From electromagnetize at gmail.com Sun Dec 1 20:42:31 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 1 Dec 2013 22:42:31 -0600 Subject: audiovisual (urls) Message-ID: MIT's Peter Shor explains why he devised an algorithm for a quantum computer that could unravel our online data encryption http://www.newscientist.com/article/mg22029445.100-my-quantum-algorithm-wont-break-the-internet-yet.html // not worth saying this may be relevant to landspeeder development... 'Electromagnon' effect couples electricity and magnetism in materials http://phys.org/news/2013-11-electromagnon-effect-couples-electricity-magnetism.html "It has been well known for a long time that electricity and magnetism are two sides of the same coin. Waves in free space, such as visible light or mobile phone radiation, always consist of both an electric and a magnetic component. When it comes to material properties, however, electricity and magnetism have been viewed as separate topics." To Settle Infinity Dispute, a New Law of Logic // not _really https://www.simonsfoundation.org/quanta/20131126-to-settle-infinity-question-a-new-law-of-logic/ note: enormous problems with this. mathematics as if short-fiction. what if concept/cosmology is being influenced by language framework (q: is truth bounded or infinite). hierarchical nesting core of set theory, numberline in this context, why assumed 1d/2d versus N-dimensional. issues of bounded infinity everywhere (particle ladder, consciousness), perhaps zero is issue (empty set?) -- metaphysics seem completely off, being and nothingess as set relations not grounded in reality it seems. (note: why three zeroes allowed to diagram infinity as a first question, what if number line is hiearchical, zero different dimension than 1...N) Your Next Phone Will Be The Ultimate Surveillance Machine // via digg http://www.buzzfeed.com/charliewarzel/your-next-phone-will-be-the-ultimate-surveillance-machine The internet mystery that has the world baffled // via digg http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10468112/The-internet-mystery-that-has-the-world-baffled.html // consider consolidating many credit cards into one card with bluetooth, // how if that signal is hacked, access to eight cards combined the bounty... Soon, You Might Pay for Everything With a Coin // via digg http://blogs.smithsonianmag.com/ideas/2013/11/soon-you-might-pay-for-everything-with-a-coin-2/ [correlation between money and desire. what happens when truth is separated from exchange, kept outside or removed from it. what is the guarantee: in we trust?] Watch The Idea, the First Animated Film to Deal with Big, Philosophical Ideas (1932) http://www.openculture.com/2013/11/the-idea-1932.html http://www.youtube.com/watch?v=MplLxhyzWSg Australia's Using Pop Radio to Track Space Junk http://gizmodo.com/australias-using-pop-radio-to-track-space-junk-1474126810 [quote] 4 Great Tech Ideas That Flopped // via digg http://www.scientificamerican.com/article.cfm?id=pogue-4-great-tech-ideas-that-flopped "The plug-and-play gadget: A spinoff of the PalmPilot called The Handspring Visor held much of the same attraction as the PhoneBloks. It was a handheld organizer with a big cartridge slot on the back. Into it you could snap a range of accessories: more storage, a GPS receiver, a camera, a cellular transmitter, a remote control, a Bluetooth module, an MP3 module or a voice recorder. The Visors were on the market for about four years (1999 to 2003) and have fans to this day. But clearly, the concept of interchangeable gadget parts alone isn’t enough to start a revolution." (note: the above article mentions something repeatedly endlessly about PDA development, that it no longer exists, especially in the context of the Handspring which preceded and was probably a trial for the modularity of the iPhone and iPod Touch (a PDA or networked digital assistant). the Handspring was certainly limited unlike the Apple ecosystem approach which could expand exponentially and had wide software integration, and thus the concept lives on in another product line and its development yet is consistently not attributed this way.) in-article url: Why Snap-Together Cell Phones Will Never Work http://www.scientificamerican.com/article.cfm?id=why-snap-together-cell-phones-will-never-work rel. [video] PhoneBLocks http://www.youtube.com/watch?v=oDAw7vW7H0c tuning of active exhaust systems (kaaaars) http://www.theglobeandmail.com/globe-drive/car-tips/chamber-music-of-a-different-kind/article15589076/ [video] Siberian Ice Drummers http://www.snowaddiction.org/2013/11/the-coolest-music-in-the-world-listen-to-siberian-ice-drummers-use-frozen-lake-baikal-as-an-incredible-musical-instrument.html Hüsker Dü - Hare Krsna http://www.youtube.com/watch?v=T3iXCEhHdUM Hüsker Dü - Eight Miles High http://www.youtube.com/watch?v=xBKyBlJ_JN8 Hüsker Dü - New Day Rising http://www.youtube.com/watch?v=ND3haD-c0lw --- ring as platform --- emfs-cellphone/linear hall-effect sensor, gyro-mapping bt as datalogger pole-mounted sensor+computer spatio-temp (freq) excavation/stratigraphy 2 axis or 3 axis, nfc/bt, archeo-GRID SENSOR RINGS - ZigBee comms/authentication - potential follow on box/device, monitor signal spacetime within map framework TSCM monitoring of area (radiation, signals, frequencies, etc) integrated in visual real-time data model LED carpet turns the floor into a screen (with video) http://www.newscientist.com/article/mg22029455.300-led-carpet-turns-the-floor-into-a-screen.html (note: consider possibility of tempoary maze or labyrinth, especially crypto or security applications, otherwise invisible) [image] ex. electromagnetic aesthetics as context http://lostvhs.com/2013/11/17/point-blank/ How Braille Was Invented http://gizmodo.com/how-braille-was-invented-1471756840 (invention, innovation, resistance, tragedy, victory) Dead Kennedys - California Über Alles http://www.youtube.com/watch?v=UW8UlY8eXCk Kitsch Palace : Das Model https://www.youtube.com/watch?v=J031_IrO24M This New Polymer Regenerates Large Parts of Itself, Like Lizards Do http://gizmodo.com/this-new-polymer-regenerates-large-parts-of-itself-lik-1472559143 Researchers discover roots of superfluorescent bursts from quantum wells http://phys.org/news/2013-11-roots-superfluorescent-quantum-wells.html [quote] ...mysteries remained, especially in results obtained at low or zero magnetic fields. Kono said the team didn't understand at the time why the wavelength of the burst changed over its 100-picosecond span. Now they do. //... Kono said superfluorescence is a well-known many-body, or cooperative, phenomenon in atomic physics. Many-body theory gives physicists a way to understand how large numbers of interacting particles like molecules, atoms and electrons behave collectively. Superfluorescence is one example of how atoms under tight controls collaborate when triggered by an external source of energy. //... "The quantum well, as before, consisted of stacked blocks of an indium gallium arsenide compound separated by barriers of gallium arsenide. "It's a unique, solid-state environment where many-body effects completely dominate the dynamics of the system," Kono said. "When a strong magnetic field is applied, electrons and holes are fully quantized – that is, constrained in their range of motion—just like electrons in atoms," he said. "So the essential physics in the presence of a high magnetic field is quite similar to that in atomic gases. But as we decrease and eventually eliminate the magnetic field, we're entering a regime atomic physics cannot access, where continua of electronic states, or bands, exist." [unquote] {educational fair-use of copyright, 2013} ∎ ♕ ♞ From coderman at gmail.com Mon Dec 2 10:29:05 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Dec 2013 10:29:05 -0800 Subject: DEF CON cell network attacks Message-ID: On Sat, Nov 30, 2013 at 10:18 AM, Dan Staples wrote: > I would be interested to see the details of the exploits you > witnessed/were subject to (especially since I was at DC20). of course; the complete details will be slow to arrive, not least because detailed description requires a demonstration in a reproduction test setup, rather than reporting of actual traffic. :/ that said, useful aspects i'll certainly provide on whim or request. the defining characteristics of the two types of attacks: DC19 with DRT: - "high power on-site", less descriminant attacks. target by and limited to location. - MitM for system, application, and protocol level attacks. Evilgrade, MasterKey vulns, etc. mostly known and a few 0day escalated attacks. - favorite attack: "Google Voice Search" always-on eavesdropper payload; Speex voice from all audible participants. DC20 with Alexander's toys: - "in the towers", highly targeted to specific devices, active over wide metro area. - baseband exploit vector for device key retrieval, memory and storage forensics, exfiltration. - PDoS attacks (bricked secondary devices used as fall back once identified by call graph; ~20 hours) - favorite attack: baseband pwn in airplane mode, with ex-filtration over custom channel. DC21: no appearance (observed). speculation ongoing... > How exactly > did you determine how the exploits occurred, and who was responsible for > them? reversing attacker capabilities, toolkits, TTPs, humanpower/hours, a much longer tangent. but this assertion is based on correlation of the observed power, capacity, and protocols in specific bands implemented by the attacker with the capabilities of the DRT system. multiple locations, terabytes of captured spectrum, patience and tuning... as for who was operating it - unknown beyond the usual suspects, which is a small set due to the restricted distribution of both the hardware platform and the exploit kit atop it :) --- i'll send more details once available. the details and distribution to be part of a separate FOIPA effort for US citizen security enthusiasts that might be of interest to those following this thread. best regards, From coderman at gmail.com Mon Dec 2 10:34:53 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Dec 2013 10:34:53 -0800 Subject: NSA: The Game In-Reply-To: References: Message-ID: classic! :P and fun for the whole family this holiday season, """ Winning The Internet users win if they kill all of the NSA agents. The NSA agents win if they render enough Internet users that the numbers of Internet users and NSA agents are even. In other words they win if the NSA agents constitute a large enough voting bloc that they can't be lynched any more. At that point the NSA can unmask and openly subject the remaining Internet users to extraordinary rendition. """ From coderman at gmail.com Mon Dec 2 10:40:28 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Dec 2013 10:40:28 -0800 Subject: Jim Bell needs Bitcoins! In-Reply-To: <529A0A5E.2080106@gogulski.com> References: <1385370567.90180.YahooMailNeo@web141206.mail.bf1.yahoo.com> <5293740D.4030506@kjro.se> <1385417238.14632.YahooMailNeo@web141205.mail.bf1.yahoo.com> <1385421475.40988.YahooMailNeo@web141201.mail.bf1.yahoo.com> <20131126003204.GK7523@hexapodia.org>

<20131126225653.F25A9F5F0@a-pb-sasl-quonix.pobox.com> <1385511819.20893.6.camel@anglachel> <1385514403.20893.10.camel@anglachel> <1385578162.80373.YahooMailNeo@web141205.mail.bf1.yahoo.com> <1385792924.64602.YahooMailNeo@web141202.mail.bf1.yahoo.com> <529A0A5E.2080106@gogulski.com> <20131203001729.38d2433f@Neptune> Message-ID: <1386032489.9985.YahooMailNeo@web141206.mail.bf1.yahoo.com> Because of the follow message(s), I feel the need to set the record straight. For the record, I have no intention of putting any 'bets', 'donations', or 'predictions' into Sanjuro's (or anyone else's) 'Assassination Market'-type system! First, as I think will be obvious, I am merely one of about 7.1 billion humans on Earth. Any 'bets' I would make would be insignificant and therefore superfluous. Secondly, right now I consider investing in my isotope-modified fiber-optic invention http://www.freepatentsonline.com/WO2013101261A1.html as being by far my highest priority. (My primary need at this point is raising money to 'buy' about 100 national-stage patents from nations around the world. There is no international patent system, at least other than Europe. An invention must be patented in any nation where patent protection is desired.) Disclaimer: I am not involved with Sanjuro's 'Assassination Market' in any way. I do not know who he is. Jim Bell ________________________________ From: Lodewijk andré de la porte To: Cathal Garvey Cc: Jim Bell ; Mike Gogulski ; "cypherpunks at cpunks.org" Sent: Monday, December 2, 2013 4:36 PM Subject: Re: Jim Bell needs Bitcoins! On Dec 3, 2013 1:18 AM, "Cathal Garvey" wrote: >> >> "Guy who publicly advocates spending anonymous currency to fund murder >> needs anonymous currency!" > >> er, no. >Doesn't mean he would do it or even like it. Damn square. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3402 bytes Desc: not available URL: From coderman at gmail.com Mon Dec 2 17:56:47 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Dec 2013 17:56:47 -0800 Subject: peertech.org cert [was: DEF CON cell network attacks] Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 more details here soon... only 443 should be considered valid - that is, try https://peertech.org first, plain-text must die. and remember lkaglbgpvvcmc6xc.onion in case it becomes necessary Certificate: Data: Version: 3 (0x2) Serial Number: 2b:50:49:6a:55:85:55 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 Validity Not Before: Dec 3 00:18:04 2013 GMT Not After : Dec 3 00:18:04 2014 GMT Subject: OU=Domain Control Validated, CN=peertech.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) Modulus (4096 bit): 00:b7:64:54:f1:2e:3a:ec:11:29:5a:93:1f:ad:f0: 16:8c:9c:eb:d9:0f:49:d2:9d:16:9a:53:a4:60:b6: 23:5b:4f:f3:17:90:77:0a:b3:25:27:f2:27:dd:65: 83:b6:e4:d5:13:b1:3b:97:5d:b5:b9:a9:62:32:4a: 7e:fb:67:73:20:5f:d7:44:52:c8:fc:ca:f8:fb:f1: 4f:d1:9d:94:39:72:12:2b:67:22:4c:0b:dc:7f:31: 34:cf:63:42:f1:c8:3d:ed:7c:de:2f:e2:63:e1:a2: 0a:c9:e6:86:dd:3f:39:73:af:01:58:d7:6d:59:7a: 51:d0:b7:bb:4c:8d:5f:1e:43:10:da:96:09:67:56: 2f:38:f6:a8:44:a7:96:9a:5c:bc:3e:6c:d6:d1:b6: 96:80:34:c8:88:84:4e:2e:06:14:0f:c5:f2:11:ff: f6:15:06:f2:25:e7:d2:1a:8d:62:ef:5c:0e:fb:44: 8e:73:da:96:23:26:03:62:5c:2b:e6:70:5c:87:76: d3:21:59:83:57:ac:56:15:bd:4f:25:fb:df:10:ec: 0e:56:fa:44:c8:8b:a4:97:ea:b1:98:71:3b:51:78: 79:ee:33:cf:b5:a5:68:15:86:9f:31:70:ee:8f:2f: f4:53:32:b7:99:4f:67:21:db:1e:5d:4f:dc:5b:5d: 59:fd:30:3e:a2:04:22:13:76:05:4c:44:d6:08:fe: b5:42:5f:b5:4a:38:4f:3d:eb:ea:59:63:ab:27:87: 7e:c4:46:3b:96:75:41:be:85:7e:e8:b5:8a:d4:11: aa:cc:6a:28:b9:50:a3:f4:45:e2:50:d5:1f:6c:bf: b8:ba:07:10:20:f8:7f:94:ec:15:d7:39:a6:fe:df: 65:78:1d:60:2c:b0:b1:76:40:82:b5:0f:d6:c8:e3: 8b:bb:f3:04:ff:80:e3:de:fc:2c:32:0e:21:13:d5: bd:38:94:a1:c8:53:da:c7:3b:a9:a5:c1:70:ea:89: ef:a7:f8:04:35:41:7e:38:05:73:ff:76:8a:c1:92: 7f:03:b8:76:48:b9:f6:61:b1:c5:22:be:b9:36:73: de:0e:b8:36:4a:9c:c5:66:3b:63:2c:be:4f:20:75: 94:03:d8:05:d0:78:12:df:77:d8:17:51:7e:3c:24: 7f:cc:c6:8e:2a:f7:bc:f8:5c:29:64:bb:10:42:4d: c0:83:64:6f:da:78:14:52:2e:97:49:e8:5d:7f:38: 36:3d:5a:5d:7c:44:71:28:21:04:6e:24:f5:f8:59: 93:1f:e9:d1:3e:6d:6d:db:93:57:8f:44:74:d6:64: e9:2b:b6:33:fd:16:81:92:29:a5:80:6a:1f:2b:78: 66:d3:ed Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 CRL Distribution Points: URI:http://crl.godaddy.com/gdig2s1-6.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114413.1.7.23.1 CPS: http://certificates.godaddy.com/repository/ Authority Information Access: OCSP - URI:http://ocsp.godaddy.com/ CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt X509v3 Authority Key Identifier: keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE X509v3 Subject Alternative Name: DNS:peertech.org, DNS:www.peertech.org X509v3 Subject Key Identifier: C6:5E:C0:43:56:84:2E:11:A3:35:C8:AC:A9:70:96:7B:A5:2E:5B:77 Signature Algorithm: sha256WithRSAEncryption b1:ea:a9:16:b6:9c:56:f4:59:99:df:36:69:92:a5:57:48:df: 70:55:a6:1f:5b:51:74:b4:d1:d7:5a:f6:71:e6:92:f2:56:14: 07:f4:2c:14:06:50:4a:e6:f8:32:8c:a1:ed:4b:25:50:fa:05: 99:01:74:db:45:ae:c2:ca:dc:f3:e7:ad:50:1b:12:c2:1e:ea: c8:19:41:db:b0:eb:f1:0c:c7:ba:af:c2:08:9e:7d:3c:c9:de: 5d:7f:ff:9e:c3:cc:54:bd:ac:1f:24:47:17:ae:ba:75:b7:0b: b7:ee:3b:3a:ba:2a:f7:19:19:1a:98:56:35:34:16:8a:ec:ac: 50:f0:45:7c:06:5a:fe:b1:d8:8b:13:94:5b:2c:1c:3d:b6:df: f9:79:69:b0:75:68:b3:e5:01:8e:90:85:bc:bf:92:47:ba:d0: 9c:8c:5d:28:d6:d3:17:58:96:76:ed:bf:65:75:7c:25:58:57: 2f:52:ae:9f:a9:a1:35:92:ca:28:13:b6:ae:a8:89:cf:ce:a6: cd:31:28:42:f7:66:9d:de:38:0d:4c:d5:ae:49:6c:db:92:28: a2:7c:4a:18:8e:7b:b6:0a:c9:d4:8d:0a:82:d4:04:a6:d0:3d: 8c:a6:37:ac:16:98:bd:79:49:83:60:7f:b5:dc:d7:80:aa:5d: ae:f7:11:eb - -----BEGIN CERTIFICATE----- MIIGJTCCBQ2gAwIBAgIHK1BJalWFVTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UE BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMu Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3Vy ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMzEyMDMwMDE4MDRaFw0x NDEyMDMwMDE4MDRaMDoxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl ZDEVMBMGA1UEAxMMcGVlcnRlY2gub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAt2RU8S467BEpWpMfrfAWjJzr2Q9J0p0WmlOkYLYjW0/zF5B3CrMl J/In3WWDtuTVE7E7l121ualiMkp++2dzIF/XRFLI/Mr4+/FP0Z2UOXISK2ciTAvc fzE0z2NC8cg97XzeL+Jj4aIKyeaG3T85c68BWNdtWXpR0Le7TI1fHkMQ2pYJZ1Yv OPaoRKeWmly8PmzW0baWgDTIiIROLgYUD8XyEf/2FQbyJefSGo1i71wO+0SOc9qW IyYDYlwr5nBch3bTIVmDV6xWFb1PJfvfEOwOVvpEyIukl+qxmHE7UXh57jPPtaVo FYafMXDujy/0UzK3mU9nIdseXU/cW11Z/TA+ogQiE3YFTETWCP61Ql+1SjhPPevq WWOrJ4d+xEY7lnVBvoV+6LWK1BGqzGoouVCj9EXiUNUfbL+4ugcQIPh/lOwV1zmm /t9leB1gLLCxdkCCtQ/WyOOLu/ME/4Dj3vwsMg4hE9W9OJShyFPaxzuppcFw6onv p/gENUF+OAVz/3aKwZJ/A7h2SLn2YbHFIr65NnPeDrg2SpzFZjtjLL5PIHWUA9gF 0HgS33fYF1F+PCR/zMaOKve8+FwpZLsQQk3Ag2Rv2ngUUi6XSehdfzg2PVpdfERx KCEEbiT1+FmTH+nRPm1t25NXj0R01mTpK7Yz/RaBkimlgGofK3hm0+0CAwEAAaOC AbMwggGvMA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8v Y3JsLmdvZGFkZHkuY29tL2dkaWcyczEtNi5jcmwwUwYDVR0gBEwwSjBIBgtghkgB hv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFk ZHkuY29tL3JlcG9zaXRvcnkvMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2Vy dGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1Ud IwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMCkGA1UdEQQiMCCCDHBlZXJ0ZWNo Lm9yZ4IQd3d3LnBlZXJ0ZWNoLm9yZzAdBgNVHQ4EFgQUxl7AQ1aELhGjNcisqXCW e6UuW3cwDQYJKoZIhvcNAQELBQADggEBALHqqRa2nFb0WZnfNmmSpVdI33BVph9b UXS00dda9nHmkvJWFAf0LBQGUErm+DKMoe1LJVD6BZkBdNtFrsLK3PPnrVAbEsIe 6sgZQduw6/EMx7qvwgiefTzJ3l1//57DzFS9rB8kRxeuunW3C7fuOzq6KvcZGRqY VjU0ForsrFDwRXwGWv6x2IsTlFssHD223/l5abB1aLPlAY6Qhby/kke60JyMXSjW 0xdYlnbtv2V1fCVYVy9Srp+poTWSyigTtq6oic/Ops0xKEL3Zp3eOA1M1a5JbNuS KKJ8ShiOe7YKydSNCoLUBKbQPYymN6wWmL15SYNgf7Xc14CqXa73Ees= - -----END CERTIFICATE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iL4EAREKAGYFAlKdOgZfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDQxQzEyQjhDMzA3RDdFMjE5OEFBNTc4MTY1 QTg0N0U3QzJCOTM4MEMACgkQZahH58K5OAxRPgD/QkjoUgAe+zqlkKKRNEhRICYp XQADFHeMuIqEF2D6+00BAJF/sZ7od2vyaL85tSJGMjPGi4CvwhJXBGeedxlWPufI =O2TU -----END PGP SIGNATURE----- From coderman at gmail.com Mon Dec 2 18:00:04 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Dec 2013 18:00:04 -0800 Subject: peertech.org cert [was: DEF CON cell network attacks] In-Reply-To: References: Message-ID: On Mon, Dec 2, 2013 at 5:56 PM, coderman wrote: > -----BEGIN MANGLING ... let's try attachment clients won't mangle... (previous will give bad sig) -------------- next part -------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 more details here soon... only 443 should be considered valid - that is, try https://peertech.org first, plain-text must die. and remember lkaglbgpvvcmc6xc.onion in case it becomes necessary Certificate: Data: Version: 3 (0x2) Serial Number: 2b:50:49:6a:55:85:55 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 Validity Not Before: Dec 3 00:18:04 2013 GMT Not After : Dec 3 00:18:04 2014 GMT Subject: OU=Domain Control Validated, CN=peertech.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) Modulus (4096 bit): 00:b7:64:54:f1:2e:3a:ec:11:29:5a:93:1f:ad:f0: 16:8c:9c:eb:d9:0f:49:d2:9d:16:9a:53:a4:60:b6: 23:5b:4f:f3:17:90:77:0a:b3:25:27:f2:27:dd:65: 83:b6:e4:d5:13:b1:3b:97:5d:b5:b9:a9:62:32:4a: 7e:fb:67:73:20:5f:d7:44:52:c8:fc:ca:f8:fb:f1: 4f:d1:9d:94:39:72:12:2b:67:22:4c:0b:dc:7f:31: 34:cf:63:42:f1:c8:3d:ed:7c:de:2f:e2:63:e1:a2: 0a:c9:e6:86:dd:3f:39:73:af:01:58:d7:6d:59:7a: 51:d0:b7:bb:4c:8d:5f:1e:43:10:da:96:09:67:56: 2f:38:f6:a8:44:a7:96:9a:5c:bc:3e:6c:d6:d1:b6: 96:80:34:c8:88:84:4e:2e:06:14:0f:c5:f2:11:ff: f6:15:06:f2:25:e7:d2:1a:8d:62:ef:5c:0e:fb:44: 8e:73:da:96:23:26:03:62:5c:2b:e6:70:5c:87:76: d3:21:59:83:57:ac:56:15:bd:4f:25:fb:df:10:ec: 0e:56:fa:44:c8:8b:a4:97:ea:b1:98:71:3b:51:78: 79:ee:33:cf:b5:a5:68:15:86:9f:31:70:ee:8f:2f: f4:53:32:b7:99:4f:67:21:db:1e:5d:4f:dc:5b:5d: 59:fd:30:3e:a2:04:22:13:76:05:4c:44:d6:08:fe: b5:42:5f:b5:4a:38:4f:3d:eb:ea:59:63:ab:27:87: 7e:c4:46:3b:96:75:41:be:85:7e:e8:b5:8a:d4:11: aa:cc:6a:28:b9:50:a3:f4:45:e2:50:d5:1f:6c:bf: b8:ba:07:10:20:f8:7f:94:ec:15:d7:39:a6:fe:df: 65:78:1d:60:2c:b0:b1:76:40:82:b5:0f:d6:c8:e3: 8b:bb:f3:04:ff:80:e3:de:fc:2c:32:0e:21:13:d5: bd:38:94:a1:c8:53:da:c7:3b:a9:a5:c1:70:ea:89: ef:a7:f8:04:35:41:7e:38:05:73:ff:76:8a:c1:92: 7f:03:b8:76:48:b9:f6:61:b1:c5:22:be:b9:36:73: de:0e:b8:36:4a:9c:c5:66:3b:63:2c:be:4f:20:75: 94:03:d8:05:d0:78:12:df:77:d8:17:51:7e:3c:24: 7f:cc:c6:8e:2a:f7:bc:f8:5c:29:64:bb:10:42:4d: c0:83:64:6f:da:78:14:52:2e:97:49:e8:5d:7f:38: 36:3d:5a:5d:7c:44:71:28:21:04:6e:24:f5:f8:59: 93:1f:e9:d1:3e:6d:6d:db:93:57:8f:44:74:d6:64: e9:2b:b6:33:fd:16:81:92:29:a5:80:6a:1f:2b:78: 66:d3:ed Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 CRL Distribution Points: URI:http://crl.godaddy.com/gdig2s1-6.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114413.1.7.23.1 CPS: http://certificates.godaddy.com/repository/ Authority Information Access: OCSP - URI:http://ocsp.godaddy.com/ CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt X509v3 Authority Key Identifier: keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE X509v3 Subject Alternative Name: DNS:peertech.org, DNS:www.peertech.org X509v3 Subject Key Identifier: C6:5E:C0:43:56:84:2E:11:A3:35:C8:AC:A9:70:96:7B:A5:2E:5B:77 Signature Algorithm: sha256WithRSAEncryption b1:ea:a9:16:b6:9c:56:f4:59:99:df:36:69:92:a5:57:48:df: 70:55:a6:1f:5b:51:74:b4:d1:d7:5a:f6:71:e6:92:f2:56:14: 07:f4:2c:14:06:50:4a:e6:f8:32:8c:a1:ed:4b:25:50:fa:05: 99:01:74:db:45:ae:c2:ca:dc:f3:e7:ad:50:1b:12:c2:1e:ea: c8:19:41:db:b0:eb:f1:0c:c7:ba:af:c2:08:9e:7d:3c:c9:de: 5d:7f:ff:9e:c3:cc:54:bd:ac:1f:24:47:17:ae:ba:75:b7:0b: b7:ee:3b:3a:ba:2a:f7:19:19:1a:98:56:35:34:16:8a:ec:ac: 50:f0:45:7c:06:5a:fe:b1:d8:8b:13:94:5b:2c:1c:3d:b6:df: f9:79:69:b0:75:68:b3:e5:01:8e:90:85:bc:bf:92:47:ba:d0: 9c:8c:5d:28:d6:d3:17:58:96:76:ed:bf:65:75:7c:25:58:57: 2f:52:ae:9f:a9:a1:35:92:ca:28:13:b6:ae:a8:89:cf:ce:a6: cd:31:28:42:f7:66:9d:de:38:0d:4c:d5:ae:49:6c:db:92:28: a2:7c:4a:18:8e:7b:b6:0a:c9:d4:8d:0a:82:d4:04:a6:d0:3d: 8c:a6:37:ac:16:98:bd:79:49:83:60:7f:b5:dc:d7:80:aa:5d: ae:f7:11:eb - -----BEGIN CERTIFICATE----- MIIGJTCCBQ2gAwIBAgIHK1BJalWFVTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UE BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMu Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3Vy ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMzEyMDMwMDE4MDRaFw0x NDEyMDMwMDE4MDRaMDoxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl ZDEVMBMGA1UEAxMMcGVlcnRlY2gub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAt2RU8S467BEpWpMfrfAWjJzr2Q9J0p0WmlOkYLYjW0/zF5B3CrMl J/In3WWDtuTVE7E7l121ualiMkp++2dzIF/XRFLI/Mr4+/FP0Z2UOXISK2ciTAvc fzE0z2NC8cg97XzeL+Jj4aIKyeaG3T85c68BWNdtWXpR0Le7TI1fHkMQ2pYJZ1Yv OPaoRKeWmly8PmzW0baWgDTIiIROLgYUD8XyEf/2FQbyJefSGo1i71wO+0SOc9qW IyYDYlwr5nBch3bTIVmDV6xWFb1PJfvfEOwOVvpEyIukl+qxmHE7UXh57jPPtaVo FYafMXDujy/0UzK3mU9nIdseXU/cW11Z/TA+ogQiE3YFTETWCP61Ql+1SjhPPevq WWOrJ4d+xEY7lnVBvoV+6LWK1BGqzGoouVCj9EXiUNUfbL+4ugcQIPh/lOwV1zmm /t9leB1gLLCxdkCCtQ/WyOOLu/ME/4Dj3vwsMg4hE9W9OJShyFPaxzuppcFw6onv p/gENUF+OAVz/3aKwZJ/A7h2SLn2YbHFIr65NnPeDrg2SpzFZjtjLL5PIHWUA9gF 0HgS33fYF1F+PCR/zMaOKve8+FwpZLsQQk3Ag2Rv2ngUUi6XSehdfzg2PVpdfERx KCEEbiT1+FmTH+nRPm1t25NXj0R01mTpK7Yz/RaBkimlgGofK3hm0+0CAwEAAaOC AbMwggGvMA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8v Y3JsLmdvZGFkZHkuY29tL2dkaWcyczEtNi5jcmwwUwYDVR0gBEwwSjBIBgtghkgB hv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFk ZHkuY29tL3JlcG9zaXRvcnkvMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2Vy dGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1Ud IwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMCkGA1UdEQQiMCCCDHBlZXJ0ZWNo Lm9yZ4IQd3d3LnBlZXJ0ZWNoLm9yZzAdBgNVHQ4EFgQUxl7AQ1aELhGjNcisqXCW e6UuW3cwDQYJKoZIhvcNAQELBQADggEBALHqqRa2nFb0WZnfNmmSpVdI33BVph9b UXS00dda9nHmkvJWFAf0LBQGUErm+DKMoe1LJVD6BZkBdNtFrsLK3PPnrVAbEsIe 6sgZQduw6/EMx7qvwgiefTzJ3l1//57DzFS9rB8kRxeuunW3C7fuOzq6KvcZGRqY VjU0ForsrFDwRXwGWv6x2IsTlFssHD223/l5abB1aLPlAY6Qhby/kke60JyMXSjW 0xdYlnbtv2V1fCVYVy9Srp+poTWSyigTtq6oic/Ops0xKEL3Zp3eOA1M1a5JbNuS KKJ8ShiOe7YKydSNCoLUBKbQPYymN6wWmL15SYNgf7Xc14CqXa73Ees= - -----END CERTIFICATE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iL4EAREKAGYFAlKdOgZfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDQxQzEyQjhDMzA3RDdFMjE5OEFBNTc4MTY1 QTg0N0U3QzJCOTM4MEMACgkQZahH58K5OAxRPgD/QkjoUgAe+zqlkKKRNEhRICYp XQADFHeMuIqEF2D6+00BAJF/sZ7od2vyaL85tSJGMjPGi4CvwhJXBGeedxlWPufI =O2TU -----END PGP SIGNATURE----- From jamesdbell8 at yahoo.com Mon Dec 2 19:28:06 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Mon, 2 Dec 2013 19:28:06 -0800 (PST) Subject: audiovisual (urls) In-Reply-To: References: Message-ID: <1386041286.39295.YahooMailNeo@web141205.mail.bf1.yahoo.com> From: brian carroll To: cypherpunks at cpunks.org Sent: Sunday, December 1, 2013 8:42 PM Subject: audiovisual (urls) >MIT's Peter Shor explains why he devised an algorithm for a quantum >computer that could unravel our online data encryption >http://www.newscientist.com/article/mg22029445.100-my-quantum-algorithm-wont-break-the-internet-yet.html From that article: Quantum cryptography can't be broken by factorisation. Could it one day replace standard cryptosystems? For short distances it wouldn't be too hard to build a quantum key distribution network to encrypt data. Over longer distances, you would need quantum repeaters every 50 kilometres or so on the fibre-optic network, as it's difficult to maintain a quantum state over long distances. Even if they are cheap by then, it's a lot of investment. =====end of quote===== My fiber optic invention has a certain relevance here. A typical modern germania-doped-core (GeO2) silica optical fiber has a loss of about 0.19 decibels/kilometer (db/km). Over 50 km, the loss is (50 km x 0.19 db/km) = 9.5 db, ignoring splice losses. (A good splice has a loss of about 0.10 db.) So, the quote above is indicating that above a loss of about 10 db, a quantum system is hard to maintain. I have suggested in my patent application that isotope-modified fiber (where the Si-29 level is brought from nature's 4.67% (atom/atom) to 0.10 %, the loss might decrease by a factor of 10 to 20. This means that the ultimate distance limit might increase to 50 x 10 = 500 km, to 50 x 20 = 1000 km. That would be a major improvement if it works. The reason that this new fiber would be necessary is this: Ever since the invention of the EDFA (Erbium-doped fiber amplifier http://en.wikipedia.org/wiki/Optical_amplifier ) in 1986, it has been used to amplify IR signals in the 1510-1560 nanometer band. Using it and ordinary signals (not quantum signals) it is possible to go about 125 kilometers between amplifiers. (In other words, that usage tolerates about 25 db of optical loss before an EDFA is necessary.) However, apparently an EDFA cannot be used to amplify a quantum system. http://www.nict.go.jp/en/press/2010/02/08-1.html Or, at least, not directly. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3862 bytes Desc: not available URL: From pokokohua at gmail.com Mon Dec 2 11:29:31 2013 From: pokokohua at gmail.com (Pokokohua) Date: Mon, 2 Dec 2013 19:29:31 +0000 Subject: NSA: The Game Message-ID: Would it work swapping renditions for drone strikes as an option? > For those of you familiar with the game Werewolf (also known as Mafia), > here's an updated version, NSA. > Peter. From coderman at gmail.com Mon Dec 2 21:31:52 2013 From: coderman at gmail.com (coderman) Date: Mon, 2 Dec 2013 21:31:52 -0800 Subject: trends in cybersecurity In-Reply-To: <20131203041120.82D5A2280BA@palinka.tinho.net> References: <20131203041120.82D5A2280BA@palinka.tinho.net> Message-ID: On Mon, Dec 2, 2013 at 8:11 PM, wrote: >... > Trends in Cyber Security > http://geer.tinho.net/geer.nro.6xi13.txt thought provoking read, as always. thanks Dan :) this is worth posting whole, particularly this observation: """ ... polarization has come to cyber security. High end practice is accelerating away from the low end. The best skills are now astonishingly good while the great mass of those dependent on cyber security are ever less able to even estimate what it is that they do not know, much less act on it. This polarization is driven by the fundamental strategic asymmetry of cyber security, namely that while the workfactor for the offender is the incremental price of finding a new method of attack, the workfactor for the defender is the cumulative cost of forever defending against all attack methods yet discovered. Over time, the curve for the cost of finding a new attack and the curve for the cost of defending against all attacks to date must cross. Once those curves cross, the offender never has to worry about being out of the money. That crossing event occurred some time ago. """ i do have one comment, per: """ Everyone my age working in cyber security was trained for something else, and because of that switch between one field and another brings along the hybrid vigor of seeing the cyber security world through a different lens. """ instead of having a "cyber security" profession, all aspects of "information security", "software security", or "cyber security" as a specialization should not exist. competence and experience with these subjects should be considered part of routine software and systems development practice. (right now this is mostly impractical, however, it need not always be so...) best regards, --- cut-for-posterity --- .Trends in Cyber Security .Dan Geer, 6 November 13, NRO Thank you for the invitation to speak with you today, which, let me be clear, is me speaking as myself and not for anybody or anything else. As you know, I work the cyber security trade, that is to say that my occupation is cyber security. Note that I said "occupation" rather than "profession." On 18 September, the U.S. National Academy of Sciences, on behalf of the Department of Homeland Security, concluded that cyber security should be seen as an occupation and not a profession because the rate of change is too great to consider professionalization.[1] You may well agree that that rate of change is paramount and thus why cyber security is the most intellectually demanding occupation on the planet. In writing this essay, I will keep my comments to trends rather than point estimates, just as you asked in your invitation, but let me emphasize the wisdom of your request by noting that the faster the rate of change, the more it is trends that matter and not the value of any given variable at any given time. With luck, each of these trends will not be something that you would argue with as a trend. Argument, if any, will be in their interpretation. Note also that these trends do not constitute a set of mutually exclusive, collectively exhaustive characterizations of the space in which we live and work. Some of them are correlated with others. Some of them are newly emergent, some not. Some of them are reversible to a degree; some not reversible at all. I am not, today anyway, looking for causality. Trend #1: Polarization Much has been written about the increasing polarization of American life.[2] The middle is getting smaller whether we are noting that only the middle class is shrinking, that it is the middle of the country that is depopulating, that the political middle is lonelier and lonelier, that both farms and banks are now only too small to matter or too big to fail, that almost all journalism is now advocacy journalism, that middle tier college education is a ticket to debt and nothing else. I submit that this trend towards polarization has come to cyber security. High end practice is accelerating away from the low end. The best skills are now astonishingly good while the great mass of those dependent on cyber security are ever less able to even estimate what it is that they do not know, much less act on it. This polarization is driven by the fundamental strategic asymmetry of cyber security, namely that while the workfactor for the offender is the incremental price of finding a new method of attack, the workfactor for the defender is the cumulative cost of forever defending against all attack methods yet discovered. Over time, the curve for the cost of finding a new attack and the curve for the cost of defending against all attacks to date must cross. Once those curves cross, the offender never has to worry about being out of the money. That crossing event occurred some time ago. I'll come back to this first bullet at the end, but I mention it first as polarization is becoming structural and of all the trends the most telling. You can confirm this by asking the best cyber security people what they do on the Internet and what they won't do on the Internet. You will find it sharply different than what the public at large does or will do. The best people know the most, and they are withdrawing, they are rejecting technologies. To use the words and style of the Intelligence Community, they are compartmentalizing. Trend #2: Trends themselves The idea that under the pressure of constant change about all you can measure is the slope of the curve has gone from don't-bother-me-with-math to everybody's-doing-it. A Google search for the phrase "information security trends" turns up 13,400 hits and no two of the top ten are from the same source. Consultancies talk about what they are seeing in the back room, product vendors talk about evolving needs, and reporters talk about what they are seeing out on the street. I am one of those folks. A Wall Street colleague and I run the Index of Cyber Security.[3] The ICS is what is called a sentiment-based index; if you are familiar with the US Consumer Confidence Index,[4] then you already know what a sentiment-based index is. Respondents to the ICS are top drawer cyber security practitioners with direct operational responsibility who share, each month, how their view of security in several areas has changed since the month before. Because there are no absolutes in cyber security, not even widely agreed upon definitions of the core terms that make up cyber security practice, a sentiment-based Index is, in fact, the best decision support that can be done. The Index asks the respondents monthly whether each of two dozen different risks has gotten better, gotten worse, gotten a lot better, gotten a lot worse, or stayed the same since the month before. Out of this, the Index of Cyber Security is calculated and released at 6pm on the last calendar day of the month, in further similarity to the Consumer Confidence Index. We write an analytic annual report that I have given to the organizers for your further reading. As an index of risk, a higher ICS number means higher risk. That risk number has risen, and seems likely to continue to rise. It is a composite trend line, but what is more interesting is that the components of the risk are much more varied, i.e., what is the dominating risk one month may not be the next. We think that this captures, in part, the dynamic nature of cyber security and does so in a way not otherwise being done. Respondents seem to agree that the ICS does offer decision support to front-line people such as themselves. Trend #2, then, is that there is increasingly wide acceptance that absolute measures are not worth seeking and a kind of confirmation that cyber security is a practice, not a device. Trend #3: Physics and its impact on data As you well know, more and more data is collected and more and more of that data is in play. The general, round-numbers dynamic of this trend are these: Moore's Law continues to give us two orders of magnitude in compute power per dollar per decade while storage grows at three orders of magnitude and bandwidth at four. These are top-down economic drivers and they relentlessly warp what is the economically optimum computing model. The trend is clear; the future is increasingly dense with stored data but, paradoxically, despite the massive growth of data volume, that data becomes more mobile with time. As is obvious, this bears on cyber security as data is what cyber security is all about. In 2007, Jim Gray gave a seminal talk[5] about the transformation of science, coining the term "fourth paradigm." By that he meant that the history of science is that science began as an endeavor organized around empirical observation. After that came the age of theory -- theorizing as the paradigm of what science did. Then science became computational, again meaning that the paradigm of what science did was to calculate. His argument for a fourth era was that of a paradigm shift from computational science to data intensive science. You here at NRO need no primer on the power of that shift in paradigm, but I am here to tell you that cyber security is embracing that fourth paradigm and it is doing it now. Ecology professor Philip Greear would challenge his graduate students to catalog all the life in a cubic yard of forest floor. Computer science professor Donald Knuth would challenge his graduate students to catalog everything their computers had done in the last ten seconds. It is hard to say which is more difficult, but everywhere you look, cyber security practitioners are trying to get a handle on "What is normal?" so that that which is abnormal can be identified early in the game. Behavioral approaches leading towards intrusion detection are exactly the search for anomaly, and they are data based. The now-famous attack on RSA Data Security that led to RSA buying Net Witness is an example of wanting to know everything so as to recognize something. I'm on the record at book length [6] that the central organizing principle behind a competent security program is to instrument your data sufficiently well that nothing moves without it being noticed. Physics has made it possible to put computers everywhere. Physics has made it possible to fill them all with data. Cyber security is barely keeping up, and not just because of two, three, or four orders of magnitude in the physics upstream of the marketplace. Trend #4: Need for prediction We all know that knowledge is power. We all know that there is a subtle yet important distinction between information and knowledge. We all know that a negative declaration like "X did not happen" can be only proven if you have the enumeration of *everything* that did happen and can show that X is not in it. We all know that a stitch in time saves nine, but only if we know where to put the stitch. We all know that without security metrics, the outcome is either overspending or under protecting. The more technologic the society becomes, the greater the dynamic range of possible failures. When you live in a cave, starvation, predators, disease, and lightning are about the full range of failures that end life as you know it and you are well familiar with all of them. When you live in a technologic society where everybody and everything is optimized in some way akin to just-in-time delivery, the dynamic range of failures is incomprehensibly larger and largely incomprehensible. The wider the dynamic range of failure, the more prevention is the watchword. As technologic society grows more interdependent within itself, the more it must rely on prediction based on data collected in broad ways, not targeted ways. Some define risk as the probability of a failure times the cost of that failure. To be clear, a trend in favor of making predictions is a trend subsidiary to a trend in the cost of failure. I've written at length elsewhere about how an increasing downside cost of failure requires that we find ways to be resilient, but not resilient in the sense of rich redundancy, not resilient in the sense of having quick recovery mechanisms, but resilient in the sense of having alternate primary means that do not share common mode risks. As such, I strongly recommend that manual means be preserved wherever possible because whatever those manual means are, they are already fully capitalized and they do not share common mode risk with digital means. There is now more information security risk sloshing around the economy than could actually be accepted were it exposed. The tournament now turns to who can minimize their risk the best, which, in the civilian economy at large, means who can most completely externalize their downside information security costs. The weapons here are perhaps as simple as the wisdom of Delphi, "Know thyself" and "Nothing to excess" -- know thyself in the sense of quantitative rigor and a perpetual propensity to design information systems with failure in mind; nothing to excess in the sense of mimicking the biologic world's proof by demonstration that species diversity is the greatest bulwark against loss of an ecosystem. Trend #5: Abandonment If I abandon a car on the street, then eventually someone will be able to claim title. If I abandon a bank account, then the State will eventually seize it. If I abandon real estate by failing to remedy a trespass, then in the fullness of time adverse possession takes over. If I don't use my trademark, then my rights go over to those who use what was and could have remained mine. If I abandon my spouse and/or children, then everyone is taxed to remedy my actions. If I abandon a patent application, then after a date certain the teaching that it proposes passes over to the rest of you. If I abandon my hold on the confidentiality of data such as by publishing it, then that data passes over to the commonweal not to return. If I abandon my storage locker, then it will be lost to me and may end up on reality TV. The list goes on. Apple computers running 10.5 or less get no updates (comprising about half the installed base). Any Microsoft computer running XP gets no updates (comprising about half the installed base). The end of security updates follows abandonment. It is certainly ironic that freshly pirated copies of Windows get security updates when older versions bought legitimately do not. Stating the obvious, if Company X abandons a code base, then that code base should be open sourced. Irrespective of security issues, many is the time that a bit of software I use has gone missing because its maker went missing. But with respect to security, some constellation of {I,we,they,you} are willing and able to provide security patches or workarounds as time and evil require. Would the public interest not be served, then, by a conversion to open source for abandoned code bases? But wait, you say, isn't purchased software on a general purpose computer a thing of the past? Isn't the future auto-updated smartphone clients transacting over armored private (carrier) networks to auto-updated cloud services? Maybe; maybe not. If the two major desktop suppliers update only half of today's desktops, then what percentage will they update tomorrow? If you say "Make them try harder!," then the legalistic, regulatory position is your position, and the ACLU is already trying that route. If smartphone auto-update becomes a condition of merchantability and your smartphone holds the keying material that undeniably says that its user is you, then how long before a FISA court orders a special auto-update to *your* phone for evidence gathering? If you say "But we already know what they're going to do, don't we?," then the question is what about the abandoned code bases. Open-sourcing abandoned code bases is the worst option, except for all the others. But if seizing an abandoned code base is too big a stretch for you before breakfast, then start with a Public Key Infrastructure Certifying Authority that goes bankrupt and ask "Who gets the keys?" Trend #6: Interdependence The essential character of a free society is this: That which is not forbidden is permitted. The essential character of an unfree society is the inverse, that which is not permitted is forbidden. The U.S. began as a free society without question; the weight of regulation, whether open or implicit, can only push it toward being unfree. Under the pressure to defend against offenders with a permanent structural advantage, defenders who opt for forbidding anything that is not expressly permitted are cultivating a computing environment that does not embody the freedom with which we are heretofore familiar. Put concretely, the central expression of a free society is a free market, and the cardinal measure of a free market is the breadth of real choice -- choice that goes beyond color and trim and body style to choices that optimize discordant, antithetical goal states. The level of choice on the Internet is draining down. You may revel in the hundreds of thousands of supposedly new voices that have found a way to chatter in full view. You may note that new "apps" for Android plus iPhone are appearing at over a thousand per day. You may rightly remind us all that technology is democratizing in the sense that powers once reserved for the few are now irretrievably in the hands of the many. What stands against that, and why I say that it stands against that, is increasing interdependence. We humans can design systems more complex than we can then operate. The financial sector's "flash crashes" are an example of that; perhaps the fifty interlocked insurance exchanges for Obamacare will soon be another. Above some threshold of system complexity, it is no longer possible to test, it is only possible to react to emergent behavior. The lowliest Internet user is entirely in the game of interdependence -- one web page can easily touch scores of different domains. While writing this, the top level page from cnn.com had 400 out-references to 85 unique domains each of which is likely to be similarly constructed and all of which move data one way or another. If you leave those pages up and they have an auto-refresh, then moving to a new network signals to every one of those ad networks that you have so moved. The wellspring of risk is dependence, especially dependence on shared expectations of shared system state, i.e., interdependence on the ground. If you would accept that you are most at risk from the things you most depend upon, then damping dependence is the cheapest, most straightforward, lowest latency way to damp risk, just as the fastest and most reliable way to put more money on a business's bottom line is through cost control. Trend #7: Automation Shoshana Zuboff of the Harvard Business School notably described three laws of the digital age, . Everything that can be automated will be automated. . Everything that can be informated will be informated. . Every digital application that can be used for surveillance and . control will be used for surveillance and control. It is irrelevant, immaterial and incompetent to argue otherwise. For security technology, Zuboff's Laws are almost the goal state, that is to say that the attempt to automate information assurance is in full swing everywhere, the ability to extract information from the observable is in full swing everywhere, and every digital application is being instrumented. Before In-Q-Tel, I worked for a data protection company. Our product was, and I believe still is, the most thorough on the market. By "thorough" I mean the dictionary definition, "careful about doing something in an accurate and exact way." To this end, installing our product instrumented every system call on the target machine. Data did not and could not move in any sense of the word "move" without detection. Every data operation was caught and monitored. It was total surveillance data protection. What made this product stick out was that very thoroughness, but here is the point: Unless you fully instrument your data handling, it is not possible for you to say what did not happen. With total surveillance, and total surveillance alone, it is possible to treat the absence of evidence as the evidence of absence. Only when you know everything that *did* happen with your data can you say what did *not* happen with your data. But this trend of automating is now leaving the purely defensive position behind. In a press release two weeks ago today,[7] DARPA signaled exactly that, and I quote [T]he Defense Advanced Research Projects Agency intends to hold the Cyber Grand Challenge -- the first-ever tournament for fully automatic network defense systems. DARPA envisions teams creating automated systems that would compete against each other to evaluate software, test for vulnerabilities, generate security patches and apply them to protected computers on a network. The growth trends ... in cyber attacks and malware point to a future where automation must be developed... The automation trend is irreversible, but it begs a question that I fear no one will answer in a way that doesn't merely reflect their corporate or institutional interest, namely are people in the loop a failsafe or a liability?[8] Trend #8: Dual use I've become convinced that all security technology is dual use. While I am not sure whether dual use is a trend or a realization of an unchanging fact of nature, the obviousness of dual use seems greatest in the latest technologies, so I am calling it a trend in the sense that the straightforward accessibility of dual use characteristics of new technology is a growing trend. There are a lot of examples, but in the physical world any weapon usable for defense can be repurposed for offense. Every security researcher looking for exploitable flaws is deep in the dual use debate because once discovered, those flaws can be patched or they can be sold. The cyber security products that promise total surveillance over the enterprise are, to my mind, an offensive strategy used for defensive purposes. There was a time when flaws were predominantly found by adventurers and braggarts. Ten plus years of good work by the operating system vendors elbowed the flaw finders out of the operating system and, as a result, our principal opponents changed over from adventurers and braggarts to being professionals. Finding vulnerabilities and exploiting them is now hard enough that it has moved out of the realm of being a hobby and into the realm of being a job. This changed several things, notably that braggarts share their findings because they are paid in bragging rights. By contrast, professionals do not share and are paid in something more substantial than fame. The side effect has been a continued rise in the percentage of all vulnerabilities that are previously unknown. The trend, in other words, is that by crushing hobbyists we've raised the market price of working exploits to where now our opponents pay for research and development out of revenue. Simulating what the opponent can do thus remains the central task of defensive research. Much of that research is in crafting proofs of concept that such and such a flaw can be taken advantage of. Corman's neologism of "HD Moore's Law" says that the trend in the power of the casual attacker grows as does the trend of the power in Metasploit.[9] It is hard to think of a better description of dual use. Trend #9: The blurring of end-to-end To my mind, the most important technical decision ever made was that the security of the Internet was to be "end-to-end."[10] "End-to-end" is a generic technical term yet simple to explain: the Internet was built on the premise that two entities could connect themselves to each other and decide what they wanted to do. The network was a delivery vehicle, but the form, content, and security of the connection between the two ends was to be their own choice. End-to-end is a model where the terminal entities are smart and the network is dumb. This is completely (completely) different than a smart network with dumb terminal entities at the end of the wire. No other design decision of the Internet comes close to the importance of it's being an end-to-end design. With end-to-end, security is the choice of the terminal end-points, not something built into the fabric of the Internet itself. That is American values personified. It is the idea that accountability, not permission seeking, is the way a government curbs the misuse of freedoms, and, as accountability scales but permission seeking does not, accountability wins. End-to-end security is the digital manifestation of the right of association and, in any case, is what enabled the Internet to become relevant in the first place. End-to-end does precisely what Peter Drucker told us to do: "Don't solve problems, create opportunities." The provision of content from anywhere to anywhere, which is the very purpose of an internetwork, is a challenge to sovereignty. America's Founders wanted no sovereign at all, and they devised a government that made the center all but powerless and the periphery fully able to thumb its nose at whatever it felt like. Much ink has been spilled on the frontier ethic versus the wishful policies favored by the comfortable urbanity of the welfare state, but the Internet's protocols have everything in common with the former and nothing in common with the latter. The free man requires the choice of with what degree of vigor to defend himself. That is a universal; America's Founders laid that down in the Second Amendment, just as did George Orwell in the English democratic socialist weekly "Tribune" when he said, "That rifle on the wall of the laborer's cottage or working class flat is the symbol of democracy. It is our job to see that it stays there." Were George Washington or George Orwell still among us, they would know that smart end-points and dumb networks are what freedom requires, that smart networks protecting dumb end-points breed compliant dependency. But the trend is otherwise, and not just because of the fatuous fashionability of entitlement, but rather because of a blurring of what the term "end" means. So very many people have adopted automatic synchronization of multiple devices they own that one has to ask whether their tablet is an end or their collection of mutually synchronized devices is an end. So many Internet-dependent functions are spread silently across numerous entities and applications that what is the end may well be more dynamic than can be described. If an end implies unitary control on the part of an owner, then set theory says that mutually synchronized devices are a unitary end. That blurring of "end" makes end-to-end provisioning problematic as a set of devices cannot be assumed to be equally on and equally participating in any given transaction. Quoting Clark & Blumenthal[11] There is a risk that the range of new requirements now emerging could have the consequence of compromising the Internet's original design principles. Were this to happen, the Internet might lose some of its key features, in particular its ability to support new and unanticipated applications. We link this possible outcome to a number of trends: the rise of new stakeholders in the Internet,... new government interests, the changing motivations of the growing user base, and the tension between the demand for trustworthy overall operation and the inability to trust the behavior of individual users. This is nowhere so evident as in security, that is to say in the application of the end-to-end principle to cyber security. What does end-to-end secure transport mean when travelocity.com is showing you a page dynamically constructed from a dozen other entities? Trend #10: Complexity in the supply chain Even without resorting to classified information, it is now clear that supply chain attacks have occurred. Whether reading journalistic accounts or Richard Clarke's novel _Breakpoint_, the finding is that the supply chain creates opportunities for badness. None of the things I've yet read, however, blames the supply chain risk on its complexity, per se, but that is the trend that matters. Security is non-composable -- we can get insecure results even when our systems are assembled from secure components. The more components, the less likely a secure result. This applies to supply chains that are growing ever more complex under the pressure of just-in-time, spot market sourcing of, say, memory chips and so forth and so on. Because the attacker has only to find one component of that chain to be vulnerable while the defender has to assure that all components are invulnerable, rising supply chain complexity guarantees increased opportunity for effective attack. It cannot do otherwise, and the trend is clear. Trend #11: Monoculture(s) Beginning with Forrest in 1997,[12] regular attention has been paid to the questions of monoculture in the network environment. There is no point belaboring the fundamental question, but let me state it for the record: cascade failure is so very much easier to detonate in a monoculture -- so very much easier when the attacker has only to write one bit of malware, not ten million. The idea is obvious; believing in it is easy; acting on its implications is, evidently, rather hard. I am entirely sympathetic to the actual reason we continue to deploy computing monocultures -- making everything almost entirely alike is, and remains, our only hope for being able to centrally manage it in a consistent manner. Put differently, when you deploy a computing monoculture you are making a fundamental risk management decision: That the downside risk of a black swan event is more tolerable than the downside risk of perpetual inconsistency. This is a hard question, as all risk management is about changing the future, not explaining the past. Which would you rather have, the unlikely event of a severe impact, or the day-to-day burden of perpetual inconsistency? When we opt for monocultures we had better opt for tight central control. This supposes that we are willing to face the risks that come with tight central control, of course, including the maximum risk of all auto-update schemes, namely the hostile takeover of the auto-update mechanism itself. Computer desktops are not the point; embedded systems are. The trendline in the number of critical monocultures seems to be rising and many of these are embedded systems both without a remote management interface and long lived. That combination -- long lived and not reachable -- is the trend that must be reversed. Whether to insist that embedded devices self destruct at some age or that remote management of them be a condition of deployment is the question. In either case, the Internet of Things and the appearance of microcontrollers in seemingly every computing device should raise hackles on every neck.[13] Trend #12: Attack surface growth versus skill growth Everyone here knows the terminology "attack surface" and knows that one of the defender's highest goals is to minimize the attack surface wherever possible. Every coder adhering to a security-cognizant software lifecycle program does this. Every company or research group engaged in static analysis of binaries does this. Every agency enforcing a need-to-know regime for data access does this. Every individual who reserves one low-limit credit card for their Internet purchases does this. I might otherwise say that any person who encrypts their e-mail to their closest counterparties does this, but because consistent e-mail encryption is so rare, encrypting one's e-mail marks it for collection and indefinite retention by those entities in a position to do so, regardless of what country you live in. In cyber security practice, the trend is that we practitioners as a class are getting better and better. We have better tools, we have better understood practices, and we have more colleagues. That's the plus side. But I'm interested in the ratio of skill to challenge, and as far as I can estimate, we are expanding the society-wide attack surface faster than we are expanding our collection of tools, practices, and colleagues. If you are growing more food, that's great. If your population is growing faster than your improvements in food production can keep up, that's bad. In the days of radio, there was Sarnoff's Law, namely that the value of a broadcast network was proportional to N, the number of listeners. Then came packetized network communications and Metcalfe's Law, that the value of a network was proportional to N squared, the number of possible two-way conversations. We are now in the era of Reed's Law where the value of a network is proportional to the number of groups that can form in it, that is to say 2 to the power N. Reed's Law is the new reality because it fits the age of social networks. In each of these three laws as publicly stated, the sign bit is positive, but in parallel with the claim that everything is dual use, the sign bit can also be negative because interconnections are a contributor to the net attack surface. If an Internet of Things is indeed imminent, then the upward bend in the curve of the global attack surface will grow steeper regardless of what level of risk there is for any one thing so long as that level of risk is always non-zero. Trend #13: Specialization Everyone my age working in cyber security was trained for something else, and because of that switch between one field and another brings along the hybrid vigor of seeing the cyber security world through a different lens. Statisticians, civil engineers, and lawyers alike can contribute. But the increasing quality of prepatory education, the increasing breadth of affairs for which cyber security is needful, and the increasing demand for skill of the highest sort means the humans in the game are specializing. While some people like to say "Specialization is for insects," tell me that the security field itself is not specializing. We have people who are expert in forensics on specific operating system localizations, expert in setting up intrusion response, expert in analyzing large sets of firewall rules using non-trivial set theory, expert in designing egress filters for universities that have no ingress filters, expert in steganographically watermarking binaries, and so forth. Generalists are becoming rare, and they are being replaced by specialists. This is biologic speciation in action, and the narrowing of ecologic niches. In rough numbers, there are somewhere close to 5,000 various technical certifications you can get in the computer field, and the number of them is growing thus proving the conjecture of specialization and speciation is not just for insects and it will not stop. -------------- What does it all mean? All of these trends reflect state changes ongoing and likely to continue to move forward. If we could count on them to maintain some smooth progression, then we might plan actions around them, but we cannot. At any moment, a game changer may arrive, but that is not something you can plan for, per se. I began with the trend of polarization and I end with it. The range of cyber security skills between the best and the worst is growing wider. As the worst outnumber the best and always will, we need look no further than the history of empire where, in the end, it is polarization that kills them. The Internet is an empire. The Internet was built by academics, researchers, and hackers -- meaning that it embodies the liberal cum libertarian cultural interpretation of "American values," namely that it is open, non-hierarchial, self organizing, and leaves essentially no opportunities for governance beyond a few rules of how to keep two parties in communication over the wire. Anywhere the Internet appears, it brings those values with it. Other cultures, other governments, know that these are our strengths and that we are dependent upon them, hence as they adopt the Internet they become dependent on those strengths and thus on our values. A greater challenge to sovereignty does not exist, which is why the Internet will either be dramatically balkanized or it will morph into an organ of world government. In either case, the Internet will never again be as free as it is this morning. That polarization of cyber security within the Internet grows from our willing dependence on it despite the other trends of which I've spoken. I don't see us deciding to damp that risk by curbing dependence though, to be clear, that is precisely the trajectory which my own life now follows. I don't see the cyber security field solving the problem as the problem to be solved is getting bigger faster than we are getting better. I see, instead, the probability that legislatures will relieve the more numerous incapable of the joint consequences of their dependence and their incapability by assigning liability so as to collectivize the downside risk of cyber insecurity into insurance pools. We are forcibly collectivizing the downside risk of disease most particularly the self-inflicted ones, why would we not do that for the downside risk of cyber insecurity and, again, particularly the self-inflicted ones? Where there are so many questions and so few answers, such deep needs and such shallow appreciation of trend directions, the greatest risk is the risk of simplistic solutions carried forward by charismatic fools. There is never enough time, thank you for yours. -------------- [1] "Professionalizing the Nation's Cyber Workforce?" www.nap.edu/openbook.php?record_id=18446 [2] _Hollowing out the Middle_, Carr & Kefalas; _Race Against the Machine_, Brynjolfsson & McAfee; _Average Is Over_, Cowen [3] "The Index of Cyber Security," cybersecurityindex.org [4] "The Consumer Confidence Index," Technical Note, 2011 tinyurl.com/3sb633k [5] Gray, "eScience," NRC-CSTB, Mountain View CA, 2007 research.microsoft.com/en-us/um/people/gray/talks/NRC-CSTB_eScience.ppt [6] Geer, _Economics and Strategies of Data Security_, 2008 [7] www.darpa.mil/NewsEvents/Releases/2013/10/22.aspx [8] Geer, "People in the Loop: Failsafe or a Liability?", 2012 geer.tinho.net/geer.suitsandspooks.8ii12.txt [9] Corman, "Intro to HDMoore's Law," 2011 blog.cognitivedissidents.com/2011/11/01/intro-to-hdmoores-law [10] Saltzer, Reed, & Clark, "End-to-End Arguments in System Design," 1981 web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf [11] Clark & Blumenthal, "Rethinking the design of the Internet, The End-to-End Arguments vs. the Brave New World," 2001 cyberlaw.stanford.edu/e2e/papers/TPRC-Clark-Blumenthal.pdf [12] Forrest, Somayaji, & Ackley, "Building Diverse Computer Systems," HotOS-VI, 1997 www.cs.unm.edu/~immsec/publications/hotos-97.pdf [13] Farmer, "IPMI: Freight Train to Hell v2.01," 2013 fish2.com/ipmi/itrain.pdf more material at geer.tinho.net/pubs From pgut001 at cs.auckland.ac.nz Mon Dec 2 01:34:54 2013 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 02 Dec 2013 22:34:54 +1300 Subject: NSA: The Game Message-ID: For those of you familiar with the game Werewolf (also known as Mafia), here's an updated version, NSA. Peter. -- Snip -- NSA === Peter Gutmann, 11 November 2013. Adapted from a Werewolf writeup found on Zarfhome. http://www.cs.auckland.ac.nz/~pgut001/pubs/nsa_werewolf.txt NSA is a simple game for a largeish group of people, ten or more is best. It requires no equipment apart from some playing cards, or even just bits of paper. You can play it by simply sitting in a circle, but sitting around a table works better (there's room for drinks and snacks). Setting Up Make up a set of cards, one for each player, with a role on each one: Two NSA agents (Werewolves in the original) One Edward Snowden (Seer in the original) One EFF member (Healer in the original) All the rest are Internet users (Villagers in the original) The cards can be anything from fancy custom ones with the NSA logo and other graphics representing the players' roles, through to a convenient pack of Dora the Explorer cards with N, S, and E scrawled on a few of them. In addition to the players there's a moderator who runs things. The moderator shuffles the cards and hands them out, face down. Each player should look at their card without revealing it to anyone else. If there are more than about 15 players then the number of NSA agents, Snowdens, and EFF members can be increased. Two players are secretly NSA agents. They are trying to apply extraordinary rendition to all of the Internet users. Everyone else is an innocent Internet user, but one of the Internet users, Snowden, secretly has inside access to classified information and can detect the presence of NSA agents. In addition another Internet user is an EFF member and can protect one player per turn from the NSA's extraordinary rendition. The Game: Night and Day The game begins with each player introducing themselves. The standard formula for this is "Hi, my name is and I'm an innocent Internet user". This can be embellished as required with additional comments. Once everyone has been introduced, the game proceeds in alternating night and day phases, beginning with night. At night, the moderator tells all of the players "Night has fallen, close your eyes". The moderator then says "NSA, open your eyes". The two NSA agents do so, and look around to recognize each other. The moderator should also note who the NSA agents are. The moderator says "NSA agents, pick someone to render". The two NSA agents silently agree on one Internet user to subject to extraordinary rendition. It's important that they remain silent while doing this, pointing at the victim works best. When the NSA have agreed on a victim and the moderator understands who they picked, the moderator says "NSA agents, close your eyes". The moderator says "Snowden, open your eyes. Snowden, pick someone to check". Snowden opens his eyes and points at another player (as for the NSA agents, this has to be silent). The moderator signs thumbs-up (or some similar yes- gesture) if Snowden pointed at an NSA agent, and shakes their head (or some similar no-gesture) if the Snowden pointed at an innocent Internet user. The moderator then says "Snowden, close your eyes". Finally, the moderator says "EFF member, open your eyes. EFF member, pick someone to protect". The EFF member opens his/her eyes and, as with the others, points at another player. The moderator then says "EFF member, close your eyes". In the initial rounds its best if the EFF member protects themselves. If and when Snowden identifies himself, the EFF member should protect Snowden in order to prevent him from being subject to extraordinary rendition by the NSA. The moderator says "Everybody open your eyes. It's daytime, and has been subject to extraordinary rendition". The named person is immediately out of the game, and typically leaves the table or circle so that only active players remain. He or she can't say anything involving the game beyond this point, but would typically sit at the periphery and watch the game continue. Now it's daytime. All of the remaining players decide who to lynch as a suspected NSA agent. Anyone can say anything they want. NSA agents can claim to be Edward Snowden and "unmask" NSA agents who are actually innocent Internet users. Players can privately whisper things to other players (for example claiming to be Snowden, or the EFF member), or secretly pass notes. Any excuse to lynch someone is valid, for example because they have a beard, because they're Australian, or because they took the last potato chip. The real Edward Snowden should remain silent until they've identified at least one NSA agent, since they'll be an immediate target for extraordinary rendition if they reveal themselves too early. Similarly, the EFF member shouldn't reveal their identity unless absolutely necessary, since they need to protect Snowden without being themselves rendered by the NSA. Once a majority of players vote for a particular player to die (the player can be allowed to defend themselves, for example by claiming that "we, too, are Internet users", leading to further votes), the moderator says " has been lynched as a suspected NSA agent and is now dead". The player leaves the game in the same way as those subject to extraordinary rendition. If the players take too long to decide, the moderator can hint that night is about to fall, and if they still dither, night will fall without anyone being lynched. At this point the cycle repeats. Everyone closes their eyes, the NSA agent(s) select another person to subject to extraordinary rendition, Snowden (if alive) learns another player's identity, and the EFF member (if alive) protects another player. The sun rises, one player is rendered (unless protected by the EFF member), and the remaining players discuss another lynching. Repeat until one side wins. Winning The Internet users win if they kill all of the NSA agents. The NSA agents win if they render enough Internet users that the numbers of Internet users and NSA agents are even. In other words they win if the NSA agents constitute a large enough voting bloc that they can't be lynched any more. At that point the NSA can unmask and openly subject the remaining Internet users to extraordinary rendition. Notes When everyone closes their eyes at night, it's best for people to make some sort of noise, typically tapping the table. This will cover up any accidental sounds that are made by the NSA agents, Snowden, the EFF member, or the moderator. Once a player is lynched or rendered, there are two options on what to do with their cards, show or no-show. The show option is easiest, particularly for the initial games. With this option the player reveals their card, so that the other players know what sort of person has been eliminated. The no-show option is harder but a lot more fun. With this option the player doesn't reveal their card, so that the other players have no idea who's still left in the game. From dan at geer.org Mon Dec 2 20:11:20 2013 From: dan at geer.org (dan at geer.org) Date: Mon, 02 Dec 2013 23:11:20 -0500 Subject: trends in cybersecurity Message-ID: <20131203041120.82D5A2280BA@palinka.tinho.net> Given last month as keynote to the National Reconnaissance Office's planning conference. Trends in Cyber Security http://geer.tinho.net/geer.nro.6xi13.txt Respectfully, --dan From cathalgarvey at cathalgarvey.me Mon Dec 2 16:10:29 2013 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 3 Dec 2013 00:10:29 +0000 Subject: ntru-crypto - Open Source NTRU Public Key Cryptography Algorithm and Reference Code In-Reply-To: <87vbz9k9qx.fsf@michiru.Home> References: <87vbz9k9qx.fsf@michiru.Home> Message-ID: <20131203001029.07985c2e@Neptune> > Haven't we made the mistake of relying on someone else's IP for crypto > before? I'm looking at you, RSA and IDEA. I have no interest in a > cryptosystem that's owned by someone and that requires me to release > my own software under a particular license to use it. I don't care how > technologically superior it might be. The GPL doesn't require you to release a cryptosystem under the GPL, only code for that cryptosystem that derives from GPL'd code. The GPL in effect is a tragedy-of-the-commons-killomatic: It's an agreement between me and you saying "I give you my code, if you give it to others". There's nothing in there about "I offer you my code, and hit you if you try to write your own instead". Given that, I have very little time for GPL-haters, because they're just being whiny bastards. Write your own if you don't like it. Patents, on the other hand, are a whole different steaming pile of shit, and NTRU is patented. So, I'm still with you on this one. If they're somewhere where you can relinquish patents, they should do that. If not, they should either grant the patents wholly to a public trust, or put them under the DPL or similar and make an irrevocable pledge never to use them except defensively, if even that. Of course, who's to know if you implement or build on NTRU under a 'nym? It remains one of the only cryptosystems that's A) Practical and B) Quantum-resistant. Anyone know of any other quantum-resistant algos for *encryption* that can actually be used today, other than NTRU? On Sat, 30 Nov 2013 10:47:02 -0800 Sean Lynch wrote: > On Wed, Nov 27 2013, coderman wrote: > > > https://github.com/NTRUOpenSourceProject/ntru-crypto > > > """ > > Security Innovation, Inc., the owner of the NTRU public key > > cryptography system, made the intellectual property and a sample > > implementation available under the Gnu Public License (GPL) in 2013 > > with the goal of enabling more widespread adoption of this superior > > cryptographic technology. The system is also available for > > commercial use under the terms of the Security Innovation > > Commercial License. > > Haven't we made the mistake of relying on someone else's IP for crypto > before? I'm looking at you, RSA and IDEA. I have no interest in a > cryptosystem that's owned by someone and that requires me to release > my own software under a particular license to use it. I don't care how > technologically superior it might be. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Mon Dec 2 16:16:18 2013 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 3 Dec 2013 00:16:18 +0000 Subject: ntru-crypto - Open Source NTRU Public Key Cryptography Algorithm and Reference Code In-Reply-To: <20131203001029.07985c2e@Neptune> References: <87vbz9k9qx.fsf@michiru.Home> <20131203001029.07985c2e@Neptune> Message-ID: <20131203001618.2f1719df@Neptune> 's_*encryption*_*asymmetric encryption*_g' ..given that we've got plenty of options for quantum-resistant *symmetric* crypto, and several painful-but-sound options for quantum-resistant signature schemes; Merkle-Lamport, for example. On Tue, 3 Dec 2013 00:10:29 +0000 Cathal Garvey wrote: > > Haven't we made the mistake of relying on someone else's IP for > > crypto before? I'm looking at you, RSA and IDEA. I have no interest > > in a cryptosystem that's owned by someone and that requires me to > > release my own software under a particular license to use it. I > > don't care how technologically superior it might be. > > The GPL doesn't require you to release a cryptosystem under the GPL, > only code for that cryptosystem that derives from GPL'd code. The GPL > in effect is a tragedy-of-the-commons-killomatic: It's an agreement > between me and you saying "I give you my code, if you give it to > others". There's nothing in there about "I offer you my code, and hit > you if you try to write your own instead". > > Given that, I have very little time for GPL-haters, because they're > just being whiny bastards. Write your own if you don't like it. > > Patents, on the other hand, are a whole different steaming pile of > shit, and NTRU is patented. So, I'm still with you on this one. If > they're somewhere where you can relinquish patents, they should do > that. If not, they should either grant the patents wholly to a public > trust, or put them under the DPL or similar and make an irrevocable > pledge never to use them except defensively, if even that. > > Of course, who's to know if you implement or build on NTRU under a > 'nym? It remains one of the only cryptosystems that's A) Practical and > B) Quantum-resistant. > > Anyone know of any other quantum-resistant algos for *encryption* that > can actually be used today, other than NTRU? > > On Sat, 30 Nov 2013 10:47:02 -0800 > Sean Lynch wrote: > > > On Wed, Nov 27 2013, coderman wrote: > > > > > https://github.com/NTRUOpenSourceProject/ntru-crypto > > > > > """ > > > Security Innovation, Inc., the owner of the NTRU public key > > > cryptography system, made the intellectual property and a sample > > > implementation available under the Gnu Public License (GPL) in > > > 2013 with the goal of enabling more widespread adoption of this > > > superior cryptographic technology. The system is also available > > > for commercial use under the terms of the Security Innovation > > > Commercial License. > > > > Haven't we made the mistake of relying on someone else's IP for > > crypto before? I'm looking at you, RSA and IDEA. I have no interest > > in a cryptosystem that's owned by someone and that requires me to > > release my own software under a particular license to use it. I > > don't care how technologically superior it might be. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Mon Dec 2 16:17:29 2013 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Tue, 3 Dec 2013 00:17:29 +0000 Subject: Jim Bell needs Bitcoins! In-Reply-To: <529A0A5E.2080106@gogulski.com> References: <1385370567.90180.YahooMailNeo@web141206.mail.bf1.yahoo.com> <1385421475.40988.YahooMailNeo@web141201.mail.bf1.yahoo.com> <20131126003204.GK7523@hexapodia.org>

Message-ID: On Tue, Dec 3, 2013 at 3:40 PM, coderman wrote: > ... > https://github.com/bramcohen/DissidentX """ Q. Why did you use Python3 as a reference language? A. Because not having distinct binary and unicode string types is barbaric. """ oh the many ways i both love and hate python... From seanl at literati.org Tue Dec 3 22:14:41 2013 From: seanl at literati.org (Sean Lynch) Date: Tue, 03 Dec 2013 22:14:41 -0800 Subject: audiovisual (urls) In-Reply-To: <1386102936.42493.YahooMailNeo@web141203.mail.bf1.yahoo.com> (Jim Bell's message of "Tue, 3 Dec 2013 12:35:36 -0800 (PST)") References: <1386041286.39295.YahooMailNeo@web141205.mail.bf1.yahoo.com> <87txepiv9e.fsf@michiru.Home> <1386102936.42493.YahooMailNeo@web141203.mail.bf1.yahoo.com> Message-ID: <87mwkhi1m6.fsf@michiru.Home> On Tue, Dec 03 2013, Jim Bell wrote: > Okay, thank you for clarifying this matter. I merely Google-searched > for 'EDFA quantum entanglement' and found and cited this paper, and > that only because it referred to the problem of trying to amplify > quantum signals through an EDFA. No problem. Not having read the actual paper, I'm not even sure what they meant by "noise" preventing amplification of quantum signals in an EDFA. Quantum states cannot be copied, which seems like a more fundamental problem, but perhaps they are talking about the potential for using an EDFA just to create a large number of entangled particles. > Myself, I am hoping that longer-key public-key cryptosystems will > remain unsolved by quantum techniques, at least as long as it takes > to get rid of governments. After that, it probably won't matter. As > of now, it looks like things will go the way I'd like. I'm fairly optimistic for a couple of different reasons. First of all, progress on quantum computers has been very slow and the experts in the field who have spoken up believe it's unlikely the NSA has a major breakthrough on this front. Second, I'm skeptical that quantum computers can even be made to work at all. While D-Wave and others have built systems that they *believe* are quantum computers and shown some evidence that they behave as one would expect for such devices, nothing has yet been demonstrated that could not easily been achieved with a classical computer, though much of this is due to the small scale of the devices. Even if quantum computers can be made to work, one can hope that by then we'll either have quantum cryptography infrastructure in place (though the need for physical infrastructure scares me here - maybe guerrilla wireless quantum crypto?) or have widespread access to practical quantum-proof public-key crypto. Maybe either the NTRU patent will have expired or we'll have found alternative cryptosystems that do not infringe, ala the Lucas sequence alternative to RSA. Of course, the patent is only a problem in the US and its satellite states anyway. -- Sean Richard Lynch http://www.literati.org/~seanl/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From coderman at gmail.com Wed Dec 4 14:05:27 2013 From: coderman at gmail.com (coderman) Date: Wed, 4 Dec 2013 14:05:27 -0800 Subject: NSA tracking cellphone locations worldwide Message-ID: http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_print.html """ NSA tracking cellphone locations worldwide, Snowden documents show By Barton Gellman and Ashkan Soltani, Wednesday, December 4, 12:18 PM The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable. The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractorEdward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool. (Video: How the NSA uses cellphone tracking to find and ‘develop’ targets) The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result. One senior collection manager, speaking on condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data is often collected from the tens of millions of Americans who travel abroad with their cellphones every year. In scale, scope and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programsthat have been disclosed since June. Analysts can find cellphones anywhere in the world, retrace their movements and expose hidden relationships among individuals using them. (Graphic: How the NSA is tracking people right now) U.S. officials said the programs that collect and analyze location data are lawful and intended strictly to develop intelligence about foreign targets. Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, said “there is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.” The NSA has no reason to suspect that the movements of the overwhelming majority of cellphone users would be relevant to national security. Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect. Still, location data, especially when aggregated over time, is widely regarded among privacy advocates as uniquely sensitive. Sophisticated mathematical techniques enable NSA analysts to map cellphone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. Cellphones broadcast their locations even when they are not being used to place a call or send a text. (Video: Reporter Ashkan Soltani explains NSA collection of cellphone data) CO-TRAVELER and related tools require the methodical collection and storage of location data on what amounts to a planetary scale. The government is tracking people from afar into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes and other traditionally protected spaces. “One of the key components of location data, and why it’s so sensitive, is that the laws of physics don’t let you keep it private,” said Chris Soghoian, principal technologist at the American Civil Liberties Union. People who value their privacy can encrypt their e-mails and disguise their online identities, but “the only way to hide your location is to disconnect from our modern communication system and live in a cave.” The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection. The location programs have brought in such volumes of information, according to a May 2012 internal NSA briefing, that they are “outpacing our ability to ingest, process and store” data. In the ensuing year and a half, the NSA has been transitioning to a processing system that provided it with greater capacity. The possibility that the intelligence community has been collecting location data, particularly of Americans, has long concerned privacy advocates and some lawmakers. Three Democratic senators — Ron Wyden (Ore.), Mark Udall (Colo.) and Barbara Mikulski (Md.) — have introduced an amendment to the 2014 defense spending bill that would require U.S. intelligence agencies to say whether they have ever collected or made plans to collect location data for “a large number of United States persons with no known connection to suspicious activity.” NSA Director Keith Alexander disclosed in Senate testimony in October that the NSA had run a pilot project in 2010 and 2011 to collect “samples” of U.S. cellphone location data. The data collected were never available for intelligence analysis purposes, and the project was discontinued because it had no “operational value,” he said. Alexander allowed that a broader collection of such data “may be something that is a future requirement for the country, but it is not right now.” The number of Americans whose locations are tracked as part of the NSA’s collection of data overseas is impossible to determine from the Snowden documents alone, and senior intelligence officials declined to offer an estimate. “It’s awkward for us to try to provide any specific numbers,” one intelligence official said in a telephone interview. An NSA spokeswoman who took part in the call cut in to say the agency has no way to calculate such a figure. An intelligence lawyer, speaking with his agency’s permission, said location data are obtained by methods “tuned to be looking outside the United States,” a formulation he repeated three times. When U.S. cellphone data are collected, he said, the data are not covered by the Fourth Amendment, which protects Americans against unreasonable searches and seizures. According to top-secret briefing slides, the NSA pulls in location data around the world from 10 major “sigads,” or signals intelligence activity designators. A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.” STORMBREW collects data from 27 telephone links known as OPC/DPC pairs, which refer to originating and destination points and which typically transfer traffic from one provider’s internal network to another’s. That data include cell tower identifiers, which can be used to locate a phone’s location. The agency’s access to carriers’ networks appears to be vast. “Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This ‘flat’ trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.” Some documents in the Snowden archive suggest that acquisition of U.S. location data is routine enough to be cited as an example in training materials. In an October 2012 white paper on analytic techniques, for example, the NSA’s counterterrorism analysis unit cites two U.S.-based carriers to illustrate the challenge of correlating the travels of phone users on different mobile networks. Asked about that, a U.S. intelligence official said the example was poorly chosen and did not represent the program’s foreign focus. The NSA’s capabilities to track location are staggering, based on the Snowden documents, and indicate that the agency is able to render most efforts at communications security effectively futile. Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior — using disposable cellphones and switching them on only long enough to make brief calls — marks a user for special scrutiny. CO-TRAVELER takes note, for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time. Side-by-side security efforts — when nearby devices power off and on together over time — “assist in determining whether co-travelers are associated … through behaviorally relevant relationships,” according to the 24-page white paper, which was developed by the NSA in partnership with the National Geospatial Agency, the Australian Signals Directorate and private contractors. A central feature of each of these tools is that they do not rely on knowing a particular target in advance, or even suspecting one. They operate on the full universe of data in the NSA’s FASCIA repository, which stores trillions of metadata records, of which a large but unknown fraction include locations. The most basic analytic tools map the date, time, and location of cellphones to look for patterns or significant moments of overlap. Other tools compute speed and trajectory for large numbers of mobile devices, overlaying the electronic data on transportation maps to compute the likely travel time and determine which devices might have intersected. To solve the problem of undetectable surveillance against CIA officers stationed overseas, one contractor designed an analytic model that would carefully record the case officer’s path and look for other mobile devices in steady proximity. “Results have not been validated by operational analysts,” the report said. Julie Tate contributed to this report. Soltani is an independent security researcher and consultant. """ From jya at pipeline.com Thu Dec 5 05:50:06 2013 From: jya at pipeline.com (John Young) Date: Thu, 05 Dec 2013 08:50:06 -0500 Subject: Snowden Civil War Message-ID: Snowden Civil War: http://cryptome.org/2013/12/snowden-civil-war.htm From dan at geer.org Thu Dec 5 06:13:13 2013 From: dan at geer.org (dan at geer.org) Date: Thu, 05 Dec 2013 09:13:13 -0500 Subject: NSA tracking cellphone locations worldwide In-Reply-To: Your message of "Thu, 05 Dec 2013 14:10:31 +0100." Message-ID: <20131205141313.BC42F2280CB@palinka.tinho.net> > The next step is where the federal government declares all state's grounds > to be in full ownership of a private company, so that all land is now > effectively foreign and no citizen's rights apply to citizens anymore. An > American abroad is not an American. That's an official view. Eleven years before he became the fourth President of the United States, James Madison said that: Perhaps it is a universal truth that the loss of liberty at home is to be charged to provisions against danger, real or pretended, from abroad. One wonders how Madison would feel about an interconnected world where "abroad" has so thoroughly lost its meaning, at least with respect to Internet-dependent critical infrastructure if not national frontiers. My guess is that Madison would decide that the Internet is, per se, "abroad." --dan From jamesdbell8 at yahoo.com Thu Dec 5 12:09:43 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Thu, 5 Dec 2013 12:09:43 -0800 (PST) Subject: audiovisual (urls) In-Reply-To: <87mwkhi1m6.fsf@michiru.Home> References: <1386041286.39295.YahooMailNeo@web141205.mail.bf1.yahoo.com> <87txepiv9e.fsf@michiru.Home> <1386102936.42493.YahooMailNeo@web141203.mail.bf1.yahoo.com> <87mwkhi1m6.fsf@michiru.Home> Message-ID: <1386274183.47441.YahooMailNeo@web141202.mail.bf1.yahoo.com> ________________________________ From: Sean Lynch To: Jim Bell On Tue, Dec 03 2013, Jim Bell wrote: >> Okay, thank you for clarifying this matter. I merely Google-searched >> for 'EDFA quantum entanglement' and found and cited this paper, and >> that only because it referred to the problem of trying to amplify >> quantum signals through an EDFA. >No problem. Not having read the actual paper, I'm not even sure what >they meant by "noise" preventing amplification of quantum signals in an >EDFA. Quantum states cannot be copied, which seems like a more >fundamental problem, but perhaps they are talking about the potential >for using an EDFA just to create a large number of entangled particles. >> Myself, I am hoping that longer-key public-key cryptosystems will >> remain unsolved by quantum techniques, at least as long as it takes >> to get rid of governments. After that, it probably won't matter. As >> of now, it looks like things will go the way I'd like. >I'm fairly optimistic for a couple of different reasons. First of all, >progress on quantum computers has been very slow and the experts in the >field who have spoken up believe it's unlikely the NSA has a major >breakthrough on this front. Second, I'm skeptical that quantum computers >can even be made to work at all. While D-Wave and others have built >systems that they *believe* are quantum computers and shown some >evidence that they behave as one would expect for such devices, nothing >has yet been demonstrated that could not easily been achieved with a >classical computer, though much of this is due to the small scale of the >devices. I am limited by the fact that I have only had a couple of classes which touched upon quantum physics (and 35 years ago, to boot), I wonder if there will be some limit to how far these quantum techniques can be used to factor huge numbers. (Speculation warning!) A 1 centimeter difference in altitude in Earth's gravitational field results in about a 1 part in 10**18 time dilation. Even if the atoms making up a quantum computer could be maintained within 1 micron altitude, that would be a time dilation difference of 1 part in 10**22. Could there be an effect which would allow the factorization of numbers up to, say, 22 digits long, but that would fail if the number was 301 digits long? (equivalent to 1024 bits.) Such a computer might be raised into earth orbit to take advantage of micro-gravity effects, but even that might only raise the limit by a few orders of magnitude, say 22+6 = 28. Someone much more familiar with quantum mechanics should be able to shed light on this speculation. Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3894 bytes Desc: not available URL: From l at odewijk.nl Thu Dec 5 04:52:41 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 5 Dec 2013 13:52:41 +0100 Subject: NSA tracking cellphone locations worldwide In-Reply-To: References: Message-ID: Came to my mail client just to post this. I know my government keeps this data. That's why I thought it's probably an intelligence community wide secret. And now it turns out it totally is. This is like the soldiers having marched in our streets since years and years and our government isn't even worried about it. We're no longer the actual owner of our country, because another country has had a soldier passively stalking every person in it. If you do something wrong the soldier will attack. The laws are not fixed, nor are they coherent per se, as any three-letter-org may at some point gain "lawfull" access to the knowledge gathered and blackmail you with it or, worse, manipulate you with it. Say hello Thought Police. If it's "just Internet traffic" then many people think "I don't do anything important on the Internet" (they do, but they don't think so). But now it's *their every move*. Without a hint of sarcasm it means they are followed within their houses, on vacation, doing whatever. My government, my country, my laws, democratically chosen for my and by my nation (let's suppose ;( ) state CLEARLY that this is *completely* illegal. There is absolute no legal basis whereupon the American nation is allowed to break the law on our ground, on our hardware or even just on our people. Why is my nation so unaware of this invasion upon our grounds? Why doesn't it take protective action to the fact that an act of crime or war is taken upon all it's citizens? How come I can see what those capable of doing something about it can't? Why isn't there a chilling cold schock running down their spines when they finally read this sort of articles and realize they have been partially responsible too? 2013/12/4 coderman > > http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_print.html > > """ > > NSA tracking cellphone locations worldwide, Snowden documents show > > By Barton Gellman and Ashkan Soltani, Wednesday, December 4, 12:18 PM > > The National Security Agency is gathering nearly 5 billion records a > day on the whereabouts of cellphones around the world, according to > top-secret documents and interviews with U.S. intelligence officials, > enabling the agency to track the movements of individuals — and map > their relationships — in ways that would have been previously > unimaginable. > > The records feed a vast database that stores information about the > locations of at least hundreds of millions of devices, according to > the officials and the documents, which were provided by former NSA > contractorEdward Snowden. New projects created to analyze that data > have provided the intelligence community with what amounts to a mass > surveillance tool. > > (Video: How the NSA uses cellphone tracking to find and ‘develop’ targets) > > The NSA does not target Americans’ location data by design, but the > agency acquires a substantial amount of information on the whereabouts > of domestic cellphones “incidentally,” a legal term that connotes a > foreseeable but not deliberate result. > > One senior collection manager, speaking on condition of anonymity but > with permission from the NSA, said “we are getting vast volumes” of > location data from around the world by tapping into the cables that > connect mobile networks globally and that serve U.S. cellphones as > well as foreign ones. Additionally, data is often collected from the > tens of millions of Americans who travel abroad with their cellphones > every year. > > In scale, scope and potential impact on privacy, the efforts to > collect and analyze location data may be unsurpassed among the NSA > surveillance programsthat have been disclosed since June. Analysts can > find cellphones anywhere in the world, retrace their movements and > expose hidden relationships among individuals using them. > > (Graphic: How the NSA is tracking people right now) > > U.S. officials said the programs that collect and analyze location > data are lawful and intended strictly to develop intelligence about > foreign targets. > > Robert Litt, general counsel for the Office of the Director of > National Intelligence, which oversees the NSA, said “there is no > element of the intelligence community that under any authority is > intentionally collecting bulk cellphone location information about > cellphones in the United States.” > > The NSA has no reason to suspect that the movements of the > overwhelming majority of cellphone users would be relevant to national > security. Rather, it collects locations in bulk because its most > powerful analytic tools — known collectively as CO-TRAVELER — allow it > to look for unknown associates of known intelligence targets by > tracking people whose movements intersect. > > Still, location data, especially when aggregated over time, is widely > regarded among privacy advocates as uniquely sensitive. Sophisticated > mathematical techniques enable NSA analysts to map cellphone owners’ > relationships by correlating their patterns of movement over time with > thousands or millions of other phone users who cross their paths. > Cellphones broadcast their locations even when they are not being used > to place a call or send a text. > > (Video: Reporter Ashkan Soltani explains NSA collection of cellphone data) > > CO-TRAVELER and related tools require the methodical collection and > storage of location data on what amounts to a planetary scale. The > government is tracking people from afar into confidential business > meetings or personal visits to medical facilities, hotel rooms, > private homes and other traditionally protected spaces. > > “One of the key components of location data, and why it’s so > sensitive, is that the laws of physics don’t let you keep it private,” > said Chris Soghoian, principal technologist at the American Civil > Liberties Union. People who value their privacy can encrypt their > e-mails and disguise their online identities, but “the only way to > hide your location is to disconnect from our modern communication > system and live in a cave.” > > The NSA cannot know in advance which tiny fraction of 1 percent of the > records it may need, so it collects and keeps as many as it can — 27 > terabytes, by one account, or more than double the text content of the > Library of Congress’s print collection. > > The location programs have brought in such volumes of information, > according to a May 2012 internal NSA briefing, that they are > “outpacing our ability to ingest, process and store” data. In the > ensuing year and a half, the NSA has been transitioning to a > processing system that provided it with greater capacity. > > The possibility that the intelligence community has been collecting > location data, particularly of Americans, has long concerned privacy > advocates and some lawmakers. Three Democratic senators — Ron Wyden > (Ore.), Mark Udall (Colo.) and Barbara Mikulski (Md.) — have > introduced an amendment to the 2014 defense spending bill that would > require U.S. intelligence agencies to say whether they have ever > collected or made plans to collect location data for “a large number > of United States persons with no known connection to suspicious > activity.” > > NSA Director Keith Alexander disclosed in Senate testimony in October > that the NSA had run a pilot project in 2010 and 2011 to collect > “samples” of U.S. cellphone location data. The data collected were > never available for intelligence analysis purposes, and the project > was discontinued because it had no “operational value,” he said. > > Alexander allowed that a broader collection of such data “may be > something that is a future requirement for the country, but it is not > right now.” > > The number of Americans whose locations are tracked as part of the > NSA’s collection of data overseas is impossible to determine from the > Snowden documents alone, and senior intelligence officials declined to > offer an estimate. > > “It’s awkward for us to try to provide any specific numbers,” one > intelligence official said in a telephone interview. An NSA > spokeswoman who took part in the call cut in to say the agency has no > way to calculate such a figure. > > An intelligence lawyer, speaking with his agency’s permission, said > location data are obtained by methods “tuned to be looking outside the > United States,” a formulation he repeated three times. When U.S. > cellphone data are collected, he said, the data are not covered by the > Fourth Amendment, which protects Americans against unreasonable > searches and seizures. > > According to top-secret briefing slides, the NSA pulls in location > data around the world from 10 major “sigads,” or signals intelligence > activity designators. > > A sigad known as STORMBREW, for example, relies on two unnamed > corporate partners described only as ARTIFICE and WOLFPOINT. According > to an NSA site inventory, the companies administer the NSA’s “physical > systems,” or interception equipment, and “NSA asks nicely for > tasking/updates.” > > STORMBREW collects data from 27 telephone links known as OPC/DPC > pairs, which refer to originating and destination points and which > typically transfer traffic from one provider’s internal network to > another’s. That data include cell tower identifiers, which can be used > to locate a phone’s location. > > The agency’s access to carriers’ networks appears to be vast. > > “Many shared databases, such as those used for roaming, are available > in their complete form to any carrier who requires access to any part > of it,” said Matt Blaze, an associate professor of computer and > information science at the University of Pennsylvania. “This ‘flat’ > trust model means that a surprisingly large number of entities have > access to data about customers that they never actually do business > with, and an intelligence agency — hostile or friendly — can get ‘one > stop shopping’ to an expansive range of subscriber data just by > compromising a few carriers.” > > Some documents in the Snowden archive suggest that acquisition of U.S. > location data is routine enough to be cited as an example in training > materials. In an October 2012 white paper on analytic techniques, for > example, the NSA’s counterterrorism analysis unit cites two U.S.-based > carriers to illustrate the challenge of correlating the travels of > phone users on different mobile networks. Asked about that, a U.S. > intelligence official said the example was poorly chosen and did not > represent the program’s foreign focus. > > The NSA’s capabilities to track location are staggering, based on the > Snowden documents, and indicate that the agency is able to render most > efforts at communications security effectively futile. > > Like encryption and anonymity tools online, which are used by > dissidents, journalists and terrorists alike, security-minded behavior > — using disposable cellphones and switching them on only long enough > to make brief calls — marks a user for special scrutiny. CO-TRAVELER > takes note, for example, when a new telephone connects to a cell tower > soon after another nearby device is used for the last time. > > Side-by-side security efforts — when nearby devices power off and on > together over time — “assist in determining whether co-travelers are > associated … through behaviorally relevant relationships,” according > to the 24-page white paper, which was developed by the NSA in > partnership with the National Geospatial Agency, the Australian > Signals Directorate and private contractors. > > A central feature of each of these tools is that they do not rely on > knowing a particular target in advance, or even suspecting one. They > operate on the full universe of data in the NSA’s FASCIA repository, > which stores trillions of metadata records, of which a large but > unknown fraction include locations. > > The most basic analytic tools map the date, time, and location of > cellphones to look for patterns or significant moments of overlap. > Other tools compute speed and trajectory for large numbers of mobile > devices, overlaying the electronic data on transportation maps to > compute the likely travel time and determine which devices might have > intersected. > > To solve the problem of undetectable surveillance against CIA officers > stationed overseas, one contractor designed an analytic model that > would carefully record the case officer’s path and look for other > mobile devices in steady proximity. > > “Results have not been validated by operational analysts,” the report said. > > Julie Tate contributed to this report. Soltani is an independent > security researcher and consultant. > """ > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 14154 bytes Desc: not available URL: From l at odewijk.nl Thu Dec 5 05:10:31 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 5 Dec 2013 14:10:31 +0100 Subject: NSA tracking cellphone locations worldwide In-Reply-To: References:

Message-ID: "Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect." You were in the airplane with X so we may now personally inspect all of you. "When U.S. cellphone data are collected, he said, the data are not covered by the Fourth Amendment, which protects Americans against unreasonable searches and seizures." The next step is where the federal government declares all state's grounds to be in full ownership of a private company, so that all land is now effectively foreign and no citizen's rights apply to citizens anymore. An American abroad is not an American. That's an official view. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 898 bytes Desc: not available URL: From juan.g71 at gmail.com Thu Dec 5 11:51:33 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 05 Dec 2013 16:51:33 -0300 Subject: NSA tracking cellphone locations worldwide In-Reply-To: References:

Message-ID: <5B3A79266B7E160CB3FE4EA8@F74D39FA044AA309EAEA14B9> --On Thursday, December 05, 2013 1:52 PM +0100 Lodewijk andré de la porte wrote: > Why is my nation so unaware of this invasion upon our grounds? Why doesn't > it take protective action to the fact that an act of crime or war is taken > upon all it's citizens? Are you an anarchist yet? =) > 2013/12/4 coderman > >> >> http://www.washingtonpost.com/world/national-security/nsa-tracking-cellp >> hone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2 >> -11e3-bc56-c6ca94801fac_print.html >> >> """ >> >> NSA tracking cellphone locations worldwide, Snowden documents show >> From juan.g71 at gmail.com Thu Dec 5 12:09:05 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Thu, 05 Dec 2013 17:09:05 -0300 Subject: NSA tracking cellphone locations worldwide In-Reply-To: References:

<5B3A79266B7E160CB3FE4EA8@F74D39FA044AA309EAEA14B9> Message-ID: --On Thursday, December 05, 2013 8:57 PM +0100 Lodewijk andré de la porte wrote: > 2013/12/5 Juan Garofalo > >> Are you an anarchist yet? =) >> > > I'm not a anarchist. I'm just the only citizen of Lewisland (LL). > Heh =) http://www.panarchy.org/depuydt/1860.fr.html From l at odewijk.nl Thu Dec 5 11:57:19 2013 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 5 Dec 2013 20:57:19 +0100 Subject: NSA tracking cellphone locations worldwide In-Reply-To: <5B3A79266B7E160CB3FE4EA8@F74D39FA044AA309EAEA14B9> References:

<5B3A79266B7E160CB3FE4EA8@F74D39FA044AA309EAEA14B9> Message-ID: 2013/12/5 Juan Garofalo > Are you an anarchist yet? =) > I'm not a anarchist. I'm just the only citizen of Lewisland (LL). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 539 bytes Desc: not available URL: From lblissett at paranoici.org Fri Dec 6 11:34:17 2013 From: lblissett at paranoici.org (Luther Blissett) Date: Fri, 06 Dec 2013 17:34:17 -0200 Subject: [Full-disclosure] Secure whistleblowing feedback / reporting systems in the content of compartmented information, endpoint security [was: [NSA bitching] [formerly Re: PRISM][]] In-Reply-To: References: Message-ID: <1386358457.27052.44.camel@tagesuhu-pc> On Fri, 2013-10-18 at 08:18 -0700, coderman wrote: > On Fri, Oct 18, 2013 at 4:40 AM, wrote: > >... > > http://geer.tinho.net/geer.uncc.9x13.txt > > > an interesting discussion :) > > "This is perhaps our last fundamental tradeoff before the Singularity > occurs: Do we, as a society, want the comfort and convenience of > increasingly technologic, invisible digital integration enough to pay > for those benefits with the liberties that must be given up to be > protected from the downsides of that integration?" -- dan > > > i would argue that there is an alternative in design and architecture, > mainly those which decentralize and protect end-to-end. however, there > is a cost attached to these efforts as well, which so far most opt-out > of paying... > > > best regards, > And I would reply that only those who commit to those efforts can see it more clearly that there are no credit, financing or bitcoin scheme that can side-step the payment. Great article dan! -- 010 001 111 From lblissett at paranoici.org Fri Dec 6 13:17:29 2013 From: lblissett at paranoici.org (Luther Blissett) Date: Fri, 06 Dec 2013 19:17:29 -0200 Subject: [Full-disclosure] Secure whistleblowing feedback / reporting systems in the content of compartmented information, endpoint security [was: [NSA bitching] [formerly Re: PRISM][]] In-Reply-To: References: Message-ID: <1386364649.27052.64.camel@tagesuhu-pc> On Fri, 2013-10-18 at 08:18 -0700, coderman wrote: > On Fri, Oct 18, 2013 at 4:40 AM, wrote: > >... > > http://geer.tinho.net/geer.uncc.9x13.txt > > > an interesting discussion :) > > "This is perhaps our last fundamental tradeoff before the Singularity > occurs: Do we, as a society, want the comfort and convenience of > increasingly technologic, invisible digital integration enough to pay > for those benefits with the liberties that must be given up to be > protected from the downsides of that integration?" -- dan > > > i would argue that there is an alternative in design and architecture, > mainly those which decentralize and protect end-to-end. however, there > is a cost attached to these efforts as well, which so far most opt-out > of paying... > > > best regards, > And I would reply that only those who commit to those efforts can see it more clearly that there are no credit, financing or bitcoin scheme that can side-step the payment. Great article dan! -- 010 001 111 -- 010 001 111 From jamesdbell8 at yahoo.com Fri Dec 6 23:32:54 2013 From: jamesdbell8 at yahoo.com (Jim Bell) Date: Fri, 6 Dec 2013 23:32:54 -0800 (PST) Subject: infra-org (urls) In-Reply-To: References: Message-ID: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> From: brian carroll 'Spooky action' builds a wormhole between 'entangled' quantum particles http://phys.org/news/2013-12-spooky-action-wormhole-entangled-quantum.html >note: i must have it all wrong because would it not be possible to >modify the spin of an entangled pair and have it influence the remote >particle likewise. and thus, what need of wires or fiber to connect >events, if a hybrid remote and on-site quatum processing were to take >place. an ecological or ecosystem context of connectivity in & out of >various structures via different forms of entanglement. what if 1,000 >circuit boards shared a split particle and were sent to remote areas, >yet one calculation effected the others and likewise, or perhaps 1,000 >remotely-connected processing functions embedded in 100,000 onsite. in >other words what if the processor were not discrete nor connected by >means other than resonance or vibration (perhaps decibels indicates >this as an acoustic measurement for light even). of course i have no >idea what i am saying, though as list fool i must speak such nonsense. "Spooky action" entanglement has been measured to operate at a velocity of at least 10,000 'c', where 'c' is the speed of light in a vacuum. (signals transmitted on optical fibers about 20 kilometers apart.) Unfortunately, there does not appear to be any way to employ this to transmit information. Jim Bell // feeling exhausted? sun magnetic poles may have reversed... [videos] Sun Reversal of its Magnetic Poles // via hh http://www.youtube.com/watch?v=z0PbL-ErVas SUN ABOUT TO FLIP MAGNETIC POLES (description) http://www.youtube.com/watch?v=-haqLMAPEE8 MASSIVE Solar Burst./Sun's Pole Reversal. (esoteric) http://www.youtube.com/watch?v=lrGtK2W72_o note: gravity bringing you down more than normal? feeling strange polarization in your day? perhaps it is the solar magnetic pole reversal! as with symptoms of daylight savings time on peoples routines and schedules, perhaps solar events effect the magnetic compass within the human body in some fundamental way. anecdote: once had an MRI, tone-based buzzing with intense Tesla electromagnets that map out the brain via spinning particles in brain for imaging, so a particular tone will occur and this shifting of direction within molecules or by particles themselves can be discerned, via polarization. cannot drink caffiene without now having similar effect, as if a remote satellite locked onto noggin, the molecular directionality discerned, like wearing an electromagnetic helmet with invisible wires into the noosphere. perhaps it is only feeling the wi-fi, though caffeine makes whatever that is apprehendable. now have a particular method of decaf coffee intake with controlled micro-caffeine dose as option for a controlled burn into slightly less out-of-focus tunnel vision. thus when realizing total exhaustion recently beyond normal levels, and feeling this drag on entire body as if having walked 1,000 miles tired, it was wondered if that too could be related to a magnetic reversal impacting nervous system subsystem, some perhaps more sensitive to these effects. such as the electrically sensitive who can tell when a new satellite is switched on in orbit, or for those who tend to short-out streetlights when walking by. electromagnetism for thought. // what if dyslexia has something to teach about language structures // logical reasoning as tuning into truth, its harmonization vs. distonia Dyslexia's roots traced to bad brain connections http://www.newscientist.com/article/dn24705-dyslexias-roots-traced-to-bad-brain-connections.html [quote] The authors claim these findings add to the growing recognition of dyslexia as a "disconnection syndrome". "What we're learning from functional imaging is that it's not enough to talk about brain areas; you're always dealing with a network, and when you've got a network you've got patterns of connectivity," says Scott. "So is there some way you could restructure that network that might be beneficial?" [unquote] proposed water tap turnoff @ NSA Utah Data Center // via drudgereport http://www.usnews.com/news/articles/2013/12/03/some-nsa-opponents-want-to-nullify-surveillance-with-state-law Signalers vs. strong silent types: Sparrows exude personalities during fights http://phys.org/news/2013-12-strong-silent-sparrows-exude-personalities.html [quote] "There is a growing realization in the field that factoring in personality variables will help solve many thorny problems in animal behavior, such as do animals signal honestly," said Michael Beecher, co-author and a UW professor of psychology and biology. In other words, if a bird knew the personality of its opponent, it would have a better understanding of when to expect an attack..." [unquote] Resident Visitor: Laurie Spiegel's Machine Music The experimental pioneer's groundbreaking work with computers in the 70s and 80s helped lay the foundation for many of today's electronic noise makers. http://pitchfork.com/features/articles/9002-laurie-spiegel/ HUMAN BODY RESONANCE FREQUENCIES... // via helenhall.net http://listentothisnoise.com/post/59772917907/whats-the-resonant-frequency-of-your-eyes-what (note the external link to 'Power Standards Lab' titling this as fun stuff compared to shooting bullets into ballistic gelatin. another dimension to electronic warfare not yet discussed, how celltowers and other infrastructure can be used to deliver pain and agony via remote control) -- linked from Listen To This Noise... [audio] Seen but not Heard: contact microphones reveal hidden worlds http://soundslikenoise.org/2013/08/25/seen-but-not-heard-contact-microphones-reveal-hidden-worlds/ >> contact_microphones to record i n f r a s o u n d . . . Contact microphones (overview) http://www.recording-microphones.co.uk/Contact-microphones.shtml [quote] The Contact microphone comes in a variety of guises and is also known as a transducer, a pickup or a piezo, and is a form of microphone specifically designed to pick up audio vibrations in solid objects. Normal studio mics are all built around the principle of detecting vibrations in the air but Contact mics are different in that they are designed to pickup surface vibrations. This means that if you taped one to a wooden board and then stood infront of it and sang. the chances are it wouldn’t pick anything up. But tap, scrape, or in some way touch the board and even the softest vibrations will be picked up by the contact mic. [unquote] The first rule of CONTACT MIC club // ~practical info; matched preamp option http://www.musicofsound.co.nz/blog/the-first-rule-of-contact-mic-club Get Better Sound from Piezo Mics & Pickups http://suite101.com/a/get-better-sound-from-piezo-mics-and-pickups-a72764 A Comprehensive Guide To Contact Microphones/Piezos http://enhanced-reality.net/music/a-comprehensive-guide-to-contact-microphonespiezos/ [quote] PVDF don’t have self-resonance because they don’t have a metal disc, and they’re flexible, so you can attach them to a curved surface (use epoxy or silicone), and they’re more robust, piezo discs are rather brittle. [unquote] ex. rubber coated piezo (missing image link above) http://www.amazon.com/Ridgeview-Audio-MDK-H-Harp-Pickup/dp/images/B006ZF6W24 [audio] ex. doors, pipes & sinks, hard drives, wind, small servos http://gamesounddesign.com/Contact-Microphones.html note: i have a drum trigger for a MIDI connection though the traditional piezo is held within a plastic case separating it from the external surface so only a significant force will trigger it. in contrast, a device such as the Korg CM-200 Clip-On contact microphone (below) is in more direct contact with the surface, thus more likely to sense the resonating/vibrating surface, in this case on a music instrument though presumably could be used elsewise. Korg CM-200 http://www.korg.com/cm200 note: thus, either with a mixer preamp and-or-else a digital recorder the contact mic could be used in lieu of an acoustic cardoid/etc microphone registering signal out of air pressure. this is a piezo disk transducer, whereas the following is an example of shielded PVDF options... ex: Fluoropolymer Piezo Film Tab Contact Microphone (PVDF) http://contactmicrophones.com/index.html http://contactmicrophones.com/products-lft.html Hertzian Tales Electronic Products, Aesthetic Experience, and Critical Design Anthony Dunne, The MIT Press (PDF link. 1999/2005 edition) http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCwQFjAA&url=http%3A%2F%2Fbscw.wineme.fb5.uni-siegen.de%2Fpub%2Fbscw.cgi%2Fd807744%2F__Hertzian_Tales__Electronic_Products__Aesthetic_Experience__and_Critical_Design.pdf&ei=WdOeUrCBJou0kAeS54CABw&usg=AFQjCNE2DwbM873vh22tPfgTUDLHNOj_lQ&sig2=hXrRdswBAslc5TLQUF7xnA 1 the electronic as post-optimal object 1 2 (in)human factors 21 3 para-functionality: the aesthetics of use 43 4 psychosocial narratives 69 5 real fiction 83 6 hertzian space 101 7 hertzian tales and sublime gadgets 123 conclusion 147 notes 149 bibliography 155 illustration credits 165 index 171 RF-Safe Stop electromagnetic pulse to stop vehicles // via drudgereport http://www.dailymail.co.uk/sciencetech/article-2518177/End-high-speed-car-chase-Engineers-invent-disables-vehicles-engine-remotely-using-radio-beams.html --- on organization --- in earlier days thought the computer OS would help organize life, yet the filing cabinet approach remains a junk drawer approach scaled up to the internet worldwide, existing as a global networked junk drawer. attempts to develop a system have been delayed (AMS) though as part of this, an organizational approach to offline data (paper and things) was realized via a consistent, modular approach to storage, such that everything now has its place and is manageable, contained as it were, as part of a ecosystem-like relation between stuff. my interest in organizing information (concepts,ideas) also exists in environment, feel much better when everything is put away or space maximized and storable versus cluttered. so space-savings, maximizing use of space, easy or improved maintenance, easier to find, etc. {my computer just crashed again due to a hack from cypherpunks thus lost paragraph written} though this particular approach to storage via Really Useful Boxes has transformed my life via organizing what would otherwise be in chaos, allowing stackable and nestable storage (boxes in boxes, boxes made for certain dimensional items, such as CDs or file folders) and also the unique foldable crates/containers that expand/contract as needed. also, tamper proof pins available. others may prefer other containers or other brands or approaches, though in my situation the Really Useful Boxes solved the organization and management situation and allow continual tweaking over time. manufacturer website... Really Useful Boxes Inc. http://www.reallyusefulproducts.co.uk/usa/index.php now if only storage could be connected with barcode inventories or bluetooth stickers and managed via the OS as part of an ecosystem approach (i.e. Asperger Management System). must note: a favorite organizational, stuff management & transport device is the gigantic Ikea foldable bags. they can help carry a large box or vast clothes, gear, or supplies and fold down to a small format that fits in a backpack or bag. excellent if needing to move lots of stuff fast. ^(quasi: offline organization influences approach to computer, online) other than this, right now, in analog mode with index cards and post-it notes instead of digital tools, still in paper realm of organization day to day, the role of the paper shredder still seems vital to any organizational approach, present to future, say managing scanned documents that are stored digitally and then either filed or shredded, given priority. such systems in contrast to doing nothing, tendency to have data collect as if layers of new dust, and paper multiplies week by week until unmanageable chaos, unless managing it. figuring it out via a systematic approach. and that is where offline/computer/online are mismatched, a huge gap between chaos of offline filing cabinet and computer and online cloud junk drawers and data model that has no empirical basis for knowledge or information. no 'shared truth' that is a relational structure. instead, urls and search. hunt and peck. where's that copy of the hospital bill again? maybe the great synchrony is the gap that requires and relies upon the junk drawer and hoarding approach online, at OS level, and offline, due to the gap with ideas, the loss of concepts altogether within computing: "tools for thinking" absent as a worldview. --- on heartbreak and hope --- e-ink has been for me the great potential for a more 'idea-based' approach to display, such that larger format interfaces such as calendars or maps could feasibly become updateable and readable in a non-projected-light or blaring screen approach that scorches the eyeballs or loses readability in the sun or forces extreme fatigue in high-contrast viewing (screens when read at night in low light or for long periods of time, hours to days and weeks of interaction). an upgraded version of the Kindle DX was in my estimate the best change of finally having a tool or platform for sharing ideas, beyond the failure zone of email lists and blogs and social media sites, that 'ideas' and conceptualization both in a realm of scholarship and thinking, as this relates to discussion and feedback and debate, could be opened up by a tool that meets this realm of *advanced literacy* -- and yet instead, when the next-gen Paperwhite Kindle was announced, the large format DX had no such update and then was said by some Amazon representative to not be in further development, thus the only viable PDF reader at size of actual documents was left in an unlit condition, eventually removed from their website. this basically killed off my remaining hope in technological innovation because it forced any such publishing platform that could develop for ideas into a constricted zone of haikus only and penguin classics small-book formats, great for reading on a bus, bad for complex ideas and diagrams and visual and written communication combined, at a readable type size where formatting does not need to be pinched & zoomed repeatedly to move through information, and thus issues of formatting as it relates to standards, the web deteriorated into various formatting approaches, canned 'big box' solutions, monoculture, deafening sameness that adds up to nothing more than the part. when i considered the Kindle DX as a platform it seems ideal for fishing and topo maps, for documents yet also calendar like scheduling, day planning, etc. though in years of thinking about it (and never yet using the device), one day it dawned on me the missing functionality was the very attribute that originally seemed the greatest feature: free 3G connectivity to Wikipedia. this is one of those issues for a person like myself who grew up without an encyclopedia within the home, yet had a yearning fascination with information yet no access. as it remains today in many ways, sans cellphone, though having ready access to an online reference work could then open up questioning and the imagination to further considerations instead of stopping or limiting next steps in thinking. this is equivalent to the advice 'if you do know what a word means look it up in the dictionary' as a life practice, to improving literacy, yet at the larger connected realm of ideas in their expanded explanation and description, integral conceptualization. and thus in reverse, the idea arose that wouldn't it be ideal if the Kindle DX was a _writing platform as well as just reading. not simply writing a computer, but also, at the e-ink device via touchscreen or other interface (handwriting, diagramming). a related concept i have described as 'fractal reading/writing' is in some ways connected to this ability to write in categories versus long-strings of conventional descriptive language, more like programming or code for structures of concepts, as if molecular entities. going into a concept, not just across it, via language. modeling the ideas, concepts, structural 'forms', where scaffolding may exist as substructures hidden or not in given views (xml, tags, etc) the realization then that if every Kindle shipped with wiki software that would allow people to write these structures and link them together in a new public zone of the internet that is based upon ideas and concepts and their organization. a public realm like cafe society where debates and discussions could occur, conceptualization beyond boundaries of websites or separated blogs, and into the structures themselves, that would move from individual POVs in relativistic frames, grounded or not, into a larger empirical structure, if mediated this way, organized, managed, maintained, say by public discourse, debate, challenging of hypotheses. this, tools for thinking and tools for developing literacy, to battle the engrained ignorance that one-way media and vested opinions together establish, especially when separated and left unchallenged or untested beyond a comfortable isolation. what if tools could reestablish or allow a public zone or square or environment where today none actually exists. and what if it is wiki and e-readers and those who use these for scholarship and exchanging ideas, and thus various platforms and vendors could exist and participate, allow access and interface, yet also it would involve those with knowledge of particular domains to develop and model them, and potentially transform existing conceptions of what a field or discipline actually is, in contrast to the outdated or detached academic models that may limit what is approved. being someone who is intrigued by innovative technological tools with purpose, it was completely devastating when Amazon dropped support for the larger format DX. i lost faith in Bezos vision because it at once manages a future of books while removing the larger purpose of ideas and concept development they involve, making it a read-only scenario with Kindles versus a read-and-write platform for those developing ideas, the people who are creating the documents, so they can review their own work at scale, away from the PC screen and read others ideas likewise, beyond its domination over context and interpretation, via distraction and requirement of multitasking with an OS or other device with demands. thus the [concept] + [concept] = [concept] / [concept] approach that wikis allow could be a new way of 'writing' that is non-linear and fractal, going into other networked data structures or particular versions, to create various models of ideas and concepts and new organizations or a worldview, new interface to online information that could be developed that is integrated into a single model, and data could be attached to this, instead of having individual branded websites reinventing the wheel, they could be data structures instead with basic facts and details. certainly would deal with information anxiety issues at every level, from finding out info in a Wolfram-like computational approach, to the phone-book aspect of just wanting the facts without the 1mb download of advertising banner ads and all the tracking data to locate an address, etc. and then it could be visualized atop that via the various approaches, instead of tied down into static rendered css/xml sites as UI/display. there is no reason this wiki-approach could not exist on tablets and cellphones likewise, (in the sense of 'tools for thinking') though it is this issue related to readability adn those who are writers or thinkers or scholars or communicator/conveyors, debaters of ideas, etc, that in reading or considering ideas, the issues of the screen and its biasing does influence what is read, how it is read, and within what parameters (in browser, often with animations running or OS notifications, or various errors) versus a device purpose-made for easy readability and reading, the pleasure of textual communication, even into embedded visuals/diagrams, versus the hassle that is email or all the formatted bureaucracy blogs require to upkeep while limiting reference or url-rot or whatever. versus having data stored as documents in a library within a device -or- accessible as a structure, as with a wiki-structure of networked data models, that could become a new realm of the internet, expanding further than wikipedia yet still accessible. another variant like gopher or mailing lists, yet more permanent, like earlier days of (lynx-like) Yahoo categorization yet public, developed as areas of integrated knowledge and areas of debate and discussion, not limited to the outdated worldviews held within and requiring censorship to control and discourage feedback, within institutions. thus, the opportunity for Galilean/Copernicun remodeling and working-through such conditions rather than avoiding or voiding such thinking, makign the internet read-only for ideas in terms of public discourse, debate, ideas, "books", knowledge, "culture", thinking, etc. i.e. beyond overly-limiting corporate or institutional or private control over shared reality. so Amazon dropped out, and Sony went conceptual and introduced a fascinating upgrade to their e-ink future with a prototype now deploying for testing in Japan. see the video: 13.3-inch Sony tablet // the future... http://news.cnet.com/8301-17938_105-57585367-1/13.3-inch-sony-tablet-is-like-etch-a-sketch-on-steroids/ so this is not just an e-reader, it is described as a 'digital notepad' and 'digital paper', perhaps tending toward the concept of a clipboard functionality for this kind of device, where it could be used for formwork, charting, census, notes and writing, scheduling, etc. and likely would be much more usable than a tablet (including large sized) due to weight, battery life, readability, and better functionality with dedicated or programmable task buttons that are not needing to relate to MP3 and videos, other non-relevant apps or adds-on (everything!) it is also mentioned is focused on Universities, so it has an inherent educational purpose, (potentially: tool for thinking) and is currently in trials in Japan from what i last read. and a price of approximately 1k USD was recently mentioned, which is also interesting, in that it makes it impracticle for most citizens unless a niche or supported project. this must have freaked out Amazon and reawoken their Kindle DX program because the device has since reappeared on their website, and for a heavily discounted price (169 USD, when previously in the 379 USD range). it was a closeout special before, yet reintroduced, it is a reactivation of a forfeited category, something that was said officially a dead-end, and to me was a betrayal of ideas and the Kindle as a publishing platform, thus the heartbreak that the soul of books have become only about the money made from them, not the continuance of ideas they contain and culture they develop and sustain. yet, along with quadrocopters, suddenly Amazon and Bezos are back in the realm of critical relevance in this same context by what is potentially a vital reversal, hopefully and likely indicating a renewed interest in the large-format e-ink reader as future data management, organization, communication devices. it was difficult for a person like me, heavily vested in strange ideas requiring a platform for their public exchange, to be removed as a possibility. it was preface to extinction for the very relevance of thought within networked media, to have the literacy device disappear, taken over by more jukeboxes with electronic money-slots required for each & every interaction. it is potentially heartening that Amazon is responding to innovation from Sony, realizes the potential and need, and will bring paperwhite-like illumination to a large format e-reader, a next generation Kindle DX, hopefully others like Sony will also. presumably there was not a viable enough market or need or the timing was not right for such a next stage, in terms of corporate-interest, before now. yet i think it always existing though is not voiced, yet it is the vital core of the culture and internet that would use such devices, especially those who think and organize and share and debate their thoughts. perhaps a next generation larger format DX device would have been too expensive with older e-ink screens, until the Sony approach. and thus would not sell enough to justify the investment needed. whatever the case, the latest ongoing pricepoint for the existing DX indicates a next generation Kindle DX could be in the works if not using the same E Ink Mobius screen as the Sony digital notepad, potentially or eventually. thus it would not suprise if the next DX is somewhere between the existing and last launched pricepoint, instead of further towards the 1K USD that is breaking new ground for a prefered display for written, diagrammatic, textual, modeled information, organization, and management that tends more towards the library than file cabinet turning into a data junk drawer approach. likewise, another such device for construction documents.... (logistics, networked data management) PocketBook CAD Reader // Fina screen http://archinect.com/news/article/87978707/e-ink-introduces-display-and-new-pocketbook-tablet-for-use-on-the-construction-site [video] Pocketbook CAD Reader Debuts in New Commercial http://goodereader.com/blog/electronic-readers/pocketbook-cad-reader-debuts-in-new-commercial note on kindle dx, autocad device, sony large-format!!, killer-app missing: wikis. new www space (structured info) could be created using it and other software as shared web-platform. ii.e. writing as wiki, wiki as approach to writing, not serial strings, deep structural concepts. [concept] [concept] + [concept] diagrammatic approach to communication (fractal r/w) {educational fair-use of copyright, 2013} Caligula, Monty Python and the Holy Grail, Spartacus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 31427 bytes Desc: not available URL: From electromagnetize at gmail.com Fri Dec 6 22:11:43 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 7 Dec 2013 00:11:43 -0600 Subject: infra-org (urls) Message-ID: 'Spooky action' builds a wormhole between 'entangled' quantum particles http://phys.org/news/2013-12-spooky-action-wormhole-entangled-quantum.html note: i must have it all wrong because would it not be possible to modify the spin of an entangled pair and have it influence the remote particle likewise. and thus, what need of wires or fiber to connect events, if a hybrid remote and on-site quatum processing were to take place. an ecological or ecosystem context of connectivity in & out of various structures via different forms of entanglement. what if 1,000 circuit boards shared a split particle and were sent to remote areas, yet one calculation effected the others and likewise, or perhaps 1,000 remotely-connected processing functions embedded in 100,000 onsite. in other words what if the processor were not discrete nor connected by means other than resonance or vibration (perhaps decibels indicates this as an acoustic measurement for light even). of course i have no idea what i am saying, though as list fool i must speak such nonsense. // feeling exhausted? sun magnetic poles may have reversed... [videos] Sun Reversal of its Magnetic Poles // via hh http://www.youtube.com/watch?v=z0PbL-ErVas SUN ABOUT TO FLIP MAGNETIC POLES (description) http://www.youtube.com/watch?v=-haqLMAPEE8 MASSIVE Solar Burst./Sun's Pole Reversal. (esoteric) http://www.youtube.com/watch?v=lrGtK2W72_o note: gravity bringing you down more than normal? feeling strange polarization in your day? perhaps it is the solar magnetic pole reversal! as with symptoms of daylight savings time on peoples routines and schedules, perhaps solar events effect the magnetic compass within the human body in some fundamental way. anecdote: once had an MRI, tone-based buzzing with intense Tesla electromagnets that map out the brain via spinning particles in brain for imaging, so a particular tone will occur and this shifting of direction within molecules or by particles themselves can be discerned, via polarization. cannot drink caffiene without now having similar effect, as if a remote satellite locked onto noggin, the molecular directionality discerned, like wearing an electromagnetic helmet with invisible wires into the noosphere. perhaps it is only feeling the wi-fi, though caffeine makes whatever that is apprehendable. now have a particular method of decaf coffee intake with controlled micro-caffeine dose as option for a controlled burn into slightly less out-of-focus tunnel vision. thus when realizing total exhaustion recently beyond normal levels, and feeling this drag on entire body as if having walked 1,000 miles tired, it was wondered if that too could be related to a magnetic reversal impacting nervous system subsystem, some perhaps more sensitive to these effects. such as the electrically sensitive who can tell when a new satellite is switched on in orbit, or for those who tend to short-out streetlights when walking by. electromagnetism for thought. // what if dyslexia has something to teach about language structures // logical reasoning as tuning into truth, its harmonization vs. distonia Dyslexia's roots traced to bad brain connections http://www.newscientist.com/article/dn24705-dyslexias-roots-traced-to-bad-brain-connections.html [quote] The authors claim these findings add to the growing recognition of dyslexia as a "disconnection syndrome". "What we're learning from functional imaging is that it's not enough to talk about brain areas; you're always dealing with a network, and when you've got a network you've got patterns of connectivity," says Scott. "So is there some way you could restructure that network that might be beneficial?" [unquote] proposed water tap turnoff @ NSA Utah Data Center // via drudgereport http://www.usnews.com/news/articles/2013/12/03/some-nsa-opponents-want-to-nullify-surveillance-with-state-law Signalers vs. strong silent types: Sparrows exude personalities during fights http://phys.org/news/2013-12-strong-silent-sparrows-exude-personalities.html [quote] "There is a growing realization in the field that factoring in personality variables will help solve many thorny problems in animal behavior, such as do animals signal honestly," said Michael Beecher, co-author and a UW professor of psychology and biology. In other words, if a bird knew the personality of its opponent, it would have a better understanding of when to expect an attack..." [unquote] Resident Visitor: Laurie Spiegel's Machine Music The experimental pioneer's groundbreaking work with computers in the 70s and 80s helped lay the foundation for many of today's electronic noise makers. http://pitchfork.com/features/articles/9002-laurie-spiegel/ HUMAN BODY RESONANCE FREQUENCIES... // via helenhall.net http://listentothisnoise.com/post/59772917907/whats-the-resonant-frequency-of-your-eyes-what (note the external link to 'Power Standards Lab' titling this as fun stuff compared to shooting bullets into ballistic gelatin. another dimension to electronic warfare not yet discussed, how celltowers and other infrastructure can be used to deliver pain and agony via remote control) -- linked from Listen To This Noise... [audio] Seen but not Heard: contact microphones reveal hidden worlds http://soundslikenoise.org/2013/08/25/seen-but-not-heard-contact-microphones-reveal-hidden-worlds/ >> contact_microphones to record i n f r a s o u n d . . . Contact microphones (overview) http://www.recording-microphones.co.uk/Contact-microphones.shtml [quote] The Contact microphone comes in a variety of guises and is also known as a transducer, a pickup or a piezo, and is a form of microphone specifically designed to pick up audio vibrations in solid objects. Normal studio mics are all built around the principle of detecting vibrations in the air but Contact mics are different in that they are designed to pickup surface vibrations. This means that if you taped one to a wooden board and then stood infront of it and sang. the chances are it wouldn’t pick anything up. But tap, scrape, or in some way touch the board and even the softest vibrations will be picked up by the contact mic. [unquote] The first rule of CONTACT MIC club // ~practical info; matched preamp option http://www.musicofsound.co.nz/blog/the-first-rule-of-contact-mic-club Get Better Sound from Piezo Mics & Pickups http://suite101.com/a/get-better-sound-from-piezo-mics-and-pickups-a72764 A Comprehensive Guide To Contact Microphones/Piezos http://enhanced-reality.net/music/a-comprehensive-guide-to-contact-microphonespiezos/ [quote] PVDF don’t have self-resonance because they don’t have a metal disc, and they’re flexible, so you can attach them to a curved surface (use epoxy or silicone), and they’re more robust, piezo discs are rather brittle. [unquote] ex. rubber coated piezo (missing image link above) http://www.amazon.com/Ridgeview-Audio-MDK-H-Harp-Pickup/dp/images/B006ZF6W24 [audio] ex. doors, pipes & sinks, hard drives, wind, small servos http://gamesounddesign.com/Contact-Microphones.html note: i have a drum trigger for a MIDI connection though the traditional piezo is held within a plastic case separating it from the external surface so only a significant force will trigger it. in contrast, a device such as the Korg CM-200 Clip-On contact microphone (below) is in more direct contact with the surface, thus more likely to sense the resonating/vibrating surface, in this case on a music instrument though presumably could be used elsewise. Korg CM-200 http://www.korg.com/cm200 note: thus, either with a mixer preamp and-or-else a digital recorder the contact mic could be used in lieu of an acoustic cardoid/etc microphone registering signal out of air pressure. this is a piezo disk transducer, whereas the following is an example of shielded PVDF options... ex: Fluoropolymer Piezo Film Tab Contact Microphone (PVDF) http://contactmicrophones.com/index.html http://contactmicrophones.com/products-lft.html Hertzian Tales Electronic Products, Aesthetic Experience, and Critical Design Anthony Dunne, The MIT Press (PDF link. 1999/2005 edition) http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCwQFjAA&url=http%3A%2F%2Fbscw.wineme.fb5.uni-siegen.de%2Fpub%2Fbscw.cgi%2Fd807744%2F__Hertzian_Tales__Electronic_Products__Aesthetic_Experience__and_Critical_Design.pdf&ei=WdOeUrCBJou0kAeS54CABw&usg=AFQjCNE2DwbM873vh22tPfgTUDLHNOj_lQ&sig2=hXrRdswBAslc5TLQUF7xnA 1 the electronic as post-optimal object 1 2 (in)human factors 21 3 para-functionality: the aesthetics of use 43 4 psychosocial narratives 69 5 real fiction 83 6 hertzian space 101 7 hertzian tales and sublime gadgets 123 conclusion 147 notes 149 bibliography 155 illustration credits 165 index 171 RF-Safe Stop electromagnetic pulse to stop vehicles // via drudgereport http://www.dailymail.co.uk/sciencetech/article-2518177/End-high-speed-car-chase-Engineers-invent-disables-vehicles-engine-remotely-using-radio-beams.html --- on organization --- in earlier days thought the computer OS would help organize life, yet the filing cabinet approach remains a junk drawer approach scaled up to the internet worldwide, existing as a global networked junk drawer. attempts to develop a system have been delayed (AMS) though as part of this, an organizational approach to offline data (paper and things) was realized via a consistent, modular approach to storage, such that everything now has its place and is manageable, contained as it were, as part of a ecosystem-like relation between stuff. my interest in organizing information (concepts,ideas) also exists in environment, feel much better when everything is put away or space maximized and storable versus cluttered. so space-savings, maximizing use of space, easy or improved maintenance, easier to find, etc. {my computer just crashed again due to a hack from cypherpunks thus lost paragraph written} though this particular approach to storage via Really Useful Boxes has transformed my life via organizing what would otherwise be in chaos, allowing stackable and nestable storage (boxes in boxes, boxes made for certain dimensional items, such as CDs or file folders) and also the unique foldable crates/containers that expand/contract as needed. also, tamper proof pins available. others may prefer other containers or other brands or approaches, though in my situation the Really Useful Boxes solved the organization and management situation and allow continual tweaking over time. manufacturer website... Really Useful Boxes Inc. http://www.reallyusefulproducts.co.uk/usa/index.php now if only storage could be connected with barcode inventories or bluetooth stickers and managed via the OS as part of an ecosystem approach (i.e. Asperger Management System). must note: a favorite organizational, stuff management & transport device is the gigantic Ikea foldable bags. they can help carry a large box or vast clothes, gear, or supplies and fold down to a small format that fits in a backpack or bag. excellent if needing to move lots of stuff fast. ^(quasi: offline organization influences approach to computer, online) other than this, right now, in analog mode with index cards and post-it notes instead of digital tools, still in paper realm of organization day to day, the role of the paper shredder still seems vital to any organizational approach, present to future, say managing scanned documents that are stored digitally and then either filed or shredded, given priority. such systems in contrast to doing nothing, tendency to have data collect as if layers of new dust, and paper multiplies week by week until unmanageable chaos, unless managing it. figuring it out via a systematic approach. and that is where offline/computer/online are mismatched, a huge gap between chaos of offline filing cabinet and computer and online cloud junk drawers and data model that has no empirical basis for knowledge or information. no 'shared truth' that is a relational structure. instead, urls and search. hunt and peck. where's that copy of the hospital bill again? maybe the great synchrony is the gap that requires and relies upon the junk drawer and hoarding approach online, at OS level, and offline, due to the gap with ideas, the loss of concepts altogether within computing: "tools for thinking" absent as a worldview. --- on heartbreak and hope --- e-ink has been for me the great potential for a more 'idea-based' approach to display, such that larger format interfaces such as calendars or maps could feasibly become updateable and readable in a non-projected-light or blaring screen approach that scorches the eyeballs or loses readability in the sun or forces extreme fatigue in high-contrast viewing (screens when read at night in low light or for long periods of time, hours to days and weeks of interaction). an upgraded version of the Kindle DX was in my estimate the best change of finally having a tool or platform for sharing ideas, beyond the failure zone of email lists and blogs and social media sites, that 'ideas' and conceptualization both in a realm of scholarship and thinking, as this relates to discussion and feedback and debate, could be opened up by a tool that meets this realm of *advanced literacy* -- and yet instead, when the next-gen Paperwhite Kindle was announced, the large format DX had no such update and then was said by some Amazon representative to not be in further development, thus the only viable PDF reader at size of actual documents was left in an unlit condition, eventually removed from their website. this basically killed off my remaining hope in technological innovation because it forced any such publishing platform that could develop for ideas into a constricted zone of haikus only and penguin classics small-book formats, great for reading on a bus, bad for complex ideas and diagrams and visual and written communication combined, at a readable type size where formatting does not need to be pinched & zoomed repeatedly to move through information, and thus issues of formatting as it relates to standards, the web deteriorated into various formatting approaches, canned 'big box' solutions, monoculture, deafening sameness that adds up to nothing more than the part. when i considered the Kindle DX as a platform it seems ideal for fishing and topo maps, for documents yet also calendar like scheduling, day planning, etc. though in years of thinking about it (and never yet using the device), one day it dawned on me the missing functionality was the very attribute that originally seemed the greatest feature: free 3G connectivity to Wikipedia. this is one of those issues for a person like myself who grew up without an encyclopedia within the home, yet had a yearning fascination with information yet no access. as it remains today in many ways, sans cellphone, though having ready access to an online reference work could then open up questioning and the imagination to further considerations instead of stopping or limiting next steps in thinking. this is equivalent to the advice 'if you do know what a word means look it up in the dictionary' as a life practice, to improving literacy, yet at the larger connected realm of ideas in their expanded explanation and description, integral conceptualization. and thus in reverse, the idea arose that wouldn't it be ideal if the Kindle DX was a _writing platform as well as just reading. not simply writing a computer, but also, at the e-ink device via touchscreen or other interface (handwriting, diagramming). a related concept i have described as 'fractal reading/writing' is in some ways connected to this ability to write in categories versus long-strings of conventional descriptive language, more like programming or code for structures of concepts, as if molecular entities. going into a concept, not just across it, via language. modeling the ideas, concepts, structural 'forms', where scaffolding may exist as substructures hidden or not in given views (xml, tags, etc) the realization then that if every Kindle shipped with wiki software that would allow people to write these structures and link them together in a new public zone of the internet that is based upon ideas and concepts and their organization. a public realm like cafe society where debates and discussions could occur, conceptualization beyond boundaries of websites or separated blogs, and into the structures themselves, that would move from individual POVs in relativistic frames, grounded or not, into a larger empirical structure, if mediated this way, organized, managed, maintained, say by public discourse, debate, challenging of hypotheses. this, tools for thinking and tools for developing literacy, to battle the engrained ignorance that one-way media and vested opinions together establish, especially when separated and left unchallenged or untested beyond a comfortable isolation. what if tools could reestablish or allow a public zone or square or environment where today none actually exists. and what if it is wiki and e-readers and those who use these for scholarship and exchanging ideas, and thus various platforms and vendors could exist and participate, allow access and interface, yet also it would involve those with knowledge of particular domains to develop and model them, and potentially transform existing conceptions of what a field or discipline actually is, in contrast to the outdated or detached academic models that may limit what is approved. being someone who is intrigued by innovative technological tools with purpose, it was completely devastating when Amazon dropped support for the larger format DX. i lost faith in Bezos vision because it at once manages a future of books while removing the larger purpose of ideas and concept development they involve, making it a read-only scenario with Kindles versus a read-and-write platform for those developing ideas, the people who are creating the documents, so they can review their own work at scale, away from the PC screen and read others ideas likewise, beyond its domination over context and interpretation, via distraction and requirement of multitasking with an OS or other device with demands. thus the [concept] + [concept] = [concept] / [concept] approach that wikis allow could be a new way of 'writing' that is non-linear and fractal, going into other networked data structures or particular versions, to create various models of ideas and concepts and new organizations or a worldview, new interface to online information that could be developed that is integrated into a single model, and data could be attached to this, instead of having individual branded websites reinventing the wheel, they could be data structures instead with basic facts and details. certainly would deal with information anxiety issues at every level, from finding out info in a Wolfram-like computational approach, to the phone-book aspect of just wanting the facts without the 1mb download of advertising banner ads and all the tracking data to locate an address, etc. and then it could be visualized atop that via the various approaches, instead of tied down into static rendered css/xml sites as UI/display. there is no reason this wiki-approach could not exist on tablets and cellphones likewise, (in the sense of 'tools for thinking') though it is this issue related to readability adn those who are writers or thinkers or scholars or communicator/conveyors, debaters of ideas, etc, that in reading or considering ideas, the issues of the screen and its biasing does influence what is read, how it is read, and within what parameters (in browser, often with animations running or OS notifications, or various errors) versus a device purpose-made for easy readability and reading, the pleasure of textual communication, even into embedded visuals/diagrams, versus the hassle that is email or all the formatted bureaucracy blogs require to upkeep while limiting reference or url-rot or whatever. versus having data stored as documents in a library within a device -or- accessible as a structure, as with a wiki-structure of networked data models, that could become a new realm of the internet, expanding further than wikipedia yet still accessible. another variant like gopher or mailing lists, yet more permanent, like earlier days of (lynx-like) Yahoo categorization yet public, developed as areas of integrated knowledge and areas of debate and discussion, not limited to the outdated worldviews held within and requiring censorship to control and discourage feedback, within institutions. thus, the opportunity for Galilean/Copernicun remodeling and working-through such conditions rather than avoiding or voiding such thinking, makign the internet read-only for ideas in terms of public discourse, debate, ideas, "books", knowledge, "culture", thinking, etc. i.e. beyond overly-limiting corporate or institutional or private control over shared reality. so Amazon dropped out, and Sony went conceptual and introduced a fascinating upgrade to their e-ink future with a prototype now deploying for testing in Japan. see the video: 13.3-inch Sony tablet // the future... http://news.cnet.com/8301-17938_105-57585367-1/13.3-inch-sony-tablet-is-like-etch-a-sketch-on-steroids/ so this is not just an e-reader, it is described as a 'digital notepad' and 'digital paper', perhaps tending toward the concept of a clipboard functionality for this kind of device, where it could be used for formwork, charting, census, notes and writing, scheduling, etc. and likely would be much more usable than a tablet (including large sized) due to weight, battery life, readability, and better functionality with dedicated or programmable task buttons that are not needing to relate to MP3 and videos, other non-relevant apps or adds-on (everything!) it is also mentioned is focused on Universities, so it has an inherent educational purpose, (potentially: tool for thinking) and is currently in trials in Japan from what i last read. and a price of approximately 1k USD was recently mentioned, which is also interesting, in that it makes it impracticle for most citizens unless a niche or supported project. this must have freaked out Amazon and reawoken their Kindle DX program because the device has since reappeared on their website, and for a heavily discounted price (169 USD, when previously in the 379 USD range). it was a closeout special before, yet reintroduced, it is a reactivation of a forfeited category, something that was said officially a dead-end, and to me was a betrayal of ideas and the Kindle as a publishing platform, thus the heartbreak that the soul of books have become only about the money made from them, not the continuance of ideas they contain and culture they develop and sustain. yet, along with quadrocopters, suddenly Amazon and Bezos are back in the realm of critical relevance in this same context by what is potentially a vital reversal, hopefully and likely indicating a renewed interest in the large-format e-ink reader as future data management, organization, communication devices. it was difficult for a person like me, heavily vested in strange ideas requiring a platform for their public exchange, to be removed as a possibility. it was preface to extinction for the very relevance of thought within networked media, to have the literacy device disappear, taken over by more jukeboxes with electronic money-slots required for each & every interaction. it is potentially heartening that Amazon is responding to innovation from Sony, realizes the potential and need, and will bring paperwhite-like illumination to a large format e-reader, a next generation Kindle DX, hopefully others like Sony will also. presumably there was not a viable enough market or need or the timing was not right for such a next stage, in terms of corporate-interest, before now. yet i think it always existing though is not voiced, yet it is the vital core of the culture and internet that would use such devices, especially those who think and organize and share and debate their thoughts. perhaps a next generation larger format DX device would have been too expensive with older e-ink screens, until the Sony approach. and thus would not sell enough to justify the investment needed. whatever the case, the latest ongoing pricepoint for the existing DX indicates a next generation Kindle DX could be in the works if not using the same E Ink Mobius screen as the Sony digital notepad, potentially or eventually. thus it would not suprise if the next DX is somewhere between the existing and last launched pricepoint, instead of further towards the 1K USD that is breaking new ground for a prefered display for written, diagrammatic, textual, modeled information, organization, and management that tends more towards the library than file cabinet turning into a data junk drawer approach. likewise, another such device for construction documents.... (logistics, networked data management) PocketBook CAD Reader // Fina screen http://archinect.com/news/article/87978707/e-ink-introduces-display-and-new-pocketbook-tablet-for-use-on-the-construction-site [video] Pocketbook CAD Reader Debuts in New Commercial http://goodereader.com/blog/electronic-readers/pocketbook-cad-reader-debuts-in-new-commercial note on kindle dx, autocad device, sony large-format!!, killer-app missing: wikis. new www space (structured info) could be created using it and other software as shared web-platform. ii.e. writing as wiki, wiki as approach to writing, not serial strings, deep structural concepts. [concept] [concept] + [concept] diagrammatic approach to communication (fractal r/w) {educational fair-use of copyright, 2013} Caligula, Monty Python and the Holy Grail, Spartacus From electromagnetize at gmail.com Fri Dec 6 23:55:24 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 7 Dec 2013 01:55:24 -0600 Subject: infra-org (urls) In-Reply-To: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: > From: brian carroll > > 'Spooky action' builds a wormhole between 'entangled' quantum particles > http://phys.org/news/2013-12-spooky-action-wormhole-entangled-quantum.html > >>note: i must have it all wrong because would it not be possible to >>modify the spin of an entangled pair and have it influence the remote >>particle likewise. and thus, what need of wires or fiber to connect >>events, if a hybrid remote and on-site quatum processing were to take >>place. an ecological or ecosystem context of connectivity in & out of >>various structures via different forms of entanglement. what if 1,000 >>circuit boards shared a split particle and were sent to remote areas, >>yet one calculation effected the others and likewise, or perhaps 1,000 >>remotely-connected processing functions embedded in 100,000 onsite. in >>other words what if the processor were not discrete nor connected by >>means other than resonance or vibration (perhaps decibels indicates >>this as an acoustic measurement for light even). of course i have no >>idea what i am saying, though as list fool i must speak such nonsense. > "Spooky action" entanglement has been measured to operate at a velocity of > at least 10,000 'c', where 'c' is the speed of light in a vacuum. (signals > transmitted on optical fibers about 20 kilometers apart.) Unfortunately, > there does not appear to be any way to employ this to transmit information. > Jim Bell so would this not break the physics model already, of faster than light info, such that the cosmos may operate on principles beyond those employed. the comments on the article seemingly indicative of this same scenario, as if a realm of political science, gerrymandering of physics seemingly. if a spin could be remotely connected to another, as mentioned in the article comments, and activated at a distance, could this not function as a basic switch, perhaps making a relay or gate or some kind or the ability to send/receive coded messages via morse code (as mentioned). say, a sequence of spins encoding the alphabet or whatever, perhaps controlled by a normal computer process yet transmitted/received via this quantum connectivity (seemingly out of this world then back into it via vibration, rather than a line of sight acoustic signal, if understanding) i thought that was the idea underneath the potential for other, hidden technology embedded in existing systems, that remote relationship via quantum properties that operate in other dimensionality/structures, if not beyond lightspeed properties or conceptions, and that it may not be recognizable in the existing approach or computational paradigm. such that fiber may not be necessary, the approach to key exchange or processing may occur in other parameters or functional structures. From electromagnetize at gmail.com Sat Dec 7 00:01:12 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 7 Dec 2013 02:01:12 -0600 Subject: infra-org (urls) In-Reply-To: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: >> 'Spooky action' builds a wormhole between 'entangled' quantum particles >> http://phys.org/news/2013-12-spooky-action-wormhole-entangled-quantum.html > "Spooky action" entanglement has been measured to operate at a velocity of > at least 10,000 'c', where 'c' is the speed of light in a vacuum. (signals > transmitted on optical fibers about 20 kilometers apart.) Unfortunately, > there does not appear to be any way to employ this to transmit information. > Jim Bell i should have mentioned i think this is the model for basic consciousness, as it relates to processing reality, logic, and pattern recognition. closely related to ideas visually presented in the book: Space-Time and Beyond: Toward an Explanation of the Unexplainable authors: Fred Wolf, Jack Sarfatti, Bob Toben From electromagnetize at gmail.com Sat Dec 7 00:13:13 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sat, 7 Dec 2013 02:13:13 -0600 Subject: infra-org (urls) In-Reply-To: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: Jim Bell wrote: > "Spooky action" entanglement has been measured to operate at a velocity of > at least 10,000 'c', where 'c' is the speed of light in a vacuum. (signals > transmitted on optical fibers about 20 kilometers apart.) Unfortunately, > there does not appear to be any way to employ this to transmit information. it also makes me wonder, given the insane speed vs. infinitesimal distance if *information* could operate as a kind of cognitive pressure on the mind, (as with predictive Random Event Generator (REG) vs RNG where patterns organize/emerge out of quantum-noisefield) thus corollary perhaps to the analogy of water pressure for electrical circuits and flow based on pneuma- tic dynamics in a potentially bounded or closed system). that may enter into questions of 'where information actually exists', perhaps stored outside the brain in noosphere as patterns or forms (invisible constellation/structure) that is referenced or linked to rather than contained within a brain, and thus boundary of brain vs. mind. same: digital computer vs.quantum processor, perhaps. thus issue of channeling or tuning into versus as origin of truth. what if a fundamentally different data model, thus security model, etc. this conceptualization has the individual person modeled as an antenna, tuning into various structures based on what resonates, aligns correctly, what circuits or feedback loops or environments exist. versus machine of clockwork, rote memorization, and processor speed of read/write. From jya at pipeline.com Sat Dec 7 03:24:50 2013 From: jya at pipeline.com (John Young) Date: Sat, 07 Dec 2013 06:24:50 -0500 Subject: infra-org (urls) In-Reply-To: References: Message-ID: Contact mics for acquiring vibration and resonance emanations are among the still classified TEMPEST offensive and defensive activities, along with other multi-sensory and -physical acquisition and transmission technologies. The celebrated EM components of TEMPEST are commonly used as subterfuges, ruses and ploys to divert attention from the non-EM -- which an almost limitless number of animals and other creatures use for SIGINT and COMINT, and a few like Brian, unfettered by industry conceits, use for full-spectrum HUMINT. TSCM pros have made much of the EM threat and little of the other, or pretend to do so. The US Embassy Moscow cavity resonance bug, and a few others, are highlighted for the same diversion from the slew of others inadvertently ignored. Thanks again to Brian for broadening the discussion from narrow focus on crypto prowess and simple-minded EM and TSCM, a narrowness which might be considered a long running ploy not so different from the Snowden gush generating reams of Chicken Little narrative beloved by the comsec industry guided by its nose toward cash and ignoring its tell-taling stench. From odinn.cyberguerrilla at riseup.net Sat Dec 7 12:52:22 2013 From: odinn.cyberguerrilla at riseup.net (Odinn Cyberguerrilla) Date: Sat, 7 Dec 2013 12:52:22 -0800 Subject: Perhaps related? ABIS protocol Re: [Full-disclosure] Secure whistleblowing feedback / reporting systems in the content of compartmented information, endpoint security [was: [NSA bitching] [formerly Re: PRISM][]] Message-ID: <71f8685272c0724d306c5fbe528f30d4.squirrel@fruiteater.riseup.net> Perhaps this is related to what is being discussed here: https://github.com/ABISprotocol/ABIS - if you find it interesting please drop your comments / thoughts, and if interested in being a collaborator, please advise. On Fri, 2013-10-18 at 08:18 -0700, coderman wrote: > On Fri, Oct 18, 2013 at 4:40 AM, wrote: > >... > > http://geer.tinho.net/geer.uncc.9x13.txt > > > an interesting discussion :) > > "This is perhaps our last fundamental tradeoff before the Singularity > occurs: Do we, as a society, want the comfort and convenience of > increasingly technologic, invisible digital integration enough to pay > for those benefits with the liberties that must be given up to be > protected from the downsides of that integration?" -- dan > > > i would argue that there is an alternative in design and architecture, > mainly those which decentralize and protect end-to-end. however, there > is a cost attached to these efforts as well, which so far most opt-out > of paying... > > > best regards, > And I would reply that only those who commit to those efforts can see it more clearly that there are no credit, financing or bitcoin scheme that can side-step the payment. Great article dan! -- 010 001 111 From seanl at literati.org Sat Dec 7 13:15:34 2013 From: seanl at literati.org (Sean Lynch) Date: Sat, 07 Dec 2013 13:15:34 -0800 Subject: infra-org (urls) In-Reply-To: (brian carroll's message of "Sat, 7 Dec 2013 01:55:24 -0600") References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <87bo0ss6q1.fsf@literati.org> On Fri, Dec 06 2013, brian carroll wrote: >> "Spooky action" entanglement has been measured to operate at a velocity of >> at least 10,000 'c', where 'c' is the speed of light in a vacuum. (signals >> transmitted on optical fibers about 20 kilometers apart.) Unfortunately, >> there does not appear to be any way to employ this to transmit information. >> Jim Bell > so would this not break the physics model already, of faster than light info, > such that the cosmos may operate on principles beyond those employed. > the comments on the article seemingly indicative of this same scenario, > as if a realm of political science, gerrymandering of physics seemingly. > if a spin could be remotely connected to another, as mentioned in the > article comments, and activated at a distance, could this not function > as a basic switch, perhaps making a relay or gate or some kind or the > ability to send/receive coded messages via morse code (as mentioned). > say, a sequence of spins encoding the alphabet or whatever, perhaps > controlled by a normal computer process yet transmitted/received via > this quantum connectivity (seemingly out of this world then back into it > via vibration, rather than a line of sight acoustic signal, if understanding) > i thought that was the idea underneath the potential for other, hidden > technology embedded in existing systems, that remote relationship > via quantum properties that operate in other dimensionality/structures, > if not beyond lightspeed properties or conceptions, and that it may not > be recognizable in the existing approach or computational paradigm. > such that fiber may not be necessary, the approach to key exchange > or processing may occur in other parameters or functional structures. (Take everything I say here with a grain of salt; I'm not a quantum physicist, nor have I ever even taken a quantum physics class. I just read a lot about this stuff and think about it a lot.) Quantum entanglement is inherently difficult to explain because it's a consequence of the prevailing interpretation (the Copenhagen interpretation) of quantum mechanics, that the spin axis isn't actually "chosen" until you measure it. Unfortunately, the information that's supposedly "transmitted" instantaneously doesn't originate from outside the system, so it can't be used to send anything useful to human beings. There's an explanation that's slightly less awkward in my view: that the information about what axis you're measuring the spin on actually gets transmitted backward in time along the particle's path to the point at which the particles became entangled. It's less awkward because it doesn't require anything to happen faster than light, and it doesn't allow paradoxes because you can't actually get anything useful back out. This interpretation is known as "time symmetric quantum mechanics," but unfortunately there aren't a whole lot of papers on it because the Copenhagen interpretation is quite dominant. Special Relativity itself actually doesn't forbid traveling or sending information faster than light; it just forbids accelerating a massive object to or through the speed of light. There has been talk of "tachyons," particles "born" traveling faster than light and possessing imaginary mass, since the earliest days of SR. Since they would allow the creation of paradoxes and have other strange properties such as accelerating as they lose energy, most physicists assume they do not exist. They've even created a principle, the "Causality Principle," that forbids them. The Causality Principle simply says that all observers must observe two events that are causally connected (i.e. exchange any information between them) occurring in the same order. This property can only be true if information is transmitted at or below the speed of light. The Causality Principle is the weakest principle that prevents paradoxes within Special Relativity, but it turns out a minor tweak to SR enables a weaker principle to prevent paradoxes: the addition of a "privileged" refernce frame. In particular, the reference frame in which quantum entanglement is assumed to operate, which may also be the reference frame of the cosmic microwave background. The revised, weaker Causality Principle says that any two causally-connected events must be observed to occur in the same order *to an observer in the privileged reference frame.* That gets rid of the speed of light limit entirely, as long as you don't travel back in time in this one particular reference frame. It would probably also make the Copenhagen interpretation of QM preferable to the time-symmetric interpretation, but I haven't thought that one through yet (in fact, I don't understand how they measure the speed of the quantum connection yet either). That means quantum entanglement *could* actually carry useful information, and we could (in theory, anyway) construct an Ansible. Before you go off saying "but SR says there's no privileged reference frame!" it actually doesn't. It says you don't *need* one. Lorentz constructed the geometry Einstein borrowed for Special Relativity specifically to explain why the Earth's motion relative to the luminiferous ether could not be detected. Einstein's major contribution (for SR, aside from E=mc^2) was the realization that Lorentz's geometry obviated the need for a luminiferous ether entirely. But perhaps quantum entanglement can give the luminiferous ether a new life. -- Sean Richard Lynch http://www.literati.org/~seanl/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From seanl at literati.org Sat Dec 7 13:22:58 2013 From: seanl at literati.org (Sean Lynch) Date: Sat, 07 Dec 2013 13:22:58 -0800 Subject: infra-org (urls) In-Reply-To: (brian carroll's message of "Sat, 7 Dec 2013 02:13:13 -0600") References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> Message-ID: <877gbgs6dp.fsf@literati.org> On Sat, Dec 07 2013, brian carroll wrote: > Jim Bell wrote: >> "Spooky action" entanglement has been measured to operate at a velocity of >> at least 10,000 'c', where 'c' is the speed of light in a vacuum. (signals >> transmitted on optical fibers about 20 kilometers apart.) Unfortunately, >> there does not appear to be any way to employ this to transmit information. > it also makes me wonder, given the insane speed vs. infinitesimal distance > if *information* could operate as a kind of cognitive pressure on the mind, > (as with predictive Random Event Generator (REG) vs RNG where patterns > organize/emerge out of quantum-noisefield) thus corollary perhaps to the > analogy of water pressure for electrical circuits and flow based on pneuma- > tic dynamics in a potentially bounded or closed system). that may enter > into questions of 'where information actually exists', perhaps stored outside > the brain in noosphere as patterns or forms (invisible constellation/structure) > that is referenced or linked to rather than contained within a brain, and thus > boundary of brain vs. mind. same: digital computer vs.quantum processor, > perhaps. thus issue of channeling or tuning into versus as origin of truth. > what if a fundamentally different data model, thus security model, etc. > this conceptualization has the individual person modeled as an antenna, > tuning into various structures based on what resonates, aligns correctly, > what circuits or feedback loops or environments exist. versus machine > of clockwork, rote memorization, and processor speed of read/write. This is exactly the model of the mind that I believed in when I was in college. These days I believe that consciousness consists of information but that information, far from being static, is actually the connections among potential events. It's like a complex machine: pull lever A here and gear B over there moves. The complex set of (abstract, not concrete) connections that makes up the "model" of our reactions to various sets of stimuli *is* our consciousness, versus there being some component in there that produces the illusion of consciousness. I'm sure that sounds sort of crazy; condensing such a large set of varyingly intuitive leaps into a single paragraph is probably not such a great idea. Happy to provide more background on the list or privately for anyone who's interested. -- Sean Richard Lynch http://www.literati.org/~seanl/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From coderman at gmail.com Sat Dec 7 17:27:48 2013 From: coderman at gmail.com (coderman) Date: Sat, 7 Dec 2013 17:27:48 -0800 Subject: infra-org (urls) In-Reply-To: <877gbgs6dp.fsf@literati.org> References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> <877gbgs6dp.fsf@literati.org> Message-ID: On Sat, Dec 7, 2013 at 1:22 PM, Sean Lynch wrote: >> ... >> this conceptualization has the individual person modeled as an antenna, >> tuning into various structures based on what resonates, aligns correctly, >> what circuits or feedback loops or environments exist. versus machine >> of clockwork, rote memorization, and processor speed of read/write. > > This is exactly the model of the mind that I believed in when I was in > college. These days I believe that consciousness consists of information > but that information, far from being static, is actually the connections > among potential events. It's like a complex machine: pull lever A here > and gear B over there moves. The complex set of (abstract, not concrete) > connections that makes up the "model" of our reactions to various sets > of stimuli *is* our consciousness, versus there being some component in > there that produces the illusion of consciousness. > > I'm sure that sounds sort of crazy; actually, i have long held this view on an intuitive / elegance level of understanding. the continual expansion of our understanding of quantum phenomena has only reinforced and clarified this model of consciousness for me. rather than sounding crazy, i am pleasantly surprised that others grasp this concept of consciousness and are willing to embrace it! this would be a fun tangent to discourse about, however, i'll save the brain as quantum antenna linked to body via nerve cell transducers for another day... ;) best regards, From bill.stewart at pobox.com Sat Dec 7 20:40:30 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 07 Dec 2013 20:40:30 -0800 Subject: infra-org (urls) In-Reply-To: <877gbgs6dp.fsf@literati.org> References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> <877gbgs6dp.fsf@literati.org> Message-ID: <20131208044626.6327EFD64@a-pb-sasl-quonix.pobox.com> > Consciousness is something really complex we don't really understand. > Quantum physics is something really complex we don't really understand. > Therefore, Consciousness must be a Quantum Physics thing! QED. If that works for you, you could go see the What the Bleep Do We Know (whatthebleep.com), which has a bunch of new-agey people who don't understand consciousness or physics and a few physicists who do understand physics being taken out of context. It was in theaters a few years back, and seems to have a direct-to-DVD sequel or director's cut or something. If you do know physics, I'd recommend getting high before you see it... From coderman at gmail.com Sat Dec 7 21:06:40 2013 From: coderman at gmail.com (coderman) Date: Sat, 7 Dec 2013 21:06:40 -0800 Subject: infra-org (urls) In-Reply-To: <20131208044626.6327EFD64@a-pb-sasl-quonix.pobox.com> References: <1386401574.12541.YahooMailNeo@web141206.mail.bf1.yahoo.com> <877gbgs6dp.fsf@literati.org> <20131208044626.6327EFD64@a-pb-sasl-quonix.pobox.com> Message-ID: On Sat, Dec 7, 2013 at 8:40 PM, Bill Stewart wrote: >> Consciousness is something really complex we don't really understand. >> Quantum physics is something really complex we don't really understand. >> Therefore, Consciousness must be a Quantum Physics thing! QED. > > If that works for you, you could go see the What the Bleep Do We Know that movie discussed a few interesting concepts, but was overall too annoying/incorrect for me to enjoy :/ regarding the role of quantum effects on consciousness, i am mostly dismissing the purely deterministic models of consciousness arising out of chemical interactions or fields only. consider instead the role of quantum effects within the brain as influence on nerve behavior within a integrated information theory of consciousness... From coderman at gmail.com Sun Dec 8 00:22:48 2013 From: coderman at gmail.com (coderman) Date: Sun, 8 Dec 2013 00:22:48 -0800 Subject: NSA morale down Message-ID: the portrayals from the brass and insiders is, "the administration is not showing enough support!". i have to wonder: how many rank and file are feeling betrayed by the NSA administration instead? they're now getting a look into all the SCI bits they were compartmented from before; able to see a bigger picture full of invasive technical excesses and legal abuses... """ A second former official said NSA workers are polishing up their résumés and asking that they be cleared — removing any material linked to classified programs — so they can be sent out to potential employers. He noted that one employee who processes the résumés said, “I’ve never seen so many résumés that people want to have cleared in my life.” """ it remains to be seen if they simply jump to private sector who are just as bad, or pursue less offensive careers entirely. --- http://www.washingtonpost.com/world/national-security/nsa-morale-down-after-edward-snowden-revelations-former-us-officials-say/2013/12/07/24975c14-5c65-11e3-95c2-13623eb2b0e1_print.html NSA morale down after Edward Snowden revelations, former U.S. officials say By Ellen Nakashima, Published: December 7 Morale has taken a hit at the National Security Agency in the wake of controversy over the agency’s surveillance activities, according to former officials who say they are dismayed that President Obama has not visited the agency to show his support. A White House spokeswoman, Caitlin Hayden, noted that top White House officials have been to the agency to “express the president’s support and appreciation for all that NSA does to keep us safe.” It is not clear whether or when Obama might travel the 23 miles up the Baltimore-Washington Parkway to visit Fort Meade, the NSA’s headquarters in Maryland, but agency employees are privately voicing frustration at what they perceive as White House ambivalence amid the pounding the agency has taken from critics. An NSA spokeswoman had no comment. Obama in June defended the NSA’s surveillance as lawful and said he welcomed the public debate prompted by revelations from former contractor Edward Snowden beginning that month. Though Obama has asserted, for instance, that the NSA’s collection of virtually all Americans’ phone records is lawful and has saved lives, the administration has not endorsed legislation that would codify it. And his recent statements suggest he thinks some of the NSA’s activities should be constrained. A senior administration official who was not authorized to speak on the record said that the White House would normally not endorse legislation so early in the process but that “it’s been clear . . . that we prefer legislation” that preserves the phone records program “while making some changes . . . to potentially strengthen oversight and transparency.” Said Hayden: “The president has the highest respect for and pride in the men and women of the intelligence community who work tirelessly to protect our nation. He’s expressed that directly to NSA’s leadership and has praised their work in public. As he said: ‘The men and women of our intelligence community work every single day to keep us safe because they love this country and believe in our values. They’re patriots.’ ” She noted that in recent weeks, Lisa Monaco, assistant to the president for homeland security and counterterrorism, and Denis McDonough, the White House chief of staff, visited Fort Meade “to express the president’s support and appreciation for all that NSA does to keep us safe.”’ Supporters of the NSA say staffers are not feeling the love. “The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it’s been carrying out publicly approved intelligence missions,” said Joel Brenner, NSA inspector general from 2002 to 2006. “They feel they’ve been hung out to dry, and they’re right.” A former U.S. official — who like several other former officials interviewed for this story requested anonymity because he still has dealings with the agency — said: “The president has multiple constituencies — I get it. But he must agree that the signals intelligence NSA is providing is one of the most important sources of intelligence today. “So if that’s the case, why isn’t the president taking care of one of the most important elements of the national security apparatus?” The White House, observers say, is caught between competing desires to preserve what it has said are valuable national security programs and to shield the president from criticism from allies abroad and civil-liberties advocates at home. Some observers said it is not surprising that Obama would not travel to Fort Meade before internal and external reviews of surveillance activities have been completed. The reviews are expected to be done soon. The NSA’s director, Gen. Keith Alexander, who is retiring in the spring after 81 / 2 years, has been the most vocal defender of the agency’s 35,000 employees. In speeches he has noted that more than 6,000 of them went to Iraq and Afghanistan to support the military. He has spoken of how 22 cryptologists were killed. “They’re the heroes — not the media leaker,” he said in a September speech, in a reference to Snowden. NSA counterterrorism analysts have worked “every weekend for eight years since I’ve been here. . . . Twenty-four hours a day, seven days a week, they’re there to defend us,” he said then. On Thursday, Obama said on MSNBC that he would be proposing “some self-restraint on the NSA” and “some reforms that can give people more confidence.” In an interview with NBC last month, he said: “In some ways, the technology and the budgets and the capacity [at NSA] have outstripped the constraints. And we’ve got to rebuild those in the same way that we’re having to do on a whole series of capacities . . . [such as] drone operations.” Civil-liberties advocates generally agree with that sentiment, but they would go further and say that the NSA’s bulk collection of domestic phone records is unlawful and ought to be ended. Former officials note how President George W. Bush paid a visit to the NSA in January 2006, in the wake of revelations by the New York Times that the agency engaged in a counterterrorism program of warrantless surveillance on U.S. soil beginning after the Sept. 11, 2001, terrorist attacks. “Bush came out and spoke to the workforce, and the effect on morale was tremendous,” Brenner said. “There’s been nothing like that from this White House.” A second former official said NSA workers are polishing up their résumés and asking that they be cleared — removing any material linked to classified programs — so they can be sent out to potential employers. He noted that one employee who processes the résumés said, “I’ve never seen so many résumés that people want to have cleared in my life.” Morale is “bad overall,” a third former official said. “The news — the Snowden disclosures — it questions the integrity of the NSA workforce,” he said. “It’s become very public and very personal. Literally, neighbors are asking people, ‘Why are you spying on Grandma?’ And we aren’t. People are feeling bad, beaten down.” From coderman at gmail.com Sun Dec 8 00:44:02 2013 From: coderman at gmail.com (coderman) Date: Sun, 8 Dec 2013 00:44:02 -0800 Subject: NSA morale down In-Reply-To: References: Message-ID: On Sun, Dec 8, 2013 at 12:22 AM, coderman wrote: > ... > it remains to be seen if they simply jump to private sector who are > just as bad, or pursue less offensive careers entirely. by private sector i'm thinking of companies like Statfor more than Amazon... http://cryptome.org/2013/12/wl-stratfor-popovic-ows.htm """ ... Below are a series of articles this past week about internationally acclaimed activist, Srdja Popovic, and his involvement with the private intelligence firm Stratfor. ... If anyone has information about CANVAS or Srdja Popovic, please feel free to contact me at zoealif[at]gmail.com. I am currently writing a blog post on the story. """ From electromagnetize at gmail.com Sun Dec 8 08:58:02 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 8 Dec 2013 10:58:02 -0600 Subject: EM-nature (was: infra-org) Message-ID: JYA wrote: > The celebrated EM components of TEMPEST are commonly > used as subterfuges, ruses and ploys to divert attention from > the non-EM -- which an almost limitless number of animals and > other creatures use for SIGINT and COMINT... i need to make note of this observation because it has special relevance for the present situation of shared observation regarding 'information operations' (or other) that occur and-or are analyzed within a particular context, framework, conceptualization. because there is a split in worldview and modeling between the animal realm whereby the sonar of bats or directional navigation of birds become detached in their EM abilities from similar non-recognized natural abilities in humans, which are 'off the map' so to speak, in terms of a general awareness and recognition of similar EM physiology. in other words, 'the senses' of humans are detached from their electromagnetic context that would unify a model of humanity (to be discussed at some later time) with such EM nature and provide context for both a healthy relation and toxic conditions. though this remains unrecognized via a political agenda that prevents such data beyond its protected ideological boundary, thus effects of wi-fi or artificial radiation (radio, etc) on human beings is categorized into a realm of personal 'mental illness' and unrelated to issues of cancer, at the same time EM tools (nuclear resonance) are used to treat the ~mystery disease. it is a split between mind-body that is enforced institutionally, disallowing EM viewpoint while leveraging its onesidedness against dumbed-down populations, unable to reason within the warped frameworks about what is going on, because the cause and effect have been separated, plausibly denied. in a context of 'information operations' and 'electronic warfare' this involves a realm of ~supernatural-like events that thus cannot be accounted for in a non-electromagnetic context or view, such that it cannot be 'rationally' reasoned with beyond a realm of forced hysteria, as if dealing with ghosts/demons, versus technological infrastructure operating in other realms. thus security, defense, attacks are in a realm of "beliefs" that are detached from a shared understanding/knowledge of the environment these events are operating/occurring within, like magic or witchcraft or sorcery, exfiltrating data and then using a god-status to manipulate peoples lives - now this is the power of government that is beyond oversight, law itself. entire realms of ideological attackers then can be aligned in such a ~wildwest scenario as if a replay of cowboys/indians, the model for basic exchange moves towards highway robbery in this same approach, detached from the actual condition that exists, unable to speak about it or confirm it, as with physics that supposedly "define" reality at the material level yet which are byzantine and disconnected views that disallow reasoning and observation while seeking to represent, have control over it as ideology - this massive obfuscation the success of relativism. so that nothing and only nothing can be discussed and the left is rest for experts. in this way, silence is enforced via ideology that is actually _detached from nature yet claims to represent it and so to the mind and imagination and body of humans, these as they are detached from the environment they exist within as this becomes the basis for exploitation, predator/prey relations at the level of politics of the rogue state, homicidal government. in this way little can be said or done without being discredited for going 'beyond the lines' that are dutifully enforced by the protectors and defenders of the corrupt ideology, this boundary is what needs to stand, the misrepresentation and malmodeling of existence so that _reason cannot occur in accurate terms, mathematics (of zero) and michelson-morley experiment (as if simple debunk of aether) and removal of the absolute from all equations, then acting and believing as if this is NORMAL when it is fundamentally unreal as to shared experience and observation of known and knowable facts and observations. instead it becomes about what is allowed via a viewpoint that can remain secure while allowing other views to exist, within certain parameters yet truth is lost in this confinement to a finite, overcontrolled, self-interested, skewed interaction, whereby "nothingness" continually replaces "being" as the shared condition, while those administering technology can further apply and ply their craft and trade against and upon humans, while humans have no effect on this relationship, it is a bias that is enforced by dark ages restrictions upon thought, held within an outdated view, stagnation of beliefs for hundreds if not thousands of years of knowledge (basic amber and lodestone fundamentals continually extended, technologized) whereby even the fact that the atmosphere itself is full of charge is irrelevant to those whose interest is in technology, as if the 'data model' for information only exists in artificial media and not within EM nature itself, that beings could be interacting and formatted the shared environment like the r/w head of a harddrive via mind, yet the considerations never go outside the skull or beyond the 'expert models' that bound this to the brain instead. as if people cannot be allowed to think for themselves or perhaps know far more than "beliefs" of scientists allow via its enforcement of a corrupt political ideology, where this bias against accurate human representation that gives rise and momentum to an antihuman agenda, a religious belief system that is biased against humans as this is turned into infrastructure, tools, government. and at its core is nothingness. falsity, lies. not truth. it is language games. it is disregard for, exploitation of logic whereby proofs are unneeded, never checked- beyond language in its ungrounded condition and this very comprehensiveness is itself based on absolutism, where 'it cannot be known' becomes this absolute truth simultaneously denied by the same political priesthood whose goal is to mislead, misdirect, to keep us enslaved in a false worldview, model, "physics" detached from reality the disconnection of accurate understanding of the mind, as if we cannot be allow to think or know consciousness even, outside the scientific technological evaluation within a biased modeling, then forbids accurate connection and evaluation with the electromagnetic body, nervous system, senses, in terms of awareness, reasoning, truth itself as it relates to information (and security) beyond 'the brain', and all the senses in their variability as they are unified and not kept separate within human and other entities. yet this wholeness is illegal as an identity, observation is forcibly denied, the perspective directly challenges the technical and ideological and political advantage of those using these warped harmful tools and exploits against the population, to continue their illegal control over events to the deterioration of earth, its inhabitants when truth is outlawed there is no way to 'reason' about such conditions. they are penalized as viewpoints and this defines a boundary condition or protected threshold of different values, economic/political/social interests that separate, some mind and bodies benefit for this while others must suffer as a result of ongoing deception. for some it is their security model, this obfuscated realm. for others, humans, it is the basis for insecurity, torment, disconnection for action and ability, realism, truth itself thus reality is legislated away by others who stand in for the law, on their own terms, for their own benefit while others must suffer for this to be sustained, yet if some take on more suffering via self-sacrifice, this condition could be fundamentally transformed, given rules of operation changed, hacked, short-circuited and switched into other circuits, functionality, and then the situation becomes increasing interesting worldwide, as unified understanding takes control, governed by shared service to truth, firstly, finally ▲ ◁ ▼ From jya at pipeline.com Sun Dec 8 09:49:19 2013 From: jya at pipeline.com (John Young) Date: Sun, 08 Dec 2013 12:49:19 -0500 Subject: NSA morale down In-Reply-To: References:

Message-ID: Most NSA employees, like all spy agencies, do not participate directly in special ops, any more than most military members do not engage in combat. So they are terribly displeased when the exposed war carnage breaks the bubble of prestige and admiration bestowed on the whole clan for recruitment, pensions, awards and ceremonial burial. NSA had a relatively clean record, compared to other spies, until the fan was hit with Snowden. Snowden learned that working for a spy or military contractor under guise of ennobling public service is a shock at how badly hires and ex-officials are treated: produce and fulfill new contracts damn quickly or get the fuck out. So he got out. All the perks of official service are no where to be seen, and being shit on by bosses is much worse than that of the non-secretkeepers who can abuse with impunity on behalf natsec. To earn the dirty-work salaries means to eat their shit, no valor, no medals, no pride, just shameless profits. Which is why quite a few go back into official service after a taste of raw capitalism always rotting. And, not least, why even more adjust their ethics and morals to fit what the corporations expect for predator-grade dollars a year. Thus, millionaire Michael Hayden, who led the privatizing initiative with a gang of venal directors and is reaping payola for demonizing Snowden. And so is Alexander preparing a place in that select TS/SCI Codeword crowd. Infosec-comsec firms and experts play this duplicity game exceedingly well, feet in both camps, hands in both pockets, via dual-use tech and contracts, and it is to be expected that evidence of that classified duplicity is being withheld by the Snowden information managers, aided and abetted by those very experts in lawful business corruption and deception, protected by secrecy. Clues repeatedly proclaimed by the press outlets: officials ask, demand, threaten, don't publish names, addresses, emails, contractors' names. Kiriakou and Hammond await you. The sweet smell of success: joining the secretkeeping crowd for future rewards by way of irresistable offers. Guess how much will be offered to deliver Snowden and his unpublished cache (if not Greenwald and Poitras too) by one or more of his information fences by bribe and threat? Sabu is ROTFLHAO, wearing a medal for taking the piss. Probably the biggest downer for the nobody NSA grunts is observing the golden rewards of lying to the public. If that disenchantment goes the right way, there well be a steady stream of Snowdens delivering their bundles to publishes, or best, self-publishing and bypassing the venal MTMs enjoying fucking over sources. At 03:44 AM 12/8/2013, you wrote: >On Sun, Dec 8, 2013 at 12:22 AM, coderman wrote: > > ... > > it remains to be seen if they simply jump to private sector who are > > just as bad, or pursue less offensive careers entirely. > >by private sector i'm thinking of companies like Statfor more than Amazon... > > >http://cryptome.org/2013/12/wl-stratfor-popovic-ows.htm >""" >... Below are a series of articles this past week about >internationally acclaimed activist, Srdja Popovic, and his involvement >with the private intelligence firm Stratfor. > >... If anyone has information about CANVAS or Srdja Popovic, please >feel free to contact me at zoealif[at]gmail.com. I am currently >writing a blog post on the story. >""" From jya at pipeline.com Sun Dec 8 10:12:53 2013 From: jya at pipeline.com (John Young) Date: Sun, 08 Dec 2013 13:12:53 -0500 Subject: EM-nature (was: infra-org) In-Reply-To: References: Message-ID: The earliest and most enduring form of infosec -- crypt-crypto -- is non-EM, non-language, non-homo-erectus. Current versions contain vestigals of those primitives in what is disingenuously termed implementation. And it is in implementation where most comsec failures occur and where most successes succeed. Code is closer to whistling in the dark, baying at the moon, offering newborns to hungry wolves. Implementation is 99.99+% of infosec-comsec, perhaps 100%. Code hardly scratches the surface and might be constructively seen as a ruse, a strategem, concocted and promoted to delude. Delusion is the prime purpose of implementation. Code inebriation creates phantasms of security by ignoring signs of predators aprowl where coders live, work, sleep, chat OTR and post. David Kahn, among others, amply desribes the range of implementation, its short-term successes and long-term delusions. Nothing finer in Carolina than belief in an invulnerable cryptosystem. Less noticed is the effectiveness of promulgating an invulnerable comsec or cryptosystem to encourage widespread use. As seen today, not only in the fantastic rise of the comsec industry but also in the frantic efforts to keep the ball rolling to counter Snowden's disclosures of delusion. At 11:58 AM 12/8/2013, Brian Carroll wrote: i need to make note of this observation because it has special >relevance for the present situation of shared observation regarding >'information operations' (or other) that occur and-or are analyzed >within a particular context, framework, conceptualization. because >there is a split in worldview and modeling between the animal realm >whereby the sonar of bats or directional navigation of birds become >detached in their EM abilities from similar non-recognized natural >abilities in humans, which are 'off the map' so to speak, in terms >of a general awareness and recognition of similar EM physiology. Rest good stuff elided. From electromagnetize at gmail.com Sun Dec 8 12:16:14 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 8 Dec 2013 14:16:14 -0600 Subject: EM-nature Message-ID: // apologies for the quixotic ranting this involves. it is // directed at a prevailing ideological condition readily // encountered most everywhere and institutionalized, // though also pervades communications frameworks // in which ideas take place, outside logical accounting // beyond language itself, thus bias/distortion built-into // structure for conveying observations, not removed. // science and technology is heavily invested in this // viewpoint, reliant upon it, to the point it is religion- // yet detached from, nonobservant of greater truth. in // this way, a privileged hierarchical perspective where // technological tools themselves operate in bounded // and biased condition as if neutral, due to ideology // when instead warped, twisted, turned against self. // in this way, to interrogate the crooked windmillery (regarding default scenario: waffling into oblivion...) for instance, if the mathematics of zero is off, then use of such equations reliant on this modeling are going to bound observations into a realm of perpetual inaccuracy as a basis for worldview and 'physics' itself likewise, if politically expedient, within this boundary, a model of relativism can continually be reinforced via these mathematics, it further provides a framework that declares a particular reality to be the shared situation, even if this goes against common sense, experience, truth, and knowledge. physics then determining it as if judge, jury, ultimately executioner of 'bad thinking' because it does not conform to the inaccurate model such as astronomers believing goats ruled earth from the moon or whatever other such beliefs, if enforced and stopping other direct observations because they do not conform to the belief system much more accurate in a charged atmosphere that we are beings are _submerged in an information environment, a realm of invisible circuitry that has fundamental relation to pattern and constellations of data, models that repeat as concepts and ideas, and where do these reside, only inside of brains? this is why the jellyfish seemed a useful analogy, a floating sentience suspended in an information rich environment that then is mediated, tuned into, related to and through within certain dimensionality that may change from one being, species to the next and yet some fundamental condition is also shared, held in common, this is the electromagnetic context that is _undocumented in both nature and humans as a continuous circuit throughout the cosmos from the beginning of its existence to peak development of life and sentience unfolding at its very edge, that is where consciousness is operating, alive, interface to reality and able to reflect upon this condition yet without a unified model, EM cosmography necessary before EM cosmology, seemingly, to consider EM nature in relation to EM lifeforms, and then EM humans and EM technology within this realm, as 'consciousness' and concepts like code, programming, 'artificial intelligence' are inherently related to this condition in its truth, yet completely separated from it due to a non- electromagnetic worldview, understanding, as if computers invented and 'contain' charge vs. everything containing charge in a given realm, plants, animals, the air, tools, bodies, minds. the circuit itself not even a concept beyond the manufactured circuitboard in terms of a diagrammatic approach to reasoning, that is processing of reality and decision-making, such that perhaps this too is about circuits, and we cannot reason or communciate in the way we actually think, via patterns as our worldview is disconnected from them, from our own observation, and made into signs instead, held apart from geometry, other structural relations and evaluations that may predate or provide foundation for more ornate descriptions thereafter yet these fundamentals are not secured and instead lost in a non-EM evaluation, as if 'writing to write' or 'coding to code' is a higher connectivity or awareness when instead it is a further detachment from the fundamentals, truth in its logical evaluation needed to secure the modeling, test and correct for errors, the obligation ignored, denied for a simple, quicker lost cause, moving in the wrong direction, forgetting to listen to the compass built-into the self, of the electromagnetic directionality, its connection with this cosmic condition and the naturalness and unity, harmony that could exist with people, environment, tools, instead ignored, disease, disharmony and falsity taking the place of enlightenment then to speak of anything detached from this condition as if encompassing it in a too small, finite worldview, believing infinity can be pre- packaged into a confined condition and then held there as mode of control over it, versus freeing the infinity truth and human reasoning, challenging the concepts and regulations of 'discourse' and 'institutionalization of views', to achieve this greater accuracy, _security instead becomes the very problem that must be combated to defend, uphold the criminal falsity and deception of a false worldview, false reality, false perspective, false beliefs that are normalized, enforced, dictated in this way what is anything in its truth without this electromagnetic context as the foundation for its evaluation, and this in all its dimensionality, not compartmented into narrowed controlled categories that are the basis for its denial via social protocols that seek to uphold a given social order that does not serve or seek this greater truth and instead desires to substitute it, stand-in for it, as guardians though of the false, nothingness code, crypto in this context, tools, computers, programming, reasoning, processing, thought, security, insecurity, tyranny, freedom, laws how do you move from infinite parallel worlds in relativistic conditions into a single shared empirical framework in varying dimensionality via quantum conditions without EM-nature? how do you do this if the mathematics do not allow it. or an absolute framework is not allowed within reasoning via the ideology of relativism as it has been detached from logical accounting beyond the binary onesided belief of ideology. what if the model of information survives death, that like energy, if information is attached to it as pattern in some way, whether morphic fields or other conceptual forms or formatting, patterns that even these computer conversations could already be occurring interdimensionally, beyond given thresholds yet not perceived locally this way. none of it can be rationalized if the foundation for the worldview is off, wrong, fundamentally incorrect and there is every indication that this is the case, yet further, that it purposeful, to maintain control over events by denying the true nature of reality and seeking to control and exploit this against human populations, for their political subjugation that is driven by evil intent, exampled everywhere then to communicate or talk in this realm as if it is not happening, beyond the pale to mention as if craziness. that is threshold of the different groundings, the ruling ideology based on falsity all its circuitry open to hacking and cracking, awaiting horn to announce the games begin... ❉ ✴ ❇ example of diagrams shared on defunct electronetwork-list https://www.dropbox.com/sh/hdp28xagjr4d0us/RX2WLmrK3z -------------- next part -------------- A non-text attachment was scrubbed... Name: relations.gif Type: image/gif Size: 8685 bytes Desc: not available URL: From electromagnetize at gmail.com Sun Dec 8 12:32:47 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 8 Dec 2013 14:32:47 -0600 Subject: EM-nature (was: infra-org) In-Reply-To: References:

Message-ID: John Young wrote: > The earliest and most enduring form of infosec -- crypt-crypto -- > is non-EM, non-language, non-homo-erectus. Current versions contain > vestigals of those primitives in what is disingenuously termed > implementation. And it is in implementation where most comsec > failures occur and where most successes succeed. Code is > closer to whistling in the dark, baying at the moon, offering newborns > to hungry wolves. i am completely intrigued and at once baffled by this, wondering of Code here is referencing code in a wider generic sense or is restricted to computer coding as the parameters. the examples given {whistling, baying} seem both in a realm of music/voicing and movement {gesture} and these all could be contained within a context of language, seemingly. or perhaps not, as envisaged. what has me further curious is if this somehow has linguistics (as crypt.crypto) advantaged to mathematics, as communication framework in some wider more open or elusive sense, or as the conception/conceptualization of what code is or may be if crypto > Implementation is 99.99+% of infosec-comsec, perhaps 100%. > Code hardly scratches the surface and might be constructively > seen as a ruse, a strategem, concocted and promoted to delude. i am still trying to ground with electromagnetic framework thus imagining beyond this, as if already grounded, more unknowing of how to even consider such thoughts or considerations as it difficult or impossible to separate from the medium involved in my naive and limited awareness and even less understanding closest to this perhaps in this not-knowing what might be is that the cosmos itself is encrypted, as a starting point to questioning, context for developing technical crypt.boxes then perhaps DNA as encrypted code of life in this framework, taxonomy of species and disciplines decrypting the patterning, securing truth key to unlocking the works seemingly, OZ writer L. Frank Baum naming electromagnetism as the master key, wondering if it is actually a blank, then what that implies, or if parameters exist by which it can be made to unlock access to new dimensions in which this otherness is more tangible, maybe a realm exists outside of charge, here not the case at least in the level experienced or encountered, precorpse in the necropolis, is everything then only "information", etc. [whitespace] From electromagnetize at gmail.com Sun Dec 8 13:29:01 2013 From: electromagnetize at gmail.com (brian carroll) Date: Sun, 8 Dec 2013 15:29:01 -0600 Subject: EM-nature (was: infra-org) In-Reply-To: References:

Message-ID: (now i realize i likely misread, strange-read/reply-functioned your post, not quite or completely grokking the distinction between crypt.crypto and implementation, separation or distancing of these though still the relation to nature itself as example appears retained, as if providing proof-of-concept and demonstration models for how to go about it,w watching various creatures, ecosystems, crystals, particle dynamics) John Young wrote: > The earliest and most enduring form of infosec -- crypt-crypto -- > is non-EM, non-language, non-homo-erectus. Current versions contain > vestigals of those primitives in what is disingenuously termed > implementation. And it is in implementation where most comsec > failures occur and where most successes succeed. Code is > closer to whistling in the dark, baying at the moon, offering newborns > to hungry wolves. > > Implementation is 99.99+% of infosec-comsec, perhaps 100%. > Code hardly scratches the surface and might be constructively > seen as a ruse, a strategem, concocted and promoted to delude. > > Delusion is the prime purpose of implementation. Code inebriation > creates phantasms of security by ignoring signs of predators > aprowl where coders live, work, sleep, chat OTR and post. > > David Kahn, among others, amply desribes the range of > implementation, its short-term successes and long-term > delusions. Nothing finer in Carolina than belief in an > invulnerable cryptosystem. Less noticed is the effectiveness > of promulgating an invulnerable comsec or cryptosystem to > encourage widespread use. As seen today, not only in the > fantastic rise of the comsec industry but also in the frantic > efforts to keep the ball rolling to counter Snowden's > disclosures of delusion. From bill.stewart at pobox.com Sun Dec 8 21:01:32 2013 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 08 Dec 2013 21:01:32 -0800 Subject: EM-nature (was: infra-org) In-Reply-To: References: Message-ID: <20131209050153.F147CF1DE@a-pb-sasl-quonix.pobox.com> >JYA wrote: > > The celebrated EM components of TEMPEST are commonly > > used as subterfuges, ruses and ploys to divert attention from > > the non-EM -- which an almost limitless number of animals and > > other creatures use for SIGINT and COMINT... Back in the 80s I ran a TEMPEST-shielded computer room, with a VAX 11/780 and later some Sun-2 workstations, doing studies for the government that they didn't want Commie Spies listening to. The shielding was basically plywood with sheet metal on both sides, with special metal joints in between them and on the corners, packed with wire mesh in the joints to plug any extra leaks, making a nice big Faraday cage. The air vents were metal grates an inch or two deep with zig-zaggy airflow paths, and our data connections used fiber optics going through waveguide holes that were about 3" long and 1/8" diameter. Power feeds used big inductive low-pass filters. We measured the RF-tightness using meters that ran at 450 MHz, trying to keep things 120dB tight. You had one person carry a transmitter on one side of the wall, another person a reader on the other side. One experiment we'd occasionally do was to stick a wire through the fiber waveguides, and if you got more than halfway through, that was enough for 450MHz to leak out. I'm not sure what frequencies we *really* needed to protect against, but the Vax ran at something like 10 MHz, so 450MHz was way overkill for any harmonics that might happen. What occurred to me recently was that 10 MHz computers may have been state of the art for the mid-80s, but that was a lot of iterations of Moore's Law ago, and I doubt the technology of the time is much use for current 2-3 GHz laptops. The main Faraday cage should be fine, plus or minus a bit of extra copper tape to plug minor leaks, but all the air vents are going to be awfully leaky at those frequencies. Any idea what people use today? From coderman at gmail.com Mon Dec 9 07:53:07 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 07:53:07 -0800 Subject: Android IMSI Catcher detection In-Reply-To: <52A5CA60.2050403@owca.info> References: <52A5CA60.2050403@owca.info> Message-ID: On Mon, Dec 9, 2013 at 5:49 AM, Matej Kovacic wrote: > http://secupwn.github.io/Android-IMSI-Catcher-Detector/ fun :) i always liked osmocomBB, since openmoko days... these days i prefer SDR and wider band, wider freq. transceivers, but TI Calypso and MTK definitely more accessible! will you provide a developer mailing list in addition to github? best regards, From coderman at gmail.com Mon Dec 9 08:07:18 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 08:07:18 -0800 Subject: EM-nature (was: infra-org) In-Reply-To: <20131209050153.F147CF1DE@a-pb-sasl-quonix.pobox.com> References: <20131209050153.F147CF1DE@a-pb-sasl-quonix.pobox.com> Message-ID: On Sun, Dec 8, 2013 at 9:01 PM, Bill Stewart wrote: > ... > The shielding was basically plywood with sheet metal on both sides, > with special metal joints in between them and on the corners, > packed with wire mesh in the joints to plug any extra leaks, > making a nice big Faraday cage. The air vents were metal grates > an inch or two deep with zig-zaggy airflow paths, > and our data connections used fiber optics going through > waveguide holes that were about 3" long and 1/8" diameter. > Power feeds used big inductive low-pass filters. effective attenuation of emanations above 10Ghz would be interesting. even at >5Ghz you run into trouble with the AC filer route as you mention; best practice seems to be DC batteries inside the cage :/ attenuation at high frequencies for air flow mesh less problematic; optical communication links will always be useful of course... i would be curious to see high dBm with high dBi gain emitters(antennas) worst-case testing against actual build outs at >5Ghz, as many designs aim for ~50dB attenuation with 120 (!!!) being beyond exceptional.. Teletronics makes some nice 1W 5.8Ghz amps for 802.11a which could be so purposed inexpensively. best regards, From coderman at gmail.com Mon Dec 9 09:49:49 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 09:49:49 -0800 Subject: Android IMSI Catcher detection In-Reply-To: References: <52A5CA60.2050403@owca.info> Message-ID: On Mon, Dec 9, 2013 at 8:51 AM, Travis Biehn wrote: > It looks like it doesn't function as a 'detector' yet? it doesn't "function" yet, period. *grin* i leave it as an exercise for the reader to implement A0 detection on Android... From tbiehn at gmail.com Mon Dec 9 08:51:10 2013 From: tbiehn at gmail.com (Travis Biehn) Date: Mon, 9 Dec 2013 11:51:10 -0500 Subject: Android IMSI Catcher detection In-Reply-To: References: <52A5CA60.2050403@owca.info> Message-ID: It looks like it doesn't function as a 'detector' yet? On Mon, Dec 9, 2013 at 10:53 AM, coderman wrote: > On Mon, Dec 9, 2013 at 5:49 AM, Matej Kovacic > wrote: > > http://secupwn.github.io/Android-IMSI-Catcher-Detector/ > > > fun :) i always liked osmocomBB, since openmoko days... > > these days i prefer SDR and wider band, wider freq. transceivers, but > TI Calypso and MTK definitely more accessible! will you provide a > developer mailing list in addition to github? > > > best regards, > -- Twitter | LinkedIn| GitHub | TravisBiehn.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1352 bytes Desc: not available URL: From matej.kovacic at owca.info Mon Dec 9 05:49:20 2013 From: matej.kovacic at owca.info (Matej Kovacic) Date: Mon, 09 Dec 2013 14:49:20 +0100 Subject: Android IMSI Catcher detection Message-ID: <52A5CA60.2050403@owca.info> More info here: http://secupwn.github.io/Android-IMSI-Catcher-Detector/ P. S. Developers needed. :-) Regards, M. From coderman at gmail.com Mon Dec 9 15:03:57 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 15:03:57 -0800 Subject: good clocks (not using GPS) and multi-channel hw [was: sidebands of great justice] In-Reply-To: References: <20131108195040.GL18544@hexapodia.org> Message-ID: On Fri, Nov 8, 2013 at 12:04 PM, coderman wrote: > ... > correct. a common answer to inexpensive high quality clock is to pass > the buck to GPS; this is explicitly not suitable, hence the > qualifier. GPS disciplining to keep a OCXO in check periodically (GPSDO) would be useful! GPS just can't be the primary source. has anyone used an OctoClock-G? https://www.ettus.com/product/details/OctoClock-G best regards, From coderman at gmail.com Mon Dec 9 15:17:04 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 15:17:04 -0800 Subject: Android IMSI Catcher detection In-Reply-To: <52A62F25.3030205@owca.info> References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> Message-ID: On Mon, Dec 9, 2013 at 12:59 PM, Matej Kovacic wrote: > ... > Unfortunaltely I have no idea how to implement detection of A5/x > ciphering used or detection of silent SMS'es on Android. However, it is > very simple on Osmocom platform. carrierIQ is good for something ;) you're going to have to go ARM native (or ?) to observe use of A0 over GSM, since android.telephony.gsm screwed us. > I have also found out how to completely fake traffic data (data > retention anyone :-)) ) and even how to insert arbitrary voice recording > into eavesdropping database (in case police is eavesdropping to some > mobile phone). Nice to know how "strong" could be computer generated > evidence... this came up on the cryptome list last week: camouflage, jamming, obfuscation are all useful techniques to apply against unwelcome observers. c.f. high power infra red LED camera dazzlers and LADAR jammers, etc. while equally effective on the cell bands, you'll want to be sure to check your 20 before emitting with gusto! ;P best regards, From coderman at gmail.com Mon Dec 9 15:30:31 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 15:30:31 -0800 Subject: Android IMSI Catcher detection In-Reply-To: <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> Message-ID: On Mon, Dec 9, 2013 at 2:31 PM, Cathal Garvey (Phone) wrote: > IDD, I've searched for an Android API for detecting crypto algo for ages and > turned up empty. i feel your pain... (~_~;) > However, you can get the tower ID, so a distributed, > communally (cantenna?) verified whitelist of 'good' towers is doable, with > automatic disconnection if an unwhitelisted tower connects..? sort of; there are some interesting attacks using a force-pushed silent PRL update (see DC19/DC20 cell attacks threads) which would be observable by tower ID oddities, not to mention decremented or zero PRL version. however, you'd have to be paying attention (who checks their PRL regularly? :). if you simply check if a tower is in http://www.opencellid.org/cell/list for example, you're open to attacks spoofing a legitimate but remote (out of range) tower. using direction finding techniques to cross reference the transmitter location against the expected GPS coordinates in a tower database relative to your position would also detect these tower impersonators, but requires more hardware than a mobile baseband... > Can/do IMSI systems spoof tower id: is there anything in GSM to make towers > self-verifying? I'm guessing no, in which the above would be very poor. the expensive, limited distribution kit will be hard to distinguish without a high performance software defined radio. if you're able to detect an identically spoofed tower using OsmocomBB with high confidence i'd love to know how you did it! > Also of note is API for signal strength, so a mapping of known towers to > expected strength at location XYZ could be used to detect systems used to > home in on phones, which usually max out on signal and tell your phone to do > likewise. Indeed, a strong signal tower which still asks your phone to dial > up the juice should be regarded as an attack. truth. also, an inversion of observed data link capacity (suddenly seeing receive bandwidth drop in half or more while transmit rate doubles) is no bueno. best regards, From coderman at gmail.com Mon Dec 9 16:22:38 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 16:22:38 -0800 Subject: Open phones for privacy/anonymity applications, Guardian In-Reply-To: <20131209233218.816EE2280C6@palinka.tinho.net> References: <78A88087-DAFD-4FE9-84C7-E17B2E1D82FF@gmail.com> <20131209233218.816EE2280C6@palinka.tinho.net> Message-ID: On Mon, Dec 9, 2013 at 3:32 PM, wrote: > ... > I lightly consulted with an operator and all he/she could > offer was "Does Alexey mean the source to A5?" so I'll have > to ask what it is that cannot be legally used in the U.S.? > Anybody can implement and then open source any of the GSM > standards (other than the crypto) so far as I know. the FCC/NTIA don't like people using spectrum with unapproved devices. sure, you can code it up. and sure, you can run an SDR in that range. ... but put them together in the wild at useful dBi and you're stepping on toes. try to sell/distribute such a setup? better have it certified! good analysis of the details: http://www.softwarefreedom.org/resources/2007/fcc-sdr-whitepaper.html """ ...the FCC’s ancillary jurisdiction cannot reasonably extend to the development of software by parties uninvolved in the marketing or sale of radio devices... FCC Rules for SDR Device Certification Only Affect Radio Equipment Manufacturers... """ From coderman at gmail.com Mon Dec 9 16:26:45 2013 From: coderman at gmail.com (coderman) Date: Mon, 9 Dec 2013 16:26:45 -0800 Subject: Open phones for privacy/anonymity applications, Guardian In-Reply-To: References: <78A88087-DAFD-4FE9-84C7-E17B2E1D82FF@gmail.com> <20131209233218.816EE2280C6@palinka.tinho.net> Message-ID: On Mon, Dec 9, 2013 at 4:22 PM, coderman wrote: > ... better have it certified! to be specific: it is this certification step that fully open source SDR/baseband equipment manufacturers have difficultly with. E.g. the FCC plainly states systems "wholly dependent on open source elements” would have a “high burden” to demonstrate their security during the certification process. where many have taken "high burden" to mean "nearly impossible"... best regards, From dan at geer.org Mon Dec 9 15:32:18 2013 From: dan at geer.org (dan at geer.org) Date: Mon, 09 Dec 2013 18:32:18 -0500 Subject: Open phones for privacy/anonymity applications, Guardian In-Reply-To: Your message of "Tue, 05 Nov 2013 12:50:11 +0400." <78A88087-DAFD-4FE9-84C7-E17B2E1D82FF@gmail.com> Message-ID: <20131209233218.816EE2280C6@palinka.tinho.net> > GSM firmware is still not open-source though (as that would make phone > not suitable for legal usage in USA) I lightly consulted with an operator and all he/she could offer was "Does Alexey mean the source to A5?" so I'll have to ask what it is that cannot be legally used in the U.S.? Anybody can implement and then open source any of the GSM standards (other than the crypto) so far as I know. --dan From adi at hexapodia.org Mon Dec 9 18:55:21 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Mon, 9 Dec 2013 18:55:21 -0800 Subject: Open phones for privacy/anonymity applications, Guardian In-Reply-To: <20131209233218.816EE2280C6@palinka.tinho.net> References: <78A88087-DAFD-4FE9-84C7-E17B2E1D82FF@gmail.com> <20131209233218.816EE2280C6@palinka.tinho.net> Message-ID: <20131210025520.GE3524@hexapodia.org> On Mon, Dec 09, 2013 at 06:32:18PM -0500, dan at geer.org wrote: > > GSM firmware is still not open-source though (as that would make phone > > not suitable for legal usage in USA) > > I lightly consulted with an operator and all he/she could > offer was "Does Alexey mean the source to A5?" so I'll have > to ask what it is that cannot be legally used in the U.S.? > Anybody can implement and then open source any of the GSM > standards (other than the crypto) so far as I know. I believe that there's no law or regulation preventing anyone from writing open source implementations of GSM in the US. However there definitely are regulations preventing the sale or operation of unlicensed intentional emitters, and the FCC definitely cares about the GSM bands. Getting a license for an open source implementation of GSM would likely be a large expense, which AFAIK no open source implementor has even started to try to undertake. There is also federal law prohibiting the sale of equipment which can intercept wireless telephony communications. Many scanners have filters or programming/configuration jumpers which prevent reception of the specific frequencies covered by the law. Depending on the reading and the zealousness of the prosecutor, such a law might be seen to be relevant to an open source GSM platform. -andy From matej.kovacic at owca.info Mon Dec 9 12:59:17 2013 From: matej.kovacic at owca.info (Matej Kovacic) Date: Mon, 09 Dec 2013 21:59:17 +0100 Subject: Android IMSI Catcher detection In-Reply-To: References: <52A5CA60.2050403@owca.info>

Message-ID: <52A62F25.3030205@owca.info> Hi, > it doesn't "function" yet, period. *grin* > > i leave it as an exercise for the reader to implement A0 detection on Android... Unfortunaltely I have no idea how to implement detection of A5/x ciphering used or detection of silent SMS'es on Android. However, it is very simple on Osmocom platform. Anyway, IMSI Catcher detection project needs developers. P. S. A little more info about GSM hacking is here: http://matej.owca.info/predavanja/GSM_security_2012.pdf We also have some nice videos showing identity theft in GSM network... :-)) I have also found out how to completely fake traffic data (data retention anyone :-)) ) and even how to insert arbitrary voice recording into eavesdropping database (in case police is eavesdropping to some mobile phone). Nice to know how "strong" could be computer generated evidence... Regards, M. From cathalgarvey at cathalgarvey.me Mon Dec 9 14:31:11 2013 From: cathalgarvey at cathalgarvey.me (Cathal Garvey (Phone)) Date: Mon, 09 Dec 2013 22:31:11 +0000 Subject: Android IMSI Catcher detection In-Reply-To: <52A62F25.3030205@owca.info> References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> Message-ID: <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> IDD, I've searched for an Android API for detecting crypto algo for ages and turned up empty. However, you can get the tower ID, so a distributed, communally (cantenna?) verified whitelist of 'good' towers is doable, with automatic disconnection if an unwhitelisted tower connects..? Can/do IMSI systems spoof tower id: is there anything in GSM to make towers self-verifying? I'm guessing no, in which the above would be very poor. Also of note is API for signal strength, so a mapping of known towers to expected strength at location XYZ could be used to detect systems used to home in on phones, which usually max out on signal and tell your phone to do likewise. Indeed, a strong signal tower which still asks your phone to dial up the juice should be regarded as an attack. Matej Kovacic wrote: >Hi, > >> it doesn't "function" yet, period. *grin* >> >> i leave it as an exercise for the reader to implement A0 detection on >Android... >Unfortunaltely I have no idea how to implement detection of A5/x >ciphering used or detection of silent SMS'es on Android. However, it is >very simple on Osmocom platform. > >Anyway, IMSI Catcher detection project needs developers. > >P. S. A little more info about GSM hacking is here: >http://matej.owca.info/predavanja/GSM_security_2012.pdf >We also have some nice videos showing identity theft in GSM network... >:-)) > >I have also found out how to completely fake traffic data (data >retention anyone :-)) ) and even how to insert arbitrary voice >recording >into eavesdropping database (in case police is eavesdropping to some >mobile phone). Nice to know how "strong" could be computer generated >evidence... > >Regards, > >M. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2357 bytes Desc: not available URL: From matej.kovacic at owca.info Tue Dec 10 02:56:39 2013 From: matej.kovacic at owca.info (Matej Kovacic) Date: Tue, 10 Dec 2013 11:56:39 +0100 Subject: Android IMSI Catcher detection In-Reply-To: <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> Message-ID: <52A6F367.3000909@owca.info> Hi, > Can/do IMSI systems spoof tower id: is there anything in GSM to make > towers self-verifying? I'm guessing no, in which the above would be very > poor. No, the problem is, that mobile phone authenticates to mobile network, but the opposite is not true. Since mobile network does not authenticate itself to mobile phone, IMSI Catcher attacks are possible. There has been also demonstration of "home-made" IMSI Catcher based on Osmocom platform last year at the CCC conference. The video of the presentation "Further hacks on the Calypso platform" by Sylvain Munaut is here: http://media.ccc.de/browse/congress/2012/29c3-5226-en-further_hacks_calypso_h264.html So, it is very easy to set up fake cell with any cell ID. > Also of note is API for signal strength, so a mapping of known towers to > expected strength at location XYZ could be used to detect systems used > to home in on phones, which usually max out on signal and tell your This would not work, because cells are not static (new cell emerge, covered area changes, etc.) and opencellid database is not regularly updated. There could also be femtocells used, etc... Regards, M. From azet at azet.org Tue Dec 10 05:06:18 2013 From: azet at azet.org (Aaron Zauner) Date: Tue, 10 Dec 2013 14:06:18 +0100 Subject: Android IMSI Catcher detection In-Reply-To: References: <52A5CA60.2050403@owca.info>

Message-ID: <29AB289E-3754-4D81-92D6-0A6B9DAE2231@azet.org> Hi *, This might be of interest to you guys: https://opensource.srlabs.de/projects/catcher/wiki Cheers, azet -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1091 bytes Desc: Message signed with OpenPGP using GPGMail URL: From coderman at gmail.com Wed Dec 11 00:09:49 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 00:09:49 -0800 Subject: Fwd: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> Message-ID: ---------- Forwarded message ---------- From: coderman Date: Tue, Dec 10, 2013 at 7:12 PM Subject: Re: [cryptography] Which encryption chips are compromised? On Tue, Dec 10, 2013 at 4:11 PM, wrote: > ... > For this to be an explicit line item in that document, it > has to be special. The two classes of "special" that occur > to me are (1) XXXXXX has a near monopoly (like Broadcom > does in its sector) or (2) XXXXXX is uniquely vulnerable to > blackmail (a merchant with an export control problem, say). you ask interesting questions Dan, and draw useful conclusions :) some items to note: - is this DUAL_EC_DRNG? don't think so. deadline is FY 2013. - is this DUAL_EC_DRNG? the market for closed source, proprietary crypto solutions is small (and growing smaller, :( - is this XSTORE? it's been a while. but never should have been used directly. see mtrngd with MSR bits set no whitening, max sample, max freq. into mix + conservative estimate before /dev/random write. > But in related news: > > Engineers abandon encryption chips after Snowden leaks > http://rt.com/usa/snowden-leak-rng-randomness-019/ some cryptographers and cypherpunks have become despondent or dejected or demoralized by these events. i see a larger picture: never before have so many been doing crypto less wrong! ;P From coderman at gmail.com Wed Dec 11 00:10:24 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 00:10:24 -0800 Subject: Fwd: [zs-p2p] [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say In-Reply-To: <52A78712.8000801@gmail.com> References: <227BEBDF-7DDF-4CE2-92E8-F6D3CF274E58@gmail.com> <52A78712.8000801@gmail.com> Message-ID: ---------- Forwarded message ---------- From: Bill Cox Date: Tue, Dec 10, 2013 at 1:26 PM Subject: Re: [zs-p2p] [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say To: cryptography at metzdowd.com I think there may be weaknesses in Intel's hardware RNG. I took a good look at Intel's hardware random number generator source. There's a paper analyzing it here: http://www.cryptography.com/public/pdf/Intel_TRNG_Report_20120312.pdf The basic idea is that back-to-back inverters, when powered on, flip one way or the other randomly, sort of like DRAM memory when our computer's power on. By powering on a single pair of back-to-back inverters over and over, they can generate a random bit per cycle, at about 3 Giga-bits/second, which is amazing! Here's my concerns about the the paper: - I saw no mathematical analysis of how much noise exists in the system and how strongly it will influence the result each cycle. There were generalities about how the noise could cause the output to be random, but no numbers at all. - There is an assumption that the capacitors are charged/discharged by 10% of the standard deviation of the noise. I saw no justification for this. It seems they simply assumed best case. - The paper is about as objective as a mother talking about her children. For example: "Overall, the Ivy Bridge RNG is a robust design with a large margin of safety that ensures good random data is generated even if the ES is not operating as well as predicted." Based on what? - I am not convinced they have the right model for the entropy source. They add noise to the bias on the capacitors, and compare that to 0 to determine the next output bit in their model. I think the main source of noise may be the randomness in number of electrons added/subtracted each cycle, and that the back-to-back inverters in the absence of other noise may be acting almost as an ideal comparator. However, if this were the case, even if there were 10% noise in the number of electrons, there would be considerable correlation between bits. I also have questions about the design itself. My main concern is that noise on the VDD rail could easily determine the output. For example, if the transistors are mismatched, which of course they will be, and the bias is set exactly right on the caps so there's a 50-50 chance of a 0 or 1, and suddenly VDD drops 10% due to a rising edge of the the main system clock, then the inverter with higher gate thresholds will become weak faster than the other one, thus determining which one wins. Since this circuit runs asynchronously from the main system clock, I could easily see the 3MHz system clock phase relative to the entropy generator clock determining most of the results from the entropy source, while looking fairly random. Any weakness in the raw random data stream is hidden from us by the AES encryption done as a post-process. I simulated back-to-back inverters in my .35u low power CMOS process in SPICE to see if I could figure out how to make a practical circuit using Intel's topology. If it works, it would be fantastic. I think I can get rid of most of the supply noise issues. I had a similar problem in my "Infinite Noise Multiplier", so I switched to powering the circuit with nothing but large W and L constant current sources, and using the range from 0V to Vref, rather than 0V to VDD, because Vref is stable relative to AVSS. However, I wasn't able to get enough noise to make Intel's ciruit work, though that may be due to limitations in the SPICE simulator. Has anyone else had success using Intel's RNG topology? From coderman at gmail.com Wed Dec 11 00:10:52 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 00:10:52 -0800 Subject: Fwd: [zs-p2p] [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say In-Reply-To: <52A7AA6B.3050300@gmail.com> References: <227BEBDF-7DDF-4CE2-92E8-F6D3CF274E58@gmail.com> <52A7AA6B.3050300@gmail.com> Message-ID: ---------- Forwarded message ---------- From: Bill Cox Date: Tue, Dec 10, 2013 at 3:57 PM Subject: Re: [zs-p2p] [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say To: cryptography at metzdowd.com I have to take back my criticism of Intel's RNG. I got my sims working for a version of their architecture in .35u CMOS, and it's simply better than my "Infinite Noise Multiplier". It's probably the best true random noise generator ever. I still don't like how their schematic is seems highly sensitive to supply noise, but we don't know what the actual circuit looks like. Intel hasn't told us. So, I'm going to modify it a bit to use the resistors available on my chip and reduce the caps, fix the supply sensitivity, and I think I can run 16 of these things in parallel at 100-200MHz on the tiny .35u CMOS chip I'm designing. I'll spit out the raw waveforms from the inverters, buffered once, through 16 "analog" pins, so there wont be any fear (hopefully) that I'm cooking the data on-chip, before you can see it, and I'll open-source the schematics. If there's a circuit that can consume all 1.6Gbit/sec of this raw data, have fun with it! On the digital side, I'll XOR bits together to get the bandwidth down to something reasonable, which I can send over USB, and provide a simple Linux driver. This thing will definitely put out RF, but since I'm making the raw data available at the pins, should I care? By the way, this is just a for-fun project at work. I get to do a free chip design :-) From coderman at gmail.com Wed Dec 11 00:11:18 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 00:11:18 -0800 Subject: Fwd: [zs-p2p] [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say In-Reply-To: References: <227BEBDF-7DDF-4CE2-92E8-F6D3CF274E58@gmail.com> <52A7AA6B.3050300@gmail.com> Message-ID: ---------- Forwarded message ---------- From: coderman Date: Wed, Dec 11, 2013 at 12:06 AM Subject: Re: [zs-p2p] [Cryptography] Fwd: [IP] 'We cannot trust' Intel and Via's chip-based crypto, FreeBSD developers say To: zs-p2p at zerostate.is On Tue, Dec 10, 2013 at 3:57 PM, Bill Cox wrote: > ... > So, I'm going to modify it a bit to use the resistors available on my chip > and reduce the caps, fix the supply sensitivity, and I think I can run 16 of > these things in parallel at 100-200MHz on the tiny .35u CMOS chip I'm > designing. I'll spit out the raw waveforms from the inverters, buffered > once, through 16 "analog" pins, so there wont be any fear (hopefully) that > I'm cooking the data on-chip, before you can see it, and I'll open-source > the schematics. If there's a circuit that can consume all 1.6Gbit/sec of > this raw data, have fun with it! raw samples at 1.6Gb/s would be useful infrequently[0]; raw samples from a trusted device extremely useful at any bitrate! what is "my chip" and how can we find out more / support your efforts? best regards, 0. to date i have only maxed out 400Mb/s raw VIA Padlock sources for SSD FDE initialization and constructed experiments in temporal key rolling. it is however common to regularly consume on the order of 10Mb/s on a busy server, generating many keys, using crypto happy software, etc. (this is why every processor, every embedded device should have a physical entropy source, with access to raw samples. still waiting...) From coderman at gmail.com Wed Dec 11 07:17:09 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 07:17:09 -0800 Subject: Android IMSI Catcher detection In-Reply-To: <52A877FA.9090901@disman.tl> References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> <52A6F367.3000909@owca.info> <52A877FA.9090901@disman.tl> Message-ID: On Wed, Dec 11, 2013 at 6:34 AM, Dan Staples wrote: > This morning's NSA article from WaPo contains some slides mentioning > USRP equipment[1]. It's hard to say without more context whether it's > referring to the GSM equipment from Ettus...anyone care to speculate? > The USRP series doesn't exactly seem like carrier-grade equipment, but > perhaps the NSA has a good reason to use it. the partnership with NGA to deploy them gives a hint: this is putting USRPs up close and personal to target for exploitation. (the USRP's are definitely more portable than my favorite SDR, the Noctar[0]!) given the obtained bits mentioned (WLLids, DSL accounts, Cookies, GooglePREFIDs) gathered and then handed off to TAO for further QUANTUM INSERT fucking of target systems it is likely they are doing GSM/cell MitM to observe identifiers, along with WiFi attacks, and other egress rather than deploying baseband exploits or deep active attacks directly against the devices or other networks they're communicating with. thus CNE in this case is cell MitM/WiFi pwn with a USRP rogue tower to get identifiers for TAO. and TAO is where they get dirty with "remote exploitation" of the device itself and other targets on networks it uses. we've seen how they have a smorgasbord of weaponized exploits to cover the gamut of target hardware and technical acumen in the QUANTUM INSERT / TURMOIL / TRAFFICTHIEF / MUTANT BROTH / etc, etc. style efforts. it appears they're using this same infrastructure where possible for mobile; restricting CNE on the ground only to target. best regards, 0. Pervices Noctar http://www.pervices.com/support/ From coderman at gmail.com Wed Dec 11 07:22:12 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 07:22:12 -0800 Subject: Android IMSI Catcher detection In-Reply-To: References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> <52A6F367.3000909@owca.info> <52A877FA.9090901@disman.tl> Message-ID: On Wed, Dec 11, 2013 at 7:17 AM, coderman wrote: > ... > thus CNE in this case is cell MitM/WiFi pwn with a USRP rogue tower to > get identifiers for TAO. and TAO is where they get dirty with "remote > exploitation" of the device itself and other targets ... see also this section on the OPEC hacks: http://arstechnica.com/information-technology/2013/11/quantum-of-pwnness-how-nsa-and-gchq-hacked-opec-and-others/ """ Here’s how the NSA and GCHQ go after an organization like OPEC step by step, based on an analysis of the NSA and GCHQ documents exposed by Snowden: Step 1: Identify. Using the NSA-built packet capture and inspection system called TURMOIL, the agencies filter through Internet traffic at a network choke point looking for specific "fingerprints" in traffic that identify users with the organization being targeted. Data from TURMOIL gets pulled into a number of traffic analysis tools, such as XKeyscore and TRAFFICTHIEF, which do different sorts of packet analysis. XKeyscore is the NSA's distributed search engine, catching a large chunk of international Internet traffic for analysis. It helps find things deep in the clutter of the Internet that analysts might miss by allowing them to use search terms to find things in both live and cached Internet traffic. TRAFFICTHIEF, on the other hand, is much more focused. It filters for very "strong" indicators, like known sets of IP addresses, addresses within e-mail traffic, or user names in logins to social networks or other services. It provides less depth of analysis than XKeyscore, but it can handle much larger loads of data because it is more selective about what it processes. Together, the tools can be used to identify the systems used by an individual or organization, including ranges of addresses that they may use from work or home. Step 2: Target. Using the profiles built using the surveillance tools, the agencies can then identify potential points of attack. XKeyscore, for example, can be used to search for patterns that identify known security vulnerabilities within a range of addresses. Web visit histories, e-mail traffic, and other data are analyzed looking for the most likely (and least detectable) approach to gain access, and a specific attack plan is crafted, including the identification of where to launch the attack from. At the NSA, this sort of thing is the work of Tailored Access Operations. In the case of OPEC, the targeting process apparently went on for several years as the NSA sought openings for an attack. Step 3: Attack. Depending on who the target is, the NSA and GCHQ have a variety of options. The least costly is to use access provided by one of the intelligence agencies' telecommunications "partners" who own network equipment at an exchange or other choke point that the target's Internet traffic passes through. The agency running the attack can use that access to introduce changes to Internet routing tables that detour the targeted individual's traffic. But in some cases, the NSA and GCHQ may have to perform "unilateral" taps on network backbones to gain that level of access—targeting a piece of network hardware to take over or splicing directly into the target's own connection to the Internet. It's not clear which attack the NSA used to gain access to OPEC's systems, though the GCHQ used a Quantum attack two years later to gain its own very special access to the cartel's network. In the case of the Belgacom hack, the GCHQ used a Quantum insert attack—routing the Web requests for LinkedIn and Slashdot from the engineer being targeted to a server posing as those sites. The NSA has used the same approach to intercept traffic to sites such as Google. The man-in-the-middle server can present content from the actual sites the target intended to visit, but it can also add content to the traffic, using what's called packet injection—modifying the contents of the data as it passes through—and intercept the user's credentials. And by using a forged certificate, the NSA can intercept encrypted traffic intended for the destination site. Once the user has connected to the fake server, the intelligence agencies can use the connection to launch attacks against the target's Web browser to install monitoring software or other malware, using similar techniques to those used by hackers. They can also use credentials exposed via the man-in-the-middle attack to gain access to other accounts owned by the target and to troll through connections in those services that might be potential targets. Step 4: Exploit. Once the target's computer has been successfully attacked, the effort begins to look much like that of the Chinese cyber warriors' attack of the New York Times or what cyber criminals typically do when they score access to high-value targets. The agencies' hackers work to stealthily expand their level of access, using customized remote administration tools to grab user privileges and gain access to other network resources—mail servers, file servers, and other network systems. They then start to "exfiltrate" data from these systems and deliver them to analysts. """ From griffin at cryptolab.net Wed Dec 11 07:39:28 2013 From: griffin at cryptolab.net (griffin at cryptolab.net) Date: Wed, 11 Dec 2013 07:39:28 -0800 Subject: Android IMSI Catcher detection In-Reply-To: <52A877FA.9090901@disman.tl> References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> <52A6F367.3000909@owca.info> <52A877FA.9090901@disman.tl> Message-ID: <90ca1f172fa803bf546977a636f23af8@cryptolab.net> Dan Staples ha scritto: > Simply getting cell > tower database dumps from the telcos would suffice for location info, > so > I would guess this has a different purpose. The NSA doesn't seem to want to play by the typical LEA best practices. So they might not be willing to send a formal request for data on a particular party (lest it be leaked or the target find out). My bet is real-time call interception for high-value targets. If ye-random security researcher can crack most GSM encryption and listen in or inject fake content with cheap hardware, then the NSA certainly has people who can make that happen as well (and with billions of dollars to throw at the problem). ~Griffin From danstaples at disman.tl Wed Dec 11 06:34:34 2013 From: danstaples at disman.tl (Dan Staples) Date: Wed, 11 Dec 2013 09:34:34 -0500 Subject: Android IMSI Catcher detection In-Reply-To: <52A6F367.3000909@owca.info> References: <52A5CA60.2050403@owca.info>

<52A62F25.3030205@owca.info> <2ff1d371-5c2e-4dda-b6af-3a0e84fe77d2@email.android.com> <52A6F367.3000909@owca.info> Message-ID: <52A877FA.9090901@disman.tl> This morning's NSA article from WaPo contains some slides mentioning USRP equipment[1]. It's hard to say without more context whether it's referring to the GSM equipment from Ettus...anyone care to speculate? The USRP series doesn't exactly seem like carrier-grade equipment, but perhaps the NSA has a good reason to use it. Maybe baseband exploitation, as coderman has previously mentioned? Simply getting cell tower database dumps from the telcos would suffice for location info, so I would guess this has a different purpose. [1] http://apps.washingtonpost.com/g/page/national/nsa-signal-surveillance-success-stories/647/#document/p3/a135606 On 12/10/2013 05:56 AM, Matej Kovacic wrote: > Hi, > >> Can/do IMSI systems spoof tower id: is there anything in GSM to make >> towers self-verifying? I'm guessing no, in which the above would be very >> poor. > No, the problem is, that mobile phone authenticates to mobile network, > but the opposite is not true. Since mobile network does not authenticate > itself to mobile phone, IMSI Catcher attacks are possible. > > There has been also demonstration of "home-made" IMSI Catcher based on > Osmocom platform last year at the CCC conference. > > The video of the presentation "Further hacks on the Calypso platform" by > Sylvain Munaut is here: > http://media.ccc.de/browse/congress/2012/29c3-5226-en-further_hacks_calypso_h264.html > > So, it is very easy to set up fake cell with any cell ID. > >> Also of note is API for signal strength, so a mapping of known towers to >> expected strength at location XYZ could be used to detect systems used >> to home in on phones, which usually max out on signal and tell your > > This would not work, because cells are not static (new cell emerge, > covered area changes, etc.) and opencellid database is not regularly > updated. There could also be femtocells used, etc... > > > Regards, > > M. > -- http://disman.tl OpenPGP key: http://disman.tl/pgp.asc Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9 From coderman at gmail.com Wed Dec 11 14:08:46 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 14:08:46 -0800 Subject: Android IMSI Catcher detection In-Reply-To: <20131211200728.5D5872280F4@palinka.tinho.net> References: <20131211200728.5D5872280F4@palinka.tinho.net> Message-ID: On Wed, Dec 11, 2013 at 12:07 PM, wrote: > ... is the kind > of remote penetration of potential enemies by technical means, such > as coderman postulated at length, closer to politics or closer to > war? Or, in current argot, is it closer to cyberpolitics or closer > to cyberwar? CNE+TAO as non destructive espionage (politics) but they also play CNE+TAO as kinetic force multiplier (war) so the answer is: both! depending on the target... From dan at geer.org Wed Dec 11 12:07:28 2013 From: dan at geer.org (dan at geer.org) Date: Wed, 11 Dec 2013 15:07:28 -0500 Subject: Android IMSI Catcher detection In-Reply-To: Your message of "Wed, 11 Dec 2013 07:22:12 PST." Message-ID: <20131211200728.5D5872280F4@palinka.tinho.net> coderman writes >... a lot. Which I've elided... As a vaguely snarky remark on my part, when one quotes von Clausewitz, "War is the continuation of politics by other means," is the kind of remote penetration of potential enemies by technical means, such as coderman postulated at length, closer to politics or closer to war? Or, in current argot, is it closer to cyberpolitics or closer to cyberwar? See, http://ecir.mit.edu/ (Office of Naval Research N00014-09-1-0597) http://www.atlanticcouncil.org/publications/books/a-fierce-domain-conflict-in-cyberspace-1986-to-2012 (viz., book _Fierce Domain_) --dan From coderman at gmail.com Wed Dec 11 18:00:50 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 18:00:50 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: <20131211001137.892EA228094@palinka.tinho.net> References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> Message-ID: On Tue, Dec 10, 2013 at 4:11 PM, wrote: > > * (TS//SI//REL TO USA, FVEY) Complete enabling for [XXXXXX] > > encryption chips used in Virtual Private Network and Web encryption > > devices. [CCP_00009]. > > For this to be an explicit line item in that document, it > has to be special. unredacted: https://peertech.org/dist/nsa-cpp-goals-FY2013-unredact.png "Intel Ivy Bridge" From coderman at gmail.com Wed Dec 11 18:04:39 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 18:04:39 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> Message-ID: On Wed, Dec 11, 2013 at 6:00 PM, coderman wrote: > ... > "Intel Ivy Bridge" http://en.wikipedia.org/wiki/Ivy_Bridge_(microarchitecture) """ Ivy Bridge is the codename for a line of processors based on the 22 nm manufacturing process developed by Intel. The name is also applied more broadly to the 22 nm die shrink of the Sandy Bridge microarchitecture based on FinFET ("3D") tri-gate transistors, which is also used in the Xeon andCore i7 Ivy Bridge-EX (Ivytown), Ivy Bridge-EP and Ivy Bridge-E microprocessors released in 2013. """ From coderman at gmail.com Wed Dec 11 18:16:07 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 18:16:07 -0800 Subject: Android IMSI Catcher detection In-Reply-To: References: <20131211200728.5D5872280F4@palinka.tinho.net> Message-ID: Regarding the CCP FY 2013 goals per https://peertech.org/dist/nsa-cpp-goals-FY2013-unredact.png, "Make gains in enabling decryption and Computer Network Exploitation (CNE) access to fourth generation/Long Term Evolution (4G/LTE) networks via enabling. [CCP_00009]" i wonder if they upgraded to N210 (pairs?) for good 4G/LTE performance? https://www.ettus.com/product/details/UN210-KIT From coderman at gmail.com Wed Dec 11 19:01:31 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 19:01:31 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> Message-ID: On Wed, Dec 11, 2013 at 6:28 PM, Steve Weis wrote: > ... > Ivy Bridge processors are general purpose x86 CPUs. It doesn't make sense to > me to refer to it as an "encryption chip" for "web encryption devices". "used in Virtual Private Network" == PPTP,IPsec,OpenVPN,etc. "Web encryption devices" == in my interpretation, this is any targeted hardware with the vulnerable chip. it could be a tablet, a desktop, and rack mount server... any of these platforms could speak VPN or Web crypto. TAO/SCS do like to get into the switches though ;) > Do > you know of products using IVB processors for SSL offloading or in VPN > appliances? mostly "cloud infrastructure", "software defined data center", and the like: http://www.routeranalysis.com/the-vyatta-cloud-router-story/ http://www.routeranalysis.com/etsi-network-function-virtualization-working-group/ > To me, the redacted document sounds like it's referring to a security > processor used for SSL offloading. For example, something like a Cavium > Nitrox (which I'm not implying is the subject of the document). back in the day, Sun got tired of the (relatively) slow performance and latency of crypto offloading via bus and simply threw it into the core. you were still offloading crypto, but within the CPU. also note that endpoint compromises sufficient to decrypt VPN or secure web traffic is already present in TAO/CNE's tasking. this effort [CCP_00009] may focus on VPN concentrator / secure web proxy deployments specifically to handle the RDRAND lookup per their private starting counter. previous back doors have also used entropy leakage sufficient to bring a brute force attack into reasonable effort, while still denying third parties a class break of the entropy / keys used. this type of key space search is not done on the ground with portable CNE but instead back at SCS... on a related tangent, the lack of additional disclosures is quite frustrating. this entire conversation would be resolved in a glance if $the_snowden_gatekeepers were acting in the public interest. :/ best regards, From juan.g71 at gmail.com Wed Dec 11 15:42:53 2013 From: juan.g71 at gmail.com (Juan Garofalo) Date: Wed, 11 Dec 2013 20:42:53 -0300 Subject: Tradeoffs in Cyber Security Message-ID: <36EBF5782B0B75E037276B96@F74D39FA044AA309EAEA14B9> http://geer.tinho.net/geer.uncc.9x13.txt "The essential character of a free society is this: That which is not forbidden is permitted." That's a useless tautology. The essential character of a free society is unconditional respect for life liberty and property of people, worldwide, PLUS a libertarian culture. "The essential character of an unfree society is the inverse, that which is not permitted is forbidden." That's the inverse of the previous, virtually meaningless tautology. "The U.S. began as a free society without question;" That's a glaringly false statement. The US began as a **slave society** and remained a **slave society** until a crazy **civil war** ended slavery well into the 19th century, though that was **not** the main goal of the civil war anyway. Today the US is the biggest fascist country on the planet (fascism = militarism, nationalism, collusion of big business and government). I'm wondering if Dan's technical views on so called cybersecurity are as idiosyncratic as his political theory? From electromagnetize at gmail.com Wed Dec 11 19:04:24 2013 From: electromagnetize at gmail.com (brian carroll) Date: Wed, 11 Dec 2013 21:04:24 -0600 Subject: catalog A & B (urls) Message-ID: // contact electrification using patterned nanomaterials... // note: the gap, equilbrium via chargeflow, as if via entropy. // discovery originating from malfunctioning piezo-sensor... Capturing wasted electricity with triboelectric generators http://phys.org/news/2013-12-capturing-electricity-triboelectric.html [quote] "Beyond generating power, the technology could also provide a new type of self-powered sensor, allowing detection of vibrations, motion, water leaks, explosions – or even rain falling." ... "They have learned to increase the {power output density by a factor of 100,000} by applying micron-scale patterns to the polymer sheets. The patterning effectively increases the contact area and thereby increases the effectiveness of the charge transfer." [unquote] (the idea of energy harvesting includes recovering energy from everyday kinetics, cars driving on roads, people walking on surfaces. ubiquitous potential energy, how to gain access or tap into latent energy sources everywhere. this perhaps a viable approach to engage the ubiquity if it is ever actually realized and retains its economics; also- still not understanding how this is related or not to electrostatics, is it comparable to an electrostatic generator or electrostatic sensor that registers strain via charge movement, perhaps at momentary high voltage like a static shock though cannot be sustained thus about trickle charges, supercaps, those circuits, perhaps zigbee-like self-sustaining sensor network infrastructures. would it have potential for clothing to harvest small amounts of kinetic movement and like charging a cellphone slowly, use longer durations of time to harvest, attain, store usable current, in normal applications) Why Transit Riders Give Terrible Directions http://motherboard.vice.com/blog/transit-riders-dont-know-where-shit-is "Is cognitive passivity during travel wearing on city travelers' abilities to create mental maps?" // 16 segment LED display + persistence of vision, // now imagine this as a ring platform for comms. // else IR messaging to video via drone in night sky AlphaPOV: An alphanumeric persistence of vision display http://www.evilmadscientist.com/2007/alphapov-an-alphanumeric-persistence-of-vision-display/ [image] NSA as Ceiling Cat http://i.imgur.com/HwJSaSY.jpg [image] diagram http://www.via.com.tw/en/images/initiatives/padlock/fig_aes.gif What kind of sorcery illusion lets these two blocks be the same color? http://sploid.gizmodo.com/what-kind-of-sorcery-illusion-lets-these-two-blocks-be-1478431828/@caseychan == NSA question == how to validate this is the real cypherpunks mailing list and not an emulation on an NSA server? is there any kind of technical protocol that allows this to be evalauted. is everyone seeing the same content. or if a mimic-site, what if the substitute functions as the real list, etc. in other words: could a person's entire online experience be mediated through a false perspective WWW universe constructed by forged sites maintained by the NSA... and further, is it even possible to be outside control of the NSA within an electromagnetic context, if targeted. this involving not only telecom, also nervous system. --- CF (collider function): Harmony in Chaos http://www.minted.com/design-rating/90358 http://www.mnartists.org/work.do?rid=342303 Geek Chic Computer Jewelry // now what if it was functional... High-tech Jewelry made from Computer & Electronic Components http://www.pinterest.com/chipsetc/geek-chic-computer-jewelry/ == note on crypto == wondering if a distinction could be made in the realm of cryptology as with other disciplines whereby there is an existing functionality and then an edge condition of developing ideas where intuitions may be pursued, tested, learned from. i see people in various disciplines working on 'ideas' as part of their work, whereas the same tasks can be pursued in purely functional, managerial terms likewise, perhaps involving an existing mode of operation versus evaluating various parameters or potential paradigms. in some sense then, as with art, there are artists who have skills and can develop their work within a given set of parameters, and others who may be more abstract and involved in this abstraction at the level of ideas, questioning of existing presumptions. i relate this condition and pursuit to 'conceptual art', rightly and-or wrongly, having only an intuitive understanding of what it involves versus art historical accounts of what it means and how it is identified. then, so too with music. there are some who perform and develop music within traditional or known parameters, and others who test or question the limits though also in a deep realm of ideas. and this tends towards 'conceptual music' in my sensibility, because more is involved than what may be discerned from the aesthetics and it may take more to understand it as it may operate in different parameters than what is already known, and may need evaluation within a different sensibility to access what it involves, which may center on grounding of ideas or conceptions beyond a given interpretation, model, or limit in standard approaches. this then relating also to the rich realm of conceptual architecture, typology seemingly having a unique role in this (ex. architects Boullée and Ledoux from the enlightenment era when studying ruins and the discipline of archaeology began, if remembering correctly, moving into another realm perhaps tending towards the surreal compared to existing approaches)... Boullée http://en.wikipedia.org/wiki/%C3%89tienne-Louis_Boull%C3%A9e https://www.google.com/search?q=Boull%C3%A9e&client=firefox-a&hs=KOV&rls=org.mozilla:en-US:official&channel=rcs&source=lnms&tbm=isch Ledoux http://en.wikipedia.org/wiki/Claude_Nicolas_Ledoux https://www.google.com/search?q=ledoux+architect&client=firefox-a&rls=org.mozilla:en-US:official&source=lnms&tbm=isch (note: relation of Cenotaph for Newton and nuclear reactor, containing fission of sun inside building type, significance for evaluating landscape, environment, meaning, symbolism) it is as if 'ideas' and their contemplation was more readily at the center of questioning, the basis for what is developed, less so than unquestioned conventions repeated as patterns. and this continued as a major approach, including Le Corbusier and others, within certain parameters, though a 'high conceptualization' can be involved in an activity that in the griops of other practitioners is merely a functional question that has already proscribed solutions that can be uniquely or methodically rearranged though perhaps not fundamentally questioned. so in some sense the fundamentals or basis or foundational and its basics are secured and relied upon or brought into question and further tested, experimented with, refined, or moved beyond perhaps in particular circumstances as a model or approach. this conceptualization continued into the 1960s (such as Archigram) into the 1980s though its purpose seemed to be made profane, focused on the image as a basis for abstraction, and the deeper questions of architecture ignored for a shallow aesthetic approach that can be hollow or ungrounded from 'reality' in some significant sense, detached from issues and people and of a realm of CAD design, as if architecture is only industrial design, creating pleasing objects or sculpture devoid of economic, social, political, cultural issues it involves, its deep meaning and insight, and instead, developing blindness. this is more anti-architecture, the concept is not about ideas but about extending an ideology of a particular warped value system, and so the image is like an illusion of what actual architecture is, in its greater purpose and mission. not trivial, not just manufacturing buildings or 'culture' as if a fashion item to be copied, reproduced as a trend or style, yet that is what it has devolved to in tersm of its 'ideas', in many or most cases- if just on its detachment from understanding nature itself and people and serving these interests instead of designing building as part of a political-economic flow that aestheticizes an existing and harmful way of life, yet makes it as enticing as possible. (in this way the excellent observation of such 'architecture' as pornographic forms, as introduced by Dr. Elisabeth von Samsonow in The Plasticity of the Real video lecture.) i tend to consider this earlier intersection between archeology and architecture vital for understanding both disciplines in their interrelated depth, bridging past and future, and asking questions again in a different context than just a present mode of operation. thus to question and learn from ruins or evaluate a situation in a larger context than it may otherwise have due to convention. and it appears a lot is lost to narrowed conception of processes and existing functioning that may limit potentials for insight and innovation beyond the existing boundaries, again due to convention if not conforming to rules or patterns or models that may already work in the given constraints or parameters- though these too also change and transform over time, yet the 'ideas' attached to them do not, and often approaches can become fixed ideas or conceptions, as if the world does not change becomes a routine is continued the same, even while everything is shifting underneath yet may be unrecognized in a given approach or even denied, to retain a way of doing things and thinking, beliefs, etc. so, a potential exists and perhaps it is like basic research of architecture or a given discipline, where it may not be ready to be applied or may question fundamental assumptions and this is purposeful and can be extraordinarily beneficial if it cracks open the malmodeling that may become standardized as approach, and allow other development to occur by falsifying given notions or providing alternative paths or techniques. and yet also, infrastructure can exist that forbids this from occurring, that limits any such conceptions, or confines questioning to what amounts to only small tweaks in the functional circuitry because it is a situation that is nearly completely controlled and there is little room within for fundamental changes and an entire system would need to be rebuilt from scratch to replace what exists, otherwise. and there are dreamers who do this, and architects who focus on utopia. or modeling of cities. Frank Lloyd Wright (FLlW) had his vision for the development of the US which was based on a different approach to city planning, democratizing it via planning principles if not mistaken, though part of this was developing a low-cost affordable home (if not made of concrete), the USonian home, a unit or component in the larger integrated plan of massive development. Le Corbusier had skyscrapers and green spaces as part of the Ville Radieuse (my memory is gone though approximating a general sketch of approaches) and both these efforts were based on social goals, what architecture and master planning can effect via focused development. and Arcosanti by Paolo Soleri is yet another example, building a prototype community with new building techniques as part of a larger vision that is potentially counterpoint to the existing approach, and that there is a tradition of this questioning of existing development patterns and yet it is also fraught with issues in the realm of ideas as relativism bounds such inquiry. http://en.wikipedia.org/wiki/Usonia http://www.steinerag.com/flw/Artifact%20Pages/PhRtUsonAuto.htm http://en.wikipedia.org/wiki/Ville_Radieuse http://en.wikipedia.org/wiki/Arcosanti for accuracy it should be noted that this innovation in thinking has basically evaporated from the practice of architecture, it is completely without support as a research endeavor in the given model of education and development, as if the technical approach + aesthetic fashion is the peak sum of its content as fixed-idea, though it is more a purification of given ideology intimately tied to existing warped economic, social, political agendas evidenced as "culture" that is antihuman, against nature, against thought, essentially anti-architecture as it exists. so the conceptual potential of architecture, the critical questioning of assumptions can be lost or drown out by other priorities or values, superseded by a particular view or agenda that in turn limits what can be pursued in that domain, as it becomes normalized, made a shared worlview, institutionalized. yet likewise, detached from fundamentals edited or censored out of existence given the tyranny of convention or otherwise, e.g. deceptive motivations. and so at the edge of development, there could be little blood occurring because there is no real-stake involved at this leading or front position. it could be somewhat mundane or basic or commonplace, detached from significance or risk, and more about continuing to extend a particular approach than testing, questioning, learning and pivoting into other unknown or newly discovered realms via discovery, innovation, invention, failure even and falsfication of beliefs and approaches. defeat of ideology. instead- there are no ideas, potentially. just the same old beliefs repeated ad naseum yet without questioning them again and again, thus to assume their rightness or correctness through their repetition, no more integrity than that. thus mediocrity as a type of security even, doing what has been done as a validation process or confirmation of value, matching a pattern as pattern and not its truth it must represent. and thus the detachment, the moving away from what is vital, developing in the wrong ways and directions towards a false viewpoint and framework, if not at odds with what is needed. and this all occurs automatically- especially in peoples minds and thinking, psychologies and relations, as individuals and groups then combine into organizations, continuing such efforts. conceptual architecture is then about ideas. thinking through architecture, architecture as a model, a medium for ideas. for communication and relation. the importance of language in all the above examples, and its fundamental relation to geometry (art, music, architecture). and this fundamental consideration also involving a kind of philosophical approach to the questioning, in terms of research, the basics, fundamentals, foundation of disciplines and beliefs, techniques approaches actions, methodology. questioning, debate, discussion, the role of basic research in development, its application over time via refinement, testing of hypotheses and improvement of models and approaches. it is not just engineering alone. and it also involves a larger domain than just a detail, so while research into concrete may always be ongoing, that concrete sidewalk technology around for thousands of years since Roman times, the heated sidewalk or improved wear or illumination or concrete via other additives to the mixture is not in itself a larger modeling of the depth and breadth of the question of architecture beyond that narrowed realm- though can be incorporated into it as a vital detail, and so definitely is related, though a part of a larger research enterprise, a larger more encompassing and ecosystem view, where each detail has its value and importance and insight, yet in the realm of ideas, 'big ideas' need to occur to frame the big situations, and to limit these to finite or specific details then bounds what can occur. it is equivalent to saying we can build skyscrapers to look like furniture and if that is all it involves, a vast many other potential realms of questioning or consideration can be lost in the process as it is defined and conceived, in terms of what is and is not considered, put on the table in terms of questioning. for most the skyscraper itself as a building type has become a default solution, so too the high rise city as a defacto approach to eco/soc/pol development, yet it is fraught with vast many problems and creates and solidifies certain patterns that are ineffective, inefficient, though believed the correct way because that is the standard, the way things are done today and how wealth or success has been generated. it is an engine, in other words, that provides momentum to many industries and questioning it as foundation could even be heretical. and thus if questioning is removed, everything works just like a machine. yet a machinery that is functioning against life, the earth, people, economics, society, and other dimensions if a true accounting were to take place beyond the controlled viewpoint that secures this approach. conceptual architecture potentially could delve into these areas, yet without support or even vital influence upon these processes, either for being unrealistic or uneconomical or without existing capacity, technology, or other limitations that restrict alternatives from developing. again- the lack of research and its replacement by a default 'ideology' the indicator that the process is determined by an existing agenda that does not want to be fundamentally questioned in its rightness, correctness as method, practice, income-generating structuring. and yet an amazing discipline such as architecture can then lose its soul, its essence, its insight and become shallow, ungrounded from reality, and force disconnection through its development which then is no longer actual or real architecture and instead something else, a substitute process that stands-in for it as mimic, yet operating within different principles that confine questioning to a narrow range of consideration that basically destroys it, the ideas turning to answered questions, architecture turned against itself, becoming only a question of engineering, the art of construction being about decorative buildings instead. though no deep insight into the human condition beyond an archaeological condition where these forms can be evaluated, analyzed, as they map to social, political, economic issues, versus serving people as part of a heightened moral and ethical obligation, service to culture and its development, not turning away from it for money or just another career, etc. and thus 'the ideas' of architecture are nowhere to be found within the field as it exists today, they are instead censored out of it by default of the existing securing of ideology within institutions as this then is the basis for further development within constrained parameters of "design" that has more in common with the particularities of fashion than wide-ranging investigation into questions and understanding and development of culture in its highest manifestation, to include the role of technology and its coherent and innovative integration within built form, which instead becomes a manufacturers and industry consideration: "smart homes", etc. this versus master planning of civilization across all of its dimensions in a cohesive clear vision. this as context for cryptography, in that there may be a standard approach via public-key or other security systems in place that have become normalized, made routine as processes and that assumptions may readily exist as 'solutions' that remain bounded in given considerations while there could be more going on beyond the existing framework or limits of these same systems in practice, when evaluated in terms of basic research, tweaked or tested or broken, and this appears part of a vital process of improving and securing cryptographic systems even. that a basic RD&D process exists already, though to still question- within what parameters and is it possible that the existing modeling is based on fundamental assumptions that could in some way be limited or narrowed and a larger inquiry is restricted because of these beliefs that become 'assumed truths' via their restricted boundaries, as if knowns or certainties due to history or precedent yet these not brought back into questioning again (reinterpreting of previous models, as if archeological ruins even, where new insights may still be available or other approaches discovered through their reevaluation and testing of assumptions). it is to question if there may be a distinction made between cryptography that is operational and active, that exists as an infrastructure and working system (however rube-goldberg the issues of implementation, chaos of variability as it connects with secured/insecure modes), and what may be a more research-oriented approach, not just into mathematical approaches to cryptographic modules, and instead potentially further into the most basic realm of crypto questioning, perhaps at the level of signs & symbols (language) and how operations function (geometry) instead of an algorithm that is operational as software approach or methodology, within a given or existing set of parameters or assumptions that may be relied upon yet also may be limited or even false in certain instances or deny other approaches from occurring. in other words, it is to wonder if there is a realm of 'conceptual cryptology' that may already exist and yet not be defined or understood this way, or 'conceptual cryptography' in a more particular realm whereby these core questions of cryptographic models could be pursued in their depth- or does the existing institutionalization of these "ideas" restrict these inquiries due to a forced perspective of ideology, a particular value system that relates to economic, social, political pressures that retain a given approach for the good of institutional control or manufacturing or to keep validating the static conception, even as it may deteriorate within its 'ideas' made static, assumed true by their repetition and continual access, matching the sign equals sign as confirmation of correctness, versus grounding in this greater depth of inquiry and realm of potential and perpetual insight, when going back to the source and evaluating the situation with fresh eyes and minds, in the dimensions that exist, which could be far more than is modeled or believed or allowed in existing approaches or functioning. as with archaeology and architecture, it is to question if cryptography may have a unique in situ condition at this intersection of language and geometry, that currently may exist outside its conceptualization in terms of practice, as crypto is developed systematically, as it is made into infrastructure via technology, manufacturing, and extension of these. and here, of the danger of ideology, answered questions that move towards further falsity, as if unconscious, when questioning of 'ideas' becomes detached from action and through further development becomes ever more disconnected from a fundamental condition of truth than in service to it. and what if this integrity, securing this foundation of cryptography in truth is requirement for security, yet given existing parameters could be ignored in its philosophical dimensions that predate, inform, and give life to the discipline, yet may not be valued or identified or related to this way, as it becomes institutionalized or supported, made into systematic development. is there such an entity as 'conceptual cryptography' and where does it begin and end. how might it be different than a primarily engineering based approach or evalaution or crypto. to what extent is it supported and operational as inquiry, yet what parameters or domain does it occupy, including in past times and efforts that map out this relation, its core questioning. could it today function in non-crypto domains yet influence crypto development, etc. and thus questions of the universality and connectedness of patterns, their permutations and relations, potential interdisciplinary relevance as language and geometry across mediums. (if not involving inquiries and in-depth research at the junction and structural intersection of linguistics and mathematics, and a wider-range of potential communication strategies.) --- [image] album cover http://rbhsjukebox.files.wordpress.com/2011/09/mannlost.jpg [image] Nelson Mandela & EM aesthetics http://24.media.tumblr.com/45424eb2509739cc87f0120b8e91af89/tumblr_mxctqtfiNJ1qjo9duo1_500.jpg == re: Amazon LCD tablet == i grew up studying those giant shopping catalogs for Sears and JC Penneys stores that had inventories of everything in stores and that could be mail ordered. they were seemingly hundreds of pages thick, consumer bibles of specific national retailer chains in the U.S. and for those without encyclopedia, did offer an interesting look into the development of digital watches as they took over analog, calculators, early computing, electronic and video games, and then 'electrics' spanning tools to housewares, various large and small appliances. when the Amazon Kindle lineup went from e-ink only into a mixed-category of LCD screens it seems to blur the distinction in purpose between the e-reader devices and more ordinary tablets that compete with others, in particular ecosystem-based devices from Apple. my initial thought was that there were two different categories occupying a single name of "Kindle" and that they were functionally very different devices with different purposes. while it is understood that 'tablets' are a category unto themselves and need no further justification for existence in an online retail or software/app model, it struck me as strange that there was not something more conceptual going on with the Amazon HD Fire devices, beyond ordinary tablet functionality, at least from what reviews mention about it in terms of user experience and how it streamlines access to Amazon services through the tablet UI. one thought has stuck with me about the potential for this tablet-Amazon ecosystem relation and it is that this device now competes with others in a general 'multimedia' tablet category, yet its real and potential advantage in terms of apps or whatever is its unique connection to Amazon inventory, which spans multimedia in an intranet sort of way, perhaps as if portal. from here, at this location, in this particular and unique context of relation between those who access Amazon through such a tablet interface, it would appear the killer functionality of such an LCD tablet would be to provide 'catalog-like functionality' in the style of earlier paper-based approaches, such as the Sears Catalog and others, though perhaps beyond just existing approaches determined by web interfaces and into a higher degree of functionality, such that the tablet actually is the Amazon Catalog in electronic format, in particular- mail-order format whereby, say, ala Whole Earth Catalog or Hammacher Schlemmer, you could potentially order anything that Amazon lines up into its supply-chain, even if for a one-time sale, via such a massively connected inventory and integrated yet distributed delivery system. This probably sounds very bad to some peoples ears in terms of the impact or effects this could have if suddenly Amazon is bidding on installing pools in the neighborhood, though perhaps it would be bounded to certain things like European appliances that are imported or other high-rated, quality based interactions vetted by a review-system recovered from the troubles of existing feedback environments internet-wide. curated merchandize, then, that is presented in deep categories of content, with additional information (requiring dimensions of items from manufacturers, etc) and matrix-based searching functions (using grids and geometry to search instead of only keywords) that then are the basis for a _new_design of the Amazon interface that standardizes the interface and user experience with the available inventory, instead of relying on existing web technologies to define parameters for what can occur in these interactions, including variable results. What this is to question is why the Amazon Fire LCD tablet is competing in a multimedia category as if just another tablet when instead it could be 'the Amazon Catalog' instead and while able to deliver movies, music, book content, that ultimately a programmatic hierarchy could exist that this is a platform for interfacing with and accessing Amazon inventory firstly, before that secondary utility, which allows delivery of online data (movies, movies) though also, and primarily it is assumed: offline 'content' in terms of sales from its warehouses and third party suppliers, and thus is the basis for creating, sustaining, and developing this huge momentum in sales, or having it operate in more conventional terms, competing as another tablet in a highly competitive space, and perhaps not having this catalog-functionality as its core mission to the extent that this is how the tablet is designed, its fundamental purpose and advanced functionality, versus just an extension of existing web technology approaches that leverage an excellent e-commerce experience though remain heavily defined by what is a very low-resolution 'catalog' of its inventory, when instead there could be more extensive information about each item, so that people do not need to research missing facts or data repeatedly and instead it could be presented as advanced specs (dimensions, materials, warnings; contains lead, requires widget Z), that combined with expert reviews or more in-depth analysis could transform the experience into a research-based activity where all of the necessary data is in the Amazon Catalog, perhaps not the web version, but the tablet catalog version that acts like an encyclopedia attached to extended or other content or dimensions. For instance, if a product attaches to a table, yet no information is provided for how this connection takes place or how deep or thick the table must be, the same item could be ordered and then returned if it does not fit a particular table. And if this information is not provided for in the reviews, then orders and returns are the 'feedback process' that is in effect a negative interaction as a total exchange, inefficient, and time-wasting for everyone when instead that additional information which could be known to be critical (no less by the product manufacturer) could be provided as _missing detail in the current approach, in many cases, with sales across the online retailer landscape. It could require several google searches of discussion forums or downloading PDF manuals to get this information if it exists or a call to the manufacturer, all that stands in the way between simply evaluating the item and then deciding it will work and clicking through the sale. Instead this short-circuit of necessary or missing information could require dozens of clicks and several searches of discussion groups looking for answers or clues to what may become a mystery by default. Consider then the condition whereby there is lack of basic information in this entire process, encountered with online retailers and e-commerce in general, not just Amazon of course. It is assumed when product data went online, that perhaps nothing new was expected of the items in the way they were modeled as 'data' in terms of their sale. Yet for instance this same product was in a store in yesteryear, it could be touched, evaluated as a 3-dimensional item, and if it attached to a table the mechanism to do this could be evaluated or a box could be opened by a worker to help evaluate the device to see if it actually would fit a particular table or not - prior to sale. And here is point: the information is available for the person in the store, though when it is sold online this information may be non-existent online even though it is a very basic consideration for its practical and successful use in basic scenarios and everyday conditions. It is unexceptional to ask such questions in an offline context, yet when this same questioning occurs in a remote 'catalog-context' or 'online retailer' context often there is no one to ask or anyone who knows the answer, and it instead is a gamble. The way this is made to work is by offering free returns, and yet this also effects other prices and is a structural inefficiency if it could be solved and such returns unnecessary when they could instead be avoided, due to an issue such as 'missing information' that is important to the seller and the buyer, to know enough about the item at the center of such exchange. Thus, of various products sold online, consider if they had a more robust and in-depth data model that consisted of various "dimensions", and therefore if there were these attachment devices to tables, you could narrow a search for such items not just by the main category {tablet attachment}, and instead further by subset details, such as {clamp to 2-3/4 inches} when others only may only open to 1-1/4 inch and therefore would not fulfill the criteria. And so in modeling a particular item or device, as category, it could be modeled in various subset details that may already occur in areas like HDTV sets, to some limited extent (a bit too fuzzy whereby false positives are frequent as with many hierarchical approaches based on, it is assumed words versus geometric structures based on such functional details). In some sense it could be equivalent to a limited 'dimensional-search' via matrix, that in some cases may involve measurement (height-width-depth), color, form or shape, materials, and other specifics (calories, toxins, requirements). Then instead of searching from the general to the specific, looking for the needle, a person could start with the needle, knowing what they usually are looking for -though cannot find- and located it through geometry of such data. In this way, potentially the future of online catalogs in a tablet interface as it may streamline the process of interaction and exchange with this data ecosystem of media and other goods. (concepts: patterns, typologies, variable details, relational structures) (also, this strategy could be used for other search via structurally organized -if meta- data as a content or information search via categories, dimensions, graphs and grid. dimensions, 3- and N-value logic, set theory, AI interface and interactions. tending toward 'living queries' where, given parameters, search could continue or map/carto/survey realms, provide reconaissance, report back data structures, variables. this could be basis for custom data structure of PC, a model built up over many queries, spanning local-global structure, heuristic feedback, etc.) --- Scientists jump the "air gap" with hidden acoustic networks http://www.gizmag.com/malware-jump-air-gap/30056/ == urls via hh == (of lithophones and ringing stones... Stonehenge as xylophone) Researchers reveal Stonehenge stones hold incredible musical properties http://www.ancient-origins.net/news-history-archaeology/researchers-reveal-stonehenge-stones-hold-incredible-musical-properties#sthash.5sFOm8XZ.dpuf -- in article url, refrenced with audio sample & video... Stonehenge 'was a prehistoric centre for rock music': Stones sound like bells, drums, and gongs when played http://www.dailymail.co.uk/sciencetech/article-2515159/Why-Stonehenge-prehistoric-centre-rock-music-Stones-sound-like-bells-drums-gongs-played.html#ixzz2nDQtpHeZ // electromechanical codebreaking machine 1938 A Codebreaker's Dream: The Bombe! (photo-essay) http://www.darkroastedblend.com/2013/11/a-codebreakers-dream-bombe.html#sAhsgSbJIqD8aUCu.99 // archeology and the unlocking of remote time & communications... // to decipher rightly and wrongly, conundrums of political cryptology [review] The Riddle of the Labyrinth: The Quest to Crack an Ancient Code http://www.nybooks.com/articles/archives/2013/dec/05/what-was-greek-to-them/ "But then what? The sequel to the decipherment is little more than a final, self-evident coda to most of these stories. “Enigma” is broken, so the Allies win the war; hieroglyphs are decoded, so the culture of pharaonic Egypt is revealed to us. What this conceals, however, are all the further disputes and rivalries that regularly follow the successful cracking of the language or of the code. Just how correct was it? And, if it was, what does it tell us about the culture concerned, or the history of the period? Whose theories are now confirmed or disproved? These controversies can be just as exciting and bitter as those leading up to the decipherment, and probably more significant. But we rarely get to hear about them before the heroic tale ends." (note: on archaeology, often referred to as excavations of the past, centuries ago though this moves into decades ago, particularly with industrial archeology, or potentially even the near-present especially in terms of media, as this relates to crypto, hacking, cracking, exploits, etc. that is, discovering not stone tablets and instead electronic tablets with known or unknown security measures. as related to ingenious techniques for how to access the locked-in data without having it vanish, such as freezing chips or other surgical critical access methods; note: should also mention data archeology and data recovery belonging to this same context. in archaeology often trash sites are highly valued for the information they bring, proverbial 'trash to treasure' scenario. thus to consider old data, databases, or even receipts in this way, as with inventories in Linear B. and what actionable realms does that relate to within today's processes: corporate intelligence or whatever, to model a situation, exploit information, etc. ('exchange your electronics' for rebates or upgrades, and the hidden data could be gleaned and monetized, though perhaps someday another route to recovering rare elements instead of mining them, gold, silver, rare earth metals from old circuit boards. preexisting approaches within new EM context: archeology, geology/mining, crypto/spying, on and on, into today) the relevance of archeology does not stop here either. concepts and methods could be useful in computing, developing a new data structure to access information via layers or time-based evaluations, reconstructions, modeling, etc. then also the great tools, LADAR and others. just the issue of dust alone, reimagined in future of smart dust, traces of info everywhere, data fossilization, TSCM-like correlations. thus interdisciplinary structures, models and methods, knowledge, shared value. integrating perspective via n-dimensionality, unified frameworks, continuum of truth throughout shared cultural scaffolding via logical reasoning, maximized, optimized, tested and improved. thus what might archeology have to offer crypto/security and development of computing in the realm of paradigm, conceptualization, understanding, meaning, integrated modeling, measurement, organization of data, archive and records, inventory, digs, reconstructions, research, mapping & cartography, language, excavation) {educational fair-use of copyright, 2013} 452a, 392h, 902c From adi at hexapodia.org Wed Dec 11 21:15:38 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Wed, 11 Dec 2013 21:15:38 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> Message-ID: <20131212051537.GA20782@hexapodia.org> On Wed, Dec 11, 2013 at 06:28:31PM -0800, Steve Weis wrote: > On Wed, Dec 11, 2013 at 6:00 PM, coderman wrote: > > unredacted: > > https://peertech.org/dist/nsa-cpp-goals-FY2013-unredact.png > > > > "Intel Ivy Bridge" > > Is this a guess because "Intel Ivy Bridge" fits into the redacted space or > is there some other evidence? I believe it's just a guess based on fit. > Ivy Bridge processors are general purpose x86 CPUs. It doesn't make sense > to me to refer to it as an "encryption chip" for "web encryption devices". > Do you know of products using IVB processors for SSL offloading or in VPN > appliances? Suppose I'm the manager writing this document, reporting the expected accomplishments of my group. We do cryptanalysis. If we're projecting success against FooBarCo chips' encryption sub-core, and everybody knows FooBarCo chips are used in both encryption and non-encryption products, it makes sense to cite the specific applications where FooBarCo chips are used. So "for FooBarCo chips used in VPN and SSL" makes sense, even if FooBarCo chips are not *solely* VPN and SSL. However, in "for FooBarCo encryption chips used in VPN", the "encryption" seems to me to denote a special purpose chip, rather than a general purpose chip with an encryption sub-core. I've seen worse manglings of language in similar documents, though, so I would not put it past said middle manager to write "for Intel Ivy Bridge encryption chips used in VPN and SSL", even though that's a bit of word salad to anyone who knows the technology. > To me, the redacted document sounds like it's referring to a security > processor used for SSL offloading. For example, something like a Cavium > Nitrox (which I'm not implying is the subject of the document). "Cavium Networks" or "Cavium Nitrox" are approximately the right length to fit. Other vendors that might be interesting include F5, Barracuda, Riverbed, Cisco SCA 11000, Radware (an Israeli/American company), and everybody listed on http://en.wikipedia.org/wiki/SSL_Acceleration The document looks like Word and appears to be fully justified; anyone with that software want to match the fonts and try out various substitutions to see what fits best? Note that http://s3.documentcloud.org/documents/784159/sigintenabling-clean-1.pdf seems to have been digitally processed and redacted; the font baselines are perfectly aligned, to the sub-pixel antialiasing limit; while http://s3.documentcloud.org/documents/784280/sigint-enabling-project.pdf appears to have gone out to paper and then been scanned in on a non-flatbed scanner; there is significant vertical slew across the line of text in question. Since the source document appears to be the same for both, an enterprising DTP jockey could use -clean-1.pdf to tune the document settings precisely, and then use -project.pdf to search for better unredaction matches. -andy From coderman at gmail.com Wed Dec 11 23:41:41 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 23:41:41 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: <20131212051537.GA20782@hexapodia.org> References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> Message-ID: On Wed, Dec 11, 2013 at 9:15 PM, Andy Isaacson wrote: > ... Since the source document appears to be the same > for both, an enterprising DTP jockey could use -clean-1.pdf to tune the > document settings precisely, and then use -project.pdf to search for > better unredaction matches. i remember seeing software to do this, but for the life of me cannot find it. anyone? my favorite redaction technique is still the Adobe white text on white background in PDF trick; combine with a filter for CONFIDENTIAL / PROPRIETARY and you've got a fire hose of informative flotsam...[0] best regards, 0. "The Revenge of Distance: Vulnerability Analysis of Critical Information Infrastructure" http://arxiv.org/abs/cond-mat/0310427 back when Sean Goreman's work and post 9/11 hysteria combined to drive critical infrastructure information into access controlled obscurity (not even FCC outage reports public!) i used this technique with custom deep web crawlers for court documents and other technical references. code doesn't care about color ;) thus fiber counts along specific rights of way allocated to named customers provided the specific capacity information needed to make useful models for measuring "spatial implications of telecommunications infrastructure susceptibility to targeted attack". this was the first time i wrote code that actually scared/disturbed me :o From coderman at gmail.com Wed Dec 11 23:46:24 2013 From: coderman at gmail.com (coderman) Date: Wed, 11 Dec 2013 23:46:24 -0800 Subject: [tor-talk] Tor 0.2.4.19 is released In-Reply-To: <20131212054747.GH6713@moria.seul.org> References: <20131212054747.GH6713@moria.seul.org> Message-ID: On Wed, Dec 11, 2013 at 9:47 PM, Roger Dingledine wrote: > The Tor 0.2.4 release series is dedicated to the memory of Aaron Swartz > (1986-2013). Aaron worked on diverse projects including helping to guide > Creative Commons, playing a key role in stopping SOPA/PIPA, bringing > transparency to the U.S. government's PACER documents, and contributing > design and development for Tor and Tor2Web. Aaron was one of the latest > martyrs in our collective fight for civil liberties and human rights, > and his death is all the more painful because he was one of us. thank you for this! aaronsw++ From dan at geer.org Wed Dec 11 21:48:16 2013 From: dan at geer.org (dan at geer.org) Date: Thu, 12 Dec 2013 00:48:16 -0500 Subject: Tradeoffs in Cyber Security In-Reply-To: Your message of "Wed, 11 Dec 2013 20:42:53 -0300." <36EBF5782B0B75E037276B96@F74D39FA044AA309EAEA14B9> Message-ID: <20131212054816.6E8522280C5@palinka.tinho.net> > I'm wondering if Dan's technical views on so called cybersecurity are > as idiosyncratic as his political theory? Yes. --dan From coderman at gmail.com Thu Dec 12 06:08:35 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 06:08:35 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: <20131212051537.GA20782@hexapodia.org> References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> Message-ID: i see your skepticism, and i raise you a retort! ;) i even have a list of candidates you can experiment with to confirm Intel Ivy Bridge as best fit. [0] On Wed, Dec 11, 2013 at 9:15 PM, Andy Isaacson wrote: > ... > Suppose I'm the manager writing this document, reporting the expected > accomplishments of my group. We do cryptanalysis. plus a few more things, e.g. your ~250-300million $USD/year budget goes toward: "actively engag[ing] the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs [... to] make the systems in question exploitable through SIGINT collection (e.g., Endpoint, MidPoint, etc.) with foreknowledge of the modification. and, Insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communications devices used by targets. only with "foreknowledge of the modification" are you able to utilize this backdoor. (NSA does not like to share) also, this year by end of year, in 2013 you expect to: - Make gains in enabling decryption and Computer Network Exploitation (CNE) access to fourth generation/Long Term Evolution (4GL/LTE) networks by inserting vulnerabilities. - Complete enabling for [well recognized name] encryption chips used in Virtual Private Network and Web encryption devices. and last but not least, - Shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS. Ok, given those requirements. Who fits the bill? High end platform: http://www.techweekeurope.co.uk/news/intel-networks-high-end-platform-133501 """ Intel targets what it believes is a significant growth opportunity to bring the Intel Architecture into a rapidly evolving networking space. ... Intel added to its portfolio with the introduction of the Highland Forest platform, which combines the vendor’s Xeon E5-2600 v2 CPU with its new Coleto Creek chipset. Price said Highland Forest – which can pack up to 20 2.4GHz “Ivy Bridge” CPU cores – will offer two to six times the performance of the previous Crystal Forest platform, which was launched in October 2012. Highland Forest, with Intel’s Data Plane Development Kit, can deliver up to 255 million packets per second (p/s) – more than the 140 million p/s from Crystal Forest – as well as security capabilities of 110 Gigabits per second of IPsec and 200 Gb/s SSL security for encrypted traffic. """ IPsec (VPN) and SSL (Web crypto) and lots of it! sounds interesting. tell me more! other market points of note: - "Intel currently has over 15 SDN/NFV qualification trials underway with carriers in all major regions. Schooler emphasized that Intel has no intention to sell directly to service providers and is fully committed to launching an Intel Network Builders Ecosystem of industry players supporting the Intel Architecture." - "6WIND Announces Availability of Support for Intel® Xeon® Processor Platform for Large-Scale Communications Infrastructure Systems, Formerly Called “Highland Forest” 6WIND announces the availability of support within the 6WINDGate™ software for the Intel® Xeon® Processor Platform for Large-Scale Communications Infrastructure Systems, formerly called “Highland Forest.” With its optimized support for the Intel® QuickAssist Technology that provides hardware acceleration for encryption and compression, 6WINDGate delivers best-in-class performance for networking applications such as WAN optimization, VPN appliances, firewalls and Unified Threat Management (UTM) systems." - funny they seem to distance themselves from "Highland Forest" and "Ivy Bridge" in this press release and product launch... [ http://www.prweb.com/releases/2013/12/prweb11387583.htm ] they sound interesting, like they sell to many industries at large scale. are they a popular company/product? ""“6WINDGate is already deployed in tens of commercial LTE networks throughout Asia, Europe and North America, while also being used by multiple tier-1 suppliers of enterprise and cloud networking equipment."" hey look, LTE! ... ok, so that's a little suspect. what's that, there's more you say? https://plus.google.com/+TheodoreTso/posts/SDcoemc9V3J "I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction." , "Oh, I should add that just today I had to fight back an attempt by a Red Hat engineer to add a configuration option to blindly trust RDRAND and bypass the entropy pool" ... then the FreeBSD change of heart. hey Wind River, how are you using RDRAND? now what about Intel themselves, are they also pushing the chip? """ Intel officials are making aggressive moves to expand the reach of its silicon beyond servers and into other parts of the data centre. Schooler said the company has been making products for networking gear for about a decade, and has made significant strides in recent years. It’s also made several acquisitions – such as of Sensory Networks, Ethernet chip maker Fulcrum Microsystems and networking software maker Aepona, whose technology enables telecoms and cloud service providers to offer more services on their networks. Intel is looking to take advantage of the growth opportunity networking represents, Schooler said. The market Intel is targeting is about $16 billion (£9.7bn), and the chip maker currently has about 5 percent of it. Along with its x86 architecture, Intel also is developing accelerator chips for such jobs as packet inspection and encryption. """ whew. that's a lot of context and circumstance. let's look back over your goals for 2013: Make gains in enabling decryption and Computer Network Exploitation (CNE) access to fourth generation/Long Term Evolution (4GL/LTE) networks... - AFFIRMATIVE! Complete enabling for [Intel Ivy Bridge] encryption chips used in Virtual Private Network and Web encryption devices. - AFFIRMATIVE! Shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS. - AFFIRMATIVE! i will admit that i am continually impressed by NSA/SCS achievements. they're extremely competent! > If we're projecting success against FooBarCo chips' encryption sub-core, > and everybody knows FooBarCo chips are used in both encryption and > non-encryption products, it makes sense to cite the specific > applications where FooBarCo chips are used. agreed. > However, in "for FooBarCo encryption chips used in VPN", the > "encryption" seems to me to denote a special purpose chip, rather than a > general purpose chip with an encryption sub-core. my reading between the lines: it is not a special chip, it is a special collection of many of them (20+) handling tier-1 core traffic encryption, which is an excellent point to aggregate a vulnerability in keying ciphers. (ignore public key for now, since we can just focus directly on session/temporal keys!) > "Cavium Networks" or "Cavium Nitrox" are approximately the right length > to fit. Other vendors that might be interesting include F5, Barracuda, > Riverbed, Cisco SCA 11000, Radware (an Israeli/American company), and > everybody listed on http://en.wikipedia.org/wiki/SSL_Acceleration 0. please to be experimenting with datas: Interface Masters Technologies Freescale Semiconductor Alteon SSL Accelerator Nortel SSL Accelerator Strangeloop Networks Riverbed Technology Coyote point systems Crescendo Networks Microchip PIC32MZ Barracuda Networks Kemp Technologies STMicroelectronics Check Point VPN-1 Sun Microsystems Foundry Networks Cavium Networks Cavium NITROX Juniper Networks Nortel Networks Array Networks Intel Ivy Bridge <- only this is right length in justified context shown Forum Systems Cavium Nitrox CAI Networks A10 Networks Cisco Systems Citrix Systems Sun SCA6000 MIFARE Plus Network Box Coleto Creek F5 Networks jetNEXUS Cisco PIX Radware Cotendo Exinda Hifn IBM --- parting words: """ On April 17 at the Open Networking Summit, Intel executives laid out the company’s strategy around data center networking and the burgeoning trend of software-defined networking (SDN). They also showed that their efforts will expand beyond simply supplying the processors for networking hardware. The company unveiled reference architectures designed to help enterprises, cloud service providers and telecommunications companies more quickly create hardware and software for SDN and network-function virtualization (NFV), moves that could bring Intel into closer competition with the likes of networking giant Cisco Systems and chip maker Broadcom. - http://www.eweek.com/networking/intel-makes-push-into-competitive-sdn-space/ """ don't let them get away with it! open up raw access to entropy sources!! don't discriminate against the unit, one is prime!!! From coderman at gmail.com Thu Dec 12 06:52:20 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 06:52:20 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> Message-ID: one last amusing note, Google has gone whole hog on SDN: http://www.networkcomputing.com/data-networking-management/inside-googles-software-defined-network/240154879 how amusing would it be if they implemented inter-DC IPsec keyed with RDRAND directly on compromised cores in one of these Highland Forest like SDN deployments? i can already see the updated napkin sketch now, and imagine the streaming swears pouring forth from the googlies once uncovered... From coderman at gmail.com Thu Dec 12 08:20:44 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 08:20:44 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org>

Message-ID: On Thu, Dec 12, 2013 at 7:08 AM, John Young wrote: > Please stop this suicidal, treacherous discussion. You're undermining > the global industry of weak crypto and comsec. That counts as economic > terrorism in all the countries who abide arms control, export control, > copyright, capitalism, heirarchical rule, suppression of dissent, lawful > spying, breaking and entering black jobs, ubiquitous spying on each other > and everybody else, ... > ... Sure, call for outraged dissent, > fine, great, if that moves the ponzi, balloons those bitcoins. let it be known: in the event of my untimely demise under suspicious circumstances, i will my coins to JYA so he may bless my passing with grand oration and strong tale as he is so adept at providing. *grin* on a serious note, the useful steps are clear: 1. Intel releases raw access to noise samples 2. NIST defining and mandating a design that also supports raw sample access, (we could change subject here to discuss something pleasant like on-line checks and continuous checks,) 3. OS distributions include userspace entropy scavenging daemons (haveged, dakarand, etc) to complement properly vetted hardware entropy sources run in a conservative fashion. default is set safe, not fast. is that so much to ask? From coderman at gmail.com Thu Dec 12 08:42:02 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 08:42:02 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> Message-ID: On Thu, Dec 12, 2013 at 8:04 AM, Steve Weis wrote: > ... > The document is talking about FY2013. IVB already shipped in 2012. I'd > guess it was fabricated for testing in 2009-2010 and designed for a few > years prior. > > What enablement would be "complete" in 2013 for something that has been on > the market a year and is already being phased out? the bulk of 2012 was consume user hardware. the endpoint is a totally solved problem (read: trivial to exploit in many ways, all day, every day, per the docs) only server Ivy Bridge: Xeon E3 in mid-2012. the cores pushed in the SDN initiatives above came out not so many months ago... high capacity crypto aggregation points like this are an ideal target, with backdoor keying of VPN/SSL the ideal (passive) attack with their view of target's long haul fiber. > By 2013, Intel had already started shipping Haswell. They did launch new IVB > E5v2 Xeon server processors this fall, but future CPUs will be Haswell and > Broadwell. > > Intel already has the next, next generation Skylake with SGX fabricated for > testing. but not released, and "enabling" means tied into X-KEYSCORE, TRAFFICTHIEF, whatever else gets draped off UPSTREAM... > I still think the document is talking about a dedicated crypto chip for VPN > and SSL acceleration devices, just like it says. the backdoors for all the other vendor hardware happened in years prior. HSMs and crypto accelerator gear is not exactly a vibrant or competitive market. in fact, these companies never seem to die, just carry on with decent margins riding on incremental design upgrades until they're bought out by a larger/growing competitor. ;) of course, this could be because companies like Sun charge $9,999 for an HSM/accelerator that is at best a reasonable cost at $1,499... From coderman at gmail.com Thu Dec 12 09:18:09 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 09:18:09 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> Message-ID: On Thu, Dec 12, 2013 at 8:42 AM, coderman wrote: >> IVB already shipped in 2012... > only server Ivy Bridge: Xeon E3 in mid-2012. this does bring up an interesting point: while it may be more efficient to use the same "key" for the DRBG output across all processor lines, it would be more secure to use a different key per line. this implies that each iteration of Sandy Bridge -> Ivy Bridge -> Haswell needs to be "enabled" by CCP, with Xeon E5 debut in 2013 as discussed. for Sandy Bridge, this would have shown in 2010? and unless in network equipment described simply as "enabling decryption for Sandy Bridge used by $operating systems and $applications." sadly we'll have to wait a while to confirm this conjecture for Haswell. and we'll have to wait forever for more leaks apparently, as the continuing decline of details demonstrates... best regards, From matej.kovacic at owca.info Thu Dec 12 00:20:03 2013 From: matej.kovacic at owca.info (Matej Kovacic) Date: Thu, 12 Dec 2013 09:20:03 +0100 Subject: IndependenceKey? Message-ID: <52A971B3.8050606@owca.info> Hi, just a quick question - anyone familiar with this: http://www.independencekey.com/ or with the Swiss company Quantec, whis developed this product? Regards, M. From coderman at gmail.com Thu Dec 12 09:23:50 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 09:23:50 -0800 Subject: Fwd: [liberationtech] PrivateSky Takedown In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: Yosem Companys Date: Thu, Dec 12, 2013 at 9:07 AM Subject: [liberationtech] PrivateSky Takedown Certivox Asked That We Share Their Side of the Story on the PrivateSky Takedown. YC http://www.certivox.com/blog/bid/359788/The-real-story-on-the-PrivateSky-takedown The real story on the PrivateSky takedown. Posted by Brian Spector on Thu, Dec 12, 2013 With the story about our PrivateSky takedown now public, I want to take the opportunity to clarify a few points in various articles that have appeared since yesterday covering the story. Some headlines strongly infer our friends at GCHQ "forced" us to take PrivateSky down. That's not the case. Secondly, a very important point wasn't printed. GCHQ couldn't, by law, request a blanket back door on the system. There are a very rigid set of controls that mean only specific individuals can come under surveillance. The legal request for such surveillance has a due process that must be stridently followed. At no time did I or anyone at CertiVox talk about CertiVox in relation to any RIPA warrant, only the generic process by which these warrants are served. By saying "our friends at GCHQ", there is no facetiousness intended. The team at CertiVox have the upmost respect for the folks we interacted with at GCHQ. They took the due process I outlined in the previous point very seriously. We found that as an organisation, and every individual involved there, were as worried about a breach of public trust as much as we are. Finally, I believe very strongly the following should be a larger part of the public discourse of these subjects. What everyone needs to understand is that every developed democracy in the world, even where privacy rights are enshrined to the maximum efficacy by statute, has laws on the books that mandate that Internet Service Providers have facilities to work with law enforcement for the purposes of legal intercept, to enforce public safety and security. Being L.I. capable is a very important set features and functions that must be in place for any credible, commercial service on the Internet. In endeavouring to make PrivateSky as secure as possible, we overlooked this critical requirement when we built PrivateSky. When CertiVox positioned PrivateSky as the easiest to use and most secure encrypted messaging service, we really had two significant points of differentiation. First, even though we held the root encryption keys to the system, it was architected in such as way that it would have been all but impossible for our internal staff to snoop on our customer's communications, or for the service to leak any of our customer¹s data. Secondly, our possession of the root keys, and our use of identity based encryption, made the system incredibly easy to use. For the user, there were no private or public keys to manage, every workflow was handled for the user in an easy to grasp pure HTML5 interface, no hardware or software required, just an HTML5 browser. We boxed ourselves into a feature set and market position that when called upon to comply with legal statues, we simply had no alternative but to shut the service down. We built it, but we couldn't host it. Why? Because as you can probably surmise, there is an inherent impedance mismatch between being able to host a commercial communications service that gives the upmost in privacy to its users, against any breach, whilst at the same time being able to operate safely within the confines of the law as it is on the books in most countries on the planet. In summary, it's the abuse of the communications interception in the Snowden revelations that has everyone up in arms, as so it should. But that¹s not what happened with PrivateSky. What is our next move? Watch this space. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu. From jya at pipeline.com Thu Dec 12 07:08:55 2013 From: jya at pipeline.com (John Young) Date: Thu, 12 Dec 2013 10:08:55 -0500 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> Message-ID: Please stop this suicidal, treacherous discussion. You're undermining the global industry of weak crypto and comsec. That counts as economic terrorism in all the countries who abide arms control, export control, copyright, capitalism, heirarchical rule, suppression of dissent, lawful spying, breaking and entering black jobs, ubiquitous spying on each other and everybody else, in particular what NRO terms "unobservable and unknown phenomena," and a lot of other secret stuff which can only be revealed by low-ranked knobheads sure to be burned at the stake by their cowardly protectors for the irresistable allure of IPO millions based on government contracts to keep this shit among us. Got that? This is a place to share fudging how it should work, and does now and then. You think this is bullshit, dontcha? Well, it aint. Why look at the rising use of Tor, PFS, TLS, those rat-infested private keyservers and millions of eaters of Symantec back-doored dookie-pie. You seen any US producers of comsec go under yet? No, and you wont, for they are locked into surefire global success when failure is built into their products. Screwing customers and citizens with faulty comsec, what's wrong with that, where you been, that's patriotic, and damn profitable. Sure, call for outraged dissent, fine, great, if that moves the ponzi, balloons those bitcoins. At 09:08 AM 12/12/2013, coderman wrote: >i see your skepticism, and i raise you a retort! ;) > >also, this year by end of year, in 2013 you expect to: >- Make gains in enabling decryption and Computer Network Exploitation >(CNE) access to fourth generation/Long Term Evolution (4GL/LTE) >networks by inserting vulnerabilities. >- Complete enabling for [well recognized name] encryption chips used >in Virtual Private Network and Web encryption devices. >and last but not least, >- Shape the worldwide commercial cryptography marketplace to make it >more tractable to advanced cryptanalytic capabilities being developed >by NSA/CSS. > >Ok, given those requirements. Who fits the bill? From adi at hexapodia.org Thu Dec 12 13:24:37 2013 From: adi at hexapodia.org (Andy Isaacson) Date: Thu, 12 Dec 2013 13:24:37 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> Message-ID: <20131212212437.GD6895@hexapodia.org> On Thu, Dec 12, 2013 at 08:04:00AM -0800, Steve Weis wrote: > On Dec 12, 2013 6:08 AM, "coderman" wrote: > > i see your skepticism, and i raise you a retort! ;) > > > > i even have a list of candidates you can experiment with to confirm > > Intel Ivy Bridge as best fit. [0] > > I think this is a weak guess. In reply to Declan tweeting about this discussion (shame on you, Declan, if you're reading this and trying to take the discussion to the public), Kevin Poulsen points out https://twitter.com/kpoulsen/status/411226939547222016 that the Times' comment on this redaction appears to imply that the redacted text names two chips: http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0 Large Internet companies use dedicated hardware to scramble traffic before it is sent. In 2013, the agency planned to be able to decode traffic that was encoded by one of these two encryption chips, either by working with the manufacturers of the chips to insert back doors or by exploiting a security flaw in the chips' design. > The document is talking about FY2013. IVB already shipped in 2012. I'd > guess it was fabricated for testing in 2009-2010 and designed for a few > years prior. > > What enablement would be "complete" in 2013 for something that has been on > the market a year and is already being phased out? VPN gear lasts in the field for 2-5 years post roll-out. Design wins into large provider's hardware will often see the same chip being manufactured for 2-5 years after it ceases being available at retail. (ark.intel.com has an "embedded option available?" field to denote the chips they support this for.) "Complete Enablement" is jargon with a specific meaning. I'm not certain I understand it, but I *think* it means "we have plaintext access on any targeted session". I don't think it means "we can get plaintext for an arbitrary previously recorded session" and I don't think it means "we automatically get plaintext for every session we can hear". Suppose a NSA chip backdoor receives its triggering command by a specific sequence of TCP retransmits (dropped packets) and after being triggered, leaks the key by varying the timing or ordering of outbound packets. By my reading, this would count as "complete enablement" even though a session which was not triggered would not be eavesdroppable. To specifically respond to your point, "Complete enablement" is also time dependent. Productionizing a timing side channel attack could result in complete enablement only for new flows and would still be complete even though there was no enablement before the attack was available. > By 2013, Intel had already started shipping Haswell. They did launch new > IVB E5v2 Xeon server processors this fall, but future CPUs will be Haswell > and Broadwell. > > Intel already has the next, next generation Skylake with SGX fabricated for > testing. > > I still think the document is talking about a dedicated crypto chip for VPN > and SSL acceleration devices, just like it says. Especially taking the NYT commentary into account, I'm even more convinced you're right. "Intel and AMD" is about the right length... -andy From coderman at gmail.com Thu Dec 12 17:17:03 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 17:17:03 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: <20131212212437.GD6895@hexapodia.org> References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> <20131212212437.GD6895@hexapodia.org> Message-ID: On Thu, Dec 12, 2013 at 1:24 PM, Andy Isaacson wrote: > ... > In reply to Declan tweeting about this discussion (shame on you, Declan, > if you're reading this and trying to take the discussion to the public), the worst kind of xpost of all? every day without RDRAW is another day of my life with provably less information theoretic meaning. ;) > Kevin Poulsen points out > https://twitter.com/kpoulsen/status/411226939547222016 > that the Times' comment on this redaction appears to imply that the > redacted text names two chips: > > http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0 > > Large Internet companies use dedicated hardware to scramble traffic > before it is sent. In 2013, the agency planned to be able to decode > traffic that was encoded by one of these two encryption chips, > either by working with the manufacturers of the chips to insert back > doors or by exploiting a security flaw in the chips' design. two chips or two families or two architectures or ... is this a game of twenty questions? can we do a reddit AMA for the leakers with their stash at the ready? > "Complete Enablement" is jargon you know, if we had more documents providing context, > Suppose a NSA chip backdoor receives its triggering command by a > specific sequence of TCP retransmits (dropped packets) and after being > triggered, leaks the key by varying the timing or ordering of outbound > packets. By my reading, this would count as "complete enablement" even > though a session which was not triggered would not be eavesdroppable. past experience tells us they like attacks universally effective, unidirectional, silent/random-looking (without secret knowledge), and don't mind expending custom hardware and algorithms to do it. Dual_EC_DRBG doesn't count - that was a "jeezus, everyone asleep at the wheel. i bet we could get this approved!" moment. triggering is active, observable (potentially), and usually re-playable. the only "delivered payloads", ala EGOTISTICAL*/ERRONEOUS*, appear to be for confirmation pinging or identification, and memory resident forensic/exfiltration run locally on the host. even the slides you link to note the OPSEC concerns of "adversarial actors" (i think that's us on this list?) > To specifically respond to your point, "Complete enablement" is also > time dependent. Productionizing a timing side channel attack could > result in complete enablement only for new flows and would still be > complete even though there was no enablement before the attack was > available. sure. note how this is also more complicated, with higher risk? if there was a better way i bet they'd choose it! > "Intel and AMD" is about the right length... also, Intel and ARM, Apple and ARM, Apple and VIA, etc. you're not helping my pleading and cajoling for RDRAW sir. on a related note, if Intel were to decide to include RDRAW in next CPU line design, how long would it be to retail channels? >3yrs? From coderman at gmail.com Thu Dec 12 17:55:56 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 17:55:56 -0800 Subject: [cryptography] Which encryption chips are compromised? In-Reply-To: References: <527F865A.7020703@iang.org> <20131211001137.892EA228094@palinka.tinho.net> <20131212051537.GA20782@hexapodia.org> <20131212212437.GD6895@hexapodia.org> Message-ID: On Thu, Dec 12, 2013 at 5:17 PM, coderman wrote: > ... > triggering is active, observable (potentially), and usually > re-playable. the only "delivered payloads", ala > EGOTISTICAL*/ERRONEOUS*, appear to be for confirmation pinging or > identification, and memory resident forensic/exfiltration run locally > on the host. even the slides you link to note the OPSEC concerns of > "adversarial actors" (i think that's us on this list?) correction: persistence after reboot also has been stated to be performed, though optional. per Bruce's write up[0], 1. target identified (at endpoint or observable mid-point) 2. QUANTUM INSERT redirect to FoxAcid server 3. FoxAcid picks loader exploit according to: target value, exploit value, target skill, other factors. 4. Loader exploit delivered to target 5. confirm success? if no, abort. 6. With loader active, run two basic first pass payloads: 7. Collect configuration information (apps, registry, settings, etc.) 8. Collect location information 9. Escalate to persistent infection, run arbitrary other plugins, etc. in any case, this is more consumer endpoint focused. not applicable to embedded VPN/HTTPS devices. 0. Bruce Schneier's attacking Tor article for the Guardian: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity From coderman at gmail.com Thu Dec 12 18:21:33 2013 From: coderman at gmail.com (coderman) Date: Thu, 12 Dec 2013 18:21:33 -0800 Subject: How long does it take to design and release a chip? Message-ID: