9/9/2004, Hal Finney wrote: > >> > http://www.postel.org/anonsec >> >> To clarify, this is not really "anonymous" in the usual sense. Rather it >> is a proposal to an extension to IPsec to allow for unauthenticated >> connections. Presently IPsec relies on either pre-shared secrets or a >> trusted third party CA to authenticate the connection. The new proposal >> would let connections go forward using a straight Diffie-Hellman type >> exchange without authentication. It also proposes less authentication >> of IP message packets, covering smaller subsets, as an option. > > > I read the draft, and I don't see how it offers any improvement > over draft-ietf-ipsec-internet-key-00.txt or Gilmore's proposal touse > "open secret" as a not-very-secret pre-shared secret > that anybody who wants to can accept. That is part of the solution, but not all, as noted below. > It does introduce some lower-horsepower alternatives for > authenticating less than the entire packet, and suggests > using AH which I thought was getting rather deprecated these days, > but another way to reduce horsepower needs is to use AES instead of 3DES. That is corrected in draft-touch-tcp-antispoof, which contains the BGP focus of anonsec-00; anonsec-01 (to appear in about 2 weeks) focuses on just the anonsec portion of 00. > Also, the author's document discusses protecting BGP to prevent > some of the recent denial-of-service attacks, > and asks for confirmation about the assertion in a message > on the IPSEC mailing list suggesting > "E.g., it is not feasible for BGP routers to be configured with the > appropriate certificate authorities of hundreds of thousands of peers". > Routers typically use BGP to peer with a small number of partners, > though some big ISP gateway routers might peer with a few hundred. > (A typical enterprise router would have 2-3 peers if it does BGP.) > If a router wants to learn full internet routes from its peers, > it might learn 1-200,000, but that's not the number of direct connections > that it has - it's information it learns using those connections. > And the peers don't have to be configured "rapidly without external > assistance" - > you typically set up the peering link when you're setting up the > connection between an ISP and a customer or a pair of ISPs, > and if you want to use a CA mechanism to certify X.509 certs, > you can set up that information at the same time. Thanks for that input; the claim that BGP in core Internet routers required intractible setup for TCP-MD5 has been refuted by experience noted during the TCPM WG meeting in San Diego as well. This section of tcp-antispoof will be updated accordingly. Joe > ---- > Bill Stewart bill.stewart at pobox.com [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jtrjtrjtr2001 at yahoo.com Sat Sep 11 03:14:17 2004 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Sat, 11 Sep 2004 03:14:17 -0700 (PDT) Subject: Perplexing proof In-Reply-To: <4141A1AB.427926A9@cdc.gov> Message-ID: <20040911101417.38120.qmail@web21202.mail.yahoo.com> --- "Major Variola (ret)" wrote: > Can someone explain how finding regularity in the > distribution of primes > > would affect any modexp() system? Suppose that you > have a function > F(i) which gives you the i-th prime. Since the PK > systems (eg RSA, DH) > use *randomness* to pick primes, how does being able > to generate > the i-th prime help? It doesn't affect security of RSA. It only speeds up primality testing. Sarath. __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail From rah at shipwright.com Sat Sep 11 02:27:19 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 05:27:19 -0400 Subject: 14 Governors Receive Mail That's Rigged With Matches Message-ID: The New York Times September 11, 2004 14 Governors Receive Mail That's Rigged With Matches By FOX BUTTERFIELD OSTON, Sept. 10 - Envelopes containing matches that were rigged to ignite when opened have been received through the mail at the offices of at least 14 state governors in the last two days. The mailings, under investigation by the F.B.I. and the Department of Homeland Security, bear a return address that names two inmates at a maximum-security prison in Nevada. But a Nevada corrections official said it was unclear whether they were the actual senders. Aides to several governors, including Mitt Romney of Massachusetts, said they had been told by the Federal Bureau of Investigation that the case was being treated as one of domestic terrorism, and Jennifer Meith, a spokeswoman for the Massachusetts Fire Marshal's Office, said that was her understanding as well. But spokesmen for the bureau declined to comment on a current investigation, although one of them, Joe Parris, said in Washington, "Cases of this nature are generally handled by the local domestic terrorism squads'' - that is, the joint terrorism task forces set up by the F.B.I. in cities across the country. Because of the Nevada connection, the case is being handled by the bureau's office in Las Vegas, Mr. Parris said. No one has been injured, although 23 staff members in the office of Gov. Judy Martz of Montana were evacuated on Thursday after one of them opened the envelope sent there. It ignited briefly and then petered out, said Chuck Butler, a spokesman for Governor Martz. Not all the envelopes have been opened. Once warnings about them began to spread, some were kept unopened, to be turned over to investigators. The envelopes are of a plain white business type. Each of those that have been opened contained a blank piece of paper. Matches were attached in such a way that opening the envelope could cause them to ignite, aides to the governors said. Each bore a return address from the Ely State Prison in eastern Nevada. Glen Whorton, assistant director of the Nevada Corrections Department, said the two inmates at the Ely prison whose names were given in the return address had been questioned. But, Mr. Whorton said, investigators are not sure whether the inmates, whom he declined to identify, were the senders or whether their names were put on the envelopes by someone else, either inside or outside the prison. "We're not assuming the names on the envelopes are simply the end of the matter,'' he said. The governors who were sent the envelopes are Democrats and Republicans alike. In addition to Mr. Romney, of Massachusetts, and Ms. Martz, of Montana, they are George E. Pataki of New York, Rick Perry of Texas, Dirk Kempthorne of Idaho, Mike Johanns of Nebraska, Gary Locke of Washington, Olene S. Walker of Utah, Bill Owens of Colorado, Theodore R. Kulongoski of Oregon, Dave Freudenthal of Wyoming, Kenny Guinn of Nevada, Linda Lingle of Hawaii and Janet Napolitano of Arizona. One of the mailings was also sent to Jackie Crawford, the Nevada corrections director, at his Carson City office. The aide who opened the envelope was surprised but not hurt when a match ignited as she pulled out a blank sheet of paper, Mr. Whorton said. Copyrigh -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 11 02:28:30 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 05:28:30 -0400 Subject: U.S. Acts to Notify Foreigners of Tougher Rules for Visits Message-ID: The New York Times September 11, 2004 U.S. Acts to Notify Foreigners of Tougher Rules for Visits By RACHEL L. SWARNS ASHINGTON, Sept. 10 - Only three weeks before sweeping policy shifts begin affecting foreign visitors at American airports, officials say they are intensifying their efforts to inform travelers from more than 20 industrialized nations to prepare for tough new entry requirements. By the end of September, tourists from 27 nations, including Britain, Germany, Japan and Australia, will for the first time be photographed and fingerprinted on arrival. And beginning at the end of October, passengers from 22 countries, mostly in Europe, must carry machine-readable passports in order to visit without visas. Officials at the Department of Homeland Security plan to start advertising in newspapers in Britain and Australia later this month, informing travelers from those countries that airport inspectors here will start collecting digital fingerprints and photographs from them on Sept. 30. The officials, who have highlighted the new requirement in meetings with trade groups and journalists in London and Germany in recent months, also plan to attend a trade show in Hong Kong in coming weeks. On Wednesday, the State Department sent a cable to its consulates and embassies in the affected nations, encouraging consular officials to expand their efforts to inform travelers about the need to have machine-readable passports by Oct. 26. Consular officials have already been posting advisories on their Web sites and meeting with chambers of commerce, travel groups and news organizations, the department says. Tourists from Europe and other industrialized countries are not typically required to apply for visas to visit the United States, but they will have to do so if they do not have machine-readable passports by the Oct. 26 deadline. Officials at the Travel Industry Association of America, which represents the nation's largest airlines, hotels, cruise lines and car rental companies, say some people in Spain, Italy, France and Switzerland still lack such passports. Travel industry officials commend Homeland Security for its efforts but say the State Department is doing too little to inform travelers about the machine-readable policy. Rick Webster, director of government relations for the Travel Industry Association, said that without a concerted publicity campaign, some travelers might arrive at American airports without either the required passport or a visa. Starting next week, the industry group says, it will send hundreds of e-mail messages to travel associations, foreign journalists and others to advise them of the changes. Angela Aggeler, a spokeswoman for the State Department, said officials had been using various means, among them getting articles published in European newspapers, to spread word. The new policy that requires tourists from 27 industrialized nations to be fingerprinted and photographed affects travelers from 22 European countries and Brunei, Singapore, Japan, Australia and New Zealand who can currently travel to the United States for up to 90 days without a visa. Because students and other visitors from those nations who stay for more than three months are required to carry visas, they have already been subjected to these new security measures, which took effect for all visa carriers in January regardless of country of origin. The policy that requires travelers to carry machine-readable passports will now affect 22 of those 27 nations. The remaining five - Andorra, Belgium, Liechtenstein, Luxembourg and San Marino - adopted the American standard in 2003. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Sat Sep 11 07:50:19 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 11 Sep 2004 07:50:19 -0700 Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city Message-ID: <414310AB.CBA8A9AD@cdc.gov> At 12:50 PM 9/11/04 +0200, Nomen Nescio wrote: >So, since this is titled BrinCity, it surely means that the image >streams will be available from a web site and that we the people get >cameras in the emergency response center and the mayor's office? Is adultery a crime in Chicago? Given the predilication for peripheral pussy by those in power, the cameras could be used to track them. Conspiracy to commit a crime is also a crime. Who knows, Gary Condit's concubine might still be aerobic had there been enough cameras on the ingress points to various buildings. Hey, its in public view. All those homebodies with computers could help keep the public safe. They're not using crypto to keep the publicly funded, public images from public scrutiny, are they? What do they have to hide? ..Wear light colored burkhas to survive the thermal flash.. aluminized fabrics preferred From mv at cdc.gov Sat Sep 11 07:56:51 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 11 Sep 2004 07:56:51 -0700 Subject: Call for 'hackers' to try to access voting machines draws stern warning Message-ID: <41431233.3F77C559@cdc.gov> t 06:59 PM 9/10/04 -0400, R. A. Hettinga wrote: > >Call for 'hackers' to try to access voting machines draws stern warning > The warning came after Elections officials received a faxed document last >week stating that a $10,000 cash award would be offered to anyone who can >successfully "hack" into electronic voting machines to prove whether vote >tallies can be changed. Sounds like a good idea for social hacking in the States, too. The "No paper trail, no trust" coalition needs only a bit of typesetting and some glue to make the point. Art is not a crime. Political sarcasm is art. I'm surprised that flyers haven't appeared in SF yet; art is not just for the playa. Even better, give Diebold's URL on the flyer... From camera_lumina at hotmail.com Sat Sep 11 07:34:28 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 11 Sep 2004 10:34:28 -0400 Subject: A nice little dose of pop conspiracy theory... Message-ID: Actually, despite some of the fairly dubious "what about this!" points, there are some things that are a little unsettling. No way that's a Boeing 757, and it's not like they can just lose one (ie, there should have been one unaccounted for). And I was unaware of the possibility that the FBI had quickly confiscated tapes that would show the 'plane' more clearly. So for what it's worth... http://pixla.px.cz/pentagon.swf -TD _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From bjisoldi at acsu.buffalo.edu Sat Sep 11 07:56:43 2004 From: bjisoldi at acsu.buffalo.edu (Brooks Isoldi) Date: Sat, 11 Sep 2004 10:56:43 -0400 Subject: [osint] Getting a Blood Test? ChoicePoint Gets a Drop to DNA Tag You Message-ID: Getting a Blood Test? ChoicePoint Gets a Drop to DNA Tag You September 9, 2004 by Greg Palast DON'T LOOK AT THE FLASH On September 11, 2001, we Americans were the victims of a terrible attack. By September 12, we became the suspects. Not one single U.S. citizen hijacked a plane, yet President Bush and Attorney General John Ashcroft, through powers seized and codified in the USA PATRIOT Act, fingered 270 million of us for surveillance, for searches, for tracking, for watching. And who was going to play Anti-Santa, watching to see when we've been good or bad? A guy named Derek Smith. And that made September 11, 2001 Derek's lucky day. Even before the spying work could begin, there were all those pieces of people to collect - tubes marked "DM" (for "Disaster Manhattan") - from which his company, ChoicePoint Inc, would extract DNA for victim identification, work for which the firm would receive $12 million from New York City's government. Maybe Smith, like the rest of us, grieved at the murder of innocent friends and countrymen. As for the 12-million-dollar corpse identification fee, that's chump change to the $4 billion corporation Smith had founded only four years earlier in Alpharetta, Georgia. Nevertheless, for Smith's ChoicePoint Inc., Ground Zero would become a profit center lined with gold. As the towers fell, ChoicePoint's stock rose; and from Ground Zero, contracts gushed forth from War on Terror fever. Why? Because this outfit is holding no less 16 billion records on every living and dying being in the USA. They're the Little Brother with the filing system when Big Brother calls. ChoicePoint's quick route to no-bid spy contracts was not impeded by the fact that the company did something for George W. Bush that the voters would not: select him as our president. Here's how they did it. Before the 2000 election, ChoicePoint unit Database Technologies, held a $4 million no-bid contract under the control of Florida Secretary of State Katherine Harris, to identify felons who had illegally registered to vote. The ChoicePoint outfit altogether fingered 94,000 Florida residents. As it turned out, less than 3,000 had a verifiable criminal record; almost everyone on the list had the right to vote. The tens of thousands of "purged" citizens had something in common besides their innocence: The list was, in the majority, made up of African Americans and Hispanics, overwhelmingly Democratic voters whose only crime was V.W.B: Voting While Black. And that little ethnic cleansing operation, conducted by Governor Jeb Bush's gang with ChoicePoint's aid, determined the race in which Harris named Bush the winner by 537 votes. To say that ChoicePoint is in the "data" business is utterly to miss their market concept: These guys are in the Fear Industry. Secret danger lurks everywhere. Al Qaeda's just the tip of the iceberg. What about the pizza delivery boy? ChoicePoint hunted through a sampling of them and announced that 25 percent had only recently come out of prison. "What pizza do you like?" asks CEO Smith. "At what price? Are you willing to take the risk?..." War fever opened up a whole new market for the Fear Industry. And now Mr. Smith wants your blood. ChoicePoint is the biggest supplier of DNA to the FBI's "CODIS" system. And, one company insider whispered to me, "Derek [Smith] told me that it is his hope to build a database of DNA samples from every person in the United States." For now, Smith keeps this scheme under wraps, fearing "resistance" from the public. Instead, Smith pushes "ChoicePoint Cares" - taking DNA samples to hunt for those missing kids on milk cartons. It's for, "the mothers of this country who are wrestling with threats" - you know, the pizza guy from Al Queda, the cult kidnappers. In other words, ChoicePoint's real product, like our President's, is panic. In Hollywood, Jack Nicholson picked up the zeitgeist: "If I were an Arab American I would insist on being profiled. This is not the time for civil rights." Maybe Jack's right: screw rights, we want safety. But wait, Jack. We're both old farts who can remember the Cuban Missile Crisis. In 1962, the Russians were going to drop The Big One on us. But we didn't have to worry, Mrs. Gordon told us, if we just got under the desk, covered our necks. And she'd warned, it will all be OK as long as we, "Don't look at the flash!" ChoicePoint's Smith admonishes that, if we,d only had his databases humming at the airports on September 11, the hijackers, who used their own names, would have been barred from boarding. However, experts inform me that Osama no longer checks in as "Mr. bin Laden," even at the cost of losing his frequent flyer miles. ChoicePoint's miles of files, the FBI's CODIS system, taking off your shoes at the airport, Code Purple days, the whole new Star-Spangled KGB'ing of America is the new "Duck and Cover." Thank you, ChoicePoint. Thank you, Mr. Ashcroft. **** Greg Palast is the author of the New York Times bestseller, "The Best Democracy Money Can Buy" and "Joker's Wild: Dubya's Trick Deck" - investigative regime change cards from Seven Stories Press. All are available here: http://www.gregpalast.com ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/TySplB/TM --------------------------------------------------------------------~-> -------------------------- Want to discuss this topic? Head on over to our discussion list, discuss-osint at yahoogroups.com. -------------------------- Brooks Isoldi, editor bisoldi at intellnet.org http://www.intellnet.org Post message: osint at yahoogroups.com Subscribe: osint-subscribe at yahoogroups.com Unsubscribe: osint-unsubscribe at yahoogroups.com *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: osint-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 11 08:15:45 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 11:15:45 -0400 Subject: Call for 'hackers' to try to access voting machines draws stern warning In-Reply-To: <41431233.3F77C559@cdc.gov> References: <41431233.3F77C559@cdc.gov> Message-ID: At 7:56 AM -0700 9/11/04, Major Variola (ret) wrote: >The "No paper trail, no trust" coalition In St. Thomas, of course, it's "No paper trail, no trus' mon". ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From nobody at dizum.com Sat Sep 11 03:50:01 2004 From: nobody at dizum.com (Nomen Nescio) Date: Sat, 11 Sep 2004 12:50:01 +0200 (CEST) Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city In-Reply-To: Message-ID: <8f8cb1c6e1911967d8029f71f35d1e04@dizum.com> -----BEGIN TYPE III ANONYMOUS MESSAGE----- Message-type: plaintext R. A. Hettinga (rah at shipwright.com) wrote on 2004-09-10: > Critics say the cameras ought not be regarded as a panacea in crime > fighting. They say the more there are, the greater the potential for abuse. So, since this is titled BrinCity, it surely means that the image streams will be available from a web site and that we the people get cameras in the emergency response center and the mayor's office? -----END TYPE III ANONYMOUS MESSAGE----- From adam at cypherspace.org Sat Sep 11 10:49:23 2004 From: adam at cypherspace.org (Adam Back) Date: Sat, 11 Sep 2004 13:49:23 -0400 Subject: anonymous IP terminology (Re: [anonsec] Re: potential new IETF WG Message-ID: on anonymous IPSec (fwd from hal at finney.org)) User-Agent: Mutt/1.4.1i Sender: owner-cryptography at metzdowd.com Joe Touch wrote: > >The point has nothing to do with anonymity; > > The last one, agreed. But the primary assumption is that we can avoid a > lot of infrastructure and impediment to deployment by treating an > ongoing conversation as a reason to trust an endpoint, rather than a > third-party identification. Although anonymous access is not the primary > goal, it is a feature of the solution. Joe: I respectfully request that you call this something other than "anonymous". It is quite confusing and misleading. Some people have spent quite a bit of time and effort in fact working on anonymous IP and anonymous/pseudonymous transports. For example at ZKS we worked on an anonymous/pseudonymous IP product (which means cryptographically hiding the souce IP address from the end-site). There are some new open source anonymous IP projects. Your proposal, which may indeed have some merit in simplifying key management, has _nothing_ to do with anonymous IP. Your overloading of the established term will dilute the correct meaning. Zooko provided the correct term and provided references: "opportunistic encryption". It sounds to have similar objectives to what John had called opportunistic encryption and tried to do with freeSWAN. Lowever level terms may be unauthenticated as Hal suggested. Or non-certified key management (as the SSH cacheing of previously before seen IP <-> key bindings and warnings when they change). > Although anonymous access is not the primary goal, it is a feature > of the solution. The access is _not_ anonymous. The originator's IP, ISP call traces, phone access records will be all over it and associated audit logs. The distinguishing feature of anonymous is that not only is your name not associated with the connection but there is no PII (personally identifiable information) associated with it or obtainable from logs kept. And to be clear also anonymous means unlinkable anonymous across multiple connections (which SSH type of authentication would not be) and linkable anonymous means some observable linkage exists between sessions which come from the same source (though no PII), and pseudonymous means same as linkable anonymous plus association to a persistent pseudonym. Again there are actually cryptographic protcols for_ having anonymous authentication: ZKPs, multi-show unlinkable credentials, and refreshable (and so unlinkable) single-show credentials. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 11 11:17:43 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 14:17:43 -0400 Subject: [osint] Getting a Blood Test? ChoicePoint Gets a Drop to DNA Tag You Message-ID: --- begin forwarded text From rah at shipwright.com Sat Sep 11 11:21:36 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 14:21:36 -0400 Subject: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org) (fwd from touch@ISI.EDU) Message-ID: --- begin forwarded text From vikingcoder at gmail.com Sat Sep 11 11:24:00 2004 From: vikingcoder at gmail.com (Viking Coder) Date: Sat, 11 Sep 2004 14:24:00 -0400 Subject: [e-gold-list] PayPal to fine users Message-ID: http://tinyurl.com/6fq7u (slashdot article link) A new policy takes effect on Sept. 24. PayPal will start fining both the seller and *the buyer* up to US$500 if pay for uses related to gambling, adult content or services, and buying or selling prescription drugs from noncertified sellers. Which is really interesting given that eBay, PayPal's parent corporation, has an entire adult category. I guess PayPal found another way to keep the black ink flowing. Viking Coder ____________ http://420000.e-gold.com --- You are currently subscribed to e-gold-list as: rah at shipwright.com To unsubscribe send a blank email to leave-e-gold-list-507998N at talk.e-gold.com Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From support at 4lancer.net Sat Sep 11 11:33:35 2004 From: support at 4lancer.net (Search4Lancer) Date: Sat, 11 Sep 2004 14:33:35 -0400 (EDT) Subject: [e-gold-list] Re: PayPal to fine users Message-ID: > Which is really interesting given that eBay, PayPal's parent corporation, > has an entire adult category. According to one slashdotter: "Actually, eBay items are the sole exception to Paypal's adult items policy. The policy was primarily aimed at porn sites who took subscription payments via paypal, rather than physical items such as adult movies, toys, etc." -- Thanks Jake Stichler Search4Lancer http://www.4lancer.net Now with no minimum payout upon request! --- You are currently subscribed to e-gold-list as: rah at shipwright.com To unsubscribe send a blank email to leave-e-gold-list-507998N at talk.e-gold.com Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 11 11:35:46 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 14:35:46 -0400 Subject: [e-gold-list] PayPal to fine users Message-ID: --- begin forwarded text From rah at shipwright.com Sat Sep 11 11:37:46 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 14:37:46 -0400 Subject: [e-gold-list] Re: PayPal to fine users Message-ID: --- begin forwarded text From support at 4lancer.net Sat Sep 11 11:41:29 2004 From: support at 4lancer.net (Search4Lancer) Date: Sat, 11 Sep 2004 14:41:29 -0400 (EDT) Subject: [e-gold-list] Re: PayPal to fine users Message-ID: Actually, scratch what I said, that eprson is wrong: Examples of Prohibited Material * Any item sold through eBay's Mature Category. http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/use/index_frame-outside&ed=mature -- Thanks Jake Stichler Search4Lancer http://www.4lancer.net Now with no minimum payout upon request! --- You are currently subscribed to e-gold-list as: rah at shipwright.com To unsubscribe send a blank email to leave-e-gold-list-507998N at talk.e-gold.com Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bear at sonic.net Sat Sep 11 14:53:59 2004 From: bear at sonic.net (bear) Date: Sat, 11 Sep 2004 14:53:59 -0700 (PDT) Subject: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org) (fwd from touch@ISI.EDU) Message-ID: On Fri, 10 Sep 2004, Eugen Leitl wrote: >From: Joe Touch >>To clarify, this is not really "anonymous" in the usual sense. > >It does not authenticate the endpoint's identification, other than "same >place I had been talking to." > That's pseudonymity, not anonymity. >There's no difference between having no "name" and having a name you >cannot trust. I.e., I could travel under the name "anonymous" or "", or >under the name "A. Smith". If you don't know whether I am actually A. >Smith, the latter is identical to the former. This is just plain not true. When operating under a pseudonym, you are making linkable acts - linkable to each other even if not necessarily linkable to your own official identity. Anonymous actions or communications are those which cannot be linked to any other no matter how hard someone tries. We can expect the public to fail to grasp the distinction, but on this list "anonymous" is a very strong claim. Anonymity is *HARD* to do, not something that results from failing to check a credential. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From adam at cypherspace.org Sat Sep 11 12:09:54 2004 From: adam at cypherspace.org (Adam Back) Date: Sat, 11 Sep 2004 15:09:54 -0400 Subject: anonymous IP terminology (Re: [anonsec] Re: potential new IETF Message-ID: WG on anonymous IPSec (fwd from hal at finney.org)) User-Agent: Mutt/1.4.1i Sender: owner-cryptography at metzdowd.com On Sat, Sep 11, 2004 at 11:38:00AM -0700, Joe Touch wrote: > >>Although anonymous access is not the primary goal, it is a feature > >>of the solution. > > > >The access is _not_ anonymous. The originator's IP, ISP call traces, > >phone access records will be all over it and associated audit logs. > > And you cannot determine whether that IP address came from the authentic > owner of that address or is spoofed. I'll try to be more careful - > you're right, in that it's not anonymous access. It IS anonymous > security, though. I think you are confusing a weak potential for a technical ambiguity of identity under attack conditions with anonymity. (The technical ambiguity would likely disappear in most practical settings). Anonymity implies positives steps to avoid linking with PII. With anonymity you want not just technical ambiguity, but genuinely pluasible deniability from an anonymity set -- preferably a large set of users who could equally plausibly have established a given connection, participated in an authentication protocol etc. We don't after all call TCP anonymous, and your system is cleary _less_ "anonymous" than TCP as there are security mechanisms involved with various keys and authentication protocols which will only reduce ambiguity. > >The distinguishing feature of anonymous is that not only is your name > >not associated with the connection but there is no PII (personally > >identifiable information) associated with it or obtainable from logs > >kept. > > If I know the IP address you used, I still know NOTHING, FWIW. This is > no more distinguishable than the port number is in identifying something > behind a NAT. Practically, knowing the IP address conveys a lot. Many ISPs have logs, some associated with DSL subscriber and phone records, for billing, bandwidth caps, abuse complaints, spam cleanup etc etc. The IP may be used for many different logged activities and some of those activites may involve directly identified authentication. People go to lengths to hide their IP precisely because it does typically convey all too much. > >And to be clear also anonymous means unlinkable anonymous across > >multiple connections (which SSH type of authentication would not be) > > That might be more specifically "per-connection anonymous", but the term > 'anonymous' is too general for that usage. However, there's still > nothing associated across connections in ANONSEC, IMO. > You cannot know whether two connections from 10.0.0.1 on two different > ports with two different cookies are from the same endpoint. The point > of ANONSEC is that you don't care. If one wants this to be true in practice it has to propogate up the stack. (Not the problem of ANONSEC, a problem for the higher level app). But even at the authentication protocol level one has to be quite careful. There are many gotchas if you really do want it to be unlinkable. (eg. pseudo random sequences occur in many settings at different protocol levels which are in fact quite linkable). I'll give you one high level example. At ZKS we had software to remail MIME mail to provide a pseudonymous email. But one gotcha is that mail clients include MIME boundary lines which are pseudo-random (purely to avoid string collision). If these random lines are generated with a non-cryptographic RNG it is quite likely that so called unlinkable mail would in fact be linkable because of this higher level protocol. (We cared about unlinkability even tho' I said pseudonymous because the user had multiple pseudonyms which were supposed to be unlinkable across). I would say if your interest in fixing such pseudo random sequeneces is not present you should not be calling this anonymous. But if it is part of your threat model, then you may in fact be using anonymous authentication and that would be interesting to me at least to participate. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 11 12:46:49 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 11 Sep 2004 15:46:49 -0400 Subject: [e-gold-list] Re: PayPal to fine users Message-ID: --- begin forwarded text From roy at rant-central.com Sat Sep 11 13:49:47 2004 From: roy at rant-central.com (Roy M. Silvernail) Date: Sat, 11 Sep 2004 16:49:47 -0400 Subject: A nice little dose of pop conspiracy theory... In-Reply-To: References: Message-ID: <1094935787.30411.4.camel@localhost> On Sat, 2004-09-11 at 10:34, Tyler Durden wrote: > Actually, despite some of the fairly dubious "what about this!" points, > there are some things that are a little unsettling. No way that's a Boeing > 757, and it's not like they can just lose one (ie, there should have been > one unaccounted for). And I was unaware of the possibility that the FBI had > quickly confiscated tapes that would show the 'plane' more clearly. > > So for what it's worth... > > > http://pixla.px.cz/pentagon.swf Interesting stuff. The plane in the Pentagon camera shots is definitely no 757. Question is, where did the flight 77 equipment (the 757 that supposedly crashed into the Pentagon) finally end up? -- Roy M. Silvernail is roy at rant-central.com, and you're not "Progress, like reality, is not optional." - R. A. Hettinga SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From bill.stewart at pobox.com Sat Sep 11 20:52:29 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 11 Sep 2004 20:52:29 -0700 Subject: BrinCity 2.0: Mayor outlines elaborate camera network for city In-Reply-To: <8f8cb1c6e1911967d8029f71f35d1e04@dizum.com> References: <8f8cb1c6e1911967d8029f71f35d1e04@dizum.com> Message-ID: <200409120546.i8C5kY0B010546@positron.jfet.org> >-----BEGIN TYPE III ANONYMOUS MESSAGE----- >So, since this is titled BrinCity, it surely means that the image >streams will be available from a web site and that we the people get >cameras in the emergency response center and the mayor's office? >-----END TYPE III ANONYMOUS MESSAGE----- No, this is from the "what happens if the public *isn't* leading the video-camera revolution" sections of Brin's books... From rah at shipwright.com Sat Sep 11 21:03:43 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 12 Sep 2004 00:03:43 -0400 Subject: anonymous IP terminology (Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org)) Message-ID: --- begin forwarded text From rah at shipwright.com Sat Sep 11 21:04:11 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 12 Sep 2004 00:04:11 -0400 Subject: anonymous IP terminology (Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org)) Message-ID: --- begin forwarded text From rah at shipwright.com Sat Sep 11 21:06:42 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 12 Sep 2004 00:06:42 -0400 Subject: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org) (fwd from touch@ISI.EDU) Message-ID: --- begin forwarded text From shaddack at ns.arachne.cz Sat Sep 11 22:50:35 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 12 Sep 2004 07:50:35 +0200 (CEST) Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040911235920.A19206@ubzr.zsa.bet> References: <20040911235920.A19206@ubzr.zsa.bet> Message-ID: <0409120722370.10973@somehost.domainz.com> On Sun, 12 Sep 2004, J.A. Terranson wrote: > "No big deal"? Who are they kidding? A 2-mile wide cloud is WAY too big to be caused by a single explosion, unless REALLY big. The forest fire claim sounds more plausible in this regard. An existing cloud could be used for masking, though. But a surface or atmospheric blast would produce a flash plowing through the entire EM spectrum; from long-wave radio to microwaves to hard gamma. That's something the satellites Up There can't miss even through a smoke cloud - at least if they are still operational or replaced by newer ones. (Remember the strong flashes of gamma bursts, originally discovered by satellites observing the nuclear test ban: .) Also a disruption of this kind would be perceivable in long range, possibly by quite many people. An underground blast, if not screwed up, wouldn't produce a cloud at all. However, both surface and underground blast would have a peculiar seismic signature. There is a network of both nonproliferation-surveillance and plain old scientific seismic stations all over the world. Something like that couldn't stay hidden for too long. Remember the day the the Kursk submarine became famous; the recording of the double signature, the explosion and shortly later following implosion, appeared online in couple days (or maybe even hours?) after the Event. It's difficult to imagine a true nuclear blast would stay unreported for more than few days. Even if it would really be a nuke test and the politicians would want to be quiet about it, there are too many subjects outside of the direct US political control to either report the measurements or the eventual pressure to not report them. According to CNN, there was also a strong blast reported in the area of a missile base. We don't know how strong the blast was, and if it couldn't be just a "conventional" explosion, caused by eg. a combination of a forest fire and an ammo depot. There is also a possibility the "senior officials with access to intelligence" were injecting media with false information. Remember there are many subjects with different agendas here and a little psyops here and there is quite common. Let's not jump on the conclusions yet. Wait 2-3 days, optionally watch the traffic in conferences of geologists taking care of the seismic activity worldwide and in the vicinity of the area of interest. It's Saturday and many people who could know the answers are away from their instruments; let's wait what they will find on their screens on Monday morning. From shaddack at ns.arachne.cz Sat Sep 11 23:03:09 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 12 Sep 2004 08:03:09 +0200 (CEST) Subject: anonymous IP terminology (Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org)) In-Reply-To: References: Message-ID: <0409120757480.10972@somehost.domainz.com> On Sun, 12 Sep 2004, R. A. Hettinga wrote: > From: Adam Back > Subject: Re: anonymous IP terminology (Re: [anonsec] Re: potential new IETF > > At ZKS we had software to remail > MIME mail to provide a pseudonymous email. But one gotcha is that > mail clients include MIME boundary lines which are pseudo-random > (purely to avoid string collision). If these random lines are > generated with a non-cryptographic RNG it is quite likely that so > called unlinkable mail would in fact be linkable because of this > higher level protocol. Wouldn't it be relatively easy to regenerate the MIME boundary strings on the level of the remailer, and filter the content of the headers? Various mail clients have various peculiarities, "fingerprints". Shouldn't the remailer be able to break the message down to individual data objects (subject, message text, attachments...) and then reassemble them back, in a sanitized way? From rah at shipwright.com Sun Sep 12 05:33:20 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 12 Sep 2004 08:33:20 -0400 Subject: [irtheory] An Interview with Jacques Derrida Message-ID: For your Sunday morning's entertainment, boys and girls, I present the latest post-modernist circle-jerk. Put down your coffee, or you'll mess up your keyboard. Cheers, RAH Who remembers the "citizen's courts" that Mr. Bell was so fond of... ------- --- begin forwarded text Thread-Topic: [irtheory] The World's Most Dangerous Ideas Thread-Index: AcSYdTPYwk995UZvTomvwcUpUJH1EgAGokIH To: From: "Aaron Chen Angus" Mailing-List: list irtheory at yahoogroups.com; contact irtheory-owner at yahoogroups.com Delivered-To: mailing list irtheory at yahoogroups.com Date: Sun, 12 Sep 2004 14:14:48 +0800 Subject: [irtheory] An Interview with Jacques Derrida Reply-To: irtheory at yahoogroups.com For A Justice To Come An Interview with Jacques Derrida Lieven De Cauter The BRussells Tribunal is a commission of inquiry into the "New Imperial Order", and more particularly into the "Project for A New American Century" (PNAC), the neo-conservative think tank that has inspired the Bush government's war logic. The co-signatories of the PNAC "mission statement" include Dick Cheney, Donald Rumsfeld and Paul Wolfowitz. The programme of this Think tank is to promote planetary hegemony on the basis of a supertechnological army, to prevent the emergence of a rival super-power and to take pre-emptive action against all those who threaten American interests. The BRussells Tribunal will be held in Brussels from April 14 through 17. One of the greatest living philosophers, Jacques Derrida, who suffers from cancer and is unable to attend the tribunal, has invited the project's initiator, Lieven De Cauter, to his house for an interview. _____ Lieven De Cauter: While thanking you for your generosity-why have you decided to grant us this interview on our initiative, the "BRussells Tribunal"? Jacques Derrida: First of all I wanted to salute your initiative in its principle: to resuscitate the tradition of a Russell Tribunal is symbolically an important and necessary thing to do today. I believe that, in its principle, it is a good thing for the world, even if only in that it feeds the geopolitical reflection of all citizens of the world. I am even more convinced of this necessity in light of the fact that, for a number of years now, we have witnessed an increased interest in the working, in the constitution of international institutions, institutions of international law which, beyond the sovereignty of States, judge heads of State, generals. Not yet States as such, precisely, but persons responsible for, or suspected of being responsible for, war crimes, crimes against humanity-one could mention the case of Pinochet, despite its ambiguity, or of Milosevic. At any rate, heads of State have to appear as such before an International Criminal Court, for instance, which has a recognised status in international law, despite all the difficulties you know: the American, French, Israeli reservations. Nonetheless this tribunal exists, and even if it is still faltering, weak and problematic in the execution of its sanctions, it exists as a recognised phenomenon of international law. Your project, if I understand it correctly, is not of the same type, even if it is inspired by the same spirit. It does not have a juridical or judicial status recognised by any State, and it consequently remains a private initiative. Citizens of different countries have agreed among each other to conduct, as honestly as possible, an inquiry into a policy, into a political project and its execution. The point is not to reach a verdict resulting in sanctions but to raise or to sharpen the vigilance of the citizens of the world, in the first place that of the responsible parties you propose to judge. That can have a symbolic weight in which I believe, an exemplary symbolic weight. That is why, even though I do not feel involved in the actual experience you intend to set up, I think it is very important to underscore that the case you are about to examine-which is evidently a massive and extremely serious case-is only one case among many. In the logic of your project, other policies, other political or military staff, other countries, other statesmen can also be brought to be judged in the same manner, or to be associated with this case. Personally, I have a critical attitude towards the Bush administration and its project, its attack on Iraq, and the conditions in which this has come about in a unilateral fashion, in spite of official protestations from European countries including France, in violation of the rules of the United Nations and the Security Council... But notwithstanding this criticism - which I have expressed in public, by the way - I would not wish for the United States in general to have to appear before such a tribunal. I would want to distinguish a number of forces within the United States that have opposed the policy on Iraq as firmly as in Europe. This policy does not involve the American people in general, nor even the American State, but a phase in American politics which, for that matter, is about to be questioned again in the run-up to the presidential elections. Perhaps there will be a change, at least partially, in the United States itself, so I would encourage you to be prudent as regards the target of the accusation. LDC: That is why we have directed our attention not to the government in general but more particularly to the Project for the New American Century, the think tank which has issued all these extreme ideas of unilateralism, hegemony, militarisation of the world, ... JD: Where there is an explicit political project which declares its hegemonic intent and proposes to put everything into place to accomplish this, there one can, in effect, level accusations, protest in the name of international law and existing institutions, in their spirit and in their letter. I am thinking as much of the United Nations as of the Security Council, which are respectable institutions, but whose structure, charter, procedures need to be reformed, especially the Security Council. The crisis that has been unfolding confirms this: these international institutions really need to be reformed. And here I would naturally plead for a radical transformation - I don't know whether this will come about in the short run - which would call into question even the Charter, that is to say the respect for the sovereignties of the nation-states and the non-divisibility of sovereignties. There is a contradiction between the respect for human rights in general, also part of the Charter, and the respect for the sovereignty of the nation-state. The States are in effect represented as States in the United Nations and a fortiori in the Security Council, which gathers together the victors of the last war. All this calls for a profound transformation. I would insist that it should be a transformation and not a destruction, for I believe in the spirit of the United Nations. LDC: So you still remain within the vision of Kant JD: At least in the spirit of Kant, for I also have some questions concerning the Kantian concept of cosmopolitanism.1 It is in this perspective that I believe initiatives such as yours (or analogous initiatives) are symbolically very important to raise consciousness about these necessary transformations. This will have - at least that is what I hope - the symbolic value of a call to reflection we are in need of, and which the States are not taking care of, which not even institutions like the International Criminal Court are taking care of. LDC: If I may allow myself one specification: we are part of a whole network called "World Tribunal on Iraq". There will be sessions in Hiroshima, Tokyo, Mexico, New York, London, and Istambul. In London, and there the link between the International Criminal Court and the moral tribunal is very strong, those in charge of the Tribunal on Iraq have, together with specialists, assembled a dossier to investigate whether Blair (who has recognised the International Criminal Court) has broken international law. By all evidence, there is a considerable consensus among specialists to say that this war is a transgression, it is an "aggressive war" in the technical sense of the term as used in the charter of the UN, since there was no imminent threat to the territory of the countries involved. The upshot of this inquiry is that they have submitted a dossier to the International Criminal Court in The Hague. Similarly in Copenhagen, since Denmark is part of the coalition. So it's possibile that our moral initiative may be transformed, in some of its components, into a juridical procedure strictly speaking. JD: That would be desirable, evidently! But the probability that this would come about seems low, for there would be too many States who would oppose your initiative becoming institutional and generally judicial, and not just the United States. Yet if this doesn't come about, that does not mean your project is destined to ineffectiveness. On the contrary. I believe in its considerable symbolic effectiveness in the public domain. The fact that it is said, published, even if it isn't followed by a judgement in the strictly judicial sense, let alone actual sanctions, can have considerable symbolical impact on the political consciousnes of the citizens, a relayed, deferred effect, but one that raises high expectations. I would hope that you would treat those you accuse justly, that yours would be an undertaking of true integrity, devoid of preliminary positioning, without preconditions, that everything would be done in serenity and justice, that the responsible parties would be accurately identified, that you would not go over the top and that you would not exclude other procedures of the same type in the future. I would not want this procedure to serve as an excuse for not conducting other procedures that are just as necessary concerning other countries, other policies, whether they be European or not. I would even wish that the exemplary character of your initiative would lead to a lasting, if not a permanent instance. I believe that it would be perceived as being more just if you didn't commit yourself to this target as if it were the only possible target, notably because, as you are aware, in this aggression against Iraq, American responsibility was naturally decisive but it didn't come about without complex complicities from many other quarters. We are dealing with a knot of nearly inextricable co-responsibilities. I would hope that this would be clearly taken into account and that it wouldn't be the accusation of one man only. Even if he is an ideologue, someone who has given the hegemony project a particularly readable form, he has not done it on his own, he cannot have imposed it on non-consenting people. So the contours of the accused, of the suspect or the suspects, are very hard to determine. LDC: Yes, that is one of the reasons why we have abandoned the strictly juridical format. One of the disadvantages of the juridical format is that you can only target persons. Whereas we want to take aim at a system, a systemic logic. We name the accused (Cheney, Wolfowitz, Rumsfeld) to show people we're not talking about phantoms, but we take aim at the PNAC as a set of performative discourses, that is to say plans to achieve something, intentions to be translated into action. Our difficulty is also one of communication: communicating to people that PNAC exists and that it is important to spread this knowledge, is already a job in itself. JD: Of course. And for that reason, it is important that matters are partly personalised and partly developed at the level of the system, of the principles, the concept, where this system, these principles, these concepts violate international laws which must be both respected and perhaps also changed. This is where you will not be able to avoid talking about sovereignty, about the crisis of sovereignty, about the necessary division or delimitation of sovereignty. Personally, when I have to take a position on this vast issue of sovereignty, of what I call its necessary deconstruction, I am very cautious. I believe it is necessary, by way of a philosophical, historical analysis, to deconstruct the political theology of sovereignty. It's an enormous philosophical task, requiring the re-reading of everything, from Kant to Bodin, from Hobbes to Schmitt. But at the same time you shouldn't think that you must fight for the dissolution pure and simple of all sovereignty: that is neither realistic nor desirable. There are effects of sovereignty which in my view are still politically useful in the fight against certain forces or international concentrations of forces that sneer at sovereignty. In the present case, we have precisely the convergence of the arrogant and hegemonic assertion of a sovereign Nation-State with a gathering of global economic forces, involving all kinds of transactions and complications in which China, Russia and many countries of the Middle East are equally mixed up. This is where matters become very hard to disentangle. I believe that sometimes the reclamation of sovereignty should not necessarily be denounced or criticised, it depends on the situation. LDC: As you have clearly demonstrated in Voyous [Rogues], in deconstructing the term, there is no democracy without "cracy": a certain power, and even force, is required. JD: Absolutely. You can also talk of the sovereignty of the citizen, who votes in a sovereign fashion, so you need to be very cautious. In my view, the interesting thing about your project is in taking up or pursuing this reflection starting from an actual case which takes a specific form: military, strategic, economic, etc. It is very important to develop such reflection on a case, but this reflection requires considerable time and must accompany the entire geopolitical process in decades to come. It is not just as a Frenchman, European or citizen of the world but also as a philosopher concerned to see these questions developed that I find your attempt interesting and necessary. It will provide an opportunity for others, many others I hope, to adopt a position with regard to your efforts, to reflect, possibly to oppose you, or to join you, but this can only be beneficial for the political reflection we are in need of. LDC: I was amazed by the definition you give in The Concept of September 11: a philosopher, you say, is someone who deals with this transition towards political and international institutions to come. That is a very political definition of the philosopher. JD: What I wanted to convey is that it won't necessarily be the professional philosophers who will deal with this. The lawyer or the politician who takes charge of these questions will be the philosopher of tomorrow. Sometimes, politicians or lawyers are more able to philosophically think these questions through than professional academic philosophers, even though there are a few within the University dealing with this. At any rate, philosophy today, or the duty of philosophy, is to think this in action, by doing something. LDC: I would like to return to this notion of sovereignty. Is not the New Imperial Order which names "Rogue States" a State of exception? You speak in Voyous about the concept of the auto-immunity of democracy: democracy, at certain critical moments, believes it must suspend itself to defend democracy. This is what is happening in the United States now, both in its domestic policy and in its foreign policy. The ideology of the PNAC, and therefore of the Bush administration, is exactly that. JD: The exception is the translation, the criterion of sovereignty, as was noted by Carl Schmitt (whom I have also criticised, one must be very cautious when one talks about Carl Schmitt, I have written some chapters on Carl Schmitt in The Politics of Friendship where I take him seriously and where I criticise him and I would not want my reflection on Schmitt to be seen as an endorsement of either his theses or his history). Sovereign is he who decides on the exception. Exception and sovereignty go hand in hand here. In the same way that democracy, at times, threatens or suspends itself, so sovereignty consists in giving oneself the right to suspend the law. That is the definition of the sovereign: he makes the law, he is above the law, he can suspend the law. That is what the United States has done, on the one hand when they trespassed against their own commitments with regard to the UN and the Security Council, and on the other hand, within the country itself, by threatening American democracy to a certain extent, that is to say by introducing exceptional police and judicial procedures. I am not only thinking of the Guantanamo prisoners but also of the Patriot Act: from its introduction, the FBI has carried out inquisitorial procedures of intimidation which have been denounced by the Americans themselves, notably by lawyers, as being in breach of the Constitution and of democracy. Having said that, to be fair, we must recall that the United States is after all a democracy. Bush, who was elected with the narrowest of margins, risks losing the next elections: he is only sovereign for four years. It is a very legalistic country rich in displays of political liberty which would not be tolerated in a good many other countries. I am not only thinking of countries known to be non-democratic but also of our own Western European democracies. In the United States, when I saw those massive marches against the imminent war in Iraq, in front of the White House, right by Bush's offices, I said to myself that if in France protesters assembled in their thousands and marched in front of the Elysie in a similar situation, that would not be tolerated. To be fair, we must take into account this contradiction within American democracy - on the one hand, auto-immunity: democracy destroys itself in protecting itself; but on the other hand, we must take into account the fact that this hegemonic tendency is also a crisis of hegemony. The United States, to my mind, convulses upon its hegemony at a time when it is in crisis, precarious. There is no contradiction between the hegemonic drive and crisis. The United States realises all too well that within the next few years, both China and Russia will have begun to weigh in. The oil stories which have naturally determined the Iraq episode are linked to long-term forecasts notably concerning China: China's oil supply, control over oil in the Middle East all of this indicates that hegemony is as much under threat as it is manifest and arrogant. It is an extremely complex situation, which is why I am bound to say it should not be a matter of blanket accusations or denunciations levelled against the United States, but that we should take stock of all that is critical in American political life. There are forces in the United States that fight the Bush administration, alliances should be formed with these forces, their existence recognised. At times they express their criticism in ways much more radical than in Europe. But there is evidently - and I suppose you will discuss this in your commission of inquiry -the enormous problem of the media, of control of the media, of the media power which has accompanied this entire history in a decisive manner, from September 11 to the invasion of Iraq, an invasion which, by the way, in my opinion was already scheduled well before September 11. LDC: Yes, as a matter of fact that is one of the things that need to be proven. The PNAC, in 2000, writes: "the United States has for decades sought to play a more permanent role in Gulf regional security. While the unresolved conflict with Iraq provides the immediate justification, the need for a substantial American force presence in the Gulf transcends the issue of the regime of Saddam Hussein." They write this in September 2000: it was already decided, all the rest was just an alibi. JD: I have had this debate in public with Baudrillard, who said that the aggression against Iraq - which was then being prepared- was a direct consequence of September 11. I opposed that thesis, I said that I thought it would take place anyway, that the premises had been in place for a long time already, and that the two sequences can be dissociated, to a certain extent. The day when this history will be written, when the documents are made public, it will become clear that September 11 was preceded by highly complicated underhand negotiations, often in Europe, on the subject of petrol pipe-line passage, at a time when the petrol clan was in power. There were intrigues and threats, and it is not impossible to think that one day it will be discovered that it was really the Bush clan that was targetted rather than the country, the America of Clinton. But we shouldn't stop at petrol: there are numerous other strategic geopolitical stakes, among them the tensions with China, Europe, Russia. Alliances with the United States, variable as ever, since it has attacked those who they have supported for a very long time. Iraq was an ally of the United States as of France: all of this is part of diplomatic inconstancy, hypocritical from end to end, and not only on the part of the United States. There are many more stakes than petrol alone, especially since petrol is a matter of only a few more decades: there won't be any oil left in 50 years! We must take the petrol question into acount, but we shouldn't devote all our attention and analysis to it. There are military questions, passing through territorial questions of occupation and control. But military power is not only a territorial power, we know that now, it also passes through non-territorialised controls, techno-communicational channels etc. All of this has to be taken into account. LDC: And Israel? JD: Many have said that the American-Israeli alliance or the support the United States give to Israel is not unrelated to this intervention in Iraq. I believe this is true to some extent. But here too matters are very complicated, because even if the current Israeli government-and here I would take the same precautions as for the United States: there are Israelis in Israel who fight Sharon - has indeed congratulated itself officially and in public on the aggression against Iraq, the freedom this may have apparently given Israel in its offensive initiatives of colonisation and repression is very ambiguous. Here too we could speak of auto-immunity: it's very contradictory, because at the same time this has aggravated Palestinian terrorism, intensified or reawakened symptoms of anti-semitism across Europe It's very complicated, for if it is true that the Americans support Israel - just like the majority of European countries, with different political modulations - , the best American allies of Sharon's policy, that is to say the most offensive policy of all Israeli governments, are not only the American Jewish community but also the Christian fundamentalists. These are often the most pro-Israeli of all Americans, at times even more so than certain American Jews. I'm not sure it will turn out to have been in Israel's best interest that this form of aggression against Iraq has come about. The future will tell. Even Sharon meets with opposition in his own government nowadays, in his own majority, because he claims to withdraw from the Gaza colonies. The difficulty of a project such as yours, however just and magnificent it may be in its principle, is that it must cautiously take this complexity into account, that it must try not to be unfair to any of the parties. That is one of the reasons why I insist in confirming my solidarity in principle. Unable to participate effectively in the inquiry and in the development of the judgement because of my illness, I prefer to restrict myself for now to this agreement in principle, but I will not hesitate to applaud you afterwards, if I find you have conducted matters well! LDC: Your statements are limpid and will serve as drink for many who are thirsty (for justice, for instance). Thank you very much. By way of post-script: let us speak of messianism for a minute or so. That is to say of "the weak force", which refers to Benjamin and which you evoke in the "Prihre d'insirer", the preface to Voyous. Allow me to quote from it: "This vulnerable force, this force without power exposes to what or who is coming, and coming to affect it ( ) What affirms itself here would be a messianic act of faith-irreligious and without messianism. ( ) This site is neither soil nor foundation. It is nonetheless there that the call for a thought of the event to come will take root: of democracy to come, of reason to come. All hopes will put their trust in this call, certainly, but the call will remain, in itself, without hope. Not desperate but alien to teleology, to the expectancy and the benefit [salut] of salvation. Not alien to the salavation [salut] of the other, nor alien to the farewell or to justice, but still rebellious towards the economy of redemption." I thought this very beautiful. Almost a prayer to insert - into the everyday, into our project. What is it, this messianism without religion? JD: The weak force indeed refers to the interpretation of Benjamin, but it is not exactly mine. It is what I call "messianicity without messianism": I would say that today, one of the incarnations, one of the implementations of this messianicity, of this messianism without religion, may be found in the alter-globalisation movements. Movements that are still heterogeneous, still somewhat unformed, full of contradictions, but that gather together the weak of the earth, all those who feel themselves crushed by the economic hegemonies, by the liberal market, by sovereignism, etc. I believe it is these weak who will prove to be strongest in the end and who represent the future. Even though I am not a militant involved in these movements, I place my bet on the weak force of those alter-globalisation movements, who will have to explain themselves, to unravel their contradictions, but who march against all the hegemonic organisations of the world. Not just the United States, also the International Monetary Fund, the G8, all those organised hegemonies of the rich countries, the strong and powerful countries, of which Europe is part. It is these alter-globalisation movements that offer one of the best figures of what I would call messianicity without messianism, that is to say a messianicity that does not belong to any determined religion. The conflict with Iraq involved numerous religious elements, from all sides-from the Christian side as well as from the Muslim side. What I call messianicity without messianism is a call, a promise of an independent future for what is to come, and which comes like every messiah in the shape of peace and justice, a promise independent of religion, that is to say universal. A promise independent of the three religions when they oppose each other, since in fact it is a war between three Abrahamic religions. A promise beyond the Abrahamic religions, universal, without relation to revelations or to the history of religions. My intent here is not anti-religious, it is not a matter of waging war on the religious messianisms properly speaking, that is to say Judaic, Christian, Islamic. But it is a matter of marking a place where these messianisms are exceeded by messianicity, that is to say by that waiting without waiting, without horizon for the event to come, the democracy to come with all its contradictions. And I believe we must seek today, very cautiously, to give force and form to this messianicity, without giving in to the old concepts of politics (sovereignism, territorialised nation-state), without giving in to the Churches or to the religious powers, theologico-political or theocratic of all orders, whether they be the theocracies of the Islamic Middle East, or whether they be, disguised, the theocracies of the West. (In spite of everything, Europe, France especially, but also the United States are secular in principle in their Constiutions. I recently heard a journalist say to an American: "how do you explain that Bush always says 'God bless America', that the President swears on the Bible, etc." and the American replied: "don't lecture us on secularity for we put the separation of Church and State into our Constitution long before you did", that the State was not under the control of any religion whatsoever, which does not stop Christian domination from exerting itself, but there too it is imperative to be very cautious). Messianicity without messianism, that is: independence in respect of religion in general. A faith without religion in some sort. Transcribed by Maowenn Furic (Ris Orangis, Thursday February 19 2004) Translated by Ortwin de Graef 1 Derrida alludes to his reflection on Kant and his idea of a 'Vvlkerbund' (alliance of peoples) in Voyous [Rogues], pp. 118-25. ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/_tgrlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/irtheory/ <*> To unsubscribe from this group, send an email to: irtheory-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Sun Sep 12 00:53:07 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 12 Sep 2004 09:53:07 +0200 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <0409120722370.10973@somehost.domainz.com> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> Message-ID: <20040912075306.GU1457@leitl.org> On Sun, Sep 12, 2004 at 07:50:35AM +0200, Thomas Shaddack wrote: > On Sun, 12 Sep 2004, J.A. Terranson wrote: > > > "No big deal"? Who are they kidding? > > A 2-mile wide cloud is WAY too big to be caused by a single explosion, > unless REALLY big. The forest fire claim sounds more plausible in this To make a crater visible from LEO it better had to be big. Does Oppau ring a bell? http://www.muenster.org/uiw/fach/chemie/material/gif/oppau.jpg > regard. An existing cloud could be used for masking, though. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Sun Sep 12 06:59:24 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 12 Sep 2004 09:59:24 -0400 Subject: On the Voting Machine Makers' Tab Message-ID: The New York Times September 12, 2004 On the Voting Machine Makers' Tab As doubts have grown about the reliability of electronic voting, some of its loudest defenders have been state and local election officials. Many of those same officials have financial ties to voting machine companies. While they may sincerely think that electronic voting machines are so trustworthy that there is no need for a paper record of votes, their views have to be regarded with suspicion until their conflicts are addressed. Computer scientists, who understand the technology better than anyone else, have been outspoken about the perils of electronic voting. Good government groups, like Common Cause, are increasingly mobilizing grass-roots opposition. And state governments in a growing number of states, including California and Ohio, have pushed through much-needed laws that require electronic voting machines to produce paper records. But these groups have faced intense opposition from election officials. At a hearing this spring, officials from Georgia, California and Texas dismissed concerns about electronic voting, and argued that voter-verifiable paper trails, which voters can check to ensure their vote was correctly recorded, are impractical. The Election Center, which does election training and policy work, and whose board is dominated by state and local election officials, says the real problem is people who "scare voters and public officials with claims that the voting equipment and/or its software can be manipulated to change the outcome of elections." What election officials do not mention, however, are the close ties they have to the voting machine industry. A disturbing number end up working for voting machine companies. When Bill Jones left office as California's secretary of state in 2003, he quickly became a consultant to Sequoia Voting Systems. His assistant secretary of state took a full-time job there. Former secretaries of state from Florida and Georgia have signed on as lobbyists for Election Systems and Software and Diebold Election Systems. The list goes on. Even while in office, many election officials are happy to accept voting machine companies' largess. The Election Center takes money from Diebold and other machine companies, though it will not say how much. At the center's national conference last month, the companies underwrote meals and a dinner cruise. Forty-three percent of the budget of the National Association of Secretaries of State comes from voting machine companies and other vendors, and at its conference this summer in New Orleans, Accenture, which compiles voter registration databases for states, sponsored a dinner at the Old State Capitol in Baton Rouge. There are also reports of election officials being directly offered gifts. Last year, the Columbus Dispatch reported that a voting machine company was offering concert tickets and limousine rides while competing for a contract worth as much as $100 million, if not more. When electronic voting was first rolled out, election officials and voting machine companies generally acted with little or no public participation. But now the public is quite rightly insisting on greater transparency and more say in the decisions. If election officials want credibility in this national discussion, they must do more to demonstrate that their only loyalty is to the voter. Making Votes Count: Editorials in this series remain online at nytimes.com/makingvotescount. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rsw at jfet.org Sun Sep 12 09:05:05 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Sun, 12 Sep 2004 11:05:05 -0500 Subject: A nice little dose of pop conspiracy theory... In-Reply-To: References: Message-ID: <20040912160503.GA12846@jfet.org> Tyler Durden wrote: > http://pixla.px.cz/pentagon.swf Perhaps some of those arguments can be put to bed: http://www.prisonplanet.com/articles/august2004/110804factsstraight.htm ...not that I find either one completely convincing... -- Riad S. Wahby rsw at jfet.org From camera_lumina at hotmail.com Sun Sep 12 08:28:34 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 12 Sep 2004 11:28:34 -0400 Subject: [irtheory] An Interview with Jacques Derrida Message-ID: Yo RAH... I don't see a big problem here. Derrida seems right on the money for the most part. Even this "Tribunal" has some Cypherpunk-friendly ideas behind it: namely, it's not particularly state-oriented and its reputation-based. Sure, he may be a little soft on a bunch of stuff, but he's captured the general flavor of things. -TD >From: "R. A. Hettinga" >To: cypherpunks at al-qaeda.net >Subject: [irtheory] An Interview with Jacques Derrida >Date: Sun, 12 Sep 2004 08:33:20 -0400 > >For your Sunday morning's entertainment, boys and girls, I present the >latest post-modernist circle-jerk. Put down your coffee, or you'll mess up >your keyboard. > >Cheers, >RAH >Who remembers the "citizen's courts" that Mr. Bell was so fond of... > >------- > >--- begin forwarded text > > >Thread-Topic: [irtheory] The World's Most Dangerous Ideas >Thread-Index: AcSYdTPYwk995UZvTomvwcUpUJH1EgAGokIH >To: >From: "Aaron Chen Angus" >Mailing-List: list irtheory at yahoogroups.com; contact >irtheory-owner at yahoogroups.com >Delivered-To: mailing list irtheory at yahoogroups.com >Date: Sun, 12 Sep 2004 14:14:48 +0800 >Subject: [irtheory] An Interview with Jacques Derrida >Reply-To: irtheory at yahoogroups.com > >For A Justice To Come > >An Interview with Jacques Derrida > > > > >Lieven De Cauter > > > > > > > > > > >The BRussells Tribunal is a commission of inquiry into the "New Imperial >Order", and more particularly into the "Project for A New American Century" >(PNAC), the neo-conservative think tank that has inspired the Bush >government's war logic. The co-signatories of the PNAC "mission statement" >include Dick Cheney, Donald Rumsfeld and Paul Wolfowitz. The programme of >this Think tank is to promote planetary hegemony on the basis of a >supertechnological army, to prevent the emergence of a rival super-power >and to take pre-emptive action against all those who threaten American >interests. The BRussells Tribunal will be held in Brussels from April 14 >through 17. One of the greatest living philosophers, Jacques Derrida, who >suffers from cancer and is unable to attend the tribunal, has invited the >project's initiator, Lieven De Cauter, to his house for an interview. > > > > > _____ > > > > >Lieven De Cauter: While thanking you for your generosity-why have you >decided to grant us this interview on our initiative, the "BRussells >Tribunal"? > > > > >Jacques Derrida: First of all I wanted to salute your initiative in its >principle: to resuscitate the tradition of a Russell Tribunal is >symbolically an important and necessary thing to do today. I believe that, >in its principle, it is a good thing for the world, even if only in that it >feeds the geopolitical reflection of all citizens of the world. I am even >more convinced of this necessity in light of the fact that, for a number of >years now, we have witnessed an increased interest in the working, in the >constitution of international institutions, institutions of international >law which, beyond the sovereignty of States, judge heads of State, >generals. Not yet States as such, precisely, but persons responsible for, >or suspected of being responsible for, war crimes, crimes against >humanity-one could mention the case of Pinochet, despite its ambiguity, or >of Milosevic. At any rate, heads of State have to appear as such before an >International Criminal Court, for instance, which has a recognised status >in international law, despite all the difficulties you know: the American, >French, Israeli reservations. Nonetheless this tribunal exists, and even if >it is still faltering, weak and problematic in the execution of its >sanctions, it exists as a recognised phenomenon of international law. > >Your project, if I understand it correctly, is not of the same type, even >if it is inspired by the same spirit. It does not have a juridical or >judicial status recognised by any State, and it consequently remains a >private initiative. Citizens of different countries have agreed among each >other to conduct, as honestly as possible, an inquiry into a policy, into a >political project and its execution. The point is not to reach a verdict >resulting in sanctions but to raise or to sharpen the vigilance of the >citizens of the world, in the first place that of the responsible parties >you propose to judge. That can have a symbolic weight in which I believe, >an exemplary symbolic weight. > >That is why, even though I do not feel involved in the actual experience >you intend to set up, I think it is very important to underscore that the >case you are about to examine-which is evidently a massive and extremely >serious case-is only one case among many. In the logic of your project, >other policies, other political or military staff, other countries, other >statesmen can also be brought to be judged in the same manner, or to be >associated with this case. Personally, I have a critical attitude towards >the Bush administration and its project, its attack on Iraq, and the >conditions in which this has come about in a unilateral fashion, in spite >of official protestations from European countries including France, in >violation of the rules of the United Nations and the Security Council... >But notwithstanding this criticism - which I have expressed in public, by >the way - I would not wish for the United States in general to have to >appear before such a tribunal. I would want to distinguish a number of >forces within the United States that have opposed the policy on Iraq as >firmly as in Europe. This policy does not involve the American people in >general, nor even the American State, but a phase in American politics >which, for that matter, is about to be questioned again in the run-up to >the presidential elections. Perhaps there will be a change, at least >partially, in the United States itself, so I would encourage you to be >prudent as regards the target of the accusation. > > > > >LDC: That is why we have directed our attention not to the government in >general but more particularly to the Project for the New American Century, >the think tank which has issued all these extreme ideas of unilateralism, >hegemony, militarisation of the world, ... > > > > >JD: Where there is an explicit political project which declares its >hegemonic intent and proposes to put everything into place to accomplish >this, there one can, in effect, level accusations, protest in the name of >international law and existing institutions, in their spirit and in their >letter. I am thinking as much of the United Nations as of the Security >Council, which are respectable institutions, but whose structure, charter, >procedures need to be reformed, especially the Security Council. The crisis >that has been unfolding confirms this: these international institutions >really need to be reformed. And here I would naturally plead for a radical >transformation - I don't know whether this will come about in the short run >- which would call into question even the Charter, that is to say the >respect for the sovereignties of the nation-states and the non-divisibility >of sovereignties. There is a contradiction between the respect for human >rights in general, also part of the Charter, and the respect for the >sovereignty of the nation-state. The States are in effect represented as >States in the United Nations and a fortiori in the Security Council, which >gathers together the victors of the last war. All this calls for a profound >transformation. I would insist that it should be a transformation and not a >destruction, for I believe in the spirit of the United Nations. > > > > >LDC: So you still remain within the vision of Kant > > > > > >JD: At least in the spirit of Kant, for I also have some questions >concerning the Kantian concept of cosmopolitanism.1 It is in this >perspective that I believe initiatives such as yours (or analogous >initiatives) are symbolically very important to raise consciousness about >these necessary transformations. This will have - at least that is what I >hope - the symbolic value of a call to reflection we are in need of, and >which the States are not taking care of, which not even institutions like >the International Criminal Court are taking care of. > > > > >LDC: If I may allow myself one specification: we are part of a whole >network called "World Tribunal on Iraq". There will be sessions in >Hiroshima, Tokyo, Mexico, New York, London, and Istambul. In London, and >there the link between the International Criminal Court and the moral >tribunal is very strong, those in charge of the Tribunal on Iraq have, >together with specialists, assembled a dossier to investigate whether Blair >(who has recognised the International Criminal Court) has broken >international law. By all evidence, there is a considerable consensus among >specialists to say that this war is a transgression, it is an "aggressive >war" in the technical sense of the term as used in the charter of the UN, >since there was no imminent threat to the territory of the countries >involved. The upshot of this inquiry is that they have submitted a dossier >to the International Criminal Court in The Hague. Similarly in Copenhagen, >since Denmark is part of the coalition. So it's possibile that our moral >initiative may be transformed, in some of its components, into a juridical >procedure strictly speaking. > > > > >JD: That would be desirable, evidently! But the probability that this would >come about seems low, for there would be too many States who would oppose >your initiative becoming institutional and generally judicial, and not just >the United States. Yet if this doesn't come about, that does not mean your >project is destined to ineffectiveness. On the contrary. I believe in its >considerable symbolic effectiveness in the public domain. The fact that it >is said, published, even if it isn't followed by a judgement in the >strictly judicial sense, let alone actual sanctions, can have considerable >symbolical impact on the political consciousnes of the citizens, a relayed, >deferred effect, but one that raises high expectations. I would hope that >you would treat those you accuse justly, that yours would be an undertaking >of true integrity, devoid of preliminary positioning, without >preconditions, that everything would be done in serenity and justice, that >the responsible parties would be accurately identified, that you would not >go over the top and that you would not exclude other procedures of the same >type in the future. I would not want this procedure to serve as an excuse >for not conducting other procedures that are just as necessary concerning >other countries, other policies, whether they be European or not. I would >even wish that the exemplary character of your initiative would lead to a >lasting, if not a permanent instance. > > > > >I believe that it would be perceived as being more just if you didn't >commit yourself to this target as if it were the only possible target, >notably because, as you are aware, in this aggression against Iraq, >American responsibility was naturally decisive but it didn't come about >without complex complicities from many other quarters. We are dealing with >a knot of nearly inextricable co-responsibilities. I would hope that this >would be clearly taken into account and that it wouldn't be the accusation >of one man only. Even if he is an ideologue, someone who has given the >hegemony project a particularly readable form, he has not done it on his >own, he cannot have imposed it on non-consenting people. So the contours of >the accused, of the suspect or the suspects, are very hard to determine. > > > > >LDC: Yes, that is one of the reasons why we have abandoned the strictly >juridical format. One of the disadvantages of the juridical format is that >you can only target persons. Whereas we want to take aim at a system, a >systemic logic. We name the accused (Cheney, Wolfowitz, Rumsfeld) to show >people we're not talking about phantoms, but we take aim at the PNAC as a >set of performative discourses, that is to say plans to achieve something, >intentions to be translated into action. Our difficulty is also one of >communication: communicating to people that PNAC exists and that it is >important to spread this knowledge, is already a job in itself. > > > > >JD: Of course. And for that reason, it is important that matters are partly >personalised and partly developed at the level of the system, of the >principles, the concept, where this system, these principles, these >concepts violate international laws which must be both respected and >perhaps also changed. This is where you will not be able to avoid talking >about sovereignty, about the crisis of sovereignty, about the necessary >division or delimitation of sovereignty. Personally, when I have to take a >position on this vast issue of sovereignty, of what I call its necessary >deconstruction, I am very cautious. I believe it is necessary, by way of a >philosophical, historical analysis, to deconstruct the political theology >of sovereignty. It's an enormous philosophical task, requiring the >re-reading of everything, from Kant to Bodin, from Hobbes to Schmitt. But >at the same time you shouldn't think that you must fight for the >dissolution pure and simple of all sovereignty: that is neither realistic >nor desirable. There are effects of sovereignty which in my view are still >politically useful in the fight against certain forces or international >concentrations of forces that sneer at sovereignty. > >In the present case, we have precisely the convergence of the arrogant and >hegemonic assertion of a sovereign Nation-State with a gathering of global >economic forces, involving all kinds of transactions and complications in >which China, Russia and many countries of the Middle East are equally mixed >up. This is where matters become very hard to disentangle. I believe that >sometimes the reclamation of sovereignty should not necessarily be >denounced or criticised, it depends on the situation. > > > > >LDC: As you have clearly demonstrated in Voyous [Rogues], in deconstructing >the term, there is no democracy without "cracy": a certain power, and even >force, is required. > > > > >JD: Absolutely. You can also talk of the sovereignty of the citizen, who >votes in a sovereign fashion, so you need to be very cautious. In my view, >the interesting thing about your project is in taking up or pursuing this >reflection starting from an actual case which takes a specific form: >military, strategic, economic, etc. It is very important to develop such >reflection on a case, but this reflection requires considerable time and >must accompany the entire geopolitical process in decades to come. It is >not just as a Frenchman, European or citizen of the world but also as a >philosopher concerned to see these questions developed that I find your >attempt interesting and necessary. It will provide an opportunity for >others, many others I hope, to adopt a position with regard to your >efforts, to reflect, possibly to oppose you, or to join you, but this can >only be beneficial for the political reflection we are in need of. > > > > >LDC: I was amazed by the definition you give in The Concept of September >11: a philosopher, you say, is someone who deals with this transition >towards political and international institutions to come. That is a very >political definition of the philosopher. > > > > >JD: What I wanted to convey is that it won't necessarily be the >professional philosophers who will deal with this. The lawyer or the >politician who takes charge of these questions will be the philosopher of >tomorrow. Sometimes, politicians or lawyers are more able to >philosophically think these questions through than professional academic >philosophers, even though there are a few within the University dealing >with this. At any rate, philosophy today, or the duty of philosophy, is to >think this in action, by doing something. > > > > >LDC: I would like to return to this notion of sovereignty. Is not the New >Imperial Order which names "Rogue States" a State of exception? You speak >in Voyous about the concept of the auto-immunity of democracy: democracy, >at certain critical moments, believes it must suspend itself to defend >democracy. This is what is happening in the United States now, both in its >domestic policy and in its foreign policy. The ideology of the PNAC, and >therefore of the Bush administration, is exactly that. > > > > >JD: The exception is the translation, the criterion of sovereignty, as was >noted by Carl Schmitt (whom I have also criticised, one must be very >cautious when one talks about Carl Schmitt, I have written some chapters on >Carl Schmitt in The Politics of Friendship where I take him seriously and >where I criticise him and I would not want my reflection on Schmitt to be >seen as an endorsement of either his theses or his history). Sovereign is >he who decides on the exception. Exception and sovereignty go hand in hand >here. In the same way that democracy, at times, threatens or suspends >itself, so sovereignty consists in giving oneself the right to suspend the >law. That is the definition of the sovereign: he makes the law, he is above >the law, he can suspend the law. That is what the United States has done, >on the one hand when they trespassed against their own commitments with >regard to the UN and the Security Council, and on the other hand, within >the country itself, by threatening American democracy to a certain extent, >that is to say by introducing exceptional police and judicial procedures. I >am not only thinking of the Guantanamo prisoners but also of the Patriot >Act: from its introduction, the FBI has carried out inquisitorial >procedures of intimidation which have been denounced by the Americans >themselves, notably by lawyers, as being in breach of the Constitution and >of democracy. > >Having said that, to be fair, we must recall that the United States is >after all a democracy. Bush, who was elected with the narrowest of margins, >risks losing the next elections: he is only sovereign for four years. It is >a very legalistic country rich in displays of political liberty which would >not be tolerated in a good many other countries. I am not only thinking of >countries known to be non-democratic but also of our own Western European >democracies. In the United States, when I saw those massive marches against >the imminent war in Iraq, in front of the White House, right by Bush's >offices, I said to myself that if in France protesters assembled in their >thousands and marched in front of the Elysie in a similar situation, that >would not be tolerated. To be fair, we must take into account this >contradiction within American democracy - on the one hand, auto-immunity: >democracy destroys itself in protecting itself; but on the other hand, we >must take into account the fact that this hegemonic tendency is also a >crisis of hegemony. The United States, to my mind, convulses upon its >hegemony at a time when it is in crisis, precarious. There is no >contradiction between the hegemonic drive and crisis. The United States >realises all too well that within the next few years, both China and Russia >will have begun to weigh in. The oil stories which have naturally >determined the Iraq episode are linked to long-term forecasts notably >concerning China: China's oil supply, control over oil in the Middle East > >all of this indicates that hegemony is as much under threat as it is >manifest and arrogant. > >It is an extremely complex situation, which is why I am bound to say it >should not be a matter of blanket accusations or denunciations levelled >against the United States, but that we should take stock of all that is >critical in American political life. There are forces in the United States >that fight the Bush administration, alliances should be formed with these >forces, their existence recognised. At times they express their criticism >in ways much more radical than in Europe. But there is evidently - and I >suppose you will discuss this in your commission of inquiry -the enormous >problem of the media, of control of the media, of the media power which has >accompanied this entire history in a decisive manner, from September 11 to >the invasion of Iraq, an invasion which, by the way, in my opinion was >already scheduled well before September 11. > > > > >LDC: Yes, as a matter of fact that is one of the things that need to be >proven. The PNAC, in 2000, writes: "the United States has for decades >sought to play a more permanent role in Gulf regional security. While the >unresolved conflict with Iraq provides the immediate justification, the >need for a substantial American force presence in the Gulf transcends the >issue of the regime of Saddam Hussein." They write this in September 2000: >it was already decided, all the rest was just an alibi. > > > > >JD: I have had this debate in public with Baudrillard, who said that the >aggression against Iraq - which was then being prepared- was a direct >consequence of September 11. I opposed that thesis, I said that I thought >it would take place anyway, that the premises had been in place for a long >time already, and that the two sequences can be dissociated, to a certain >extent. The day when this history will be written, when the documents are >made public, it will become clear that September 11 was preceded by highly >complicated underhand negotiations, often in Europe, on the subject of >petrol pipe-line passage, at a time when the petrol clan was in power. >There were intrigues and threats, and it is not impossible to think that >one day it will be discovered that it was really the Bush clan that was >targetted rather than the country, the America of Clinton. But we shouldn't >stop at petrol: there are numerous other strategic geopolitical stakes, >among them the tensions with China, Europe, Russia. Alliances with the >United States, variable as ever, since it has attacked those who they have >supported for a very long time. Iraq was an ally of the United States as of >France: all of this is part of diplomatic inconstancy, hypocritical from >end to end, and not only on the part of the United States. There are many >more stakes than petrol alone, especially since petrol is a matter of only >a few more decades: there won't be any oil left in 50 years! We must take >the petrol question into acount, but we shouldn't devote all our attention >and analysis to it. There are military questions, passing through >territorial questions of occupation and control. But military power is not >only a territorial power, we know that now, it also passes through >non-territorialised controls, techno-communicational channels etc. All of >this has to be taken into account. > > > > >LDC: And Israel? > > > > >JD: Many have said that the American-Israeli alliance or the support the >United States give to Israel is not unrelated to this intervention in Iraq. >I believe this is true to some extent. But here too matters are very >complicated, because even if the current Israeli government-and here I >would take the same precautions as for the United States: there are >Israelis in Israel who fight Sharon - has indeed congratulated itself >officially and in public on the aggression against Iraq, the freedom this >may have apparently given Israel in its offensive initiatives of >colonisation and repression is very ambiguous. Here too we could speak of >auto-immunity: it's very contradictory, because at the same time this has >aggravated Palestinian terrorism, intensified or reawakened symptoms of >anti-semitism across Europe > > >It's very complicated, for if it is true that the Americans support Israel >- just like the majority of European countries, with different political >modulations - , the best American allies of Sharon's policy, that is to say >the most offensive policy of all Israeli governments, are not only the >American Jewish community but also the Christian fundamentalists. These are >often the most pro-Israeli of all Americans, at times even more so than >certain American Jews. I'm not sure it will turn out to have been in >Israel's best interest that this form of aggression against Iraq has come >about. The future will tell. Even Sharon meets with opposition in his own >government nowadays, in his own majority, because he claims to withdraw >from the Gaza colonies. The difficulty of a project such as yours, however >just and magnificent it may be in its principle, is that it must cautiously >take this complexity into account, that it must try not to be unfair to any >of the parties. That is one of the reasons why I insist in confirming my >solidarity in principle. Unable to participate effectively in the inquiry >and in the development of the judgement because of my illness, I prefer to >restrict myself for now to this agreement in principle, but I will not >hesitate to applaud you afterwards, if I find you have conducted matters >well! > > > > >LDC: Your statements are limpid and will serve as drink for many who are >thirsty (for justice, for instance). Thank you very much. By way of >post-script: let us speak of messianism for a minute or so. That is to say >of "the weak force", which refers to Benjamin and which you evoke in the >"Prihre d'insirer", the preface to Voyous. Allow me to quote from it: "This >vulnerable force, this force without power exposes to what or who is >coming, and coming to affect it ( >) What affirms itself here would be a >messianic act of faith-irreligious and without messianism. ( >) This site is >neither soil nor foundation. It is nonetheless there that the call for a >thought of the event to come will take root: of democracy to come, of >reason to come. All hopes will put their trust in this call, certainly, but >the call will remain, in itself, without hope. Not desperate but alien to >teleology, to the expectancy and the benefit [salut] of salvation. Not >alien to the salavation [salut] of the other, nor alien to the farewell or >to justice, but still rebellious towards the economy of redemption." > I >thought this very beautiful. Almost a prayer to insert - into the everyday, >into our project. What is it, this messianism without religion? > > > > >JD: The weak force indeed refers to the interpretation of Benjamin, but it >is not exactly mine. It is what I call "messianicity without messianism": I >would say that today, one of the incarnations, one of the implementations >of this messianicity, of this messianism without religion, may be found in >the alter-globalisation movements. Movements that are still heterogeneous, >still somewhat unformed, full of contradictions, but that gather together >the weak of the earth, all those who feel themselves crushed by the >economic hegemonies, by the liberal market, by sovereignism, etc. I believe >it is these weak who will prove to be strongest in the end and who >represent the future. Even though I am not a militant involved in these >movements, I place my bet on the weak force of those alter-globalisation >movements, who will have to explain themselves, to unravel their >contradictions, but who march against all the hegemonic organisations of >the world. Not just the United States, also the International Monetary >Fund, the G8, all those organised hegemonies of the rich countries, the >strong and powerful countries, of which Europe is part. It is these >alter-globalisation movements that offer one of the best figures of what I >would call messianicity without messianism, that is to say a messianicity >that does not belong to any determined religion. The conflict with Iraq >involved numerous religious elements, from all sides-from the Christian >side as well as from the Muslim side. What I call messianicity without >messianism is a call, a promise of an independent future for what is to >come, and which comes like every messiah in the shape of peace and justice, >a promise independent of religion, that is to say universal. A promise >independent of the three religions when they oppose each other, since in >fact it is a war between three Abrahamic religions. A promise beyond the >Abrahamic religions, universal, without relation to revelations or to the >history of religions. My intent here is not anti-religious, it is not a >matter of waging war on the religious messianisms properly speaking, that >is to say Judaic, Christian, Islamic. But it is a matter of marking a place >where these messianisms are exceeded by messianicity, that is to say by >that waiting without waiting, without horizon for the event to come, the >democracy to come with all its contradictions. And I believe we must seek >today, very cautiously, to give force and form to this messianicity, >without giving in to the old concepts of politics (sovereignism, >territorialised nation-state), without giving in to the Churches or to the >religious powers, theologico-political or theocratic of all orders, whether >they be the theocracies of the Islamic Middle East, or whether they be, >disguised, the theocracies of the West. (In spite of everything, Europe, >France especially, but also the United States are secular in principle in >their Constiutions. I recently heard a journalist say to an American: "how >do you explain that Bush always says 'God bless America', that the >President swears on the Bible, etc." and the American replied: "don't >lecture us on secularity for we put the separation of Church and State into >our Constitution long before you did", that the State was not under the >control of any religion whatsoever, which does not stop Christian >domination from exerting itself, but there too it is imperative to be very >cautious). Messianicity without messianism, that is: independence in >respect of religion in general. A faith without religion in some sort. > > > > > >Transcribed by Maowenn Furic > >(Ris Orangis, Thursday February 19 2004) > >Translated by Ortwin de Graef > > > > > > > > >1 Derrida alludes to his reflection on Kant and his idea of a 'Vvlkerbund' >(alliance of peoples) in Voyous [Rogues], pp. 118-25. > > > >------------------------ Yahoo! Groups Sponsor --------------------~--> >Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. >Now with Pop-Up Blocker. Get it for free! >http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/_tgrlB/TM >--------------------------------------------------------------------~-> > > >Yahoo! Groups Links > ><*> To visit your group on the web, go to: > http://groups.yahoo.com/group/irtheory/ > ><*> To unsubscribe from this group, send an email to: > irtheory-unsubscribe at yahoogroups.com > ><*> Your use of Yahoo! Groups is subject to: > http://docs.yahoo.com/info/terms/ > > >--- end forwarded text > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From mv at cdc.gov Sun Sep 12 11:45:10 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 12 Sep 2004 11:45:10 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: <41449936.AACCC@cdc.gov> At 12:01 AM 9/12/04 -0500, J.A. Terranson wrote: >"No big deal"? Who are they kidding? JAT, any large explosion will create a mushroom cloud. Its the blast wave reflecting off the ground that lifts the thing, plus the buoyancy of the hot gasses. If it *were* a nuke, it would be easy to detect --from Vera gamma-ray satellites staring at the earth to optical sensors (there's a characteristic nonlinear time-course of optical emissions) to fallout monitors, ground and plane based. Time will tell, and it certainly could have been a nuke (they have the SNMs), but if you do it, you talk about it, much like the Indi/Pakis did. And you can't hide a surface burst, or even a large belowground test --and an underground test that vents to the atmosphere doesn't make such a big cloud. Nukepunk From mv at cdc.gov Sun Sep 12 12:17:54 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 12 Sep 2004 12:17:54 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: <4144A0E2.8BF094F@cdc.gov> At 09:53 AM 9/12/04 +0200, Eugen Leitl wrote: >On Sun, Sep 12, 2004 at 07:50:35AM +0200, Thomas Shaddack wrote: >> On Sun, 12 Sep 2004, J.A. Terranson wrote: >> >> > "No big deal"? Who are they kidding? >> >> A 2-mile wide cloud is WAY too big to be caused by a single explosion, >> unless REALLY big. The forest fire claim sounds more plausible in this > >To make a crater visible from LEO it better had to be big. Does Oppau ring >a bell? How about that .3 kiloton AN explosion in France a little after 11.9.01? But you don't get much crater with an airburst --think about Trinity, where the tower was left standing. To get a crater, you have to bury the nuke (see SEDAN, PLOWSHARE), which BTW couples the shock very nicely into the ground. (You *can* destroy an underground bunker with a nuke, you just bury a 10 MT device. The fallout prevents its deployment though. Easier just to bomb the ingress/egress. http://www.fas.org/rlg/20.htm has some good ideas on this. In any case, you won't see the surface until the smoke clears. But the gamma, seismic (quakes don't start instantly), and opticals (double-pulse) will tip a nuke quite clearly. From bill.stewart at pobox.com Sun Sep 12 12:38:56 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 12 Sep 2004 12:38:56 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <41449936.AACCC@cdc.gov> References: <41449936.AACCC@cdc.gov> Message-ID: <200409121942.i8CJgrT2024997@positron.jfet.org> At 11:45 AM 9/12/2004, Major Variola (ret) wrote: >Time will tell, and it certainly could have been a nuke (they have >the SNMs), but if you do it, you talk about it, much like >the Indi/Pakis did. And you can't hide a surface burst, or >even a large belowground test --and an underground test >that vents to the atmosphere doesn't make such a big cloud. When the Israeli / South African nuke test was done, they didn't talk about it, they pretended it hadn't happened, and the US government, at least publicly, has continued to pretend that we don't know that Israel has weapons of Mass Destruction. From emc at artifact.psychedelic.net Sun Sep 12 16:47:41 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sun, 12 Sep 2004 16:47:41 -0700 (PDT) Subject: Recruiting Only Smart People Message-ID: <200409122347.i8CNlf6K011748@artifact.psychedelic.net> Google has an austere black on white billboard ad which simply reads. www.{first 10-digit prime found in the consecutive digits of e}.com People arriving solve another puzzle, and then can use the answer as a password for a website that greets them with the message... "One thing we learned while building Google is that it's easier to find what you're looking for if it comes looking for you. What we're looking for are the best engineers in the world. And here you are." Cute, except it's now being discussed on the net, and you can google the answers. :) -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From measl at mfn.org Sun Sep 12 15:04:41 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 12 Sep 2004 17:04:41 -0500 (CDT) Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <0409120722370.10973@somehost.domainz.com> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> Message-ID: <20040912165615.B19206@ubzr.zsa.bet> On Sun, 12 Sep 2004, Thomas Shaddack wrote: > On Sun, 12 Sep 2004, J.A. Terranson wrote: > > > "No big deal"? Who are they kidding? > > A 2-mile wide cloud is WAY too big to be caused by a single explosion, > unless REALLY big. Exactly. And there aren't many things *that* big. > The forest fire claim sounds more plausible in this > regard. An existing cloud could be used for masking, though. Wait a minute: since when does a forest fire create explosions? Or have enough ground force to push up a mushroom cloud? > But a surface or atmospheric blast would produce a flash plowing through > the entire EM spectrum; from long-wave radio to microwaves to hard gamma. > That's something the satellites Up There can't miss even through a smoke > cloud - at least if they are still operational or replaced by newer ones. Agreed. Except that _I_ do not have access to those sattelites, so I don't know what it is they saw (or didn't see). > (Remember the strong flashes of gamma bursts, originally discovered by > satellites observing the nuclear test ban: > .) Also a > disruption of this kind would be perceivable in long range, possibly by > quite many people. And, lo, a *lot* of people noticed it. > An underground blast, if not screwed up, wouldn't produce a cloud at all. That I didn't know. > However, both surface and underground blast would have a peculiar seismic > signature. There is a network of both nonproliferation-surveillance and > plain old scientific seismic stations all over the world. Something like > that couldn't stay hidden for too long. Remember the day the the Kursk > submarine became famous; the recording of the double signature, the > explosion and shortly later following implosion, appeared online in couple > days (or maybe even hours?) after the Event. Yes, I do remember that. I also remember everyone denying it at first. > It's difficult to imagine a > true nuclear blast would stay unreported for more than few days. Agreed - we can only wait and see. However, I do *not* expect that the USG would want this out if it *is* a nuclear test - Shrub is facing a PR nightmare if it is, since he is the one who pushed them into the nuclear corner. > Even if > it would really be a nuke test and the politicians would want to be quiet > about it, there are too many subjects outside of the direct US political > control to either report the measurements or the eventual pressure to not > report them. > > According to CNN, there was also a strong blast reported in the area of a > missile base. We don't know how strong the blast was, and if it couldn't > be just a "conventional" explosion, caused by eg. a combination of a > forest fire and an ammo depot. That of course brings us full circle: how many fuels can produce a blast which results in a 2+ mile mushroom? That's a *lot* of explosive force. > There is also a possibility the "senior officials with access to > intelligence" were injecting media with false information. Remember there > are many subjects with different agendas here and a little psyops here and > there is quite common. > > Let's not jump on the conclusions yet. Wait 2-3 days, optionally watch the > traffic in conferences of geologists taking care of the seismic activity > worldwide and in the vicinity of the area of interest. It's Saturday and > many people who could know the answers are away from their instruments; > let's wait what they will find on their screens on Monday morning. Hey look here Shaddack: you're ruining a perfectly good conspiracy theory here! I'll have none of this well reasoned CRAP in *my* conspiracy theory! :-) I, like many other, will be looking at this as it develops... You may be right, but, really, a *forest fire*???? -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From measl at mfn.org Sun Sep 12 15:07:55 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 12 Sep 2004 17:07:55 -0500 (CDT) Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040912075306.GU1457@leitl.org> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> <20040912075306.GU1457@leitl.org> Message-ID: <20040912170653.M19206@ubzr.zsa.bet> On Sun, 12 Sep 2004, Eugen Leitl wrote: > http://www.muenster.org/uiw/fach/chemie/material/gif/oppau.jpg Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes, yes?) could produce that kind of result! How much was there? -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From measl at mfn.org Sun Sep 12 15:14:21 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 12 Sep 2004 17:14:21 -0500 (CDT) Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <41449936.AACCC@cdc.gov> References: <41449936.AACCC@cdc.gov> Message-ID: <20040912170944.D19206@ubzr.zsa.bet> On Sun, 12 Sep 2004, Major Variola (ret) wrote: > At 12:01 AM 9/12/04 -0500, J.A. Terranson wrote: > >"No big deal"? Who are they kidding? > > JAT, any large explosion will create a mushroom cloud. Its the > blast wave reflecting off the ground that lifts the thing, plus the > buoyancy of the hot gasses. Yes, I understand all this - mushroom cloud != nuclear explosion. > If it *were* a nuke, it would be easy to detect --from Vera > gamma-ray satellites staring at the earth to optical sensors > (there's a characteristic nonlinear time-course of optical emissions) > to fallout monitors, ground and plane based. Which _I_ do not have access to ;-) > Time will tell, Exactly. > and it certainly could have been a nuke (they have > the SNMs), but if you do it, you talk about it, much like > the Indi/Pakis did. If I were in Jong's slippers, I would not discuss it - I would just do it, and let everyone draw their own [obvious] conclusion. Remember, his pattern has been to only discuss things (even when already obvious to everyone else) only when _he_ felt like it. > And you can't hide a surface burst, or > even a large belowground test This conflicts somewhat with a previously expressed opinion (Shaddack?). I was under the impression that underground tests, unless performed with very tiny nukes at very great depth, produced visible clouds from the blast waves. > --and an underground test > that vents to the atmosphere doesn't make such a big cloud. > > Nukepunk -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From measl at mfn.org Sun Sep 12 15:16:35 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 12 Sep 2004 17:16:35 -0500 (CDT) Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <200409121942.i8CJgrT2024997@positron.jfet.org> References: <41449936.AACCC@cdc.gov> <200409121942.i8CJgrT2024997@positron.jfet.org> Message-ID: <20040912171550.S19206@ubzr.zsa.bet> On Sun, 12 Sep 2004, Bill Stewart wrote: > When the Israeli / South African nuke test was done, > they didn't talk about it, they pretended it hadn't happened, > and the US government, at least publicly, has continued to > pretend that we don't know that Israel has weapons of Mass Destruction. And it is without question in Shrubs best interests to "not notice" if the two Koreas just became a nuclear playground. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From die at dieconsulting.com Sun Sep 12 15:09:50 2004 From: die at dieconsulting.com (Dave Emery) Date: Sun, 12 Sep 2004 18:09:50 -0400 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040911235920.A19206@ubzr.zsa.bet> References: <20040911235920.A19206@ubzr.zsa.bet> Message-ID: <20040912220950.GB8875@pig.dieconsulting.com> On Sun, Sep 12, 2004 at 12:01:29AM -0500, J.A. Terranson wrote: > "No big deal"? Who are they kidding? Has it occured to anyone this might be a covert US (or Chinese or ....) operation to destroy the PRK nuke test setup, say with cruise missiles, stealth B2 bombers, or a infiltrated sabotage team ? That could produce a large explosion (but little radioactivity)... And with obvious PRK preparations for a test far advanced (see today's NYT) , I would think it was now or never for such a covert attack. Maybe that is why Dubya was completely shitfaced getting off the helo at the WH on the way back from campaigning in Johnstown Pa this past Thursday ? Too much pressure to keep that Jim Beam bottle in the cabinet... one almost can't blame him... -- Dave Emery N1PRE, die at dieconsulting.com DIE Consulting, Weston, Mass 02493 From camera_lumina at hotmail.com Sun Sep 12 15:23:28 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 12 Sep 2004 18:23:28 -0400 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: Variola wrote... >If it *were* a nuke, it would be easy to detect --from Vera >gamma-ray satellites staring at the earth to optical sensors >(there's a characteristic nonlinear time-course of optical emissions) >to fallout monitors, ground and plane based. --and an underground test >that vents to the atmosphere doesn't make such a big cloud. I had thought that one of the main tests was seismic...from what I understood, Seismic monitors in the US can detect nu-cu-lar tests (above or below ground) and even guess where and the size of the blast. -TD _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From bill.stewart at pobox.com Sun Sep 12 22:40:22 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 12 Sep 2004 22:40:22 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040912170653.M19206@ubzr.zsa.bet> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> <20040912075306.GU1457@leitl.org> <20040912170653.M19206@ubzr.zsa.bet> Message-ID: <6.0.3.0.0.20040912222222.04091328@pop.idiom.com> > That of course brings us full circle: how many fuels can produce a blast > which results in a 2+ mile mushroom? That's a *lot* of explosive force. Blast sets off the forest fire, fire makes the smoke. Not a problem. Go visit Northern California in late summer firestorm season (though we don't need fertilizer plants to start fires; smaller accidents or stupid people can do the job just fine.) At 03:07 PM 9/12/2004, J.A. Terranson wrote: > > http://www.muenster.org/uiw/fach/chemie/material/gif/oppau.jpg >Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes, >yes?) could produce that kind of result! How much was there? No FO, just AN all by itself. NH4NO3 turns into N2 + 2H2O + O, and the leftover O finds something productive to do, like combine with another O into O2, or burn some nearby carbon, and it's hot enough the H2O is gaseous also. If you've got FO, it'll happily combine with the spare O, producing lots of heat and speeding up the reaction. The first earthquake-like event I experienced was when a chemical plant across the river from where I lived blew up; I think it was a fertilizer plant of some sort. (I was in Delaware; the plant was in New Jersey, and it was ~1968.) Fertilizer plants blow up real good; about the only thing better are ammunition depots and maybe explosives plants, and usually those are built to contain the explosion better. (By the way, most people think of the Parthenon as an ancient ruin; it was actually in very good shape, roof and all, until ~1850, when the Greeks were using it as an ammunition depot during one of their wars with the Turks and the Turks blew it up.) ---- Bill Stewart bill.stewart at pobox.com From rsw at jfet.org Mon Sep 13 00:14:53 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 13 Sep 2004 02:14:53 -0500 Subject: Recruiting Only Smart People In-Reply-To: <200409122347.i8CNlf6K011748@artifact.psychedelic.net> References: <200409122347.i8CNlf6K011748@artifact.psychedelic.net> Message-ID: <20040913071453.GA5939@jfet.org> Eric Cordian wrote: > www.{first 10-digit prime found in the consecutive digits of e}.com To be honest, their puzzles just aren't that impressive. If they really want puzzle solvers, they should just recruit at the MIT Mystery Hunt. The puzzle they presented here is would be among the easiest in a given year's hunt. http://web.mit.edu/puzzle/www/ -- Riad S. Wahby rsw at jfet.org From eugen at leitl.org Sun Sep 12 21:50:55 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 13 Sep 2004 06:50:55 +0200 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040912170653.M19206@ubzr.zsa.bet> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> <20040912075306.GU1457@leitl.org> <20040912170653.M19206@ubzr.zsa.bet> Message-ID: <20040913045054.GF1457@leitl.org> On Sun, Sep 12, 2004 at 05:07:55PM -0500, J.A. Terranson wrote: > On Sun, 12 Sep 2004, Eugen Leitl wrote: > > > http://www.muenster.org/uiw/fach/chemie/material/gif/oppau.jpg > > Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes, > yes?) could produce that kind of result! How much was there? About 4.5 kT of 50:50 ammonium nitrate/ammonium sulfate mix. One of the largest, if not *the* largest nonnuclear explosions ever. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From mv at cdc.gov Mon Sep 13 09:44:50 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 13 Sep 2004 09:44:50 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: <4145CE82.1A948764@cdc.gov> At 06:23 PM 9/12/04 -0400, Tyler Durden wrote: >I had thought that one of the main tests was seismic...from what I >understood, Seismic monitors in the US can detect nu-cu-lar tests (above or >below ground) and even guess where and the size of the blast. Yes. Seismic sensors see some foreshock activity before an earthquake including the big ones. A nuke starts instantly. Standard S & P wave triangulation gives you the location. You can try to hide a blast (in sand; or in an excavated void) but its tough. At 06:50 AM 9/13/04 +0200, Eugen Leitl wrote: >About 4.5 kT of 50:50 ammonium nitrate/ammonium sulfate mix. One of the >largest, if not *the* largest nonnuclear explosions ever. Ammonium sulphate would not have exploded. Its the nitrate that is the fun group. It has an oxygen surplus, so anythign (like the rest of the ship) vaporized by the detonation would probaby burn. Fuel oil is cheap; aluminum dust is more energetic. At 10:40 PM 9/12/04 -0700, Bill Stewart wrote: >No FO, just AN all by itself. NH4NO3 turns into N2 + 2H2O + O, Slow decomposition yields nitrous oxide, ie the fun oxide. 19th century chemistry. (And anesthesiology!) >The first earthquake-like event I experienced was when a >chemical plant across the river from where I lived blew up; >I think it was a fertilizer plant of some sort. >(I was in Delaware; the plant was in New Jersey, and it was ~1968.) The DuPont black powder & nitro plants in Delaware have three strong walls, the weak side faces the river. When they blow up, its much safer. Unless you're on the river, of course. The N Korean blast could have been their missiles blowing up due to screw ups. There's a lot of energy in the fuels. Or it could have been a test of their nuke-testing systems. The media uses the phrase "October surprise", if NK detonates just before the elections. Of course, others are working on their own October gift to W. When the WTC towers fell, it was something like a 3 on the Richter scale. Lots of gravitational energy. From mv at cdc.gov Mon Sep 13 09:49:04 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 13 Sep 2004 09:49:04 -0700 Subject: potential new IETF WG on anonymous IPSec Message-ID: <4145CF80.FF10799C@cdc.gov> Currently BGP is "secured" by 1. accepting BGP info only from known router IPs 2. ISPs not propogating BGP from the edge inwards Its a serious vulnerability (as in, take down the net), equivalent to the ability to confuse the post office machinery that sorts postcards. All you need to do is subvert some trusted routers. At 10:54 PM 9/10/04 -0700, Bill Stewart wrote: >Also, the author's document discusses protecting BGP to prevent >some of the recent denial-of-service attacks, >and asks for confirmation about the assertion in a message >on the IPSEC mailing list suggesting > "E.g., it is not feasible for BGP routers to be configured with the > appropriate certificate authorities of hundreds of thousands of peers". >Routers typically use BGP to peer with a small number of partners, >though some big ISP gateway routers might peer with a few hundred. >(A typical enterprise router would have 2-3 peers if it does BGP.) >If a router wants to learn full internet routes from its peers, >it might learn 1-200,000, but that's not the number of direct connections >that it has - it's information it learns using those connections. >And the peers don't have to be configured "rapidly without external >assistance" - >you typically set up the peering link when you're setting up the >connection between an ISP and a customer or a pair of ISPs, >and if you want to use a CA mechanism to certify X.509 certs, >you can set up that information at the same time. From camera_lumina at hotmail.com Mon Sep 13 07:00:18 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 13 Sep 2004 10:00:18 -0400 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: "Ken Brown" wrote... > >And if there was such a test, how long before China stomped all over them. >Last thing they want is a looney dictator with nukes on their borders (If >only to pre-empt Russia, US, or Japan intervening). Even if both the >Chinese state capitalists and the North Korean absolute divine monarchy >still use the locally redundant word "Communist" when describing themselves >to us Western barbarians. I think this pretty much nails it. Actually, I was imagining that there was still enough relationship left between PRC and NK for the Chinese to say, "Uh, a nuclear test would not be a good idea", meaning (in Chinese speak), "No way you're gonna do that". I'm sure the Chinese at this point regard their relationship with NK as baggage, though I know the Chinese do re-patriate NK refugees, so they're at least maintaining pretenses. -TD _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From brian-slashdotnews at hyperreal.org Mon Sep 13 03:26:01 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 13 Sep 2004 10:26:01 -0000 Subject: Endorse EDRI's Statement Against Data Retention Message-ID: Link: http://slashdot.org/article.pl?sid=04/09/13/0128222 Posted by: timothy, on 2004-09-13 08:31:00 from the but-they're-offering-a-free-backup-service dept. [1]Ville Oksanen writes "Privacy International (PI) and European Digital Rights (EDRI) have published their [2]joint answer to [3]the consultation on mandatory data retention. The European Commission asked for public comments on a proposed retention regime across Europe between 12 and 36 months for all traffic data generated by using fixed and mobile telephony and Internet. As [4]Statewatch puts it: 'This is a proposal so intrusive that Ashcroft, Ridge and company can only dream about it, exceeding even the U.S. Patriot Act.' EDRI and PI are currently collecting endorsements from organizations and companies for their stamement [5]here. This is unfortunately not enough to stop the process - expecially more should be done in the member states, which ultimately decide the fate of the proposal. So contact your local politicians today!" [6]Click Here References 1. http://www.effi.org/ 2. http://www.privacyinternational.org/issues/terrorism/rpt/responsetoretention. html 3. http://europa.eu.int/information_society/topics/ecomm/useful_information/libr ary/public_consult/text_en.htm#data_retention 4. http://www.statewatch.org/ 5. http://www.edri.org/cgi-bin/index?id=000100000162 6. http://ads.osdn.com/?ad_id=5137&alloc_id=11055&site_id=1&request_id=9560795&o p=click&page=%2farticle%2epl ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From bbrow07 at students.bbk.ac.uk Mon Sep 13 04:03:50 2004 From: bbrow07 at students.bbk.ac.uk (ken) Date: Mon, 13 Sep 2004 12:03:50 +0100 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040912165615.B19206@ubzr.zsa.bet> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> <20040912165615.B19206@ubzr.zsa.bet> Message-ID: <41457E96.3030909@students.bbk.ac.uk> J.A. Terranson wrote: > On Sun, 12 Sep 2004, Thomas Shaddack wrote: >>The forest fire claim sounds more plausible in this >>regard. An existing cloud could be used for masking, though. > Wait a minute: since when does a forest fire create explosions? Or have > enough ground force to push up a mushroom cloud? [...] > That of course brings us full circle: how many fuels can produce a blast > which results in a 2+ mile mushroom? That's a *lot* of explosive force. Doesn't have to work like that. The mushroom cloud is not "pushed up" by blast, it's carried up by hot air rising, which is replaced by cooler air rushing in below. There was a visible mushroom cloud at Hamburg in 1943 - I'm not sure but I suspect that that may have been the event that put the phrase into the language. FWIW the BBC is now saying that the NKs are claiming it was a civil engineering explosion connected with a hydro project. As with other list members I assume that if the explosion was nuclear someone would have detected EM from it immediately & radioactive particles soon after. And I also assume, perhaps with less justification, that at least some of those someones would have made the knowledge public - it must include at least military early warning organisation of China, Russia & the US, and very possibly Japan, SK, UK & maybe other countries as well, and also probably a number of space agencies and academic researchers. Would they all conspire to suppress knowledge of NK nuclear explosion? And if there was such a test, how long before China stomped all over them. Last thing they want is a looney dictator with nukes on their borders (If only to pre-empt Russia, US, or Japan intervening). Even if both the Chinese state capitalists and the North Korean absolute divine monarchy still use the locally redundant word "Communist" when describing themselves to us Western barbarians. Sometimes my friend's enemy isn't my enemy's friend. From eugen at leitl.org Mon Sep 13 03:32:53 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 13 Sep 2004 12:32:53 +0200 Subject: Endorse EDRI's Statement Against Data Retention (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20040913103252.GT1457@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From mv at cdc.gov Mon Sep 13 12:50:44 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 13 Sep 2004 12:50:44 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: <4145FA14.ACC83347@cdc.gov> At 06:59 AM 9/14/04 +1200, Peter Gutmann wrote: >(The nitrate was desensitised with ammonium sulfate and stored outside, >whenever anyone needed any they'd drill holes and blast off chunks with >dynamite. AN is extremely deliquescent; perhaps the sulphate was for that? Removing chunks with dynamite is trying rather hard for a Darwin award. When I was a teen I would save the instant-cold packs after soccer games, and recrystalize the AN within. It melts and gives off bubbles but I never collected enough N20 nor did it detonate. From rah at shipwright.com Mon Sep 13 10:27:22 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 13 Sep 2004 13:27:22 -0400 Subject: Spam Spotlight on Reputation In-Reply-To: <414593B6.10600@algroup.co.uk> References: <20040906221533.GA29063@danisch.de> <200409080743.i887hlBJ021453@positron.jfet.org> <414593B6.10600@algroup.co.uk> Message-ID: At 1:33 PM +0100 9/13/04, Ben Laurie wrote: >Surely you should check that: > >a) The signature works >b) Is someone in your list of good keys > >before whitelisting? Amen. A (cryptographic) whitelist for my friends, all others pay cash. :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ben at algroup.co.uk Mon Sep 13 05:33:58 2004 From: ben at algroup.co.uk (Ben Laurie) Date: Mon, 13 Sep 2004 13:33:58 +0100 Subject: Spam Spotlight on Reputation In-Reply-To: <200409080743.i887hlBJ021453@positron.jfet.org> References: <20040906221533.GA29063@danisch.de> <200409080743.i887hlBJ021453@positron.jfet.org> Message-ID: <414593B6.10600@algroup.co.uk> Bill Stewart wrote: > At 03:15 PM 9/6/2004, Hadmut Danisch wrote: > >> On Mon, Sep 06, 2004 at 11:52:03AM -0600, R. A. Hettinga wrote: >> > >> > E-mail security company MX Logic Inc. will report this week that 10 >> percent >> > of all spam includes such SPF records, >> >> I have mentioned this problem more than a year ago in context of >> my RMX draft (SPF, CallerID and SenderID are based on RMX). >> Interestingly, nobody really cared about this major security problem. >> All RMX-derivatives block forged messages (more or less). But what >> happens if the attacker doesn't forge? That's a hard problem. And a >> problem known from the very beginning of the sender verification >> discussion. > > > It's not a hard problem, just a different problem. > > Whitelisting your friends and aggressively filtering strangers > is an obvious technique for reducing false positives > without increasing false negatives, > but it fails if spammers can forge identities of your friends. > RMX-derivatives help this problem, and they help the joe-job problem. > > If a spammer wants to claim that they're the genuine spammers-are-us.biz, > well, let them. > > I find it more annoying that there are spammers putting PGP headers > in their messages, knowing that most people who use PGP assume > PGP-signed mail > is from somebody genuine and whitelist it. Surely you should check that: a) The signature works b) Is someone in your list of good keys before whitelisting? -- ApacheCon! 13-17 November! http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From rah at shipwright.com Mon Sep 13 11:03:53 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 13 Sep 2004 14:03:53 -0400 Subject: [ISN] Mitnick movie comes to the US Message-ID: I wonder if they include Shinomura boffing Gilmore's girlfriend in the Toad Hall hot tub? "Got Skills" indeed... Cheers, RAH --- begin forwarded text From chuckw at quantumlinux.com Mon Sep 13 14:27:38 2004 From: chuckw at quantumlinux.com (Chuck Wolber) Date: Mon, 13 Sep 2004 14:27:38 -0700 (PDT) Subject: Flying with Libertarian Hawks In-Reply-To: References: Message-ID: On Fri, 10 Sep 2004, Tyler Durden wrote: > Damn right. 'Conservative' means agreeing with the most vocal proponents > of the current right wing apparatchiks. It seems to have little or no > relationship to fiscally conservative ideas. "Left wing" now refers to > anyone who disagrees with the 'Conservatives', even if said left wing > policies are practically identical to those of the 'right'. Corollary: (Shamelessly stolen from the movie "Human Stain") They just keep getting dummer and more opinionated. -Chuck -- http://www.quantumlinux.com Quantum Linux Laboratories, LLC. ACCELERATING Business with Open Technology "The measure of the restoration lies in the extent to which we apply social values more noble than mere monetary profit." - FDR From adam at cypherspace.org Mon Sep 13 13:43:57 2004 From: adam at cypherspace.org (Adam Back) Date: Mon, 13 Sep 2004 16:43:57 -0400 Subject: will spammers early adopt hashcash? (Re: Spam Spotlight on Message-ID: Reputation) User-Agent: Mutt/1.4.1i Ben and Richard CLayton's paper makes several assumptions and we'll see how those pan out in the field as time goes on. We don't really know what the true cost of maintaining ownership of many machines. No doubt much lower than it should be because of poor security on microsoft OSes. But even so there must be some turn over as the user instals AV, firewalls, gets cut off by ISP, gets IP blacklisted etc. The general argument is in the FAQ quoted below. Essentially whatever resources spammers do have, hashcash is going to slow them down because the balance of CPU power vs bandwidth is such that 20-bit hashcahs with current hardware is likely to slow down the output of a typical consumer destkop+DSL line down by afact or 10-100x less spam. (Depnds on CPU power, DSL uplink, and number of Bcc recipients per message). Hashcash costs equal cpu per Bcc recipient. Without hashcash Bcc recipients to the same domain or to a hub cost a tiny bit of bandwidth -- the size of the email address (+"RCPT TO \r\n"). Will it be enough -- we don't know yet, but if widely deployed it would make spammers adapt. We just don't yet know how they will adapt. The other question Ben & Richards paper doesn't explore is the CAMRAM way of using hashcash. In this model you only pay hashcash for _introductions_. After parties have replied to a mail, the mail is whitelisted (short term by address only (risky no auth, joe-job hazard) medium term with CAMRAM email header signatures). If simple hashcash per mail turns out not to be enough, CAMRAM can increase the work factor, as people do not reply to spammers; and many emails are to-and-fro vs first introduction emails. (So the sender can afford to pay more on average). Eric sent a spreadsheet with some of this type of calculation. There may also be some mileage in Hal Finney's RPOW http://www.rpow.net where the legitimate user can re-use stamps he receives. (The scaling issues of the RPOW servers would need to be engineered carefully, there are servers, they can be per eg domain , but still compared to hashash this is more infrastructure as hashcash is pure end-to-end). Adam http://www.hashcash.org/faq/ 2c and 2d | 2c But won't spammers steal CPU time? | | Spammers already compromise security on many users machines to make | so-called "Zombie" armies to send spam from. However currently the | rate at which spammers can send mail on a zombie machine is limited | purely by the speed of those machine's internet links. A typical DSL | user might be able to send 25 unique messages per second each of size | 1KB (assumes 256kbit uplink). Or many more messages per second if the | messages are delivered to multiple users at once (using multiple Cc or | Bcc recipients). Even a 20-bit stamp takes 1/2 second per recipient on | the highest end pc hardware at time of writing. This would slow | spammers down by a factor of 10-100 or more per compromised machine | (depending on whether the messages sent are sent individually or to | many users at once). | | 2d But won't spammers deliver to many recipients at once? | | Spammers commonly optimize the amount of spam they can send over a | given link speed by delivering messages to 100s or 1000s of Bcc | recipients at once directly to an end-site, or to an ISP mail-hub. In | this way they can consume just 3.5KB of bandwidth in sending messages | to 100 recipients compared to the 100KB which would be used to send | each message separately. This would allow a spammer to send 700 | messages per second (assumes DSL with 256kbit uplink). | | Delivering in batches reduces the degree of customization the spammer | can make because all of the message bodies in a batch have to be the | same, but never-the-less is a trick spammers commonly use to increase | the number of mails per second they can send. | | However with hashcash a separate stamp is required for each individual | recipient, which stops this spammer trick. If the spammer has to put a | hashcash stamp for each recipient, even a 3Ghz Pentium 4 can only | generate 2 stamps per second, compared to 700 per second with no | hashcash, so using hashcash in this scenario slows the number of mails | the spammer can send by 350x. Adam On Mon, Sep 13, 2004 at 10:37:47AM -0400, Adam Shostack wrote: > On Mon, Sep 13, 2004 at 01:18:32PM +0100, Ben Laurie wrote: > | Adam Shostack wrote: > | > | >On Tue, Sep 07, 2004 at 04:13:13PM -0400, Adam Back wrote: > | > > | >| Well we'll see. If they have lots of CPU from zombies and can get and > | >| maintain more with limited effort maybe even they can, and CAMRAM's > | >| higher cost stamp on introductions only will prevail as the preferred > | >| method. > | > > | >Adam, > | > > | > You've thought about this more than me. What do you see as > | >equilibrium postal rates if the spammers have 10k, 100k, or a million > | >nodes to send? > | > > | > Will spammers run under nice? Use your graphics card as a > | >co-processor? Is the rate of new vulns high enough to keep their CPU > | >pools filled? > | > | We have some figures for that kind of stuff in > | http://www.apache-ssl.org/proofwork.pdf. > > Thanks! That was exactly what I was hoping wouldn't get said, because > I no longer believe that hashcash is substantially useful. > > Adam S --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Sep 13 13:56:10 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 13 Sep 2004 16:56:10 -0400 Subject: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation) Message-ID: --- begin forwarded text From bill.stewart at pobox.com Mon Sep 13 18:02:03 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 13 Sep 2004 18:02:03 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040912170653.M19206@ubzr.zsa.bet> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> <20040912075306.GU1457@leitl.org> <20040912170653.M19206@ubzr.zsa.bet> Message-ID: <6.0.3.0.0.20040913170521.037fd610@pop.idiom.com> The news says that North Korea's government says they were blowing the top off a mountain as part of hydroelectric construction. They don't quote any unnamed officials saying "Whoops"... From measl at mfn.org Mon Sep 13 18:59:19 2004 From: measl at mfn.org (J.A. Terranson) Date: Mon, 13 Sep 2004 20:59:19 -0500 (CDT) Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <6.0.3.0.0.20040913170521.037fd610@pop.idiom.com> References: <20040911235920.A19206@ubzr.zsa.bet> <0409120722370.10973@somehost.domainz.com> <20040912075306.GU1457@leitl.org> <20040912170653.M19206@ubzr.zsa.bet> <6.0.3.0.0.20040913170521.037fd610@pop.idiom.com> Message-ID: <20040913205613.F1054@ubzr.zsa.bet> On Mon, 13 Sep 2004, Bill Stewart wrote: > The news says that North Korea's government says they were > blowing the top off a mountain as part of hydroelectric construction. Yes, I heard it driving home this afternoon. Blowing up a mountain without any kind of warning (assuming that this isn't a case of universal coverup, which it doesn't look like) is a sure fire way to make your neighbors nervous! Nice to know Kim has a [warped but effective] sense of humor :-) > They don't quote any unnamed officials saying "Whoops"... If a nuke goes off a few dozen meters under a mountain, is there anyone there to see it? What is the sound of one mountain moving? -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From rah at shipwright.com Mon Sep 13 21:02:49 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 14 Sep 2004 00:02:49 -0400 Subject: Each to his own, except in Britain Message-ID: The Telegraph Mark Steyn Each to his own, except in Britain With rumours of mushroom clouds over North Korea and genocide in Sudan, it's good to know the Government has identified the real threat in the world today. As The Telegraph reported: "Chief constables intend to site CCTV cameras on hedgerows, fences and trees along known hunting routes to enable them to photograph hunt members who break the law after hunting with hounds is outlawed. "The controversial measure was agreed at a secret meeting between David Blunkett and the chief constables of England and Wales after the hunting ban was announced last week. Police chiefs warned the Home Secretary that enforcing the ban would cost in excess of #30 million and divert resources from front-line policing." Of course. Doesn't everything? I don't know what "front-line policing" is these days - do they still have those detachments of plain-clothes officers idling over the vindaloo in curry-houses of an evening eavesdropping on adjacent diners in case anybody makes racist remarks about the waiters? But, whatever it is, "front-line policing" isn't so urgent that "resources" can't be "diverted" in order to stick a CCTV camera on every tree in England. Maybe they can all be powered by wind turbines. But, if they can't and they have to snake the electric cable down every tree trunk in simulated wood-effect vinyl casing, it will still "send the right message" - which is that the monumentally useless British constabulary is happy to invent an entirely new criminal class if it reduces the already minimal time they have to spend dealing with the real criminal class. "D'ye ken John Peel with his coat so gay?" "Roger, Tree 74. He's just rounding Hedgerow Q89." But I don't suppose we'll be hearing "D'ye Ken John Peel?" much any more. The new countryside will need new songs: "Tie A CCTV Round The Old Oak Tree It's been three whole yards Since you last filmed me." I love hunting - which in my corner of the Eastern Seaboard means whitetail, bear, turkey and moose. "Hunting" in the sense of a lot of fellows prancing around in sissy gear holds less appeal, and the couple of times I've done it I had my four-fold scarf on but I'd accidentally five-folded it (or vice-versa) and people exchanged pitying glances. Still, each to his own - which is a good motto for a civilized society. But the toff thing makes hunting a hard sell. You may recall a few weeks ago I quoted John Kerry's somewhat unlikely observations on his favourite kind of hunting. He has been at pains all campaign season to be photographed with guns and in various sporting scenarios. Democrats spend most of every election year going to great lengths to demonstrate they're regular guys, and that usually involves some hunting or quasi-hunting activity. After the Republicans' triumph in the 1994 Congressional elections, Bill Clinton felt it useful to be filmed duck hunting - in order, if I remember correctly, to kill all the talk that he was a dead duck by going out and shooting a duck dead. So every newspaper had a picture of him emerging from the rough with his gun in one hand and a ventilated mallard in the other. Message: unlike the closing credits of his Hollywood pals' lousy movies, ducks were harmed in the making of this photo-opportunity. Did he really want to go hunting? I doubt it. I expect he'd much rather have been breaking in the new intern pool. But the point is he felt it was in his political interest to be seen killing animals. Can you imagine any development in British political life which would prompt Tony Blair's image-makers to tell him to climb into the jodhpurs and push off down to Badminton to be filmed yelling "yoicks!" and "tally-ho!" with the Beaufort? For all the talk of vibrant "multi-culturalism", Blair's Britain is strikingly unicultural - diversity of race, gender and orientation, but a ruthless homogeneity of metropolitan modishness imposed by a highly centralised politico-media culture. America is a federal state and thus local majorities prevail: in New Hampshire, we like hunting; in the gay environs of Fire Island, the thrill of the chase lies elsewhere. Each, as I said, to his own. In Britain, Soho's views on hunting should be no more relevant than Somerset's opinion of gay leather bars. But they are. And those Left-wing columnists who go on about the "climate of fear" in Bush's America ought to remember that, even in their wildest power-crazed dreams, Bush and John Ashcroft will never be able to issue a national ban on centuries-old traditions merely because they offend metropolitan taste. Nor, unlike the modern British state, are they able to keep the populace under 24-hour video surveillance, whether you're at the railway station, in the shopping centre, or strolling down a leafy country lane. Hunting is a small loss in a country bent on tearing up so much of its past, but it is a significant one. The criminalisation of a law-abiding group is not something respectable governments should embark on lightly, and in this case, regardless of how many trees and hedgerows they wire up to the network, the cure is almost certainly worse than the disease, extending to the police more opportunities for frivolous intrusion. The inability of Conservatives to defend hunting sums up the problems of British conservatism. At the time of the first Countryside March, Joanna Trollope said that the essential ingredients of village life are "church, pub, farms, cottages, a small school and a Big House". That's swell if you're the one in the Big House, but presenting rural Britain as a haven of deference and social order cripples its political viability. In Britain, this is an undeferential age - see Digby Anderson on oiks et al. Rural America is about individual liberty - where even the brokest of broke losers with no teeth can still have a few acres, a rusting trailer, a hunting licence and a "Survivors Will Be Prosecuted" sign at the foot of his drive. As long as British conservatism recoils from individual liberty and clings to Joanna Trollope Big-House social order, it will be unable to offer a viable modern defence of that which it wishes to conserve. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From pgut001 at cs.auckland.ac.nz Mon Sep 13 11:59:28 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 14 Sep 2004 06:59:28 +1200 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040912170653.M19206@ubzr.zsa.bet> Message-ID: "J.A. Terranson" writes: >Wow! I had no idea ammonium nitrate (ANFO for all intents and purposes, >yes?) could produce that kind of result! How much was there? 4,500 tons, of which only 10% detonated. (The nitrate was desensitised with ammonium sulfate and stored outside, whenever anyone needed any they'd drill holes and blast off chunks with dynamite. Ammonium nitrate has a complex chemical reaction that wasn't really understood until after the Texas City disaster in 1947, there had previously been fires in several bulk ammonium nitrate stores without any explosions. At Oppau it was assumed that amatol (a standard military explosive, ammonium nitrate + TNT) had somehow got into the piles and that was what caused the explosion). Peter. From pgut001 at cs.auckland.ac.nz Mon Sep 13 12:29:15 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 14 Sep 2004 07:29:15 +1200 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <20040913045054.GF1457@leitl.org> Message-ID: Eugen Leitl writes: >About 4.5 kT of 50:50 ammonium nitrate/ammonium sulfate mix. One of the >largest, if not *the* largest nonnuclear explosions ever. The largest man-made explosion is usually claimed to be Halifax (about 3000 tons of assorted HE's), but there are a pile of others that also count: Oppau, Texas City, Port Chicago, Lake Denmark, Silvertown, Fauld (more explosives involved than Halifax, but less loss of life, so Halifax seems to get all the publicity), etc etc etc. Peter. From jamesd at echeque.com Tue Sep 14 08:20:32 2004 From: jamesd at echeque.com (James A. Donald) Date: Tue, 14 Sep 2004 08:20:32 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <4145FA14.ACC83347@cdc.gov> Message-ID: <4146A9D0.14769.3F9CBFC@localhost> -- On 13 Sep 2004 at 12:50, Major Variola (ret) wrote: > When I was a teen I would save the instant-cold packs after > soccer games, and recrystalize the AN within. It melts and > gives off bubbles but I never collected enough N20 nor did it > detonate. You need a lot of heat to detonate AN, but I have never failed to detonate it. Perhaps your stuff was contaminated with water or stabilizer, or perhaps you need a better flame. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG fi2djYWevOtkRUevhH2YeK5Q2byRVZ/KV1oTz6Kw 4wBDsSosJ6pBM+R7BpJsx2B+Bj//NSN+TD64XPR4S From mv at cdc.gov Tue Sep 14 08:32:10 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 14 Sep 2004 08:32:10 -0700 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: <41470EFA.E788B372@cdc.gov> At 08:59 PM 9/13/04 -0500, J.A. Terranson wrote: >If a nuke goes off a few dozen meters under a mountain, is there anyone >there to see it? What is the sound of one mountain moving? You can get dust rising off the mountain ---find the video of the Paki tests. But not a big rising cloud. An underground test is a few *hundred* meters below surface. And sometimes you get a chimney of crumbled rock leading to either a crater or a dome on the surface, depending on the rock type; Nevada is pockmarked with them. But no big cloud. From mv at cdc.gov Tue Sep 14 08:37:17 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 14 Sep 2004 08:37:17 -0700 Subject: Geopolitical Darwin Awards Message-ID: <4147102D.9C5AC3BC@cdc.gov> At 09:27 AM 9/14/04 -0400, John Kelsey wrote: >>From: "Major Variola (ret)" >>Removing chunks with dynamite is trying rather hard for a Darwin award. > >As far as I can tell from what's reported in the new, a great deal of North Korea's daily operation fits that category. How about Iran stating that they're messing with UF6, when Israel[1] is a known pre-emptive bomber of Facilities to the East? That's pretty much tickling the dragon. [1] A wholly 0wn3d subsidiary of the US. Or perhaps vice-versa. From mv at cdc.gov Tue Sep 14 08:42:46 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 14 Sep 2004 08:42:46 -0700 Subject: Nanometer Bamboo Carbon TEMPEST Protection Message-ID: <41471176.E8BECB48@cdc.gov> t 10:10 AM 9/14/04 -0700, John Young wrote: >From: "dumbshit" >Subject: effectively prevent computer radiation > >especially computer radiation, which does much >harm to human body. Yeah, it really taxes my feng-shei >The main material of FANGFUWANG is active nanometer >bamboo carton. Through Chinese and Japanese experts' many >years research and repeatedly proof, the nanometer bamboo >carbon has the characteristics of being close and porous, and >having strongly absorbable capacity. Hey, my charcoal briquettes have nanometer structure too! Maybe I'll sell them as a stealth coating for chinese bombers! And if taken internally they can remove toxins! How do you say scam for the clueless in Mandarin? From kelsey.j at ix.netcom.com Tue Sep 14 06:27:32 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 14 Sep 2004 09:27:32 -0400 (GMT-04:00) Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: <14034986.1095168453267.JavaMail.root@gonzo.psp.pas.earthlink.net> >From: "Major Variola (ret)" >Sent: Sep 13, 2004 3:50 PM >To: "cypherpunks at al-qaeda.net" >Subject: Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? ... >AN is extremely deliquescent; perhaps the sulphate was for that? >Removing chunks with dynamite is trying rather hard for a Darwin award. As far as I can tell from what's reported in the new, a great deal of North Korea's daily operation fits that category. --John From bill.stewart at pobox.com Tue Sep 14 09:40:33 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 14 Sep 2004 09:40:33 -0700 Subject: Nanometer Bamboo Carbon TEMPEST Protection In-Reply-To: <41471176.E8BECB48@cdc.gov> References: <41471176.E8BECB48@cdc.gov> Message-ID: <6.0.3.0.0.20040914093448.03800d60@pop.idiom.com> >At 10:10 AM 9/14/04 -0700, John Young wrote: > >From: "dumbshit" > >Subject: effectively prevent computer radiation > > > >especially computer radiation, which does much > >harm to human body. At 08:42 AM 9/14/2004, Major Variola (ret) wrote: >How do you say scam for the clueless in Mandarin? Hey, you cultural imperialist! Western domination of the Tinfoil Hat market has got to stop! Traditional Chinese materials can be equally effective and aesthetically superior. ---- Bill Stewart bill.stewart at pobox.com From camera_lumina at hotmail.com Tue Sep 14 06:47:59 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 14 Sep 2004 09:47:59 -0400 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? Message-ID: I still think we're seeing the early stages of a Jonestown-like scenario. If we see Kim Jong Il summoning the entire NK population to PyongYang, then we can be pretty sure they're going to nuke themselves! -TD >From: John Kelsey >To: "Major Variola (ret)" , "cypherpunks at al-qaeda.net" > >Subject: Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? >Date: Tue, 14 Sep 2004 09:27:32 -0400 (GMT-04:00) > > >From: "Major Variola (ret)" > >Sent: Sep 13, 2004 3:50 PM > >To: "cypherpunks at al-qaeda.net" > >Subject: Re: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? > >... > >AN is extremely deliquescent; perhaps the sulphate was for that? > >Removing chunks with dynamite is trying rather hard for a Darwin award. > >As far as I can tell from what's reported in the new, a great deal of North >Korea's daily operation fits that category. > >--John _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From pgut001 at cs.auckland.ac.nz Mon Sep 13 15:10:25 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 14 Sep 2004 10:10:25 +1200 Subject: "Forest Fire" responsible for a 2.5mi *mushroom cloud*? In-Reply-To: <4145FA14.ACC83347@cdc.gov> Message-ID: "Major Variola (ret)" writes: >AN is extremely deliquescent; perhaps the sulphate was for that? No, it was specifically required as a desensitiser by the European nitrogen cartel, since they felt the pure nitrate was too dangerous for processing into fertiliser. >Removing chunks with dynamite is trying rather hard for a Darwin award. As I said, at the time its explosive properties weren't known so this wasn't unreasonable. There are numerous stories of multi-thousand-ton ammonium nitrate piles burning for hours without exploding (Oppau was the first time there was any significant explosion involving it). Even after Texas City, there were cases of (embarrassed) firefighters watching warehouses full of ammonium nitrate quietly burn to the ground without incident. Peter. From jya at pipeline.com Tue Sep 14 10:10:28 2004 From: jya at pipeline.com (John Young) Date: Tue, 14 Sep 2004 10:10:28 -0700 Subject: Nanometer Bamboo Carbon TEMPEST Protection Message-ID: From eugen at leitl.org Tue Sep 14 01:31:11 2004 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 14 Sep 2004 10:31:11 +0200 Subject: pci hardware for secure crypto storage (OpenSSL/OpenBSD) Message-ID: <20040914083111.GX1457@leitl.org> I'm looking for (cheap, PCI/USB) hardware to store secrets (private key) and support crypto primitives (signing, cert generation). It doesn't have to be fast, but to support loading/copying of secrets in physically secure environments, and not generate nonextractable secret onboard. Environment is OpenBSD/Linux/OpenSSL/gpg. Any suggestions? -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Tue Sep 14 08:05:49 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 14 Sep 2004 11:05:49 -0400 Subject: Shanghai strives to monitor internet bars Message-ID: www.xinhuanet.com XINHUA online Shanghai strives to monitor internet bars www.chinaview.cn 2004-09-14 10:02:41 BEIJING, Sept.14 (Xinhuanet) -- Shanghai will invest 7 million yuan, or nearly 850,000 US dollars, to monitor internet bars. The monitoring is also aimed at keeping underage youngsters away from the bars. The government will supervise the operations of nearly 1400 bars to make sure they don't stay open past the official closing time of midnight. China Radio International reported Monday. The monitoring is also aimed at keeping underage youngsters away from the bars. The government will foot the bill for the monitoring, which is estimated to be around 2.58 million yuan, or 312,000 US dollars a year, but bars will face stiff penalties if they break the law. Central government regulations limit internet bars to opening only between 8:00am and 12:00 midnight. The monitoring will be in place by the end of the year. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Tue Sep 14 11:13:59 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 14 Sep 2004 11:13:59 -0700 Subject: Spam Spotlight on Reputation In-Reply-To: <414593B6.10600@algroup.co.uk> References: <20040906221533.GA29063@danisch.de> <200409080743.i887hlBJ021453@positron.jfet.org> <414593B6.10600@algroup.co.uk> Message-ID: <6.0.3.0.0.20040914104250.03804390@pop.idiom.com> ----- BEGIN PGP SIGNED MESSAGE ----- At 05:33 AM 9/13/2004, Ben Laurie wrote: >Bill Stewart wrote: >>I find it more annoying that there are spammers putting PGP headers >>in their messages, knowing that most people who use PGP assume PGP-signed >>mail >>is from somebody genuine and whitelist it. > >Surely you should check that: >a) The signature works >b) Is someone in your list of good keys >before whitelisting? My terminology was a bit sloppy, but until recently, you could use the presence of PGP format indicators as a whitelist entry, or at least a SpamAssassin good weight - spammers didn't use the stuff, and the worst would be quasi-spam like Yet Another Invitation to some crypto-industry marketroid's seminar. It might be a rant from Detweiler or some other cypherpunk that you bozofilter, but at least that was a job for your email program to sort out, not your first-tier spamfilter. Besides, with most email clients, you can't check the PGP information without opening the email (more obviously true for PGP encrypted mail than signed mail), so the email filters just go for basic syntax. Bill Stewart bill.stewart at pobox.com -----END PGP SIGNED MESSAGE----- LKJEDGFDAFKLHFDSAFDSLAFHLKDFHLKJDHFHLDSKFHLKDHFLKDHFKLFDSFLDSFHDX DASHFLDSFHDSFKLFDSLKFLKDJSFKLSDHFLKJHDFLKJFJKDSHFDLKJHFDLKSHFLDSK BADSIGNATUREBADSIGNATUREBADSIGNATURENODOUGHNUTBADSIGNATUREBADSIGN -----END PGP SIGNATURE----- From jrandom at i2p.net Tue Sep 14 11:21:39 2004 From: jrandom at i2p.net (jrandom) Date: Tue, 14 Sep 2004 11:21:39 -0700 Subject: [i2p] weekly status notes [sep 14] Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi y'all, its that time of the week again * Index: 1) 0.4.0.1 2) Threat model updates 3) Website updates 4) Roadmap 5) Client apps 6) ??? * 1) 0.4.0.1 Since last Wednesday's 0.4.0.1 release, things have been going pretty well on the net - more than 2/3rd of the network has upgraded, and we'e been maintaining between 60 and 80 routers on the network. IRC connection times vary, but lately 4-12 hour connections have been normal. There have been some reports of funkiness starting up on OS/X though, but I believe some progress is being made on that front too. * 2) Threat model updates As mentioned in reply [1] to Toni's post [2], there has been a pretty substantial rewrite of the threat model [3]. The main difference is that rather than the old way of addressing the threats in an ad-hoc manner, I tried to follow some of the taxonomies offered within the literature [4]. The biggest problem for me was finding ways to fit the actual techniques people can use into the patterns offered - often a single attack fit within several different categories. As such, I'm not really too pleased with how the information in that page is conveyed, but its better than it was before. [1] http://dev.i2p.net/pipermail/i2p/2004-September/000442.html [2] http://dev.i2p.net/pipermail/i2p/2004-September/000441.html [3] http://www.i2p.net/how_threatmodel [4] http://freehaven.net/anonbib/topic.html * 3) Website updates Thanks to Curiosity's help, we've begun on some updates to the website - the most visible of which you can see on the homepage itself. This should help people out who stumble upon I2P and want to know right off the bat wtf this I2P thing is, rather than having to hunt and peck through the various pages. In any case, progress, ever onwards :) * 4) Roadmap Speaking of progress, I've finally thrown together a revamped roadmap [5] based upon what I feel we need to implement and upon what must be accomplished to provide for the user's needs. The major changes to the old roadmap are: * Drop AMOC altogether, replaced with UDP (however, we'll support TCP for those who can't use UDP *cough*mihi*cough*) * Kept all of the restricted route operation to the 2.0 release, rather than bring in partial restricted routes earlier. I believe we'll be able to meet the needs of many users without restricted routes, though of course with them many more users will be able to join us. Walk before run, as they say. * Pulled the streaming lib in to the 0.4.3 release, as we don't want to go 1.0 with the ~4KBps per stream limit. The bounty on this is still of course valid, but if no one claims it before 0.4.2 is done, I'll start working on it. * TCP revamp moved to 0.4.1 to address some of our uglier issues (high CPU usage when connecting to people, the whole mess with "target changed identities", adding autodetection of IP address) The other items scheduled for various 0.4.* releases have already been implemented. However, there is one other thing dropped from the roadmap... [5] http://www.i2p.net/roadmap * 5) Client apps We need client applications. Applications that are engaging, secure, scalable, and anonymous. I2P by itself doesn't do much, it merely lets two endpoints talk to each other anonymously. While I2PTunnel does offer one hell of a swiss army knife, tools like that are only really engaging to the geeks among us. We need more than that - we need something that lets people do what they actually want to do, and that helps them do it better. We need a reason for people to use I2P beyond simply because its safer. So far I've been touting MyI2P to meet that need - a distributed blogging system offering a LiveJournal-esque interface. I recently [6] discussed some of the functionality within MyI2P on the list. However, I've pulled it out of the roadmap as its just too much work for me to do and still give the base I2P network the attention it needs (we're already packed extremely tight [7]). There are a few other apps that have much promise. Stasher [8] would provide a significant infrastructure for distributed data storage, but I'm not sure how that's progressing. Even with Stasher, however, there would need to be an engaging user interface (though some FCP apps may be able to work with it). IRC is also a potent system, though has its limitations due to the server-based architecture. oOo has done some work to see about implementing transparent DCC though, so perhaps the IRC side could be used for public chat and DCC for private file transfers or serverless chat. General eepsite functionality is also important, and what we have now is completely unsatisfactory. As DrWoo points out [9], there are significant anonymity risks with the current setup, and even though oOo has made some patches filtering some headers, there is much more work to be done before eepsites can be considered secure. There are a few different approaches to addressing this, all of which can work, but all of which require work. I do know that duck mentioned he had someone working on something, though I don't know how thats coming or whether it could be bundled in with I2P for everyone to use or not. Duck? Another pair of client apps that could help would be either a swarming file transfer app (ala BitTorrent) or a more traditional file sharing app (ala DC/Napster/Gnutella/etc). This is what I suspect a large number of people want, but there are issues with each of these systems. However, they're well known and porting may not be much trouble (perhaps). Ok, so the above isn't anything new - why did I bring them all up? Well, we need to find a way to get an engaging, secure, scalable, and anonymous client application implemented, and it isn't going to happen all by itself out of the blue. I've come to accept that I'm not going to be able to do it myself, so we need to be proactive and find a way to get it done. To do so, I think our bounty system may be able to help, but I think one of the reasons we haven't seen much activity on that front (people working on implementing a bounty) is because they're spread too thin. To get the results we need, I feel we need to prioritize what we want and focus our efforts on that top item, 'sweetening the pot' so as to hopefully encourage someone to step up and work on the bounty. My personal opinion is still that a secure and distributed blogging system like MyI2P would be best. Rather than simply shoveling data back and forth anonymously, it offers a way to build communities, the lifeblood of any development effort. In addition, it offers a relatively high signal to noise ratio, low chance for abuse of the commons, and in general, a light network load. It doesn't, however, offer the full richness of normal websites, but the 1.8 million active LiveJournal users don't seem to mind. Beyond that, securing the eepsite architecture would be my next preference, allowing browsers the safety they need and letting people serve eepsites 'out of the box'. File transfer and distributed data storage are also incredibly powerful, but they don't seem to be as community oriented as we probably want for the first normal end user app. I want all of the apps listed to be implemented yesterday, as well as a thousand other apps I couldn't begin to dream of. I also want world peace, and end to hunger, the destruction of capitalism, freedom from statism, racism, sexism, homophibia, an end to the outright destruction of the environment and all that other evil stuff. However, we are only so many people and we can only accomplish so much. As such, we must prioritize and focus our efforts on achieving what we can rather than sit around overwhelmed with all we want to do. Perhaps we can discuss some ideas about what we should do in the meeting tonight. [6] http://dev.i2p.net/pipermail/i2p/2004-September/000435.html [7] http://www.i2p.net/images/plan.png [8] http://www.freenet.org.nz/python/stasher/ [9] http://brittanyworld.i2p/browsing/ * 6) ??? Well, thats all I've got for the moment, and hey, I got the status notes written up *before* the meeting! So no excuses, swing on by at 9pm GMT and barrage us all with your ideas. =jr -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQUc1OhpxS9rYd+OGEQLaYQCg0qql8muvuGEh46VICx4t69PuRl8An0Ki 3GEF2jrg/i9csiMO6VdQccxH =4Tip -----END PGP SIGNATURE----- _______________________________________________ i2p mailing list i2p at i2p.net http://i2p.dnsalias.net/mailman/listinfo/i2p ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Tue Sep 14 13:15:03 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 14 Sep 2004 16:15:03 -0400 Subject: Nanometer Bamboo Carbon TEMPEST Protection In-Reply-To: <6.0.3.0.0.20040914093448.03800d60@pop.idiom.com> References: <41471176.E8BECB48@cdc.gov> <6.0.3.0.0.20040914093448.03800d60@pop.idiom.com> Message-ID: At 9:40 AM -0700 9/14/04, Bill Stewart wrote: >Hey, you cultural imperialist! >Western domination of the Tinfoil Hat market has got to stop! >Traditional Chinese materials can be equally effective and >aesthetically superior. Who you callin' imperialist! You Veridian!!! ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ffw at hkxf.com Tue Sep 14 02:18:21 2004 From: ffw at hkxf.com (shenzhen xiongfeng) Date: Tue, 14 Sep 2004 17:18:21 +0800 Subject: effectively prevent computer radiation Message-ID: In the modern society, the computer has already become an essential tool for the people to live and work. While it brings many conveniences to the people, it also brings some worries and anxieties, especially computer radiation, which does much harm to human body. Through more than one year' study and research, Xiongfeng Technology Cor., Ltd explores the first generation high-tech product -- FANGFUWANG. FANGFUWANG makes full use of its powerful absorption so that it can effectively absorb any kind of electromagnetic wave (radiation) and prevent the disease caused by radiation. The main material of FANGFUWANG is active nanometer bamboo carton. Through Chinese and Japanese experts' many years research and repeatedly proof, the nanometer bamboo carbon has the characteristics of being close and porous, and having strongly absorbable capacity. The characteristics of FANGFUWANG's design are natural, environmental protection, convenient, which is not only taken as the interior decoration, but also used extremely convenient. If you want to know more details, you can open the Xiongfeng Technology's website at www.hkxf.com. In our website, there are our product detailed instructions and test experiment, welcome to watch. Now our company is looking for agents in the world who are interested in our products, and we are looking forward to your sincere cooperation. SHENZHEN XIONGFENG TECHNOLOGY CO.,LTD Add: 2-9F,Shenzhen Wanpan Garden, Nanshan Area, Shenzhen City, Guangdong Province, China. Tel:86-755-26000105 Fax:86-755-26000144 ----- From eugen at leitl.org Tue Sep 14 13:22:12 2004 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 14 Sep 2004 22:22:12 +0200 Subject: [i2p] weekly status notes [sep 14] (fwd from jrandom@i2p.net) Message-ID: <20040914202211.GX1457@leitl.org> ----- Forwarded message from jrandom ----- From rah at shipwright.com Tue Sep 14 21:38:32 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 15 Sep 2004 00:38:32 -0400 Subject: Symantec labels China censor-busting software as Trojan Message-ID: The Register Biting the hand that feeds IT The Register ; Internet and Law ; Digital Rights/Digital Wrongs ; Original URL: http://www.theregister.co.uk/2004/09/14/symantec_targets_freegate/ Symantec labels China censor-busting software as Trojan By John Leyden (john.leyden at theregister.co.uk) Published Tuesday 14th September 2004 18:10 GMT Symantec has labelled a program that enables Chinese surfers to view blocked websites as a Trojan Horse. Upshot? Users of Norton Anti-Virus cannot access Freegate, a popular program which circumvents government blocks, the FT reports. Freegate has 200,000 users, Dynamic Internet Technology (DIT (http://www.dit-inc.us)), its developer, estimates. It lets users view sites banned by the Chinese government by taking advantage of a range of proxy servers assigned to changeable internet addresses. But a recent update to Symantec's AV definition files means the latest version of Freegate is treated as malware and removed from systems protected by Norton. Short of disabling Norton AV, users would have little say in this. A Symantec staffer in China told the FT that Norton Anti-Virus identified Freegate as a Trojan horse, but declined to provide a rationale for such a definition. The absence of an explanation from Symantec raises concerns. We hope that the mislabelling of Freegate is a simple mistake, soon rectified, rather than yet another example of an IT firm helping Beijing implement restrictions. History provides as least one example (http://www.vmyths.com/rant.cfm?id=316&page=4) of the AV industry extending favours to China that it would normally withhold. AV firms normally keep virus samples under lock and key. But suppliers agreed to hand over virus samples to the Chinese government a few years ago as a condition of trading in the country. These samples could be easily found on the net but the incident illustrates a precedent of China being treated as a special exception. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Tue Sep 14 17:38:44 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 15 Sep 2004 02:38:44 +0200 (CEST) Subject: Geopolitical Darwin Awards In-Reply-To: <4147102D.9C5AC3BC@cdc.gov> References: <4147102D.9C5AC3BC@cdc.gov> Message-ID: <0409150212570.11062@somehost.domainz.com> On Tue, 14 Sep 2004, Major Variola (ret) wrote: > How about Iran stating that they're messing with UF6, when Israel[1] is > a known pre-emptive bomber of Facilities to the East? That's pretty > much tickling the dragon. Maybe they are playing a different game. They couldn't use the eventually produced nukes anyway, without being showered back with the same kind - but an entire Middle East crammed full of decently pissed Arabs may be well-worth of one lousy sacrificed reactor. A PR campaign with virtually guaranteed results is cheap for that price. > [1] A wholly 0wn3d subsidiary of the US. Or perhaps vice-versa. Don't be so harsh on them. "Mutual ownership of controlling stocks" is likely to be more accurate description. From rah at shipwright.com Wed Sep 15 02:41:57 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 15 Sep 2004 05:41:57 -0400 Subject: Award#0442154 - Surveillance, Analysis and Modeling of Chatroom Communities Message-ID: NSF Award Abstract - #0442154 AWSFL008-DS3 Surveillance, Analysis and Modeling of Chatroom Communities NSF Org DMS Latest Amendment Date September 7, 2004 Award Number 0442154 Award Instrument Standard Grant Program Manager Hans G. Kaper DMS DIVISION OF MATHEMATICAL SCIENCES MPS DIRECT FOR MATHEMATICAL & PHYSICAL SCIEN Start Date January 1, 2005 Expires December 31, 2005 (Estimated) Expected Total Amount $ (Estimated) Investigator Bulent Yener yener at cs.rpi.edu (Principal Investigator current) Mukkai S. Krishnamoorthy (Co-Principal Investigator current) Sponsor Rensselaer Polytech Inst 110 8th Street Troy, NY 121803522 518/276-6000 NSF Program 7276 APPROACHES TO COMBAT TERRORISM Field Application 0000099 Other Applications NEC Program Reference Code 0000,7276,9237,OTHR, Abstract The aim of this proposal is to develop new techniques for information gathering, analysis and modeling of chatroom communications. First, the investigator and his colleague consider graph-less models to capture the structure of chatroom communications. In particular, the investigators study how to develop a multidimensional singular value decomposition approach for component analysis of chatroom communication data. Second, the investigators develop new visualisation techniques to display the structural information found in the first step. Internet chatrooms provide an interactive and public forum of communication for participants with diverse objectives. Two properties of chatrooms make them particularly vulnerable for exploitation by malicious parties. First, the real identities of the participants are decoupled from their chatroom nicknames. Second, multiple threads of communication can co-exist concurrently. Although human-monitoring of each chatroom to determine "who-is-chatting-with-whom" is possible, it is very time consuming, hence not scalable. Thus, it is very easy to conceal malicious behavior in Internet chatrooms and use them for covert communications (e.g., adversary using a teenager chatroom to plan a terrorist act). This project aims at a fully automated surveillance system for data collection and analysis in Internet chatrooms to discover hidden groups. The surveillance is done in the form of statistical profiling for a particular chatter, a group of chatters, or for the entire chatroom. The statistical profiles are used to devise algorithms to determine chatters and their partners and answer to queries including (i) "in which chatrooms topic A is discussed", (ii) "who is chatting about topic A in chatroom X", (iii) "is topic A is a hot one in chatroom X" etc. Thus, the proposed system could aid the intelligence community to discover hidden communities and communication patterns in chatrooms without human intervention. This award is supported jointly by the NSF and the Intelligence Community. The Approaches to Terrorism program in the Directorate for Mathematics and Physical Sciences supports new concepts in basic research and workforce development with the potential to contribute to national security. You may also retrieve a text version of this abstract. Please report errors in award information by writing to: award-abstracts-info at nsf.gov. Please use the browser back button to return to the previous screen. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Wed Sep 15 06:45:45 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 15 Sep 2004 09:45:45 -0400 Subject: Symantec labels China censor-busting software as Trojan Message-ID: "We hope that the mislabelling of Freegate is a simple mistake, soon rectified, rather than yet another example of an IT firm helping Beijing implement restrictions." I'd say this was naive, but they give an example after this that shows they know the score. Symantec wants in to China and their $$$, and Jong Nan Hai holds the key. Hum. Seems the Chinese government is pretty effective at self-preservation. Does this contradict the widely-held Cypherpunk belief in the inevitability of deterioration of the state? Perhaps from a Crypto-anarchy perspective, there's a bootstrap point: once there exceeds a certain level of state info-control, it's very hard to get rid of it. Below that level it seems the state can't hold on. (Perhaps W is a little smarter than we thought!) -TD >From: "R. A. Hettinga" >To: cypherpunks at al-qaeda.net, cryptography at metzdowd.com >Subject: Symantec labels China censor-busting software as Trojan >Date: Wed, 15 Sep 2004 00:38:32 -0400 > > > >The Register > > > Biting the hand that feeds IT > >The Register ; Internet and Law ; Digital Rights/Digital Wrongs ; > > Original URL: >http://www.theregister.co.uk/2004/09/14/symantec_targets_freegate/ > >Symantec labels China censor-busting software as Trojan >By John Leyden (john.leyden at theregister.co.uk) >Published Tuesday 14th September 2004 18:10 GMT > >Symantec has labelled a program that enables Chinese surfers to view >blocked websites as a Trojan Horse. Upshot? Users of Norton Anti-Virus >cannot access Freegate, a popular program which circumvents government >blocks, the FT reports. > >Freegate has 200,000 users, Dynamic Internet Technology (DIT >(http://www.dit-inc.us)), its developer, estimates. It lets users view >sites banned by the Chinese government by taking advantage of a range of >proxy servers assigned to changeable internet addresses. But a recent >update to Symantec's AV definition files means the latest version of >Freegate is treated as malware and removed from systems protected by >Norton. Short of disabling Norton AV, users would have little say in this. > >A Symantec staffer in China told the FT that Norton Anti-Virus identified >Freegate as a Trojan horse, but declined to provide a rationale for such a >definition. The absence of an explanation from Symantec raises concerns. We >hope that the mislabelling of Freegate is a simple mistake, soon rectified, >rather than yet another example of an IT firm helping Beijing implement >restrictions. > >History provides as least one example >(http://www.vmyths.com/rant.cfm?id=316&page=4) of the AV industry extending >favours to China that it would normally withhold. AV firms normally keep >virus samples under lock and key. But suppliers agreed to hand over virus >samples to the Chinese government a few years ago as a condition of trading >in the country. These samples could be easily found on the net but the >incident illustrates a precedent of China being treated as a special >exception. >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From mv at cdc.gov Wed Sep 15 16:45:00 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 15 Sep 2004 16:45:00 -0700 Subject: Symantec labels China censor-busting software as Trojan Message-ID: <4148D3FC.E9CCACC5@cdc.gov> At 09:45 AM 9/15/04 -0400, Tyler Durden wrote: >Hum. Seems the Chinese government is pretty effective at self-preservation. >Does this contradict the widely-held Cypherpunk belief in the inevitability >of deterioration of the state? "We" have always held that a sufficiently policed state can defeat crypto. If the RIAA could put a vidcam in your computer room, things are easy. If crypto is illegal, things are easy. (We have remarked on how, modulo stego, crypto traffic is trivial to detect with any entropy measure. Got PGP headers?) China is a police state. A state with freedom of expression ---which does not include much or all of Europe--- is less so. China is also a nukepower, so it is likely to persist. From mv at cdc.gov Wed Sep 15 16:52:59 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 15 Sep 2004 16:52:59 -0700 Subject: Award#0442154 - Surveillance, Analysis and Modeling of Chatroom Message-ID: <4148D5DB.33819576@cdc.gov> At 05:41 AM 9/15/04 -0400, R. A. Hettinga wrote: >NSF Award Abstract - #0442154 Yeah, this is Science (snicker)... >Surveillance, Analysis and Modeling of Chatroom Communities > Abstract > The aim of this proposal is to develop new techniques for information >gathering, analysis and modeling of chatroom communications. First, the >investigator and his colleague consider graph-less models to capture the >structure of chatroom communications. In particular, the investigators >study how to develop a multidimensional singular value decomposition buzzword alert >approach for component analysis of chatroom communication data. Second, the >investigators develop new visualisation techniques to display the buzzword alert >structural information found in the first step. > Internet chatrooms provide an interactive and public forum of >communication for participants with diverse objectives. Two properties of >chatrooms make them particularly vulnerable for exploitation by malicious >parties. First, the real identities of the participants are decoupled from >their chatroom nicknames. As if email doesn't share that property? You really think I work for cdc.gov? Second, multiple threads of communication can >co-exist concurrently. What a fucking concept... Although human-monitoring of each chatroom to >determine "who-is-chatting-with-whom" is possible, it is very time >consuming, hence not scalable. Thus, it is very easy to conceal malicious >behavior in Internet chatrooms and use them for covert communications >(e.g., adversary using a teenager chatroom to plan a terrorist act). How about teenagers planning terrorist attacks? Or terrorists' senior proms? This >project aims at a fully automated surveillance system for data collection >and analysis in Internet chatrooms to discover hidden groups. Use textual stego, mofo. Thus, the proposed system could >aid the intelligence community to discover hidden communities and >communication patterns in chatrooms without human intervention. A pretty good argument for broadcast stego. > This award is supported jointly by the NSF and the Intelligence Community. I bet. They already 0wn the fucking IX points, and can grab the DHCP records; don't you think the spooks already do this, and more? Look at Orion Sci, which graphs gangs. Extrapolate to IP. If these bozos were better they wouldn't be in Troy. From camera_lumina at hotmail.com Wed Sep 15 18:57:50 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 15 Sep 2004 21:57:50 -0400 Subject: Symantec labels China censor-busting software as Trojan Message-ID: Hum, well, I always kind of thought May felt/wrote that some dis-assembly of the state was inevitable given the possibility of strong crypto, and even in China I would maintain that there's already enough computer power+anonymity that encrypted communications can/will occur. (Remember, China is BIG...as big as the mainland US plus Alaska, and much of it far less accessible...and let's not forget that there are areas the size of Western Europe where Han dominance is not particularly appreciated.) I tend to agree, though that the bootstrapping process can be greatly retarded in the presence of a heavy police state....but above a certain threshold it can unfold quickly. What I wonder if whether W and his buddies were up late drinkin' one night and figured out that we were nearing the threshold you speak of, a threshold they believed they had to save humanity from. I mean, what if just anyone could send any message they wanted without their government listening in? Someone's gotta be in charge, after all, and it better be us and not the ragheads 'cause God loves US and plans on sending all of them to hell unless they see the error of their distinctly non-American ways. -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: RE: Symantec labels China censor-busting software as Trojan >Date: Wed, 15 Sep 2004 16:45:00 -0700 > >At 09:45 AM 9/15/04 -0400, Tyler Durden wrote: > >Hum. Seems the Chinese government is pretty effective at >self-preservation. > >Does this contradict the widely-held Cypherpunk belief in the >inevitability > >of deterioration of the state? > >"We" have always held that a sufficiently policed state can defeat >crypto. >If the RIAA could put a vidcam in your computer room, things are easy. >If crypto is illegal, things are easy. (We have remarked on how, >modulo stego, crypto traffic is trivial to detect with any entropy >measure. Got PGP headers?) > >China is a police state. A state with freedom of expression ---which >does >not include much or all of Europe--- is less so. China is also a >nukepower, >so it is likely to persist. _________________________________________________________________ Get ready for school! Find articles, homework help and more in the Back to School Guide! http://special.msn.com/network/04backtoschool.armx From iang at systemics.com Wed Sep 15 15:54:59 2004 From: iang at systemics.com (Ian Grigg) Date: Wed, 15 Sep 2004 23:54:59 +0100 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> Message-ID: <4148C843.9000700@systemics.com> Bill Stewart wrote: > Also, the author's document discusses protecting BGP to prevent > some of the recent denial-of-service attacks, > and asks for confirmation about the assertion in a message > on the IPSEC mailing list suggesting > "E.g., it is not feasible for BGP routers to be configured with the > appropriate certificate authorities of hundreds of thousands of peers". > Routers typically use BGP to peer with a small number of partners, > though some big ISP gateway routers might peer with a few hundred. > (A typical enterprise router would have 2-3 peers if it does BGP.) > If a router wants to learn full internet routes from its peers, > it might learn 1-200,000, but that's not the number of direct connections > that it has - it's information it learns using those connections. > And the peers don't have to be configured "rapidly without external > assistance" - > you typically set up the peering link when you're setting up the > connection between an ISP and a customer or a pair of ISPs, > and if you want to use a CA mechanism to certify X.509 certs, > you can set up that information at the same time. On the backbone, between BGP peers, one would have thought that there are relatively few attackers, as the staff are highly trusted and the wires are hard to access - hence no active attacks going on and only some passive eavesdropping attacks. Also, anyone setting up BGP routing knows the other party, so there is a prior relationship. The whole point of the CA model is that there is no prior relationship and that the network is a wild wild west sort of place - both of these assumptions seem to be reversed in the backbone world, no? So one would think that using opportunistic cryptography would be ideal for the BGP world? iang From rah at shipwright.com Wed Sep 15 21:16:46 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 16 Sep 2004 00:16:46 -0400 Subject: Keith Henson Needs Help Message-ID: kuro5hin.org || technology and culture, from the trenches Keith Henson Needs Help (MLP) By Baldrson Wed Sep 15th, 2004 at 07:42:14 AM EST For those who don't know him, Keith Henson co-founded the L5 Society, was President of Xanadu Corporation and was a featured character in The Great Mambo Chicken and the Transhuman Condition: Science Slightly Over the Edge. He's about to be deported from Canada to the United States where he faces time in the infamous California prison system. Recently on the cryonics mailing list Keith Henson issued a plea for help: ... at this point I am a "failed refugee." The only thing that can keep me from being deported to the US on short notice is an appeal to the Minister of Citizenship and Immigration. Her office gets 15,000 letters a week so it takes a well known case to reach the level where it gets attention. What is going on here and why should anyone care? The short story is that Keith has been fighting against Scientology and as a result ended up fleeing the United States to Canada to avoid a misdemeanor conviction brought against him by Scientologists. Here's the prosecuting attorney's speech given the jury on the charges: Now, His Honor read to you in the beginning of the case that the defendant has been charged with three counts. First count is -- now, these are numeric numbers and they mean nothing to you, so I will give you names for what they are. The first one is 422, violation of Penal Code Section 422. And 664/422 and 422.6. Now I'll give them names. 422 is terrorist threats. Now, that conjures up images of Beruit or the Twin Towers bombing, but that's not what it means. It just means a threat that causes someone terror, that frightens people. That's what Count One is. Count two is 664/422, is the attempt, the attempt to do the exact same thing, to cause to threaten, to attempt to threaten and cause terror or frighten someone. And the last count is 422.6. And that's essentially defined as the interference with someone's rights guaranteed by the Constitution, their civil rights, and in this case the right to practice their religion without fear. Essentially 422.6 is a hate crime. Now, let's talk about the first count, and we'll go count by count. The first count, 422, again I told you was just threats that caused people to be afraid. Essentially the elements are these: Number one, there has to be somewhat of a threat. There has to be a threat. The person has to intend there to be a threat. And lastly, that the victims have a reasonable fear. However, the person doesn't have to have to want to carry it out. There has to be no intention to carry out the threat. Keith's been in Canada for a few years and is trying to remain there as a refugee. Well, I'll confess my bias. Although Keith and I have known each other since the early days of the L5 Society, we have serious disagreements on a lot of things -- not the least of which are many opinions about Jews, genes and memes etc. More immediately relevant is the fact that I just don't "get" Keith's fight against Scientology. Scientologists seem like a joke to me and IMHO people who get involved with them suffer about as much but no more than people who get involved with New York City nightlife. Be that as it may, I personally don't like seeing anyone spend time in a US, let alone California, prison system. I once refused to testify against a young Hispanic after he had stolen my car because, despite the fact that he would be more protected than a man of my ethnicity in a California prison, he would nevertheless be subjected to a substantial likelihood of being "punked out". That's not my idea of justice. Keith is an old guy -- unlikely to be punked out despite the fact that he's a non-violent 'white guy' -- but he's the kind of guy who probably wouldn't do well in a California prison. As I said, we have serious differences but I've known him for decades, and his going into a California prison doesn't sit right with me anymore than it does with a young Hispanic kid who I don't know. The US now incarcerates a greater percentage of its population than does any other country. That's quite an accomplishment for a system known world-wide to also be a source of racist sexual sadism. So quite honestly I don't care what Henson has or hasn't done. He doesn't belong in a US prison. No one does. Even the best of US prisons still will extradite to the worst of US prisons. There are precedents for refusing to extradite criminals from Canada due to conditions in the US prison system. For example, assistant U.S. attorney Gordon Zubrod from Harrisburg, PA made the following public statement to 3 suspects who fled to Canada (this statement was captured for the public record during a Canadian Broadcasting Corporation interview): "You're going to be the boyfriend of a very bad man if you wait out your extradition." After that it was very hard for the Canadian authorities to justify extraditing the suspects to the US. Now, agreed, it is rather unusual for a federal official to lose his grip this way, but everyone knows this is exactly the sort of power that "law" enforcement officials wield over criminals in the US. Why does it take a federal official slipping up royally like that to get asylum? To make matters worse, Keith claims he has been threatened with abuse in prison by Scientology zealots: "And cult agents have made fairly clear public threats that I would not survive jail." Is Keith making this up? Not likely. Scientologists aren't known for their tact, any more than are federal attorneys. Anyway, back to the question: Why should you care? Maybe you don't like Scientology. Maybe you like Keith. Maybe you just like to mess with the California government. Whatever, Keith Henson is asking for help and he quite probably actually needs it. Full discussion: http://www.kuro5hin.org/story/2004/9/14/32340/5809 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Wed Sep 15 18:22:43 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 16 Sep 2004 03:22:43 +0200 (CEST) Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <4148C843.9000700@systemics.com> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> <4148C843.9000700@systemics.com> Message-ID: <0409160317470.0@somehost.domainz.com> On Wed, 15 Sep 2004, Ian Grigg wrote: > The whole point of the CA model is that there is no prior > relationship and that the network is a wild wild west sort > of place - both of these assumptions seem to be reversed > in the backbone world, no? So one would think that using > opportunistic cryptography would be ideal for the BGP world? If I remember correctly, the TCP MD5 option field was designed for securing BGP traffic, using the shared secret approach. I was also thinking about "borrowing" this feature for things like announcement of additional features, eg. the possibility of opportunistic encryption, in eg. the TCP/SYNACK packets. There's space for 16 bytes of magic numbers. From mv at cdc.gov Thu Sep 16 07:26:13 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 16 Sep 2004 07:26:13 -0700 Subject: jpegs are vectors Message-ID: <4149A285.5B0E2ECA@cdc.gov> http://news.bbc.co.uk/2/hi/technology/3661678.stm Image flaw exposes Windows PCs Computer users could be open to attack from malicious hackers because of the way that Windows displays some images. A buffer overrun of course. But this is even better than the PNG vulnerability reported earlier this year. All your service packs are belong to us. From rah at shipwright.com Thu Sep 16 05:41:34 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 16 Sep 2004 08:41:34 -0400 Subject: AOL dumps sender ID Message-ID: AOL dumps sender ID @2Brute? By Nick Farrell: Thursday 16 September 2004, 07:25 POPULAR ISP AOL has knifed Microsoft's anti-spam technology Sender ID. According to internetnews.com, AOL has dumped the idea following concerns expressed by the Internet Engineering Task Force (IETF), coupled with the tepid support for Sender ID in the open source community. However, AOL says it will press ahead with in favour of the Sender Policy Framework (SPF)which was a component of Sender ID. The company said it will also publish Sender ID files so its users' e-mails are compliant with Sender ID-enabled servers and applications. A spokesman said that AOL also has serious, technical concerns that Sender ID appears isn't backwardly-compatible with the original SPF specification. The full story can be found here. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Thu Sep 16 07:47:28 2004 From: measl at mfn.org (J.A. Terranson) Date: Thu, 16 Sep 2004 09:47:28 -0500 (CDT) Subject: Keith Henson Needs Help (fwd) Message-ID: <20040916093623.D1054@ubzr.zsa.bet> Besides forwarding the below, let me point out (for those few who aren't familiar with this case) a few choice tidbits (taken from the web site that has been tracking this case since it's inception, http://www.operatingthetan.com/ ): "On 26 Apr 2001, Keith Henson was convicted of "interfering with a religion", a misdemeanor under California law, for picketing outside Scientology..." "At trial, the judge threw out all Henson's witnesses, disallowed any testimony about his reasons for picketing the cult, and allowed the prosecution to present excerpts from Henson's Internet postings out of context; the Scientology witnesses also committed perjury which Henson was unable to rebut." The worst part of all this is that the underlying charges of "terrorism" were based on this *obviously* sarcastic thread from usenet: http://www.operatingthetan.com/evidposts.txt This is an incredibly serious abuse of our so-called "justice system" - anything you can do to help Henson out may come back to help *you* out someday. No none of the cosmic karma crap, but I guarantee you that if we allow people to be imprisoned for making jokes that are politically offensive, by specifically preventing them from presenting any exculpatory evidence at trial (a rapidly increasing practice in our "courts"), we will *all* suffer for it. Send mail. Physical mail! Ask your friends to do it too. The only thing more important than getting the angry little midget monster out of the White House are these kind of incredible abuses of the system. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? ---------- Forwarded message ---------- Date: Thu, 16 Sep 2004 00:16:46 -0400 From: R. A. Hettinga To: cypherpunks at al-qaeda.net, cyberia-l at listserv.aol.com, nettime-l at bbs.thing.net Subject: Keith Henson Needs Help kuro5hin.org || technology and culture, from the trenches Keith Henson Needs Help (MLP) By Baldrson Wed Sep 15th, 2004 at 07:42:14 AM EST For those who don't know him, Keith Henson co-founded the L5 Society, was President of Xanadu Corporation and was a featured character in The Great Mambo Chicken and the Transhuman Condition: Science Slightly Over the Edge. He's about to be deported from Canada to the United States where he faces time in the infamous California prison system. Recently on the cryonics mailing list Keith Henson issued a plea for help: ... at this point I am a "failed refugee." The only thing that can keep me from being deported to the US on short notice is an appeal to the Minister of Citizenship and Immigration. Her office gets 15,000 letters a week so it takes a well known case to reach the level where it gets attention. What is going on here and why should anyone care? The short story is that Keith has been fighting against Scientology and as a result ended up fleeing the United States to Canada to avoid a misdemeanor conviction brought against him by Scientologists. Here's the prosecuting attorney's speech given the jury on the charges: Now, His Honor read to you in the beginning of the case that the defendant has been charged with three counts. First count is -- now, these are numeric numbers and they mean nothing to you, so I will give you names for what they are. The first one is 422, violation of Penal Code Section 422. And 664/422 and 422.6. Now I'll give them names. 422 is terrorist threats. Now, that conjures up images of Beruit or the Twin Towers bombing, but that's not what it means. It just means a threat that causes someone terror, that frightens people. That's what Count One is. Count two is 664/422, is the attempt, the attempt to do the exact same thing, to cause to threaten, to attempt to threaten and cause terror or frighten someone. And the last count is 422.6. And that's essentially defined as the interference with someone's rights guaranteed by the Constitution, their civil rights, and in this case the right to practice their religion without fear. Essentially 422.6 is a hate crime. Now, let's talk about the first count, and we'll go count by count. The first count, 422, again I told you was just threats that caused people to be afraid. Essentially the elements are these: Number one, there has to be somewhat of a threat. There has to be a threat. The person has to intend there to be a threat. And lastly, that the victims have a reasonable fear. However, the person doesn't have to have to want to carry it out. There has to be no intention to carry out the threat. Keith's been in Canada for a few years and is trying to remain there as a refugee. Well, I'll confess my bias. Although Keith and I have known each other since the early days of the L5 Society, we have serious disagreements on a lot of things -- not the least of which are many opinions about Jews, genes and memes etc. More immediately relevant is the fact that I just don't "get" Keith's fight against Scientology. Scientologists seem like a joke to me and IMHO people who get involved with them suffer about as much but no more than people who get involved with New York City nightlife. Be that as it may, I personally don't like seeing anyone spend time in a US, let alone California, prison system. I once refused to testify against a young Hispanic after he had stolen my car because, despite the fact that he would be more protected than a man of my ethnicity in a California prison, he would nevertheless be subjected to a substantial likelihood of being "punked out". That's not my idea of justice. Keith is an old guy -- unlikely to be punked out despite the fact that he's a non-violent 'white guy' -- but he's the kind of guy who probably wouldn't do well in a California prison. As I said, we have serious differences but I've known him for decades, and his going into a California prison doesn't sit right with me anymore than it does with a young Hispanic kid who I don't know. The US now incarcerates a greater percentage of its population than does any other country. That's quite an accomplishment for a system known world-wide to also be a source of racist sexual sadism. So quite honestly I don't care what Henson has or hasn't done. He doesn't belong in a US prison. No one does. Even the best of US prisons still will extradite to the worst of US prisons. There are precedents for refusing to extradite criminals from Canada due to conditions in the US prison system. For example, assistant U.S. attorney Gordon Zubrod from Harrisburg, PA made the following public statement to 3 suspects who fled to Canada (this statement was captured for the public record during a Canadian Broadcasting Corporation interview): "You're going to be the boyfriend of a very bad man if you wait out your extradition." After that it was very hard for the Canadian authorities to justify extraditing the suspects to the US. Now, agreed, it is rather unusual for a federal official to lose his grip this way, but everyone knows this is exactly the sort of power that "law" enforcement officials wield over criminals in the US. Why does it take a federal official slipping up royally like that to get asylum? To make matters worse, Keith claims he has been threatened with abuse in prison by Scientology zealots: "And cult agents have made fairly clear public threats that I would not survive jail." Is Keith making this up? Not likely. Scientologists aren't known for their tact, any more than are federal attorneys. Anyway, back to the question: Why should you care? Maybe you don't like Scientology. Maybe you like Keith. Maybe you just like to mess with the California government. Whatever, Keith Henson is asking for help and he quite probably actually needs it. Full discussion: http://www.kuro5hin.org/story/2004/9/14/32340/5809 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Thu Sep 16 10:30:55 2004 From: jamesd at echeque.com (James A. Donald) Date: Thu, 16 Sep 2004 10:30:55 -0700 Subject: Symantec labels China censor-busting software as Trojan In-Reply-To: Message-ID: <41496B5F.26006.22B38F5@localhost> -- On 15 Sep 2004 at 9:45, Tyler Durden wrote: > Hum. Seems the Chinese government is pretty effective at > self-preservation. Does this contradict the widely-held > Cypherpunk belief in the inevitability of deterioration of > the state? The authors of Freegate believe that for technological reasons, the internet will win, and the chinese government will lose. They are chinese. They are familiar with repression, and familiar with technology. They are the kind of people who know what they are talking about. They had had fifteen million downloads of their software, which is continually rewritten to meet the latest threats and tactics from the chinese government. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /1akS93Sf2XKwg4FTmI8LdG6vC+cX53AeniWvjvD 48vdg03WMvEq/iMRpuzdB5uOFSZBsdaVv5+zX6o3/ From jamesd at echeque.com Thu Sep 16 10:50:37 2004 From: jamesd at echeque.com (James A. Donald) Date: Thu, 16 Sep 2004 10:50:37 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: <0409150212570.11062@somehost.domainz.com> References: <4147102D.9C5AC3BC@cdc.gov> Message-ID: <41496FFD.13950.23D4135@localhost> -- On 15 Sep 2004 at 2:38, Thomas Shaddack wrote: > Maybe they are playing a different game. They [Iran] couldn't > use the eventually produced nukes anyway, without being > showered back with the same kind They are fanatics. They expect to get a six pack of virgins. And they will say "Hey, it was not us, it was these terrorists who happen to have somehow stolen some nukes from persons unknown. We are completely opposed to terrorism, and are fully cooperating with foreign investigations." --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /Y5bZ5vcTSLqigJSE6PrHkJplrE/rkCOv5ZqjTCd 4hlcKGlAs6dJgsGrsyIqiOz5Qfdc2wMId/LdnAnXG From touch at ISI.EDU Thu Sep 16 14:17:09 2004 From: touch at ISI.EDU (Joe Touch) Date: Thu, 16 Sep 2004 14:17:09 -0700 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <4148C843.9000700@systemics.com> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> <4148C843.9000700@systemics.com> Message-ID: <414A02D5.3080702@isi.edu> Ian Grigg wrote: > Bill Stewart wrote: > >> Also, the author's document discusses protecting BGP to prevent >> some of the recent denial-of-service attacks, >> and asks for confirmation about the assertion in a message >> on the IPSEC mailing list suggesting >> "E.g., it is not feasible for BGP routers to be configured with the >> appropriate certificate authorities of hundreds of thousands of >> peers". >> Routers typically use BGP to peer with a small number of partners, >> though some big ISP gateway routers might peer with a few hundred. >> (A typical enterprise router would have 2-3 peers if it does BGP.) >> If a router wants to learn full internet routes from its peers, >> it might learn 1-200,000, but that's not the number of direct connections >> that it has - it's information it learns using those connections. >> And the peers don't have to be configured "rapidly without external >> assistance" - >> you typically set up the peering link when you're setting up the >> connection between an ISP and a customer or a pair of ISPs, >> and if you want to use a CA mechanism to certify X.509 certs, >> you can set up that information at the same time. > > On the backbone, between BGP peers, one would have thought > that there are relatively few attackers, as the staff are > highly trusted and the wires are hard to access - hence no > active attacks going on and only some passive eavesdropping > attacks. Also, anyone setting up BGP routing knows the other > party, so there is a prior relationship. My understanding of the attacks this past spring is that: a) they were indeed on the backbone BGP peers b) that those peers had avoided setting up preshared keys or getting mutually-authenticatable certificates because of the configuration overhead (small on a per-pair basis, but may be large in aggregate) While inspired by this issue, there may be other solutions (e.g., IMO IPsec) which are more appropriate for BGP peers. > The whole point of the CA model is that there is no prior > relationship and that the network is a wild wild west sort > of place Except that certs need to be signed by authorities that are trusted. > - both of these assumptions seem to be reversed > in the backbone world, no? So one would think that using > opportunistic cryptography would be ideal for the BGP world? > > iang I wouldn't think that the encryption need be opportunistic; in the BGP backbone world, as you noted, peers are known a-priori, and should have certs that could be signed by well-known, trusted CAs. Joe [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From bill.stewart at pobox.com Thu Sep 16 15:32:46 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 16 Sep 2004 15:32:46 -0700 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <414A02D5.3080702@isi.edu> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> <4148C843.9000700@systemics.com> <414A02D5.3080702@isi.edu> Message-ID: <6.0.3.0.0.20040916151712.0420ba18@pop.idiom.com> At 02:17 PM 9/16/2004, Joe Touch wrote: >Ian Grigg wrote: >>On the backbone, between BGP peers, one would have thought >>that there are relatively few attackers, as the staff are >>highly trusted and the wires are hard to access - hence no >>active attacks going on and only some passive eavesdropping >>attacks. Also, anyone setting up BGP routing knows the other >>party, so there is a prior relationship. > >My understanding of the attacks this past spring is that: > a) they were indeed on the backbone BGP peers > b) that those peers had avoided setting up > preshared keys or getting mutually-authenticatable > certificates because of the configuration overhead > (small on a per-pair basis, but may be large > in aggregate) The interesting attacks were a sequence-number guessing attack using forged TCP RST packets, which tell the TCP session to tear down, therefore dropping the BGP connection (typically between two ISPs). The attackers didn't need to be trusted backbone routers - they could be randoms anywhere on the Internet. BGP authentication doesn't actually help this problem, because the attack simply kills the connection at a TCP layer rather than lying to the BGP application. A simple way to avoid most of this problem is to filter packets at the edges so that customer connections can't send IP (or ICMP, while you're at it) packets to the core addresses on the routers that do the BGP signalling. (It's not a complete solution, because both ends of the connection need to so that, or need to do spoof-proofing so nobody can forge packets from those addresses, or both.) Customers can still send packets to the ISP edge routers supporting their own connections, but killing your own internet connection is much less entertaining than killing somebody else's, and if the customer is managing their own router, their users probably have an easier time killing that end of the connection than convincing the ISP's end to drop the connection. (One downside to this approach is that customers can't simply ping routers to get information about paths, latencies, capacities, etc., but that's not necessarily a bad thing. Also, you can set things up so they can traceroute to the far end of a connection and still get traceroute responses from the intermediate routers.) >While inspired by this issue, there may be other solutions (e.g., IMO >IPsec) which are more appropriate for BGP peers. >... >I wouldn't think that the encryption need be opportunistic; in the BGP >backbone world, as you noted, peers are known a-priori, and should have >certs that could be signed by well-known, trusted CAs. I agree with Joe. You can fix most of the problems using ACLs, but IPSEC does have some appeal to it. You don't even need CAs - pre-shared secrets are perfectly adequate, but if you want to use a CA-based IPSEC implementation for convenience, you can agree on what CA to use when you're agreeing on other parameters. ---- Bill Stewart bill.stewart at pobox.com From measl at mfn.org Thu Sep 16 13:48:01 2004 From: measl at mfn.org (J.A. Terranson) Date: Thu, 16 Sep 2004 15:48:01 -0500 (CDT) Subject: Geopolitical Darwin Awards In-Reply-To: References: Message-ID: <20040916154725.D1054@ubzr.zsa.bet> On Thu, 16 Sep 2004, Tyler Durden wrote: > >They are fanatics. They expect to get a six pack of virgins. > >And they will say "Hey, it was not us, it was these terrorists > >who happen to have somehow stolen some nukes from persons > >unknown. We are completely opposed to terrorism, and are fully > >cooperating with foreign investigations." This sounds like dubya, not the ayatollahs. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From camera_lumina at hotmail.com Thu Sep 16 12:54:49 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 16 Sep 2004 15:54:49 -0400 Subject: Geopolitical Darwin Awards Message-ID: Who, the Iranians? Which ones are fanatics? I'll grant there are some fanatics left in Iran, but Iran seems increasingly dominated by fairly sleezy clergy/judges. Like any government, theirs is deteriorating into a mere racket. And if you ask me, fanaticism never lasts very long anywhere, only for about a generation during turbulent times. Iran in particular is a special case...seems to me their cultural momentum will always outweigh any temporary fanaticism. A country that has a small but thriving prostitution industry can't be all that fanatical. -TD >From: "James A. Donald" >To: "cypherpunks at al-qaeda.net" >Subject: Re: Geopolitical Darwin Awards >Date: Thu, 16 Sep 2004 10:50:37 -0700 > > -- >On 15 Sep 2004 at 2:38, Thomas Shaddack wrote: > > Maybe they are playing a different game. They [Iran] couldn't > > use the eventually produced nukes anyway, without being > > showered back with the same kind > >They are fanatics. They expect to get a six pack of virgins. >And they will say "Hey, it was not us, it was these terrorists >who happen to have somehow stolen some nukes from persons >unknown. We are completely opposed to terrorism, and are fully >cooperating with foreign investigations." > > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > /Y5bZ5vcTSLqigJSE6PrHkJplrE/rkCOv5ZqjTCd > 4hlcKGlAs6dJgsGrsyIqiOz5Qfdc2wMId/LdnAnXG _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From touch at ISI.EDU Thu Sep 16 16:05:07 2004 From: touch at ISI.EDU (Joe Touch) Date: Thu, 16 Sep 2004 16:05:07 -0700 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <6.0.3.0.0.20040916151712.0420ba18@pop.idiom.com> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> <4148C843.9000700@systemics.com> <414A02D5.3080702@isi.edu> <6.0.3.0.0.20040916151712.0420ba18@pop.idiom.com> Message-ID: <414A1C23.80408@isi.edu> Bill Stewart wrote: > At 02:17 PM 9/16/2004, Joe Touch wrote: > >> Ian Grigg wrote: >> >>> On the backbone, between BGP peers, one would have thought >>> that there are relatively few attackers, as the staff are >>> highly trusted and the wires are hard to access - hence no >>> active attacks going on and only some passive eavesdropping >>> attacks. Also, anyone setting up BGP routing knows the other >>> party, so there is a prior relationship. >> >> >> My understanding of the attacks this past spring is that: >> a) they were indeed on the backbone BGP peers >> b) that those peers had avoided setting up >> preshared keys or getting mutually-authenticatable >> certificates because of the configuration overhead >> (small on a per-pair basis, but may be large >> in aggregate) > > The interesting attacks were a sequence-number guessing attack > using forged TCP RST packets, which tell the TCP session to tear down, > therefore dropping the BGP connection (typically between two ISPs). > The attackers didn't need to be trusted backbone routers - > they could be randoms anywhere on the Internet. > BGP authentication doesn't actually help this problem, > because the attack simply kills the connection at a TCP layer > rather than lying to the BGP application. FWIW, the other system we were referring to - TCP-MD5 - works at the TCP layer. It rejects packets within TCP, before any further TCP processing, that don't match the MD5 hash. It isn't BGP authentication. This is why I refer to it as TCP-MD5 rather than BGP-MD5, even though the latter is more common. Joe [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Thu Sep 16 13:06:47 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 16 Sep 2004 16:06:47 -0400 Subject: Phones gain coded security Message-ID: IT Week Phones gain coded security Certicom offers a cross platform security kit for handset developers Daniel Robinson, IT Week 16 Sep 2004 Cryptography firm Certicom has announced a cross-platform security toolkit for future mobile phone handsets. The Certicom Security Architecture for Mobility will provide a common programming interface for developers to access functions such as encryption across various mobile chipsets and operating systems, according to the firm. The move should speed development of handsets with better security. Certicom's Security Architecture for Mobility (CSA) builds on the company's Security Builder Middleware, a hardware abstraction layer that is optimised to work with a specific chipset or hardware platform. The first supported hardware will be Intel's Wireless Trusted Platform, which consists of security functions that are built into Intel's PXA270 series of XScale mobile chips. CSA will support this from the fourth quarter of this year, and support for other mobile platforms will follow. "Pressure for greater security is coming from enterprise customers. [Security] used to be seen as an add-on to IT systems, but lately it has been regarded as something that has to be embedded from the beginning," commented Certicom's vice-president of marketing, Roy Pereira. CSA has resulted from Certicom's collaboration with Intel on security for a major handset vendor, Pereira said. He declined to name the vendor, for commercial reasons. Handset vendors are focused on applications, not cryptography, Certicom said, and its middleware layer lets them easily build in cryptography support, shortening the development time and giving handset makers a common interface for encryption functions no matter what the underlying chipset is. "They could move their code from a basic ARM chip to a PXA270 and get a boost from the hardware support without having to rewrite," Pereira said. CSA also includes a software cryptography module for platforms that do not have on-chip encryption hardware. Other optional modules include Security Builder IPSec, a library of VPN functions for resource-constrained devices; Security Builder SSL for Secure Sockets Layer commun- ications; and Security Builder PKI for managing digital certificates. However, CSA offers more than just encryption, according to Pereira. It supports the secure boot feature of Intel's Wireless Trusted Platform, which checks the handset has not been tampered with before starting the operating system. Certicom said it would support all major handset platforms, including those with on-chip security hardware. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Thu Sep 16 20:11:56 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 16 Sep 2004 20:11:56 -0700 Subject: potential new IETF WG on anonymous IPSec Message-ID: <414A55FC.3F7EF47@cdc.gov> At 02:17 PM 9/16/04 -0700, Joe Touch wrote: >Except that certs need to be signed by authorities that are trusted. Name one. From mv at cdc.gov Thu Sep 16 20:17:30 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 16 Sep 2004 20:17:30 -0700 Subject: public-key: the wrong model for email? Message-ID: <414A574A.8963DB11@cdc.gov> At 10:28 PM 9/16/04 +0200, Hadmut Danisch wrote: >Because PKC works for this Alice&Bob communication scheme. If you >connect to a web server, then what you want to know, or what >authentication means is: "Are you really www.somedomain.com?" >That's the Alice&Bob model. SSL is good for that. What makes you think verislime or other CAs are authenticating? You can't sue them, they are 0wn3d by a State (and so can issue false certs, just like States issue false meatspace IDs), etc. >If I send you an encrypted e-mail, I do want that _you_ Ed Gerck, >can read it only. That's still the Alice&Bob model. PGP and S/MIME >are good for that. What makes you think that EG is a physical entity, if you haven't met him and learned to trust him through out of band channels? >The sender of an e-mail does not need to pretend beeing a particular >person or sender. Any identity of the 8 (10?) billion humans on earth >will do it. What makes you think that, given 1e10 humans, there are 1e10 identities? Ie, why do you think there is a one-to-one mapping? >PKC is good as long as the communication model is a closed and >relatively small user group. A valid signature of an unknown sender >has at least the meaning that the sender belongs to that user group. PKC is only as good as the means by which you obtain the public key. A server, a CA, are all worthless. The emperor has no clothes, get used to it. From justin-cypherpunks at soze.net Thu Sep 16 23:20:09 2004 From: justin-cypherpunks at soze.net (Justin) Date: Fri, 17 Sep 2004 06:20:09 +0000 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <414A55FC.3F7EF47@cdc.gov> References: <414A55FC.3F7EF47@cdc.gov> Message-ID: <20040917062009.GA25627@arion.soze.net> On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote: > > At 02:17 PM 9/16/04 -0700, Joe Touch wrote: > >Except that certs need to be signed by authorities that are trusted. > > Name one. Oh, come on. Nothing can be absolutely trusted. How much security is enough? Aren't the DOD CAs trusted enough for your tastes? Of course, 'tis problematic for civilians to get certs from there. From rah at shipwright.com Fri Sep 17 04:58:56 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 17 Sep 2004 07:58:56 -0400 Subject: Symantec to acquire @Stake Message-ID: The San Jose Mercury News Posted on Thu, Sep. 16, 2004 Symantec to acquire digital security company CUPERTINO, Calif. (AP) - Symantec Corp. said Thursday it is acquiring digital security consulting firm stake Inc. Financial details were not disclosed. The deal is expected to close next month. Cupertino, Calif.-based Symantec is one of the world's biggest information security companies, selling consulting services and software such as the Norton AntiVirus program. The company does business with individuals and corporations in more than 35 countries. Cambridge, Mass.-based stake sells consulting services and computer programs to protect networks from hackers and other security risks. Businesses that have purchased the company's SmartRisk and other products include six of the world's top 10 financial institutions and four of the world's 10 top independent software companies. ``Our customers are looking to us for a broad range of security expertise,'' said Gail Hamilton, a Symantec executive vice president. ``By joining forces with the leader in application security consulting, we expand the capacity and capabilities of our consulting organization.'' Symantec shares rose 31 cents to close at $51.32 Thursday on the Nasdaq Stock Market. ------ On the Net: Symantec: http://www.symantec.com stake: http://www.atstake.com/ -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Fri Sep 17 00:09:54 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 17 Sep 2004 09:09:54 +0200 (CEST) Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <414A55FC.3F7EF47@cdc.gov> References: <414A55FC.3F7EF47@cdc.gov> Message-ID: <0409170902590.11102@somehost.domainz.com> On Thu, 16 Sep 2004, Major Variola (ret) wrote: > At 02:17 PM 9/16/04 -0700, Joe Touch wrote: > >Except that certs need to be signed by authorities that are trusted. > > Name one. You don't have to sign the certs. Use self-signed ones, then publish a GPG signature of your certificate in a known place; make bloody sure your GPG key is firmly embedded in the web-of-trust. This can be done with certs signed by an untrusted (read: any other than the one you operate yourself) CA as well. For HTTPS, there can be a negotiated standard location and format of the certificate signature file, stored in eg. /gpgsigned.xml location; the certificate is transported during the SSL handshake, so you can validate it within a single HTTPS request for the file. Similar thing applies for the client certificates and the servers; but then the server has to request the certificate signature from somewhere else (the location may be specified as an URL in the comment field of the client certificate). This should be easy to implement with PHP scripts, if Apache is configured to make the certificate visible as an environmental variable. From bill.stewart at pobox.com Fri Sep 17 10:18:10 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 17 Sep 2004 10:18:10 -0700 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <414ABC15.3060506@systemics.com> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> <4148C843.9000700@systemics.com> <414A02D5.3080702@isi.edu> <414ABC15.3060506@systemics.com> Message-ID: <200409180546.i8I5kjQh015003@positron.jfet.org> At 04:05 PM 9/16/2004, Joe Touch wrote: >FWIW, the other system we were referring to - TCP-MD5 - works at the TCP >layer. It rejects packets within TCP, before any further TCP processing, >that don't match the MD5 hash. It isn't BGP authentication. Oh - I'd misunderstood. Yes, that sounds much harder to forge, so it's actually useful for DOS reduction. At 03:27 AM 9/17/2004, Ian Grigg wrote: >>I wouldn't think that the encryption need be opportunistic; in the BGP >>backbone world, as you noted, peers are known a-priori, and should have >>certs that could be signed by well-known, trusted CAs. > >Let's see if I can make these assumptions clearer, because >I still perceive that CAs have no place in BGP, and you seem >to be assuming that they do. >... >When we come to BGP, it seems that BGP routing parties have >a very high level of trust between them. And this trust is >likely to exceed by orders of magnitude any trust that a third >party could generate. Hence, adding certs signed by this TTP >(well known CA or not) is unlikely to add anything, and will >thus likely add costs for no benefit. > >If anyone tried to impose a TTP for this purpose, I'd suspect >the BGP admins would ignore it. Another way of thinking about >it is to ask who would the two BGP operators trust more than >each other? There are two reasons to use the CA. One is if the parties don't know each other (not a problem here), but the other is so the VPN receiver has some external validation on the data it receives, making MITM attacks harder. For applications like BGP, you don't care if the CA is Dun & Bradstreet or if it's just Alice's own CA, because it's really functioning as a shared secret but the commodity VPN hardware wants an X.509 cert for MITM protection. ---- Bill Stewart bill.stewart at pobox.com From measl at mfn.org Fri Sep 17 08:27:02 2004 From: measl at mfn.org (J.A. Terranson) Date: Fri, 17 Sep 2004 10:27:02 -0500 (CDT) Subject: Geopolitical Darwin Awards In-Reply-To: References: Message-ID: <20040917102411.F1054@ubzr.zsa.bet> On Fri, 17 Sep 2004, Tyler Durden wrung hi hands and exclaimed: > Hey Hey Hey! > > I'm not the original quoter there...watch it! > > -TD To which measl at mfn.org took not and made a closer examination of his previous posting, thus: > >From: "J.A. Terranson" > >To: Tyler Durden > >CC: jamesd at echeque.com, cypherpunks at al-qaeda.net > >Subject: Re: Geopolitical Darwin Awards > >Date: Thu, 16 Sep 2004 15:48:01 -0500 (CDT) > > > > > >On Thu, 16 Sep 2004, Tyler Durden wrote: > > > > > >They are fanatics. They expect to get a six pack of virgins. > > > >And they will say "Hey, it was not us, it was these terrorists > > > >who happen to have somehow stolen some nukes from persons > > > >unknown. We are completely opposed to terrorism, and are fully > > > >cooperating with foreign investigations." > > > > > >This sounds like dubya, not the ayatollahs. Aha! Screamed measl. Durden is *right*, and I have defamed him even worse than he usually defames himself! After receiving this near revelation, measl hung his head in shame, and promised to be more careful with his electron snippers in the future :-) -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From camera_lumina at hotmail.com Fri Sep 17 07:30:39 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 17 Sep 2004 10:30:39 -0400 Subject: Geopolitical Darwin Awards Message-ID: Hey Hey Hey! I'm not the original quoter there...watch it! -TD >From: "J.A. Terranson" >To: Tyler Durden >CC: jamesd at echeque.com, cypherpunks at al-qaeda.net >Subject: Re: Geopolitical Darwin Awards >Date: Thu, 16 Sep 2004 15:48:01 -0500 (CDT) > > >On Thu, 16 Sep 2004, Tyler Durden wrote: > > > >They are fanatics. They expect to get a six pack of virgins. > > >And they will say "Hey, it was not us, it was these terrorists > > >who happen to have somehow stolen some nukes from persons > > >unknown. We are completely opposed to terrorism, and are fully > > >cooperating with foreign investigations." > > >This sounds like dubya, not the ayatollahs. > > >-- >Yours, > >J.A. Terranson >sysadmin at mfn.org >0xBD4A95BF > > "...justice is a duty towards those whom you love and those whom you do > not. And people's rights will not be harmed if the opponent speaks out > about them." Osama Bin Laden > - - - > > "There aught to be limits to freedom!" George Bush > - - - > >Which one scares you more? _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From camera_lumina at hotmail.com Fri Sep 17 07:35:53 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 17 Sep 2004 10:35:53 -0400 Subject: Geopolitical Darwin Awards Message-ID: "Ken Brown" wrote... >Apparently the best thing about is the lack of American tourists - just >like Cuba ;-) What! I'm deeply offended by that remark...I demand you with.... Aw fuckit. It's true. In fact, when I'm in a restaurant outside the US, I have witnessed that the food quality is inversely proportional to the number of Americans in the place. (Oh don't get me wrong...places catering to Americans will have great heaping PILES of food, but it'll be bland and tasteless, and the beer will suck.) -TD "A Big, Fat Dynamo!" -Homer Simpson >From: ken >Reply-To: bbrow07 at students.bbk.ac.uk >To: Tyler Durden >CC: jamesd at echeque.com, cypherpunks at al-qaeda.net >Subject: Re: Geopolitical Darwin Awards >Date: Fri, 17 Sep 2004 13:45:18 +0100 > >Tyler Durden wrote: > >>Who, the Iranians? Which ones are fanatics? >> >>I'll grant there are some fanatics left in Iran, but Iran seems >>increasingly dominated by fairly sleezy clergy/judges. Like any >>government, theirs is deteriorating into a mere racket. And if you ask me, >>fanaticism never lasts very long anywhere, only for about a generation >>during turbulent times. Iran in particular is a special case...seems to me >>their cultural momentum will always outweigh any temporary fanaticism. A >>country that has a small but thriving prostitution industry can't be all >>that fanatical. > >Prostitution industry? > >Iran has rebooted its swimming-pool maintenance industry. > >Its just this place, you know. > >Apparently the best thing about is the lack of American tourists - just >like Cuba ;-) > _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From touch at ISI.EDU Fri Sep 17 11:02:46 2004 From: touch at ISI.EDU (Joe Touch) Date: Fri, 17 Sep 2004 11:02:46 -0700 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <414ABC15.3060506@systemics.com> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> <4148C843.9000700@systemics.com> <414A02D5.3080702@isi.edu> <414ABC15.3060506@systemics.com> Message-ID: <414B26C6.2000301@isi.edu> Ian Grigg wrote: ... >> I wouldn't think that the encryption need be opportunistic; in the BGP >> backbone world, as you noted, peers are known a-priori, and should >> have certs that could be signed by well-known, trusted CAs. > > Let's see if I can make these assumptions clearer, because > I still perceive that CAs have no place in BGP, and you seem > to be assuming that they do. I should have said "could have certs". BGP could use shared secrets or CAs; it may be the case that anonymous security (as at least I call it) doesn't map well to BGP, in which you usually know who you want to trust. It may still help, though - e.g., in the case of the recent TCP RST attacks, it would have. The rest of your note focuses on the difference between two-party trust and trust using a shared third party. The former degenerates to the latter where I sign your cert, though ;-) I agree that for BGP the two-party case is probably more relevant, though there some BGP peerings are based on trust relationships of sets of parties that can - or already do - have trusted third-party coordination outside BGP. Joe [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From iang at systemics.com Fri Sep 17 03:27:33 2004 From: iang at systemics.com (Ian Grigg) Date: Fri, 17 Sep 2004 11:27:33 +0100 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <414A02D5.3080702@isi.edu> References: <20040909195729.4798957E2B@finney.org> <6.0.3.0.0.20040910223501.0403c120@pop.idiom.com> <4148C843.9000700@systemics.com> <414A02D5.3080702@isi.edu> Message-ID: <414ABC15.3060506@systemics.com> Joe Touch wrote: > Ian Grigg wrote: >> On the backbone, between BGP peers, one would have thought >> that there are relatively few attackers, as the staff are >> highly trusted and the wires are hard to access - hence no >> active attacks going on and only some passive eavesdropping >> attacks. Also, anyone setting up BGP routing knows the other >> party, so there is a prior relationship. > > > My understanding of the attacks this past spring is that: > a) they were indeed on the backbone BGP peers > b) that those peers had avoided setting up > preshared keys or getting mutually-authenticatable > certificates because of the configuration overhead > (small on a per-pair basis, but may be large > in aggregate) > > While inspired by this issue, there may be other solutions (e.g., IMO > IPsec) which are more appropriate for BGP peers. Thanks for the clarification. Re-reading (all) of the above, I noticed that these are DOS attacks. (That changes things - crypto protocols don't really a priori stop or defeat DOS attacks. They can help, or they may not, it all depends.) It's then important to examine the threat here. Who is the attacker and what motives and tools does he have available? It would be annoying to do all the work, only to discover that he has other tools that are just as easy... (This is called what's-your-threat-model, sometimes abbreviated to WYTM?) >> The whole point of the CA model is that there is no prior >> relationship and that the network is a wild wild west sort >> of place > > > Except that certs need to be signed by authorities that are trusted. Right, in that the CA model seeks to add trust to the wild wild west by the provision of these signed / trusted certs. Whether it achieves that depends on the details. It is not wise to just assume it succeeds because someone said so. >> - both of these assumptions seem to be reversed >> in the backbone world, no? So one would think that using >> opportunistic cryptography would be ideal for the BGP world? >> >> iang > > > I wouldn't think that the encryption need be opportunistic; in the BGP > backbone world, as you noted, peers are known a-priori, and should have > certs that could be signed by well-known, trusted CAs. Let's see if I can make these assumptions clearer, because I still perceive that CAs have no place in BGP, and you seem to be assuming that they do. In the world of PKIs, there are some big assumptions. Here's two of them: Alice and Bob don't know each other, and don't necessarily trust each other. There exists a central stable party that *both* Alice and Bob know better than each other and can be trusted to pass the trust on. Known as a trusted third party, TTP, or a certificate authority, CA, in particular. This situation exists in large companies for example - the company knows Alice and Bob better than they may know each other. (In theory.) Now, whether it exists in any real world depends on which world pertains. In the world of browsing, it is .. assumed to exist, but that can be challenged. In the world of email, it pretty clearly doesn't exist - almost all (desired) email is done between known parties, and the two parties generally have much better ways of establishing and bootstrapping a crypto relationship than asking for some centralised party to do it. (Hence, the relative success of PGP over S/MIME.) Ditto for the world of secure systems administration (SSH). When we come to BGP, it seems that BGP routing parties have a very high level of trust between them. And this trust is likely to exceed by orders of magnitude any trust that a third party could generate. Hence, adding certs signed by this TTP (well known CA or not) is unlikely to add anything, and will thus likely add costs for no benefit. If anyone tried to impose a TTP for this purpose, I'd suspect the BGP admins would ignore it. Another way of thinking about it is to ask who would the two BGP operators trust more than each other? In such a world, a CA-signed certificate is an encumberance only, and seems to be matched by comments in the AnonSec draft that they are unlikely to be deployed. iang PS: on the general issue of doing what you call anonSec, I'd say, fantastic, definately overdue, could save IPSec from an embarrassingly slow adoption! I do concur with all the other posts about how "anon" is the wrong word, but I'd say that getting the right term is not so important as doing the work! On the point of what the right word is, that depends on the technique chosen. I haven't got that far in the draft as yet. From camera_lumina at hotmail.com Fri Sep 17 09:01:22 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 17 Sep 2004 12:01:22 -0400 Subject: Geopolitical Darwin Awards Message-ID: "Ken Brown" wrote... >Prostitution industry? Well, Industry from what I understand is probably too strong a term. These seem to be individual females. And no, they ain't wearin' high heels and hot pants, so what we're talking about is very, very discrete, and sometimes for goods and services as opposed to pure $$$. But it's there, and people in general seem to know it's there. -TD _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From bbrow07 at students.bbk.ac.uk Fri Sep 17 05:45:18 2004 From: bbrow07 at students.bbk.ac.uk (ken) Date: Fri, 17 Sep 2004 13:45:18 +0100 Subject: Geopolitical Darwin Awards In-Reply-To: References: Message-ID: <414ADC5E.3060007@students.bbk.ac.uk> Tyler Durden wrote: > Who, the Iranians? Which ones are fanatics? > > I'll grant there are some fanatics left in Iran, but Iran seems > increasingly dominated by fairly sleezy clergy/judges. Like any > government, theirs is deteriorating into a mere racket. And if you ask > me, fanaticism never lasts very long anywhere, only for about a > generation during turbulent times. Iran in particular is a special > case...seems to me their cultural momentum will always outweigh any > temporary fanaticism. A country that has a small but thriving > prostitution industry can't be all that fanatical. Prostitution industry? Iran has rebooted its swimming-pool maintenance industry. Its just this place, you know. Apparently the best thing about is the lack of American tourists - just like Cuba ;-) From rah at shipwright.com Fri Sep 17 11:18:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 17 Sep 2004 14:18:50 -0400 Subject: [Openswan dev] [Announce] Openswan 2.2.0 released Message-ID: --- begin forwarded text From paul at xelerance.com Fri Sep 17 08:48:25 2004 From: paul at xelerance.com (Paul Wouters) Date: Fri, 17 Sep 2004 17:48:25 +0200 (MET DST) Subject: [Openswan dev] [Announce] Openswan 2.2.0 released Message-ID: Xelerance is proud to release Openswan 2.2.0 It is available at the usual locations: http://www.openswan.org/code/openswan-2.2.0.tar.gz ftp://ftp.openswan.org/openswan/openswan-2.2.0.tar.gz A seperate NAT-traversal patch and seperate KLIPS patch are available as well. RPMS have been released for RedHat-9, Fedora Core 2 and 3-test1, RHEL3 and Suse 9.1. (RedHat-9 still requires KLIPS support in the kernel). All released files have been signed with the build at openswan.org GPG key available from the keyservers. The following are the most important changes: * Added RFC 3706 DPD support (see README.DPD) * Added AES from JuanJo's ALG patches * Fixes for /proc filesystem issues that started to appear in 2.4.25 * Merge X.509 1.5.4 + latest security fixes (CAN-2004-0590) * Updated .spec for building RPMS compatible with Kernel 2.6 * Merge X.509 security fixes from 1.6.3 * Fixes for NAT-T on 2.6 pulled up from 2.1.x (Herbert Xu) * Fixes for SA Selectors on 2.6 pulled up from 2.1.x (Herbert Xu) Bugs can be reported via http://bugs.openswan.org/ or via one of the mailing lists at http://lists.openswan.org/ Paul _______________________________________________ Announce mailing list Announce at openswan.org http://lists.openswan.org/mailman/listinfo/announce _______________________________________________ Dev mailing list Dev at openswan.org http://lists.openswan.org/mailman/listinfo/dev --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Fri Sep 17 19:27:09 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 17 Sep 2004 19:27:09 -0700 Subject: potential new IETF WG on anonymous IPSec Message-ID: <414B9CFC.EDAFE7E7@cdc.gov> At 06:20 AM 9/17/04 +0000, Justin wrote: >On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote: >> >> At 02:17 PM 9/16/04 -0700, Joe Touch wrote: >> >Except that certs need to be signed by authorities that are trusted. >> >> Name one. > >Oh, come on. Nothing can be absolutely trusted. How much security is >enough? > >Aren't the DOD CAs trusted enough for your tastes? Of course, 'tis >problematic for civilians to get certs from there. DoD certs are good enough for DoD slaves. Hospital certs are good enough for their employees. Joe's Bait Und Tackle certs are good enough for Joe's employees. Do you think that Verislime is good enough for you? From mv at cdc.gov Fri Sep 17 19:28:17 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 17 Sep 2004 19:28:17 -0700 Subject: potential new IETF WG on anonymous IPSec Message-ID: <414B9D41.5D2A26AB@cdc.gov> At 09:09 AM 9/17/04 +0200, Thomas Shaddack wrote: >On Thu, 16 Sep 2004, Major Variola (ret) wrote: > >> At 02:17 PM 9/16/04 -0700, Joe Touch wrote: >> >Except that certs need to be signed by authorities that are trusted. >> >> Name one. > >You don't have to sign the certs. Use self-signed ones, then publish a GPG >signature of your certificate in a known place; make bloody sure your GPG >key is firmly embedded in the web-of-trust. Right. And the known "trusted" place is 0wn3d by the Man. The web of trust is a scam. Know your pharmacist. From Poindexter at SAFe-mail.net Fri Sep 17 17:46:29 2004 From: Poindexter at SAFe-mail.net (Poindexter at SAFe-mail.net) Date: Fri, 17 Sep 2004 20:46:29 -0400 Subject: Identifying the Traitor Among Us: The Rhetoric of Espionage and Secrecy Message-ID: http://etd.library.pitt.edu/ETD/available/etd-07282003-132723/unrestricted/karentdiss.pdf This study approaches espionage as a knowledge-producing and knowledge-disseminating practice similar to knowledge practices such as science. The study uses investigative tools drawn from rhetoric of cience studies and applies them to intelligence and, particularly, counterintelligence work. The result provides new insight into the nderdetermination of evidence, the interdependence of disparate iscourses, and the role of espionage in American culture . From rah at shipwright.com Fri Sep 17 20:02:33 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 17 Sep 2004 23:02:33 -0400 Subject: O'Rourke: Why Americans hate foreign policy Message-ID: The Telegraph Why Americans hate foreign policy By P J O'Rourke (Filed: 18/09/2004) Frankly, nothing concerning foreign policy ever occurred to me until the middle of the last decade. I'd been writing about foreign countries and foreign affairs and foreigners for years. But you can own dogs all your life and not have "dog policy". You have rules, yes - Get off the couch! - and training, sure. We want the dumb creatures to be well behaved and friendly. So we feed foreigners, take care of them, give them treats, and, when absolutely necessary, whack them with a rolled-up newspaper. That was as far as my foreign policy thinking went until the middle 1990s, when I realised America's foreign policy thinking hadn't gone that far. In the fall of 1996, I travelled to Bosnia to visit a friend whom I'll call Major Tom. Major Tom was in Banja Luka serving with the Nato-led international peacekeeping force, Ifor. From 1992 to 1995, Bosnian Serbs had fought Bosnian Croats and Bosnian Muslims in an attempt to split Bosnia into two hostile territories. In 1995, the US-brokered Dayton Agreement ended the war by splitting Bosnia into two hostile territories. The Federation of Bosnia and Herzegovina was run by Croats and Muslims. The Republika Srpska was run by Serbs. IFOR's job was to "implement and monitor the Dayton Agreement." Major Tom's job was to sit in an office where Croat and Muslim residents of Republika Srpska went to report Dayton Agreement violations. "They come to me," said Major Tom, "and they say, 'The Serbs stole my car.' And I say, 'I'm writing that in my report.' They say, 'The Serbs burnt my house.' And I say, 'I'm writing that in my report.' They say, 'The Serbs raped my daughter.' And I say, 'I'm writing that in my report."' "Then what happens?" I said. "I put my report in a filing cabinet." Major Tom had fought in the Gulf war. He'd been deployed to Haiti during the American reinstatement of President Aristide (which preceded the recent American un-reinstatement). He was on his second tour of duty in Bosnia and would go on to fight in the Iraq war. That night, we got drunk. "Please, no nation-building," said Major Tom. "We're the Army. We kill people and break things. They didn't teach nation-building in infantry school." Or in journalism school, either. The night before I left to cover the Iraq war, I got drunk with another friend, who works in TV news. We were talking about how - as an approach to national security - invading Iraq was... different. I'd moved my family from Washington to New Hampshire. My friend was considering getting his family out of New York. "Don't you hope," my friend said, "that all this has been thought through by someone who is smarter than we are?" It is, however, a universal tenet of democracy that no one is. Americans hate foreign policy. Americans hate foreign policy because Americans hate foreigners. Americans hate foreigners because Americans are foreigners. We all come from foreign lands, even if we came 10,000 years ago on a land bridge across the Bering Strait. America is not "globally conscious" or "multi-cultural." Americans didn't come to America to be Limey Poofters, Frog-Eaters, Bucket Heads, Micks, Spicks, Sheenies or Wogs. If we'd wanted foreign entanglements, we would have stayed home. Or - in the case of those of us who were shipped to America against our will - as slaves, exiles, or transported prisoners - we would have gone back. Being foreigners ourselves, we Americans know what foreigners are up to with their foreign policy - their venomous convents, lying alliances, greedy agreements and trick-or-treaties. America is not a wily, sneaky nation. We don't think that way. We don't think much at all, thank God. Start thinking and pretty soon you get ideas, and then you get idealism, and the next thing you know you've got ideology, with millions dead in concentration camps and gulags. A fundamental American question is: "What's the big idea?" Americans would like to ignore foreign policy. Our previous attempts at isolationism were successful. Unfortunately, they were successful for Hitler's Germany and Tojo's Japan. Evil is an outreach programme. A solitary bad person sitting alone, harbouring genocidal thoughts, and wishing he ruled the world is not a problem unless he lives next to us in the trailer park. In the big geopolitical trailer park that is the world today, he does. America has to act. But, when America acts, other nations accuse us of being "hegemonistic," of engaging in "unilateralism," of behaving as if we're the only nation on earth that counts. We are. Russia used to be a superpower but resigned "to spend more time with the family." China is supposed to be mighty, but the Chinese leadership quakes when a couple of hundred Falun Gong members do tai chi for Jesus. The European Union looks impressive on paper, with a greater population and a larger economy than America's. But the military spending of Britain, France, Germany, and Italy combined does not equal one third of the US defence budget. When other countries demand a role in the exercise of global power, America can ask another fundamental American question: "You and what army?" Americans find foreign policy confusing. We are perplexed by the subtle tactics and complex strategies of the Great Game. America's great game is pulling the levers on the slot machines in Las Vegas. We can't figure out what the goal of American foreign policy is supposed to be. The goal of American tax policy is avoiding taxes. The goal of American environmental policy is to clean up the environment, clearing away scruffy caribou and seals so that America's drillers for Arctic oil don't get trampled or slapped with a flipper. But the goal of American foreign policy is to foster international co-operation, protect Americans at home and abroad, promote world peace, eliminate human rights abuses, improve US business and trade opportunities, and stop global warming. We were going to stop global warming by signing the Kyoto protocol on greenhouse gas emissions. Then we realized the Kyoto protocol was ridiculous and unenforceable and that no one who signed it was even trying to meet the emissions requirements except for some countries from the former Soviet Union. They accidentally quit emitting greenhouse gases because their economies collapsed. However, if we withdraw from diplomatic agreements because they're ridiculous, we'll have to withdraw from every diplomatic agreement because they're all ridiculous. This will not foster international co-operation. But if we do foster international co-operation, we won't be able to protect Americans at home and abroad, because there has been a lot of international co-operation in killing Americans. Attacking internationals won't promote world peace, which we can't have anyway if we're going to eliminate human rights abuses, because there's no peaceful way to get rid of the governments that abuse the rights of people - people who are chained to American gym-shoe-making machinery, dying of gym-shoe lung, and getting paid in shoe-laces, thereby improving US business and trade opportunities, which result in economic expansion that causes global warming to get worse. One problem with changing America's foreign policy is that we keep doing it. President Bill Clinton dreamed of letting the lion lie down with the lamb chop. Clinton kept International Monetary Fund cash flowing into the ever-criminalising Russian economy. He ignored Kremlin misbehaviour - from Boris Yeltsin's shelling of elected representatives in the Duma to Vladimir Putin's airlifting of uninvited Russian troops into Kosovo. Clinton compared the Chechnya fighting to the American Civil War (murdered Chechens being on the South Carolina statehouse, Confederate-flag-flying side). Clinton called China America's "strategic partner" and paid a nine-day visit to that country, not bothering himself with courtesy calls on America's actual strategic partners, Japan and South Korea. Clinton announced, "We don't support independence for Taiwan," and said of Jiang Zemin, instigator of the assault on democracy protesters in Tiananmen Square: "He has vision." Anything for peace, that was Clinton's policy. Clinton had special peace-mongering envoys in Cyprus, Congo, the Middle East, the Balkans, and flying off to attend secret talks with Marxist guerrillas in Colombia. On his last day in office, Clinton was still phoning Sinn Fein leader Gerry Adams. "Love your work, Gerry. Do you ever actually kill people? Or do you just do the spin?" Clinton was everybody's best friend. Except when he wasn't. He conducted undeclared air wars against Serbia and Iraq and launched missiles at Sudan and Afghanistan. Clinton used the military more often than any previous peacetime American president. He sent armed forces into areas of conflict on an average of once every nine weeks. President George W Bush's foreign policy was characterised, in early 2001, as "disciplined and consistent" (Condoleezza Rice): "blunt" (The Washington Post), and "in-your-face" (the Carnegie Endowment for International Peace). Bush began his term with the expulsion of one fourth of the Russian diplomatic corps on grounds of espionage. He snubbed Vladimir Putin by delaying a first summit meeting until June 2001, and then holding it in fashionable Slovenia. On April 1, 2001, a Chinese fighter jet, harassing a US reconnaissance plane in international air space, collided with the American aircraft, which was forced to land in Chinese territory. Bush did not regard this as an April Fools' prank. By the end of the month, he had gone on Good Morning America and said that, if China attacked Taiwan, the United States had an obligation to defend it with "whatever it took". The President also brandished American missile defences at Russia and China. The Russians and Chinese were wroth. The missile shield might or might not stop missiles but, even unbuilt, it was an effective tool for gathering intelligence on Russian and Chinese foreign policy intentions. We knew how things stood when the town drunk and the town bully strongly suggested that we shouldn't get a new home security system. In the Middle East, Bush made an attempt to let the Israelis and the Palestinians go at it until David ran out of pebbles and Goliath had been hit on the head so many times that he was voting for Likud. In Northern Ireland, Bush also tried minding his own business. And he quit negotiating with North Korea about its atomic weapons for the same reason that you'd quit jawing with a crazy person about the gun he was waving and call 999. We saw the results of Clinton's emotional, ad hoc, higgledy-piggledy foreign policy. It led to strained relations with Russia and China, increased violence in the Middle East, continued fighting in Africa and Asia, and Serbs killing Albanians. Then we saw the results of Bush's tough, calculated, focused foreign policy: strained relations with Russia and China, increased violence in the Middle East, continued fighting in Africa and Asia, and Albanians killing Serbs. Further changes could be made to US foreign policy. For a sample of alternative ideas, we can turn to a group of randomly (even haphazardly) chosen, average (not to say dull-normal) Americans: the 2004 Democratic presidential hopefuls. By the time this is read, most of them will be forgotten. With luck, all of them will be. None the less, it's instructive to recall what 10 people who offered themselves as potential leaders of the world deemed to be America's foreign policy options. Incessant activist Al Sharpton pleaded for "a policy of befriending and creating allies around the world". The way Sharpton intended to make friends was by fixing the world's toilets and sinks. "There are 1.7 billion people that need clean water," he said, "almost three billion that need sanitation systems... I would train engineers... would export people that would help with these things." Ex-child mayor of Cleveland Dennis Kucinich promised to establish "a cabinet-level Department of Peace". The secretary of peace would do for international understanding what the postmaster general does for mail. Former one-term senator and erstwhile ambassador to New Zealand Carol Moseley Braun said, "I believe women have a contribution to make... we are clever enough to defeat terror without destroying our own liberty... we can provide for long-term security by making peace everybody's business". Elect me because women are clever busybodies. This is the "Lucy and Ethel Get an Idea" foreign policy. Massachusetts's thinner, more sober senator, John Kerry, said that he voted for threatening to use force on Saddam Hussein, but that actually using force was wrong. This is what's known, in the language of diplomacy, as bullshit. Previous almost-vice president Joe Lieberman indignantly demanded that Bush do somewhat more of what Bush already was doing. "Commit more US troops," create "an Iraqi interim authority," and "work with the Iraqi people and the United Nations." Perhaps Lieberman was suffering from a delusion that he was part of the current presidential administration. But imagine having a Democrat as commander-in-chief during the War Against Terrorism, with Oprah Winfrey as secretary of defence. Big hug for Mr Taliban. Republicans are squares, but it's the squares who know how to fly the bombers, launch the missiles and fire the M-16s. Democrats would still be fumbling with the federally mandated trigger locks. One-time governor of insignificant Vermont Howard Dean wanted a cold war on terrorism. Dean said that we'd won the Cold War without firing a shot (a statement that doubtless surprised veterans of Korea and Vietnam). Dean said that the reason we'd won the Cold War without firing a shot was because we were able to show the communists "a better ideal." But what is the "better ideal" that we can show the Islamic fundamentalists? Maybe we can tell them: "Our President is a born-again. You're religious lunatics - we're religious lunatics. America was founded by religious lunatics! How about those Salem witch trials? Come to America and you could be Osama bin Ashcroft. You could get your own state, like Utah, run by religious lunatics. You could have an Islamic Fundamentalist Winter Olympics - the Chador Schuss." Since the gist of Howard Dean's campaign platform was "It Worked in Vermont," he really may have thought that the terrorists should take up snowboarding. On the other hand, the gist of General (very retired) Wesley Clark's campaign platform was "It Worked in Kosovo". Kosovo certainly taught the world a lesson. Wherever there's suffering, injustice, and oppression, America will show up six months late and bomb the country next to where it's happening. The winner of South Carolina's JFK look-alike contest, John Edwards, and the winner of Florida's Bob Gramm look-alike contest, Bob Gramm, said that America had won the war in Iraq but was losing the peace because Iraq was so unstable. When Iraq was stable, it attacked Israel in 1967 and 1973. It attacked Iran. It attacked Kuwait. It gassed the Kurds. It butchered the Shiites. It fostered terrorism in the Middle East. Who wanted a stable Iraq? And perennial representative of the House of Representatives Dick Gephardt wouldn't talk much about foreign policy. He was concentrating on economic issues, claiming that he'd make the American Dream come true for everyone. Gephardt may have been on to something there. Once people get rich, they don't go in much for war-making. The shoes are ugly and the uniforms itch. Some day, Osama bin Laden will call a member of one of his "sleeper cells" - a person who was planted in the United States years before and told to live like a normal American, and... "Dad, some guy named Ozzy's on the phone." "Oh, uh, good to hear from you. Of course, of course... Rockefeller Center?... Next Wednesday?... I'd love to, but the kid's got her ballet recital. You miss something like that, they never forget it... Thursday's no good. I have to see my mom off on her cruise to Bermuda in the morning. It's Fatima's yoga day. And I've got courtside seats for the Nets... Friday, we're going to the Hamptons for the weekend..." But how, exactly, did Gephardt plan to make everyone on earth as materialistic, self-indulgent, and over-scheduled as Americans? Would Gephardt give foreigners options on hot dot-com stocks? That might have worked during the Clinton years. As of early 2004, America didn't seem to have the answers for postwar Iraq. Then again, what were the questions? Was there a bad man? And his bad kids? Were they running a bad country? That did bad things? Did they have a lot of oil money to do bad things with? Were they going to do more bad things? If those were the questions, was the answer "UN-supervised national reconciliation" or "rapid return to self-rule"? No. The answer was blow the place to bits. A mess was left behind. But it's a mess without a military to fight aggressive wars; a mess without the facilities to develop dangerous weapons; a mess that cannot systematically kill, torture, and oppress millions of its citizens. It's a mess with a message - don't mess with us. As frightening as terrorism is, it's the weapon of losers. When someone detonates a suicide bomb, that person does not have career prospects. And no matter how horrific the terrorist attack, it's conducted by losers. Winners don't need to hijack airplanes. Winners have an air force. This is an edited extract from Peace Kills: America's Fun New Imperialism by P J O'Rourke (Atlantic), to be published on September 23. To order for #14.99 + #2.25 p&p, please call Telegraph Books Direct on 0870 155 7222 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From justin-cypherpunks at soze.net Fri Sep 17 22:00:48 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sat, 18 Sep 2004 05:00:48 +0000 Subject: potential new IETF WG on anonymous IPSec In-Reply-To: <414B9CFC.EDAFE7E7@cdc.gov> References: <414B9CFC.EDAFE7E7@cdc.gov> Message-ID: <20040918050048.GA27673@arion.soze.net> On 2004-09-17T19:27:09-0700, Major Variola (ret) wrote: > > At 06:20 AM 9/17/04 +0000, Justin wrote: > >On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote: > >> At 02:17 PM 9/16/04 -0700, Joe Touch wrote: > >> >Except that certs need to be signed by authorities that are trusted. > > >> Name one. > > > >Oh, come on. Nothing can be absolutely trusted. How much security is > >enough? > > > >Aren't the DOD CAs trusted enough for your tastes? Of course, 'tis > >problematic for civilians to get certs from there. > > DoD certs are good enough for DoD slaves. Hospital certs are good > enough for their employees. Joe's Bait Und Tackle certs are good enough > > for Joe's employees. Do you think that Verislime is good enough for > you? No, verislime is not good enough for me, for ethical reasons, not security reasons. What's good enough for most businesses is anything that keeps customers from seeing self-signed cert warnings. Given the choice, I'd pick geotrust over no-thawte or verislime. The only reason they're in business is because of browser warnings. It has nothing to do with "physical security" offered by the CA, or threat models, or anything of that sort. For e-commerce, nobody needs high security. Anyone using a high-credit-limit account online without a liability limit in case of account theft is a moron. -- The old must give way to the new, falsehood must become exposed by truth, and truth, though fought, always in the end prevails. -- L. Ron Hubbard From jamesd at echeque.com Sat Sep 18 13:26:23 2004 From: jamesd at echeque.com (James A. Donald) Date: Sat, 18 Sep 2004 13:26:23 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: Message-ID: <414C377F.28424.4FF1284@localhost> -- On 16 Sep 2004 at 15:54, Tyler Durden wrote: > I'll grant there are some fanatics left in Iran, but Iran > seems increasingly dominated by fairly sleezy clergy/judges. > Like any government, theirs is deteriorating into a mere > racket. And if you ask me, fanaticism never lasts very long > anywhere, only for about a generation during turbulent times. Iran is fostering war in Iraq and cooperating with Al Quaeda, which after what happened to Saddam indicates a fair degree of insanity. Iranian financed military movements, Hezbollah and Sadr, have been fairly well behaved - they don't target other people's children - just their own, but their willingness to cause the deaths of their own children is even more frightening than Al Quaeda's antics, though marginally less repugnant morally. People so willing to sacrifice children, are apt to be willing to use nuclear weapons. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JKV/vsDeMLA+XUjdEyUC/KWjhIp7SvJjIbs1S7N/ 4obymQ+9XJMZgOwhPiK6FAtItaG0jErbco9OOpmms From jya at pipeline.com Sat Sep 18 16:45:13 2004 From: jya at pipeline.com (John Young) Date: Sat, 18 Sep 2004 16:45:13 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: <414C377F.28424.4FF1284@localhost> References: Message-ID: Tyler Durden wrote: > And if you ask me, fanaticism never lasts very long > anywhere, only for about a generation during turbulent times. That is what King George and his redcoats said about the ragtag colonials, American as well as those who suffered the king's abuse into the 20th Centruty. James Donald wrote: >Iran is fostering war in Iraq and cooperating with Al Quaeda, >which after what happened to Saddam indicates a fair degree of >insanity. That is what King George also said about the colonials, who then quite rationally arranged help from King George's enemies. >Iranian financed military movements, Hezbollah and Sadr, have >been fairly well behaved - they don't target other people's >children - just their own, but their willingness to cause the >deaths of their own children is even more frightening than Al >Quaeda's antics, though marginally less repugnant morally. > >People so willing to sacrifice children, are apt to be willing >to use nuclear weapons. More King George-type remarks, as with arrogant tyrants everywhere and their authority suck-ups. To be sure, the children in their realms suffer as if colonials, or slaves, or wives, or sex toys, or faux-sacrosant idolized figurines, or nascent rebels who must be whipped regularly for moral instruction in subservience. If not Iran, then Ireland, if not Ireland, then a new Iraq, or NK, or PK. What the US-UK hegemon cannot face is that the bloody challenges to their moral supremacism is just getting under way inside and outside their borders. PJ O'Rouke's fighter planes of winners won't mean shit in this murderous crusade where the enemy wears no easy to spot uniform. The Chechens are the bellweather warriors. Kids and women among them indifferent to the old guys self-serving rules of war. Kill the heads of state, defense ministers and generals first, then down the line in reverse order. That'll likely bring over the lower downs who've eaten their shit, fought their battles, hated their guts. Women and kids among them. From mv at cdc.gov Sat Sep 18 18:19:29 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 18 Sep 2004 18:19:29 -0700 Subject: Disowned spooks get to be Mohommad's boyfriend for 10 yrs Message-ID: <414CDEA1.616926DE@cdc.gov> http://rdu.news14.com/content/headlines/?ArID=55256&SecID=2 ---- Soviets:Chechnya::US:? From Nostra2004 at SAFe-mail.net Sat Sep 18 16:06:25 2004 From: Nostra2004 at SAFe-mail.net (Nostra2004 at SAFe-mail.net) Date: Sat, 18 Sep 2004 19:06:25 -0400 Subject: Toward A Private Digital Economy: (Trusted transactions in an anonymous world) Message-ID: http://pelagic.wavyhill.xsmail.com/Private_Digital_Economy.html Currently available financial privacy tools have drawbacks arising from centralized ownership and control, and the limitations of presenting specific services. A better approach would be to construct a fully distributed environment for economic activity which mimics the way cash is used in the physical world but is private, anonymous, trusted, and indestructible. A key to this variety is the element of locale, which we will explain in some detail. We will introduce a 'Farmer's Market' model of anonymous commerce and expand it into a detailed functional description. We will explore business models viable in this environment and ways to connect them to the transparent banking world. An anonymous economy must resolve issues of trust and reputation to be practical. We show how properties of number can be used to derive an 'algebra of trust' and exploited to reduce risk in anonymous transactions. Once reduced to a number, trust, like any other asset, can be quantified, evaluated, commoditized and even used as a currency. Algorithms that distribute data storage can distribute risk and trust once they are reduced to data. These things may overcome some of the barriers to the wide adoption of a private digital economy. From Nostra2004 at SAFe-mail.net Sat Sep 18 16:06:56 2004 From: Nostra2004 at SAFe-mail.net (Nostra2004 at SAFe-mail.net) Date: Sat, 18 Sep 2004 19:06:56 -0400 Subject: Toward A Private Digital Economy: (Trusted transactions in an anonymous world) Message-ID: http://pelagic.wavyhill.xsmail.com/Private_Digital_Economy.html Currently available financial privacy tools have drawbacks arising from centralized ownership and control, and the limitations of presenting specific services. A better approach would be to construct a fully distributed environment for economic activity which mimics the way cash is used in the physical world but is private, anonymous, trusted, and indestructible. A key to this variety is the element of locale, which we will explain in some detail. We will introduce a 'Farmer's Market' model of anonymous commerce and expand it into a detailed functional description. We will explore business models viable in this environment and ways to connect them to the transparent banking world. An anonymous economy must resolve issues of trust and reputation to be practical. We show how properties of number can be used to derive an 'algebra of trust' and exploited to reduce risk in anonymous transactions. Once reduced to a number, trust, like any other asset, can be quantified, evaluated, commoditized and even used as a currency. Algorithms that distribute data storage can distribute risk and trust once they are reduced to data. These things may overcome some of the barriers to the wide adoption of a private digital economy. From rah at shipwright.com Sat Sep 18 16:41:13 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 18 Sep 2004 19:41:13 -0400 Subject: The Hand-Marked Ballot Wins for Accuracy Message-ID: The New York Times September 19, 2004 The Hand-Marked Ballot Wins for Accuracy By TOM ZELLER Jr. fter the pandemonium over dimpled and pregnant chads in the 2000 election, nearly everyone agreed it was time to rethink old vote-counting ways. But the stampede to touch-screen voting was not inevitable. Another, demonstrably more reliable technology was already on the rise: optical scan voting, introduced in some parts of the country in the late 1970's. By the 2000 election, optical scanning - which involves marking a paper ballot that is ultimately read and counted by a computer - had overtaken all other voting methods as the most common way to vote in the United States. This year, optical scan systems will be used in more than 45 percent of all counties, according to Election Data Services, a political consulting firm in Washington. After the 2000 election, a study by the Voting Technology Project, a joint effort by the California Institute of Technology and the Massachusetts Institute of Technology, took a hard look at the nation's voting systems. Using a measure of what they called "residual votes" - overcounting, undercounting or not counting votes for any reason - researchers found that two existing voting methods had produced relatively low error rates in the last four presidential elections: old-fashioned hand-counted paper ballots and optical scan systems. The study found that the mechanical lever system, which dominated the market in 1980 and has been in decline ever since, performed considerably worse. In overall performance, electronic voting - both the older push-button variety and the newer touch-screen units - performed scarcely better than punch cards. "The immediate implication of our analysis is that the U.S. can lower the number of lost votes in 2004 by replacing punch cards and lever machines with optical scanning," the report said. "Touch screens are, in our opinion, still unproven." But election officials who decided to change systems overwhelmingly went for the touch screens. Compared with about 13 percent of registered voters in 2000, this year roughly 30 percent of those registered will be asked to vote on electronic systems. Optical scan systems grew as well, although at a much slower pace: from about 30 percent of registered voters in 2000 to just under 35 percent this year, according to Election Data Services. The Caltech/M.I.T. study said that the newest electronic systems had great potential, but were plagued by a variety of problems, like loose cables and confusing interfaces. Change is natural, said Stephen Ansolabehere, a political science professor at M.I.T. and a member of the study team. But "optical scanning is a pretty good interim solution for the next five or 10 years,'' he said. And then what? Litigators, start your engines: the Internet. Professor Ansolabehere is among those who predict that myriad security obstacles will one day be overcome and votes will be cast from the nation's living rooms. "I think it's inevitable," he said. Copyrigh -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 18 16:41:54 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 18 Sep 2004 19:41:54 -0400 Subject: Ready or Not (and Maybe Not), Electronic Voting Goes National Message-ID: The New York Times September 19, 2004 Ready or Not (and Maybe Not), Electronic Voting Goes National By TOM ZELLER Jr. ust over six weeks before the nation holds the first general election in which touch-screen voting will play a major role, specialists agree that whatever the remaining questions about the technology's readiness, it is now too late to make any significant changes. Whether or not the machines are ready for the election - or the electorate ready for the machines - there is no turning back. In what may turn out to be one of the most scrutinized general elections in the country's history, nearly one-third of the more than 150 million registered voters in the United States will be asked to cast their ballots on machines whose accuracy and security against fraud have yet to be tested on such a grand scale. Because of the uncertainties, experts say there is potential for post-election challenges in any precincts where the machines may malfunction, or where the margin of victory is thin. Sorting out such disputes could prove difficult. "The possibility for erroneous votes or malicious programming is not as great as critics would have you believe," said Doug Chapin, the director of Electionline.org, a nonpartisan group tracking election reform. "But it's more than defenders of the technology want to admit. The truth lies somewhere in between." Since the 2000 presidential election and its contentious aftermath, voting systems that record votes directly on a computer - as opposed to those that use mechanical levers or optically scanned paper ballots - have quickly moved to the center of a rancorous debate. The disagreement pits those who see them as unacceptably vulnerable to vote manipulation and fraud against those who see them as an antidote to the wretched hanging chad. Even in the final run-up to November's elections, the issue remains in flux. In California, the machines have been certified, decertified and recertified again. In Ohio, a closely contested state, an electronic upgrade to the state's predominantly punch-card system was halted in July by the secretary of state there, who cited unresolved security concerns. All the while, a vocal mixture of computer scientists, local voting-rights groups and freelance civic gadflies have relentlessly cited security flaws in many of the machines, with some going so far as to say that the flaws could be intentional and accusing the major companies of having ties to conservative political causes. The companies and election officials have fought back bitterly, accusing the activists of being wild-eyed fearmongers. A study released by Electionline.org last month would seem to suggest that partisan politics plays less of a role than critics have claimed. That report found "no industrywide partisan trend to political contributions among the largest election system companies." The leader in the electronic voting machine market, Diebold, and its executives have given more than $400,000 to Republican interests since 2001, the study found. But other large companies, including Election Systems & Software and Sequoia Voting Systems, "gave a slight edge to Democratic candidates and party organizations." Concerns over the security and accuracy of the machines have proved harder to dispel, though, and they have not always come from the fringe. At the end of June, two prestigious groups - the Brennan Center for Justice at New York University School of Law and the Leadership Conference on Civil Rights - issued a set of recommendations for technical upgrades and procedures that they said could help shore up high-tech voting systems in time for the November elections. Nancy Zirkin, the deputy director of the Leadership Conference, said she thought that the report had been taken seriously, but conceded that the group did not know how many states or precincts had actually adopted the recommendations. Other critics say that too little has been done in response to numerous problems - and that it is now too late to do much more before the election, because software and technology have to be tested and "frozen" well ahead of voting to avoid malfunctions and electoral chaos. "Switching now, approximately 40 days before the election, would probably introduce more security problems than it would avoid," said Aviel D. Rubin, a professor of computer science at Johns Hopkins University who brought many of the vulnerabilities in voting systems to light. Senator Barbara Mikulski, a Maryland Democrat, is among those who wonder whether the technology is ready for prime time. As she tried out one of Maryland's new machines at a folk festival last weekend, an apparent slip of her hand generated a "no" vote when she intended to vote "yes," before the error was caught and corrected. By last Monday, Ms. Mikulski had signed on to Senate legislation that would require all electronic voting terminals around the nation to generate a paper record for each vote. But there are no such capabilities in the AccuVote TS touch-screen systems that will be used throughout Maryland and in many other states that have adopted touch screens or other electronic voting devices. And it is too late to add them. The Maryland system is far from foolproof, in the view of Michael Wertheimer, a computer security consultant with RABA Technologies, who was hired by the state of Maryland last year to conduct a mock hacking attack against the Diebold machines. A number of security holes were found, including one in the Microsoft operating system that runs the election software, which did not have up-to-date security patches. The flaws, Mr. Wertheimer said, could allow tampering and skewed election results. He also noted that in the presidential primary election last March, Maryland used software on its machines that had not been certified by independent testing authorities, and thus violated state law. But Linda Lamone, the administrator of the state's election laws, has repeatedly stated that her office has taken the necessary steps to improve the Diebold machines. She says that issues of uncertified software have been corrected and that Maryland's election system is secure. The Maryland Court of Appeals appears to agree. On Tuesday, the court rejected a suit brought by a Maryland voter group, TrueVoteMD, which sought to force the state to further improve security on its machines and offer voters a paper-ballot alternative. Still, as the days dwindle, paper remains at the heart of the debate. Nevada, another state that will make near-universal use of touch-screen voting in November, purchased machines manufactured by Sequoia that produce a paper record - a move that received high marks earlier this month from the Free Congress Foundation, a conservative group in Washington. "Without an actual paper ballot, we are then left with only the computer's word for the election results," the group said in a news release accompanying its informal "Election Preparedness Scorecard" three weeks ago. The group gave grades of F to several states - including Kentucky, Maryland, Delaware and Tennessee - based on their degree of reliance on paperless electronic voting. Florida, whose results will almost certainly receive intense scrutiny, received an F-plus, while Georgia was given an F-minus. New Mexico, a swing state that will rely heavily on touch-screen voting on Nov. 2, received a D-minus. Harris N. Miller, president of the Information Technology Association of America, a trade group that represents many of the voting machine makers, concedes that the industry has probably not been sensitive enough to the political nuances surrounding voting technology - particularly in the aftermath of the 2000 election. But he argued that the fears expressed by many of those opposed to electronic voting are driven as much by ignorance as by passion. "What we're replacing is a system that was broken - so broken that Congress passed a special law," he said, referring to the Help America Vote Act of 2002, which was designed to help overhaul the nation's election system in the aftermath of the 2000 debacle. "It was so broken that Congress appropriated over a billion dollars to fix it," he said. The law, which established the Election Assistance Commission, generally encourages the movement away from punch cards and the exploration of other voting technologies. The law also calls for the federal standards agency, the National Institute for Standards and Technology, to develop universal standards for voting systems. But the agency says the $500,000 Congress appropriated last year for such efforts has been exhausted, and Congress did not provide additional funds for the effort in 2004. As for security concerns, Mr. Miller said that vendors submit their source code - the underlying instructions for the machines' software - for independent inspection, to uncover any hidden programming and to ensure that the machines calculate properly. Critics, however, point out that the labs inspecting the software are typically paid by the vendors themselves, and that they somehow failed to uncover the flaws discovered by Mr. Wertheimer, Professor Rubin, and election officials in Ohio, Maryland and elsewhere. While it is too late in the game to make it possible to produce a paper record for each vote on every machine already deployed, Mr. Miller said that vendors would be willing to include that feature in the future if the market demanded it. Most of the major vendors have models that can supply a printed record, but in most cases, Mr. Miller said, election officials have not required it. Paper receipts are not automatically required because no such universal guideline has ever existed. Mechanical lever machines, for instance, which have been in widespread use since the 1930's - and will still be used by millions of voters this year - have never produced a paper record of each vote. And states have traditionally established their own definitions of what constitutes a ballot. Still, the scrutiny and criticism that have dogged electronic voting machines over the last year all but guarantee that a pall of suspicion and distrust will hang over a technology that awaits approximately 45 million registered voters if they go to the polls. Whether the concerns are justified or overblown, experts say, in the wake of the 2000 election controversy, the mere hint of unreliability this time could turn the electronic vote, should the margin of victory be narrow, into one more tinderbox. "The woods aren't any drier than they were in 2000," Mr. Chapin of Electionline.org is fond of saying, "but there are a lot more people with matches." That is a point that Edward S. Morillo, a representative of the Santa Clara County Registrar of Voters in California, would probably concede. Mr. Morillo travels the county acquainting voters with the Sequoia AVC Edge, the voting machine that will be used there on Nov. 2. On Wednesday afternoon, he stopped by the Indian Health Center in San Jose. As patients and employees took turns poking at the screen, an occasional "What is it?" or "Oops!" seemed to foretell what ballot workers might expect on Election Day. Mr. Morillo said that reactions to the touch screens have generally been mixed, and that Santa Clara County - like every California county where similar electronic voting is in place - would offer a paper ballot alternative for those who, for whatever reason, are not comfortable with the machines. "The thing about the touch screen,'' he said, "is that you either love it or hate it." John Schwartz and Carolyn Marshall contributed reporting for this article. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 18 16:43:35 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 18 Sep 2004 19:43:35 -0400 Subject: Classified papers up in cost, number Message-ID: The Washington Times www.washingtontimes.com Classified papers up in cost, number By Audrey Hudson THE WASHINGTON TIMES Published September 18, 2004 The federal government last year spent $6.5 billion to create 14 million new classified documents, a 60 percent increase over 2001 that has alarmed government watchdog groups, according to a report by openthegovernment.com. "While some increase in classification is to be expected in wartime, this dramatic rise runs counter to recommendations by the 911 Commission and the congressional joint inquiry into 9/11, both of which recommended reforms to reduce unnecessary secrets," says the report by the group of journalists and consumer and government watchdogs. Federal officials have used the September 11 terrorist attacks to turn the public's right to know into the government's right not to tell, said Steven Aftergood, director of the project on government secrecy at the Federation of American Scientists, a national security watchdog group. "This is what happens when you give government agencies unlimited authority to control information; they are going to abuse it. That doesn't mean though there should not be restrictions. Everyone agrees all kinds of things need to be protected, but they are going overboard and no one seems to be in a position to stop them," Mr. Aftergood said. The National Commission on Terrorist Attacks Upon the United States cited "overclassification" of documents as a barrier to information sharing among agencies needed to fight terrorism, and legislators have discussed the issue at hearings held in response to the commission's report. Carol Haave, deputy undersecretary of defense for counterintelligence and security, last month told a House subcommittee on national security and emerging threats that as many as 50 percent of classified documents don't warrant the classification. She said there is a tendency at the Defense Department to "err on the side of caution." A portion of the $6.5 billion also was used to secure existing secrets, which typically are never unsealed for public consumption, even when their information really doesn't need to be protected, experts agree. Only 43,000 documents were declassified last year at a cost of nearly $54,000 compared to more than 100,000 documents declassified in 2001 prior to the September 11 terrorist attacks at a cost of $232,000, according to openthegovernment.com, whose analysis focused on pre- and post-attack numbers. A Congressional Research Service report released in June recommends placing time restrictions on the classification of documents, establishing an oversight board to review such classifications and holding periodic congressional briefings on them. It says that, historically, making information public is a primary way to expose and eliminate fraud and abuse in government. As the number of classified documents continues to rise, so do public requests to disclose government information under the Freedom of Information Act (FOIA). Such requests have tripled over the past six years. There were more than 3 million FOIA requests from federal agencies last year, up from 2.4 million in 2002. There also is a proliferation of ad hoc policies to restrict public access to information that is not classified, but still hidden from the public, legislators and experts say. For example, documents inside the Homeland Security Department are increasingly being labeled "For Official Use Only," "Sensitive Security Information," "Sensitive Homeland Security Information," and "Sensitive but Unclassified," the congressional report said. The report said the use of such terminology is dangerous because it prevents the disclosure of information and questionable policy, which, if seen by the public, could spur change. "There recently has been a dramatic upturn in the number of documents that have either been stamped SSI or 'Official Use Only,' including examples of activities that apparently were of a social orientation, and are clearly not of official nature, let alone of a classified matter," said Bob Flamm, executive director of the Federal Air Marshal Association. "It's being abused on a regular basis," Mr. Flamm said. However, Dave Adams, spokesman for the U.S. Federal Air Marshal Service, disputes that assertion and says that the SSI stamp is "not just automatically" being stamped on every document unless it is "sensitive." "Official Use Only" which is described by a Homeland Security directive as unclassified but sensitive information, would include threat assessment information, security plans, and financial information or information that could threaten security operations. Federal air marshals (FAM) say e-mail from management is automatically being stamped "Official Use Only" stating that "no portion of any document can be released to the media, the general public ... release of any FAM Service document, correspondence or law enforcement sensitive material could adversely affect our mission or jeopardize investigative activities." E-mail with the stamps describe medical checkup procedures, vacancy announcements that are also posted on the Internet, and one announced a going-away party for a colleague inviting co-workers "for Krispy Kremes and coffee" for the employee's farewell. "That sounds amazing," Mr. Aftergood said. "It is simply arbitrary. They make it up as they go along, and it's hard to take seriously." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Sep 18 16:46:23 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 18 Sep 2004 19:46:23 -0400 Subject: Barbarians at the Digital Gate Message-ID: The New York Times September 19, 2004 Barbarians at the Digital Gate By TIMOTHY L. O'BRIEN and SAUL HANSELL ARSTEN M. SELF, who oversees a children's computer lab at a youth center in Napa, Calif., spends about a half-hour each morning electronically scanning 10 PC's. He is searching for files and traces of code that threaten to hijack the computers by silently monitoring the children's online activities or by plastering their screens with dizzying - and nearly unstoppable - onslaughts of pop-up advertisements. To safeguard the children's computers, Mr. Self has installed a battery of protective software products and new Web browsers. That has kept some - but by no means all - of the youth center's digital intruders at bay. "You would expect that you could use these systems in a safe and sane way, but the fact of the matter is that you can't unless you have a fair amount of knowledge, time to fix the problems and paranoia," he said. The parasitic files that have beset Mr. Self and other frustrated computer users are known, in tech argot, as spyware and adware. The rapid proliferation of such programs has brought Internet use to a stark crossroads, as many consumers now see the Web as a battlefield strewn with land mines. At the same time, major advertisers and big Internet sites are increasingly tempted by adware's singular ability to display pop-up ads exactly when a user has shown interest in a particular service or product. "Adware has its place, but to grab market share I think a lot of companies are doing things that make consumers feel betrayed," said Wayne Porter, co-founder of Spyware-Guide.com, a Web site that tracks adware and spyware abuses. "I think we're at a very important inflection point that is going to decide how the Internet operates." The exact definitions of spyware and adware, like many things in the ever-changing world of the Internet, remain open to debate. But spyware generally refers to programs that reside in hidden corners of a computer's hard drive and record confidential information like keystrokes, passwords and the user's history of Web site visits. Some of the most insidious versions have to be installed on a computer by someone other than the user - maybe a jealous spouse or lover. Adware, for its part, marries old-fashioned highway billboard pitches to online distribution and the possibility of immediate response. Adware vendors range from fly-by-night operators who hawk pornography and gambling, wherever they can, to more legitimate companies like the Claria Corporation, which tries to aim its ads at the consumers deemed most likely to respond, based on their surfing habits. Claria alone has about 29 million users running its adware products on their computers, according to comScore MediaMetrix, an Internet research firm. That compares with 1.5 million users in early 2000, according to the company. Some spyware creeps onto a computer's hard drive unannounced, often by piggybacking onto other software programs that people download or by sneaking through backdoor security gaps in Web browsers when consumers visit certain sites. In other cases, consumers technically agree to download the software, but critics say that the disclosures are hard to find. FOR all the differences between spyware and adware, their impact on computers is pretty much the same: screens transformed into digital versions of Times Square, and overburdened PC's that operate much more slowly as they struggle with random and uncontrollable processes prompted by the hard drive. Small wonder that consumers are throwing up their hands in despair. "From what consumers are telling us, they feel like their computers are being taken away from them," Mr. Porter said. "We have some consumers saying it makes them hesitant to use the Internet at all because of what an annoyance it has become." Reliable data about the booming adware market is scant, but consumer complaints have become frequent and vociferous. Privacy watchdogs like the Center for Technology and Democracy in Washington have called for closer regulatory scrutiny of the industry. Legislation seeking to protect consumers from abusive adware and spyware has been introduced in Congress. One state, Utah, has even outlawed the installation of any software without users' consent. Consumers can use some tools to fight adware and spyware themselves. Software products like Spybot-Search & Destroy, Spy Sweeper and Adaware can zap some intrusive programs on a hard drive and block attempts to trespass onto a PC. And many analysts like Mr. Porter recommend that consumers switch from Microsoft's Internet Explorer to Mozilla Firefox, a free browser that they say has fewer security vulnerabilities. (Microsoft has issued software patches for Explorer and released an update to Windows XP that makes it harder for consumers to download software unknowingly.) But critics of the adware industry say solutions to the problems ultimately must come from vendors themselves. Against this landscape, companies that still hope to mine the lucrative promises of adware have choices to make: to abandon the pop-up promotions that consumers find so annoying or to overhaul their practices so thoroughly that they are seen as responsible online citizens. Some companies seem unlikely to follow the second path. Perhaps the most infamous adware purveyor is an elusive enterprise alternately known as CoolWWWSearch or CoolWebSearch. The company operates from computer servers in the United States as well as far-flung places like Russia, Britain, the Virgin Islands and Spain. It has developed adware that can change its name and its location on a hijacked computer several times a day - making it virtually impossible to track. The company did not reply to an e-mail message seeking comment. Spyware Labs Inc., a Hawaiian company, promotes itself as a vendor of anti-spyware tools but peddles a product called Virtual Bouncer that experts like Mr. Porter say functions as spyware and adware once it is installed on a computer. Spyware Labs also did not answer an e-mail message seeking comment. Spyware companies are considered some of the most disreputable players in the industry, because their products can be used for illicit purposes. While many adware companies engage in some of the same practices as spyware companies - both track users' browsing habits, for example - adware tends to occupy a less nefarious position. In the realm of more mainstream adware vendors stands Claria, based in Redwood City, Calif. The company, founded as Gator in 1998, is trying to recast adware as a more consumer-friendly addition to computers. Smart minds and smart money surrounded Claria from the beginning. It was founded by Denis Coleman, a Silicon Valley entrepreneur who was a co-founder of the company that became Symantec. Among Claria's earliest investors were Scott D. Cook, founder of Intuit Inc.; Andy Bechtolsheim, a co-founder of Sun Microsystems; and Philip M. Young, an investor with U.S. Venture Partners, a venture capital firm in Menlo Park, Calif. Claria piggybacks its adware on popular programs like Kazaa, the music file-sharing service, and has a lucrative partnership with Yahoo, one of the Internet's busiest sites. Claria's investors and executives say the company has been unfairly grouped with shadier operators and that its goal was never to spy on computer users or to gather personal information surreptitiously. Instead, they say, the aim is to offer useful ads tailored to consumers' real interests and needs, derived from careful monitoring of their Web use. "A technique that provided much more relevant information and advertising to a computer user seemed like a powerful concept," Mr. Young said. "Claria has demonstrated how much more powerful a message is when it's delivered to the right user, and Claria's only scratched the surface of what they're capable of doing when they deploy their software." CLARIA recently canceled plans to take itself public, citing changing business circumstances; it declined to offer a more detailed explanation. But the company's public filings offer evidence of its financial potential. After a few years of losses, the company earned $91,000 in 2002 on $40.5 million in revenue. Last year, it earned about $35 million on $90.5 million in revenue - an enviable profit margin. "At the end of the day it's real simple," said Jeffrey McFadden, a former executive at the Internet portal Excite who is now Claria's chief executive. "Consumers find value in relevant advertising." Advertisers find value in the model, too. Mainstream companies like Verizon, Panasonic and Priceline rely on adware programs because of their power to address people's individual interests. Claria said 425 advertisers - including Cendant, FTD, Netflix and Orbitz - use its adware. Nonetheless, Claria has drawn its share of barbs. Several companies, including The New York Times, have sued Claria, arguing that its pop-up ads violate trademark protections when they appear on the companies' Web sites. Claria has settled most of those suits, including with The Times, but declined to discuss the terms. Claria has also drawn the ire of advocacy groups, partly because of its ubiquity and its role as an industry pioneer. Critics also denounce some of its business practices, particularly the way it bundles its software with other programs and the stealth it has used to land on users' hard drives. "They were very aggressive for a long time, and they turned off a lot of people," said Ari Schwartz, associate director of the Center for Democracy and Technology. "That said, they seem now to be moving in the direction of trying to take steps to make their business more legitimate." It won't be easy, he added: "They still have a long way to go to make their product something people want to have rather than something they're stuck with." Mr. Schwartz said that he believed that Claria's products were not easy to remove from a computer. Claria executives dispute that computer users are "stuck with" their products. They say they have worked closely with Mr. Schwartz and other critics to make their ad programs more visible and palatable to computer users. Scott Eagle, Claria's chief marketing officer, said the company downloads its adware to a user's hard drive only with permission, makes the adware easy to remove and clearly identifies its products. He also says Claria does not collect personal information like last names, phone numbers or e-mail, Internet and home addresses. "We would rather not show you an ad that's not going to be relevant to you, because that doesn't add any value to you or the advertiser," Mr. Eagle said. "The big question is, 'Where does this all go?' Pop-ups and pop-unders are not wildly accepted by consumers." As a result, Mr. Eagle said, Claria will move away from providing pop-ups and will offer more static banner ads on some Web sites. Others in the Internet advertising industry also say that negative reaction has persuaded them to forgo the pop-up route. "Everyone is searching for the magic bullet where the consumer will say yes to pop-ups," said David J. Moore, the chief executive of 24/7 Real Media, a large Internet advertising company. "The average consumer will end up with a few of these adware programs, and it sours them on the entire experience." Mr. Moore said 24/7 had considered buying an adware company but had passed. "We were nervous about the long-term business prospects," he said. "There seems to be a fairly strong groundswell to limit how they do business." WhenU.com, another prominent adware company, began as a comparison-shopping service founded by consultants at the Boston Consulting Group. But the company, based in New York, discovered that comparison-shopping was an unprofitable service, and it, like Claria, began bundling adware with a number of file-sharing companies including, briefly, Kazaa. WhenU, like Claria, uses display ads called sliders - because they slide up from the bottom of the screen. The ads are generated by WhenU's software and can be launched even when a browser is not open - meaning they cannot be stopped by software that blocks pop-up ads. Other WhenU ads appear in front of an open application, interrupting the user, while others hide behind the application until the user closes it. Avi Naider, WhenU's chief executive, says he believes that pop-ups and related intrusive advertising will continue to be viable even if some consumers try to avoid them. "The business spent four years educating advertisers about the performance you can get from these type of ads, and we didn't spend much time educating consumers," Mr. Naider said. "We never talked to consumers about the benefits of software-based advertising." Mr. Naider says WhenU does not keep user information. Instead, he says, the software his company installs on users' machines tracks the Web sites that users have visited and displays relevant advertising. "This is a healthy direction for advertising to go, with a strong set of standards," he said. But he conceded it would be "a battle to transcend the simplistic perception that most consumers have about adware." THE question remains whether a legitimate business can be built on the back of an industry that has annoyed consumers so deeply and has been linked to truly illegitimate practices. "The adware industry has grown so quickly because it works," said Gary A. Kibel, a lawyer in New York who specializes in new media and advertising law. "I'm sure 80 percent of consumers don't want advertising on television, but if you get rid of advertising on television there'd be no more free TV." Mr. Kibel said federal legislation could help formalize and sanitize the business. But some computer users remain unswayed. "Adware and spyware and all the other malwares that are out there just waste a lot of time and make the whole Internet experience a lot less enjoyable," said Orion E. Hill, president of the Napa Valley Personal Computer Users Group, a nonprofit group that educates consumers about PC's. "It's intrusive into your life, and I don't think that's going to change. "The current Internet model is just too wide open, and I don't have any confidence that any of the new models are going to be any better," Mr. Hill added. "The Internet is just too accessible, and it's too easy for people to make anything they want out of it." Copyrigh -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Sun Sep 19 09:15:30 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 19 Sep 2004 12:15:30 -0400 Subject: Geopolitical Darwin Awards Message-ID: A solid post. In this context I'd drill down a bit to the idea of "fanaticism"... > > And if you ask me, fanaticism never lasts very long > > anywhere, only for about a generation during turbulent times. > >That is what King George and his redcoats said about the >ragtag colonials, American as well as those who suffered the >king's abuse into the 20th Centruty. My running, personal theory is that Muslim fundamentalism (and in general, most fundamentalisms) get going when the locals gain a persistent sense that they're gettin' screwed over, and that their current government ain't helping a whole lot. It's kind of a devil's bargain to obtain a source of strength. By necessity it needs to reject a lot of the local culture, otherwise there isn't sufficient motivation to fight. In general, it's probably on many levels predictable and even reasonable. Of course, this can boil over into bizarre, "fanatical" behavior, but then again as Mr Young so aptly put it, "fanatical" is what the screw-ers normally call mass behavior they don't like. In the case of Nukes, I'd point out that the nuclear nations have a distinct advantage at the UN or any other bargaining table, so if I were Iranian I'd be working pretty hard to get something quasi-viable together that could be called a "nuke". Of course, the few truly "fanatical" members of the local nuke-wannabees might get a hold of the block box and, well, that sucks. -TD _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From mv at cdc.gov Sun Sep 19 13:29:51 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 19 Sep 2004 13:29:51 -0700 Subject: Geopolitical Darwin Awards Message-ID: <414DEC3F.327325EB@cdc.gov> At 12:15 PM 9/19/04 -0400, Tyler Durden wrote: >My running, personal theory is that Muslim fundamentalism (and in general, >most fundamentalisms) get going when the locals gain a persistent sense that >they're gettin' screwed over, See "Crusades", which aint over til the tall buildings fall. and that their current government ain't >helping a whole lot. The Saudi royalty is the best the US can buy! It's kind of a devil's bargain to obtain a source of >strength. By necessity it needs to reject a lot of the local culture, >otherwise there isn't sufficient motivation to fight. In general, it's >probably on many levels predictable and even reasonable. Religion (of any form that posits an afterlife) is a terrorist weapon. Faith in the man with the silly hat is a WMD. >Of course, this can boil over into bizarre, "fanatical" behavior, but then >again as Mr Young so aptly put it, "fanatical" is what the screw-ers >normally call mass behavior they don't like. Winners write the history books. >In the case of Nukes, I'd point >out that the nuclear nations have a distinct advantage at the UN or any >other bargaining table, so if I were Iranian I'd be working pretty hard to >get something quasi-viable together that could be called a "nuke". Of >course, the few truly "fanatical" members of the local nuke-wannabees might >get a hold of the block box and, well, that sucks. 1. The UN doesn't let Rogues (tm) into the Security Council and thus a nuke is only *de facto*, not diplomatically useful in deterring colonial regime-changing. 2. Far more likely is that a decade's worth of work, a lot of money, and a few scientists will be vaporized by an Israeli Hellfire, made in the USofA by those proud flag-flying folks at Raytheon Death, Inc. The counter to 2 is to have two or more, one mounted on a missile on a mobil platform, how do you say MX in Farsi, and keep everything really really secret. The first nuke is for demonstration purposes, which might be a waste if its a U-gun type (except in making abundantly clear how far along your R&D is :-). (Remember the Hiroshima bomb was *not* tested, so sure were the scientists. Trinity was a Pu-implosion finesse job.) The interesting thing is that Iran isn't buying a few from Pakistan. Oh that's right, the U$ bought the Paki 'leadership'. Also means that Al Q isn't willing to share their stash with Iran. They probably think they have higher-priority uses for them. From mv at cdc.gov Sun Sep 19 13:37:53 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 19 Sep 2004 13:37:53 -0700 Subject: voting: economics of paper trails Message-ID: <414DEE21.6A7FF51A@cdc.gov> Isn't it *cheaper* (as well as more accurate) to have preprinted ballots, optically scanned, then to have an embedded computer print out a paper trail? Ie, don't the benefits of volume printing beat the cheapest printing tech? Besides the other advantages of being self-verifiable, more accurate, intuitive, unhackable, not having to be destroyed or randomized (as with serial polling-place-kept paper trails), etc? Methinks the printing press / optical scanner industry is not resisting the Diebold/tech-fetishist whores adequately... I think Ben Franklin would agree. From jamesd at echeque.com Sun Sep 19 16:57:41 2004 From: jamesd at echeque.com (James A. Donald) Date: Sun, 19 Sep 2004 16:57:41 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: Message-ID: <414DBA85.13402.AE71897@localhost> On 19 Sep 2004 at 12:15, Tyler Durden wrote: > My running, personal theory is that Muslim fundamentalism (and in > general, most fundamentalisms) get going when the locals gain a > persistent sense that they're gettin' screwed over, But the Saudi Arabian elite, of among which Bin Laden was born with a silver spoon in his mouth, are not getting screwed over. Similarly, the Javanese are not get screwed over. In an entirely literal sense, they are doing the screwing, in that boys and girls among racial and religious minorities subject to their power tend to get raped, and the rapists and murderers go unpunished. Secondly, these guys are no more fundamentalists than the World Council of Churches, or liberation theologians, whose views strongly resemble those of the terrorists, are fundamentalists. They tend to talk about Islam overthrowing Capitalism, a proposition that would have seemed wholly bizarre to Mohammed, who talked about Islam overthrowing Christendom. A christian fundamentalist believes he bases his religion on Christ and the twelve Apostles. The terrorists do not believe they base their religion upon Mohammed and the four rightly guided Caliphs. Rather they base their religion on much later authority. Bin Laden even claims the Turkish Calphate represented proper religious authority, a view that is extremely whacky among Muslims. The views of many of the terrorists have a resemblance to those of caliph al- Hakim, holds that living theological authority is supreme, and casually rewrite the positions of dead theological authority - a position whose Christian equivalent is analogous to "High Church", which is generally regarded as the opposite of fundamentalist. From jamesd at echeque.com Sun Sep 19 17:07:52 2004 From: jamesd at echeque.com (James A. Donald) Date: Sun, 19 Sep 2004 17:07:52 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: References: <414C377F.28424.4FF1284@localhost> Message-ID: <414DBCE8.8024.AF06B7F@localhost> -- James A. Donald: > > Iranian financed military movements, Hezbollah and Sadr, > > have been fairly well behaved - they don't target other > > people's children - just their own, but their willingness > > to cause the deaths of their own children is even more > > frightening than Al Quaeda's antics, though marginally less > > repugnant morally. > > > > People so willing to sacrifice children, are apt to be > > willing to use nuclear weapons. John Young > More King George-type remarks, as with arrogant tyrants > everywhere and their authority suck-ups. I don't recall the American revolutionaries herding children before them to clear minefields, nor surrounding themselves with children as human shields. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG j07YPfmxqEtV9Aq+HTfim7giQ/OhISFU23UtnRML 4CdvNbZ/OawRkjcNRLk/qxs0QlgxWL3C8L7gIUcbA From rah at shipwright.com Sun Sep 19 17:18:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 19 Sep 2004 20:18:50 -0400 Subject: Time for new hash standard Message-ID: Sydney Morning Herald Time for new hash standard By Bruce Schneier Comment September 20, 2004 - 9:09AM At the CRYPTO conference in Santa Barbara, CA, last month, researchers announced several weaknesses in common hash functions. These results, while mathematically significant, aren't cause for alarm. But even so, it's probably time for the cryptography community to get together and create a new hash standard. One-way hash functions are a cryptographic construct used in many applications. They are used in conjunction with public-key algorithms for both encryption and digital signatures. They are used in integrity checking. They are used in authentication. They have all sorts of applications in a great many different protocols. Much more than encryption algorithms, one-way hash functions are the workhorses of modern cryptography. In 1990, Ron Rivest invented the hash function MD4. In 1992, he improved on MD4 and developed another hash function: MD5. In 1993, the National Security Agency published a hash function very similar to MD5, called SHA (Secure Hash Algorithm). Then, in 1995, citing a newly discovered weakness that it refused to elaborate on, the NSA made a change to SHA. The new algorithm was called SHA-1. Today, the most popular hash function is SHA-1, with MD5 still being used in older applications. One-way hash functions are supposed to have two properties. One, they're one way. This means that it is easy to take a message and compute the hash value, but it's impossible to take a hash value and recreate the original message. (By "impossible" I mean "can't be done in any reasonable amount of time.") Two, they're collision free. This means that it is impossible to find two messages that hash to the same hash value. The cryptographic reasoning behind these two properties is subtle, and I invite curious readers to learn more in my book "Applied Cryptography." Breaking a hash function means showing that either - or both - of those properties are not true. Cryptanalysis of the MD4 family of hash functions has proceeded in fits and starts over the last decade or so, with results against simplified versions of the algorithms and partial results against the whole algorithms. This year, Eli Biham and Rafi Chen, and separately Antoine Joux, announced some pretty impressive cryptographic results against MD5 and SHA. Collisions have been demonstrated in SHA. And there are rumors, unconfirmed at this writing, of results against SHA-1. The magnitude of these results depends on who you are. If you're a cryptographer, this is a huge deal. While not revolutionary, these results are substantial advances in the field. The techniques described by the researchers are likely to have other applications, and we'll be better able to design secure systems as a result. This is how the science of cryptography advances: we learn how to design new algorithms by breaking other algorithms. Additionally, algorithms from the NSA are considered a sort of alien technology: they come from a superior race with no explanations. Any successful cryptanalysis against an NSA algorithm is an interesting data point in the eternal question of how good they really are in there. To a user of cryptographic systems - as I assume most readers are - this news is important, but not particularly worrisome. MD5 and SHA aren't suddenly insecure. No one is going to be breaking digital signatures or reading encrypted messages anytime soon with these techniques. The electronic world is no less secure after these announcements than it was before. But there's an old saying inside the NSA: "Attacks always get better; they never get worse." These techniques will continue to improve, and probably someday there will be practical attacks based on these techniques. It's time for us all to migrate away from SHA-1. Luckily, there are alternatives. The National Institute of Standards and Technology already has standards for longer - and harder to break - hash functions: SHA-224, SHA-256, SHA-384, and SHA-512. They're already government standards, and can already be used. This is a good stopgap, but I'd like to see more. I'd like to see NIST orchestrate a worldwide competition for a new hash function, like they did for the new encryption algorithm, AES, to replace DES. NIST should issue a call for algorithms, and conduct a series of analysis rounds, where the community analyzes the various proposals with the intent of establishing a new standard. Most of the hash functions we have, and all the ones in widespread use, are based on the general principles of MD4. Clearly we've learned a lot about hash functions in the past decade, and I think we can start applying that knowledge to create something even more secure. Better to do it now, when there's no reason to panic, than years from now, when there might be. Bruce Schneier is a world-renowned security technologist. His latest book is Beyond Fear: Thinking Sensibly About Security in an Uncertain World. He can be reached at www.schneier.com. This article first appeared in his monthly newsletter Crypto-Gram and is reproduced with permission. Copyright rests with the author. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From justin-cypherpunks at soze.net Sun Sep 19 13:21:41 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 19 Sep 2004 20:21:41 +0000 Subject: Geopolitical Darwin Awards In-Reply-To: References: Message-ID: <20040919202141.GA30867@arion.soze.net> On 2004-09-19T12:15:30-0400, Tyler Durden wrote: > My running, personal theory is that Muslim fundamentalism (and in general, > most fundamentalisms) get going when the locals gain a persistent sense > that they're gettin' screwed over, and that their current government ain't > helping a whole lot. _Cities of Salt_? -- The old must give way to the new, falsehood must become exposed by truth, and truth, though fought, always in the end prevails. -- L. Ron Hubbard From jya at pipeline.com Sun Sep 19 20:46:27 2004 From: jya at pipeline.com (John Young) Date: Sun, 19 Sep 2004 20:46:27 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: <414DBCE8.8024.AF06B7F@localhost> References: <414C377F.28424.4FF1284@localhost> Message-ID: James A. Donald: >I don't recall the American revolutionaries herding children >before them to clear minefields, nor surrounding themselves >with children as human shields. No, not minefields, but a good percentage of Washington's army and that of the French, were children. Young boys were taught the art of war as gofers and undercover spies among the Brits. Some were caught and executed. Others packed weapons and fought like men who welcomed their foolhardy bravery when their manly courage withered. Today, even the US uses children in war, 17 being the minimum age to enlist. Others sneak in by lying about their age, some as young as 14. Recruiters look the other way when the kids and their parents lie. Been there, done that. Enlisted in the army at 15, served months before being kicked out when a relative ratted on me. Went in again at 17. That was not uncommon then, and still is not. Good way to get away from school and fucked up parents who use you like a beast of burden -- in every age and country. The military has found that teenagers are better fighters than those over 21, more malleable, patriotic, healthy, ready to kill when told it's okay. Older guys and gals think for themselves too much to charge a machine gun. A kid thinks life will never end. That's why it's not so hard to cultivate suicide bombers. Flying a $50 million plane is a piece of cake, no guts required. Fuck those stand-off cowards in artillery, the navy and air force. Grunts younger than 20 are the universal soldier. Non-caucasians especially. No need to mention today's Africans, the pre-teens and teens Mao used effectively, the underage North Koreans in the Korean Conflict, and not least the Amerindians who taught kids from puberty to make war -- boys and girls. It is worth pondering that older guys don't like war up close, in fact the the further away it is the better they like to promote it with Stallonian filmic ferocity -- witness the current yellow-bellied administration, though hardly the first to cry for war to be fought by disposable youngsters. What older soft-gutted guys in all nations like most is the Wagnerian tragedy, the soap opera sturm and drang, of other people's suffering and death for their loose-screw agenda. From measl at mfn.org Sun Sep 19 19:30:15 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 19 Sep 2004 21:30:15 -0500 (CDT) Subject: :-) (was re: How one can become a terrorist?) In-Reply-To: References: Message-ID: <20040919213000.S15598@ubzr.zsa.bet> This is a well known joe-job. On Sun, 19 Sep 2004, R. A. Hettinga wrote: > Date: Sun, 19 Sep 2004 22:10:12 -0400 > From: R. A. Hettinga > To: cypherpunks at al-qaeda.net > Subject: :-) (was re: How one can become a terrorist?) > > > > --- begin forwarded text > > > Return-Path: > Received: from bullae.ibuc.com ([unix socket]) > by bullae.ibuc.com (Cyrus v2.1.13) with LMTP; Sun, 19 Sep 2004 > 21:29:53 -0400 > X-Sieve: CMU Sieve 2.2 > Received: from cpe-066-061-026-172.midsouth.rr.com > (cpe-066-061-026-172.midsouth.rr.com [66.61.26.172]) > by bullae.ibuc.com (Postfix) with SMTP id C8526827C8D > for ; Sun, 19 Sep 2004 21:29:52 -0400 (EDT) > Message-ID: <20040931642.2795811652 at shadowcrew.com> > Date: Mon, 20 Sep 2004 01:33:55 +0000 > From: > Subject: How one can become a terrorist? > To: > MIME-Version: 1.0 > Content-Type: text/plain > > Welcome to our web site www.shadowcrew.com/phpBB2/index.php > > Please use http://63.240.81.5 in case of our domain outage. > > You're invited to shop for large selection of bombs and different kinds of > rockets such as surface-to-air, > surface-to-surface and weaponry available at reduced price. With the > following types of rockets you will be > able to commit terrorist attacks, destroy buildings, electric power > stations, bridges, factories and anything > else that comes your mind. Most items are in stock and available for next > day freight delivery in the USA. > Worldwide delivery is available at additional cost. Prices are negotiable. > > Please feel free to inquire by ICQ # 176928755 or contacting us directly: > > +1-305-592-2222 > +1-919-319-8249 > +1-314-770-3395 > > Today special: > > ******* AIR BOMBS ******* > OFAB-500U HE fragmentation air bomb > Fuel-air explosive air bombs -Not in stock > BETAB-500U concrete-piercing air bomb > ZB-500RT incendiary tank > 500-KG SIZE RBK-500U unified cluster bomb > RBK-500U OAB-2.5PT loaded with fragmentation submunitions > RBK-500U BETAB-M loaded with concrete-piercing submunitions-Not in stock > RBK-500U OFAB-50UD loaded with HE fragmentation submunitions > > ******* UNGUIDED AIRCRAFT ROCKETS ******* > Main-purpose unguided aircraft rockets > S-8 unguided aircraft rockets > S-8KOM > S-8BM-Not in stock > S-13 unguided aircraft rockets > S-13, S-13T, S-13-OF, S-13D, S-13DF > S-25-0 > S-25-OFM > S-24B -Not in stock > RS-82 > RS-132-Not in stock > > ******* ROCKET PODS ******* > B-8M pod for S-8 rockets > B-8V20-A pod for S-8 rockets > B-13L pod for S-13 rockets > > Recently received *NEW* > > Hydra 70 2.75 inch Rockets > Air-Launched 2.75-Inch Rockets > FIM-92A Stinger Weapons System > Stinger 101: Anti-Air > > Our clients are well known Al-Qaida, Hizballah, Al-Jihad, HAMAS, Abu Sayyaf > Group and many other terrorist groups. We are well known supplier in the > market and looking forward to expand our clientage with assistance of > Internet. > > Do not hesitate to contact us via ICQ # 176928755 > > Impatiently awaiting for your orders, > ShadowCrew > > --- end forwarded text > > > -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From steve49152 at yahoo.ca Sun Sep 19 19:08:35 2004 From: steve49152 at yahoo.ca (Steve Thompson) Date: Sun, 19 Sep 2004 22:08:35 -0400 (EDT) Subject: Keith Henson Needs Help In-Reply-To: Message-ID: <20040920020835.2133.qmail@web51802.mail.yahoo.com> "R. A. Hettinga" wrote: Keith Henson Needs Help (MLP) By Baldrson Wed Sep 15th, 2004 at 07:42:14 AM EST [snip] Anyway, back to the question: Why should you care? Maybe you don't like Scientology. Maybe you like Keith. Maybe you just like to mess with the California government. Whatever, Keith Henson is asking for help and he quite probably actually needs it. This is interesting. I haven't had the time to follow much of Mr. Henson's case; either the refugee claim, or the subsequent deportation proceedings. I do recall that he was incarcerated at the Metro West Detention Center while some of his legal maneouvers were being heard in Oakville, and that won't have been very pleasant at all. People who belong to The Church of Scientology seem to comprise a rather nasty group, and I am not surprised to hear that there are people who fear their reach and influence. Of course, the US justice system has a number of problems that have been well documented in recent years, and is obviously no walk in the park for anyone who runs afoul of it for whatever reason. But given that, I can't imagine the naoveti of thought that would lead someone to believe that Canada (and its judicial system) is so much better as to make it worthy as a haven for contemporary US dissidents. The Church of Scientology is obviously somewhat active here, at least as far as I can detect; as are other [religious] special-interest groups. Despite this, or perhaps because of it, officials of government here seem only too willing to allow all manner of tomfoolery and hi-jinks to play out alongside the official processes of law. Tangentially, the Globe and Mail recently printed an article that used the phrase "asymetrical government" to seemingly describe the recent change of character to the practises of federal governance in Canada. I can't imagine that bodes well considering the term's likely relation to 'asymetric warfare', but then perhaps some bored PSYOPS expert is merely having a little fun with Globe readers. However, notwithstanding the spectre of improved 'asymmetric' Canadian government, I am not too intelligent in these matters and so there could be some very significant differences up here that makes it an attractive destination for refugees fleeing your own very Happy Fun Government. It is a truism to say that people sometimes do the strangest things and that their motives are often extremely obscure, and so I am not surprised to find myself mystified on occasion. Why, I don't believe I even really appreciating the subtleties of John Gilmore's current civil action against the USG over airline security screening procedures. Politics really is quite complex these days for the nonexpert. If Keith had asked me before he decided to set out for Canada, I probably would have advised him then that this is no utopia of jurisprudence and fair play. Sure, if one has enough (but not too much) money to spare, this can be a nice place, but I am told that the same holds true for Chile. There are tiers of access to public services and no exemplary history available to hold up as evidence to support the idea of Canada as much of a sanctuary from the excesses of certain malign foreign government actors. And, sure, I have not travelled about Canada extensively so I can personally only attest to the existence of malign domestic government and non-government actors in the Greater Metropolitan Toronto area. Other provinces could be much, much better than Southern Ontario. Of course my cynicism and discontent could be mostly a product of, and reaction to being more or less unilaterally hung out to dry by my friends, acquaintances, and the officials of my immediate experience in recent years. (Incidentally, I can't say that I haven't learned some important bits of data from pseudonymous benefactors, but the fact of pseudonymity and indirection in such instances is really not very comforting. [shit] And furthermore, study, induction and deduction, as well as a whole bunch of testing comprise _the_ major contributors to what little peace of mind I posses if bound literature is excepted. Help is clearly a commodity in short supply around here.) Anyhow, Keith's failed refugee claim is clearly significant. Considering my calendar at the moment I don't think there's much that I can do to help, unfortunately. I will watch, though, and I'll be be interested to see exactly how the final moves play out in his case. Regards, Steve --------------------------------- Post your free ad now! Yahoo! Canada Personals From rah at shipwright.com Sun Sep 19 19:10:12 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 19 Sep 2004 22:10:12 -0400 Subject: :-) (was re: How one can become a terrorist?) Message-ID: --- begin forwarded text From rah at shipwright.com Sun Sep 19 21:46:58 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 00:46:58 -0400 Subject: :-) (was re: How one can become a terrorist?) In-Reply-To: <20040919213000.S15598@ubzr.zsa.bet> References: <20040919213000.S15598@ubzr.zsa.bet> Message-ID: At 9:30 PM -0500 9/19/04, J.A. Terranson wrote: >This is a well known joe-job. Well, *sure*. Too bad they didn't put blacknet's address on it, or something... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From nightwatch01 at comcast.net Mon Sep 20 00:50:34 2004 From: nightwatch01 at comcast.net (Tim) Date: Mon, 20 Sep 2004 00:50:34 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: References: <414C377F.28424.4FF1284@localhost> Message-ID: <414E8BCA.8000104@comcast.net> John Young wrote: >What older soft-gutted guys in all nations like most is the >Wagnerian tragedy, the soap opera sturm and drang, of >other people's suffering and death for their loose-screw >agenda. > > You demonstrate that point well. From rah at shipwright.com Sun Sep 19 21:55:11 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 00:55:11 -0400 Subject: The internment taboo Message-ID: Townhall.com r-friendly version The internment taboo John Leo (back to web version) | Send September 20, 2004 Thanks to columnist Michelle Malkin, we are at last moving toward our first national discussion on the wisdom and fairness of interning 100,000 ethnic Japanese during World War II. For at least a generation, the issue has been positioned as closed and undebatable--the evacuation of Japanese aliens and Japanese-American citizens from the West Coast was simply due to racism and wartime hysteria. This orthodox view is reflected in histories, textbooks, fiction, and museums. Plausible reasons for the evacuation are almost always dropped from these presentations, and racism is simply assumed ("Ancestry Is Not a Crime" is one curriculum title). In her book In Defense of Internment, Malkin argues that President Roosevelt's order to move ethnic Japanese from the coast was at the very least a close call and can be viewed as a reasonable and mild decision, given the vulnerabilities of the United States to raids and attacks supported by a small minority of Issei (Japanese aliens) and Nisei (Japanese-Americans, many of whom held dual citizenship). With most of the U.S. fleet destroyed at Pearl Harbor, the Pacific became a Japanese pond, and in a series of raids, Japanese subs sank U.S. ships off the coast, shelled California's Goleta Oil Fields, and torpedoed a ship that escaped by running aground in the mouth of the Columbia River. In the view of Secretary of War Henry Stimson, "It was quite impossible to be sure that the raiders would not receive important help from individuals of Japanese origin." The core of Malkin's book concerns the so-called Magic messages--intercepted and decoded Japanese messages sent to and from Japan and kept secret by the United States until 1977. The Magic messages were startling. By mid-1941 the Japanese had set up an extensive espionage network along America's West Coast, recruiting Issei and Nisei and surveilling near military bases, shipyards, airfields, and ports. A Honolulu cell provided important last-minute help to the attackers at Pearl Harbor. Though the U.S. intelligence community knew that the vast majority of ethnic Japanese in America were no threat, it also knew that the Japanese government was beaming messages of ultranationalism, sometimes calling on Nisei to return to Japan for political or military training--the madrasahs of the day. A secret U.S. government estimate said perhaps 3,500 ethnic Japanese in America were active supporters of the Japanese war effort. After the war, Japan said that 1,648 Japanese-American citizens had fought in Japan's Army. Other estimates set the number as high as 7,000. In 1944, when the United States gave American Japanese a chance to renounce their U.S. citizenship, some 5,620 did so, and 2,031 left for Japan. Orthodox anti-internment historians generally discount the role of the Magic messages. Canadian historian Greg Robinson, who recently denounced Malkin's "crackpot book," mentioned the messages glancingly in two sentences of his 2001 book, By Order of the President, and spent a great deal of space musing about FDR's racial attitudes. In February of1942, Roosevelt issued the order that led to the evacuation of Japanese and members of other ethnic groups from the West Coast, as Canada and Mexico had already done. German and Italian aliens accounted for 14,183 of the U.S. internee population. Because of the intercepted Magic messages and the Japanese raids along the coast, the United States was primarily concerned with the Japanese population, but neither the stats nor the language of the order sustains the charge of racism. The initial evacuation was only on the West Coast. Nisei and Issei further east were left alone. The U.S. government assumed, or hoped, that evacuees would find suitable jobs and homes in the interior, but only 5,000 to 10,000 did. The camps were set up when most evacuees either couldn't or wouldn't move east on their own. As Malkin points out, evacuees at first were free to leave the camps if they found work or educational opportunities outside--some 4,300 left the camps to attend college. Camp conditions were often harsh, and the evacuation attached a harmful stigma to all Japanese in America. But Roosevelt, much of America's liberal establishment, and the Supreme Court signed off on evacuation as a reasonable step taken under extreme wartime pressure. Malkin's point is that if the threat to the survival of America is severe enough, some civil liberties must yield. She is right that the internment issue is currently being wielded as a club to prevent reasonable extra scrutiny of suspect Arabs and Muslims. But the twin towers were not brought down by militant Swedish nuns. It is always reasonable to look in the direction from which the gravest danger is coming. It's also reasonable and important to open an honest discussion of internment, past and present. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Sep 20 05:33:02 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 08:33:02 -0400 Subject: Academics locked out by tight visa controls Message-ID: Posted on Mon, Sep. 20, 2004 Academics locked out by tight visa controls U.S. SECURITY BLOCKS FREE EXCHANGE OF IDEAS By Bruce Schneier Cryptography is the science of secret codes, and it is a primary Internet security tool to fight hackers, cyber crime, and cyber terrorism. CRYPTO is the world's premier cryptography conference. It's held every August in Santa Barbara. This year, 400 people from 30 countries came to listen to dozens of talks. Lu Yi was not one of them. Her paper was accepted at the conference. But because she is a Chinese Ph.D. student in Switzerland, she was not able to get a visa in time to attend the conference. In the three years since 9/11, the U.S. government has instituted a series of security measures at our borders, all designed to keep terrorists out. One of those measures was to tighten up the rules for foreign visas. Certainly this has hurt the tourism industry in the U.S., but the damage done to academic research is more profound and longer-lasting. According to a survey by the Association of American Universities, many universities reported a drop of more than 10 percent in foreign student applications from last year. During the 2003 academic year, student visas were down 9 percent. Foreign applications to graduate schools were down 32 percent, according to another study by the Council of Graduate Schools. There is an increasing trend for academic conferences, meetings and seminars to move outside of the United States simply to avoid visa hassles. This affects all of high-tech, but ironically it particularly affects the very technologies that are critical in our fight against terrorism. Also in August, on the other side of the country, the University of Connecticut held the second International Conference on Advanced Technologies for Homeland Security. The attendees came from a variety of disciplines -- chemical trace detection, communications compatibility, X-ray scanning, sensors of various types, data mining, HAZMAT clothing, network intrusion detection, bomb diffusion, remote-controlled drones -- and illustrate the enormous breadth of scientific know-how that can usefully be applied to counterterrorism. It's wrong to believe that the U.S. can conduct the research we need alone. At the Connecticut conference, the researchers presenting results included many foreigners studying at U.S. universities. Only 30 percent of the papers at CRYPTO had only U.S. authors. The most important discovery of the conference, a weakness in a mathematical function that protects the integrity of much of the critical information on the Internet, was made by four researchers from China. Every time a foreign scientist can't attend a U.S. technology conference, our security suffers. Every time we turn away a qualified technology graduate student, our security suffers. Technology is one of our most potent weapons in the war on terrorism, and we're not fostering the international cooperation and development that is crucial for U.S. security. Security is always a trade-off, and specific security countermeasures affect everyone, both the bad guys and the good guys. The new U.S. immigration rules may affect the few terrorists trying to enter the United States on visas, but they also affect honest people trying to do the same. All scientific disciplines are international, and free and open information exchange -- both in conferences and in academic programs at universities -- will result in the maximum advance in the technologies vital to homeland security. The Soviet Union tried to restrict academic freedom along national lines, and it didn't do the country any good. We should try not to follow in those footsteps. BRUCE SCHNEIER is a security technologist and chief technology officer of Counterpane Internet Security, Inc., in Mountain View. He wrote this for the Mercury News. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Mon Sep 20 08:51:51 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 20 Sep 2004 08:51:51 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: References: <414DBCE8.8024.AF06B7F@localhost> Message-ID: <414E9A27.13196.1ACD6FA@localhost> James A. Donald: > > I don't recall the American revolutionaries herding children > > before them to clear minefields, nor surrounding themselves > > with children as human shields. John Young > No, not minefields, but a good percentage of Washington's > army and that of the French, were children. Young boys were > taught the art of war as gofers and undercover spies among > the Brits. Some were caught and executed. In no way does this compare to the Iranian method for clearing minefields, or Sadr's use of five year old children as human shields. From dailyarticle at mises.org Mon Sep 20 06:08:21 2004 From: dailyarticle at mises.org (Mises Daily Article) Date: Mon, 20 Sep 2004 09:08:21 -0400 Subject: The Meaning of Security Message-ID: http://www.mises.org/fullstory.aspx?Id=1619 The Meaning of Security by Llewellyn H. Rockwell, Jr. [Posted September 20, 2004] Let's think about the word security, which has been in the news lately because the Bush administration seeks a major shift in the way funds are spent in Iraq. It wants $3 billion moved from spending on reconstruction to spending on "security." There's a political science lesson in that usage. The reason for the shift, of course, is the obvious unraveling of anything resembling civilization in Iraq: bombings, killings, mini-wars are everywhere. Whole regions of Iraq are lost to US control, and not even Baghdad is holding. Of the $18 billion congress allocated for public works, the Bush administration argues that it makes sense to divert some to bring a measure of public stability to the country. But what are we really talking about when we say "security"? It is money taken from you and me to be spent to force the Iraqi population to submit to the puppet government that rules only because of the US. It is money to pay for more police, weapons, bullets, bombs, spying, arresting, torturing, jailing, maiming, and killing. The theory is that more fear and more fear-inspiring bloodshed will tame the guerrillas and stop them from plotting more bombings, shootings, killings. The money will buy compliance, and pay the bills of those who use force to try to bring it about. Many people would be happy for an end to violence, to be sure, but the primary purpose is the protection of the state from rebels. Submission and compliance: that is what is meant by the term security in the state's lexicon. It is an interesting choice of words. Its use in public life dates at least to the advent of Social Security, a tax scheme that promises to put you on welfare in your old age in exchange for paying 14 percent of your income to support current retirees who constitute the wealthiest demographic slice of the American population. Even in this case, the term security meant compliance, as shown by the tendency of recipients to back ever more redistribution. Now we have the Department of Homeland Security, a gargantuan agency that administers foreign and domestic spying, sends hither swarms of agents to harass us at airports, conduct drills in the event that the government decides that martial law is the only option, and generally suppress any and all signs of insurrection wherever they might appear. Here too the term security means submission, control, compliance, obedience, and stability for the state. Who is this security trying to secure? We are told it is for our own benefit. It is government that makes us secure from terrible threats. And yet, if we look closely, we can see that the main beneficiary of security is the state itself. We all understand this intuitively. Let's say you know that someone is after youan ex-spouse, for exampleand threatens your very life. Would you call the Department of Homeland Security and expect a response? No, the DHS is there is protect the state, as evidence by the comparatively energetic response that a threat to the president's life would elicit. Of course, there is a need and demand for authentic security. We all seek it. We lock our doors, deter criminals with alarms, arm ourselves in case the alarms dont do it, prepare for the worst in the case of natural disaster, save for the future, and construct our professional lives in ways that minimize the chance of disadvantageous turns of events. This is what security means to us in the real world. It is not unexpected that the state would seek the same thing: security not for us but for itself and its employees. The state has a special reason to desire security: its agents are always a minority of the population, funded by eating out their substance, and its rule is always vulnerable. The more control it seeks over a population, the more its agents are wise to watch their backs. Where does that leave the rest of us in our demand for security? In the world of ideas, a vigorous debate is taking place about the extent to which private enterprise is capable of providing security, not only as a supplement but as a full replacement for state-provided security. Advocates of fully privatized security point out that in the real world, most of the security we enjoy is purchased in the private sector. Vast networks of food distribution protect against starvation, private agents guard our homes, insurance companies provide compensation in the event of unexpected misfortune, and the locks and guns and gated communities provided by private enterprise do the bulk of work for our security in the real world. In our community, we spent days preparing for what was expected to be the terrible hurricane Ivan. It didn't do much damage here, but in all the preparations, this much is clear: no one counted on the government to do anything to protect us. And no one counts on the government to do any reconstruction either. We depend entirely on our own efforts, while post-disaster clean up would have been done entirely by private contract. The message of this school of thought is that liberty and security (real security) are not opposites such that one must choose between them. They go together. Liberty is the essence of the free enterprise system that provides for all our material needs, that helps us overcome the uncertainties and contingencies of life. As for the public agencies, how do they act in a crisis? They are reduced to sending out warnings to "stay alert" and otherwise blowing big alarms as if no one can look outside their windows, listen to the radio, or check the web. This is pretty much all Homeland Security does with its laughable system of color-coded alerts. They also order us to leave our homes, search us, and threaten us with arrest if we protest. The truth is that government has less ability to protect us in an emergency than we have to protect ourselves. And despite all the propaganda you hear about brave public workers, the same was true during 9-11. The bottom line is that it represented the greatest failure of state security in a generation. That is the real lesson from that day. Iraq too demonstrates a lesson concerning public and private security. When it is politically feasible, the big mucks in Iraq choose to use private security firms to protect themselves. This was the major undertaking of its mercenaries when the US civilian government was running matters. How ironic that even the state chooses private contractors when it can. When it seeks genuine security, it too buys it on the free market. Americans have something in common with Iraqis: experience has told us that when the government promises to bring us security, it means only that it wants more control over our lives so that the state can enjoy longevity and peace at our expense. The real choice isn't between liberty and security; it is between our security and the state's. ____________________________ Llewellyn H. Rockwell, Jr., is president of the Mises Institute and editor of LewRockwell.com. rockwell at mises.org. Post comments on the blog. In response to many requests, it is now possible to set your credit-card contribution to the Mises Institute to be recurring. You can easily set this up on-line with a donation starting at $10 per month. See the Membership Page. This is one way to ensure that your support for the Mises Institute is ongoing. [Print Friendly Page] Mises Email List Services Join the Mises Institute Mises.org Store Home | About | Email List | Search | Contact Us | Periodicals | Articles | Games & Fun EBooks | Resources | Catalog | Contributions | Freedom Calendar You are subscribed as: rah at ibuc.com Manage your account. Unsubscribe here or send email to this address. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From kelsey.j at ix.netcom.com Mon Sep 20 06:44:25 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Mon, 20 Sep 2004 09:44:25 -0400 (GMT-04:00) Subject: potential new IETF WG on anonymous IPSec Message-ID: <3431740.1095687865686.JavaMail.root@grover.psp.pas.earthlink.net> >From: "Major Variola (ret)" >Sent: Sep 17, 2004 10:27 PM >To: "cypherpunks at al-qaeda.net" >Subject: Re: potential new IETF WG on anonymous IPSec >At 06:20 AM 9/17/04 +0000, Justin wrote: >>On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote: ... >>Oh, come on. Nothing can be absolutely trusted. How much security is >>enough? >>Aren't the DOD CAs trusted enough for your tastes? Of course, 'tis >>problematic for civilians to get certs from there. >DoD certs are good enough for DoD slaves. Hospital certs are good >enough for their employees. Joe's Bait Und Tackle certs are good enough >for Joe's employees. Do you think that Verislime is good enough for >you? You seem to have rediscovered the fact that crypto can move trust around, but can't create any. You have to decide to trust someone for it to be useful. The great problem with practically using this stuff is getting someone that you're comfortable trusting, who can then use crypto to move the trust around in a sensible way. The condition necessary for Verisign certificates to have a lot of trust, to me, is for the appearance of a fraudulent Verisign certificate to be a major scandal, leading to the CEO getting canned, the stock price dropping by some large fraction, and a huge fall-off of business for their CA. When that isn't the case (for the high security certs; it's clearly silly to expect it for low-security ones), the CA doesn't have as much incentive as I'd like to be careful about forgeries. You'd like the exposure of a fraudulent certificate signed by a CA to have the same kind of effect as the exposure of a bank being unable to produce the money a depositor demands. Fraudulent certificates issued for any purpose--whether furnishing fake IDs to FBI agents, or to Al Qaida terrorists, or to random Nigerian-scam operators--leave a permanent trail; the recipient of the certificate can show it around when he discovers it's fraudulent. If the last step of this protocol for the CA is "and then you go out of business," the incentives not to issue fraudulent certificates looks right. --John From kelsey.j at ix.netcom.com Mon Sep 20 07:03:57 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Mon, 20 Sep 2004 10:03:57 -0400 (GMT-04:00) Subject: Academics locked out by tight visa controls Message-ID: <17894379.1095689037533.JavaMail.root@grover.psp.pas.earthlink.net> >From: "R. A. Hettinga" >Sent: Sep 20, 2004 8:33 AM >Subject: Academics locked out by tight visa controls > >Posted on Mon, Sep. 20, 2004 >Academics locked out by tight visa controls >U.S. SECURITY BLOCKS FREE EXCHANGE OF IDEAS >By Bruce Schneier ... I guess I've been surprised this issue hasn't seen a lot more discussion. It takes nothing more than to look at the names of the people doing PhDs and postdocs in any technical field to figure out that a lot of them are at least of Chinese, Indian, Arab, Iranian, Russian, etc., ancestry. And only a little more time to find out that a lot of them are not citizens, and have a lot of hassles with respect to living and working here. What do you suppose happens to the US lead in high-tech, when we *stop* drawing in some large fraction of the smartest, hardest-working thousandth of a percent of mankind? --John From camera_lumina at hotmail.com Mon Sep 20 07:04:45 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 20 Sep 2004 10:04:45 -0400 Subject: Geopolitical Darwin Awards Message-ID: John Young wrote... >from school and fucked up parents who use you like a >beast of burden -- in every age and country. >The military has found that teenagers are better fighters >than those over 21, more malleable, patriotic, healthy, ready >to kill when told it's okay. ..... Grunts younger than 20 are >the universal soldier. Non-caucasians especially. Hum. I wonder if it's a coincidence that the US school system is such a mess. What on earth would we do if non-caucasians, especially, were equipped for some kind of opportunity? Guess we'd have to start the draft again, and folks get kinda touchy when the exemptions are a little too obvious. -TD >From: John Young >To: cypherpunks at al-qaeda.net >Subject: Re: Geopolitical Darwin Awards >Date: Sun, 19 Sep 2004 20:46:27 -0700 > >James A. Donald: > > >I don't recall the American revolutionaries herding children > >before them to clear minefields, nor surrounding themselves > >with children as human shields. > >No, not minefields, but a good percentage of Washington's >army and that of the French, were children. Young boys were >taught the art of war as gofers and undercover spies among >the Brits. Some were caught and executed. Others packed >weapons and fought like men who welcomed their foolhardy >bravery when their manly courage withered. > >Today, even the US uses children in war, 17 being the minimum >age to enlist. Others sneak in by lying about their age, some as >young as 14. Recruiters look the other way when the kids >and their parents lie. Been there, done that. Enlisted in the >army at 15, served months before being kicked out when a >relative ratted on me. Went in again at 17. That was not >uncommon then, and still is not. Good way to get away >from school and fucked up parents who use you like a >beast of burden -- in every age and country. > >The military has found that teenagers are better fighters >than those over 21, more malleable, patriotic, healthy, ready >to kill when told it's okay. Older guys and gals think for >themselves too much to charge a machine gun. A kid >thinks life will never end. That's why it's not so hard >to cultivate suicide bombers. > >Flying a $50 million plane is a piece of cake, no guts >required. Fuck those stand-off cowards in artillery, >the navy and air force. Grunts younger than 20 are >the universal soldier. Non-caucasians especially. > >No need to mention today's Africans, the pre-teens and >teens Mao used effectively, the underage North Koreans >in the Korean Conflict, and not least the Amerindians who >taught kids from puberty to make war -- boys and girls. > >It is worth pondering that older guys don't like war up >close, in fact the the further away it is the better they >like to promote it with Stallonian filmic ferocity -- witness >the current yellow-bellied administration, though hardly >the first to cry for war to be fought by disposable youngsters. > >What older soft-gutted guys in all nations like most is the >Wagnerian tragedy, the soap opera sturm and drang, of >other people's suffering and death for their loose-screw >agenda. _________________________________________________________________ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx From thegoldinvestor at gmail.com Mon Sep 20 07:23:42 2004 From: thegoldinvestor at gmail.com (Daniel S) Date: Mon, 20 Sep 2004 10:23:42 -0400 Subject: [e-gold-list] GOLDMONEY PATENTS - PROOF OF PRIOR ART EXISTS Message-ID: Take a look at a document I discovered today: http://www.itk.ntnu.no/ansatte/Andresen_Trond/finans/others/interest-free-money.txt THIS DOCUMENT WAS PUBLISHED BY Bernard A. Lietaer, July 1990 GoldMoney's patents are of no value as this document describes EXACTLY what James Turk filed as patent 3 years later. --- "This New Currency would be convertible because each of its component commodities is immediately convertible. The Central Bank would commit to deliver commodities from this basket, whose value in foreign currency equals the value of that particular basket." ***** "There are a number of practical ways by which this negative interest rate could be levied. To begin with, most of the "money" in circulation (and practically all of the New Currency that would be circulated internationally) takes the form of accounting entries in a computer somewhere, and it would be fairly simple to charge electronically the negative interest rate on these accounts." ***** "Technically, this New Currency is a combination of two concepts, usually analysed separately: stamp scrip, and currency backed by a basket of commodities." "An additional flexibility: the Central Bank could keep and trade its commodity inventories wherever the international market is most convenient for its own purposes: Zurich for gold, London for copper, New York for silver, etc." "There is even a high-tech option in the form of the "chips on a card" electronic money tested in France: money is issued in the form of an "intelligent debit card" where a computer chip is imbedded in the card." "Whenever a payment is made by inserting the card in a Point of Sale terminal, a phone, or any other device accepting the card, the credit on the card could automatically be adjusted for the time delay since the card was last debited. For smaller amounts which require a lower security level, cheaper magnetic strip cards are also available, such as the ones issued for the rapid transit systems of San Francisco, Caracas or Washington D.C., or the British and Japanese telephone authorities." Comments? --- You are currently subscribed to e-gold-list as: rah at shipwright.com To unsubscribe send a blank email to leave-e-gold-list-507998N at talk.e-gold.com Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Mon Sep 20 07:38:16 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 20 Sep 2004 10:38:16 -0400 Subject: Geopolitical Darwin Awards Message-ID: Tim wrote... > You demonstrate that point well. Hum. Spend a lot of time with binoculars, do we? How much does the FBI pay field ops these days? -TD _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From adam at homeport.org Mon Sep 20 07:50:18 2004 From: adam at homeport.org (Adam Shostack) Date: Mon, 20 Sep 2004 10:50:18 -0400 Subject: Academics locked out by tight visa controls In-Reply-To: <17894379.1095689037533.JavaMail.root@grover.psp.pas.earthlink.net> References: <17894379.1095689037533.JavaMail.root@grover.psp.pas.earthlink.net> Message-ID: <20040920145017.GA99462@lightship.internal.homeport.org> On Mon, Sep 20, 2004 at 10:03:57AM -0400, John Kelsey wrote: | >Academics locked out by tight visa controls | >U.S. SECURITY BLOCKS FREE EXCHANGE OF IDEAS | >By Bruce Schneier | | I guess I've been surprised this issue hasn't seen a lot more | discussion. It takes nothing more than to look at the names of the | people doing PhDs and postdocs in any technical field to figure out | that a lot of them are at least of Chinese, Indian, Arab, Iranian, | Russian, etc., ancestry. And only a little more time to find out that | a lot of them are not citizens, and have a lot of hassles with respect | to living and working here. What do you suppose happens to the US | lead in high-tech, when we *stop* drawing in some large fraction of | the smartest, hardest-working thousandth of a percent of mankind? Those people don't get a vote. The politicians in question will be dead and gone before the slope of the curve changes anything. Why *would* we discuss it? Adam the cynic. From rah at shipwright.com Mon Sep 20 07:57:54 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 10:57:54 -0400 Subject: The Meaning of Security Message-ID: --- begin forwarded text From rah at shipwright.com Mon Sep 20 08:01:06 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 11:01:06 -0400 Subject: [e-gold-list] GOLDMONEY PATENTS - PROOF OF PRIOR ART EXISTS Message-ID: --- begin forwarded text From rah at shipwright.com Mon Sep 20 08:05:34 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 11:05:34 -0400 Subject: VeriSecure Systems, Inc. Demonstrates Check 21 Fraud Prevention Message-ID: Search Results for Google September 20, 2004 09:00 AM US Eastern Timezone VeriSecure Systems, Inc. Demonstrates Check 21 Fraud Prevention FORT LAUDERDALE, Fla.--(BUSINESS WIRE)--Sept. 20, 2004--VeriSecure Systems(TM), Inc. announced that its Check Fraud Prevention System (CFPS) was tested under the auspices of the Financial Services Technology Consortium, whose members include the largest financial institutions in the US, as well as community banks, check clearing exchanges and other institutions. VeriSecure Systems technology was demonstrated to survive the check truncation, imaging and exchange and to offer security value throughout the process. In October of 2003, Congress passed legislation known as Check 21. This legislation becomes effective October 2004 and enables the banking industry to exchange bank check images in lieu of paper bank checks. Called "Controlling Fraud in a Truncated Check Environment", the purpose of the project was to assess the survivability, performance and viability of "next-generation" document security features in image based operations for bank checks, by conducting real life simulated exchanges among ten institutions. VeriSecure Systems employed its Check Fraud Prevention System (CFPS) for the project, which is based on its US Patent #5,432,506 "Counterfeit Document Detection System." The technology uses cryptography to create a unique code for each check. The security feature is applied as a standard printed barcode symbol by the check issuer. VeriSecure's software, developed in conjunction with Inlite Research, Inc., can provide a fully automated solution to read and validate the codes from either the actual paper documents or from the images of the documents. The software rapidly verifies the authenticity of the information printed on the checks, and identifies any alterations, thus preventing the most prevalent forms of fraud. Tom Chapman, VeriSecure's founder and the inventor of the technology said, "This project has certainly helped to demonstrate how cryptography can easily and conveniently be put to use, to validate any type of physical documents or their images. Along with fraud losses, this technology has the potential to reduce operating expenses of financial institutions as well as remittance processing for corporations." Gene Manheim, President of Inlite Research explained that "Industry standard barcodes serve as the robust foundation to secure check images, and enable innovative technologies like CFPS to provide fraud prevention across a huge range of images." Frank Jaffe, project manager for FSTC, said "Based on the results of the project, and given the magnitude of the risks of loss from check fraud, FSTC believes that financial institutions and check issuers will be well served by the adoption of these new document security features." About VeriSecure Systems The Company licenses its patented technology which is designed to verify the authenticity of physical documents and/or captured images. It is located in Plantation, Florida. (954) 401-8378 http://www.verisecuresystems.com About Inlite Research Since 1992, Inlite Research Inc. offers its Image Processing and Barcode Recognition technologies to OEMs and solution providers in markets that demand the utmost accuracy, productivity and quality in business processes. It is located in Sunnyvale, California. (408) 737-7092 http://www.inliteresearch.com About The Financial Services Technology Consortium The Financial Services Technology Consortium (FSTC.ORG) is a consortium of leading North American-based financial institutions, technology vendors, independent research organizations, and government agencies. New York, NY. (212) 461-7116 http://www.fstc.org Contacts VeriSecure Systems, Inc., Plantation, Fla. Tom Chapman, 954-401-8378 Print this Release Terms of Use | ) Business Wire 2004 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Mon Sep 20 09:42:30 2004 From: measl at mfn.org (J.A. Terranson) Date: Mon, 20 Sep 2004 11:42:30 -0500 (CDT) Subject: Geopolitical Darwin Awards In-Reply-To: <414DEC3F.327325EB@cdc.gov> References: <414DEC3F.327325EB@cdc.gov> Message-ID: <20040920114008.E15598@ubzr.zsa.bet> On Sun, 19 Sep 2004, Major Variola (ret) wrote: > (Remember the > Hiroshima bomb was *not* tested, so sure were the scientists. Trinity My understanding (and I am *positive* someone will correct me if I'm wrong) was that there was a shortage of both fissionable materials and appropriate [altimeter] fuse mechanisms, making testing a outside of enemy territory a losing proposition. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From nightwatch01 at comcast.net Mon Sep 20 12:49:05 2004 From: nightwatch01 at comcast.net (Tim) Date: Mon, 20 Sep 2004 12:49:05 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: References: Message-ID: <414F3431.9070007@comcast.net> Is there any reason other than you being stupid & anxious to offer some feeble witticism for you to wonder if "we" use binoculars often? More importantly (at least to some of us), how is that relevent to anything? Tyler Durden wrote: > Tim wrote... > >> You demonstrate that point well. > > > Hum. Spend a lot of time with binoculars, do we? How much does the FBI > pay field ops these days? > > -TD From rah at shipwright.com Mon Sep 20 09:57:48 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 12:57:48 -0400 Subject: 'Motel Six' squad scans guest activity Message-ID: L.A. Daily News - News Leaving no room for crime 'Motel Six' squad scans guest activity By Jason Kandel Staff Writer Motel Six, LAPD-style, has made a name for itself by checking out who's checking in. A half-dozen officers assigned to a squad nicknamed Motel Six are credited with the arrests of more than 100 felony and misdemeanor offenders by raiding motels across the San Fernando Valley for the past seven weeks. They've picked up suspected sex offenders, parole violators and fugitives in crime-plagued motels lining Sepulveda and Ventura boulevards and other thoroughfares. The Valley operation has become a model program that Chief William Bratton might expand citywide. "It's much more easy to hide in a motel than in your neighborhood," said Valley Bureau Cmdr. Valentino Paniccia, who handpicked the sergeant and five officers for the team. "Guns, violence, drugs, identity theft, computers -- they get free electricity, a base of operations, concealment, mobility. They can move from day to day." Long considered by police as hotbeds of prostitution, motels offer cheap rent and easy access to freeways, and can become a base of operation for felons to manufacture forged identity cards and carry out big drug deals -- and hide out from the cops. "They're becoming more enterprising, and they're fanning out," said Assistant Chief George Gascon, who oversees department operations. "They're becoming more businesslike." The six-member unit was formed after police noted an increase in violence at local motels, including last year's slaying of Burbank police Officer Matthew Pavekla in a gunbattle in the parking lot of the local Ramada Inn. Just last year, Craigor Lee Smith -- suspected of being the "Yellow Tooth Bandit" who held up dozens of Valley motels -- was fatally shot in a police standoff outside an Encino restaurant. In 2002, police caught a murder suspect who had been living out of his car parked in a lot at a North Hollywood motel. The Motel Six patrol checks parking lots, running license plates through police car computer terminals and getting instantaneous information about the registered owners. They then can check the information against guest registers and knock on doors, often turning up weapons, large amounts of cash, drugs and associatedparaphernalia. "The law allows for us to examine the registers," said Capt. James Miller, head of the Van Nuys Division, who had expressed concern about suspects' privacy rights while the project was still in the planning stages. "Running a license plate to see if it's a stolen vehicle or if there's a warrant has been recognized by the courts for a long time." The Motel Six program dovetails with efforts by the City Attorney's Office to shut down problem motels under the city's nuisance-abatement laws. The city attorney has a dozen open cases involving Valley motels where narcotics and prostitution have been problems. "We're going to be working closely with (the motel squad)," said Deputy City Attorney Colleen Courtney, a neighborhood prosecutor for the West Valley and North Hollywood areas. "We know that city resources are limited. This is an effective approach." Officials with the California Hotel & Motel Association applaud the LAPD's efforts. "Innkeepers should view the police as one of their best friends and resources, always," said Jim Abrams, the executive vice president of association, the nation's largest state lodging industry trade organization with more than 1,750 members. "Innkeepers and the cops need to work together." Mike Barry, the manager at the Mission Hills Inn, also appreciates the efforts of the Motel Six patrol. Earlier this month, the squad raided a room at the motel and arrested Joseph Romagnano, 32, on drug charges. They also seized methamphetamine, marijuana and more than $11,000. "From time to time, we get bad people in here," Barry said. "We try to screen our guests as much as we can, but still they can check in with different IDs. When the police come and take them away, we're really happy." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From nightwatch01 at comcast.net Mon Sep 20 13:51:32 2004 From: nightwatch01 at comcast.net (Tim) Date: Mon, 20 Sep 2004 13:51:32 -0700 Subject: Geopolitical Darwin Awards In-Reply-To: References: Message-ID: <414F42D4.2020608@comcast.net> Tyler Durden wrote: > "Tim" wrote... > >> Is there any reason other than you being stupid & anxious to offer >> some feeble witticism for you to wonder if "we" use binoculars >> often? More importantly (at least to some of us), how is that >> relevent to anything? > > > ...so that would be a yes, then? It's a no, which sure seems to be your answer to my first question. > > I'm always interested in sniffing out contributing FEDs...it helps to > determine whether you really believe what you're saying, or whether > it's just part of your job. I'm guessing that your email "nightwatch" > is also indicative of the latter. I've said so very little here, but I do believe everything I've "said." I'm still at a loss as to how what little I've said (written) here would allow any reasonable person to start assuming or even guessing that I use binoculars frequently and that I must be some sort of "FED." In fact, I don't think a responable person could assume that, but then, from what I've seen of this forum so far, it's set up for venting obnoxious political diatribes based on dumb/paranoid assumptions ('He made an unfavorable, on-point response to John Young, therefore, he's probably a FED!') & guesses, not reasonable, intellectual discourse. Your 'Nightwatch' speculation is rather amusing too. I won't humiliate & confuse you with the truth. Thanks for the dance! It was....educational, but now I'm bored of going in circles. :) > > -TD From jim.salters at fstc.org Mon Sep 20 12:06:35 2004 From: jim.salters at fstc.org (Jim Salters) Date: Mon, 20 Sep 2004 15:06:35 -0400 Subject: FSTC Project Update Message-ID: From lynn at garlic.com Mon Sep 20 15:07:55 2004 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Mon, 20 Sep 2004 16:07:55 -0600 Subject: Academics locked out by tight visa controls In-Reply-To: <17894379.1095689037533.JavaMail.root@grover.psp.pas.earthl ink.net> References: <17894379.1095689037533.JavaMail.root@grover.psp.pas.earthlink.net> Message-ID: <6.1.2.0.2.20040920153228.0676a870@mail.comcast.net> At 08:03 AM 9/20/2004, John Kelsey wrote: >I guess I've been surprised this issue hasn't seen a lot more >discussion. It takes nothing more than to look at the names of the people >doing PhDs and postdocs in any technical field to figure out that a lot of >them are at least of Chinese, Indian, Arab, Iranian, Russian, etc., >ancestry. And only a little more time to find out that a lot of them are >not citizens, and have a lot of hassles with respect to living and working >here. What do you suppose happens to the US lead in high-tech, when we >*stop* drawing in some large fraction of the smartest, hardest-working >thousandth of a percent of mankind? in '94 there was report (possibly sjmn?) that said at least half of all cal. univ. tech. PHDs were awarded to foreign born. during some of the tech green card discussions in the late '90s ... it was pointed out that the internet boom (bubble) was heavily dependent on all these foreign born .... since there was hardly enuf born in the usa to meet the demand. in the late 90s there were some reports that many of these graduates had their education paid by their gov. with directions to enter an us company in strategic high tech areas for 4-8 years .... and then return home as tech transfer effort. i was told in the late 90s about one optical computing group in a high tech operation .... where all members of the group fell into this category (foreign born with obligation to return home after some period). another complicating factor competing for resources during the late 90s high-tech, internet boom (bubble?) period was the significant resource requirement for y2k remediation efforts. nsf had recent study on part of this http://www.nsf.gov/sbe/srs/infbrief/ib.htm graduate enrollment in science and engineering fields reaches new peak; 1st time enrollment of foreign students drops http://www.nsf.gov/sbe/srs/infbrief/nsf04326/start.htm -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ From camera_lumina at hotmail.com Mon Sep 20 13:21:22 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 20 Sep 2004 16:21:22 -0400 Subject: Geopolitical Darwin Awards Message-ID: "Tim" wrote... > Is there any reason other than you being stupid & anxious to offer some >feeble witticism for you to wonder if "we" use binoculars often? More >importantly (at least to some of us), how is that relevent to anything? ...so that would be a yes, then? I'm always interested in sniffing out contributing FEDs...it helps to determine whether you really believe what you're saying, or whether it's just part of your job. I'm guessing that your email "nightwatch" is also indicative of the latter. -TD _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From camera_lumina at hotmail.com Mon Sep 20 14:24:40 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 20 Sep 2004 17:24:40 -0400 Subject: Geopolitical Darwin Awards Message-ID: > It's a no, which sure seems to be your answer to my first question. OK, I understand the "stupid" part, but not the "anxious" part. Should I be concerned about your interest in Cypherpunks? >('He made an unfavorable, on-point response to John Young, On-point? It sounded like a mere insult, without zero substance behind it. In general, I have found that Cypherpunks knock the CRAP out of each other (kind of a 'Fight Club'), but most of the swipes are backed with a lot of logic and facts. I saw nether in your little post, so in the context of your long-term contributions, I thought I'd give you the sniff-test. As of right now, there's the faint smell of shit in the air. >speculation is rather amusing too. I won't humiliate & confuse you with >the truth. That better not be a reference to King Crimson. As leader of the Cypherpunks (I am declaring my leadership right now effective for the duration of this post), I hereby FORBID you to listen to King Crimson. Please keep your ears on Yes/Gentle Giant/Jethro Tull and so on. > Thanks for the dance! It was....educational, but now I'm bored of going >in circles. :) I've seen that "I'm bored" comment many times on the Internet. I'll translate for you: "I want to continue to take baseless swipes at opinionated list members, but now that you've called me on it I really don't want to have to defend what I'm saying, so I'll stop posting until you've forgotten about this incident." Gotcha. -TD _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From mv at cdc.gov Mon Sep 20 20:11:30 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 20 Sep 2004 20:11:30 -0700 Subject: Geopolitical Darwin Awards Message-ID: <414F9BE2.BEFC4DC1@cdc.gov> At 04:57 PM 9/19/04 -0700, James A. Donald wrote: >But the Saudi Arabian elite, of among which Bin Laden was born with a >silver spoon in his mouth, are not getting screwed over. 1. you don't get religion 2. UBL's mom was a low-caste yemeni, dig? From mv at cdc.gov Mon Sep 20 20:12:28 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 20 Sep 2004 20:12:28 -0700 Subject: Geopolitical Darwin Awards Message-ID: <414F9C1C.C4D5B344@cdc.gov> At 05:07 PM 9/19/04 -0700, James A. Donald wrote: > >I don't recall the American revolutionaries herding children >before them to clear minefields, nor surrounding themselves >with children as human shields. The yank minutemen were not above taking children as soldiers, any more than Dan'l Boone was above taking a 14 year old as a wife. From jason at lunkwill.org Mon Sep 20 13:14:14 2004 From: jason at lunkwill.org (Jason Holt) Date: Mon, 20 Sep 2004 20:14:14 +0000 (UTC) Subject: The internment taboo In-Reply-To: Message-ID: A related book on MAGIC and the Japanese internment is "MAGIC: The untold story of U.S. Intelligence and the evacuation of Japanese residents from the West Coast during WW II". Website here: http://www.athenapressinc.com/ Some of the folks involved in that project also set up this site, which has scans of a lot of relevant primary sources: http://www.internmentarchives.com/ -J From mv at cdc.gov Mon Sep 20 20:14:25 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 20 Sep 2004 20:14:25 -0700 Subject: Geopolitical Darwin Awards Message-ID: <414F9C91.2375E1DD@cdc.gov> At 08:46 PM 9/19/04 -0700, John Young wrote: >Today, even the US uses children in war, 17 being the minimum >age to enlist. Others sneak in by lying about their age, some as >young as 14. Recruiters look the other way when the kids >and their parents lie. Been there, done that. Enlisted in the >army at 15, served months before being kicked out when a >relative ratted on me. Went in again at 17. Not that it matters, but you have tipped your motivations far more than your bailey-bridge erections... Still, good things come from twisted sources... look at the GNU projekts :-) From mv at cdc.gov Mon Sep 20 20:19:30 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 20 Sep 2004 20:19:30 -0700 Subject: Geopolitical Darwin Awards Message-ID: <414F9DC2.A609BBCE@cdc.gov> At 11:42 AM 9/20/04 -0500, J.A. Terranson wrote: >On Sun, 19 Sep 2004, Major Variola (ret) wrote: > >> (Remember the >> Hiroshima bomb was *not* tested, so sure were the scientists. Trinity > >My understanding (and I am *positive* someone will correct me if I'm >wrong) was that there was a shortage of both fissionable materials and >appropriate [altimeter] fuse mechanisms, making testing a outside of enemy >territory a losing proposition. Fissiles were expensive, still are, but the design of U-gun is better (if you can afford the enrichment) because of U's lower spontaneous fission rate, ie fewer spare neutrons to spoil the fun. Even pure Pu-239, the result of short irradiation, has a problem with premature ejaculation. From rah at shipwright.com Mon Sep 20 17:33:23 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 20:33:23 -0400 Subject: FSTC Project Update Message-ID: --- begin forwarded text From mv at cdc.gov Mon Sep 20 20:39:38 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 20 Sep 2004 20:39:38 -0700 Subject: But they were using 3DES! Message-ID: <414FA279.B38E140@cdc.gov> September 20, 2004 ATM Stolen in Third Such Theft in a Month An automated teller machine was stolen from a gas station early Sunday, the third such theft in Orange County since mid-August, police said. The machine was stolen from an Arco just before 4 a.m., using the same method as in the earlier incidents, sheriff's Lt. Ted Boyne said. "They come, and in 30 seconds, they have the ATM in back of an SUV." http://www.latimes.com/news/local/orange/la-me-ocbriefs20.2sep20,1,6358360.story?coll=la-editions-orange Moral of the story: do the math. From rah at shipwright.com Mon Sep 20 18:09:10 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 21:09:10 -0400 Subject: AOL to Sell Secure ID Tags to Fight Hackers Message-ID: Reuters AOL to Sell Secure ID Tags to Fight Hackers Mon Sep 20, 2004 06:18 PM ET NEW YORK (Reuters) - America Online will begin offering to sell members a security device and service that has been used to safeguard business computer networks, the world's largest Internet service provider said on Monday. AOL, a unit of Time Warner Inc. (TWX.N: Quote, Profile, Research) , signed a deal with Internet security company RSA Security Inc. (RSAS.O: Quote, Profile, Research) , to launch its new AOL PassCode, designed to add an additional layer of protection to member accounts. PassCode users will be provided with a small handheld six-digit numeric code key. To log onto an AOL account equipped with the service, users will have to type in the six-digits, which refresh on the device every 60 seconds, on top of using the regular password. The code-key device will cost $9.95. Monthly service costs range from $1.95 to $4.95. "AOL PassCode is like adding a deadbolt to your AOL account by automatically creating a new secondary password every 60 seconds," said Ned Brody, senior vice president of AOL Premium Services. Hackers coined the term "phishing" in 1996 to refer to the act of swindling unsuspecting AOL customers into giving up their passwords through phony e-mails or instant messages. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Mon Sep 20 21:21:35 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 20 Sep 2004 21:21:35 -0700 Subject: Geopolitical Darwin Awards Message-ID: <414FAC4F.55680924@cdc.gov> t 11:38 PM 9/20/04 -0400, R. A. Hettinga wrote: >At 8:11 PM -0700 9/20/04, Major Variola (ret) wrote: >>2. UBL's mom was a low-caste yemeni, dig? > >Actually, UBL's *dad* was a low-caste Yemeni, too. > >And your point is? That you can be wealthy and still find something of the underdog in you, which you can resublimate... >-- Islam is a dead >religion. It just doesn't know it yet. Lets hope that's true for all of them... From rah at shipwright.com Mon Sep 20 20:38:25 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 23:38:25 -0400 Subject: Geopolitical Darwin Awards In-Reply-To: <414F9BE2.BEFC4DC1@cdc.gov> References: <414F9BE2.BEFC4DC1@cdc.gov> Message-ID: At 8:11 PM -0700 9/20/04, Major Variola (ret) wrote: >At 04:57 PM 9/19/04 -0700, James A. Donald wrote: > >>But the Saudi Arabian elite, of among which Bin Laden was born with a >>silver spoon in his mouth, are not getting screwed over. > >1. you don't get religion >2. UBL's mom was a low-caste yemeni, dig? Actually, UBL's *dad* was a low-caste Yemeni, too. And your point is? Like all cultural components, religion is about the allocation of scarce resources. War is the penultimate form of this kind of allocation. In fact, the actual content of religion is immaterial, except where it affects the ability of a culture to raise the resources to fight a *war*, which, as Hanson puts it so nicely in "Carnage and Culture", is everything. Because of its inability to raise the resources to fight a modern war -- capital (by several orders of magnitude, go look at a map with GDP superimposed), and, most important the freedom to create new *science* to produce that capital with, virtually out of thin air -- Islam is a dead religion. It just doesn't know it yet. UBL, and the entire Islamic culture, will eventually go the way of Hannibal and Carthage. Carthage sacrificed children to their gods too. Go for it, I say... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Sep 20 20:39:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 20 Sep 2004 23:39:39 -0400 Subject: Geopolitical Darwin Awards In-Reply-To: <414F9C1C.C4D5B344@cdc.gov> References: <414F9C1C.C4D5B344@cdc.gov> Message-ID: At 8:12 PM -0700 9/20/04, Major Variola (ret) wrote: >The yank minutemen were not above taking children as soldiers, >any more than Dan'l Boone was above taking a 14 year old as >a wife. That's more a definition of "adult", than anything else. If they're old enough to blee-... Oh, forget it... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Tue Sep 21 00:33:24 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 21 Sep 2004 09:33:24 +0200 (CEST) Subject: Geopolitical Darwin Awards In-Reply-To: <414DBCE8.8024.AF06B7F@localhost> References: <414C377F.28424.4FF1284@localhost> <414DBCE8.8024.AF06B7F@localhost> Message-ID: <0409210928130.0@somehost.domainz.com> On Sun, 19 Sep 2004, James A. Donald wrote: > I don't recall the American revolutionaries herding children > before them to clear minefields, nor surrounding themselves > with children as human shields. Using children to clear minefields has its logic. They are often not heavy enough to trigger the mine, and they often fear less, which both makes them more successful and more willing to do the job. From eugen at leitl.org Tue Sep 21 03:12:23 2004 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 21 Sep 2004 12:12:23 +0200 Subject: Geopolitical Darwin Awards In-Reply-To: <414F9DC2.A609BBCE@cdc.gov> References: <414F9DC2.A609BBCE@cdc.gov> Message-ID: <20040921101223.GG1457@leitl.org> On Mon, Sep 20, 2004 at 08:19:30PM -0700, Major Variola (ret) wrote: > fission rate, ie fewer spare neutrons to spoil the fun. Even pure > Pu-239, > the result of short irradiation, has a problem with premature > ejaculation. So use a tritium-boosted fission nuke. Not as hard to do a true fusion device. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From folympiagroupm at olympiagroup.com Tue Sep 21 09:07:13 2004 From: folympiagroupm at olympiagroup.com (Olga Hemphill) Date: Tue, 21 Sep 2004 16:07:13 +0000 Subject: Have a pleasure of being confident Message-ID: <553872179.02607371031385@olympiagroup.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 811 bytes Desc: not available URL: From annoucement at computeradmin.org Tue Sep 21 10:27:41 2004 From: annoucement at computeradmin.org (Admin) Date: Tue, 21 Sep 04 17:27:41 GMT Subject: ADV: Announcement To All Staff Message-ID: <4u4$-$7$9$-7$s$0oym70n687@3g2fz8bt176> Attention All Nonprofit Organizations: Members, Staff and Associates: You Must Respond By 5 P.M. Wednesday, September 22, 2004. Through a special arrangement, Avtech Direct is offering a limited allotment of BRAND NEW, top of-the-line, name-brand desktop computers at more than 50% off MSRP to all Nonprofit Members and Staff, who respond to this message before 5 P.M., Wednesday, September 22, 2004. All desktop are brand-new, packed in their original boxes, and come with a full manufacturer's warranty plus a 100% satisfaction guarantee. These professional grade Desktops are fully equipped with 2004 next generation technology, making these the best performing computers money can buy. Avtech Direct is offering these feature rich, top performing Desktop Computers with the latest Intel technology at an amazing price to all who call: 1-800-884-9510 by 5 P.M. Wednesday, September 22, 2004 The fast and powerful AT-2400 series Desktop features: * Intel 2.0Ghz Processor for amazing speed and performance * 128MB DDR RAM, --- Upgradeable to 1024 * 20 GB UDMA Hard Drive, --- Upgradeable to 80 GB * 52X CD-Rom Drive, --- Upgradeable to DVD/CDRW * 1.44 Floppy disk drive * Next Generation Technology * ATI Premium video and sound * Full Connectivity with Fax modem/Lan/IEE 1394/USB 2.0 * Soft Touch Keyboard and scroll mouse * Internet Ready * Network Ready * 1 Year parts and labor warranty * Priority customer service and tech support MSRP $699 ........................................ Your Cost $297 How to qualify: 1. You must be a Member, Staff or Associate of a Nonprofit. 2. All desktop computers will be available on a first come first serve basis. 3. You must call 1-800-884-9510 by 5 P.M. Wednesday, September 22, 2004 and we will hold the desktops you request on will call. 4. You are not obligated in any way. 5. 100% Satisfaction Guaranteed. Call Avtech Direct 1-800-884-9510 before 5 P.M. Wednesday, September 22, 2004 Visit our website at http://www.avtechdirectcomputers.com If you wish to unsubscribe from this list, please go to: http://www.computeradvice.org/unsubscribe.asp Avtech Direct 22647 Ventura Blvd., Suite 374 Woodland Hills, CA 91364 From rah at shipwright.com Thu Sep 23 06:10:14 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 23 Sep 2004 09:10:14 -0400 Subject: Hack Attack Gums Up Authorize.Net Message-ID: Wired News Hack Attack Gums Up Authorize.Net By Noah Shachtman Story location: http://www.wired.com/news/infostructure/0,1377,65039,00.html 01:56 PM Sep. 21, 2004 PT Hackers have crippled one of the internet's biggest credit card processors, and tens of thousands of online merchants are losing business while the company struggles to recover. Since last Wednesday, Authorize.Net has been relentlessly pounded by distributed denial of service, or DDoS, attacks. The massive, coordinated waves of internet traffic have repeatedly overwhelmed the company's servers. Authorize.Net's customers have had to improvise: Some are confirming their credit card orders over the phone, others have gone with little or no sales for nearly a week. "I'm losing four grand a day in revenue," said David Hoekje, president of PartsGuy.com, an online heating and air conditioning parts dealer. "My year is a bell curve, and we're on the upwards slope now. This is 5 percent of my year, gone." As of Tuesday afternoon, there still seemed to be no end in sight to the hacker strikes against Authorize.Net. Security experts say that there's little a company can do to defend itself against these kinds of attacks. But company officials insist they're trying. "We're actively trying to deal with it. And we're working hard to minimize the disruptions to our merchants," Authorize.Net marketing director David Schwartz said. The company has turned to the FBI, as well as outside consultants, for help, he added. With about 90,000 customers, Authorize.Net is one of the internet's best-known, most widely used credit card processing services, focusing mostly on smaller merchants. Earlier this year, the firm was bought by the Burlington, Massachusetts, online payment and fraud-detection firm Lightbridge for $82 million. But since the sale, Lightbridge has been hit by a series of body blows. In August, CEO Pamela Reeve resigned; last week, the company announced it was laying off 65 people -- a 12 percent cut in its workforce. And now, "these unforeseen and malicious DDoS attacks," as a company message called them. "We know how hard it is," said Michael Adberg, co-founder of WeaKnees.com. The site, which sells TiVo upgrades and DirecTV installations, was itself the target of a DDoS attack last October. "But we're surprised that such a large company wasn't better prepared than we were." He added, "They have really let us down." For the moment, Adberg and his associates have been phoning customers who place orders over the website, confirming their information and only later processing their payments with Authorize.Net. "But there will be a few customers who we'll ship their orders, and we won't charge them," Adberg said. "Maybe 10 percent will slip through the cracks." The lost revenue is only part of the problem, however. Even if sales are saved, the company image can be scuffed by such a move. "Imagine placing an order with Amazon, but not being able to pay online, and then having to call a customer support person so they can charge you," said a network chief at one of Authorize.Net's customers. The payment processor has been able to take care of some transactions, through slight modifications to its domain name. But these tactics have only been partially effective. And, in the long run, wholesale changes to web addresses are bad for business, explains Drew Copley, a senior research engineer at eEye Digital Security. "You can lose money, lose customers, because they can't find you." Information from attacking PCs can be slowed down; internet protocol addresses of other offending computers can be blocked. But, in the face of a large-scale strike, there's little that can be done, observed Copley, who built one of the first DDoS tools for Windows. "When you get 10,000, 50,000 computers all firing at once, for attacks like that, there is no simple solution," he added. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From fw at deneb.enyo.de Thu Sep 23 14:50:19 2004 From: fw at deneb.enyo.de (Florian Weimer) Date: Thu, 23 Sep 2004 23:50:19 +0200 Subject: AOL to Sell Secure ID Tags to Fight Hackers In-Reply-To: (R. A. Hettinga's message of "Mon, 20 Sep 2004 21:09:10 -0400") References: Message-ID: <87llf0bqp0.fsf@deneb.enyo.de> * R. A. Hettinga: > PassCode users will be provided with a small handheld six-digit numeric > code key. > > To log onto an AOL account equipped with the service, users will have to > type in the six-digits, which refresh on the device every 60 seconds, on > top of using the regular password. AOL appears to allow you to disable PassCode for your account, so this is only of limited usability against phishing scams. AOL even fails to stress that you must never enter the PassCode serial number during the normal login process. 8-( --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Sat Sep 25 08:30:04 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 25 Sep 2004 11:30:04 -0400 Subject: Passports: al-Qaeda's terror weapons Message-ID: ABS-CBNNEWS.COM Sunday, August 1, 2004 11:31 PM Passports: al-Qaeda's terror weapons Vienna, Austria - They're just little embossed rectangles in burgundy, forest green or navy blue, but they can lay a nation bare to a terrorist plot. Passports, not box cutters or even jetliners, may be al-Qaeda's most powerful weapons. Stolen and legitimate, doctored and untouched, they have enabled Osama bin Laden's network and other terror groups to plan and carry out attacks worldwide. In its final report, the US commission investigating the Sept.11 attacks touts high-tech biometric passports, still in the developmental stage, and better border guard training as key ways to tighten the United States' defenses. But antiterrorism experts, mindful of the ingenuity demonstrated by Islamic militants, told The Associated Press they feel humbled and helpless. "One of the hidden criticisms [in the report] is that not only were we not prepared on Sept. 11, but the measures we've taken from Sept. 11 to today have not improved the matter that much," said Michael Greenberger, who was a Justice Department official during the Clinton administration. "Our databases are a mess. Change a person's middle initial and he doesn't show up," said Greenberger, who now directs the University of Maryland's Center for Health and Homeland Security. "By and large, we've not been terribly successful." The commission offers no argument. "No one can hide his or her debt by acquiring a credit card with a slightly different name," said its report, released last week. "Yet today, a terrorist can defeat the link to electronic records by tossing away an old passport and slightly altering the name in the new one." Conceding it has only "fragmentary" evidence of the travels of the Sept. 11 organizers and hijackers, the commission's 567-page report nonetheless is packed with detailed accounts of how the terrorists obtained and modified the passports that got them into the United States. A key panel recommendation points up the seriousness of the threat: "Targeting travel is at least as powerful a weapon against terrorists as targeting their money. The United States should combine terrorist travel intelligence, operations, and law enforcement in a strategy to intercept terrorists, find terrorist travel facilitators, and constrain terrorist mobility." That, experts say, is far easier said than done. "If you have someone who is determined to evade immigration controls, they'll do it -- or at least they'll have a good chance," said Alex Standish, editor of Jane's Intelligence Digest. "I don't see any evidence to suggest that we've had any success in making [al-Qaeda] any less of a threat." Al-Qaeda once brazenly operated its own passport office at the airport in Kandahar, Afghanistan, where the group "altered papers, including passports, visas and identification cards" before the Sept. 11 attacks on the World Trade Center and the Pentagon, the commission notes. Although the US-led war in Afghanistan ended such Taliban-protected operations, there are plenty of terrorists worldwide who are skilled in doctoring documents, the panel warns. It says al-Qaeda and others have refined half a dozen simple yet highly effective techniques. Among the most popular is obtaining stolen passports, which authorities say are available on a lucrative black market that stretches from Eastern Europe to Southeast Asia and South Africa. There are up to 10 million lost or stolen passports in circulation worldwide, according to Interpol estimates. "You can find all sorts of fake passports in the Balkans, including stolen or fake American documents, a former high-ranking police official in Serbia told AP on condition of anonymity.Experts say they're being sold for as little as US$75, although US passports can fetch US$3,000 or more. Al-Qaeda militants and other terrorists intercepted in Europe had obtained South African passports they apparently got from crime syndicates operating within the government agency that issues the documents, officials disclosed to AP last week. Another commonly used technique involves adding or removing visa cachets and entry and exit stamps. By doing so, experts say, terrorists can delete any evidence of their travel to suspicious destinations such as Afghanistan or Pakistan. They also can create false trails to throw authorities off track. Two of the Sept. 11 hijackers, Nawaf al Hazmi and Khalid al Mihdhar, apparently flew to Bangkok because "they thought it would enhance their cover as tourists to have passport stamps from a popular tourist destination such as Thailand," the commission says. Some simply would turn in passports filled with suspicion-arousing visas and stamps from countries where al-Qaeda operated -- even if the documents were still valid for another year -- and get new, clean ones. Fourteen of the 19 suicide hijackers, exhorted by Sept. 11 mastermind Khalid Sheikh Mohammed, obtained new passports. Others work to acquire as many passports as possible, reasoning that a Canadian or Belgian passport is less likely to prompt scrutiny from US border guards than one from Saudi Arabia. In one case cited by the commission, convicted terrorist Ahmed Ressam obtained a blank baptismal certificate that a document vendor had stolen from a Roman Catholic Church in Montreal, and used it to get a genuine Canadian passport. Saudi hijackers had a problem: If they traveled to Afghanistan via Pakistan, and the Pakistanis stamped their passports, they risked having them confiscated back in Saudi Arabia. "So operatives either erased the Pakistani visas from their passports or traveled through Iran, which did not stamp visas directly into passports," the commission says. Tehran has angrily denied any complicity in the Sept. 11 attacks, even though the panel contends up to 10 of the hijackers passed through Iran en route to the United States. Al-Qaeda operative Tawfiq bin Attash indicated that Malaysia repeatedly was used as a place to plot attacks "because its government did not require citizens of Saudi Arabia or other Gulf states to have a visa." Bin Attash, better known as Khallad, helped bomb the USS Cole in Yemen in October 2000, killing 17 American sailors. Greenberger is among many pushing for the swift consolidation of travel databases "so these names start popping up." He and others also are pressing for the introduction of supposedly tamper-proof biometric passports that will contain digital photographs and fingerprints. The European Union agreed in March to fast track the inclusion of biometric data in passports by the end of 2006. Belgium has vowed to be among the first by introducing its new travel documents next year, and Austria, Denmark and Slovenia have developed working prototypes. "We've got to adopt the technology and get away from purely paper documents," Greenberger said. "Nothing is going to be foolproof, but by altering the technology, I think it's possible to raise our defenses," he said. "The harder we make it to forge documents, the greater our gains in protecting the borders. You're really upping the ante." But Standish, of Janes' Intelligence Digest, is skeptical. "The basic problem is that if a document of any kind can be produced, it can be falsified or forged," he said. "As an IRA terrorist once famously said to the authorities: `You have to be lucky all the time. I only have to be lucky once."' -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Sat Sep 25 17:32:19 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 25 Sep 2004 20:32:19 -0400 Subject: Now we are 8 (and this token proves it) Message-ID: The Register Biting the hand that feeds IT The Register » Security » Identity » Original URL: http://www.theregister.co.uk/2004/09/24/verisign_age_verification_token/ Now we are 8 (and this token proves it) By Thomas C Greene (thomas.greene at theregister.co.uk) Published Friday 24th September 2004 14:02 GMT VeriSign announced a new USB token that verifies the ages and sexes of children using a computer, and claimed that this will make it easier for innocent sprouts to avoid online predators, Reuters reports. "Chatroom lurkers who can't prove their age will stick out like sore thumbs as more kids adopt the tokens," the wire service explained. The so-called i-Stik USB token will provide verification of a child's age and sex. School administrators will provide lists of students, with their dates of birth and sexes, and VeriSign will encode that information onto the i-Stick tokens. The scheme will begin with a handful of schools for testing this Fall, and, if all goes according to plan, be extended to thousands of schools starting next Spring. That is, assuming its glaring flaws don't become painfully evident by that time. Most obviously, the token will not verify age or sex of the person using it, but only of the person to whom it was issued. Anyone might be using it, and no doubt paedos will be scrambling to get their hands on one of their own, either through loss, theft, or bribery. Once the tokens become popular and widely available, one can expect a brisk trade in them on paedo bulletin boards. (Naturally, the Feds will have to be supplied with plenty of these gizmos, so that they can spend their days hanging out in kids' chatrooms with better cover.) Meanwhile, parents will be lulled further into foolish notions that an Internet-connected PC makes for an adequate electronic babysitter. The Internet is adult space, and there is no substitute for parental supervision. If this scheme does anything to produce a false sense of security among parents, then it's worse than nothing; it's actually dangerous. One thing that the tokens will be good for is online marketing to children. Marketers will be able to get a more accurate sense of the ages and sexes of young visitors to various online venues, and target them more precisely. It will also make for decent PR and corporate image-making for VeriSign, suggesting that the company takes the safety of children seriously. Most importantly, it will produce a nice revenue stream from a basically worthless product that school districts will purchase with tax dollars. In all, it's a win/win gimmick and publicity stunt, so long as child safety is not a criterion for judging its success. ® Thomas C Greene is the author of Computer Security for the Home and Small Office (http://basicsec.org), a comprehensive guide to system hardening, malware protection, online anonymity, encryption, and data hygiene for Windows and Linux. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Sat Sep 25 18:03:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 25 Sep 2004 21:03:27 -0400 Subject: Mystification of Identity: You Say Yusuf, I Say Youssouf... Message-ID: Gilmore, et al., are right, as always. If you've been all-but cavity-searched -- okay, virtually cavity-searched, given the state of modern X-Ray airport passenger scanning technology -- and you don't have a weapon, exactly *how* is knowing *who* you are going to affect your ability to hijack an airplane? I see nothing but the continuation of the privatization of air travel from all this nonsense. More NetJet owners, more Marquis Card-carrying business travellers, more investment capital for companies like Eclipse Aviation. Geodesic aviation, anyone? ;-) Cheers, RAH ------- TIME.com Print Page: Nation -- Saturday, Sep. 25, 2004 You Say Yusuf, I Say Youssouf... The Cat Stevens incident has its origins in a spelling mistake By SALLY B. DONNELLY The Yusuf Islam incident earlier this week, in which the former Cat Stevens was denied entry into the U.S. when federal officials determined he was on the government's "no-fly" antiterror list, started with a simple spelling error. According to aviation sources with access to the list, there is no Yusuf Islam on the no-fly registry, though there is a "Youssouf Islam." The incorrect name was added to the register this summer, but because Islam's name is spelled "Yusuf" on his British passport, he was allowed to board a plane in London bound for the U.S. The Transportation Safety Administration alleges that Islam has links to terrorist groups, which he has denied, British foreign minister Jack Straw said the TSA action "should never have been taken." The incident points up some of the real problems facing security personnel as they try to enforce the "no-fly" list. One issue is spelling; many foreign names have several different transliterations into English. And the sheer size of the list is daunting; thousands of names have been added in the last couple months, says one government official, bringing the total up to more than 19,000 people to look out for. That makes it difficult for airlines and government agencies to check all passengers. Within the past six months, several people on the no fly list have been mistakenly allowed to fly. Still, the TSA is learning. It recently acknowledged that a Federal Air Marshall, unable to fly for weeks when his name was mistakenly put on the "no-fly" list, was in fact not a threat, and removed his name from the list. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Sun Sep 26 15:57:21 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 26 Sep 2004 18:57:21 -0400 Subject: Under the hood of FIPS 140-2 Validations Message-ID: : CR80 News Under the hood of FIPS 140-2 Validations Sunday, September 26 2004 by John Morris, president and co-founder of Corsec Security, Inc. In our last article (SecureIDNews, August 2004) we covered what FIPS 140-2 and Common Criteria are at a high level. We introduced you to what these standards are, why we need them, who the players are, what the process is, as well as some of the common terms that you will need to know along the way. Now let's delve into what's actually involved in getting FIPS 140-2. In the next article, we'll do the same for Common Criteria. What is FIPS 140-2 again? As we learned last time, FIPS 140-2 dictates that the cryptographic parts of a product are designed, documented, and can be operated in a secure manner to the government's satisfaction. So FIPS 140-2 is a standard mandated for US federal government purchases, strictly enforced in Canada, and followed in various forms by many other governments worldwide. Widely adopted among financial institutions, the standard is becoming an international mark for cryptographic quality. But who sets the rules and who measures results? FIPS 140-2 is short for "Federal Information Processing Standards Publication." The documents are published by the National Institutes of Standards and Technologies (NIST) in the US. In particular FIPS 140-2 was published by NIST with the cooperation of the Communications Security Establishment (CSE) in Canada. NIST and CSE created a joint effort called the Cryptographic Module Validation Program (CMVP) to specifically manage the FIPS 140-2 process. What is the purpose of this program? CMVP, issues validation certificates that let purchasers know if products (cryptographic modules) actually meet the FIPS 140-2 requirements. It is important to understand that this program focuses only on the parts of the product that utilize cryptography. These are the "cryptographic engines" that power the security in all types of products. It's often difficult or impossible for an end consumer to lift the product's hood and examine the cryptographic engine and ensure it truly works the way it is supposed to. Therefore, the CMVP program ensures that detailed testing an analysis is performed, and only those products that meet the claims are listed on the validation lists. How does CMVP do this? CMVP accredits independent labs (commercial companies) to run a specific set of tests and report to the government on the output of those tests. The body that accredits the testing labs is called the National Voluntary Laboratory Accreditation Program, or NVLAP. Initially NVLAP accredited three laboratories to ensure commercial competition (one of which I managed). However, as industry demand and international interest has grown, so to has the number of labs. Currently, CMVP oversees nine testing labs across the US, Canada, and United Kingdom. How do the testing labs work? Testing labs are independent, for-profit organizations, so they compete for the vendors' business. They are all governed by the same sets of rules and regulations and hopefully produce the same end result in judging cryptographic engines. However, the process and procedures they use to achieve the results and how they evaluate documentation, design, and products vary. This is part of the reason that CMVP provides multiple laboratories to satisfy the needs of the competitive commercial marketplace, allowing vendors to compare laboratories on location, prices, responsiveness, resources, etc. But to ensure consistent quality testing the CMVP periodically monitors laboratory quality and prohibits testing labs from consulting on product design or creating documents for products they test. While laboratories can offer some guidance as to what the standard requires, they may not advise a vendor on how to relate that guidance to their specific product. There are separate consultants (such as my company, Corsec) that specialize in helping vendors in these areas. Vendors complain FIPS 140-2 is too hard - is it necessarily? A FIPS 140-2 validation entails significant effort for a vendor before, during and after the vendor chooses the lab. They must verify that their product design is compliant to the requirements in the standard. If not, then design changes will have to be made before the product goes through testing. Next, the vendor has to produce a large body of documentation that explains how the product meets cryptographic security requirements, how its design complies with them, and how it will behave in specific situations. The CMVP program requires very specific documents be submitted in particular formats. This means the vendors or their consultants must spend significant efforts producing documentation for FIPS 140-2 that they would not otherwise produce. Most vendors are not practiced in producing FIPS 140-2 Security Policies, Finite State Machines, or Vendor Evidence documents and may either spend more effort than laboratories require under FIPS 140-2, or include the wrong information. However, with the right focus in the documents, a vendor's product can be quickly evaluated by a laboratory, and efforts significantly reduced. The documents have been submitted, the testing has been done - so now what? Once the commercial testing has been performed, the CMVP reviews the test report and Security Policy as part of their quality control. Assuming the vendor responds promptly and correctly to government questions, CMVP will sign a validation certificate for the tested version of the product, and post it on their web site. In the past, lack of staffing and funding, and sharp growth in FIPS 140-2 testing has caused delays in the government's ability to process test reports - another source of vendor complaints. Although still woefully under-funded despite the recent focus on communications security, the CMVP has avoided the huge delays folks like INS have suffered, and continues to streamline the process. What does this mean to the purchaser? Government or Financial Services industry purchasers who are required to purchase only FIPS 140-2 validated products have begun using validated lists as shopping lists. They help narrow the playing field when comparing similar types of products. If one has been validated and another has not, the purchaser must choose the one with the FIPS 140-2 certificate. Thus, the validated products lists show which products have proven they meet FIPS 140-2 requirements for cryptographic security. It tells you that qualified, independent cryptographic "mechanics" have looked under the hood of the product and ensured the engine is soundly designed, well implemented, and running smoothly. More and more, this assurance is becoming a basic requirement of purchasers inside and outside the government. Vendors have noted this, and the list of validated vendors reads like a who's who of serious players in the market. These days, gaining a FIPS 140-2 validation also tells purchasers that a vendor is committed to security, as validations are typically far from cheap, fast, or easy. Next month, we will cover the testing process for Common Criteria and how it relates to FIPS 140-2 validation. In the meantime, you can read more about FIPS 140-2 requirements at www.corsec.com/fips_center.php, or contact me at jmorris at Corsec dot com. About the author John Morris is president and co-founder of Corsec Security, which offers consulting services for Common Criteria and FIPS 140-2 product validations. Mr. Morris is the former manager of a NVLAP-accredited testing laboratory, and has worked for the last decade in cryptography, public key infrastructure and security engineering with a focus on government security validations. You can read a Q/A by Mr. Morris in Corsec's monthly e-newsletter by visiting www.corsec.com/news.php. Questions can be submitted to info at corsec.com. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From camera_lumina at hotmail.com Mon Sep 27 07:00:11 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 27 Sep 2004 10:00:11 -0400 Subject: Mystification of Identity: You Say Yusuf, I Say Youssouf... Message-ID: Many Cypherpunks view the need to take up crypto arms to stem off an Orwellian, hyper-evil and hyper-competent dictatorship. I'm thinking a more likely (and no less threatening) scenario is one like "Brazil" (ie, the movie). Don't forget, the World Trade Center management was on the Intercom trying to tell everyone to "Remain inside the Building...It's safest Inside the Building". Fuck. Here on Wall Street I'm a dead man. -TD >From: "Roy M. Silvernail" >Reply-To: roy at rant-central.com >To: Tyler Durden >CC: "cypherpunks at al-qaeda.net" >Subject: RE: Mystification of Identity: You Say Yusuf, I Say Youssouf... >Date: Sun, 26 Sep 2004 19:35:38 -0400 > >On Sun, 2004-09-26 at 18:55, Tyler Durden wrote: > > Holy shit. So it really boiled down to mere spelling? > > > > So if there's a single "Mohammed Ali" who is a terrorist in the whole >world, > > then no single Mohammed Ali will be able to fly into and out of the US? >How > > many Mohammed Ali's are there in the world? How many Yousef Islam's? > >Or Yusef Islam? Or Yousuf Islam? It's not just spelling, its >Anglo-English interpretation of the phonetic names. Remember a few >years back when the Associated Press made a (not big, but noticable) >deal out of changing the sanctioned spelling of Qadaffi's name? > >Now we have an entire bureaucracy working on the assumption that "names" >are both is-a-person credentials and immutably tranliterable to the >Anglo-English alphabet. > >The mind just *boggles*! >-- >Roy M. Silvernail is roy at rant-central.com, and you're not >"Progress, like reality, is not optional." - R. A. Hettinga >SpamAssassin->procmail->/dev/null->bliss >http://www.rant-central.com _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From George.Danezis at cl.cam.ac.uk Mon Sep 27 05:11:22 2004 From: George.Danezis at cl.cam.ac.uk (George Danezis) Date: Mon, 27 Sep 2004 13:11:22 +0100 Subject: CFP: Privacy Enhancing Technologies (PET 2005) Message-ID: 5th Workshop on Privacy Enhancing Technologies Dubrovnik, Croatia May 30 - June 1, 2005 C A L L F O R P A P E R S http://petworkshop.org/2005/ Important Dates: Paper submission: February 7, 2005 Notification of acceptance: April 4, 2005 Camera-ready copy for preproceedings: May 6, 2005 Camera-ready copy for proceedings: July 1, 2005 Award for Outstanding Research in Privacy Enhancing Technologies Nomination period: March 4, 2004 through March 7, 2005 Nomination instructions: http://petworkshop.org/award/ ----------------------------------------------------------------------- Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior, and restrict the ability to publish or retrieve documents. Approaches to protecting individuals, groups, but also companies and governments from such profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 5th workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present their perspectives on technological issues. As in past years, we will publish proceedings after the workshop in the Springer Lecture Notes in Computer Science series. Suggested topics include but are not restricted to: * Anonymous communications and publishing systems * Censorship resistance * Pseudonyms, identity management, linkability, and reputation * Data protection technologies * Location privacy * Policy, law, and human rights relating to privacy * Privacy and anonymity in peer-to-peer architectures * Economics of privacy * Fielded systems and techniques for enhancing privacy in existing systems * Protocols that preserve anonymity/privacy * Privacy-enhanced access control or authentication/certification * Anonymous credentials * Election schemes * Privacy threat models * Models for anonymity and unobservability * Attacks on anonymity systems * Traffic analysis * Profiling and data mining * Privacy vulnerabilities and their impact on phishing and identity theft * Deployment models for privacy infrastructures * Novel relations of payment mechanisms and anonymity * Usability issues and user interfaces for PETs * Reliability, robustness and abuse prevention in privacy systems Stipends to attend the workshop will be made available, on the basis of need, to cover travel expenses, hotel, or conference fees. You do not need to submit a technical paper and you do not need to be a student to apply for a stipend. For more information, see http://petworkshop.org/2005/stipends.html General Chair: Damir Gojmerac (damir.gojmerac at fina.hr), Fina Corporation, Croatia Program Chairs: George Danezis (George.Danezis at cl.cam.ac.uk), University of Cambridge, UK David Martin (dm at cs.uml.edu), University of Massachusetts at Lowell, USA Program Committee: Martin Abadi, University of California at Santa Cruz, USA Alessandro Acquisti, Heinz School, Carnegie Mellon University, USA Caspar Bowden, Microsoft EMEA, UK Jean Camp, Indiana University at Bloomington, USA Richard Clayton, University of Cambridge, UK Lorrie Cranor, School of Computer Science, Carnegie Mellon University, USA Roger Dingledine, The Free Haven Project, USA Hannes Federrath, University of Regensburg, Germany Ian Goldberg, Zero Knowledge Systems, Canada Philippe Golle, Palo Alto Research Center, USA Marit Hansen, Independent Centre for Privacy Protection Schleswig-Holstein, Germany Markus Jakobsson, Indiana University at Bloomington, USA Dogan Kesdogan, Rheinisch-Westfaelische Technische Hochschule Aachen, Germany Brian Levine, University of Massachusetts at Amherst, USA Andreas Pfitzmann, Dresden University of Technology, Germany Matthias Schunter, IBM Zurich Research Lab, Switzerland Andrei Serjantov, University of Cambridge, England Paul Syverson, Naval Research Lab, USA Latanya Sweeney, Carnegie Mellon University, USA Matthew Wright, University of Texas at Arlington, USA Papers should be at most 15 pages excluding the bibliography and well-marked appendices (using an 11-point font), and at most 20 pages total. Submission of shorter papers (from around 4 pages) is strongly encouraged whenever appropriate. Papers must conform to the Springer LNCS style. Follow the "Information for Authors" link at http://www.springer.de/comp/lncs/authors.html. Reviewers of submitted papers are not required to read the appendices and the paper should be intelligible without them. The paper should start with the title, names of authors and an abstract. The introduction should give some background and summarize the contributions of the paper at a level appropriate for a non-specialist reader. A preliminary version of the proceedings will be made available to workshop participants. Final versions are not due until after the workshop, giving the authors the opportunity to revise their papers based on discussions during the meeting. Submit your papers in Postscript or PDF format. To submit a paper, compose a plain text email to pet2005-submissions at petworkshop.org containing the title and abstract of the paper, the authors' names, email and postal addresses, phone and fax numbers, and identification of the contact author (to whom we will address all subsequent correspondence). Attach your submission to this email and send it. By submitting a paper, you agree that if it is accepted, you will sign a paper distribution agreement allowing for publication, and also that an author of the paper will register for the workshop and present the paper there. Our current working agreement with Springer is that authors will retain copyright on their own works while assigning an exclusive 3-year distribution license to Springer. Authors may still post their papers on their own Web sites. See http://petworkshop.org/2004/paper-dist-agreement-5-04.html for the 2004 version of this agreement. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Paper submissions must be received by February 7. We acknowledge all submissions manually by email. If you do not receive an acknowledgment within a few days (or one day, if you are submitting right at the deadline), then contact the program committee chairs directly to resolve the problem. Notification of acceptance or rejection will be sent to authors no later than April 4 and authors will have the opportunity to revise for the preproceedings version by May 6. We also invite proposals of up to 2 pages for panel discussions or other relevant presentations. In your proposal, (1) describe the nature of the presentation and why it is appropriate to the workshop, (2) suggest a duration for the presentation (ideally between 45 and 90 minutes), (3) give brief descriptions of the presenters, and (4) indicate which presenters have confirmed their availability for the presentation if it is scheduled. Otherwise, submit your proposal by email as described above, including the designation of a contact author. The program committee will consider presentation proposals along with other workshop events, and will respond by the paper decision date with an indication of its interest in scheduling the event. The proceedings will contain 1-page abstracts of the presentations that take place at the workshop. Each contact author for an accepted panel proposal must prepare and submit this abstract in the Springer LNCS style by the "Camera-ready copy for preproceedings" deadline date. _______________________________________________ NymIP-rg-interest mailing list NymIP-rg-interest at nymip.org http://www.nymip.org/mailman/listinfo/nymip-rg-interest --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Mon Sep 27 05:15:59 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 27 Sep 2004 14:15:59 +0200 Subject: locustworld + padlock Message-ID: <20040927121559.GX1457@leitl.org> http://www.viatech.com/en/resources/pressroom/2004_archive/pr040923lw_securem esh.jsp VIA and LocustWorld Secure Wireless Mesh Networks with VIA PadLock High-Speed Encryption On-die security features in the latest VIA processors enable AES Encryption at blistering speeds from LocustWorld.s MeshAP-Pro Taipei, Taiwan, September 23rd 2004 - VIA Technologies, Inc, a leading innovator and developer of silicon chip technologies and PC platform solutions, today announced that the MeshAP-Pro from LocustWorld is the first commercial product to support the hardware-based VIA PadLock ACE (Advanced Cryptography Engine), allowing it to encrypt and decrypt data traveling through the mesh at very high speeds. .Security is a vital part of any wireless network and is an increasingly important issue as adoption of last mile technologies, such as mesh networking, mature and become more widespread,. commented Wai Sing Lee, a security consultant at Frost & Sullivan. .Strong cryptography and certification can be used to build a highly secure wireless network.. The LocustWorld MeshAP-Pro application is used by commercial wireless network operators around the world to provide widespread wireless broadband Internet services over wide areas where each node in the mesh network automatically interconnects with its neighbors to form a large scale, self organizing network. Traffic over the network is encrypted using digital certificates and dynamically generated private keys, making the mesh extremely secure, so as traffic increases, gateways become loaded with the overhead of handling multiple simultaneous cryptographic connections. By utilizing the VIA PadLock ACE, LocustWorld MeshAP-Pro enables meshbox gateways to deliver additional performance in extremely heavily loaded networks while maintaining uncompromisingly high-level certificated security throughout the mesh. .Using the on-die AES encryption from the latest VIA processors we can achieve an encryption layer with hardly any overhead on the CPU,. said Richard Lander, CEO of LocustWorld. .Network performance using the VIA PadLock ACE is close to the speed of un-encrypted communications, achieving high-strength encryption without the associated performance impact, even on large networks with high traffic. The result is virtually transparent encryption.. .The MeshAP-Pro is a great example of how compact power efficient devices based on VIA processors can enable industry leading security without affecting normal system performance,. said Steven S. Lee, Head of the VIA Embedded Platform Division, VIA Technologies, Inc. .Together with innovators like LocustWorld, we are taking the lead in the move to ubiquitous security where security operations can be carried out natively by every system in a network.. Inter-operation between VIA PadLock ACE enabled nodes and other nodes that execute their encryption through software is ensured by the use of industry standard AES encryption, so. mesh administrators can utilize VIA PadLock ACE enabled systems for heavily used nodes to interconnect and make certificated encrypted connections with older or peripheral nodes with lower data throughput capacity. "The VIA PadLock ACE is a great tool, enabling us to extend the power, speed and scale of our wireless mesh networks further, without losing out on performance,. added Jon Anderson, CTO of LocustWorld. .The VIA PadLock ACE-assisted Wireless Mesh gives high speed, secure, wireless networking a very significant performance boost." The LocustWorld MeshAP-Pro has been certified through the VIA PadLock Certification Program that is designed to assist independent software developers in optimizing their products for the VIA PadLock Hardware Security Suite. More information on the VIA PadLock ACE is available from the VIA PadLock Hardware Security Suite website. About the VIA PadLock Security Initiative Comprising the VIA PadLock Hardware Security Suite and VIA PadLock Software Security Suite, the VIA PadLock Security Initiative is focused on providing key hardware and application level security building blocks that can be easily integrated into any computing and communications infrastructure. The VIA PadLock Hardware Security Suite is integrated into VIA C5P Nehemiah core processors and features the VIA PadLock RNG for high quality key generation and the VIA PadLock ACE (Advanced Cryptography Engine) for high speed performance of the US government approved Advanced Encryption Standard (AES). The VIA PadLock Software Security Suite consists of the VIA PadLock SDK, the VIA PadLock ZIP utility and source code and the VIA PadLock Tru-Delete utility and source code. More information on the VIA PadLock Security Initiative may be found at the VIA website http://www.via.com.tw/en/padlock/padlock_initiative.jsp. About LocustWorld LocustWorld produces the MeshAP-Pro, providing hardware, software and services that allow customers to build complete mesh networking solutions. Based in the UK, LocustWorld addresses the demand for mesh networking using their own resources assisted by a network of regional service providers. LocustWorld has gained world-wide recognition as leaders in wireless mesh networking, with live installations and public references and many happy customers. More information about LocustWorld and reference installations can be found at www.locustworld.com -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Mon Sep 27 13:59:19 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 27 Sep 2004 16:59:19 -0400 Subject: Saluting the data encryption legacy Message-ID: CNET News http://www.news.com/ Saluting the data encryption legacy By Bruce Schneier http://news.com.com/Saluting+the+data+encryption+legacy/2010-1029_3-5381232.html Story last modified September 27, 2004, 9:00 AM PDT The Data Encryption Standard, or DES, was a mid-'70s brainchild of the National Bureau of Standards: the first modern, public, freely available encryption algorithm. For over two decades, DES was the workhorse of commercial cryptography. Over the decades, DES has been used to protect everything from databases in mainframe computers, to the communications links between ATMs and banks, to data transmissions between police cars and police stations. Whoever you are, I can guarantee that many times in your life, the security of your data was protected by DES. Just last month, the former National Bureau of Standards--the agency is now called the National Institute of Standards and Technology, or NIST--proposed withdrawing DES as an encryption standard, signifying the end of the federal government's most important technology standard, one more important than ASCII, I would argue. Today, cryptography is one of the most basic tools of computer security, but 30 years ago it barely existed as an academic discipline. In the days when the Internet was little more than a curiosity, cryptography wasn't even a recognized branch of mathematics. Secret codes were always fascinating, but they were pencil-and-paper codes based on alphabets. In the secret government labs during World War II, cryptography entered the computer era and became mathematics. But with no professors teaching it, and no conferences discussing it, all the cryptographic research in the United States was conducted at the National Security Agency. In the days when the Internet was little more than a curiosity, cryptography wasn't even a recognized branch of mathematics. And then came DES. Back in the early 1970s, it was a radical idea. The National Bureau of Standards decided that there should be a free encryption standard. Because the agency wanted it to be non-military, they solicited encryption algorithms from the public. They got only one serious response--the Data Encryption Standard--from the labs of IBM. In 1976, DES became the government's standard encryption algorithm for "sensitive but unclassified" traffic. This included things like personal, financial and logistical information. And simply because there was nothing else, companies began using DES whenever they needed an encryption algorithm. Of course, not everyone believed DES was secure. When IBM submitted DES as a standard, no one outside the National Security Agency had any expertise to analyze it. The NSA made two changes to DES: It tweaked the algorithm, and it cut the key size by more than half. The strength of an algorithm is based on two things: how good the mathematics is, and how long the key is. A sure way of breaking an algorithm is to try every possible key. Modern algorithms have a key so long that this is impossible; even if you built a computer out of all the silicon atoms on the planet and ran it for millions of years, you couldn't do it. So cryptographers look for shortcuts. If the mathematics are weak, maybe there's a way to find the key faster: "breaking" the algorithm. The NSA's changes caused outcry among the few who paid attention, both regarding the "invisible hand" of the NSA--the tweaks were not made public, and no rationale was given for the final design--and the short key length. But with the outcry came research. It's not an exaggeration to say that the publication of DES created the modern academic discipline of cryptography. The first academic cryptographers began their careers by trying to break DES, or at least trying to understand the NSA's tweak. And almost all of the encryption algorithms--public-key cryptography, in particular--can trace their roots back to DES. Papers analyzing different aspects of DES are still being published today. By the mid-1990s, it became widely believed that the NSA was able to break DES by trying every possible key. This ability was demonstrated in 1998, when a $220,000 machine was built that could brute-force a DES key in a few days. In 1985, the academic community proposed a DES variant with the same mathematics but a longer key, called triple-DES. This variant had been used in more secure applications in place of DES for years, but it was time for a new standard. In 1997, NIST solicited an algorithm to replace DES. The process illustrates the complete transformation of cryptography from a secretive NSA technology to a worldwide public technology. NIST once again solicited algorithms from the public, but this time the agency got 15 submissions from 10 countries. My own algorithm, Twofish, was one of them. And after two years of analysis and debate, NIST chose a Belgian algorithm, Rijndael, to become the Advanced Encryption Standard. It's a different world in cryptography now than it was 30 years ago. We know more about cryptography, and have more algorithms to choose among. AES won't become a ubiquitous standard in the same way that DES did. But it is finding its way into banking security products, Internet security protocols, even computerized voting machines. A NIST standard is an imprimatur of quality and security, and vendors recognize that. So, how good is the NSA at cryptography? They're certainly better than the academic world. They have more mathematicians working on the problems, they've been working on them longer, and they have access to everything published in the academic world, while they don't have to make their own results public. But are they a year ahead of the state of the art? Five years? A decade? No one knows. It took the academic community two decades to figure out that the NSA "tweaks" actually improved the security of DES. This means that back in the '70s, the National Security Agency was two decades ahead of the state of the art. Today, the NSA is still smarter, but the rest of us are catching up quickly. In 1999, the academic community discovered a weakness in another NSA algorithm, SHA, that the NSA claimed to have discovered only four years previously. And just last week there was a published analysis of the NSA's SHA-1 that demonstrated weaknesses that we believe the NSA didn't know about at all. Maybe now we're just a couple of years behind. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Mon Sep 27 17:53:15 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 27 Sep 2004 17:53:15 -0700 Subject: Mystification of Identity: You Say Yusuf, I Say Youssouf... In-Reply-To: References: Message-ID: <200409280100.i8S10WaX027767@positron.jfet.org> At 06:03 PM 9/25/2004, R. A. Hettinga wrote: >Gilmore, et al., are right, as always. > >If you've been all-but cavity-searched -- okay, virtually >cavity-searched, given the state of modern X-Ray airport passenger >scanning technology -- and you don't have a weapon, exactly *how* is >knowing *who* you are going to affect your ability to hijack an airplane? Of course it doesn't. However, if there are known potential hijackers who travel under their True Names or Known Aliases, and if there's a list of them that can be checked against, knowing the name you're using can validate whether you might be one of them, and preventing you from flying means you can't carry out your Clever New Hijacking Plan, such as converting that small guitar into a set of six piano-wire garrotes or mixing that liquid oxygen shoe sole with rum to form an explosive, and it prevents you from using previously undetected explosives in your luggage or whatever. There are several reasons you might divert a plane in this environment - - to spank the airline for not being careful enough about checking the list, independent of any hijacking risk. - to cover the ass of the person who put the wrong spelling on the list, even though the US Enemies Airline Blacklist supposedly has the passport numbers of Official US Enemies and therefore should have been able to get the spelling from Yousouff's UK passport. - to prevent a potential hijacker from hijacking the plane during the descent phase of the flight, in case they're planning to crash it into Washington instead of London, or to reduce the time that the plane is in the air, in case there's a timed-release bomb in the luggage. (Ideally you'd like to prevent them and their luggage from getting on at all, but it was too late for that, and if there's a pressure-triggered luggage bomb you've already lost.) - to maintain the pretense that the people on the list are potential hijackers or airplane suicide bombers, as opposed to people who might sing politically inconvenient music or give talks that encourage other potential US Enemies or give the money to hire other people to do the dangerous bits. - to be extremely conservatively overcautious because you've discovered that you mistakenly let someone on the plane and the version of the Enemies List that you have access to doesn't indicate which people are actively dangerous passengers of the potential hijacker/bomber type, as opposed to political Enemies who you could arrange to harass at Customs after they've arrived, and you don't have the time to find out why they're there before landing (hey, it took Teddy Kennedy three tries), so you throw the Better Safe Than Sorry dice and decide you can spin the PR Fearmongering if you're oversensitive. I'd guess that the working-level decision was the latter conservative knee-jerk, though the decision-makers preferred to think of it as the third case. Conservatism is easier when _you're_ not going to have to pay for the extra airplane costs or deal with the other passengers who miss their airline connections because you stuck them in Bangor, which are somebody else's problem. The entertaining questions are when they figured out that he was the well-known Cat Stevens and not just the generic-Moslem-sounding Mr. Islam, and whether there are pre-defined policies about landing them in Bangor when they ostensibly had enough advance notice to land them in Newfoundland or Labrador instead, which aren't US territory. From mv at cdc.gov Mon Sep 27 20:27:43 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 27 Sep 2004 20:27:43 -0700 Subject: John Abizaid needs termination Message-ID: <4158DA2F.D9F92CD2@cdc.gov> Saw "general" Abizaid on the news. He was so obviously either experiencing pharmaceutically-induced nystagmus or reading from a teleprompter it wasn't funny. Methinks he's a robot, or taking too many go-pills. Lets hear 2K dead by the elections. We'll settle for less if they're in DC. From mv at cdc.gov Mon Sep 27 20:33:56 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 27 Sep 2004 20:33:56 -0700 Subject: Individual Geopolitical Darwin Awards Message-ID: <4158DBA4.34F37BCC@cdc.gov> At 10:00 AM 9/27/04 -0400, Tyler Durden wrote: >Don't forget, the World Trade Center management was on the Intercom trying >to tell everyone to "Remain inside the Building...It's safest Inside the >Building". > >Fuck. Here on Wall Street I'm a dead man. If you stay in NYC or DC, you are an individual winner of a geopolitical Darwin Award. You can collect along with your half-dozen virgins. From mv at cdc.gov Mon Sep 27 21:49:24 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 27 Sep 2004 21:49:24 -0700 Subject: Mystification of Identity: You Say Yusuf, I Say Youssouf... Message-ID: <4158ED54.6DCB3220@cdc.gov> At 05:53 PM 9/27/04 -0700, Bill Stewart wrote: >and preventing you from flying means you can't carry out your >Clever New Hijacking Plan, such as converting that small guitar >into a set of six piano-wire garrotes or mixing that Organophosphates will still make it onto a plane, have been used in Japan, and might be better used in stationary, more populated and still dense places in the US. Also, no one has really tested whether pilots will suffer 300 passengers to die. But there are groovier places to deploy the human pesticides, jets are so old-school. And then there's the ultimate soft targets, grammar schools. Those who lay with israelis die like israelis. Karma ain't just for breakfast anymore. Birds, roost, home. BTW, I don't think TATP would excite the nitrate-sniffing autodogs.. just light your shoe in the restroom next time for Allah's sake.. Who knew the fall of Rome II would be televised? From bill.stewart at pobox.com Tue Sep 28 01:50:07 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 28 Sep 2004 01:50:07 -0700 (PDT) Subject: John Abizaid needs termination In-Reply-To: <4158DA2F.D9F92CD2@cdc.gov> References: <4158DA2F.D9F92CD2@cdc.gov> Message-ID: <3089.216.240.32.1.1096361407.squirrel@smirk.idiom.com> Variaola allegedly wrote: > Saw "general" Abizaid on the news. He was so obviously > either experiencing pharmaceutically-induced nystagmus or > reading from a teleprompter it wasn't funny. Methinks > he's a robot, or taking too many go-pills. Lets hear > 2K dead by the elections. We'll settle for less if they're in DC. Isn't he the guy who keeps sending emails about his corrupt Nigerian uncle's poor widow who needs to smuggle $18B in unspent funds out of Iraq and wants your bank account number so you can help? (OK, no. http://www.johnabizaid.com/ has his bio and pointers that look like they're supposed to be his writings, except there are broken html links to apaam.org, the Association of Patriotic Arab Americans in the Military or something.) He's apparently campaigning for the position of military governor of Iraq. At least he does speak Arabic. From kelsey.j at ix.netcom.com Tue Sep 28 06:14:33 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 28 Sep 2004 09:14:33 -0400 (GMT-04:00) Subject: Mystification of Identity: You Say Yusuf, I Say Youssouf... Message-ID: <15869670.1096377273756.JavaMail.root@waldorf.psp.pas.earthlink.net> >From: Tyler Durden >Sent: Sep 27, 2004 10:00 AM >To: roy at rant-central.com >Cc: cypherpunks at al-qaeda.net >Subject: RE: Mystification of Identity: You Say Yusuf, I Say Youssouf... >Many Cypherpunks view the need to take up crypto arms to stem off an >Orwellian, hyper-evil and hyper-competent dictatorship. I'm thinking a more >likely (and no less threatening) scenario is one like "Brazil" (ie, the >movie). Yep. It turns out that broad and scary police powers don't make you any smarter or wiser or more careful, they just make it easier for you to insist on obedience and stifle complaints. Post 9/11, flight attendants and airline employees have more authority to order passengers around and deny people boarding, but they're still the same people they were on 9/10, they're presumably only marginally better at spotting terrorists (at least not obviously Arab-looking terrorists). They just have more power, and fewer consequences when they screw up. ... >-TD --John Kelsey From camera_lumina at hotmail.com Tue Sep 28 06:41:04 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 28 Sep 2004 09:41:04 -0400 Subject: John Abizaid needs termination Message-ID: "Methinks he's a robot," Isn't that from Philip K Dick's "The Penultimate Truth"? Hum. Any chance there really is no war in Iraq and we're just being cowered into producing items for the ultra-rich living outside of "Bunker USA"? -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: John Abizaid needs termination >Date: Mon, 27 Sep 2004 20:27:43 -0700 > >Saw "general" Abizaid on the news. He was so obviously >either experiencing pharmaceutically-induced nystagmus or >reading from a teleprompter it wasn't funny. Methinks >he's a robot, or taking too many go-pills. Lets hear >2K dead by the elections. We'll settle for less if they're >in DC. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From camera_lumina at hotmail.com Tue Sep 28 06:42:42 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 28 Sep 2004 09:42:42 -0400 Subject: Individual Geopolitical Darwin Awards Message-ID: Half-dozen? And virgins are WAY overrated. -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Individual Geopolitical Darwin Awards >Date: Mon, 27 Sep 2004 20:33:56 -0700 > >At 10:00 AM 9/27/04 -0400, Tyler Durden wrote: > >Don't forget, the World Trade Center management was on the Intercom >trying > >to tell everyone to "Remain inside the Building...It's safest Inside >the > >Building". > > > >Fuck. Here on Wall Street I'm a dead man. > >If you stay in NYC or DC, you are an individual winner of a geopolitical > >Darwin Award. You can collect along with your half-dozen virgins. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From dailyarticle at mises.org Tue Sep 28 07:24:25 2004 From: dailyarticle at mises.org (Mises Daily Article) Date: Tue, 28 Sep 2004 10:24:25 -0400 Subject: Their Crisis, Our Leviathan Message-ID: Their Crisis, Our Leviathan by Gregory Bresiger [Posted September 28, 2004] The circus is coming to your town soon. Maybe, Im getting old, but I just cant get very excited about the clowns anymore. Yup, its political season again and those bothersome pols, still lusting for the votes that put or keep themselves and their pals in office, will be in our faces until the nonsense is over. Time for the same tired two parties to trot out the same moronic messages that challenge the credulity of anyone with a healthy three figure IQ. Time for the same politicos, with "solutions" to every problem under the sun, to promise endless new programs, the expansion of existing failed programs, yet also swear that tax cuts will also be on the way once theyre given more control over our lives. Time for the professional political classboth the ruling Republicans and Democratsto go through the idiocy of a so-called competitive campaign and the pretense of supposedly differing philosophies. Time for those hopelessly inane tube "debates." Time for the republics fortunes to turn on such crucial points as how a candidate looks on the idiot box, which candidate shaved better[1] or which slick candidate can come up with the best crackpot idea, an idea that later usually proves to be a figment of his imagination (the nonexistent missile gap flim flam of the 1960 Kennedy-Nixon presidential campaign is one example[2]). Time for a presidential debate commission, stacked with only Republican and Democrat party hacks, to insist that debates cannot ever include any third parties anytime because it would be too dangerous for the average American to hear a different idea or a now radical viewpoint such as less government. Time for John Kerry to promise to balance the budget, yet not propose one major cut in a federal program. Time for George Bush to claim his opposition to big government, yet not mention how he made tens of millions of dollars in a shady deal that included government subsidized construction of a new stadium for the Texas Rangers baseball team, a sleazy transaction in which the powers of eminent domain were perverted to make Bush, then owner of the team, even richer.[3] Time again for the polsor least some of the smarter of these shystersto include a Munich-like promise to "get Washington off our backs." Time for the weak-minded among the voters to play the role of Neville Chamberlain ("Here it is. Herr Hitler signed it," said Chamberlain of Hitlers signed promise to leave everyone alone in 1938. That was a promise with all the credibility of Bill Clintons middle-class tax cut promise or Lying Baines Johnsons 1964 promise not to send more troops to Vietnam or Ronald Reagans 1980 campaign promise to close down the departments of Energy and Education or. . . .). Time for our masters to duck the question that most economically illiterate journalists arent inclined to ask: Who pays for government writ large and its endless expansions in peacetime, wartime, and anytime in the middle? As one listens to the perpetual seekers of office, with their vows of delivering utopia on earth provided we give them our votes, remember this in case you become a bit wobbly and suspect that youre ready to swallow one or more of their monkeyshinesWashingtons world saving doesnt come cheap. Never has. Never will. Such is the nature of leviathan government. It is classical liberals such as Professor Robert Higgs (See his wonderful book[4]) and the mid-Victorian radical Richard Cobden[5]who remind us that democratic governments follow predictable patterns. They stumble or run into crisis after crisis. Then the government insists that this justifies it arrogating more power. That, of course, always must include a bigger bit of your property. The latter is accomplished through higher state, federal, or municipal taxes or the use of the stealth tax. The latter is the insidious inflation dodge, a piece of legerdemain that governments have been using over centuries to take bigger and bigger bites of your property. Then these democratic nationswhich, by the way, increasingly contain more and more people who want no part of the political processlater concede the crisis was nonexistent or overstated. One can cite many examples of bogeymen never materializing. The Soviets, despite the plaudits of liberal/socialist economists in the West and the warnings of internationalist conservatives who said that they were ten feet tall, had a Potemkin Village economy. They were never going to overtake the United States in nuclear weapons or GDP. The world was not about to run out of oil in the 1970s. The Sandinistas never had the power to march into Texas. What ever happened to the global ice age that was supposed to be coming? Will it happen before or after global warming? Saddam Hussein, apparently, didnt have weapons of mass destruction that he was about to fire at the United States. And if the corrupt House of Saud, an invention of the British Empire, is about to fall, how, exactly, does this square with sacrificing the lives of young Americans, whose Western values are hated by our Saudi allies? Kerry and Bush are unlikely to address these "Crisis and Leviathan" scenarios. Thats because they both essentially believe that the United States government must continue to be a warfare/welfare state with its fingers in every domestic and foreign pie. Although they may disagree on some of the tactics of this America as a great interventionist power model, neither is ready to junk it and return to the traditional foreign policy of a George Washington.[6] Washington advocated not "isolationism," but trade and good relations with all nations and no permanent military alliances. These enlightened policies of Washington, a man so unlike the career politicians who dominate our nation today, were once the bedrock of American policy and were also the bible of the radical little Englander movement of Richard Cobden of the mid-19th century. Now these ideas seem like relics. They are ridiculed as outdated by the dominant media and their allies in government and the academy. That is, until the next Vietnam or Iraq or Somalia blows up in our faces. How far we have come. Washington hated political parties and couldnt wait to return to private life. He also kept the U.S. clear of major wars that would have likely wrecked our young republic. Our leaders today seem like a modern day Palmerston. He was the mid-Victorian British foreign minister and prime minister ever ready to plunge his nation into endless wars. Our Palmerstonian foreign policy today seems to generate "endless enemies."[7] The rejection of Washingtons pacific, noninterventionist foreign policy is the tragedy of our nation. Thats because the mistakes are neither understood nor are the consequences appreciated. War is more than the health of the military industry complex. A huge welfare state usually goes along with an imperial foreign policy. Theodore Roosevelt and his Progressive allies of the early 20th century advocated both. They reversed the classical liberal/Jeffersonian foundations of our original constitution. Even Roosevelts opponent in the presidential election of 1912, Woodrow Wilson, ended up adopting many of these nationalist ideas. The New Nationalism of Roosevelt ended up transforming Wilsons New Freedom, which originally was supposed to be an attempt to restate Jeffersonian ideas. Despite the enmity between Roosevelt, the man who gloried in war, and Wilson, the differences between the men, in the end, were reduced to almost nothing. It was Wilson who gloried in American interventions around the globe, vowing to make the people of Latin America elect good men and who promised "to make the world safe for democracy." How different is that from what FDR, Kennedy, and Johnson did and Nixon did? How different is that from what both Kerry and Bush now promise, although they might disagree on some of the methods of how to achieve these common goals? So our bipartisan policy now for over a century has been the policy of the so-called continual crisis of the leviathan, regardless of whether Democrats or Republicans ruled. The rationale of this imperial republic justifies the expenditure of billions of dollars, the constant waging of misguided or tragic wars and the right to snoop further into the lives of average Americans. Wilson set up a special intelligence unit to spy on blacks during World War I, a war in which he tried to ride roughshod over dissent.[8]FDR jailed thousands of loyal Japanese-Americans. Thousands of Americans were blacklisted during the Cold War. The National Security State, created after World War II, sanctioned illegal spying conducted by the Central Intelligence Agency, which was not supposed to conduct domestic spying, according to its charter. What do Kerry and Bush have to say about this? What will they do to prevent a repeat of these injustices and tragedies? Their answers come with the incongruities of their actions. Kerry voted for the war resolution authorizing war against Iraq. Then he turned around and voted against funding. Bush, in the presidential election in 2000, said he feared that U.S. troops were engaged into too much nation building. Over the last four years, he has sent troops to many countries, not just to battle terrorism, but to "bring democracy" to various parts of the world that have never known democracy. Does Bush, never a student of history, realize how much he is aping Wilson? I doubt it. Will both Bush or Kerry be allowed to escape history? Will they even be asked to address the potential dangers of a huge state with almost unlimited powers, a state that is no less dangerous than any tyranny just because elections are held from time to time with pre-determined outcomes (We know either a Democrat or a Republican is going to win every significant office in this country. It has been set up that way and people who object are usually ostracized or ridiculed as hopeless[9]). But, as these two bands of ruling parties do their best to avoid difficult issues. The average American asks very little even as he is mulcted every day of the week. Americans merely want to go about their business without the prying eyes of bureaucrats who can ruin their lives with one or more administrative rulings (See Joe Louis, various Indian nations, Abbott and Costello, Muhammad Ali, etc. . . .). The pattern is predictable. When were speaking of money and power, the crisis never ends as far as our rulers are concerned. Thats because they need the leviathan; it serves their interests. For example, despite the end of the Soviet Union or the end of the Great Depression and similar crises, never ever does any government go back to the levels of spending and authority that preceded the mess. The costs of all this Perils of Pauline polity are incredible. They should cause outrage because we pay the piper, as will many generations unborn. The costs of government by world savers, human and economic, are always staggering once a Gibbon or a Mises or Robert Conquest or a Rothbard has totted up the bill. Regardless of whether were speaking in terms of debased dollars or, more importantly, the loss of lives from perpetual Wilsonian military interventions, the tragic errors have been, and will continue to be, signed off on by both major parties. Thats the price of power that these folks, who think of power as the ultimate aphrodisiac, are more than willing to pay. After all, their children usually go to private schools and are unlikely to end up on the firing line in some place like Iraq. Unfortunately, it is the average American who has been and will continue to be hurt in so many ways. This is thanks to the chicanery of a government he or she probably doesnt support or votes for with a finger firmly held on el nariz. >From Iraq to prescription drug plans to sad sack Amtrak (the Acela is an expensive joke, which is anything but a high-speed train, yet charges premium fares for a railroad that continues to run in the red), to state education[10] so bad that it would have surprised even socialists Bertrand Russell or John Stuart Mill[11], the accumulation of power by our central government and the money it spends are mind boggling. Shouldnt some hardy soul, with an understanding that the original constitution was designed to give Americans limited government, ask Jorge II or the homeless Senator from Taxachusetts[12] for an accounting of all this? And shouldnt one of our rulers at least issue a perfunctionary promise that there will be limitations on Washington? Not that many people would actually believe such a promise of limitations. But we have traveled so far down "The Road to Serfdom"[13]that it is unlikely our would-be Caesars will even be going through the motions of pretending to be Jeffersonians? Heres the sorry truth that you will never hear over the next few months from most of the network nitwits and the other members of the elite Eastern media, who are a willing part of the charade of the election circus. The political carnival, which once entertained us when we were children the same as all clowns can win the favor of delighted little children, is now a tired, overpriced show. It should have been cancelled decades ago. The circus does nothing but take our money and lots of it. It doesnt even provide good entertainment. Political conventions decide nothing. The biggest decision is usually when to unleash the balloons. Even the tv networks, notorious for playing to the lowest common denominator, weary of the Big Top tonterias. Less frequently do they send their human blanks to gape at the spectacle of pols and their relatives baying for the cameras. Under our fraudulent two party system, two bands of pirates offer big or bigger government with no mention of how much this will cost us. We will pay, among other ways, through the hidden tax called inflation. It is an insidious system. It gives us more by actually giving us less. That means we seem to have more money, the nominal amount of the money in our pockets or in the bank is larger. The economy seems to humming along. Stock prices and earnings seem to grow by huge amounts over the long term. But it is a trick.[14] Our judgment has been distorted by the long-term effects of inflation and the destructive policies of the central bank.[15] These devalued dollars actually can buy fewer things. And this cycle of spending and inflating will worsen unless there is a signal change among tens of millions of Americans who are disgusted, but feel compelled to vote for one of these two windjammers. They just want to go about their business, work harder and be left alone. This kind of person is the "forgotten man.[16]" He has increasingly been pushed into the background by special interests and those forever demanding more of the welfare state. Still, the apolitical forgotten man only wants to be left alone, much to the joy of the political junkies who really dont care how illegitimate the system becomes or how few voters go to the polls. Thats provided that their boy and their party wins. And they get to carve up the biggest slice of the jobs, power and authority. Unfortunately, much as many of us would wish it, most of this Black Horse Cavalry will not go away. We, and our children and their children, will pay through higher federal income tax rates and state taxes will rise too. Thats regardless of whether we end up with a "fiscal conservative" or a liberal Democrat in November. In fact, given the wild-eyed spending of the Republican administration of the last four years, the socialists of the Bubba administration actually now look relatively less inimical to liberty than George IIs crew of neocons. The more bookish of this Bush crowdwhose predecessors banished the so-called "isolationist" wing of the GOP in 1952[17]have imbibed too much of the bible of the Archangel Woodrow Wilson. Here was the prototype for almost every modern president celebrated by mainstream historians as "great." Historians love Wilson, as do most modern presidents. But his legacy, as he left office in 1921, was a nation overtaxed, disappointed, in the middle of a depression and with civil liberties under attack by an attorney general run amuck.[18] Sound familiar? Wilson left office as one of the more unpopular presidents in the republics history.[19]Is the same fate awaiting a Bush or a Kerry in 2008? Despite widespread suspicion of the men and women who lord over us today, all of our political ruling class obviously make a very good living from picking the pockets of average people who pay for the federal governments endless failed experiments in foreign and domestic social engineering. But they couldnt do it without help. Large elements of the major media are on board. And the hired help during this election season will have plenty of slaves in the media to remind us how lucky we are to be living under this regime or how lucky we will be if Kerry and his cutthroats replace Bush and his cutthroats. These trained seals of the media will implore us "to vote." They will also ridicule third parties. Some of the slick ones on the network will goose step to the socialist line of government on top of government with more government to follow. They will point out that the United States, even with higher taxes, still has tax rates that are much lower than France, Canada and Germany.[20]Of course, these nations are closer to a socialist model than we are and are also nations that have much higher unemployment rates and lower growth rates. But those are facts that are usually not mentioned or get sparse attention when the subject of taxes is discussed in most major media. And besides which, many of our taxes are now on the fast track. With a few more years of the leviathan, we can certainly catch up with our Western European and Canadian counterparts. For example, let us not forget the ubiquitous social insurance tax. It is a wretched impost, especially for the lower-middle class, working poor and those who are self-employed (The latter have no employer to pay the employers half of FICA. So they get a double dose of payroll taxes). Thanks to the Kerrys and the Bushes, the next generation of Americansbarring a miraclewill also pay higher payroll tax rates. These rates will go up and up as they have over the last 32 years at an accelerated pace. Republicans and Democrats have both signed off on a venal system in which the "trust fund" is used for anything and everything. But due to our flawed system of politics, the major candidates surely will not be forced to answer any substantial questions on this issue other than to say, "I support Social Security." Neither will be required to explain why there have been dozens of payroll tax increases over the years or why the system runs into trouble every decade or so. Neither will have to field a question over how anyone in the private sector could legally run a trust fund the way the government pillages the Social Security trust fund and not end up in the slammer. And heres another one that Teresa Heinzs consort and George Herbert Walker Bushs hijo should have to answer. How the hell did this payroll tax get so high? Let history answer. It is because President Nixon and the Democratic Congress of 1972both exhibiting the notorious trait of almost all politicos, the overwhelming desire to get re-elected no matter the long term consequencesapproved big Social Security benefits increases along with ill-considered automatic cost of living adjustments (colas) back in the disco era. They sent out the notices of the benefits increasesyou guessed itjust before the elections, which most incumbents won (Nixon was re-elected. Congress remained under the control of Democrats). The pols "gave us" (sic) these benefits hikes with little thought of how they would hurt Americans who had to pay for them in the 1980s and 1990s.[21] This was the kind of Pavlovian action of all career politicos who subscribe to economist John Maynard Keynes. ("In the long run, were all dead.," Keynes was famously quoted as saying. Yes, and also much poorer, Mr. Keynes). Watch for a repeat of this Keynesian electioneering when the circus comes to your town. This increase benefits you as much as it can in an election year, and forget about the bills has been a disastrous policy that has hurt generations and generations of Americans. Still, many Americans have no idea what a FICA is. But they understand that, whatever the hell a FICA is, it eats up a hell of a lot of their hard-earned dinero. This irresponsible philosophy has also meant that tens of millions of workersmany with rather modest incomesare paying more in payroll taxes than they do in income taxes. The payroll tax has become the de facto second income tax of millions of Americans. Thats unless, of course, one lives here in the Peoples Republic de Nueva York. In this "enlightened" place, we have both a city and state income tax. Here one can pay four income taxes! And neither of the major parties here in the Rancid Apple ever suggests that maybe four income taxes on top of everything else that one must pay to his masters are too much of a burden. Just as it ridiculous to expect Republicans to dismantle the leviathan on the Potomachavent they been running things for the last four years?so, too, it is silly to think that their counterparts in big cities are generally the enemies of paternal government. So once again, the fraud of a two-party runaway democracy is about to be perpetuated with the connivance of most major media outlets. And who knows how much it will cost us and generations to come? Whatever it is, it will be a lot more than the estimates we get. The government, which often fudges numbers, doesnt want you to know the truth, just as your parents shielded you from many of lifes unpleasantries. But youre not a child anymore, even though your government apparently treats you as though you are perpetually one. [22] Time to put away childish things. Its time to stop going to the circus. Gregory Bresiger is an editor in New York. gbresiger at hotmail.com. See his archive. Comment on the blog. [1] This is not an exaggeration. It is widely conceded that Richard Nixon lost the televised presidential debate of 1960 because he had five oclock shadow. [2] Arthur Schlesinger Jr., the great liberal historian and Kennedy aide, concedes that the campaign issue of the U.S falling behind the Russians in missile production was a canard. Once in office, "the issue finally withered away," Schlesinger writes in his book, "A Thousand Days," p. 499 (Houghton Mifflin Company, Boston, 1965). Yet Kennedy, ever the big government advocate, still went ahead with a nuclear arms buildup that was not needed! [3] The whole slimy story is available in "The Buying of the President 2004," by Charles Lewis, pp. 15055 and pp. 16869. (Harper Collins, New York, 2004). [4] See "Crisis and Leviathan," by Robert Higgs, (New York, Oxford University Press, 1987). [5] See "The Three Panics," a pamphlet from "The Political Writings of Richard Cobden," (New York: Garland Publishing, 1973). [6] "We ought to have commercial intercourse with all, but political ties with none," said Washington, a piece of advice that would have him branded "an isolationist" today. Washington also cautioned against almost all foreign alliances. "American has no motive for forming such connections and very powerful motives for avoiding them." See "John Marshall, Definer of a Nation," by Jean Edward Smith, p. 243, (New York, Henry Holt & Co., 1996) It all sounds radical now, but for a century America adhered to many of these common sense ideas. [7] See Jonathan Kwitnys book, "Endless Enemies: The Making of an Unfriendly World." (New York: Congdon and Weed, 1984). [8] See "Free Speech in the United States," by Zechariah Chafee, Jr., p. 273, (Harvard University Press, Cambridge, Mass., 1967). 9) As I write this, word comes that Ralph Nader was denied credentials to attend the Democratic convention. Some democrats just cant stop blaming him for Gore losing the 2000 presidential election. I doubt any of them were angry that Perot helped elect Clinton in 1992 or ask why Gore couldnt carry his own state or West Virginia, traditional Democratic states that went for Bush. [10] "The truth is that schools dont really teach anything except how to obey orders." So wrote John Taylor Gotto, who has been an award winning public school teacher. See his "Dumbing Us Down. The Hidden Curriculum of Compulsory School," p. 25, (New Society Publishers, Philadelphia, 1991). [11] Both Russell and Mill, socialists who hoped that society would evolve away from private property, nevertheless were fearful of state education, believing its dangers far outweighed any of its potential benefits. For example, Mill, in "On Liberty, warned that " a general state education is a mere contrivance for molding people to be exactly like one another; and as the mold in which it casts them is that which pleases the predominant power in the government, whether this be a monarch, a priesthood, an aristocracy, or the majority of the existing generation; in proportion as it is efficient and successful, it establishes a despotism over the mind, leading by natural tendency to one over the body." See "The Utilitarians, p. 587, (Doubleday & Co, Garden City, New York, 1961). [12] In his "gypsy years," before he married Teresa Heinz, John Kerry had no permanent address in the Bay State. Senators are supposed to have permanent addresses in the state they represent. But not John Kerry, who sometimes stayed rent-free in the condo of his chief fundraiser. See "John Kerry. The Complete Biography by The Boston Globe Reporters Who Know Him Best," by Michael Kranish, Brian C. Mooney and Nina J. Easton, p. 238, (Public Affairs, New York, 2004). [13] See F.A. Hayeks "The Road to Serfdom." (The University of Chicago Press).. Here he warned, some 60 years ago, that," We are rapidly abandoning not the views merely of Cobden and Bright, of Adam Smith and Hume, or even of Locke and Milton, but one of the salient characteristics of Western civilization as it has grown from the foundations laid by the Christians and the Greeks and Romans." P. 17. [14] "Inflation from 1988 through the end of 2002 was 52%. What cost $100 in 1988 would cost $152.01 in 2002. If earnings only kept up with inflation, they would grow from $23.75 in 1988 to $36.10 in 2003. That means that earnings barely kept up with inflation, growing less than $1 ($.92) in real, inflation adjusted terms in 15 years! That is a total growth of less than four percent and clearly a compounded growth of less than 0.5%" From "Bulls Eye Investing. Targeting Real Returns in a Smoke and Mirrors Market," by John Maudlin, p. 105, (John Wiley & Sons, New York, 2004). [15] "What makes us rich," writes Murray Rothbard, "is an abundance of goods, and what limits that abundance is a scarcity of resources: . . . Multiplying coin will not whisk these resources into being. We may feel twice as rich for the moment, but clearly all we are doing is diluting the money supply." P. 33. See Rothbards "What Has Government Done to Our Money?" [16] "Here," wrote William Graham Sumner about a century ago, " we have the Forgotten Man again, and once again we find him worthy of all respect and consideration, but passed by in favor of the noisy, pushing and incompetent." From "Social Darwinsim. Selected Essays of William Graham Sumner," p. 127, (Prentice-Hall, Englewood Cliffs, New Jersey, 1963). [17] The Republican Party, in 1952, turned away from "isolationism when it turned its back on Senator Robert Taft. He was "the Reluctant Dragon, unable to wage permanent war against the Soviet menace." The party, instead, turned to the "internationalist" Dwight Eisenhower. See "Prophets on the Right. Profiles of Conservative Critics of American Globalism," by Ronald Radosh, p. 192, (Simon and Shuster, New York, 1975). [18]See "The Politics of War. The Story of Two Wars which Altered Forever the Political Life of the American Republic (18901920)" by Walter Karp, Harper Row, New York, 1979). [19] Ibid. [20] Germany has "double" the unemployment rate of the United States. See the "Wall Street Journal" op-ed page of August 2, 2004,. "Auf Wiedersehen to the Leisure Economy, " p. A11. [21] See my "The Social Security Deal of 1972" at mises.org or simply by doing on an on line search using my name. [22]See Alexis de Tocquevilles "Democracy in America." Here De Tocqueville, over a century and a half ago, warned of the potential for an administrative despotism that would be unlike any other tyranny ever experienced in history. "It would resemble parental authority, if, fatherlike, it tried to prepare its charges for a mans life, but on the contrary, it only tries to keep them in perpetual childhood." P. 692, Vol II, (Perrenial Classics, New York, 2000). In response to many requests, it is now possible to set your credit-card contribution to the Mises Institute to be recurring. You can easily set this up on-line with a donation starting at $10 per month. See the Membership Page. This is one way to ensure that your support for the Mises Institute is ongoing. [Print Friendly Page] Mises Email List Services Join the Mises Institute Mises.org Store Home | About | Email List | Search | Contact Us | Periodicals | Articles | Games & Fun EBooks | Resources | Catalog | Contributions | Freedom Calendar You are subscribed as: rah at ibuc.com Manage your account. Unsubscribe here or send email to this address. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Sep 28 08:00:52 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 28 Sep 2004 11:00:52 -0400 Subject: Their Crisis, Our Leviathan Message-ID: --- begin forwarded text From rah at shipwright.com Tue Sep 28 09:28:22 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 28 Sep 2004 12:28:22 -0400 Subject: Spy imagery agency watching inside U.S. Message-ID: USA Today Spy imagery agency watching inside U.S. By Katherine Pfleger Shrader, Associated Press BETHESDA, Md. - In the name of homeland security, America's spy imagery agency is keeping a close eye, close to home. It's watching America. Since the Sept. 11 attacks, about 100 employees of a little-known branch of the Defense Department called the National Geospatial-Intelligence Agency - and some of the country's most sophisticated aerial imaging equipment - have focused on observing what's going on in the United States. Their work brushes up against the fine line between protecting the public and performing illegal government spying on Americans. Roughly twice a month, the agency is called upon to help with the security of events inside the United States. Even more routinely, it is asked to help prepare imagery and related information to protect against possible attacks on critical sites. For instance, the agency has modified basic maps of the nation's capital to highlight the location of hospitals, linking them to data on the number of beds or the burn unit in each. To secure the Ronald Reagan funeral procession, the agency merged aerial photographs and 3D images, allowing security planners to virtually walk, drive or fly through the Simi Valley, Calif., route. The agency is especially watchful of big events or targets that might attract terrorists - political conventions, for example, or nuclear power plants. Everyone agrees that the domestic mission of the NGA has increased dramatically in the wake of Sept. 11, even though laws and carefully crafted regulations are in place to prevent government surveillance aimed at Americans. The agency is not interested in information on U.S. citizens, stresses Americas office director Bert Beaulieu. "We couldn't care less about individuals and people and companies," he said. But that's not good enough for secrecy expert Steven Aftergood, who oversees a project on government secrecy for the Federation of American Scientists. "What it all boils down to is 'Trust us. Our intentions are good,'" he said. Adds Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington: "As a general matter, when there are systems of public surveillance, there needs to be public oversight." Geospatial intelligence is the science of combining imagery, such as satellite pictures, to physically depict features or activities happening anywhere on the planet. Outside the United States, it can be a powerful tool for war planners who may use imagery to measure soil wetness to determine if tanks could travel an area. It can help weapons proliferation experts look for ground disturbances that can indicate new underground bunkers. Before Sept. 11, the NGA's domestic work often meant things like lending a hand during natural disasters by supplying pictures of wildfires and floods. But now the agency's new Americas Office has been called on to assemble visual information on more than 130 urban areas, among scores of other assignments, including maps of the national mall, the country's high-voltage transmission lines and disaster exercises. Sometimes, agency officials may cooperate with private groups, such as hotel security offices, to get access to video footage of lobbies and hallways. That footage can then be connected with other types of maps used to secure events - or to take action, if a hostage situation or other catastrophe happens. The level of detail varies widely, depending on the threat and what the FBI or another agency needs. "In most cases, it's not intrusive," said the NGA's associate general counsel, Laura Jennings. "It is information to help secure an event and to have people prepared to respond should there be an attack, or to analyze the area where a threat has been made." According to Executive Order 12333, signed by President Reagan in 1981, members of the U.S. intelligence community can collect, retain and pass along information about U.S. companies or people only in certain cases. Information that is publicly available or collected with the consent of the individual is fair game, as is information acquired by overhead reconnaissance not directed at specific people or companies. The NGA says it has aggressive internal oversight and its employees go through annual training on what is and isn't allowed. "If they deviated from their own rules, how would it be discovered?" asks secrecy expert Aftergood. "I am not satisfied that they have an answer to that question." One oversight committee in Congress noticed after Sept. 11 that an intelligence agency was snapping pictures of the United States, said a congressional aide, speaking on condition of anonymity. A staff member is now monitoring the issue, and the aide said so far problems have not been spotted. But Aftergood notes that while intelligence budgets have increased dramatically in the last five years, congressional oversight budgets have not. Even the agency concedes gray areas do emerge. Generally, for example, intelligence resources can't be used for law enforcement purposes. So the FBI or another agency could use an NGA-produced aerial photograph to solve a domestic crime. But the NGA couldn't take actions to target a specific individual, such as highlight a suspect's home, unless the information was linked directly to a national security issue. Agency officials call that "passive assistance" and say certain legal tests must be met. Law enforcement officials occasionally ask if the agency has information that could provide evidence about a crime - say, for example, whether a white truck was at a location at a certain time, Beaulieu said hypothetically. "Yes, we will do a check," he said. "But I can't remember a single case where we actually even had an image for that day." Jennings concedes that toeing such fine lines can be difficult. "We look, we check, and it just so happens that we haven't had a situation where there is a smoking gun," she said. "We would analyze each one, case by case." "Everybody wants to do the right thing and provide the information that is appropriate without overstepping their authority," she later added. The NGA says it is working to build trust - with the public and with private companies. Before Sept. 11, for instance, chemical plants and other critical sites weren't as cooperative as they are today, out of fear that aerial photographs might be shared with federal environmental regulators. NGA officials say the Homeland Security Department has been careful to protect proprietary information. What if NGA analysts were to see an environmental crime? "I don't think any of my people know enough to know an environmental crime," Beaulieu said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sunder at sunder.net Tue Sep 28 11:00:04 2004 From: sunder at sunder.net (Sunder) Date: Tue, 28 Sep 2004 14:00:04 -0400 (edt) Subject: How to fuck with airports - a 1 step guide for (Redmond) terrorists. Message-ID: Q: How do you cause an 800-plane pile-up at a major airport? A: Replace working Unix systems with Microsoft Windows 2000! Details: http://www.techworld.com/opsys/news/index.cfm?NewsID=2275 ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- From roy at rant-central.com Tue Sep 28 11:37:04 2004 From: roy at rant-central.com (Roy M. Silvernail) Date: Tue, 28 Sep 2004 14:37:04 -0400 Subject: How to fuck with airports - a 1 step guide for (Redmond) terrorists. In-Reply-To: References: Message-ID: <4159AF50.1000104@rant-central.com> Sunder wrote: >Q: How do you cause an 800-plane pile-up at a major airport? >A: Replace working Unix systems with Microsoft Windows 2000! > >Details: http://www.techworld.com/opsys/news/index.cfm?NewsID=2275 > > Got to love the spin... "The servers are timed to shut down after 49.7 days of use in order to prevent a data overload, a union official told the LA Times." That would be 49.710269618055555555555555555556 days, or (curiously enough) 4294967295 (0xFFFFFFFF) milliseconds. Known problem with Win95 ('cept they call Win95 a "server"). -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFS SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From bill.stewart at pobox.com Tue Sep 28 15:06:54 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 28 Sep 2004 15:06:54 -0700 Subject: How to fuck with airports - a 1 step guide for (Redmond) terrorists. In-Reply-To: <4159AF50.1000104@rant-central.com> References: <4159AF50.1000104@rant-central.com> Message-ID: <6.0.3.0.0.20040928145744.03dab318@pop.idiom.com> At 11:37 AM 9/28/2004, Roy M. Silvernail wrote: >Got to love the spin... > >"The servers are timed to shut down after 49.7 days of use in order to >prevent a data overload, a union official told the LA Times." >That would be 49.710269618055555555555555555556 days, or (curiously >enough) 4294967295 (0xFFFFFFFF) milliseconds. Known problem with Win95 >('cept they call Win95 a "server"). I've heard some people say that there was a different problem that was causing them to need to reboot about that often, having to do with the applications rather than the core OS, but I don't know enough of the details to be sure. Either way, if they knew the system was going to crash every 49.7 days, and they had a process to have a technician reboot it every 30 days, and the technician shuts it down during quiet nighttime hours, that guarantees that the 49.7 day crash will be at a _bad_ time of day. They could at _least_ have done a workaround that tells the system to shut itself down at 2am on Day 45, after giving the operators a warning about "Hey, I need to shut myself down for an hour for maintenance some time in the next 4 days, is now a good time? Yes/No/Wait-5-min/Wait-1-hour" Disclaimer: I worked on the FAA's AAS debacle in the 80s (fortunately not on the unlucky "winning" contractor's team), and a number of my coworkers worked on VSCS projects - not sure if they won that round, or who their partners were. From sfurlong at acmenet.net Tue Sep 28 12:55:45 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 28 Sep 2004 15:55:45 -0400 Subject: How to fuck with airports - a 1 step guide for (Redmond) terrorists. In-Reply-To: <4159AF50.1000104@rant-central.com> References: <4159AF50.1000104@rant-central.com> Message-ID: <1096401345.3724.1.camel@daft> On Tue, 2004-09-28 at 14:37, Roy M. Silvernail wrote: > "The servers are timed to shut down after 49.7 days of use in order to > prevent a data overload, a union official told the LA Times." > That would be 49.710269618055555555555555555556 days, or (curiously > enough) 4294967295 (0xFFFFFFFF) milliseconds. Known problem with Win95 > ('cept they call Win95 a "server"). How the heck do they keep a Win95 machine up for 49 days? I think 1 day is a more realistic MTBF. From kayos at genetikayos.com Tue Sep 28 16:57:32 2004 From: kayos at genetikayos.com (T.R. Fullhart) Date: Tue, 28 Sep 2004 16:57:32 -0700 Subject: October meeting announcement for SV2600 Message-ID: <29C8263A-11AA-11D9-BFCF-000A95B920F6@genetikayos.com> This Friday is the October meeting of the Silicon Valley chapter of 2600. 2600 meetings are local gatherings to learn and discuss the information infrastructure of our society. This includes problems with the infrastructure and it's affects on our modern society. Chapters of 2600 are registered with 2600 magazine, http://www.2600.com/. Topics covered include: wired and wireless communications technology, secure computing platforms, open-source and free software movement, cryptography, how-tos, information security, and electronic civil rights. The Silicon Valley chapter of 2600 meets at 6:00PM on the first Friday of each month. We meet in the cafe patio at the Dr. Martin Luther King, Jr. Library at 4th and E. San Fernando in downtown San Jose: 150 E. San Fernado St. San Jose, CA 95112 Our web site is at http://www.sv2600.org/. -- T.R. Fullhart kayos at genetikayos.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Tue Sep 28 19:03:31 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 28 Sep 2004 19:03:31 -0700 Subject: Spy imagery agency watching inside U.S. Message-ID: <415A17F3.148A6C31@cdc.gov> You don't even need the Hubble-scopes pointed down that the NRO/NIMA/whatever the fuck they're called today has. Check out globexplorer.com; my patio is more than several pixels and a friend of mine saw his Bronco. You could probably make out the glint in JY's eyes. OTOH its really easy to signal our colleages overseas should they have similar resolution, and we have patio umbrellas. At 12:28 PM 9/28/04 -0400, R. A. Hettinga wrote: >Spy imagery agency watching inside U.S. >By Katherine Pfleger Shrader, Associated Press >BETHESDA, Md. - In the name of homeland security, America's spy imagery >agency is keeping a close eye, close to home. It's watching America. Since >the Sept. 11 attacks, about 100 employees of a little-known branch of the >Defense Department called the National Geospatial-Intelligence Agency - and >some of the country's most sophisticated aerial imaging equipment - have >focused on observing what's going on in the United States. From mv at cdc.gov Tue Sep 28 19:08:11 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 28 Sep 2004 19:08:11 -0700 Subject: How to fuck with airports - a 1 step guide for (Redmond) Message-ID: <415A190B.3DBAC542@cdc.gov> Personal aside. I've started working for a medical device company. This is not so far from security programming, as checking your inputs, robustness, and being able to justify time spent inspecting and testing are all common to both domains. But today I learned that a device that keeps you heart going, should it forget how, has a field that rolls over in about 40+ days. But hey, euthanisia is underappreciated. Reboot that pacer! ------ People who are willing to rely on the government to keep them safe are pretty much standing on Darwin's mat, pounding on the door, screaming, "Take me, take me!"--Cael in A.S.R. Sunder wrote: >Q: How do you cause an 800-plane pile-up at a major airport? >A: Replace working Unix systems with Microsoft Windows 2000! "The servers are timed to shut down after 49.7 days of use in order to prevent a data overload, a union official told the LA Times." That would be 49.710269618055555555555555555556 days, or (curiously enough) 4294967295 (0xFFFFFFFF) milliseconds. Known problem with Win95 ('cept they call Win95 a "server"). From rah at shipwright.com Tue Sep 28 20:14:02 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 28 Sep 2004 23:14:02 -0400 Subject: Cryptography regulations threaten OSS in SA Message-ID: eBCVG - Cryptography regulations threaten OSS in SA Published on: Tuesday, 28 September 2004, 19:40 GMT South Africa's Electronic Communications and Transactions (ECT) Act of 2002 is a controversial piece of legislation. It attempts to address a whole lot of issues at once, without seeming to do a good job of any of them. Sections include a national e-strategy, e-government, electronic documents, cryptography, authentication, consumer protection, the .za domain name authority, and cyber crime. Chapter 5 deals with cryptography. It specifies the compulsory registration of all "cryptography providers" with the Department of Communications. The Act states in 30(1): "No person may provide cryptography services or cryptography products in the Republic until the particulars ... in respect of that person have been recorded in the register..." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From howardjp at vocito.com Wed Sep 29 06:53:37 2004 From: howardjp at vocito.com (James P. Howard, II) Date: September 29, 2004 6:53:37 PM EDT Subject: Carry Umbrella in DC Message-ID: I work in downtown DC (a few blocks from the White House) and this morning saw a plain white blimp over Farragut Park. This thing has no insignia, no numbers, no markings at all and it spent all day circling the city. CNN, and numerous other sources explain this is an Army survellience blimp. Aside from posse comitatus, this is simply immoral. I for one welcome our new art deco overlords. Here's the CNN story: http://edition.cnn.com/2004/US/09/29/security.blimp.ap/ Security blimp tested in Washington skies WASHINGTON (AP) -- Here's a head-turner for a security-nervous city: A large white object was spotted in the skies above the nation's capital in the pre-dawn hours Wednesday. Pentagon police said the Defense Department is testing a security blimp -- fully equipped with surveillance cameras. The white blimp was spotted early Wednesday morning hovering at various times over the Pentagon and the U.S. Capitol. The 178-foot-long device, which is expected to remain in the skies until Thursday, is conducting a mission for the Defense Department. Authorities say the airship is equipped with infrared cameras designed to provide real-time images to military commanders on the ground. The equipment on the blimp already is being used to protect troops in Afghanistan and Iraq. The Army says the device will make at least one 24-hour flight in the District of Columbia area. It has been in the region since last week, and is also being used for test runs over the U.S. Marine Corps Base in nearby Quantico, Virginia, and the Chesapeake Bay. -- James P. Howard, II -- howardjp at vocito.com http://www.jameshoward.us/ -- 202-390-4933 ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From eugen at leitl.org Tue Sep 28 23:28:16 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 29 Sep 2004 08:28:16 +0200 Subject: How to fuck with airports - a 1 step guide for (Redmond) terrorists. In-Reply-To: <6.0.3.0.0.20040928145744.03dab318@pop.idiom.com> References: <4159AF50.1000104@rant-central.com> <6.0.3.0.0.20040928145744.03dab318@pop.idiom.com> Message-ID: <20040929062816.GE1457@leitl.org> On Tue, Sep 28, 2004 at 03:06:54PM -0700, Bill Stewart wrote: > Either way, if they knew the system was going to crash every 49.7 days, > and they had a process to have a technician reboot it every 30 days, If I knew somebody delivered me a mission critical system like that, I'd sue. The system required a human in the loop to periodically do action XY, or it would reliably fail? And the system before didn't? And it wasn't there as a fallback? The mind boggles. Even more interesting: how many heads have rolled due to this? -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Wed Sep 29 06:25:03 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 29 Sep 2004 09:25:03 -0400 Subject: How to fuck with airports - a 1 step guide for (Redmond) terrorists. In-Reply-To: <20040929062816.GE1457@leitl.org> References: <4159AF50.1000104@rant-central.com> <6.0.3.0.0.20040928145744.03dab318@pop.idiom.com> <20040929062816.GE1457@leitl.org> Message-ID: At 8:28 AM +0200 9/29/04, Eugen Leitl wrote: >The mind boggles. Even more interesting: how many heads have rolled due to >this? None, of course. Microsoft is the new IBM. As in, "Nobody ever got fired for buying Microsoft..." Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Wed Sep 29 11:40:40 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 29 Sep 2004 11:40:40 -0700 Subject: More Convenient Use of Electronic Gold Payments In-Reply-To: <415A34EA.1020305@well.com> References: <415A34EA.1020305@well.com> Message-ID: <6.0.3.0.0.20040929103705.03daad20@pop.idiom.com> I've used E-Gold in the past, and found that the hardest part of the process is buying the stuff to put in your account - setting up an account and paying people with it are both easy, but to buy the gold, you need to find some way to give somebody some other kind of money so they'll give you electronic gold. If you want $10000 worth, or want to transfer physical gold, it's not hard, but if you just want small quantities it was annoying. Jim Davidson's article talked about E-Gold and other currencies, and almost all of them operate under a model in which the gold service transfers gold credits between accounts, but buying the gold credits with other types of money is handled by third-party retailers, and almost none of the retailers will accept credit cards or Paypal without long delays, though they'll happily accept other gold currencies. There's now a much more convenient way to buy online gold - goldage.net. To pay them cash, you do an online form, then go to a bank they use, and fill out a deposit slip with their account number from the form, and hand the bank your cash, and then do another form to say you did it. They use banks in USA, Japan, Malaysia, Philippines, Singapore and South Africa. Their US banks include Bank of America, Wells Fargo, and three or four others. You don't need to set up an account with them - they mostly do transactional business, though their fees are a bit lower if you're a large frequent customer. The gold currency payment isn't instant - it can take a couple of days for Goldage to see that the deposit was made. They seem to be a small operation, so they're very responsive to email. A couple of months ago, I wanted to pay for some services using an online gold currency, and the merchant accepts E-gold, Pecunix, and several other gold currencies. I didn't want to use E-Gold itself, because there are too many spammers phishing for people's e-gold account information the way they do for credit cards, and I didn't want to have to miss any _real_ email from them mixed in with the spam. Pecunix was one of the gold currencies that my merchant's online payment system Goldcart accepted, and they were easy to use. So I did the online form at Goldage, deposited the cash at the bank, checked Pecunix a couple of days later, and paid the merchant. I think the total fees were about $6-7 between the different service providers, mostly the $5 minimum fee at Goldage, and I may have a buck or two of round-off-error money sitting in Pecunix, but the percentage costs would be lower if I were using it more frequently rather than a one-shot transaction. It worked very well, and was much simpler than a few years ago. From rah at shipwright.com Wed Sep 29 10:33:49 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 29 Sep 2004 13:33:49 -0400 Subject: Federal judge rejects part of Patriot Act Message-ID: MSNBC.com Federal judge rejects part of Patriot Act Provision giving FBI access to business records overturned Reuters Updated: 12:11 p.m. ET Sept. 29, 2004 NEW YORK - A federal judge Wednesday found unconstitutional a part of the United States' anti-terror Patriot Act that allows authorities to demand customer records from businesses without court approval. U.S. District Judge Victor Marreo ruled in favor of the American Civil Liberties Union, which challenged the power the FBI has to demand confidential financial records from companies as part of terrorism investigations. The ruling was the latest blow to the Bush administration's anti-terrorism policies. In June, the U.S. Supreme Court ruled that terror suspects being held in places like Guantanamo Bay can use the American judicial system to challenge their confinement. That ruling was a defeat for the president's assertion of sweeping powers to hold "enemy combatants" indefinitely after the Sept. 11, 2001, attacks. The ACLU sued the Department of Justice, arguing that part of the Patriot legislation violated the Constitution because it authorizes the FBI to force disclosure of sensitive information without adequate safeguards. The judge agreed, stating that the provision "effectively bars or substantially deters any judicial challenge." Under the provision, the FBI did not have to show a judge a compelling need for the records and it did not have to specify any process that would allow a recipient to fight the demand for confidential information. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From davidson at net1.net Wed Sep 29 16:03:44 2004 From: davidson at net1.net (Jim Davidson) Date: Wed, 29 Sep 2004 18:03:44 -0500 Subject: More Convenient Use of Electronic Gold Payments In-Reply-To: <6.0.3.0.0.20040929103705.03daad20@pop.idiom.com> Message-ID: Dear Bill, First, let me thank you for your excellent message. I've copied a few people on bcc and I've included support at goldage.net since your endorsement of their excellent services is one I'm sure they would appreciate. > I've used E-Gold in the past, and found that the hardest part > of the process is buying the stuff to put in your account - > setting up an account and paying people with it are both easy, > but to buy the gold, you need to find some way to give somebody > some other kind of money so they'll give you electronic gold. There are a number of decent exchange providers both foreign and domestic. You mention one that is very good, goldage.net. Others that I like to work with are Cambist.net and EzEz.com. In this latter case, qualified individuals simply write a check or send a money order to EzEz's parent company and get e-gold within hours after the mail arrives. Cambist has a service called MerchantGold which allows merchants to have payments sent in and receive their funds in e-gold or other online gold. > If you want $10000 worth, or want to transfer physical gold, > it's not hard, but if you just want small quantities it was annoying. Everyone's experiences differ. I certainly have had no difficulty getting small quantities of gold, buying or selling. > Jim Davidson's article talked about E-Gold and other currencies, > and almost all of them operate under a model in which > the gold service transfers gold credits between accounts, > but buying the gold credits with other types of money > is handled by third-party retailers, and almost none of the retailers > will accept credit cards or Paypal without long delays, > though they'll happily accept other gold currencies. There are retailers who accept credit cards. GoldNow.st works with these quite often, though their rates are pretty high and I don't have much else good to say about them. Nobody wants to accept PayPal, even from known customers, because PayPal has had a policy of shutting down exchanger accounts. It has happened so many times that I've lost track. There is an interesting essay on the subject, actually a set of essays, about the "May Scale of Monetary Hardness" which helps to explain why it is so hard to buy gold or silver with credit cards or PayPal. http://www.interestingsoftware.com/mayscale.html PayPal happens to have survived whereas beenz and flooz and other experiments in online payments have failed. I think the relationship between PayPal and eBay has much to do with that survival. I do sometimes wonder if the persistent difficulties of merchants and consumers with PayPal may ultimately threaten its existence. The typical "out" which I'm anticipating is for PayPal to demand that online payment systems be regulated. PayPal would then likely dominate the regulatory agency through the typical revolving door and campaign contribution forms of corruption, in my estimation. > There's now a much more convenient way to buy online gold - > goldage.net. Yes, that's certainly true. They are very convenient. > They seem to be a small operation, so they're very responsive to email. GoldAge.net was founded by my great friend Parker Bradley who has gone off to New Mexico to run Heron Aerospace. It is now managed by a small and very competent team of friends in New York. One of them, Ragnar, is also responsible for LibertyImpact.com which is a great little newsletter on liberty topics. > I didn't want to use E-Gold itself, because there are too many > spammers phishing for people's e-gold account information True. E-gold also keeps its servers in the USA, so you have to expect that all transaction records are in the hands of government agencies now, or will be as soon as a subpoena is issued. (Great news: the "National Security Letter" has been effectively challenged in the courts.) > Pecunix was one of the gold currencies that my merchant's > online payment system Goldcart accepted, and they were easy to use. Pecunix is truly excellent, I feel. You can set up the Pecunix log-in to require a PGP message test/response. You can also set it so that all your communications from Pecunix about your account activities are received in PGP encrypted form. Their log-in system is a very tough hack, and I've never heard of anyone losing their log-in details or account balance. Also, the automation interface for Pecunix is outstanding. GoldCart, by the way, is from the same programming team that handles Pecunix, PVCSE.com, and Garzoo.com. > So I did the online form at Goldage, deposited the cash at the bank, > checked Pecunix a couple of days later, and paid the merchant. > I think the total fees were about $6-7 between the different > service providers, mostly the $5 minimum fee at Goldage, > and I may have a buck or two of round-off-error money sitting in > Pecunix, > but the percentage costs would be lower if I were using it more > frequently > rather than a one-shot transaction. Sure. I think the network of exchangers, of which GoldAge.net is certainly a leader, is making it easier and easier for people to abandon the banking system and handle nearly all their activities with online payment systems. These systems provide enhanced privacy and a great deal of convenience. > It worked very well, and was much simpler than a few years ago. Indeed. Regards, Jim http://indomitus.net/ From dave at farber.net Wed Sep 29 16:18:53 2004 From: dave at farber.net (David Farber) Date: Wed, 29 Sep 2004 19:18:53 -0400 Subject: [IP] Carry Umbrella in DC Message-ID: Begin forwarded message: From announcement at computeradmin.org Wed Sep 29 23:16:51 2004 From: announcement at computeradmin.org (Admin) Date: Thu, 30 Sep 04 06:16:51 GMT Subject: ADV: Announcement To All Staff Message-ID: Attention All Nonprofit Organizations: Members, Staff and Associates: You Must Respond By 5 P.M. Friday, October 1, 2004. Through a special arrangement, Avtech Direct is offering a limited allotment of BRAND NEW, top of-the-line, name-brand desktop computers at more than 50% off MSRP to all Nonprofit Members and Staff who respond to this message before 5 P.M., Friday, October 1, 2004. All desktop are brand-new, packed in their original boxes, and come with a full manufacturer's warranty plus a 100% satisfaction guarantee. These professional grade Desktops are fully equipped with 2004 next generation technology, making these the best performing computers money can buy. Avtech Direct is offering these feature rich, top performing Desktop Computers with the latest Intel technology at an amazing price to all who call: 1-800-884-9510 by 5 P.M. Friday, October 1, 2004 The fast and powerful AT-2400 series Desktop features: * Intel 2.0Ghz Processor for amazing speed and performance * 128MB DDR RAM, --- Upgradeable to 1024 * 20 GB UDMA Hard Drive, --- Upgradeable to 80 GB * 52X CD-Rom Drive, --- Upgradeable to DVD/CDRW * 1.44 Floppy disk drive * Next Generation Technology * ATI Premium video and sound * Full Connectivity with Fax modem/Lan/IEE 1394/USB 2.0 * Soft Touch Keyboard and scroll mouse * Internet Ready * Network Ready * 1 Year parts and labor warranty * Priority customer service and tech support MSRP $699 ........................................ Your Cost $297 How to qualify: 1. You must be a Member, Staff or Associate of a Nonprofit. 2. All desktop computers will be available on a first come first serve basis. 3. You must call 1-800-884-9510 by 5 P.M. Friday, October 1, 2004 and we will hold the desktops you request on will call. 4. You are not obligated in any way. 5. 100% Satisfaction Guaranteed. Call Avtech Direct 1-800-884-9510 before 5 P.M. Friday, October 1, 2004 Visit our website at http://www.avtechdirectcomputers.com If you wish to unsubscribe from this list, please go to: http://www.computeradvice.org/unsubscribe.asp Avtech Direct 22647 Ventura Blvd., Suite 374 Woodland Hills, CA 91364 From rah at shipwright.com Thu Sep 30 07:09:20 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 30 Sep 2004 10:09:20 -0400 Subject: Are horrific means justified by utopia? Message-ID: Townhall.com Are horrific means justified by utopia? Daniel J. Flynn (back to web version) | Send September 29, 2004 If you believe the fulfillment of your cause will create Heaven on Earth, anything done in its name is justified. Grasping this basic concept helps one to better understand the present-day beheadings by backward fundamentalists hoping to create Allah's Kingdom in the temporal world. It also helps one understand the mass killings of the past in Nazi Germany and the Soviet Union supported by cultured intellectuals promising to make men perfect. This is why utopianism is so dangerous. It rationalizes horrible crimes done to attain the unattainable. The intellectual morons discussed in my book by the same name get blinded to reality by the causes that they serve. The loftier the ideal, the baser their actions become in its name. Examples abound. Idealism unchecked by reality fueled the worldwide eugenics movement of the first half of the twentieth century. English intellectual Herbert Spencer articulated the lofty goal of eugenics by announcing that "all imperfection must disappear." Toward this end, Margaret Sanger called for forced sterilization, concentration camps, and birth control for the "creation of a new race." In America, the ideals of Planned Parenthood's founder were partially realized through the sterilization by state governments of nearly 70,000 people. In Germany, these same ideals-"a new race"-resulted in something far more horrible. W.E.B. Du Bois, a founder of the NAACP, believed Karl Marx a "colossal genius." Du Bois's fanatical devotion to Communism's triumph made a liar out of him. To the esteemed professor, Stalin was a "great" and "courageous" man, while the "sinister" Churchhill was the primary leader bringing the "death and destruction of human civilization." Amidst the mass killings of Maoist China, Du Bois detected "a sense of human nature free of its most hurtful and terrible meanness." America, fresh from victory over Nazism and immersed in a cold war against the Soviet Union, was to him "the greatest warmonger of all history." Deluded by an ideology that promised utopia, Du Bois confused statesmen for murderers and murderers for statesmen; free nations for totalitarian ones and totalitarian nations for free ones. Novelist Ayn Rand hated Nazism and Communism, but this didn't stop her from imitating many of the unattractive aspects of those ideologies in both her fiction and in her real life. The high priestess of Objectivism established a cult of personality, held show trials against followers, denied reality (such as the success of Sputnik) when it didn't conform to her theories, and demanded the submission of individual judgment to her own. In Rand's books, she fantasized about the destruction of the portion of humanity standing in the way of her ideals. Examples of this include the holocaust that concludes Atlas Shrugged and the words of We the Living's heroine: "What are your masses but mud to be ground underfoot, fuel to be burned for those who deserve it?" The damage done by Objectivism, thankfully, rarely went beyond the movement's ranks. Ideologies promise to save the world. They fail. Instead, they breed fanaticism, justify dishonesty, and cloud reality. They do this by keeping adherents transfixed on the unreachable goal: human perfectibility. The focus on the impossible keeps the actual out of sight. Thus, crimes, lies, and even murders committed on the ideology's behalf are ignored, excused, and denied. Rather than demonstrating that men can be made perfect, ideologues show us how fallen man can be. This is as true today among al Qaeda's followers as it was eighty-five years ago among the Bolsheviks. Most of the evil committed is done in the name of the good. Aristotle, for instance, observed in the Nicomachean Ethics that "every action and decision, seems to seek some good." Crucially, he added, "But the ends appear to differ." Do they ever. When you're providing earthly deliverance, all is permitted-the gulag, the gas chamber, beheadings, etc. After all, ends that glorious will always justify means that horrific. Unfortunately, utopian ideologies never succeed in their ends or spare in their means. The road to heaven on earth invariably detours to a dead end more closely resembling a much hotter place. Daniel J. Flynn is the author of Intellectual Morons: How Ideology Makes Smart People Fall for Stupid Ideas -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Thu Sep 30 01:37:45 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 30 Sep 2004 10:37:45 +0200 Subject: [IP] Carry Umbrella in DC (fwd from dave@farber.net) Message-ID: <20040930083743.GP1457@leitl.org> ----- Forwarded message from David Farber ----- From camera_lumina at hotmail.com Thu Sep 30 14:06:45 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 30 Sep 2004 17:06:45 -0400 Subject: "ID Rules Exist, But Can't Be Seen" Message-ID: http://www.wired.com/news/privacy/0,1848,65154,00.html?tw=wn_tophead_4 I post this not as a refernce per se, but to ask the question: Exactly Why Does the Government Not Want to Reveal Their ID Rules? This would seem obvious at first, but upon thinking about it I have to admit to being a little confused. For instance, is it indeed possible that revealing this rule would pose an additional security risk? If such a rule exists (and it does) then hijackers obviously already know about it. Could this rule also reveal some deeper secrets about how hijackers can be detected? I seriously doubt it. Then of course, the argument may be that the government wanted to hide the rule for the very reason of making it more unassailable. In other words, if the rule were known, then it might be more easily contested in court. Hiding the rule protects the law which in turn protects national security. This last idea is the only one I can think of that might be behind why the government would make such a rule secret. If this is the case, then this reveals what I would argue to be a dangerous mindset: The government needs to protect the people from themselves...ie, from the normal operation of democracy. On Cyperhpunks I would suppose this does not seem suprising. But it perhaps reveals that there is explicit, conscious thought occurring along these lines in the government. THAT, perhaps, is new. -TD _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From rah at shipwright.com Thu Sep 30 14:39:24 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 30 Sep 2004 17:39:24 -0400 Subject: QC Hype Watch: Quantum cryptography gets practical Message-ID: - Computerworld Quantum cryptography gets practical Opinion by Bob Gelfond, MagiQ Technologies Inc. SEPTEMBER 30, 2004 (COMPUTERWORLD) - In theory and in labs, quantum cryptography -- cryptography based on the laws of physics rather than traditional, computational difficulty -- has been around for years. Advancements in science and in the world's telecommunications infrastructure, however, have led to the commercialization of this technology and its practical application in industries where high-value assets must be secure. Protecting information today usually involves the use of a cryptographic protocol where sensitive information is encrypted into a form that would be unreadable by anyone without a "key." For this system to work effectively, the key must be absolutely random and kept secret from everyone except the communicating parties. It must also be refreshed regularly to keep the communications channel safe. The challenge resides in the techniques used for the encryption and distribution of this key to its intended parties to avoid any interception of the key or any eavesdropping by a third party. Many organizations are advancing quantum technology and bringing it outside academia. Research labs, private companies, international alliances such as the European Union and agencies such as the Defense Advanced Research Projects Agency are investing tens of millions of dollars in quantum research, with projects specifically focused on the challenge of key distribution. The trouble with key distribution Huge investment in the late 1990s through 2001 created a vast telecommunications infrastructure resulting in millions of miles of optical fiber laid across the country and throughout buildings to enable high-speed communications. This revolution combined a heavy reliance on fiber-optic infrastructure with the use of open network protocols such as Ethernet and IP to help systems communicate. Although this investment delivers increased productivity, dependence on optical fiber compounds key distribution challenges because of the relative ease with which optical taps can be used. With thousands of photons representing each bit of data traveling over fiber, nonintrusive, low-cost optical taps placed anywhere along the fiber can siphon off enough data without degrading the signal to cause a security breach. The threat profile is particularly high where clusters of telecommunications gear are found in closets, the basements of parking garages or central offices. Data can be tapped through monitoring jacks on this equipment with inexpensive handheld devices. This enables data to be compromised without eavesdroppers disclosing themselves to the communicating parties. Another important aspect of this problem is the refresh rate of the keys. Taking large systems off-line to refresh keys can cause considerable headaches, such as halting business operations and creating other security threats. Therefore, many traditional key-distribution systems refresh keys less than once per year. Infrequent key refreshing is detrimental to the security of a system because it makes brute-force attacks much easier and can thereby provide an eavesdropper with full access to encrypted information until the compromised key is refreshed. Adding quantum physics to the key distribution equation Companies are now in a position to use advancements in quantum cryptography, such as quantum key distribution (QKD) systems, to secure their most valued information. Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, and the decreasing cost in recent years of components necessary for producing QKD systems as a result of the over-investment in telecommunications during the early 2000s. Based on the laws of quantum mechanics, the keys generated and disseminated using QKD systems have proved to be absolutely random and secure. Keys are encoded on a photon-by-photon basis, and quantum mechanics guarantees that the act of an eavesdropper intercepting a photon will irretrievably change the information encoded on that photon. Therefore, the eavesdropper can't copy or read the photon -- or the information encoded on it -- without modifying it, which makes it possible to detect the security breach. In addition to mitigating the threat of optical taps, QKD systems are able to refresh keys at a rate of up to 10 times per second, further increasing the level of security of the encrypted data. Not for everyone Quantum key distribution systems aren't intended for everyday use: You won't find a QKD system in the home office anytime soon. One reason is that a QKD system requires a dedicated fiber-optic line. Also, because the loss of photons over longer distances, these systems have current distance limitations of approximately 120 kilometers (nearly 75 miles) which is common with optical infrastructure equipment. Quantum repeaters are under development to extend that range much farther. Finally, the end points of these QKD systems must reside in secure locations. However, since they are tamper-proof, if attempts are made to compromise them, they will stop running or fire off an alarm, thus ensuring ultimate information protection. The practical development of QKD systems has made them applicable for a number of industries such as financial services, biotech and telecommunications along with government sectors such as intelligence and the military. They don't require a physicist or an engineer to administer them. These appliances fit in standard racks, plug into existing networks, and are reliable around the clock. QKD systems interoperate with security standards such as IPsec-based VPNs providing an added layer of security to networks. Ask the right questions As you look for better ways to protect your company's most important information, QKD may be an option. However, be sure you understand the strengths and drawbacks of quantum key distribution by asking the right questions: 1. What does your organization's security policy say about the threat profile for high-value assets? 2. How frequently are your encryption keys changed and by what method? 3. What is the total cost of ownership for QKD products? Are there additional costs in support and training? 4. Are your competitors implementing QKD systems? 5. What infrastructure requirements must be met? 6. What personnel/staffing levels are required? 7. How does this QKD system work with existing cryptography systems? 8. What are the distance limitations of this system? QKD isn't an everyday desktop tool, but the technology makes sense for those organizations that have the resources and the capacity to use it effectively. Bob Gelfond is founder and CEO of MagiQ Technologies Inc., a vendor of quantum information processing services and products in New York. Additional Content White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. View all whitepapers Research Report This IDC white paper demonstrates growth in value of distributed applications accessed over the Web, especially for eCommerce applications, and analyses the requirements needed for performance management of distributed applications in today's complex heterogeneous environments. Distributed Applications Performance Management: The VERITAS i3 Approach Featured Webcast Network Computing Web Event See the latest innovations, including Sun servers and workstations based on AMD Opteron[tm], new Sun StorEdge[tm] solutions, and breakthrough technologies in Solaris[tm] 10. Sponsored Links A smart plan for assuring application quality: New webcast from Compuware Distributed Applications Performance Management: The VERITAS i3 Approach Download this free white paper from IDC Enterprise Solutions for Federal Government An IT infrastructure starts with robust technology. The IP migration A wake-up call Enterprise Grid Alliance Helping make grid computing work for you About Us Contacts Editorial Calendar Help Desk Advertise Privacy Policy Copyright ) 2004 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Thu Sep 30 16:42:26 2004 From: measl at mfn.org (J.A. Terranson) Date: Thu, 30 Sep 2004 18:42:26 -0500 (CDT) Subject: "ID Rules Exist, But Can't Be Seen" In-Reply-To: References: Message-ID: <20040930184110.Y51736@ubzr.zsa.bet> On Thu, 30 Sep 2004, Tyler Durden wrote: > If this is the case, then this reveals what I would argue to be a dangerous > mindset: The government needs to protect the people from themselves...ie, > from the normal operation of democracy. > > On Cyperhpunks I would suppose this does not seem suprising. ObObviousUnderstatement: 1 ObDurden: 0 > But it perhaps reveals that there is explicit, conscious thought occurring > along these lines in the government. THAT, perhaps, is new. Not. ObObviousUnderstatement: 2 ObDurden: 0 > -TD -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From mv at cdc.gov Thu Sep 30 19:43:42 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 30 Sep 2004 19:43:42 -0700 Subject: "ID Rules Exist, But Can't Be Seen" Message-ID: <415CC45E.F04BDD4A@cdc.gov> At 05:06 PM 9/30/04 -0400, Tyler Durden wrote: >I post this not as a refernce per se, but to ask the question: > >Exactly Why Does the Government Not Want to Reveal Their ID Rules? > >For instance, is it indeed possible that revealing this rule would pose an >additional security risk? If such a rule exists (and it does) then hijackers >obviously already know about it. Not only that, but as Bruce S pointed out, they can reverse-engineer the rules by sending probes. From camera_lumina at hotmail.com Thu Sep 30 17:12:08 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 30 Sep 2004 20:12:08 -0400 Subject: QC Hype Watch: Quantum cryptography gets practical Message-ID: What's a "quantum repeater" in this context? As for "Hype Watch", I tend to agree, but I also believe that Gelfond (who I spoke to last year) actually does have a 'viable' system. Commerically viable is another thing entirely, however. -TD >From: "R. A. Hettinga" >To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: QC Hype Watch: Quantum cryptography gets practical >Date: Thu, 30 Sep 2004 17:39:24 -0400 > > > > - Computerworld > > > Quantum cryptography gets practical > > Opinion by Bob Gelfond, MagiQ Technologies Inc. > > > > > > SEPTEMBER 30, 2004 (COMPUTERWORLD) - In theory and in labs, quantum >cryptography -- cryptography based on the laws of physics rather than >traditional, computational difficulty -- has been around for years. >Advancements in science and in the world's telecommunications >infrastructure, however, have led to the commercialization of this >technology and its practical application in industries where high-value >assets must be secure. > > Protecting information today usually involves the use of a cryptographic >protocol where sensitive information is encrypted into a form that would be >unreadable by anyone without a "key." For this system to work effectively, >the key must be absolutely random and kept secret from everyone except the >communicating parties. It must also be refreshed regularly to keep the >communications channel safe. The challenge resides in the techniques used >for the encryption and distribution of this key to its intended parties to >avoid any interception of the key or any eavesdropping by a third party. > > Many organizations are advancing quantum technology and bringing it >outside academia. Research labs, private companies, international alliances >such as the European Union and agencies such as the Defense Advanced >Research Projects Agency are investing tens of millions of dollars in >quantum research, with projects specifically focused on the challenge of >key distribution. > > The trouble with key distribution > >Huge investment in the late 1990s through 2001 created a vast >telecommunications infrastructure resulting in millions of miles of optical >fiber laid across the country and throughout buildings to enable high-speed >communications. This revolution combined a heavy reliance on fiber-optic >infrastructure with the use of open network protocols such as Ethernet and >IP to help systems communicate. > > Although this investment delivers increased productivity, dependence on >optical fiber compounds key distribution challenges because of the relative >ease with which optical taps can be used. With thousands of photons >representing each bit of data traveling over fiber, nonintrusive, low-cost >optical taps placed anywhere along the fiber can siphon off enough data >without degrading the signal to cause a security breach. The threat profile >is particularly high where clusters of telecommunications gear are found in >closets, the basements of parking garages or central offices. Data can be >tapped through monitoring jacks on this equipment with inexpensive handheld >devices. This enables data to be compromised without eavesdroppers >disclosing themselves to the communicating parties. > > Another important aspect of this problem is the refresh rate of the keys. >Taking large systems off-line to refresh keys can cause considerable >headaches, such as halting business operations and creating other security >threats. Therefore, many traditional key-distribution systems refresh keys >less than once per year. Infrequent key refreshing is detrimental to the >security of a system because it makes brute-force attacks much easier and >can thereby provide an eavesdropper with full access to encrypted >information until the compromised key is refreshed. > > Adding quantum physics to the key distribution equation > >Companies are now in a position to use advancements in quantum >cryptography, such as quantum key distribution (QKD) systems, to secure >their most valued information. Two factors have made this possible: the >vast stretches of optical fiber (lit and dark) laid in metropolitan areas, >and the decreasing cost in recent years of components necessary for >producing QKD systems as a result of the over-investment in >telecommunications during the early 2000s. > > Based on the laws of quantum mechanics, the keys generated and >disseminated using QKD systems have proved to be absolutely random and >secure. Keys are encoded on a photon-by-photon basis, and quantum mechanics >guarantees that the act of an eavesdropper intercepting a photon will >irretrievably change the information encoded on that photon. Therefore, the >eavesdropper can't copy or read the photon -- or the information encoded on >it -- without modifying it, which makes it possible to detect the security >breach. In addition to mitigating the threat of optical taps, QKD systems >are able to refresh keys at a rate of up to 10 times per second, further >increasing the level of security of the encrypted data. > > Not for everyone > >Quantum key distribution systems aren't intended for everyday use: You >won't find a QKD system in the home office anytime soon. One reason is that >a QKD system requires a dedicated fiber-optic line. Also, because the loss >of photons over longer distances, these systems have current distance >limitations of approximately 120 kilometers (nearly 75 miles) which is >common with optical infrastructure equipment. Quantum repeaters are under >development to extend that range much farther. Finally, the end points of >these QKD systems must reside in secure locations. However, since they are >tamper-proof, if attempts are made to compromise them, they will stop >running or fire off an alarm, thus ensuring ultimate information >protection. > > The practical development of QKD systems has made them applicable for a >number of industries such as financial services, biotech and >telecommunications along with government sectors such as intelligence and >the military. They don't require a physicist or an engineer to administer >them. These appliances fit in standard racks, plug into existing networks, >and are reliable around the clock. QKD systems interoperate with security >standards such as IPsec-based VPNs providing an added layer of security to >networks. > > Ask the right questions > >As you look for better ways to protect your company's most important >information, QKD may be an option. However, be sure you understand the >strengths and drawbacks of quantum key distribution by asking the right >questions: > > 1. What does your organization's security policy say about the >threat profile for high-value assets? > > 2. How frequently are your encryption keys changed and by what method? > > 3. What is the total cost of ownership for QKD products? Are there >additional costs in support and training? > > 4. Are your competitors implementing QKD systems? > > 5. What infrastructure requirements must be met? > > 6. What personnel/staffing levels are required? > > 7. How does this QKD system work with existing cryptography systems? > > 8. What are the distance limitations of this system? > >QKD isn't an everyday desktop tool, but the technology makes sense for >those organizations that have the resources and the capacity to use it >effectively. > > Bob Gelfond is founder and CEO of MagiQ Technologies Inc., a vendor of >quantum information processing services and products in New York. > > > > > > > > > >Additional Content > > White Papers > > > Read up on the latest ideas and technologies from companies that sell >hardware, software and services. > > >View all whitepapers >Research Report > > This IDC white paper demonstrates growth in value of distributed >applications accessed over the Web, especially for eCommerce applications, >and analyses the requirements needed for performance management of >distributed applications in today's complex heterogeneous environments. > Distributed Applications Performance Management: The VERITAS i3 Approach > > >Featured Webcast > > >Network Computing Web Event > See the latest innovations, including Sun servers and workstations based >on AMD Opteron[tm], new Sun StorEdge[tm] solutions, and breakthrough >technologies in Solaris[tm] 10. > > > > > >Sponsored Links > >A smart plan for assuring application quality: New webcast from >Compuware >Distributed Applications Performance Management: The VERITAS i3 Approach > Download this free white paper from IDC > > > >Enterprise Solutions for Federal Government An IT infrastructure starts >with robust technology. > > > > >The IP migration A wake-up call > > > >Enterprise Grid Alliance Helping make grid computing work for you > >About Us Contacts Editorial Calendar Help Desk Advertise Privacy Policy > > > > > > > > Copyright ) 2004 Computerworld Inc. All rights reserved. Reproduction in >whole or in part in any form or medium without express written permission >of Computerworld Inc. is prohibited. Computerworld and Computerworld.com >and the respective logos are trademarks of International Data Group Inc. > > > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From rah at shipwright.com Thu Sep 30 18:24:52 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 30 Sep 2004 21:24:52 -0400 Subject: CFP: Privacy Enhancing Technologies (PET 2005) Message-ID: --- begin forwarded text